diff options
author | Victor Shyba <victor1984@riseup.net> | 2017-03-15 20:29:03 -0300 |
---|---|---|
committer | drebs <drebs@leap.se> | 2017-04-04 18:27:33 +0200 |
commit | 0b9d59f0a61ac05aa1dd751d17f2ef58eea8a2d0 (patch) | |
tree | 670aff6d43014e0b5d0c591c9d222e59a4512531 | |
parent | 3ae9343ebe4f3b7ddcdafcee22c987e49dead451 (diff) |
[feature] unarmored incremental blobs decrypt
-rw-r--r-- | client/src/leap/soledad/client/_blobs.py | 45 | ||||
-rw-r--r-- | testing/tests/blobs/test_blobs.py | 49 |
2 files changed, 80 insertions, 14 deletions
diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py index 97d4c39c..e0326378 100644 --- a/client/src/leap/soledad/client/_blobs.py +++ b/client/src/leap/soledad/client/_blobs.py @@ -23,6 +23,7 @@ from urlparse import urljoin import os.path import uuid +import base64 from io import BytesIO from functools import partial @@ -92,29 +93,45 @@ class ConnectionPool(adbapi.ConnectionPool): class DecrypterBuffer(object): - def __init__(self, doc_id, rev, secret): + def __init__(self, doc_id, rev, secret, tag): self.decrypter = None self.buffer = BytesIO() self.doc_info = DocInfo(doc_id, rev) self.secret = secret + self.tag = tag self.d = None def write(self, data): if not self.decrypter: + return self.prepare_decrypter(data) + + self.buffer.write(data) + if self.buffer.tell() > 16: + overflow_size = self.buffer.tell() - 16 + self.buffer.seek(0) + self.decrypter.write(self.buffer.read(overflow_size)) + remaining = self.buffer.read() + self.buffer.seek(0) + self.buffer.write(remaining) + self.buffer.truncate() + + def prepare_decrypter(self, data): + if ' ' not in data: self.buffer.write(data) - self.decrypter = BlobDecryptor( - self.doc_info, self.buffer, - secret=self.secret, - armor=True, - start_stream=False) - self.d = self.decrypter.decrypt() - else: - self.decrypter.write(data) + return + preamble_chunk, remaining = data.split(' ', 1) + self.buffer.write(preamble_chunk) + self.decrypter = BlobDecryptor( + self.doc_info, BytesIO(self.buffer.getvalue()), + secret=self.secret, + armor=False, + start_stream=False, + tag=self.tag) + self.buffer = BytesIO() + self.write(remaining) def close(self): - if self.d: - self.d.addCallback(lambda result: (result, self.decrypter.size)) - return self.d + return self.decrypter._end_stream(), self.decrypter.size class BlobManager(object): @@ -188,7 +205,7 @@ class BlobManager(object): doc_info = DocInfo(doc_id, rev) uri = urljoin(self.remote, self.user + "/" + blob_id) crypter = BlobEncryptor(doc_info, fd, secret=self.secret, - armor=True) + armor=False) fd = yield crypter.encrypt() yield treq.put(uri, data=fd) logger.info("Finished upload: %s" % (blob_id,)) @@ -212,7 +229,7 @@ class BlobManager(object): # incrementally collect the body of the response yield treq.collect(data, buf.write) - fd, size = yield buf.close() + fd, size = buf.close() logger.info("Finished download: (%s, %d)" % (blob_id, size)) defer.returnValue((fd, size)) diff --git a/testing/tests/blobs/test_blobs.py b/testing/tests/blobs/test_blobs.py new file mode 100644 index 00000000..5e763026 --- /dev/null +++ b/testing/tests/blobs/test_blobs.py @@ -0,0 +1,49 @@ +# -*- coding: utf-8 -*- +# test_crypto.py +# Copyright (C) 2017 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Tests for cryptographic related stuff. +""" +from twisted.trial import unittest +from twisted.internet import defer +from leap.soledad.client._blobs import DecrypterBuffer +from leap.soledad.client import _crypto +from io import BytesIO + + +class BlobTestCase(unittest.TestCase): + + class doc_info: + doc_id = 'D-deadbeef' + rev = '397932e0c77f45fcb7c3732930e7e9b2:1' + + def setUp(self): + self.cleartext = BytesIO('rosa de foc') + self.secret = 'A' * 96 + self.blob = _crypto.BlobEncryptor( + self.doc_info, self.cleartext, + armor=False, + secret='A' * 96) + + @defer.inlineCallbacks + def test_decrypt_buffer(self): + encrypted = (yield self.blob.encrypt()).getvalue() + doc_id, rev = self.doc_info.doc_id, self.doc_info.rev + tag = encrypted[-16:] + buf = DecrypterBuffer(doc_id, rev, self.secret, tag) + buf.write(encrypted) + fd, size = buf.close() + assert fd.getvalue() == 'rosa de foc' |