summaryrefslogtreecommitdiff
path: root/src/leap/soledad
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/soledad')
-rw-r--r--src/leap/soledad/__init__.py52
-rw-r--r--src/leap/soledad/auth.py12
-rw-r--r--src/leap/soledad/crypto.py39
-rw-r--r--src/leap/soledad/server.py12
-rw-r--r--src/leap/soledad/tests/test_crypto.py14
-rw-r--r--src/leap/soledad/tests/test_soledad.py4
6 files changed, 47 insertions, 86 deletions
diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py
index be8a7054..7d2663e8 100644
--- a/src/leap/soledad/__init__.py
+++ b/src/leap/soledad/__init__.py
@@ -126,7 +126,7 @@ class Soledad(object):
"""
SYMKEY_KEY = '_symkey'
- ADDRESS_KEY = '_address'
+ UUID_KEY = '_uuid'
"""
Key used to access symmetric keys in recovery documents.
"""
@@ -138,14 +138,14 @@ class Soledad(object):
Prefix for default values for path.
"""
- def __init__(self, address, passphrase, secret_path=None,
+ def __init__(self, uuid, passphrase, secret_path=None,
local_db_path=None, server_url=None, auth_token=None,
bootstrap=True):
"""
Initialize configuration, cryptographic keys and dbs.
- @param address: User's address in the form C{user@provider}.
- @type address: str
+ @param uuid: User's uuid.
+ @type uuid: str
@param passphrase: The passphrase for locking and unlocking encryption
secrets for disk storage.
@type passphrase: str
@@ -165,7 +165,7 @@ class Soledad(object):
@type bootstrap: bool
"""
# TODO: allow for fingerprint enforcing.
- self._address = address
+ self._uuid = uuid
self._passphrase = passphrase
self._set_token(auth_token)
self._init_config(secret_path, local_db_path, server_url)
@@ -243,7 +243,7 @@ class Soledad(object):
self._set_symkey(
self._crypto.decrypt_sym(
doc.content[self.KEY_SYMKEY],
- passphrase=self._address_hash()))
+ passphrase=self._passphrase))
# Stage 2 - Keys synchronization
self._assert_keys_in_shared_db()
# Stage 3 - Local database initialization
@@ -270,13 +270,13 @@ class Soledad(object):
"""
Generate (if needed) and load secret for symmetric encryption.
"""
- events.signal(events.events_pb2.SOLEDAD_CREATING_KEYS, self._address)
+ events.signal(events.events_pb2.SOLEDAD_CREATING_KEYS, self._uuid)
# load/generate secret
if not self._has_symkey():
self._gen_symkey()
self._load_symkey()
events.signal(
- events.events_pb2.SOLEDAD_DONE_CREATING_KEYS, self._address)
+ events.events_pb2.SOLEDAD_DONE_CREATING_KEYS, self._uuid)
def _init_db(self):
"""
@@ -399,15 +399,15 @@ class Soledad(object):
"""
self._gen_symkey()
- def _address_hash(self):
+ def _uuid_hash(self):
"""
Calculate a hash for storing/retrieving key material on shared
- database, based on user's address.
+ database, based on user's uuid.
@return: the hash
@rtype: str
"""
- return sha256('address-%s' % self._address).hexdigest()
+ return sha256('uuid-%s' % self._uuid).hexdigest()
def _shared_db(self):
"""
@@ -427,10 +427,10 @@ class Soledad(object):
@rtype: LeapDocument
"""
events.signal(
- events.events_pb2.SOLEDAD_DOWNLOADING_KEYS, self._address)
- doc = self._shared_db().get_doc_unauth(self._address_hash())
+ events.events_pb2.SOLEDAD_DOWNLOADING_KEYS, self._uuid)
+ doc = self._shared_db().get_doc_unauth(self._uuid_hash())
events.signal(
- events.events_pb2.SOLEDAD_DONE_DOWNLOADING_KEYS, self._address)
+ events.events_pb2.SOLEDAD_DONE_DOWNLOADING_KEYS, self._uuid)
return doc
def _assert_keys_in_shared_db(self):
@@ -456,16 +456,16 @@ class Soledad(object):
'Local and remote symmetric secrets differ!')
else:
events.signal(
- events.events_pb2.SOLEDAD_UPLOADING_KEYS, self._address)
+ events.events_pb2.SOLEDAD_UPLOADING_KEYS, self._uuid)
content = {
self.SYMKEY_KEY: self._crypto.encrypt_sym(
self._symkey, self._passphrase),
}
- doc = LeapDocument(doc_id=self._address_hash())
+ doc = LeapDocument(doc_id=self._uuid_hash())
doc.content = content
self._shared_db().put_doc(doc)
events.signal(
- events.events_pb2.SOLEDAD_DONE_UPLOADING_KEYS, self._address)
+ events.events_pb2.SOLEDAD_DONE_UPLOADING_KEYS, self._uuid)
#
# Document storage, retrieval and sync.
@@ -719,7 +719,7 @@ class Soledad(object):
@rtype: str
"""
local_gen = self._db.sync(self.server_url, creds=self._creds, autocreate=True)
- events.signal(events.events_pb2.SOLEDAD_DONE_DATA_SYNC, self._address)
+ events.signal(events.events_pb2.SOLEDAD_DONE_DATA_SYNC, self._uuid)
return local_gen
def need_sync(self, url):
@@ -737,7 +737,7 @@ class Soledad(object):
# compare source generation with target's last known source generation
if self._db._get_generation() != info[4]:
events.signal(
- events.events_pb2.SOLEDAD_NEW_DATA_TO_SYNC, self._address)
+ events.events_pb2.SOLEDAD_NEW_DATA_TO_SYNC, self._uuid)
return True
return False
@@ -749,7 +749,7 @@ class Soledad(object):
self._{
'token': {
- 'address': 'user@provider',
+ 'uuid': '<uuid>'
'token': '<token>'
}
@@ -758,7 +758,7 @@ class Soledad(object):
"""
self._creds = {
'token': {
- 'address': self._address,
+ 'uuid': self._uuid,
'token': token,
}
}
@@ -802,7 +802,7 @@ class Soledad(object):
@rtype: str
"""
data = json.dumps({
- self.ADDRESS_KEY: self._address,
+ self.UUID_KEY: self._uuid,
self.SYMKEY_KEY: self._symkey,
})
if passphrase:
@@ -828,7 +828,7 @@ class Soledad(object):
if passphrase:
data = self._crypto.decrypt_sym(data, passphrase=passphrase)
data = json.loads(data)
- self._address = data[self.ADDRESS_KEY]
+ self._uuid = data[self.UUID_KEY]
self._symkey = data[self.SYMKEY_KEY]
self._crypto.symkey = self._symkey
self._store_symkey()
@@ -839,10 +839,10 @@ class Soledad(object):
# Setters/getters
#
- def _get_address(self):
- return self._address
+ def _get_uuid(self):
+ return self._uuid
- address = property(_get_address, doc='The user address.')
+ uuid = property(_get_uuid, doc='The user uuid.')
def _get_secret_path(self):
return self._secret_path
diff --git a/src/leap/soledad/auth.py b/src/leap/soledad/auth.py
index 094278dc..080bb806 100644
--- a/src/leap/soledad/auth.py
+++ b/src/leap/soledad/auth.py
@@ -27,16 +27,16 @@ they can do token-based auth requests to the Soledad server.
from u1db.remote.http_client import HTTPClientBase
-def set_token_credentials(self, address, token):
+def set_token_credentials(self, uuid, token):
"""
Store given credentials so we can sign the request later.
- @param address: The user's address.
- @type address: str
+ @param uuid: The user's uuid.
+ @type uuid: str
@param token: The authentication token.
@type token: str
"""
- self._creds = {'token': (address, token)}
+ self._creds = {'token': (uuid, token)}
def _sign_request(self, method, url_query, params):
@@ -51,8 +51,8 @@ def _sign_request(self, method, url_query, params):
@type param: list
"""
if 'token' in self._creds:
- address, token = self._creds['token']
- auth = '%s:%s' % (address, token)
+ uuid, token = self._creds['token']
+ auth = '%s:%s' % (uuid, token)
return [('Authorization', 'Token %s' % auth.encode('base64'))]
else:
return HTTPClientBase._sign_request(self, method, url_query, params)
diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py
index c956f602..9d2227bd 100644
--- a/src/leap/soledad/crypto.py
+++ b/src/leap/soledad/crypto.py
@@ -49,20 +49,6 @@ class SoledadCrypto(object):
self._pgp = openpgp.OpenPGPScheme(self._soledad)
self._symkey = None
- def encrypt_asym(self, data, key):
- """
- Encrypt data.
-
- @param data: the data to be encrypted
- @type data: str
- @param key: the key to be used for encryption
- @type key: str
-
- @return: the encrypted data
- @rtype: str
- """
- return openpgp.encrypt_asym(data, key)
-
def encrypt_sym(self, data, passphrase):
"""
Encrypt C{data} using a {password}.
@@ -77,21 +63,6 @@ class SoledadCrypto(object):
"""
return openpgp.encrypt_sym(data, passphrase)
- def decrypt_asym(self, data):
- """
- Decrypt data.
-
- @param data: the data to be decrypted
- @type data: str
- @param passphrase: the passphrase to be used for decryption
- @type passphrase: str
-
- @return: the decrypted data
- @rtype: str
- """
- key = self._pgp.get_key(self._soledad.address, private=True)
- return openpgp.decrypt_asym(data, key)
-
def decrypt_sym(self, data, passphrase):
"""
Decrypt data using symmetric secret.
@@ -127,16 +98,6 @@ class SoledadCrypto(object):
"""
return openpgp.is_encrypted_sym(data)
- def is_encrypted_asym(self, data):
- """
- Test whether some chunk of data was encrypted to an OpenPGP private
- key.
-
- @return: whether data is encrypted to an OpenPGP private key
- @rtype: bool
- """
- return openpgp.is_encrypted_asym(data)
-
def passphrase_hash(self, suffix):
"""
Generate a passphrase for symmetric encryption.
diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py
index 3d3c6f69..38bf31fd 100644
--- a/src/leap/soledad/server.py
+++ b/src/leap/soledad/server.py
@@ -125,25 +125,25 @@ class SoledadAuthMiddleware(object):
return self._error(
start_response, 401, "unauthorized",
"Missing Token Authentication")
- address, token = encoded.decode('base64').split(':', 1)
+ uuid, token = encoded.decode('base64').split(':', 1)
try:
- self.verify_token(environ, address, token)
+ self.verify_token(environ, uuid, token)
except Unauthorized:
return self._error(
start_response, 401, "unauthorized",
- "Incorrect address or token.")
+ "Incorrect uuid or token.")
del environ['HTTP_AUTHORIZATION']
shift_path_info(environ)
return self.app(environ, start_response)
- def verify_token(self, environ, address, token):
+ def verify_token(self, environ, uuid, token):
"""
Verify if token is valid for authenticating this request.
@param environ: Dictionary containing CGI variables.
@type environ: dict
- @param token: The user address.
- @type token: str
+ @param uuid: The user's uuid.
+ @type uuid: str
@param token: The authentication token.
@type token: str
diff --git a/src/leap/soledad/tests/test_crypto.py b/src/leap/soledad/tests/test_crypto.py
index 322be622..abe32661 100644
--- a/src/leap/soledad/tests/test_crypto.py
+++ b/src/leap/soledad/tests/test_crypto.py
@@ -167,7 +167,7 @@ class EncryptedSyncTestCase(BaseSoledadTest):
# # setup credentials for access to soledad server
# creds = {
# 'token': {
-# 'address': 'leap@leap.se',
+# 'uuid': 'leap@leap.se',
# 'token': '1234',
# }
# }
@@ -189,7 +189,7 @@ class RecoveryDocumentTestCase(BaseSoledadTest):
rd = self._soledad.export_recovery_document(None)
self.assertEqual(
{
- self._soledad.ADDRESS_KEY: self._soledad._address,
+ self._soledad.UUID_KEY: self._soledad._uuid,
self._soledad.SYMKEY_KEY: self._soledad._symkey
},
json.loads(rd),
@@ -201,7 +201,7 @@ class RecoveryDocumentTestCase(BaseSoledadTest):
self.assertEqual(True,
self._soledad._crypto.is_encrypted_sym(rd))
data = {
- self._soledad.ADDRESS_KEY: self._soledad._address,
+ self._soledad.UUID_KEY: self._soledad._uuid,
self._soledad.SYMKEY_KEY: self._soledad._symkey,
}
raw_data = json.loads(self._soledad._crypto.decrypt_sym(
@@ -224,8 +224,8 @@ class RecoveryDocumentTestCase(BaseSoledadTest):
s._init_dirs()
s._crypto = SoledadCrypto(s)
s.import_recovery_document(rd, None)
- self.assertEqual(self._soledad._address,
- s._address, 'Failed setting user email.')
+ self.assertEqual(self._soledad._uuid,
+ s._uuid, 'Failed setting user uuid.')
self.assertEqual(self._soledad._symkey,
s._symkey,
'Failed settinng secret for symmetric encryption.')
@@ -236,8 +236,8 @@ class RecoveryDocumentTestCase(BaseSoledadTest):
s._init_dirs()
s._crypto = SoledadCrypto(s)
s.import_recovery_document(rd, '123456')
- self.assertEqual(self._soledad._address,
- s._address, 'Failed setting user email.')
+ self.assertEqual(self._soledad._uuid,
+ s._uuid, 'Failed setting user uuid.')
self.assertEqual(self._soledad._symkey,
s._symkey,
'Failed settinng secret for symmetric encryption.')
diff --git a/src/leap/soledad/tests/test_soledad.py b/src/leap/soledad/tests/test_soledad.py
index 1ce9adb7..e7d34a87 100644
--- a/src/leap/soledad/tests/test_soledad.py
+++ b/src/leap/soledad/tests/test_soledad.py
@@ -105,7 +105,7 @@ class SoledadSharedDBTestCase(BaseSoledadTest):
Ensure the shared db is queried with the correct doc_id.
"""
self._soledad._shared_db = Mock()
- doc_id = self._soledad._address_hash()
+ doc_id = self._soledad._uuid_hash()
self._soledad._fetch_keys_from_shared_db()
self.assertTrue(
self._soledad._shared_db.get_doc_unauth.assert_called_once(doc_id),
@@ -128,7 +128,7 @@ class SoledadSharedDBTestCase(BaseSoledadTest):
return self
self._soledad._shared_db = MockSharedDB()
- doc_id = self._soledad._address_hash()
+ doc_id = self._soledad._uuid_hash()
self._soledad._assert_keys_in_shared_db()
self.assertTrue(
self._soledad._shared_db().get_doc_unauth.assert_called_once_with(