summaryrefslogtreecommitdiff
path: root/src/leap/soledad
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/soledad')
-rw-r--r--src/leap/soledad/__init__.py135
-rw-r--r--src/leap/soledad/backends/leap_backend.py18
-rw-r--r--src/leap/soledad/crypto.py21
-rw-r--r--src/leap/soledad/tests/test_soledad.py74
4 files changed, 173 insertions, 75 deletions
diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py
index fba275e3..ea3f676b 100644
--- a/src/leap/soledad/__init__.py
+++ b/src/leap/soledad/__init__.py
@@ -36,6 +36,7 @@ import scrypt
import httplib
import socket
import ssl
+import errno
from xdg import BaseDirectory
@@ -47,9 +48,92 @@ from u1db.remote.ssl_match_hostname import ( # noqa
)
-from leap.common import events
-from leap.common.check import leap_assert
-from leap.common.files import mkdir_p
+#
+# Assert functions
+#
+
+def soledad_assert(condition, message):
+ """
+ Asserts the condition and displays the message if that's not
+ met.
+
+ @param condition: condition to check
+ @type condition: bool
+ @param message: message to display if the condition isn't met
+ @type message: str
+ """
+ assert condition, message
+
+
+# we want to use leap.common.check.leap_assert in case it is available,
+# because it also logs in a way other parts of leap can access log messages.
+try:
+ from leap.common.check import leap_assert
+ soledad_assert = leap_assert
+except ImportError:
+ pass
+
+
+def soledad_assert_type(var, expectedType):
+ """
+ Helper assert check for a variable's expected type
+
+ @param var: variable to check
+ @type var: any
+ @param expectedType: type to check agains
+ @type expectedType: type
+ """
+ soledad_assert(isinstance(var, expectedType),
+ "Expected type %r instead of %r" %
+ (expectedType, type(var)))
+
+try:
+ from leap.common.check import leap_assert_type
+ soledad_assert_type = leap_assert_type
+except ImportError:
+ pass
+
+
+#
+# Signaling function
+#
+
+# we define a fake signaling function and fake signal constants that will
+# allow for logging signaling attempts in case leap.common.events is not
+# available.
+
+def signal(signal, content=""):
+ logger.info("Would signal: %s - %s." % (str(signal), content))
+
+SOLEDAD_CREATING_KEYS = 'Creating keys...'
+SOLEDAD_DONE_CREATING_KEYS = 'Done creating keys.'
+SOLEDAD_DOWNLOADING_KEYS = 'Downloading keys...'
+SOLEDAD_DONE_DOWNLOADING_KEYS = 'Done downloading keys.'
+SOLEDAD_UPLOADING_KEYS = 'Uploading keys...'
+SOLEDAD_DONE_UPLOADING_KEYS = 'Done uploading keys.'
+SOLEDAD_NEW_DATA_TO_SYNC = 'New data available.'
+SOLEDAD_DONE_DATA_SYNC = 'Done data sync.'
+
+# we want to use leap.common.events to emits signals, if it is available.
+try:
+ from leap.common import events
+ # replace fake signaling function with real one
+ signal = events.signal
+ # replace fake string signals with real signals
+ SOLEDAD_CREATING_KEYS = events.events_pb2.SOLEDAD_CREATING_KEYS
+ SOLEDAD_DONE_CREATING_KEYS = events.events_pb2.SOLEDAD_DONE_CREATING_KEYS
+ SOLEDAD_DOWNLOADING_KEYS = events.events_pb2.SOLEDAD_DOWNLOADING_KEYS
+ SOLEDAD_DONE_DOWNLOADING_KEYS = \
+ events.events_pb2.SOLEDAD_DONE_DOWNLOADING_KEYS
+ SOLEDAD_UPLOADING_KEYS = events.events_pb2.SOLEDAD_UPLOADING_KEYS
+ SOLEDAD_DONE_UPLOADING_KEYS = \
+ events.events_pb2.SOLEDAD_DONE_UPLOADING_KEYS
+ SOLEDAD_NEW_DATA_TO_SYNC = events.events_pb2.SOLEDAD_NEW_DATA_TO_SYNC
+ SOLEDAD_DONE_DATA_SYNC = events.events_pb2.SOLEDAD_DONE_DATA_SYNC
+except ImportError:
+ pass
+
+
from leap.soledad.backends import sqlcipher
from leap.soledad.backends.leap_backend import (
LeapDocument,
@@ -64,6 +148,10 @@ from leap.soledad.crypto import SoledadCrypto
logger = logging.getLogger(name=__name__)
+#
+# Constants
+#
+
SOLEDAD_CERT = None
"""
Path to the certificate file used to certify the SSL connection between
@@ -226,7 +314,7 @@ class Soledad(object):
self.DEFAULT_PREFIX, self.LOCAL_DATABASE_FILE_NAME)
# initialize server_url
self._server_url = server_url
- leap_assert(
+ soledad_assert(
self._server_url is not None,
'Missing URL for Soledad server.')
@@ -295,7 +383,13 @@ class Soledad(object):
[self._local_db_path, self._secrets_path])
for path in paths:
logger.info('Creating directory: %s.' % path)
- mkdir_p(path)
+ try:
+ os.makedirs(path)
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(path):
+ pass
+ else:
+ raise
def _init_db(self):
"""
@@ -439,8 +533,8 @@ class Soledad(object):
This method emits the following signals:
- * leap.common.events.events_pb2.SOLEDAD_CREATING_KEYS
- * leap.common.events.events_pb2.SOLEDAD_DONE_CREATING_KEYS
+ * SOLEDAD_CREATING_KEYS
+ * SOLEDAD_DONE_CREATING_KEYS
A secret has the following structure:
@@ -458,7 +552,7 @@ class Soledad(object):
@return: The id of the generated secret.
@rtype: str
"""
- events.signal(events.events_pb2.SOLEDAD_CREATING_KEYS, self._uuid)
+ signal(SOLEDAD_CREATING_KEYS, self._uuid)
# generate random secret
secret = os.urandom(self.GENERATED_SECRET_LENGTH)
secret_id = sha256(secret).hexdigest()
@@ -479,8 +573,7 @@ class Soledad(object):
str(iv), self.IV_SEPARATOR, binascii.b2a_base64(ciphertext)),
}
self._store_secrets()
- events.signal(
- events.events_pb2.SOLEDAD_DONE_CREATING_KEYS, self._uuid)
+ signal(SOLEDAD_DONE_CREATING_KEYS, self._uuid)
return secret_id
def _store_secrets(self):
@@ -543,15 +636,13 @@ class Soledad(object):
@return: a document with encrypted key material in its contents
@rtype: LeapDocument
"""
- events.signal(
- events.events_pb2.SOLEDAD_DOWNLOADING_KEYS, self._uuid)
+ signal(SOLEDAD_DOWNLOADING_KEYS, self._uuid)
db = self._shared_db()
if not db:
logger.warning('No shared db found')
return
doc = db.get_doc(self._uuid_hash())
- events.signal(
- events.events_pb2.SOLEDAD_DONE_DOWNLOADING_KEYS, self._uuid)
+ signal(SOLEDAD_DONE_DOWNLOADING_KEYS, self._uuid)
return doc
def _put_secrets_in_shared_db(self):
@@ -563,7 +654,7 @@ class Soledad(object):
Otherwise, upload keys to shared recovery database.
"""
- leap_assert(
+ soledad_assert(
self._has_secret(),
'Tried to send keys to server but they don\'t exist in local '
'storage.')
@@ -574,15 +665,13 @@ class Soledad(object):
# fill doc with encrypted secrets
doc.content = self.export_recovery_document(include_uuid=False)
# upload secrets to server
- events.signal(
- events.events_pb2.SOLEDAD_UPLOADING_KEYS, self._uuid)
+ signal(SOLEDAD_UPLOADING_KEYS, self._uuid)
db = self._shared_db()
if not db:
logger.warning('No shared db found')
return
db.put_doc(doc)
- events.signal(
- events.events_pb2.SOLEDAD_DONE_UPLOADING_KEYS, self._uuid)
+ signal(SOLEDAD_DONE_UPLOADING_KEYS, self._uuid)
#
# Document storage, retrieval and sync.
@@ -835,7 +924,7 @@ class Soledad(object):
local_gen = self._db.sync(
urlparse.urljoin(self.server_url, 'user-%s' % self._uuid),
creds=self._creds, autocreate=True)
- events.signal(events.events_pb2.SOLEDAD_DONE_DATA_SYNC, self._uuid)
+ signal(SOLEDAD_DONE_DATA_SYNC, self._uuid)
return local_gen
def need_sync(self, url):
@@ -852,8 +941,7 @@ class Soledad(object):
info = target.get_sync_info(self._db._get_replica_uid())
# compare source generation with target's last known source generation
if self._db._get_generation() != info[4]:
- events.signal(
- events.events_pb2.SOLEDAD_NEW_DATA_TO_SYNC, self._uuid)
+ signal(SOLEDAD_NEW_DATA_TO_SYNC, self._uuid)
return True
return False
@@ -1005,3 +1093,6 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
old__VerifiedHTTPSConnection = http_client._VerifiedHTTPSConnection
http_client._VerifiedHTTPSConnection = VerifiedHTTPSConnection
+
+
+__all__ = ['soledad_assert', 'Soledad']
diff --git a/src/leap/soledad/backends/leap_backend.py b/src/leap/soledad/backends/leap_backend.py
index 18c64f97..4d92db37 100644
--- a/src/leap/soledad/backends/leap_backend.py
+++ b/src/leap/soledad/backends/leap_backend.py
@@ -33,11 +33,11 @@ from u1db.errors import BrokenSyncStream
from u1db.remote.http_target import HTTPSyncTarget
+from leap.soledad import soledad_assert
from leap.soledad.crypto import (
EncryptionMethods,
UnknownEncryptionMethod,
)
-from leap.common.check import leap_assert
from leap.soledad.auth import TokenBasedAuth
@@ -165,7 +165,7 @@ def encrypt_doc(crypto, doc):
content.
@rtype: str
"""
- leap_assert(doc.is_tombstone() is False)
+ soledad_assert(doc.is_tombstone() is False)
# encrypt content using AES-256 CTR mode
iv, ciphertext = crypto.encrypt_sym(
doc.get_json(),
@@ -218,12 +218,12 @@ def decrypt_doc(crypto, doc):
@return: The JSON serialization of the decrypted content.
@rtype: str
"""
- leap_assert(doc.is_tombstone() is False)
- leap_assert(ENC_JSON_KEY in doc.content)
- leap_assert(ENC_SCHEME_KEY in doc.content)
- leap_assert(ENC_METHOD_KEY in doc.content)
- leap_assert(MAC_KEY in doc.content)
- leap_assert(MAC_METHOD_KEY in doc.content)
+ soledad_assert(doc.is_tombstone() is False)
+ soledad_assert(ENC_JSON_KEY in doc.content)
+ soledad_assert(ENC_SCHEME_KEY in doc.content)
+ soledad_assert(ENC_METHOD_KEY in doc.content)
+ soledad_assert(MAC_KEY in doc.content)
+ soledad_assert(MAC_METHOD_KEY in doc.content)
# verify MAC
ciphertext = binascii.a2b_hex( # content is stored as hex.
doc.content[ENC_JSON_KEY])
@@ -239,7 +239,7 @@ def decrypt_doc(crypto, doc):
if enc_scheme == EncryptionSchemes.SYMKEY:
enc_method = doc.content[ENC_METHOD_KEY]
if enc_method == EncryptionMethods.AES_256_CTR:
- leap_assert(ENC_IV_KEY in doc.content)
+ soledad_assert(ENC_IV_KEY in doc.content)
plainjson = crypto.decrypt_sym(
ciphertext,
crypto.doc_passphrase(doc.doc_id),
diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py
index e3d2c30c..be83e4a2 100644
--- a/src/leap/soledad/crypto.py
+++ b/src/leap/soledad/crypto.py
@@ -26,9 +26,15 @@ import binascii
import hmac
import hashlib
+
from Crypto.Cipher import AES
from Crypto.Util import Counter
-from leap.common.check import leap_assert, leap_assert_type
+
+
+from leap.soledad import (
+ soledad_assert,
+ soledad_assert_type,
+)
class EncryptionMethods(object):
@@ -85,13 +91,14 @@ class SoledadCrypto(object):
@return: A tuple with the initial value and the encrypted data.
@rtype: (long, str)
"""
- leap_assert_type(key, str)
+ soledad_assert_type(key, str)
# AES-256 in CTR mode
if method == EncryptionMethods.AES_256_CTR:
- leap_assert(
+ soledad_assert(
len(key) == 32, # 32 x 8 = 256 bits.
- 'Wrong key size: %s bits (must be 256 bits long).' % (len(key)*8))
+ 'Wrong key size: %s bits (must be 256 bits long).' %
+ (len(key) * 8))
iv = os.urandom(8)
ctr = Counter.new(64, prefix=iv)
cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr)
@@ -119,15 +126,15 @@ class SoledadCrypto(object):
@return: The decrypted data.
@rtype: str
"""
- leap_assert_type(key, str)
+ soledad_assert_type(key, str)
# AES-256 in CTR mode
if method == EncryptionMethods.AES_256_CTR:
# assert params
- leap_assert(
+ soledad_assert(
len(key) == 32, # 32 x 8 = 256 bits.
'Wrong key size: %s (must be 256 bits long).' % len(key))
- leap_assert(
+ soledad_assert(
'iv' in kwargs,
'AES-256-CTR needs an initial value given as.')
ctr = Counter.new(64, prefix=binascii.a2b_base64(kwargs['iv']))
diff --git a/src/leap/soledad/tests/test_soledad.py b/src/leap/soledad/tests/test_soledad.py
index 09711f19..21d36771 100644
--- a/src/leap/soledad/tests/test_soledad.py
+++ b/src/leap/soledad/tests/test_soledad.py
@@ -165,7 +165,7 @@ class SoledadSignalingTestCase(BaseSoledadTest):
def setUp(self):
BaseSoledadTest.setUp(self)
# mock signaling
- soledad.events.signal = Mock()
+ soledad.signal = Mock()
def tearDown(self):
pass
@@ -179,54 +179,54 @@ class SoledadSignalingTestCase(BaseSoledadTest):
"""
Test that a fresh soledad emits all bootstrap signals.
"""
- soledad.events.signal.reset_mock()
+ soledad.signal.reset_mock()
# get a fresh instance so it emits all bootstrap signals
sol = self._soledad_instance(
secrets_path='alternative.json',
local_db_path='alternative.u1db')
# reverse call order so we can verify in the order the signals were
# expected
- soledad.events.signal.mock_calls.reverse()
- soledad.events.signal.call_args = \
- soledad.events.signal.call_args_list[0]
- soledad.events.signal.call_args_list.reverse()
+ soledad.signal.mock_calls.reverse()
+ soledad.signal.call_args = \
+ soledad.signal.call_args_list[0]
+ soledad.signal.call_args_list.reverse()
# assert signals
- soledad.events.signal.assert_called_with(
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DOWNLOADING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DONE_DOWNLOADING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_CREATING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DONE_CREATING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DOWNLOADING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DONE_DOWNLOADING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_UPLOADING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DONE_UPLOADING_KEYS,
ADDRESS,
)
@@ -235,32 +235,32 @@ class SoledadSignalingTestCase(BaseSoledadTest):
"""
Test that an existent soledad emits some of the bootstrap signals.
"""
- soledad.events.signal.reset_mock()
+ soledad.signal.reset_mock()
# get an existent instance so it emits only some of bootstrap signals
sol = self._soledad_instance()
# reverse call order so we can verify in the order the signals were
# expected
- soledad.events.signal.mock_calls.reverse()
- soledad.events.signal.call_args = \
- soledad.events.signal.call_args_list[0]
- soledad.events.signal.call_args_list.reverse()
+ soledad.signal.mock_calls.reverse()
+ soledad.signal.call_args = \
+ soledad.signal.call_args_list[0]
+ soledad.signal.call_args_list.reverse()
# assert signals
- soledad.events.signal.assert_called_with(
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DOWNLOADING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DONE_DOWNLOADING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_UPLOADING_KEYS,
ADDRESS,
)
- self._pop_mock_call(soledad.events.signal)
- soledad.events.signal.assert_called_with(
+ self._pop_mock_call(soledad.signal)
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DONE_UPLOADING_KEYS,
ADDRESS,
)
@@ -269,7 +269,7 @@ class SoledadSignalingTestCase(BaseSoledadTest):
"""
Test Soledad emits SOLEDAD_CREATING_KEYS signal.
"""
- soledad.events.signal.reset_mock()
+ soledad.signal.reset_mock()
# get a fresh instance so it emits all bootstrap signals
sol = self._soledad_instance()
# mock the actual db sync so soledad does not try to connect to the
@@ -278,7 +278,7 @@ class SoledadSignalingTestCase(BaseSoledadTest):
# do the sync
sol.sync()
# assert the signal has been emitted
- soledad.events.signal.assert_called_with(
+ soledad.signal.assert_called_with(
proto.SOLEDAD_DONE_DATA_SYNC,
ADDRESS,
)
@@ -287,7 +287,7 @@ class SoledadSignalingTestCase(BaseSoledadTest):
"""
Test Soledad emits SOLEDAD_CREATING_KEYS signal.
"""
- soledad.events.signal.reset_mock()
+ soledad.signal.reset_mock()
sol = self._soledad_instance()
# mock the sync target
LeapSyncTarget.get_sync_info = Mock(return_value=[0, 0, 0, 0, 2])
@@ -296,7 +296,7 @@ class SoledadSignalingTestCase(BaseSoledadTest):
# check for new data to sync
sol.need_sync('http://provider/userdb')
# assert the signal has been emitted
- soledad.events.signal.assert_called_with(
+ soledad.signal.assert_called_with(
proto.SOLEDAD_NEW_DATA_TO_SYNC,
ADDRESS,
)