diff options
| author | Ruben Pollan <meskio@sindominio.net> | 2015-08-04 11:29:15 +0200 | 
|---|---|---|
| committer | drebs <drebs@leap.se> | 2015-08-04 17:25:23 -0300 | 
| commit | 957350b4a45953e2d39e34cfd78d6ee0b711e573 (patch) | |
| tree | 25c2d0ea3dfbf9c65055be678f2792a5f33d0d9a /common/src | |
| parent | 0a35ab802daf3a9c0f5297b823f0adcc0dce2999 (diff) | |
[refactor] remove circular dependency in SoledadCrypto
SoledadCrypto had Soledad as parameter to be able to use
SoledadSecrets. SoledadSecrets had SoledadCrypto as parameter to use
*crypt_sym. This commit removes this circular dependency passing
directly the secret that SoledadCrypto cares about to the constructor
and removing the *crypt_sym methods from SoledadCrypto.
- Resolves: #7338
Diffstat (limited to 'common/src')
| -rw-r--r-- | common/src/leap/soledad/common/crypto.py | 1 | ||||
| -rw-r--r-- | common/src/leap/soledad/common/tests/test_crypto.py | 89 | 
2 files changed, 13 insertions, 77 deletions
| diff --git a/common/src/leap/soledad/common/crypto.py b/common/src/leap/soledad/common/crypto.py index b4f3234f..77a5a93b 100644 --- a/common/src/leap/soledad/common/crypto.py +++ b/common/src/leap/soledad/common/crypto.py @@ -48,7 +48,6 @@ class EncryptionMethods(object):      """      AES_256_CTR = 'aes-256-ctr' -    XSALSA20 = 'xsalsa20'  class UnknownEncryptionMethodError(Exception): diff --git a/common/src/leap/soledad/common/tests/test_crypto.py b/common/src/leap/soledad/common/tests/test_crypto.py index fdad8aac..55ecbdd7 100644 --- a/common/src/leap/soledad/common/tests/test_crypto.py +++ b/common/src/leap/soledad/common/tests/test_crypto.py @@ -47,7 +47,7 @@ class EncryptedSyncTestCase(BaseSoledadTest):          doc1.content = simpledoc          # encrypt doc -        doc1.set_json(crypto.encrypt_doc(self._soledad._crypto, doc1)) +        doc1.set_json(self._soledad._crypto.encrypt_doc(doc1))          # assert content is different and includes keys          self.assertNotEqual(              simpledoc, doc1.content, @@ -55,7 +55,7 @@ class EncryptedSyncTestCase(BaseSoledadTest):          self.assertTrue(ENC_JSON_KEY in doc1.content)          self.assertTrue(ENC_SCHEME_KEY in doc1.content)          # decrypt doc -        doc1.set_json(crypto.decrypt_doc(self._soledad._crypto, doc1)) +        doc1.set_json(self._soledad._crypto.decrypt_doc(doc1))          self.assertEqual(              simpledoc, doc1.content, 'incorrect document encryption') @@ -153,7 +153,7 @@ class MacAuthTestCase(BaseSoledadTest):          doc = SoledadDocument(doc_id='id')          doc.content = simpledoc          # encrypt doc -        doc.set_json(crypto.encrypt_doc(self._soledad._crypto, doc)) +        doc.set_json(self._soledad._crypto.encrypt_doc(doc))          self.assertTrue(MAC_KEY in doc.content)          self.assertTrue(MAC_METHOD_KEY in doc.content)          # mess with MAC @@ -161,7 +161,7 @@ class MacAuthTestCase(BaseSoledadTest):          # try to decrypt doc          self.assertRaises(              WrongMacError, -            crypto.decrypt_doc, self._soledad._crypto, doc) +            self._soledad._crypto.decrypt_doc, doc)      def test_decrypt_with_unknown_mac_method_raises(self):          """ @@ -171,7 +171,7 @@ class MacAuthTestCase(BaseSoledadTest):          doc = SoledadDocument(doc_id='id')          doc.content = simpledoc          # encrypt doc -        doc.set_json(crypto.encrypt_doc(self._soledad._crypto, doc)) +        doc.set_json(self._soledad._crypto.encrypt_doc(doc))          self.assertTrue(MAC_KEY in doc.content)          self.assertTrue(MAC_METHOD_KEY in doc.content)          # mess with MAC method @@ -179,7 +179,7 @@ class MacAuthTestCase(BaseSoledadTest):          # try to decrypt doc          self.assertRaises(              UnknownMacMethodError, -            crypto.decrypt_doc, self._soledad._crypto, doc) +            self._soledad._crypto.decrypt_doc, doc)  class SoledadCryptoAESTestCase(BaseSoledadTest): @@ -187,22 +187,16 @@ class SoledadCryptoAESTestCase(BaseSoledadTest):      def test_encrypt_decrypt_sym(self):          # generate 256-bit key          key = os.urandom(32) -        iv, cyphertext = self._soledad._crypto.encrypt_sym( -            'data', key, -            method=EncryptionMethods.AES_256_CTR) +        iv, cyphertext = crypto.encrypt_sym('data', key)          self.assertTrue(cyphertext is not None)          self.assertTrue(cyphertext != '')          self.assertTrue(cyphertext != 'data') -        plaintext = self._soledad._crypto.decrypt_sym( -            cyphertext, key, iv=iv, -            method=EncryptionMethods.AES_256_CTR) +        plaintext = crypto.decrypt_sym(cyphertext, key, iv)          self.assertEqual('data', plaintext)      def test_decrypt_with_wrong_iv_fails(self):          key = os.urandom(32) -        iv, cyphertext = self._soledad._crypto.encrypt_sym( -            'data', key, -            method=EncryptionMethods.AES_256_CTR) +        iv, cyphertext = crypto.encrypt_sym('data', key)          self.assertTrue(cyphertext is not None)          self.assertTrue(cyphertext != '')          self.assertTrue(cyphertext != 'data') @@ -211,16 +205,13 @@ class SoledadCryptoAESTestCase(BaseSoledadTest):          wrongiv = rawiv          while wrongiv == rawiv:              wrongiv = os.urandom(1) + rawiv[1:] -        plaintext = self._soledad._crypto.decrypt_sym( -            cyphertext, key, iv=binascii.b2a_base64(wrongiv), -            method=EncryptionMethods.AES_256_CTR) +        plaintext = crypto.decrypt_sym( +            cyphertext, key, iv=binascii.b2a_base64(wrongiv))          self.assertNotEqual('data', plaintext)      def test_decrypt_with_wrong_key_fails(self):          key = os.urandom(32) -        iv, cyphertext = self._soledad._crypto.encrypt_sym( -            'data', key, -            method=EncryptionMethods.AES_256_CTR) +        iv, cyphertext = crypto.encrypt_sym('data', key)          self.assertTrue(cyphertext is not None)          self.assertTrue(cyphertext != '')          self.assertTrue(cyphertext != 'data') @@ -228,59 +219,5 @@ class SoledadCryptoAESTestCase(BaseSoledadTest):          # ensure keys are different in case we are extremely lucky          while wrongkey == key:              wrongkey = os.urandom(32) -        plaintext = self._soledad._crypto.decrypt_sym( -            cyphertext, wrongkey, iv=iv, -            method=EncryptionMethods.AES_256_CTR) -        self.assertNotEqual('data', plaintext) - - -class SoledadCryptoXSalsa20TestCase(BaseSoledadTest): - -    def test_encrypt_decrypt_sym(self): -        # generate 256-bit key -        key = os.urandom(32) -        iv, cyphertext = self._soledad._crypto.encrypt_sym( -            'data', key, -            method=EncryptionMethods.XSALSA20) -        self.assertTrue(cyphertext is not None) -        self.assertTrue(cyphertext != '') -        self.assertTrue(cyphertext != 'data') -        plaintext = self._soledad._crypto.decrypt_sym( -            cyphertext, key, iv=iv, -            method=EncryptionMethods.XSALSA20) -        self.assertEqual('data', plaintext) - -    def test_decrypt_with_wrong_iv_fails(self): -        key = os.urandom(32) -        iv, cyphertext = self._soledad._crypto.encrypt_sym( -            'data', key, -            method=EncryptionMethods.XSALSA20) -        self.assertTrue(cyphertext is not None) -        self.assertTrue(cyphertext != '') -        self.assertTrue(cyphertext != 'data') -        # get a different iv by changing the first byte -        rawiv = binascii.a2b_base64(iv) -        wrongiv = rawiv -        while wrongiv == rawiv: -            wrongiv = os.urandom(1) + rawiv[1:] -        plaintext = self._soledad._crypto.decrypt_sym( -            cyphertext, key, iv=binascii.b2a_base64(wrongiv), -            method=EncryptionMethods.XSALSA20) -        self.assertNotEqual('data', plaintext) - -    def test_decrypt_with_wrong_key_fails(self): -        key = os.urandom(32) -        iv, cyphertext = self._soledad._crypto.encrypt_sym( -            'data', key, -            method=EncryptionMethods.XSALSA20) -        self.assertTrue(cyphertext is not None) -        self.assertTrue(cyphertext != '') -        self.assertTrue(cyphertext != 'data') -        wrongkey = os.urandom(32)  # 256-bits key -        # ensure keys are different in case we are extremely lucky -        while wrongkey == key: -            wrongkey = os.urandom(32) -        plaintext = self._soledad._crypto.decrypt_sym( -            cyphertext, wrongkey, iv=iv, -            method=EncryptionMethods.XSALSA20) +        plaintext = crypto.decrypt_sym(cyphertext, wrongkey, iv)          self.assertNotEqual('data', plaintext) | 
