summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVictor Shyba <victor1984@riseup.net>2016-11-11 22:47:56 -0300
committerdrebs <drebs@leap.se>2016-12-12 09:12:01 -0200
commitcc81bb2a8ed0e989159f17061a567230a5059c21 (patch)
tree2a32c448176abaec1dd65230a8313c22c43edab8
parent6fe7e61bfd8f8fd6140b931e55b8c5aae6432321 (diff)
[feature] Adds back support to deprecated crypto
Will be removed when we have the proper tool to migrate data.
-rw-r--r--client/src/leap/soledad/client/_crypto.py13
-rw-r--r--client/src/leap/soledad/client/http_target/__init__.py3
-rw-r--r--client/src/leap/soledad/client/http_target/fetch.py7
-rw-r--r--testing/tests/server/test_server.py2
4 files changed, 17 insertions, 8 deletions
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py
index 1492c1ab..d8d37f55 100644
--- a/client/src/leap/soledad/client/_crypto.py
+++ b/client/src/leap/soledad/client/_crypto.py
@@ -372,11 +372,16 @@ class AESDecryptor(object):
self.done = True
-def is_symmetrically_encrypted(payload):
- if not payload or len(payload) < 24 \
- or not payload.startswith('{"raw": "'):
+def is_symmetrically_encrypted(doc):
+ payload = doc.content
+ if not payload or 'raw' not in payload:
+ return False
+ payload = str(payload['raw'])
+ if len(payload) < 16:
+ return False
+ header = base64.urlsafe_b64decode(payload[:18] + '==')
+ if six.indexbytes(header, 0) != 0x80:
return False
- header = base64.urlsafe_b64decode(payload[9:24] + '==')
ts, sch, meth = struct.unpack('Qbb', header[1:11])
return sch == ENC_SCHEME.symkey and meth == ENC_METHOD.aes_256_ctr
diff --git a/client/src/leap/soledad/client/http_target/__init__.py b/client/src/leap/soledad/client/http_target/__init__.py
index 17b7307c..91d87f0c 100644
--- a/client/src/leap/soledad/client/http_target/__init__.py
+++ b/client/src/leap/soledad/client/http_target/__init__.py
@@ -31,6 +31,7 @@ from twisted.internet import reactor
from leap.soledad.client.http_target.send import HTTPDocSender
from leap.soledad.client.http_target.api import SyncTargetAPI
from leap.soledad.client.http_target.fetch import HTTPDocFetcher
+from leap.soledad.client import crypto as old_crypto
logger = getLogger(__name__)
@@ -87,6 +88,8 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
self._uuid = None
self.set_creds(creds)
self._crypto = crypto
+ # TODO: DEPRECATED CRYPTO
+ self._deprecated_crypto = old_crypto.SoledadCrypto(crypto.secret)
self._sync_db = sync_db
self._insert_doc_cb = None
# asynchronous encryption/decryption attributes
diff --git a/client/src/leap/soledad/client/http_target/fetch.py b/client/src/leap/soledad/client/http_target/fetch.py
index bbc743e1..53650de4 100644
--- a/client/src/leap/soledad/client/http_target/fetch.py
+++ b/client/src/leap/soledad/client/http_target/fetch.py
@@ -25,6 +25,7 @@ from leap.soledad.common.log import getLogger
from leap.soledad.client._crypto import is_symmetrically_encrypted
from leap.soledad.common.document import SoledadDocument
from leap.soledad.common.l2db import errors
+from leap.soledad.client import crypto as old_crypto
from . import fetch_protocol
@@ -112,10 +113,10 @@ class HTTPDocFetcher(object):
# document and insert into local database
doc = SoledadDocument(doc_info['id'], doc_info['rev'], content)
-
- if is_symmetrically_encrypted(content):
+ if is_symmetrically_encrypted(doc):
content = yield self._crypto.decrypt_doc(doc)
-
+ elif old_crypto.is_symmetrically_encrypted(doc):
+ content = self._deprecated_crypto.decrypt_doc(doc)
doc.set_json(content)
# TODO insert blobs here on the blob backend
diff --git a/testing/tests/server/test_server.py b/testing/tests/server/test_server.py
index 2a3cb751..2f958b29 100644
--- a/testing/tests/server/test_server.py
+++ b/testing/tests/server/test_server.py
@@ -413,7 +413,7 @@ class EncryptedSyncTestCase(
self.assertEqual(soldoc.rev, couchdoc.rev)
couch_content = couchdoc.content.keys()
self.assertEqual(['raw'], couch_content)
- self.assertTrue(_crypto.is_symmetrically_encrypted(couchdoc.get_json()))
+ self.assertTrue(_crypto.is_symmetrically_encrypted(couchdoc))
d = sol1.get_all_docs()
d.addCallback(_db1AssertEmptyDocList)