[feature] Change CTR to GCM on secrets.py

Current implementation can allow tampering and the CTR->GCM exchange can help to avoid it. This commits also alters a behaviour where we moved ahead after failing to decrypt a recovery document. IMHO we can't move ahead as this is a fatal error. Signed-off-by: Victor Shyba <victor1984@riseup.net>
author: Victor Shyba <victor1984@riseup.net> 2016-12-07 02:03:58 -0300
committer: drebs <drebs@leap.se> 2016-12-12 09:17:52 -0200
commit: 7877527fe64eaee1f7f107913a4a3dc78767a338 (patch)
tree: dfbf4de67d091469f50fedbe3d1a74be9fde154a /testing/tests/client/test_crypto.py
parent: b3fcc5c5bddc73475596c4fe74e3402f0d5c021a (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/testing/tests/client/test_crypto.py b/testing/tests/client/test_crypto.py
index 277d5430..49a61438 100644
--- a/testing/tests/client/test_crypto.py
+++ b/testing/tests/client/test_crypto.py
@@ -200,8 +200,9 @@ class RecoveryDocumentTestCase(BaseSoledadTest):
         encrypted_secret = rd[
             self._soledad.secrets.STORAGE_SECRETS_KEY][secret_id]
         self.assertTrue(self._soledad.secrets.CIPHER_KEY in encrypted_secret)
-        self.assertTrue(
-            encrypted_secret[self._soledad.secrets.CIPHER_KEY] == 'aes256')
+        self.assertEquals(
+            _crypto.ENC_METHOD.aes_256_gcm,
+            encrypted_secret[self._soledad.secrets.CIPHER_KEY])
         self.assertTrue(self._soledad.secrets.LENGTH_KEY in encrypted_secret)
         self.assertTrue(self._soledad.secrets.SECRET_KEY in encrypted_secret)
author	Victor Shyba <victor1984@riseup.net>	2016-12-07 02:03:58 -0300
committer	drebs <drebs@leap.se>	2016-12-12 09:17:52 -0200
commit	7877527fe64eaee1f7f107913a4a3dc78767a338 (patch)
tree	dfbf4de67d091469f50fedbe3d1a74be9fde154a /testing/tests/client/test_crypto.py
parent	b3fcc5c5bddc73475596c4fe74e3402f0d5c021a (diff)