From 3dc39619842dfb57d431744aee74d22f76c215e6 Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Thu, 16 Jun 2016 20:16:54 +0200 Subject: [feat] check key document versions and fail if it's unknown - Closes: #8165 --- changes/next-changelog.txt | 1 + src/leap/keymanager/__init__.py | 8 +++++--- src/leap/keymanager/errors.py | 9 +++++++++ src/leap/keymanager/openpgp.py | 11 +++++++++++ 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/changes/next-changelog.txt b/changes/next-changelog.txt index a2ab4fb..56ff7aa 100644 --- a/changes/next-changelog.txt +++ b/changes/next-changelog.txt @@ -13,6 +13,7 @@ Features - `#8031 `_: Remove support for multiple key types. - `#8068 `_: make get_all_keys aware of active addresses. - `#6658 `_: Improve duplicated active documents fixup. +- `#8165 `_: Check key document versions and fail if it's unknown. - `#1234 `_: Description of the new feature corresponding with issue #1234. - New feature without related issue number. diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 97d2985..0b8a5b3 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -376,7 +376,8 @@ class KeyManager(object): :return: A Deferred which fires with an EncryptionKey bound to address, or which fails with KeyNotFound if no key was found neither - locally or in keyserver. + locally or in keyserver or fail with KeyVersionError if the + key has a format not supported by this version of KeyManager :rtype: Deferred :raise UnsupportedKeyTypeError: if invalid key type @@ -522,8 +523,9 @@ class KeyManager(object): :return: A Deferred which fires with the encrypted data as str, or which fails with KeyNotFound if no keys were found neither - locally or in keyserver or fails with EncryptError if failed - encrypting for some reason. + locally or in keyserver or fails with KeyVersionError if the + key format is not supported or fails with EncryptError if + failed encrypting for some reason. :rtype: Deferred :raise UnsupportedKeyTypeError: if invalid key type diff --git a/src/leap/keymanager/errors.py b/src/leap/keymanager/errors.py index 8a9fb3c..dfff393 100644 --- a/src/leap/keymanager/errors.py +++ b/src/leap/keymanager/errors.py @@ -28,6 +28,15 @@ class KeyNotFound(Exception): pass +class KeyVersionError(KeyNotFound): + """ + Raised when key was found in the keyring but the version is not supported. + + It will usually mean that it was created by a newer version of KeyManager. + """ + pass + + class KeyAlreadyExists(Exception): """ Raised when attempted to create a key that already exists. diff --git a/src/leap/keymanager/openpgp.py b/src/leap/keymanager/openpgp.py index 98ce464..31c13df 100644 --- a/src/leap/keymanager/openpgp.py +++ b/src/leap/keymanager/openpgp.py @@ -53,6 +53,8 @@ from leap.keymanager.documents import ( KEY_ENCR_USED_KEY, KEY_ADDRESS_KEY, KEY_TYPE_KEY, + KEY_VERSION_KEY, + KEYMANAGER_DOC_VERSION, KEYMANAGER_ACTIVE_TYPE, KEYMANAGER_KEY_TAG, KEYMANAGER_ACTIVE_TAG, @@ -734,6 +736,7 @@ class OpenPGPScheme(object): address, '1' if private else '0') d.addCallback(self._repair_and_get_doc, self._repair_active_docs) + d.addCallback(self._check_version) return d def _get_key_doc_from_fingerprint(self, fingerprint, private): @@ -743,6 +746,7 @@ class OpenPGPScheme(object): fingerprint, '1' if private else '0') d.addCallback(self._repair_and_get_doc, self._repair_key_docs) + d.addCallback(self._check_version) return d def _repair_and_get_doc(self, doclist, repair_func): @@ -752,6 +756,13 @@ class OpenPGPScheme(object): return repair_func(doclist) return doclist[0] + def _check_version(self, doc): + if doc is not None: + version = doc.content[KEY_VERSION_KEY] + if version > KEYMANAGER_DOC_VERSION: + raise errors.KeyVersionError(str(version)) + return doc + def _repair_key_docs(self, doclist): """ If there is more than one key for a key id try to self-repair it -- cgit v1.2.3