diff options
-rw-r--r-- | client/src/leap/soledad/client/_crypto.py | 13 | ||||
-rw-r--r-- | client/src/leap/soledad/client/http_target/__init__.py | 3 | ||||
-rw-r--r-- | client/src/leap/soledad/client/http_target/fetch.py | 7 | ||||
-rw-r--r-- | testing/tests/server/test_server.py | 2 |
4 files changed, 17 insertions, 8 deletions
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py index 1492c1ab..d8d37f55 100644 --- a/client/src/leap/soledad/client/_crypto.py +++ b/client/src/leap/soledad/client/_crypto.py @@ -372,11 +372,16 @@ class AESDecryptor(object): self.done = True -def is_symmetrically_encrypted(payload): - if not payload or len(payload) < 24 \ - or not payload.startswith('{"raw": "'): +def is_symmetrically_encrypted(doc): + payload = doc.content + if not payload or 'raw' not in payload: + return False + payload = str(payload['raw']) + if len(payload) < 16: + return False + header = base64.urlsafe_b64decode(payload[:18] + '==') + if six.indexbytes(header, 0) != 0x80: return False - header = base64.urlsafe_b64decode(payload[9:24] + '==') ts, sch, meth = struct.unpack('Qbb', header[1:11]) return sch == ENC_SCHEME.symkey and meth == ENC_METHOD.aes_256_ctr diff --git a/client/src/leap/soledad/client/http_target/__init__.py b/client/src/leap/soledad/client/http_target/__init__.py index 17b7307c..91d87f0c 100644 --- a/client/src/leap/soledad/client/http_target/__init__.py +++ b/client/src/leap/soledad/client/http_target/__init__.py @@ -31,6 +31,7 @@ from twisted.internet import reactor from leap.soledad.client.http_target.send import HTTPDocSender from leap.soledad.client.http_target.api import SyncTargetAPI from leap.soledad.client.http_target.fetch import HTTPDocFetcher +from leap.soledad.client import crypto as old_crypto logger = getLogger(__name__) @@ -87,6 +88,8 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher): self._uuid = None self.set_creds(creds) self._crypto = crypto + # TODO: DEPRECATED CRYPTO + self._deprecated_crypto = old_crypto.SoledadCrypto(crypto.secret) self._sync_db = sync_db self._insert_doc_cb = None # asynchronous encryption/decryption attributes diff --git a/client/src/leap/soledad/client/http_target/fetch.py b/client/src/leap/soledad/client/http_target/fetch.py index bbc743e1..53650de4 100644 --- a/client/src/leap/soledad/client/http_target/fetch.py +++ b/client/src/leap/soledad/client/http_target/fetch.py @@ -25,6 +25,7 @@ from leap.soledad.common.log import getLogger from leap.soledad.client._crypto import is_symmetrically_encrypted from leap.soledad.common.document import SoledadDocument from leap.soledad.common.l2db import errors +from leap.soledad.client import crypto as old_crypto from . import fetch_protocol @@ -112,10 +113,10 @@ class HTTPDocFetcher(object): # document and insert into local database doc = SoledadDocument(doc_info['id'], doc_info['rev'], content) - - if is_symmetrically_encrypted(content): + if is_symmetrically_encrypted(doc): content = yield self._crypto.decrypt_doc(doc) - + elif old_crypto.is_symmetrically_encrypted(doc): + content = self._deprecated_crypto.decrypt_doc(doc) doc.set_json(content) # TODO insert blobs here on the blob backend diff --git a/testing/tests/server/test_server.py b/testing/tests/server/test_server.py index 2a3cb751..2f958b29 100644 --- a/testing/tests/server/test_server.py +++ b/testing/tests/server/test_server.py @@ -413,7 +413,7 @@ class EncryptedSyncTestCase( self.assertEqual(soldoc.rev, couchdoc.rev) couch_content = couchdoc.content.keys() self.assertEqual(['raw'], couch_content) - self.assertTrue(_crypto.is_symmetrically_encrypted(couchdoc.get_json())) + self.assertTrue(_crypto.is_symmetrically_encrypted(couchdoc)) d = sol1.get_all_docs() d.addCallback(_db1AssertEmptyDocList) |