diff options
author | drebs <drebs@leap.se> | 2013-05-14 18:56:12 -0300 |
---|---|---|
committer | drebs <drebs@leap.se> | 2013-05-15 19:35:19 -0300 |
commit | 3e22ea2445f805dfe0df9bbf15a03cbc53a88167 (patch) | |
tree | 117404582f057420c49ee6c0cee8439dfddebd37 /src/leap/soledad/tests | |
parent | c3ff09e07eb09254927fd3fbd7d47259be9442c7 (diff) |
Add MAC authentication to encrypted docs.
* Fix review comments:
* Use of literal string instead of self.STORAGE_SECRETS_KEY
* Add mac_method param to mac_doc()
* Verify mac_method in mac_doc() and raise in there if unknown method
* Use different parts of storage_secret for generating doc passphrase and mac key.
* Add changes file.
Diffstat (limited to 'src/leap/soledad/tests')
-rw-r--r-- | src/leap/soledad/tests/test_crypto.py | 43 | ||||
-rw-r--r-- | src/leap/soledad/tests/test_leap_backend.py | 2 |
2 files changed, 44 insertions, 1 deletions
diff --git a/src/leap/soledad/tests/test_crypto.py b/src/leap/soledad/tests/test_crypto.py index 720e95fa..6804723a 100644 --- a/src/leap/soledad/tests/test_crypto.py +++ b/src/leap/soledad/tests/test_crypto.py @@ -37,6 +37,10 @@ from leap.soledad.backends.leap_backend import ( LeapSyncTarget, ENC_JSON_KEY, ENC_SCHEME_KEY, + MAC_METHOD_KEY, + MAC_KEY, + UnknownMacMethod, + WrongMac, ) from leap.soledad.backends.couch import CouchDatabase from leap.soledad import KeyAlreadyExists, Soledad @@ -243,3 +247,42 @@ class CryptoMethodsTestCase(BaseSoledadTest): sol = self._soledad_instance(user='user@leap.se', prefix='/3') self.assertTrue(sol._has_secret(), "Should have a secret at " "this point") + + +class MacAuthTestCase(BaseSoledadTest): + + def test_decrypt_with_wrong_mac_raises(self): + """ + Trying to decrypt a document with wrong MAC should raise. + """ + simpledoc = {'key': 'val'} + doc = LeapDocument(doc_id='id') + doc.content = simpledoc + # encrypt doc + doc.set_json(encrypt_doc(self._soledad._crypto, doc)) + self.assertTrue(MAC_KEY in doc.content) + self.assertTrue(MAC_METHOD_KEY in doc.content) + # mess with MAC + doc.content[MAC_KEY] = 'wrongmac' + # try to decrypt doc + self.assertRaises( + WrongMac, + decrypt_doc, self._soledad._crypto, doc) + + def test_decrypt_with_unknown_mac_method_raises(self): + """ + Trying to decrypt a document with unknown MAC method should raise. + """ + simpledoc = {'key': 'val'} + doc = LeapDocument(doc_id='id') + doc.content = simpledoc + # encrypt doc + doc.set_json(encrypt_doc(self._soledad._crypto, doc)) + self.assertTrue(MAC_KEY in doc.content) + self.assertTrue(MAC_METHOD_KEY in doc.content) + # mess with MAC method + doc.content[MAC_METHOD_KEY] = 'mymac' + # try to decrypt doc + self.assertRaises( + UnknownMacMethod, + decrypt_doc, self._soledad._crypto, doc) diff --git a/src/leap/soledad/tests/test_leap_backend.py b/src/leap/soledad/tests/test_leap_backend.py index c0510373..9bd7b604 100644 --- a/src/leap/soledad/tests/test_leap_backend.py +++ b/src/leap/soledad/tests/test_leap_backend.py @@ -284,7 +284,7 @@ class TestLeapParsingSyncStream( """ Test adapted to use encrypted content. """ - doc = leap_backend.LeapDocument('i') + doc = leap_backend.LeapDocument('i', rev='r') doc.content = {} enc_json = leap_backend.encrypt_doc(self._soledad._crypto, doc) tgt = leap_backend.LeapSyncTarget( |