diff options
author | Victor Shyba <victor1984@riseup.net> | 2016-12-07 02:03:58 -0300 |
---|---|---|
committer | drebs <drebs@leap.se> | 2016-12-12 09:17:52 -0200 |
commit | 7877527fe64eaee1f7f107913a4a3dc78767a338 (patch) | |
tree | dfbf4de67d091469f50fedbe3d1a74be9fde154a /testing | |
parent | b3fcc5c5bddc73475596c4fe74e3402f0d5c021a (diff) |
[feature] Change CTR to GCM on secrets.py
Current implementation can allow tampering and the CTR->GCM exchange can
help to avoid it.
This commits also alters a behaviour where we moved ahead after failing
to decrypt a recovery document. IMHO we can't move ahead as this is a
fatal error.
Signed-off-by: Victor Shyba <victor1984@riseup.net>
Diffstat (limited to 'testing')
-rw-r--r-- | testing/tests/client/test_aux_methods.py | 4 | ||||
-rw-r--r-- | testing/tests/client/test_crypto.py | 5 |
2 files changed, 5 insertions, 4 deletions
diff --git a/testing/tests/client/test_aux_methods.py b/testing/tests/client/test_aux_methods.py index c25ff8ca..9b4a175f 100644 --- a/testing/tests/client/test_aux_methods.py +++ b/testing/tests/client/test_aux_methods.py @@ -21,10 +21,10 @@ import os from twisted.internet import defer -from leap.soledad.common.errors import DatabaseAccessError from leap.soledad.client import Soledad from leap.soledad.client.adbapi import U1DBConnectionPool from leap.soledad.client.secrets import PassphraseTooShort +from leap.soledad.client.secrets import SecretsException from test_soledad.util import BaseSoledadTest @@ -108,7 +108,7 @@ class AuxMethodsTestCase(BaseSoledadTest): sol.change_passphrase(u'654321') sol.close() - with self.assertRaises(DatabaseAccessError): + with self.assertRaises(SecretsException): self._soledad_instance( 'leap@leap.se', passphrase=u'123', diff --git a/testing/tests/client/test_crypto.py b/testing/tests/client/test_crypto.py index 277d5430..49a61438 100644 --- a/testing/tests/client/test_crypto.py +++ b/testing/tests/client/test_crypto.py @@ -200,8 +200,9 @@ class RecoveryDocumentTestCase(BaseSoledadTest): encrypted_secret = rd[ self._soledad.secrets.STORAGE_SECRETS_KEY][secret_id] self.assertTrue(self._soledad.secrets.CIPHER_KEY in encrypted_secret) - self.assertTrue( - encrypted_secret[self._soledad.secrets.CIPHER_KEY] == 'aes256') + self.assertEquals( + _crypto.ENC_METHOD.aes_256_gcm, + encrypted_secret[self._soledad.secrets.CIPHER_KEY]) self.assertTrue(self._soledad.secrets.LENGTH_KEY in encrypted_secret) self.assertTrue(self._soledad.secrets.SECRET_KEY in encrypted_secret) |