From e048f0e7e6a56e289188b02e1205fbb025cb38a6 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Tue, 21 May 2013 16:47:18 -0300
Subject: Add check for encryption method.

---
 src/leap/soledad/backends/leap_backend.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'src/leap/soledad/backends')

diff --git a/src/leap/soledad/backends/leap_backend.py b/src/leap/soledad/backends/leap_backend.py
index 8fa662e9..bb8ee548 100644
--- a/src/leap/soledad/backends/leap_backend.py
+++ b/src/leap/soledad/backends/leap_backend.py
@@ -38,6 +38,7 @@ from u1db.remote.http_target import HTTPSyncTarget
 
 from leap.common.crypto import (
     EncryptionMethods,
+    UnknownEncryptionMethod,
     encrypt_sym,
     decrypt_sym,
 )
@@ -242,12 +243,16 @@ def decrypt_doc(crypto, doc):
     enc_scheme = doc.content[ENC_SCHEME_KEY]
     plainjson = None
     if enc_scheme == EncryptionSchemes.SYMKEY:
-        leap_assert(ENC_IV_KEY in doc.content)
-        plainjson = decrypt_sym(
-            ciphertext,
-            crypto.doc_passphrase(doc.doc_id),
-            method=doc.content[ENC_METHOD_KEY],
-            iv=doc.content[ENC_IV_KEY])
+        enc_method = doc.content[ENC_METHOD_KEY]
+        if enc_method == EncryptionMethods.AES_256_CTR:
+            leap_assert(ENC_IV_KEY in doc.content)
+            plainjson = decrypt_sym(
+                ciphertext,
+                crypto.doc_passphrase(doc.doc_id),
+                method=enc_method,
+                iv=doc.content[ENC_IV_KEY])
+        else:
+            raise UnknownEncryptionMethod(enc_method)
     else:
         raise UnknownEncryptionScheme(enc_scheme)
     return plainjson
-- 
cgit v1.2.3