From aa8015567aa840da4874385716f11b1161a4ec5f Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 4 Oct 2013 16:30:24 -0300 Subject: Add option to choose cipher and digest algorithms. --- .../feature_4030-add-cipher-and-digest-algo | 2 ++ keymanager/src/leap/keymanager/__init__.py | 20 +++++++++++++++++--- keymanager/src/leap/keymanager/openpgp.py | 22 ++++++++++++++++++---- 3 files changed, 37 insertions(+), 7 deletions(-) create mode 100644 keymanager/changes/feature_4030-add-cipher-and-digest-algo (limited to 'keymanager') diff --git a/keymanager/changes/feature_4030-add-cipher-and-digest-algo b/keymanager/changes/feature_4030-add-cipher-and-digest-algo new file mode 100644 index 0000000..a05e589 --- /dev/null +++ b/keymanager/changes/feature_4030-add-cipher-and-digest-algo @@ -0,0 +1,2 @@ + o Add option to choose cipher and digest algorithms when signing and + encrypting. Closes #4030. diff --git a/keymanager/src/leap/keymanager/__init__.py b/keymanager/src/leap/keymanager/__init__.py index 76be226..edd0ba1 100644 --- a/keymanager/src/leap/keymanager/__init__.py +++ b/keymanager/src/leap/keymanager/__init__.py @@ -391,7 +391,8 @@ class KeyManager(object): # encrypt/decrypt and sign/verify API # - def encrypt(self, data, pubkey, passphrase=None, sign=None): + def encrypt(self, data, pubkey, passphrase=None, sign=None, + cipher_algo='AES256'): """ Encrypt C{data} using public @{key} and sign with C{sign} key. @@ -401,6 +402,8 @@ class KeyManager(object): :type pubkey: EncryptionKey :param sign: The key used for signing. :type sign: EncryptionKey + :param cipher_algo: The cipher algorithm to use. + :type cipher_algo: str :return: The encrypted data. :rtype: str @@ -436,7 +439,8 @@ class KeyManager(object): return self._wrapper_map[privkey.__class__].decrypt( data, privkey, passphrase, verify) - def sign(self, data, privkey): + def sign(self, data, privkey, digest_algo='SHA512', clearsign=False, + detach=True, binary=False): """ Sign C{data} with C{privkey}. @@ -445,6 +449,14 @@ class KeyManager(object): :param privkey: The private key to be used to sign. :type privkey: EncryptionKey + :param digest_algo: The hash digest to use. + :type digest_algo: str + :param clearsign: If True, create a cleartext signature. + :type clearsign: bool + :param detach: If True, create a detached signature. + :type detach: bool + :param binary: If True, do not ascii armour the output. + :type binary: bool :return: The signed data. :rtype: str @@ -454,7 +466,9 @@ class KeyManager(object): privkey.__class__ in self._wrapper_map, 'Unknown key type.') leap_assert(privkey.private is True, 'Key is not private.') - return self._wrapper_map[privkey.__class__].sign(data, privkey) + return self._wrapper_map[privkey.__class__].sign( + data, privkey, digest_algo=digest_algo, clearsign=clearsign, + detach=detach, binary=binary) def verify(self, data, pubkey): """ diff --git a/keymanager/src/leap/keymanager/openpgp.py b/keymanager/src/leap/keymanager/openpgp.py index 9d8d89a..6412331 100644 --- a/keymanager/src/leap/keymanager/openpgp.py +++ b/keymanager/src/leap/keymanager/openpgp.py @@ -433,7 +433,8 @@ class OpenPGPScheme(EncryptionScheme): raise errors.EncryptionDecryptionFailed( 'Failed to encrypt/decrypt: %s' % stderr) - def encrypt(self, data, pubkey, passphrase=None, sign=None): + def encrypt(self, data, pubkey, passphrase=None, sign=None, + cipher_algo='AES256'): """ Encrypt C{data} using public @{pubkey} and sign with C{sign} key. @@ -443,6 +444,8 @@ class OpenPGPScheme(EncryptionScheme): :type pubkey: OpenPGPKey :param sign: The key used for signing. :type sign: OpenPGPKey + :param cipher_algo: The cipher algorithm to use. + :type cipher_algo: str :return: The encrypted data. :rtype: str @@ -459,7 +462,7 @@ class OpenPGPScheme(EncryptionScheme): data, pubkey.fingerprint, default_key=sign.key_id if sign else None, passphrase=passphrase, symmetric=False, - cipher_algo='AES256') + cipher_algo=cipher_algo) # Here we cannot assert for correctness of sig because the sig is # in the ciphertext. # result.ok - (bool) indicates if the operation succeeded @@ -517,7 +520,8 @@ class OpenPGPScheme(EncryptionScheme): gpgutil = GPGUtilities(gpg) return gpgutil.is_encrypted_asym(data) - def sign(self, data, privkey): + def sign(self, data, privkey, digest_algo='SHA512', clearsign=False, + detach=True, binary=False): """ Sign C{data} with C{privkey}. @@ -526,6 +530,14 @@ class OpenPGPScheme(EncryptionScheme): :param privkey: The private key to be used to sign. :type privkey: OpenPGPKey + :param digest_algo: The hash digest to use. + :type digest_algo: str + :param clearsign: If True, create a cleartext signature. + :type clearsign: bool + :param detach: If True, create a detached signature. + :type detach: bool + :param binary: If True, do not ascii armour the output. + :type binary: bool :return: The ascii-armored signed data. :rtype: str @@ -536,7 +548,9 @@ class OpenPGPScheme(EncryptionScheme): # result.fingerprint - contains the fingerprint of the key used to # sign. with self._temporary_gpgwrapper(privkey) as gpg: - result = gpg.sign(data, default_key=privkey.key_id) + result = gpg.sign(data, default_key=privkey.key_id, + digest_algo=digest_algo, clearsign=clearsign, + detach=detach, binary=binary) rfprint = privkey.fingerprint privkey = gpg.list_keys(secret=True).pop() kfprint = privkey['fingerprint'] -- cgit v1.2.3 From 72c2264f7de479c2f3e91c6f17a27a7f35dc4312 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 9 Oct 2013 11:58:33 -0300 Subject: Set gnupg dep version to 1.2.3. --- keymanager/pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'keymanager') diff --git a/keymanager/pkg/requirements.pip b/keymanager/pkg/requirements.pip index 5ebd803..acb783c 100644 --- a/keymanager/pkg/requirements.pip +++ b/keymanager/pkg/requirements.pip @@ -1,4 +1,4 @@ leap.common>=0.3.0 simplejson requests -gnupg +gnupg>=1.2.3 -- cgit v1.2.3 From 542c4a5b7bf1c95bdfcb4059e9968412b0e53d67 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 9 Oct 2013 12:23:35 -0300 Subject: bump also the gnupg sanity check --- keymanager/pkg/requirements.pip | 2 ++ keymanager/src/leap/keymanager/__init__.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'keymanager') diff --git a/keymanager/pkg/requirements.pip b/keymanager/pkg/requirements.pip index acb783c..1515204 100644 --- a/keymanager/pkg/requirements.pip +++ b/keymanager/pkg/requirements.pip @@ -1,4 +1,6 @@ leap.common>=0.3.0 simplejson requests +# if we bump the gnupg version, bump also the sanity check +# in keymanager.__init__ gnupg>=1.2.3 diff --git a/keymanager/src/leap/keymanager/__init__.py b/keymanager/src/leap/keymanager/__init__.py index edd0ba1..f2cffd5 100644 --- a/keymanager/src/leap/keymanager/__init__.py +++ b/keymanager/src/leap/keymanager/__init__.py @@ -25,7 +25,7 @@ try: assert(GPGUtilities) # pyflakes happy from gnupg import __version__ from distutils.version import LooseVersion as V - assert(V(__version__) >= V('1.2.2')) + assert(V(__version__) >= V('1.2.3')) except ImportError, AssertionError: print "Ooops! It looks like there is a conflict in the installed version " -- cgit v1.2.3 From abb91dd3af9aa28eb998546fbd4e3c6feaa3bdbd Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 9 Oct 2013 13:03:30 -0300 Subject: fix exception catching --- keymanager/src/leap/keymanager/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'keymanager') diff --git a/keymanager/src/leap/keymanager/__init__.py b/keymanager/src/leap/keymanager/__init__.py index f2cffd5..a550598 100644 --- a/keymanager/src/leap/keymanager/__init__.py +++ b/keymanager/src/leap/keymanager/__init__.py @@ -27,14 +27,17 @@ try: from distutils.version import LooseVersion as V assert(V(__version__) >= V('1.2.3')) -except ImportError, AssertionError: +except (ImportError, AssertionError): + print "*******" print "Ooops! It looks like there is a conflict in the installed version " print "of gnupg." + print print "Disclaimer: Ideally, we would need to work a patch and propose the " print "merge to upstream. But until then do: " print print "% pip uninstall python-gnupg" print "% pip install gnupg" + print "*******" sys.exit(1) import logging -- cgit v1.2.3 From d7b88c879a682551768c46e54f3e9856cd382226 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= Date: Fri, 18 Oct 2013 09:05:37 -0300 Subject: Fold in changes --- keymanager/CHANGELOG | 4 ++++ keymanager/changes/feature_4030-add-cipher-and-digest-algo | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) delete mode 100644 keymanager/changes/feature_4030-add-cipher-and-digest-algo (limited to 'keymanager') diff --git a/keymanager/CHANGELOG b/keymanager/CHANGELOG index 6ec2624..8371498 100644 --- a/keymanager/CHANGELOG +++ b/keymanager/CHANGELOG @@ -1,3 +1,7 @@ +0.3.4 Oct 18: + o Add option to choose cipher and digest algorithms when signing and + encrypting. Closes #4030. + 0.3.3 Oct 4: o Add a sanity check for the correct version of gnupg. o Update code to use gnupg 1.2.2 python module. Closes #2342. diff --git a/keymanager/changes/feature_4030-add-cipher-and-digest-algo b/keymanager/changes/feature_4030-add-cipher-and-digest-algo deleted file mode 100644 index a05e589..0000000 --- a/keymanager/changes/feature_4030-add-cipher-and-digest-algo +++ /dev/null @@ -1,2 +0,0 @@ - o Add option to choose cipher and digest algorithms when signing and - encrypting. Closes #4030. -- cgit v1.2.3