[feat] use OpenSSL backend for scrypt if available

This needs OpenSSL >= 1.1, otherwise it will keep using the scrypt
dependency.

We should think about deprecating scrypt as a dependency when we can be
sure that the adoption of libssl 1.1 is wide enough. I think that at
some point (soledad 0.11 or so) we can drop the scrypt dependency, which
was being somehow problematic at times (the _scrypt.so was not appearing
when installing with pip, needed workarounds). From that moment on, we
can raise an error if an old libssl is found and no scrypt can be
imported - leaving that to the user/packager.

In debian stretch and afterwards, you can get that version by installing
libssl-dev

- Related: #8472

1 files changed, 12 insertions, 0 deletions

diff --git a/testing/tests/client/test_crypto.py b/testing/tests/client/test_crypto.py
index 11384ad7..10cccbb2 100644
--- a/testing/tests/client/test_crypto.py
+++ b/testing/tests/client/test_crypto.py
@@ -33,6 +33,7 @@ from cryptography.exceptions import InvalidTag
 from leap.soledad.common.document import SoledadDocument
 from test_soledad.util import BaseSoledadTest
 from leap.soledad.client import _crypto
+from leap.soledad.client import _scrypt
 
 from twisted.trial import unittest
 from twisted.internet import defer
@@ -46,6 +47,17 @@ snowden1 = (
     "they will.")
 
 
+class ScryptTest(unittest.TestCase):
+
+    def test_scrypt(self):
+        secret = 'supersikret'
+        salt = 'randomsalt'
+        key = _scrypt.hash(secret, salt, buflen=32)
+        expected = ('47996b569ea58d51ccbcc318d710'
+                    'a537acd28bb7a94615ab8d061d4b2a920f01')
+        assert binascii.b2a_hex(key) == expected
+
+
 class AESTest(unittest.TestCase):
 
     def test_chunked_encryption(self):