summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVictor Shyba <victor1984@riseup.net>2017-03-15 20:29:03 -0300
committerdrebs <drebs@leap.se>2017-04-04 18:27:33 +0200
commit0b9d59f0a61ac05aa1dd751d17f2ef58eea8a2d0 (patch)
tree670aff6d43014e0b5d0c591c9d222e59a4512531
parent3ae9343ebe4f3b7ddcdafcee22c987e49dead451 (diff)
[feature] unarmored incremental blobs decrypt
-rw-r--r--client/src/leap/soledad/client/_blobs.py45
-rw-r--r--testing/tests/blobs/test_blobs.py49
2 files changed, 80 insertions, 14 deletions
diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py
index 97d4c39c..e0326378 100644
--- a/client/src/leap/soledad/client/_blobs.py
+++ b/client/src/leap/soledad/client/_blobs.py
@@ -23,6 +23,7 @@ from urlparse import urljoin
import os.path
import uuid
+import base64
from io import BytesIO
from functools import partial
@@ -92,29 +93,45 @@ class ConnectionPool(adbapi.ConnectionPool):
class DecrypterBuffer(object):
- def __init__(self, doc_id, rev, secret):
+ def __init__(self, doc_id, rev, secret, tag):
self.decrypter = None
self.buffer = BytesIO()
self.doc_info = DocInfo(doc_id, rev)
self.secret = secret
+ self.tag = tag
self.d = None
def write(self, data):
if not self.decrypter:
+ return self.prepare_decrypter(data)
+
+ self.buffer.write(data)
+ if self.buffer.tell() > 16:
+ overflow_size = self.buffer.tell() - 16
+ self.buffer.seek(0)
+ self.decrypter.write(self.buffer.read(overflow_size))
+ remaining = self.buffer.read()
+ self.buffer.seek(0)
+ self.buffer.write(remaining)
+ self.buffer.truncate()
+
+ def prepare_decrypter(self, data):
+ if ' ' not in data:
self.buffer.write(data)
- self.decrypter = BlobDecryptor(
- self.doc_info, self.buffer,
- secret=self.secret,
- armor=True,
- start_stream=False)
- self.d = self.decrypter.decrypt()
- else:
- self.decrypter.write(data)
+ return
+ preamble_chunk, remaining = data.split(' ', 1)
+ self.buffer.write(preamble_chunk)
+ self.decrypter = BlobDecryptor(
+ self.doc_info, BytesIO(self.buffer.getvalue()),
+ secret=self.secret,
+ armor=False,
+ start_stream=False,
+ tag=self.tag)
+ self.buffer = BytesIO()
+ self.write(remaining)
def close(self):
- if self.d:
- self.d.addCallback(lambda result: (result, self.decrypter.size))
- return self.d
+ return self.decrypter._end_stream(), self.decrypter.size
class BlobManager(object):
@@ -188,7 +205,7 @@ class BlobManager(object):
doc_info = DocInfo(doc_id, rev)
uri = urljoin(self.remote, self.user + "/" + blob_id)
crypter = BlobEncryptor(doc_info, fd, secret=self.secret,
- armor=True)
+ armor=False)
fd = yield crypter.encrypt()
yield treq.put(uri, data=fd)
logger.info("Finished upload: %s" % (blob_id,))
@@ -212,7 +229,7 @@ class BlobManager(object):
# incrementally collect the body of the response
yield treq.collect(data, buf.write)
- fd, size = yield buf.close()
+ fd, size = buf.close()
logger.info("Finished download: (%s, %d)" % (blob_id, size))
defer.returnValue((fd, size))
diff --git a/testing/tests/blobs/test_blobs.py b/testing/tests/blobs/test_blobs.py
new file mode 100644
index 00000000..5e763026
--- /dev/null
+++ b/testing/tests/blobs/test_blobs.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+# test_crypto.py
+# Copyright (C) 2017 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+Tests for cryptographic related stuff.
+"""
+from twisted.trial import unittest
+from twisted.internet import defer
+from leap.soledad.client._blobs import DecrypterBuffer
+from leap.soledad.client import _crypto
+from io import BytesIO
+
+
+class BlobTestCase(unittest.TestCase):
+
+ class doc_info:
+ doc_id = 'D-deadbeef'
+ rev = '397932e0c77f45fcb7c3732930e7e9b2:1'
+
+ def setUp(self):
+ self.cleartext = BytesIO('rosa de foc')
+ self.secret = 'A' * 96
+ self.blob = _crypto.BlobEncryptor(
+ self.doc_info, self.cleartext,
+ armor=False,
+ secret='A' * 96)
+
+ @defer.inlineCallbacks
+ def test_decrypt_buffer(self):
+ encrypted = (yield self.blob.encrypt()).getvalue()
+ doc_id, rev = self.doc_info.doc_id, self.doc_info.rev
+ tag = encrypted[-16:]
+ buf = DecrypterBuffer(doc_id, rev, self.secret, tag)
+ buf.write(encrypted)
+ fd, size = buf.close()
+ assert fd.getvalue() == 'rosa de foc'