From 5cb58ca086e88951b0313d7d4dc48a9f4c0c85b5 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 7 Aug 2013 16:29:54 +0200 Subject: Support bundled GPG and change API. - Move openpgp encrypt/decrypt/sign/verify API to inside OpenPGP class. - Add encrypt/decrypt/sign/verify API to KeyManager. - Add possibility of passing custom gpg binary to KeyManager and OpenPGPScheme. - Remove "_asym" suffix from method names. - Bump version to 0.2.1. New API is *not* backwards compatible. --- src/leap/keymanager/tests/test_keymanager.py | 124 +++++++++++++++++++-------- 1 file changed, 88 insertions(+), 36 deletions(-) (limited to 'src/leap/keymanager/tests') diff --git a/src/leap/keymanager/tests/test_keymanager.py b/src/leap/keymanager/tests/test_keymanager.py index 09a6183..a474e32 100644 --- a/src/leap/keymanager/tests/test_keymanager.py +++ b/src/leap/keymanager/tests/test_keymanager.py @@ -40,6 +40,7 @@ from leap.keymanager.keys import ( ADDRESS = 'leap@leap.se' ADDRESS_2 = 'anotheruser@leap.se' +GPG_BINARY_PATH = '/usr/bin/gpg' class KeyManagerUtilTestCase(BaseLeapTest): @@ -136,7 +137,8 @@ class KeyManagerWithSoledadTestCase(BaseLeapTest): km._wrapper_map[key.__class__].delete_key(key) def _key_manager(self, user=ADDRESS, url=''): - return KeyManager(user, url, self._soledad) + return KeyManager(user, url, self._soledad, + gpgbinary=GPG_BINARY_PATH) class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): @@ -152,7 +154,8 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): '4096', key.length, 'Wrong key length.') def test_openpgp_put_delete_key(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) pgp.put_ascii_key(PUBLIC_KEY) key = pgp.get_key(ADDRESS, private=False) @@ -160,7 +163,8 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) def test_openpgp_put_ascii_key(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) pgp.put_ascii_key(PUBLIC_KEY) key = pgp.get_key(ADDRESS, private=False) @@ -173,7 +177,8 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) def test_get_public_key(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) pgp.put_ascii_key(PUBLIC_KEY) self.assertRaises( @@ -185,24 +190,25 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): pgp.delete_key(key) self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) - def test_openpgp_encrypt_decrypt_asym(self): + def test_openpgp_encrypt_decrypt(self): # encrypt - pgp = openpgp.OpenPGPScheme(self._soledad) + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PUBLIC_KEY) pubkey = pgp.get_key(ADDRESS, private=False) - cyphertext = openpgp.encrypt_asym('data', pubkey) + cyphertext = pgp.encrypt('data', pubkey) # assert self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') - self.assertTrue(openpgp.is_encrypted_asym(cyphertext)) - self.assertTrue(openpgp.is_encrypted(cyphertext)) + self.assertTrue(pgp.is_encrypted(cyphertext)) + self.assertTrue(pgp.is_encrypted(cyphertext)) # decrypt self.assertRaises( KeyNotFound, pgp.get_key, ADDRESS, private=True) pgp.put_ascii_key(PRIVATE_KEY) privkey = pgp.get_key(ADDRESS, private=True) - plaintext = openpgp.decrypt_asym(cyphertext, privkey) + plaintext = pgp.decrypt(cyphertext, privkey) pgp.delete_key(pubkey) pgp.delete_key(privkey) self.assertRaises( @@ -211,83 +217,91 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): KeyNotFound, pgp.get_key, ADDRESS, private=True) def test_verify_with_private_raises(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PRIVATE_KEY) data = 'data' privkey = pgp.get_key(ADDRESS, private=True) - signed = openpgp.sign(data, privkey) + signed = pgp.sign(data, privkey) self.assertRaises( AssertionError, - openpgp.verify, signed, privkey) + pgp.verify, signed, privkey) def test_sign_with_public_raises(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PUBLIC_KEY) data = 'data' pubkey = pgp.get_key(ADDRESS, private=False) self.assertRaises( AssertionError, - openpgp.sign, data, pubkey) + pgp.sign, data, pubkey) def test_verify_with_wrong_key_raises(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PRIVATE_KEY) data = 'data' privkey = pgp.get_key(ADDRESS, private=True) - signed = openpgp.sign(data, privkey) + signed = pgp.sign(data, privkey) pgp.put_ascii_key(PUBLIC_KEY_2) wrongkey = pgp.get_key(ADDRESS_2) self.assertRaises( errors.InvalidSignature, - openpgp.verify, signed, wrongkey) + pgp.verify, signed, wrongkey) - def test_encrypt_asym_sign_with_public_raises(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + def test_encrypt_sign_with_public_raises(self): + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PRIVATE_KEY) data = 'data' privkey = pgp.get_key(ADDRESS, private=True) pubkey = pgp.get_key(ADDRESS, private=False) self.assertRaises( AssertionError, - openpgp.encrypt_asym, data, privkey, sign=pubkey) + pgp.encrypt, data, privkey, sign=pubkey) - def test_decrypt_asym_verify_with_private_raises(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + def test_decrypt_verify_with_private_raises(self): + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PRIVATE_KEY) data = 'data' privkey = pgp.get_key(ADDRESS, private=True) pubkey = pgp.get_key(ADDRESS, private=False) - encrypted_and_signed = openpgp.encrypt_asym( + encrypted_and_signed = pgp.encrypt( data, pubkey, sign=privkey) self.assertRaises( AssertionError, - openpgp.decrypt_asym, + pgp.decrypt, encrypted_and_signed, privkey, verify=privkey) - def test_decrypt_asym_verify_with_wrong_key_raises(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + def test_decrypt_verify_with_wrong_key_raises(self): + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PRIVATE_KEY) data = 'data' privkey = pgp.get_key(ADDRESS, private=True) pubkey = pgp.get_key(ADDRESS, private=False) - encrypted_and_signed = openpgp.encrypt_asym(data, pubkey, sign=privkey) + encrypted_and_signed = pgp.encrypt(data, pubkey, sign=privkey) pgp.put_ascii_key(PUBLIC_KEY_2) wrongkey = pgp.get_key(ADDRESS_2) self.assertRaises( errors.InvalidSignature, - openpgp.verify, encrypted_and_signed, wrongkey) + pgp.verify, encrypted_and_signed, wrongkey) def test_sign_verify(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PRIVATE_KEY) data = 'data' privkey = pgp.get_key(ADDRESS, private=True) - signed = openpgp.sign(data, privkey) + signed = pgp.sign(data, privkey) pubkey = pgp.get_key(ADDRESS, private=False) - self.assertTrue(openpgp.verify(signed, pubkey)) + self.assertTrue(pgp.verify(signed, pubkey)) - def test_encrypt_asym_sign_decrypt_verify(self): - pgp = openpgp.OpenPGPScheme(self._soledad) + def test_encrypt_sign_decrypt_verify(self): + pgp = openpgp.OpenPGPScheme( + self._soledad, gpgbinary=GPG_BINARY_PATH) pgp.put_ascii_key(PRIVATE_KEY) pubkey = pgp.get_key(ADDRESS, private=False) privkey = pgp.get_key(ADDRESS, private=True) @@ -295,9 +309,9 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): pubkey2 = pgp.get_key(ADDRESS_2, private=False) privkey2 = pgp.get_key(ADDRESS_2, private=True) data = 'data' - encrypted_and_signed = openpgp.encrypt_asym( + encrypted_and_signed = pgp.encrypt( data, pubkey2, sign=privkey) - res = openpgp.decrypt_asym( + res = pgp.decrypt( encrypted_and_signed, privkey2, verify=pubkey) self.assertTrue(data, res) @@ -448,6 +462,44 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): self.assertEqual(ADDRESS_2, key.address) +class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase): + + RAW_DATA = 'data' + + def test_keymanager_openpgp_encrypt_decrypt(self): + km = self._key_manager() + # put raw private key + km._wrapper_map[OpenPGPKey].put_ascii_key(PRIVATE_KEY) + # get public key + pubkey = km.get_key( + ADDRESS, OpenPGPKey, private=False, fetch_remote=False) + # encrypt + encdata = km.encrypt(self.RAW_DATA, pubkey) + self.assertNotEqual(self.RAW_DATA, encdata) + # get private key + privkey = km.get_key( + ADDRESS, OpenPGPKey, private=True, fetch_remote=False) + # decrypt + rawdata = km.decrypt(encdata, privkey) + self.assertEqual(self.RAW_DATA, rawdata) + + def test_keymanager_openpgp_sign_verify(self): + km = self._key_manager() + # put raw private keys + km._wrapper_map[OpenPGPKey].put_ascii_key(PRIVATE_KEY) + # get private key for signing + privkey = km.get_key( + ADDRESS, OpenPGPKey, private=True, fetch_remote=False) + # encrypt + signdata = km.sign(self.RAW_DATA, privkey) + self.assertNotEqual(self.RAW_DATA, signdata) + # get public key for verifying + pubkey = km.get_key( + ADDRESS, OpenPGPKey, private=False, fetch_remote=False) + # decrypt + self.assertTrue(km.verify(signdata, pubkey)) + + # Key material for testing # key 24D18DDF: public key "Leap Test Key " -- cgit v1.2.3