summaryrefslogtreecommitdiff
path: root/testing/tests/client/test_crypto.py
diff options
context:
space:
mode:
authorVictor Shyba <victor1984@riseup.net>2016-11-26 01:11:28 -0300
committerdrebs <drebs@leap.se>2016-12-12 09:17:51 -0200
commite65cb7bfecd530252e86878dfec117c2793aa04b (patch)
treee195dc01c040fc0a33c011ee09aee02041459398 /testing/tests/client/test_crypto.py
parent1c8e3359734831562fca76b529c0b1f95af565d5 (diff)
[feature] delimit preamble from ciphertext
We now encode preamble and ciphertext+hmac in two distinct payloads separated by a space. This allows metadata to be extracted and used before decoding the whole document. It also introduces a single packer for packing and unpacking of data instead of reads and writes. Downside: doc_id and rev are limited to 255 chars now.
Diffstat (limited to 'testing/tests/client/test_crypto.py')
-rw-r--r--testing/tests/client/test_crypto.py23
1 files changed, 11 insertions, 12 deletions
diff --git a/testing/tests/client/test_crypto.py b/testing/tests/client/test_crypto.py
index 6d896604..78da8d24 100644
--- a/testing/tests/client/test_crypto.py
+++ b/testing/tests/client/test_crypto.py
@@ -22,7 +22,6 @@ import base64
import hashlib
import json
import os
-import struct
from io import BytesIO
@@ -106,22 +105,19 @@ class BlobTestCase(unittest.TestCase):
secret='A' * 96)
encrypted = yield blob.encrypt()
- data = base64.urlsafe_b64decode(encrypted.getvalue())
+ preamble, ciphertext = _crypto._split(encrypted.getvalue())
+ ciphertext = ciphertext[:-64]
- assert data[0] == '\x80'
- ts, sch, meth = struct.unpack(
- 'Qbb', data[1:11])
+ assert len(preamble) == _crypto.PACMAN.size
+ unpacked_data = _crypto.PACMAN.unpack(preamble)
+ pad, ts, sch, meth, iv, doc_id, rev = unpacked_data
+ assert pad == '\x80'
assert sch == 1
assert meth == 1
- iv = data[11:27]
assert iv == blob.iv
- doc_id = data[27:37]
assert doc_id == 'D-deadbeef'
-
- rev = data[37:71]
assert rev == self.doc_info.rev
- ciphertext = data[71:-64]
aes_key = _crypto._get_sym_key_for_doc(
self.doc_info.doc_id, 'A' * 96)
assert ciphertext == _aes_encrypt(aes_key, blob.iv, snowden1)
@@ -159,6 +155,7 @@ class BlobTestCase(unittest.TestCase):
assert 'raw' in encrypted
doc2 = SoledadDocument('id1', '1')
doc2.set_json(encrypted)
+ assert _crypto.is_symmetrically_encrypted(doc2)
decrypted = yield crypto.decrypt_doc(doc2)
assert len(decrypted) != 0
assert json.loads(decrypted) == payload
@@ -174,10 +171,12 @@ class BlobTestCase(unittest.TestCase):
encrypted = yield crypto.encrypt_doc(doc1)
encdict = json.loads(encrypted)
- raw = base64.urlsafe_b64decode(str(encdict['raw']))
+ preamble, raw = _crypto._split(str(encdict['raw']))
# mess with MAC
messed = raw[:-64] + '0' * 64
- newraw = base64.urlsafe_b64encode(str(messed))
+
+ preamble = base64.urlsafe_b64encode(preamble)
+ newraw = preamble + ' ' + base64.urlsafe_b64encode(str(messed))
doc2 = SoledadDocument('id1', '1')
doc2.set_json(json.dumps({"raw": str(newraw)}))