summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2013-05-09 15:56:04 -0300
committerdrebs <drebs@leap.se>2013-05-09 15:56:04 -0300
commit8fae83a20504851845eeda5c089f2c53f8678eae (patch)
tree9e833cf8dbfb0c2e2db82a5f1083bd0f2284d1ea
parentc72aa2e8c356d57c272ce91e72417ee231edd57d (diff)
Add sign/verify to keymanager's openpgp.
-rw-r--r--src/leap/common/keymanager/openpgp.py47
-rw-r--r--src/leap/common/tests/test_keymanager.py30
2 files changed, 74 insertions, 3 deletions
diff --git a/src/leap/common/keymanager/openpgp.py b/src/leap/common/keymanager/openpgp.py
index e2ffe76..0fd314a 100644
--- a/src/leap/common/keymanager/openpgp.py
+++ b/src/leap/common/keymanager/openpgp.py
@@ -25,7 +25,7 @@ import re
import tempfile
import shutil
-from leap.common.check import leap_assert
+from leap.common.check import leap_assert, leap_assert_type
from leap.common.keymanager.errors import (
KeyNotFound,
KeyAlreadyExists,
@@ -42,7 +42,7 @@ from leap.common.keymanager.gpg import GPGWrapper
#
-# Utility functions
+# API functions
#
def encrypt_sym(data, passphrase):
@@ -175,6 +175,49 @@ def is_encrypted_asym(data):
return _safe_call(_is_encrypted_cb)
+def sign(data, key):
+ """
+ Sign C{data} with C{key}.
+
+ @param data: The data to be signed.
+ @type data: str
+ @param key: The key to be used to sign.
+ @type key: OpenPGPKey
+
+ @return: The ascii-armored signed data.
+ @rtype: str
+ """
+ leap_assert_type(key, OpenPGPKey)
+ leap_assert(key.private == True)
+
+ def _sign_cb(gpg):
+ return gpg.sign(data, keyid=key.key_id).data
+
+ return _safe_call(_sign_cb, key.key_data)
+
+def verify(data, key):
+ """
+ Verify signed C{data} with C{key}.
+
+ @param data: The data to be verified.
+ @type data: str
+ @param key: The key to be used on verification.
+ @type key: OpenPGPKey
+
+ @return: The ascii-armored signed data.
+ @rtype: str
+ """
+ leap_assert_type(key, OpenPGPKey)
+ leap_assert(key.private == False)
+
+ def _verify_cb(gpg):
+ return gpg.verify(data).valid
+
+ return _safe_call(_verify_cb, key.key_data)
+
+#
+# Helper functions
+#
def _build_key_from_gpg(address, key, key_data):
"""
diff --git a/src/leap/common/tests/test_keymanager.py b/src/leap/common/tests/test_keymanager.py
index 1d7a382..d3dee40 100644
--- a/src/leap/common/tests/test_keymanager.py
+++ b/src/leap/common/tests/test_keymanager.py
@@ -169,7 +169,7 @@ class KeyManagerWithSoledadTestCase(BaseLeapTest):
class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase):
- def test_openpgp_gen_key(self):
+ def _test_openpgp_gen_key(self):
pgp = openpgp.OpenPGPScheme(self._soledad)
self.assertRaises(KeyNotFound, pgp.get_key, 'user@leap.se')
key = pgp.gen_key('user@leap.se')
@@ -363,6 +363,34 @@ class KeyManagerKeyManagementTestCase(
'leap@leap.se'
)
+ def test_verify_with_private_raises(self):
+ km = self._key_manager()
+ km._wrapper_map[OpenPGPKey].put_key_raw(PRIVATE_KEY)
+ data = 'data'
+ privkey = km.get_key(ADDRESS, OpenPGPKey, private=True)
+ signed = openpgp.sign(data, privkey)
+ self.assertRaises(
+ AssertionError,
+ openpgp.verify, signed, privkey)
+
+ def test_sign_with_public_raises(self):
+ km = self._key_manager()
+ km._wrapper_map[OpenPGPKey].put_key_raw(PUBLIC_KEY)
+ data = 'data'
+ pubkey = km.get_key(ADDRESS, OpenPGPKey, private=False)
+ self.assertRaises(
+ AssertionError,
+ openpgp.sign, data, pubkey)
+
+ def test_sign_verify(self):
+ km = self._key_manager()
+ km._wrapper_map[OpenPGPKey].put_key_raw(PRIVATE_KEY)
+ data = 'data'
+ privkey = km.get_key(ADDRESS, OpenPGPKey, private=True)
+ signed = openpgp.sign(data, privkey)
+ pubkey = km.get_key(ADDRESS, OpenPGPKey, private=False)
+ self.assertTrue(openpgp.verify(signed, pubkey))
+
# Key material for testing
KEY_FINGERPRINT = "E36E738D69173C13D709E44F2F455E2824D18DDF"