summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2013-05-21 17:22:14 -0300
committerdrebs <drebs@leap.se>2013-05-21 17:22:14 -0300
commitb16437ac68a72b128e3771e0847f376237f649a3 (patch)
treec6a57678f9d43c2b32200f3232260311bff9e0dc
parentc2b8ebb38a72acd2f60659241883a146cc384aec (diff)
Remove openpgp symmetric encryption.
-rw-r--r--src/leap/common/crypto.py4
-rw-r--r--src/leap/common/keymanager/__init__.py1
-rw-r--r--src/leap/common/keymanager/openpgp.py78
-rw-r--r--src/leap/common/tests/test_keymanager.py46
4 files changed, 2 insertions, 127 deletions
diff --git a/src/leap/common/crypto.py b/src/leap/common/crypto.py
index f49933b..d7a8457 100644
--- a/src/leap/common/crypto.py
+++ b/src/leap/common/crypto.py
@@ -83,14 +83,14 @@ def decrypt_sym(data, key, method=EncryptionMethods.AES_256_CTR, **kwargs):
"""
Decrypt C{data} with C{key} using C{method} encryption method.
- @param data: The data to be decrypted with prepended IV.
+ @param data: The data to be decrypted.
@type data: str
@param key: The key used to decrypt C{data} (must be 256 bits long).
@type key: str
@param method: The encryption method to use.
@type method: str
@param kwargs: Other parameters specific to each encryption method.
- @type kwargs: long
+ @type kwargs: dict
@return: The decrypted data.
@rtype: str
diff --git a/src/leap/common/keymanager/__init__.py b/src/leap/common/keymanager/__init__.py
index ad9bb3b..7aaeddf 100644
--- a/src/leap/common/keymanager/__init__.py
+++ b/src/leap/common/keymanager/__init__.py
@@ -39,7 +39,6 @@ from leap.common.keymanager.keys import (
from leap.common.keymanager.openpgp import (
OpenPGPKey,
OpenPGPScheme,
- encrypt_sym,
)
diff --git a/src/leap/common/keymanager/openpgp.py b/src/leap/common/keymanager/openpgp.py
index e60833b..d53afd6 100644
--- a/src/leap/common/keymanager/openpgp.py
+++ b/src/leap/common/keymanager/openpgp.py
@@ -271,70 +271,6 @@ class TempGPGWrapper(object):
#
@with_temporary_gpg
-def encrypt_sym(data, passphrase=None, sign=None):
- """
- Encrypt C{data} with C{passphrase} and sign with C{sign} private key.
-
- @param data: The data to be encrypted.
- @type data: str
- @param passphrase: The passphrase used to encrypt C{data}.
- @type passphrase: str
- @param sign: The private key used for signing.
- @type sign: OpenPGPKey
-
- @return: The encrypted data.
- @rtype: str
- """
- leap_assert_type(passphrase, str)
- if sign is not None:
- leap_assert_type(sign, OpenPGPKey)
- leap_assert(sign.private is True)
-
- # Here we cannot assert for correctness of sig because the sig is in
- # the ciphertext.
- # result.ok - (bool) indicates if the operation succeeded
- # result.data - (bool) contains the result of the operation
-
- return lambda gpg: gpg.encrypt(
- data, None,
- sign=sign.key_id if sign else None,
- passphrase=passphrase, symmetric=True)
-
-
-@with_temporary_gpg
-def decrypt_sym(data, passphrase=None, verify=None):
- """
- Decrypt C{data} with C{passphrase} and verify with C{verify} public
- key.
-
- @param data: The data to be decrypted.
- @type data: str
- @param passphrase: The passphrase used to decrypt C{data}.
- @type passphrase: str
- @param verify: The key used to verify a signature.
- @type verify: OpenPGPKey
-
- @return: The decrypted data.
- @rtype: str
-
- @raise InvalidSignature: Raised if unable to verify the signature with
- C{verify} key.
- """
- leap_assert_type(passphrase, str)
- if verify is not None:
- leap_assert_type(verify, OpenPGPKey)
- leap_assert(verify.private is False)
-
- # result.ok - (bool) indicates if the operation succeeded
- # result.valid - (bool) indicates if the signature was verified
- # result.data - (bool) contains the result of the operation
- # result.pubkey_fingerpring - (str) contains the fingerprint of the
- # public key that signed this data.
- return lambda gpg: gpg.decrypt(
- data, passphrase=passphrase)
-
-
-@with_temporary_gpg
def encrypt_asym(data, key, passphrase=None, sign=None):
"""
Encrypt C{data} using public @{key} and sign with C{sign} key.
@@ -408,20 +344,6 @@ def is_encrypted(data):
@with_temporary_gpg
-def is_encrypted_sym(data):
- """
- Return whether C{data} was encrypted using a public OpenPGP key.
-
- @param data: The data we want to know about.
- @type data: str
-
- @return: Whether C{data} was encrypted using this wrapper.
- @rtype: bool
- """
- return lambda gpg: gpg.is_encrypted_sym(data)
-
-
-@with_temporary_gpg
def is_encrypted_asym(data):
"""
Return whether C{data} was asymmetrically encrypted using OpenPGP.
diff --git a/src/leap/common/tests/test_keymanager.py b/src/leap/common/tests/test_keymanager.py
index dcd525c..cffa073 100644
--- a/src/leap/common/tests/test_keymanager.py
+++ b/src/leap/common/tests/test_keymanager.py
@@ -223,7 +223,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase):
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
self.assertTrue(openpgp.is_encrypted_asym(cyphertext))
- self.assertFalse(openpgp.is_encrypted_sym(cyphertext))
self.assertTrue(openpgp.is_encrypted(cyphertext))
# decrypt
self.assertRaises(
@@ -238,19 +237,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase):
self.assertRaises(
KeyNotFound, pgp.get_key, ADDRESS, private=True)
- def test_openpgp_encrypt_decrypt_sym(self):
- cyphertext = openpgp.encrypt_sym(
- 'data', passphrase='pass')
- self.assertTrue(cyphertext is not None)
- self.assertTrue(cyphertext != '')
- self.assertTrue(cyphertext != 'data')
- self.assertTrue(openpgp.is_encrypted_sym(cyphertext))
- self.assertFalse(openpgp.is_encrypted_asym(cyphertext))
- self.assertTrue(openpgp.is_encrypted(cyphertext))
- plaintext = openpgp.decrypt_sym(
- cyphertext, passphrase='pass')
- self.assertEqual('data', plaintext)
-
def test_verify_with_private_raises(self):
pgp = openpgp.OpenPGPScheme(self._soledad)
pgp.put_ascii_key(PRIVATE_KEY)
@@ -292,15 +278,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase):
AssertionError,
openpgp.encrypt_asym, data, privkey, sign=pubkey)
- def test_encrypt_sym_sign_with_public_raises(self):
- pgp = openpgp.OpenPGPScheme(self._soledad)
- pgp.put_ascii_key(PUBLIC_KEY)
- data = 'data'
- pubkey = pgp.get_key(ADDRESS, private=False)
- self.assertRaises(
- AssertionError,
- openpgp.encrypt_sym, data, passphrase='123', sign=pubkey)
-
def test_decrypt_asym_verify_with_private_raises(self):
pgp = openpgp.OpenPGPScheme(self._soledad)
pgp.put_ascii_key(PRIVATE_KEY)
@@ -327,18 +304,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase):
errors.InvalidSignature,
openpgp.verify, encrypted_and_signed, wrongkey)
- def test_decrypt_sym_verify_with_private_raises(self):
- pgp = openpgp.OpenPGPScheme(self._soledad)
- pgp.put_ascii_key(PRIVATE_KEY)
- data = 'data'
- privkey = pgp.get_key(ADDRESS, private=True)
- encrypted_and_signed = openpgp.encrypt_sym(data, '123', sign=privkey)
- pgp.put_ascii_key(PUBLIC_KEY_2)
- wrongkey = pgp.get_key(ADDRESS_2)
- self.assertRaises(
- errors.InvalidSignature,
- openpgp.verify, encrypted_and_signed, wrongkey)
-
def test_sign_verify(self):
pgp = openpgp.OpenPGPScheme(self._soledad)
pgp.put_ascii_key(PRIVATE_KEY)
@@ -363,17 +328,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase):
encrypted_and_signed, privkey2, verify=pubkey)
self.assertTrue(data, res)
- def test_encrypt_sym_sign_decrypt_verify(self):
- pgp = openpgp.OpenPGPScheme(self._soledad)
- pgp.put_ascii_key(PRIVATE_KEY)
- data = 'data'
- privkey = pgp.get_key(ADDRESS, private=True)
- pubkey = pgp.get_key(ADDRESS, private=False)
- encrypted_and_signed = openpgp.encrypt_sym(data, '123', sign=privkey)
- res = openpgp.decrypt_sym(
- encrypted_and_signed, '123', verify=pubkey)
- self.assertEqual(data, res)
-
class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):