summaryrefslogtreecommitdiff
path: root/src/leap/soledad/tests/test_crypto.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/soledad/tests/test_crypto.py')
-rw-r--r--src/leap/soledad/tests/test_crypto.py207
1 files changed, 207 insertions, 0 deletions
diff --git a/src/leap/soledad/tests/test_crypto.py b/src/leap/soledad/tests/test_crypto.py
new file mode 100644
index 00000000..52cc0315
--- /dev/null
+++ b/src/leap/soledad/tests/test_crypto.py
@@ -0,0 +1,207 @@
+import os
+from leap.testing.basetest import BaseLeapTest
+from leap.soledad.backends.leap_backend import LeapDocument
+from leap.soledad.tests import BaseSoledadTest
+from leap.soledad.tests import (
+ KEY_FINGERPRINT,
+ PRIVATE_KEY,
+)
+from leap.soledad import (
+ Soledad,
+ KeyAlreadyExists,
+)
+from leap.soledad.util import GPGWrapper
+
+try:
+ import simplejson as json
+except ImportError:
+ import json # noqa
+
+
+class EncryptedSyncTestCase(BaseSoledadTest):
+ """
+ Tests that guarantee that data will always be encrypted when syncing.
+ """
+
+ def test_get_set_encrypted_json(self):
+ """
+ Test getting and setting encrypted content.
+ """
+ doc1 = LeapDocument(soledad=self._soledad)
+ doc1.content = {'key': 'val'}
+ doc2 = LeapDocument(doc_id=doc1.doc_id,
+ encrypted_json=doc1.get_encrypted_json(),
+ soledad=self._soledad)
+ res1 = doc1.get_json()
+ res2 = doc2.get_json()
+ self.assertEqual(res1, res2, 'incorrect document encryption')
+
+ def test_successful_symmetric_encryption(self):
+ """
+ Test for successful symmetric encryption.
+ """
+ doc1 = LeapDocument(soledad=self._soledad)
+ doc1.content = {'key': 'val'}
+ enc_json = json.loads(doc1.get_encrypted_json())['_encrypted_json']
+ self.assertEqual(
+ True,
+ self._soledad._gpg.is_encrypted_sym(enc_json),
+ "could not encrypt with passphrase.")
+
+
+class RecoveryDocumentTestCase(BaseSoledadTest):
+
+ def test_export_recovery_document_raw(self):
+ rd = self._soledad.export_recovery_document(None)
+ self.assertEqual(
+ {
+ 'user_email': self._soledad._user_email,
+ 'privkey': self._soledad._gpg.export_keys(
+ self._soledad._fingerprint,
+ secret=True),
+ 'symkey': self._soledad._symkey
+ },
+ json.loads(rd),
+ "Could not export raw recovery document."
+ )
+
+ def test_export_recovery_document_crypt(self):
+ rd = self._soledad.export_recovery_document('123456')
+ self.assertEqual(True,
+ self._soledad._gpg.is_encrypted_sym(rd))
+ data = {
+ 'user_email': self._soledad._user_email,
+ 'privkey': self._soledad._gpg.export_keys(
+ self._soledad._fingerprint,
+ secret=True),
+ 'symkey': self._soledad._symkey,
+ }
+ raw_data = json.loads(str(self._soledad._gpg.decrypt(
+ rd,
+ passphrase='123456')))
+ self.assertEqual(
+ raw_data,
+ data,
+ "Could not export raw recovery document."
+ )
+
+ def test_import_recovery_document_raises_exception(self):
+ rd = self._soledad.export_recovery_document(None)
+ self.assertRaises(KeyAlreadyExists,
+ self._soledad.import_recovery_document, rd, None)
+
+ def test_import_recovery_document_raw(self):
+ rd = self._soledad.export_recovery_document(None)
+ gnupg_home = self.gnupg_home = "%s/gnupg2" % self.tempdir
+ s = Soledad('anotheruser@leap.se', gnupg_home=gnupg_home,
+ bootstrap=False, prefix=self.tempdir)
+ s._init_dirs()
+ s._gpg = GPGWrapper(gnupghome=gnupg_home)
+ s.import_recovery_document(rd, None)
+ self.assertEqual(self._soledad._user_email,
+ s._user_email, 'Failed setting user email.')
+ self.assertEqual(self._soledad._symkey,
+ s._symkey,
+ 'Failed settinng secret for symmetric encryption.')
+ self.assertEqual(self._soledad._fingerprint,
+ s._fingerprint,
+ 'Failed settinng fingerprint.')
+ pk1 = self._soledad._gpg.export_keys(
+ self._soledad._fingerprint,
+ secret=True)
+ pk2 = s._gpg.export_keys(s._fingerprint, secret=True)
+ self.assertEqual(
+ pk1,
+ pk2,
+ 'Failed settinng private key.'
+ )
+
+ def test_import_recovery_document_crypt(self):
+ rd = self._soledad.export_recovery_document('123456')
+ gnupg_home = self.gnupg_home = "%s/gnupg2" % self.tempdir
+ s = Soledad('anotheruser@leap.se', gnupg_home=gnupg_home,
+ bootstrap=False, prefix=self.tempdir)
+ s._init_dirs()
+ s._gpg = GPGWrapper(gnupghome=gnupg_home)
+ s.import_recovery_document(rd, '123456')
+ self.assertEqual(self._soledad._user_email,
+ s._user_email, 'Failed setting user email.')
+ self.assertEqual(self._soledad._symkey,
+ s._symkey,
+ 'Failed settinng secret for symmetric encryption.')
+ self.assertEqual(self._soledad._fingerprint,
+ s._fingerprint,
+ 'Failed settinng fingerprint.')
+ pk1 = self._soledad._gpg.export_keys(
+ self._soledad._fingerprint,
+ secret=True)
+ pk2 = s._gpg.export_keys(s._fingerprint, secret=True)
+ self.assertEqual(
+ pk1,
+ pk2,
+ 'Failed settinng private key.'
+ )
+
+
+class SoledadAuxMethods(BaseLeapTest):
+
+ def setUp(self):
+ pass
+
+ def tearDown(self):
+ pass
+
+ def _soledad_instance(self):
+ return Soledad('leap@leap.se', bootstrap=False,
+ prefix=self.tempdir+'/soledad')
+ def _gpgwrapper_instance(self):
+ return GPGWrapper(gnupghome="%s/gnupg" % self.tempdir)
+
+ def test__init_dirs(self):
+ sol = self._soledad_instance()
+ sol._init_dirs()
+ self.assertTrue(os.path.isdir(sol.prefix))
+
+ def test__init_db(self):
+ sol = self._soledad_instance()
+ sol._init_dirs()
+ sol._gpg = self._gpgwrapper_instance()
+ #self._soledad._gpg.import_keys(PUBLIC_KEY)
+ if not sol._has_privkey():
+ sol._set_privkey(PRIVATE_KEY)
+ if not sol._has_symkey():
+ sol._gen_symkey()
+ sol._load_symkey()
+ sol._init_db()
+ from leap.soledad.backends.sqlcipher import SQLCipherDatabase
+ self.assertIsInstance(sol._db, SQLCipherDatabase)
+
+ def test__has_privkey(self):
+ sol = self._soledad_instance()
+ sol._init_dirs()
+ sol._gpg = GPGWrapper(gnupghome="%s/gnupg2" % self.tempdir)
+ self.assertFalse(sol._has_privkey())
+ sol._set_privkey(PRIVATE_KEY)
+ self.assertTrue(sol._has_privkey())
+
+ def test__has_symkey(self):
+ sol = Soledad('leap@leap.se', bootstrap=False,
+ prefix=self.tempdir+'/soledad3')
+ sol._init_dirs()
+ sol._gpg = GPGWrapper(gnupghome="%s/gnupg3" % self.tempdir)
+ if not sol._has_privkey():
+ sol._set_privkey(PRIVATE_KEY)
+ self.assertFalse(sol._has_symkey())
+ sol._gen_symkey()
+ self.assertTrue(sol._has_symkey())
+
+ def test__has_keys(self):
+ sol = self._soledad_instance()
+ sol._init_dirs()
+ sol._gpg = self._gpgwrapper_instance()
+ self.assertFalse(sol._has_keys())
+ sol._set_privkey(PRIVATE_KEY)
+ self.assertFalse(sol._has_keys())
+ sol._gen_symkey()
+ self.assertTrue(sol._has_keys())
+