From b16437ac68a72b128e3771e0847f376237f649a3 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 21 May 2013 17:22:14 -0300 Subject: Remove openpgp symmetric encryption. --- src/leap/common/crypto.py | 4 +- src/leap/common/keymanager/__init__.py | 1 - src/leap/common/keymanager/openpgp.py | 78 -------------------------------- src/leap/common/tests/test_keymanager.py | 46 ------------------- 4 files changed, 2 insertions(+), 127 deletions(-) diff --git a/src/leap/common/crypto.py b/src/leap/common/crypto.py index f49933b..d7a8457 100644 --- a/src/leap/common/crypto.py +++ b/src/leap/common/crypto.py @@ -83,14 +83,14 @@ def decrypt_sym(data, key, method=EncryptionMethods.AES_256_CTR, **kwargs): """ Decrypt C{data} with C{key} using C{method} encryption method. - @param data: The data to be decrypted with prepended IV. + @param data: The data to be decrypted. @type data: str @param key: The key used to decrypt C{data} (must be 256 bits long). @type key: str @param method: The encryption method to use. @type method: str @param kwargs: Other parameters specific to each encryption method. - @type kwargs: long + @type kwargs: dict @return: The decrypted data. @rtype: str diff --git a/src/leap/common/keymanager/__init__.py b/src/leap/common/keymanager/__init__.py index ad9bb3b..7aaeddf 100644 --- a/src/leap/common/keymanager/__init__.py +++ b/src/leap/common/keymanager/__init__.py @@ -39,7 +39,6 @@ from leap.common.keymanager.keys import ( from leap.common.keymanager.openpgp import ( OpenPGPKey, OpenPGPScheme, - encrypt_sym, ) diff --git a/src/leap/common/keymanager/openpgp.py b/src/leap/common/keymanager/openpgp.py index e60833b..d53afd6 100644 --- a/src/leap/common/keymanager/openpgp.py +++ b/src/leap/common/keymanager/openpgp.py @@ -270,70 +270,6 @@ class TempGPGWrapper(object): # API functions # -@with_temporary_gpg -def encrypt_sym(data, passphrase=None, sign=None): - """ - Encrypt C{data} with C{passphrase} and sign with C{sign} private key. - - @param data: The data to be encrypted. - @type data: str - @param passphrase: The passphrase used to encrypt C{data}. - @type passphrase: str - @param sign: The private key used for signing. - @type sign: OpenPGPKey - - @return: The encrypted data. - @rtype: str - """ - leap_assert_type(passphrase, str) - if sign is not None: - leap_assert_type(sign, OpenPGPKey) - leap_assert(sign.private is True) - - # Here we cannot assert for correctness of sig because the sig is in - # the ciphertext. - # result.ok - (bool) indicates if the operation succeeded - # result.data - (bool) contains the result of the operation - - return lambda gpg: gpg.encrypt( - data, None, - sign=sign.key_id if sign else None, - passphrase=passphrase, symmetric=True) - - -@with_temporary_gpg -def decrypt_sym(data, passphrase=None, verify=None): - """ - Decrypt C{data} with C{passphrase} and verify with C{verify} public - key. - - @param data: The data to be decrypted. - @type data: str - @param passphrase: The passphrase used to decrypt C{data}. - @type passphrase: str - @param verify: The key used to verify a signature. - @type verify: OpenPGPKey - - @return: The decrypted data. - @rtype: str - - @raise InvalidSignature: Raised if unable to verify the signature with - C{verify} key. - """ - leap_assert_type(passphrase, str) - if verify is not None: - leap_assert_type(verify, OpenPGPKey) - leap_assert(verify.private is False) - - # result.ok - (bool) indicates if the operation succeeded - # result.valid - (bool) indicates if the signature was verified - # result.data - (bool) contains the result of the operation - # result.pubkey_fingerpring - (str) contains the fingerprint of the - # public key that signed this data. - return lambda gpg: gpg.decrypt( - data, passphrase=passphrase) - - @with_temporary_gpg def encrypt_asym(data, key, passphrase=None, sign=None): """ @@ -407,20 +343,6 @@ def is_encrypted(data): return lambda gpg: gpg.is_encrypted(data) -@with_temporary_gpg -def is_encrypted_sym(data): - """ - Return whether C{data} was encrypted using a public OpenPGP key. - - @param data: The data we want to know about. - @type data: str - - @return: Whether C{data} was encrypted using this wrapper. - @rtype: bool - """ - return lambda gpg: gpg.is_encrypted_sym(data) - - @with_temporary_gpg def is_encrypted_asym(data): """ diff --git a/src/leap/common/tests/test_keymanager.py b/src/leap/common/tests/test_keymanager.py index dcd525c..cffa073 100644 --- a/src/leap/common/tests/test_keymanager.py +++ b/src/leap/common/tests/test_keymanager.py @@ -223,7 +223,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') self.assertTrue(openpgp.is_encrypted_asym(cyphertext)) - self.assertFalse(openpgp.is_encrypted_sym(cyphertext)) self.assertTrue(openpgp.is_encrypted(cyphertext)) # decrypt self.assertRaises( @@ -238,19 +237,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): self.assertRaises( KeyNotFound, pgp.get_key, ADDRESS, private=True) - def test_openpgp_encrypt_decrypt_sym(self): - cyphertext = openpgp.encrypt_sym( - 'data', passphrase='pass') - self.assertTrue(cyphertext is not None) - self.assertTrue(cyphertext != '') - self.assertTrue(cyphertext != 'data') - self.assertTrue(openpgp.is_encrypted_sym(cyphertext)) - self.assertFalse(openpgp.is_encrypted_asym(cyphertext)) - self.assertTrue(openpgp.is_encrypted(cyphertext)) - plaintext = openpgp.decrypt_sym( - cyphertext, passphrase='pass') - self.assertEqual('data', plaintext) - def test_verify_with_private_raises(self): pgp = openpgp.OpenPGPScheme(self._soledad) pgp.put_ascii_key(PRIVATE_KEY) @@ -292,15 +278,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): AssertionError, openpgp.encrypt_asym, data, privkey, sign=pubkey) - def test_encrypt_sym_sign_with_public_raises(self): - pgp = openpgp.OpenPGPScheme(self._soledad) - pgp.put_ascii_key(PUBLIC_KEY) - data = 'data' - pubkey = pgp.get_key(ADDRESS, private=False) - self.assertRaises( - AssertionError, - openpgp.encrypt_sym, data, passphrase='123', sign=pubkey) - def test_decrypt_asym_verify_with_private_raises(self): pgp = openpgp.OpenPGPScheme(self._soledad) pgp.put_ascii_key(PRIVATE_KEY) @@ -327,18 +304,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): errors.InvalidSignature, openpgp.verify, encrypted_and_signed, wrongkey) - def test_decrypt_sym_verify_with_private_raises(self): - pgp = openpgp.OpenPGPScheme(self._soledad) - pgp.put_ascii_key(PRIVATE_KEY) - data = 'data' - privkey = pgp.get_key(ADDRESS, private=True) - encrypted_and_signed = openpgp.encrypt_sym(data, '123', sign=privkey) - pgp.put_ascii_key(PUBLIC_KEY_2) - wrongkey = pgp.get_key(ADDRESS_2) - self.assertRaises( - errors.InvalidSignature, - openpgp.verify, encrypted_and_signed, wrongkey) - def test_sign_verify(self): pgp = openpgp.OpenPGPScheme(self._soledad) pgp.put_ascii_key(PRIVATE_KEY) @@ -363,17 +328,6 @@ class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): encrypted_and_signed, privkey2, verify=pubkey) self.assertTrue(data, res) - def test_encrypt_sym_sign_decrypt_verify(self): - pgp = openpgp.OpenPGPScheme(self._soledad) - pgp.put_ascii_key(PRIVATE_KEY) - data = 'data' - privkey = pgp.get_key(ADDRESS, private=True) - pubkey = pgp.get_key(ADDRESS, private=False) - encrypted_and_signed = openpgp.encrypt_sym(data, '123', sign=privkey) - res = openpgp.decrypt_sym( - encrypted_and_signed, '123', verify=pubkey) - self.assertEqual(data, res) - class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): -- cgit v1.2.3