[feature] unarmored incremental blobs decrypt

2 files changed, 80 insertions, 14 deletions

diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py
index 97d4c39c..e0326378 100644
--- a/client/src/leap/soledad/client/_blobs.py
+++ b/client/src/leap/soledad/client/_blobs.py
@@ -23,6 +23,7 @@ from urlparse import urljoin
 
 import os.path
 import uuid
+import base64
 
 from io import BytesIO
 from functools import partial
@@ -92,29 +93,45 @@ class ConnectionPool(adbapi.ConnectionPool):
 
 class DecrypterBuffer(object):
 
-    def __init__(self, doc_id, rev, secret):
+    def __init__(self, doc_id, rev, secret, tag):
         self.decrypter = None
         self.buffer = BytesIO()
         self.doc_info = DocInfo(doc_id, rev)
         self.secret = secret
+        self.tag = tag
         self.d = None
 
     def write(self, data):
         if not self.decrypter:
+            return self.prepare_decrypter(data)
+
+        self.buffer.write(data)
+        if self.buffer.tell() > 16:
+            overflow_size = self.buffer.tell() - 16
+            self.buffer.seek(0)
+            self.decrypter.write(self.buffer.read(overflow_size))
+            remaining = self.buffer.read()
+            self.buffer.seek(0)
+            self.buffer.write(remaining)
+            self.buffer.truncate()
+
+    def prepare_decrypter(self, data):
+        if ' ' not in data:
             self.buffer.write(data)
-            self.decrypter = BlobDecryptor(
-                self.doc_info, self.buffer,
-                secret=self.secret,
-                armor=True,
-                start_stream=False)
-            self.d = self.decrypter.decrypt()
-        else:
-            self.decrypter.write(data)
+            return
+        preamble_chunk, remaining = data.split(' ', 1)
+        self.buffer.write(preamble_chunk)
+        self.decrypter = BlobDecryptor(
+            self.doc_info, BytesIO(self.buffer.getvalue()),
+            secret=self.secret,
+            armor=False,
+            start_stream=False,
+            tag=self.tag)
+        self.buffer = BytesIO()
+        self.write(remaining)
 
     def close(self):
-        if self.d:
-            self.d.addCallback(lambda result: (result, self.decrypter.size))
-        return self.d
+        return self.decrypter._end_stream(), self.decrypter.size
 
 
 class BlobManager(object):
@@ -188,7 +205,7 @@ class BlobManager(object):
         doc_info = DocInfo(doc_id, rev)
         uri = urljoin(self.remote, self.user + "/" + blob_id)
         crypter = BlobEncryptor(doc_info, fd, secret=self.secret,
-                                armor=True)
+                                armor=False)
         fd = yield crypter.encrypt()
         yield treq.put(uri, data=fd)
         logger.info("Finished upload: %s" % (blob_id,))
@@ -212,7 +229,7 @@ class BlobManager(object):
 
         # incrementally collect the body of the response
         yield treq.collect(data, buf.write)
-        fd, size = yield buf.close()
+        fd, size = buf.close()
         logger.info("Finished download: (%s, %d)" % (blob_id, size))
         defer.returnValue((fd, size))
 
diff --git a/testing/tests/blobs/test_blobs.py b/testing/tests/blobs/test_blobs.py
new file mode 100644
index 00000000..5e763026
--- /dev/null
+++ b/testing/tests/blobs/test_blobs.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+# test_crypto.py
+# Copyright (C) 2017 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+Tests for cryptographic related stuff.
+"""
+from twisted.trial import unittest
+from twisted.internet import defer
+from leap.soledad.client._blobs import DecrypterBuffer
+from leap.soledad.client import _crypto
+from io import BytesIO
+
+
+class BlobTestCase(unittest.TestCase):
+
+    class doc_info:
+        doc_id = 'D-deadbeef'
+        rev = '397932e0c77f45fcb7c3732930e7e9b2:1'
+
+    def setUp(self):
+        self.cleartext = BytesIO('rosa de foc')
+        self.secret = 'A' * 96
+        self.blob = _crypto.BlobEncryptor(
+            self.doc_info, self.cleartext,
+            armor=False,
+            secret='A' * 96)
+
+    @defer.inlineCallbacks
+    def test_decrypt_buffer(self):
+        encrypted = (yield self.blob.encrypt()).getvalue()
+        doc_id, rev = self.doc_info.doc_id, self.doc_info.rev
+        tag = encrypted[-16:]
+        buf = DecrypterBuffer(doc_id, rev, self.secret, tag)
+        buf.write(encrypted)
+        fd, size = buf.close()
+        assert fd.getvalue() == 'rosa de foc'