diff options
Diffstat (limited to 'keymanager/src/leap/keymanager/tests/test_openpgp.py')
-rw-r--r-- | keymanager/src/leap/keymanager/tests/test_openpgp.py | 364 |
1 files changed, 0 insertions, 364 deletions
diff --git a/keymanager/src/leap/keymanager/tests/test_openpgp.py b/keymanager/src/leap/keymanager/tests/test_openpgp.py deleted file mode 100644 index 17a6b79..0000000 --- a/keymanager/src/leap/keymanager/tests/test_openpgp.py +++ /dev/null @@ -1,364 +0,0 @@ -# -*- coding: utf-8 -*- -# test_keymanager.py -# Copyright (C) 2014 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - - -""" -Tests for the OpenPGP support on Key Manager. -""" - - -from datetime import datetime -from mock import Mock -from twisted.internet.defer import inlineCallbacks, gatherResults, succeed - -from leap.keymanager import ( - KeyNotFound, - openpgp, -) -from leap.keymanager.documents import ( - TYPE_FINGERPRINT_PRIVATE_INDEX, - TYPE_ADDRESS_PRIVATE_INDEX, -) -from leap.keymanager.keys import OpenPGPKey -from leap.keymanager.tests import ( - KeyManagerWithSoledadTestCase, - ADDRESS, - ADDRESS_2, - KEY_FINGERPRINT, - PUBLIC_KEY, - PUBLIC_KEY_2, - PRIVATE_KEY, - PRIVATE_KEY_2, -) - - -class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): - - # set the trial timeout to 20min, needed by the key generation test - timeout = 1200 - - @inlineCallbacks - def _test_openpgp_gen_key(self): - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield self._assert_key_not_found(pgp, 'user@leap.se') - key = yield pgp.gen_key('user@leap.se') - self.assertIsInstance(key, OpenPGPKey) - self.assertEqual( - 'user@leap.se', key.address, 'Wrong address bound to key.') - self.assertEqual( - 4096, key.length, 'Wrong key length.') - - @inlineCallbacks - def test_openpgp_put_delete_key(self): - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield self._assert_key_not_found(pgp, ADDRESS) - yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) - key = yield pgp.get_key(ADDRESS, private=False) - yield pgp.delete_key(key) - yield self._assert_key_not_found(pgp, ADDRESS) - - @inlineCallbacks - def test_openpgp_put_ascii_key(self): - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield self._assert_key_not_found(pgp, ADDRESS) - yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) - key = yield pgp.get_key(ADDRESS, private=False) - self.assertIsInstance(key, OpenPGPKey) - self.assertTrue( - ADDRESS in key.address, 'Wrong address bound to key.') - self.assertEqual( - 4096, key.length, 'Wrong key length.') - yield pgp.delete_key(key) - yield self._assert_key_not_found(pgp, ADDRESS) - - @inlineCallbacks - def test_get_public_key(self): - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield self._assert_key_not_found(pgp, ADDRESS) - yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) - yield self._assert_key_not_found(pgp, ADDRESS, private=True) - key = yield pgp.get_key(ADDRESS, private=False) - self.assertTrue(ADDRESS in key.address) - self.assertFalse(key.private) - self.assertEqual(KEY_FINGERPRINT, key.fingerprint) - yield pgp.delete_key(key) - yield self._assert_key_not_found(pgp, ADDRESS) - - @inlineCallbacks - def test_openpgp_encrypt_decrypt(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - - # encrypt - yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) - pubkey = yield pgp.get_key(ADDRESS, private=False) - cyphertext = yield pgp.encrypt(data, pubkey) - - self.assertTrue(cyphertext is not None) - self.assertTrue(cyphertext != '') - self.assertTrue(cyphertext != data) - self.assertTrue(pgp.is_encrypted(cyphertext)) - self.assertTrue(pgp.is_encrypted(cyphertext)) - - # decrypt - yield self._assert_key_not_found(pgp, ADDRESS, private=True) - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - privkey = yield pgp.get_key(ADDRESS, private=True) - decrypted, _ = yield pgp.decrypt(cyphertext, privkey) - self.assertEqual(decrypted, data) - - yield pgp.delete_key(pubkey) - yield pgp.delete_key(privkey) - yield self._assert_key_not_found(pgp, ADDRESS, private=False) - yield self._assert_key_not_found(pgp, ADDRESS, private=True) - - @inlineCallbacks - def test_verify_with_private_raises(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - privkey = yield pgp.get_key(ADDRESS, private=True) - signed = pgp.sign(data, privkey) - self.assertRaises( - AssertionError, - pgp.verify, signed, privkey) - - @inlineCallbacks - def test_sign_with_public_raises(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) - self.assertRaises( - AssertionError, - pgp.sign, data, ADDRESS, OpenPGPKey) - - @inlineCallbacks - def test_verify_with_wrong_key_raises(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - privkey = yield pgp.get_key(ADDRESS, private=True) - signed = pgp.sign(data, privkey) - yield pgp.put_raw_key(PUBLIC_KEY_2, ADDRESS_2) - wrongkey = yield pgp.get_key(ADDRESS_2) - self.assertFalse(pgp.verify(signed, wrongkey)) - - @inlineCallbacks - def test_encrypt_sign_with_public_raises(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - privkey = yield pgp.get_key(ADDRESS, private=True) - pubkey = yield pgp.get_key(ADDRESS, private=False) - self.failureResultOf( - pgp.encrypt(data, privkey, sign=pubkey), - AssertionError) - - @inlineCallbacks - def test_decrypt_verify_with_private_raises(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - privkey = yield pgp.get_key(ADDRESS, private=True) - pubkey = yield pgp.get_key(ADDRESS, private=False) - encrypted_and_signed = yield pgp.encrypt( - data, pubkey, sign=privkey) - self.failureResultOf( - pgp.decrypt(encrypted_and_signed, privkey, verify=privkey), - AssertionError) - - @inlineCallbacks - def test_decrypt_verify_with_wrong_key(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - privkey = yield pgp.get_key(ADDRESS, private=True) - pubkey = yield pgp.get_key(ADDRESS, private=False) - encrypted_and_signed = yield pgp.encrypt(data, pubkey, sign=privkey) - yield pgp.put_raw_key(PUBLIC_KEY_2, ADDRESS_2) - wrongkey = yield pgp.get_key(ADDRESS_2) - decrypted, validsign = yield pgp.decrypt(encrypted_and_signed, - privkey, - verify=wrongkey) - self.assertEqual(decrypted, data) - self.assertFalse(validsign) - - @inlineCallbacks - def test_sign_verify(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - privkey = yield pgp.get_key(ADDRESS, private=True) - signed = pgp.sign(data, privkey, detach=False) - pubkey = yield pgp.get_key(ADDRESS, private=False) - validsign = pgp.verify(signed, pubkey) - self.assertTrue(validsign) - - @inlineCallbacks - def test_encrypt_sign_decrypt_verify(self): - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - pubkey = yield pgp.get_key(ADDRESS, private=False) - privkey = yield pgp.get_key(ADDRESS, private=True) - - yield pgp.put_raw_key(PRIVATE_KEY_2, ADDRESS_2) - pubkey2 = yield pgp.get_key(ADDRESS_2, private=False) - privkey2 = yield pgp.get_key(ADDRESS_2, private=True) - - data = 'data' - encrypted_and_signed = yield pgp.encrypt( - data, pubkey2, sign=privkey) - res, validsign = yield pgp.decrypt( - encrypted_and_signed, privkey2, verify=pubkey) - self.assertEqual(data, res) - self.assertTrue(validsign) - - @inlineCallbacks - def test_sign_verify_detached_sig(self): - data = 'data' - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PRIVATE_KEY, ADDRESS) - privkey = yield pgp.get_key(ADDRESS, private=True) - signature = yield pgp.sign(data, privkey, detach=True) - pubkey = yield pgp.get_key(ADDRESS, private=False) - validsign = pgp.verify(data, pubkey, detached_sig=signature) - self.assertTrue(validsign) - - @inlineCallbacks - def test_self_repair_three_keys(self): - refreshed_keep = datetime(2007, 1, 1) - self._insert_key_docs([datetime(2005, 1, 1), - refreshed_keep, - datetime(2001, 1, 1)]) - delete_doc = self._mock_delete_doc() - - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - key = yield pgp.get_key(ADDRESS, private=False) - self.assertEqual(key.refreshed_at, refreshed_keep) - self.assertEqual(self.count, 2) - self._soledad.delete_doc = delete_doc - - @inlineCallbacks - def test_self_repair_no_keys(self): - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) - - get_from_index = self._soledad.get_from_index - delete_doc = self._soledad.delete_doc - - def my_get_from_index(*args): - if (args[0] == TYPE_FINGERPRINT_PRIVATE_INDEX and - args[2] == KEY_FINGERPRINT): - return succeed([]) - return get_from_index(*args) - - self._soledad.get_from_index = my_get_from_index - self._soledad.delete_doc = Mock(return_value=succeed(None)) - - try: - yield self.assertFailure(pgp.get_key(ADDRESS, private=False), - KeyNotFound) - # it should have deleted the index - self.assertEqual(self._soledad.delete_doc.call_count, 1) - finally: - self._soledad.get_from_index = get_from_index - self._soledad.delete_doc = delete_doc - - @inlineCallbacks - def test_self_repair_put_keys(self): - self._insert_key_docs([datetime(2005, 1, 1), - datetime(2007, 1, 1), - datetime(2001, 1, 1)]) - delete_doc = self._mock_delete_doc() - - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - yield pgp.put_raw_key(PUBLIC_KEY, ADDRESS) - self._soledad.delete_doc = delete_doc - self.assertEqual(self.count, 2) - - @inlineCallbacks - def test_self_repair_six_active_docs(self): - pgp = openpgp.OpenPGPScheme( - self._soledad, gpgbinary=self.gpg_binary_path) - - k1 = OpenPGPKey(ADDRESS, fingerprint="1", - refreshed_at=datetime(2005, 1, 1)) - k2 = OpenPGPKey(ADDRESS, fingerprint="2", - refreshed_at=datetime(2007, 1, 1)) - k3 = OpenPGPKey(ADDRESS, fingerprint="3", - refreshed_at=datetime(2007, 1, 1), - encr_used=True, sign_used=True) - k4 = OpenPGPKey(ADDRESS, fingerprint="4", - refreshed_at=datetime(2007, 1, 1), - sign_used=True) - k5 = OpenPGPKey(ADDRESS, fingerprint="5", - refreshed_at=datetime(2007, 1, 1), - encr_used=True) - k6 = OpenPGPKey(ADDRESS, fingerprint="6", - refreshed_at=datetime(2006, 1, 1), - encr_used=True, sign_used=True) - keys = (k1, k2, k3, k4, k5, k6) - for key in keys: - yield self._soledad.create_doc_from_json(key.get_json()) - yield self._soledad.create_doc_from_json(key.get_active_json()) - - delete_doc = self._mock_delete_doc() - - key = yield pgp.get_key(ADDRESS, private=False) - self._soledad.delete_doc = delete_doc - self.assertEqual(self.count, 5) - self.assertEqual(key.fingerprint, "3") - - def _assert_key_not_found(self, pgp, address, private=False): - d = pgp.get_key(address, private=private) - return self.assertFailure(d, KeyNotFound) - - @inlineCallbacks - def _insert_key_docs(self, refreshed_at): - for date in refreshed_at: - key = OpenPGPKey(ADDRESS, fingerprint=KEY_FINGERPRINT, - refreshed_at=date) - yield self._soledad.create_doc_from_json(key.get_json()) - yield self._soledad.create_doc_from_json(key.get_active_json()) - - def _mock_delete_doc(self): - delete_doc = self._soledad.delete_doc - self.count = 0 - - def my_delete_doc(*args): - self.count += 1 - return delete_doc(*args) - self._soledad.delete_doc = my_delete_doc - return delete_doc |