[feature] Adds back support to deprecated crypto

Will be removed when we have the proper tool to migrate data.

4 files changed, 17 insertions, 8 deletions

diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py
index 1492c1ab..d8d37f55 100644
--- a/client/src/leap/soledad/client/_crypto.py
+++ b/client/src/leap/soledad/client/_crypto.py
@@ -372,11 +372,16 @@ class AESDecryptor(object):
         self.done = True
 
 
-def is_symmetrically_encrypted(payload):
-    if not payload or len(payload) < 24 \
-            or not payload.startswith('{"raw": "'):
+def is_symmetrically_encrypted(doc):
+    payload = doc.content
+    if not payload or 'raw' not in payload:
+        return False
+    payload = str(payload['raw'])
+    if len(payload) < 16:
+        return False
+    header = base64.urlsafe_b64decode(payload[:18] + '==')
+    if six.indexbytes(header, 0) != 0x80:
         return False
-    header = base64.urlsafe_b64decode(payload[9:24] + '==')
     ts, sch, meth = struct.unpack('Qbb', header[1:11])
     return sch == ENC_SCHEME.symkey and meth == ENC_METHOD.aes_256_ctr
 
diff --git a/client/src/leap/soledad/client/http_target/__init__.py b/client/src/leap/soledad/client/http_target/__init__.py
index 17b7307c..91d87f0c 100644
--- a/client/src/leap/soledad/client/http_target/__init__.py
+++ b/client/src/leap/soledad/client/http_target/__init__.py
@@ -31,6 +31,7 @@ from twisted.internet import reactor
 from leap.soledad.client.http_target.send import HTTPDocSender
 from leap.soledad.client.http_target.api import SyncTargetAPI
 from leap.soledad.client.http_target.fetch import HTTPDocFetcher
+from leap.soledad.client import crypto as old_crypto
 
 
 logger = getLogger(__name__)
@@ -87,6 +88,8 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
         self._uuid = None
         self.set_creds(creds)
         self._crypto = crypto
+        # TODO: DEPRECATED CRYPTO
+        self._deprecated_crypto = old_crypto.SoledadCrypto(crypto.secret)
         self._sync_db = sync_db
         self._insert_doc_cb = None
         # asynchronous encryption/decryption attributes
diff --git a/client/src/leap/soledad/client/http_target/fetch.py b/client/src/leap/soledad/client/http_target/fetch.py
index bbc743e1..53650de4 100644
--- a/client/src/leap/soledad/client/http_target/fetch.py
+++ b/client/src/leap/soledad/client/http_target/fetch.py
@@ -25,6 +25,7 @@ from leap.soledad.common.log import getLogger
 from leap.soledad.client._crypto import is_symmetrically_encrypted
 from leap.soledad.common.document import SoledadDocument
 from leap.soledad.common.l2db import errors
+from leap.soledad.client import crypto as old_crypto
 
 from . import fetch_protocol
 
@@ -112,10 +113,10 @@ class HTTPDocFetcher(object):
         # document and insert into local database
 
         doc = SoledadDocument(doc_info['id'], doc_info['rev'], content)
-
-        if is_symmetrically_encrypted(content):
+        if is_symmetrically_encrypted(doc):
             content = yield self._crypto.decrypt_doc(doc)
-
+        elif old_crypto.is_symmetrically_encrypted(doc):
+            content = self._deprecated_crypto.decrypt_doc(doc)
         doc.set_json(content)
 
         # TODO insert blobs here on the blob backend
diff --git a/testing/tests/server/test_server.py b/testing/tests/server/test_server.py
index 2a3cb751..2f958b29 100644
--- a/testing/tests/server/test_server.py
+++ b/testing/tests/server/test_server.py
@@ -413,7 +413,7 @@ class EncryptedSyncTestCase(
                 self.assertEqual(soldoc.rev, couchdoc.rev)
                 couch_content = couchdoc.content.keys()
                 self.assertEqual(['raw'], couch_content)
-                self.assertTrue(_crypto.is_symmetrically_encrypted(couchdoc.get_json()))
+                self.assertTrue(_crypto.is_symmetrically_encrypted(couchdoc))
 
         d = sol1.get_all_docs()
         d.addCallback(_db1AssertEmptyDocList)