Add check for encryption method.

author: drebs <drebs@leap.se> 2013-05-21 16:47:18 -0300
committer: drebs <drebs@leap.se> 2013-05-21 17:43:22 -0300
commit: e048f0e7e6a56e289188b02e1205fbb025cb38a6 (patch)
tree: 3a21302b6a3c392dacc8b04d6e343b1df06e8709
parent: 0f822e6b75e842bbc086cbcbdd096316533ca7ca (diff)
1 files changed, 11 insertions, 6 deletions
diff --git a/src/leap/soledad/backends/leap_backend.py b/src/leap/soledad/backends/leap_backend.py
index 8fa662e9..bb8ee548 100644
--- a/src/leap/soledad/backends/leap_backend.py
+++ b/src/leap/soledad/backends/leap_backend.py
@@ -38,6 +38,7 @@ from u1db.remote.http_target import HTTPSyncTarget
 
 from leap.common.crypto import (
     EncryptionMethods,
+    UnknownEncryptionMethod,
     encrypt_sym,
     decrypt_sym,
 )
@@ -242,12 +243,16 @@ def decrypt_doc(crypto, doc):
     enc_scheme = doc.content[ENC_SCHEME_KEY]
     plainjson = None
     if enc_scheme == EncryptionSchemes.SYMKEY:
-        leap_assert(ENC_IV_KEY in doc.content)
-        plainjson = decrypt_sym(
-            ciphertext,
-            crypto.doc_passphrase(doc.doc_id),
-            method=doc.content[ENC_METHOD_KEY],
-            iv=doc.content[ENC_IV_KEY])
+        enc_method = doc.content[ENC_METHOD_KEY]
+        if enc_method == EncryptionMethods.AES_256_CTR:
+            leap_assert(ENC_IV_KEY in doc.content)
+            plainjson = decrypt_sym(
+                ciphertext,
+                crypto.doc_passphrase(doc.doc_id),
+                method=enc_method,
+                iv=doc.content[ENC_IV_KEY])
+        else:
+            raise UnknownEncryptionMethod(enc_method)
     else:
         raise UnknownEncryptionScheme(enc_scheme)
     return plainjson
author	drebs <drebs@leap.se>	2013-05-21 16:47:18 -0300
committer	drebs <drebs@leap.se>	2013-05-21 17:43:22 -0300
commit	e048f0e7e6a56e289188b02e1205fbb025cb38a6 (patch)
tree	3a21302b6a3c392dacc8b04d6e343b1df06e8709
parent	0f822e6b75e842bbc086cbcbdd096316533ca7ca (diff)