From 8fae83a20504851845eeda5c089f2c53f8678eae Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 9 May 2013 15:56:04 -0300 Subject: Add sign/verify to keymanager's openpgp. --- src/leap/common/keymanager/openpgp.py | 47 ++++++++++++++++++++++++++++++-- src/leap/common/tests/test_keymanager.py | 30 +++++++++++++++++++- 2 files changed, 74 insertions(+), 3 deletions(-) diff --git a/src/leap/common/keymanager/openpgp.py b/src/leap/common/keymanager/openpgp.py index e2ffe76..0fd314a 100644 --- a/src/leap/common/keymanager/openpgp.py +++ b/src/leap/common/keymanager/openpgp.py @@ -25,7 +25,7 @@ import re import tempfile import shutil -from leap.common.check import leap_assert +from leap.common.check import leap_assert, leap_assert_type from leap.common.keymanager.errors import ( KeyNotFound, KeyAlreadyExists, @@ -42,7 +42,7 @@ from leap.common.keymanager.gpg import GPGWrapper # -# Utility functions +# API functions # def encrypt_sym(data, passphrase): @@ -175,6 +175,49 @@ def is_encrypted_asym(data): return _safe_call(_is_encrypted_cb) +def sign(data, key): + """ + Sign C{data} with C{key}. + + @param data: The data to be signed. + @type data: str + @param key: The key to be used to sign. + @type key: OpenPGPKey + + @return: The ascii-armored signed data. + @rtype: str + """ + leap_assert_type(key, OpenPGPKey) + leap_assert(key.private == True) + + def _sign_cb(gpg): + return gpg.sign(data, keyid=key.key_id).data + + return _safe_call(_sign_cb, key.key_data) + +def verify(data, key): + """ + Verify signed C{data} with C{key}. + + @param data: The data to be verified. + @type data: str + @param key: The key to be used on verification. + @type key: OpenPGPKey + + @return: The ascii-armored signed data. + @rtype: str + """ + leap_assert_type(key, OpenPGPKey) + leap_assert(key.private == False) + + def _verify_cb(gpg): + return gpg.verify(data).valid + + return _safe_call(_verify_cb, key.key_data) + +# +# Helper functions +# def _build_key_from_gpg(address, key, key_data): """ diff --git a/src/leap/common/tests/test_keymanager.py b/src/leap/common/tests/test_keymanager.py index 1d7a382..d3dee40 100644 --- a/src/leap/common/tests/test_keymanager.py +++ b/src/leap/common/tests/test_keymanager.py @@ -169,7 +169,7 @@ class KeyManagerWithSoledadTestCase(BaseLeapTest): class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): - def test_openpgp_gen_key(self): + def _test_openpgp_gen_key(self): pgp = openpgp.OpenPGPScheme(self._soledad) self.assertRaises(KeyNotFound, pgp.get_key, 'user@leap.se') key = pgp.gen_key('user@leap.se') @@ -363,6 +363,34 @@ class KeyManagerKeyManagementTestCase( 'leap@leap.se' ) + def test_verify_with_private_raises(self): + km = self._key_manager() + km._wrapper_map[OpenPGPKey].put_key_raw(PRIVATE_KEY) + data = 'data' + privkey = km.get_key(ADDRESS, OpenPGPKey, private=True) + signed = openpgp.sign(data, privkey) + self.assertRaises( + AssertionError, + openpgp.verify, signed, privkey) + + def test_sign_with_public_raises(self): + km = self._key_manager() + km._wrapper_map[OpenPGPKey].put_key_raw(PUBLIC_KEY) + data = 'data' + pubkey = km.get_key(ADDRESS, OpenPGPKey, private=False) + self.assertRaises( + AssertionError, + openpgp.sign, data, pubkey) + + def test_sign_verify(self): + km = self._key_manager() + km._wrapper_map[OpenPGPKey].put_key_raw(PRIVATE_KEY) + data = 'data' + privkey = km.get_key(ADDRESS, OpenPGPKey, private=True) + signed = openpgp.sign(data, privkey) + pubkey = km.get_key(ADDRESS, OpenPGPKey, private=False) + self.assertTrue(openpgp.verify(signed, pubkey)) + # Key material for testing KEY_FINGERPRINT = "E36E738D69173C13D709E44F2F455E2824D18DDF" -- cgit v1.2.3