summaryrefslogtreecommitdiff
path: root/src/leap/soledad/tests/test_crypto.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/soledad/tests/test_crypto.py')
-rw-r--r--src/leap/soledad/tests/test_crypto.py75
1 files changed, 60 insertions, 15 deletions
diff --git a/src/leap/soledad/tests/test_crypto.py b/src/leap/soledad/tests/test_crypto.py
index 61c5f5b0..9a219bd0 100644
--- a/src/leap/soledad/tests/test_crypto.py
+++ b/src/leap/soledad/tests/test_crypto.py
@@ -31,13 +31,16 @@ except ImportError:
from leap.soledad.backends.leap_backend import (
LeapDocument,
- encrypt_doc_json,
- decrypt_doc_json,
+ encrypt_doc,
+ decrypt_doc,
EncryptionSchemes,
LeapSyncTarget,
ENC_JSON_KEY,
ENC_SCHEME_KEY,
+ MAC_METHOD_KEY,
MAC_KEY,
+ UnknownMacMethod,
+ WrongMac,
)
from leap.soledad.backends.couch import CouchDatabase
from leap.soledad import KeyAlreadyExists, Soledad
@@ -66,16 +69,21 @@ class EncryptedSyncTestCase(BaseSoledadTest):
"""
Test encrypting and decrypting documents.
"""
+ simpledoc = {'key': 'val'}
doc1 = LeapDocument(doc_id='id')
- doc1.content = {'key': 'val'}
- enc_json = encrypt_doc_json(
- self._soledad._crypto, doc1.doc_id, doc1.get_json())
- plain_json = decrypt_doc_json(
- self._soledad._crypto, doc1.doc_id, enc_json)
- doc2 = LeapDocument(doc_id=doc1.doc_id, json=plain_json)
- res1 = doc1.get_json()
- res2 = doc2.get_json()
- self.assertEqual(res1, res2, 'incorrect document encryption')
+ doc1.content = simpledoc
+ # encrypt doc
+ doc1.set_json(encrypt_doc(self._soledad._crypto, doc1))
+ # assert content is different and includes keys
+ self.assertNotEqual(
+ simpledoc, doc1.content,
+ 'incorrect document encryption')
+ self.assertTrue(ENC_JSON_KEY in doc1.content)
+ self.assertTrue(ENC_SCHEME_KEY in doc1.content)
+ # decrypt doc
+ doc1.set_json(decrypt_doc(self._soledad._crypto, doc1))
+ self.assertEqual(
+ simpledoc, doc1.content, 'incorrect document encryption')
def test_encrypt_sym(self):
"""
@@ -84,9 +92,7 @@ class EncryptedSyncTestCase(BaseSoledadTest):
doc1 = LeapDocument()
doc1.content = {'key': 'val'}
enc_json = json.loads(
- encrypt_doc_json(
- self._soledad._crypto,
- doc1.doc_id, doc1.get_json()))[ENC_JSON_KEY]
+ encrypt_doc(self._soledad._crypto, doc1))[ENC_JSON_KEY]
self.assertEqual(
True,
self._soledad._crypto.is_encrypted_sym(enc_json),
@@ -161,7 +167,7 @@ class EncryptedSyncTestCase(BaseSoledadTest):
# # create and encrypt a doc to insert directly in couchdb
# doc = LeapDocument('doc-id')
# doc.set_json(
-# encrypt_doc_json(
+# encrypt_doc(
# self._soledad._crypto, 'doc-id', json.dumps(simple_doc)))
# db.put_doc(doc)
# # setup credentials for access to soledad server
@@ -241,3 +247,42 @@ class CryptoMethodsTestCase(BaseSoledadTest):
sol = self._soledad_instance(user='user@leap.se', prefix='/3')
self.assertTrue(sol._has_secret(), "Should have a secret at "
"this point")
+
+
+class MacAuthTestCase(BaseSoledadTest):
+
+ def test_decrypt_with_wrong_mac_raises(self):
+ """
+ Trying to decrypt a document with wrong MAC should raise.
+ """
+ simpledoc = {'key': 'val'}
+ doc = LeapDocument(doc_id='id')
+ doc.content = simpledoc
+ # encrypt doc
+ doc.set_json(encrypt_doc(self._soledad._crypto, doc))
+ self.assertTrue(MAC_KEY in doc.content)
+ self.assertTrue(MAC_METHOD_KEY in doc.content)
+ # mess with MAC
+ doc.content[MAC_KEY] = 'wrongmac'
+ # try to decrypt doc
+ self.assertRaises(
+ WrongMac,
+ decrypt_doc, self._soledad._crypto, doc)
+
+ def test_decrypt_with_unknown_mac_method_raises(self):
+ """
+ Trying to decrypt a document with unknown MAC method should raise.
+ """
+ simpledoc = {'key': 'val'}
+ doc = LeapDocument(doc_id='id')
+ doc.content = simpledoc
+ # encrypt doc
+ doc.set_json(encrypt_doc(self._soledad._crypto, doc))
+ self.assertTrue(MAC_KEY in doc.content)
+ self.assertTrue(MAC_METHOD_KEY in doc.content)
+ # mess with MAC method
+ doc.content[MAC_METHOD_KEY] = 'mymac'
+ # try to decrypt doc
+ self.assertRaises(
+ UnknownMacMethod,
+ decrypt_doc, self._soledad._crypto, doc)