summaryrefslogtreecommitdiff
path: root/common/src/leap
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2013-11-18 11:06:37 -0200
committerdrebs <drebs@leap.se>2013-11-19 11:24:47 -0200
commitd5d47dc216fd285ec60df1ccaab1e0740e29e3c5 (patch)
tree02157322e1d01119aee19f6081a99cd23991dd4d /common/src/leap
parent930b7cd7e56440b638bd646b288f33063e15f3d0 (diff)
Add MAC verification to recovery document. Closes #4348.
Diffstat (limited to 'common/src/leap')
-rw-r--r--common/src/leap/soledad/common/crypto.py21
-rw-r--r--common/src/leap/soledad/common/tests/test_crypto.py9
-rw-r--r--common/src/leap/soledad/common/tests/test_soledad.py5
3 files changed, 28 insertions, 7 deletions
diff --git a/common/src/leap/soledad/common/crypto.py b/common/src/leap/soledad/common/crypto.py
index 2c6bd7a3..56bb608a 100644
--- a/common/src/leap/soledad/common/crypto.py
+++ b/common/src/leap/soledad/common/crypto.py
@@ -35,6 +35,13 @@ class EncryptionSchemes(object):
PUBKEY = 'pubkey'
+class UnknownEncryptionScheme(Exception):
+ """
+ Raised when trying to decrypt from unknown encryption schemes.
+ """
+ pass
+
+
class MacMethods(object):
"""
Representation of MAC methods used to authenticate document's contents.
@@ -43,6 +50,20 @@ class MacMethods(object):
HMAC = 'hmac'
+class UnknownMacMethod(Exception):
+ """
+ Raised when trying to authenticate document's content with unknown MAC
+ mehtod.
+ """
+ pass
+
+
+class WrongMac(Exception):
+ """
+ Raised when failing to authenticate document's contents based on MAC.
+ """
+
+
#
# Crypto utilities for a SoledadDocument.
#
diff --git a/common/src/leap/soledad/common/tests/test_crypto.py b/common/src/leap/soledad/common/tests/test_crypto.py
index db217bb3..af11bc76 100644
--- a/common/src/leap/soledad/common/tests/test_crypto.py
+++ b/common/src/leap/soledad/common/tests/test_crypto.py
@@ -40,6 +40,7 @@ from leap.soledad.common.tests import (
KEY_FINGERPRINT,
PRIVATE_KEY,
)
+from leap.soledad.common.crypto import WrongMac, UnknownMacMethod
from leap.soledad.common.tests.u1db_tests import (
simple_doc,
nested_doc,
@@ -88,11 +89,9 @@ class RecoveryDocumentTestCase(BaseSoledadTest):
def test_import_recovery_document(self):
rd = self._soledad.export_recovery_document()
- s = self._soledad_instance(user='anotheruser@leap.se')
+ s = self._soledad_instance()
s.import_recovery_document(rd)
s._set_secret_id(self._soledad._secret_id)
- self.assertEqual(self._soledad._uuid,
- s._uuid, 'Failed setting user uuid.')
self.assertEqual(self._soledad._get_storage_secret(),
s._get_storage_secret(),
'Failed settinng secret for symmetric encryption.')
@@ -164,7 +163,7 @@ class MacAuthTestCase(BaseSoledadTest):
doc.content[target.MAC_KEY] = '1234567890ABCDEF'
# try to decrypt doc
self.assertRaises(
- target.WrongMac,
+ WrongMac,
target.decrypt_doc, self._soledad._crypto, doc)
def test_decrypt_with_unknown_mac_method_raises(self):
@@ -182,7 +181,7 @@ class MacAuthTestCase(BaseSoledadTest):
doc.content[target.MAC_METHOD_KEY] = 'mymac'
# try to decrypt doc
self.assertRaises(
- target.UnknownMacMethod,
+ UnknownMacMethod,
target.decrypt_doc, self._soledad._crypto, doc)
diff --git a/common/src/leap/soledad/common/tests/test_soledad.py b/common/src/leap/soledad/common/tests/test_soledad.py
index 8970a437..035c5ac5 100644
--- a/common/src/leap/soledad/common/tests/test_soledad.py
+++ b/common/src/leap/soledad/common/tests/test_soledad.py
@@ -33,6 +33,7 @@ from leap.soledad.common.tests import (
)
from leap import soledad
from leap.soledad.common.document import SoledadDocument
+from leap.soledad.common.crypto import WrongMac
from leap.soledad.client import Soledad, PassphraseTooShort
from leap.soledad.client.crypto import SoledadCrypto
from leap.soledad.client.shared_db import SoledadSharedDatabase
@@ -119,7 +120,7 @@ class AuxMethodsTestCase(BaseSoledadTest):
sol.change_passphrase(u'654321')
self.assertRaises(
- DatabaseError,
+ WrongMac,
self._soledad_instance, 'leap@leap.se',
passphrase=u'123',
prefix=self.rand_prefix)
@@ -292,7 +293,7 @@ class SoledadSignalingTestCase(BaseSoledadTest):
sol = self._soledad_instance()
# create a document with secrets
doc = SoledadDocument(doc_id=sol._shared_db_doc_id())
- doc.content = sol.export_recovery_document(include_uuid=False)
+ doc.content = sol.export_recovery_document()
class Stage2MockSharedDB(object):