From 516a5adb4f8328bd94446f4ea7ad0bc9298d7bfb Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 30 Apr 2013 17:41:31 -0300 Subject: Use uuid instead of address. --- src/leap/soledad/__init__.py | 52 +++++++++++++++++----------------- src/leap/soledad/auth.py | 12 ++++---- src/leap/soledad/crypto.py | 39 ------------------------- src/leap/soledad/server.py | 12 ++++---- src/leap/soledad/tests/test_crypto.py | 14 ++++----- src/leap/soledad/tests/test_soledad.py | 4 +-- 6 files changed, 47 insertions(+), 86 deletions(-) (limited to 'src/leap/soledad') diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py index be8a7054..7d2663e8 100644 --- a/src/leap/soledad/__init__.py +++ b/src/leap/soledad/__init__.py @@ -126,7 +126,7 @@ class Soledad(object): """ SYMKEY_KEY = '_symkey' - ADDRESS_KEY = '_address' + UUID_KEY = '_uuid' """ Key used to access symmetric keys in recovery documents. """ @@ -138,14 +138,14 @@ class Soledad(object): Prefix for default values for path. """ - def __init__(self, address, passphrase, secret_path=None, + def __init__(self, uuid, passphrase, secret_path=None, local_db_path=None, server_url=None, auth_token=None, bootstrap=True): """ Initialize configuration, cryptographic keys and dbs. - @param address: User's address in the form C{user@provider}. - @type address: str + @param uuid: User's uuid. + @type uuid: str @param passphrase: The passphrase for locking and unlocking encryption secrets for disk storage. @type passphrase: str @@ -165,7 +165,7 @@ class Soledad(object): @type bootstrap: bool """ # TODO: allow for fingerprint enforcing. - self._address = address + self._uuid = uuid self._passphrase = passphrase self._set_token(auth_token) self._init_config(secret_path, local_db_path, server_url) @@ -243,7 +243,7 @@ class Soledad(object): self._set_symkey( self._crypto.decrypt_sym( doc.content[self.KEY_SYMKEY], - passphrase=self._address_hash())) + passphrase=self._passphrase)) # Stage 2 - Keys synchronization self._assert_keys_in_shared_db() # Stage 3 - Local database initialization @@ -270,13 +270,13 @@ class Soledad(object): """ Generate (if needed) and load secret for symmetric encryption. """ - events.signal(events.events_pb2.SOLEDAD_CREATING_KEYS, self._address) + events.signal(events.events_pb2.SOLEDAD_CREATING_KEYS, self._uuid) # load/generate secret if not self._has_symkey(): self._gen_symkey() self._load_symkey() events.signal( - events.events_pb2.SOLEDAD_DONE_CREATING_KEYS, self._address) + events.events_pb2.SOLEDAD_DONE_CREATING_KEYS, self._uuid) def _init_db(self): """ @@ -399,15 +399,15 @@ class Soledad(object): """ self._gen_symkey() - def _address_hash(self): + def _uuid_hash(self): """ Calculate a hash for storing/retrieving key material on shared - database, based on user's address. + database, based on user's uuid. @return: the hash @rtype: str """ - return sha256('address-%s' % self._address).hexdigest() + return sha256('uuid-%s' % self._uuid).hexdigest() def _shared_db(self): """ @@ -427,10 +427,10 @@ class Soledad(object): @rtype: LeapDocument """ events.signal( - events.events_pb2.SOLEDAD_DOWNLOADING_KEYS, self._address) - doc = self._shared_db().get_doc_unauth(self._address_hash()) + events.events_pb2.SOLEDAD_DOWNLOADING_KEYS, self._uuid) + doc = self._shared_db().get_doc_unauth(self._uuid_hash()) events.signal( - events.events_pb2.SOLEDAD_DONE_DOWNLOADING_KEYS, self._address) + events.events_pb2.SOLEDAD_DONE_DOWNLOADING_KEYS, self._uuid) return doc def _assert_keys_in_shared_db(self): @@ -456,16 +456,16 @@ class Soledad(object): 'Local and remote symmetric secrets differ!') else: events.signal( - events.events_pb2.SOLEDAD_UPLOADING_KEYS, self._address) + events.events_pb2.SOLEDAD_UPLOADING_KEYS, self._uuid) content = { self.SYMKEY_KEY: self._crypto.encrypt_sym( self._symkey, self._passphrase), } - doc = LeapDocument(doc_id=self._address_hash()) + doc = LeapDocument(doc_id=self._uuid_hash()) doc.content = content self._shared_db().put_doc(doc) events.signal( - events.events_pb2.SOLEDAD_DONE_UPLOADING_KEYS, self._address) + events.events_pb2.SOLEDAD_DONE_UPLOADING_KEYS, self._uuid) # # Document storage, retrieval and sync. @@ -719,7 +719,7 @@ class Soledad(object): @rtype: str """ local_gen = self._db.sync(self.server_url, creds=self._creds, autocreate=True) - events.signal(events.events_pb2.SOLEDAD_DONE_DATA_SYNC, self._address) + events.signal(events.events_pb2.SOLEDAD_DONE_DATA_SYNC, self._uuid) return local_gen def need_sync(self, url): @@ -737,7 +737,7 @@ class Soledad(object): # compare source generation with target's last known source generation if self._db._get_generation() != info[4]: events.signal( - events.events_pb2.SOLEDAD_NEW_DATA_TO_SYNC, self._address) + events.events_pb2.SOLEDAD_NEW_DATA_TO_SYNC, self._uuid) return True return False @@ -749,7 +749,7 @@ class Soledad(object): self._{ 'token': { - 'address': 'user@provider', + 'uuid': '' 'token': '' } @@ -758,7 +758,7 @@ class Soledad(object): """ self._creds = { 'token': { - 'address': self._address, + 'uuid': self._uuid, 'token': token, } } @@ -802,7 +802,7 @@ class Soledad(object): @rtype: str """ data = json.dumps({ - self.ADDRESS_KEY: self._address, + self.UUID_KEY: self._uuid, self.SYMKEY_KEY: self._symkey, }) if passphrase: @@ -828,7 +828,7 @@ class Soledad(object): if passphrase: data = self._crypto.decrypt_sym(data, passphrase=passphrase) data = json.loads(data) - self._address = data[self.ADDRESS_KEY] + self._uuid = data[self.UUID_KEY] self._symkey = data[self.SYMKEY_KEY] self._crypto.symkey = self._symkey self._store_symkey() @@ -839,10 +839,10 @@ class Soledad(object): # Setters/getters # - def _get_address(self): - return self._address + def _get_uuid(self): + return self._uuid - address = property(_get_address, doc='The user address.') + uuid = property(_get_uuid, doc='The user uuid.') def _get_secret_path(self): return self._secret_path diff --git a/src/leap/soledad/auth.py b/src/leap/soledad/auth.py index 094278dc..080bb806 100644 --- a/src/leap/soledad/auth.py +++ b/src/leap/soledad/auth.py @@ -27,16 +27,16 @@ they can do token-based auth requests to the Soledad server. from u1db.remote.http_client import HTTPClientBase -def set_token_credentials(self, address, token): +def set_token_credentials(self, uuid, token): """ Store given credentials so we can sign the request later. - @param address: The user's address. - @type address: str + @param uuid: The user's uuid. + @type uuid: str @param token: The authentication token. @type token: str """ - self._creds = {'token': (address, token)} + self._creds = {'token': (uuid, token)} def _sign_request(self, method, url_query, params): @@ -51,8 +51,8 @@ def _sign_request(self, method, url_query, params): @type param: list """ if 'token' in self._creds: - address, token = self._creds['token'] - auth = '%s:%s' % (address, token) + uuid, token = self._creds['token'] + auth = '%s:%s' % (uuid, token) return [('Authorization', 'Token %s' % auth.encode('base64'))] else: return HTTPClientBase._sign_request(self, method, url_query, params) diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py index c956f602..9d2227bd 100644 --- a/src/leap/soledad/crypto.py +++ b/src/leap/soledad/crypto.py @@ -49,20 +49,6 @@ class SoledadCrypto(object): self._pgp = openpgp.OpenPGPScheme(self._soledad) self._symkey = None - def encrypt_asym(self, data, key): - """ - Encrypt data. - - @param data: the data to be encrypted - @type data: str - @param key: the key to be used for encryption - @type key: str - - @return: the encrypted data - @rtype: str - """ - return openpgp.encrypt_asym(data, key) - def encrypt_sym(self, data, passphrase): """ Encrypt C{data} using a {password}. @@ -77,21 +63,6 @@ class SoledadCrypto(object): """ return openpgp.encrypt_sym(data, passphrase) - def decrypt_asym(self, data): - """ - Decrypt data. - - @param data: the data to be decrypted - @type data: str - @param passphrase: the passphrase to be used for decryption - @type passphrase: str - - @return: the decrypted data - @rtype: str - """ - key = self._pgp.get_key(self._soledad.address, private=True) - return openpgp.decrypt_asym(data, key) - def decrypt_sym(self, data, passphrase): """ Decrypt data using symmetric secret. @@ -127,16 +98,6 @@ class SoledadCrypto(object): """ return openpgp.is_encrypted_sym(data) - def is_encrypted_asym(self, data): - """ - Test whether some chunk of data was encrypted to an OpenPGP private - key. - - @return: whether data is encrypted to an OpenPGP private key - @rtype: bool - """ - return openpgp.is_encrypted_asym(data) - def passphrase_hash(self, suffix): """ Generate a passphrase for symmetric encryption. diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py index 3d3c6f69..38bf31fd 100644 --- a/src/leap/soledad/server.py +++ b/src/leap/soledad/server.py @@ -125,25 +125,25 @@ class SoledadAuthMiddleware(object): return self._error( start_response, 401, "unauthorized", "Missing Token Authentication") - address, token = encoded.decode('base64').split(':', 1) + uuid, token = encoded.decode('base64').split(':', 1) try: - self.verify_token(environ, address, token) + self.verify_token(environ, uuid, token) except Unauthorized: return self._error( start_response, 401, "unauthorized", - "Incorrect address or token.") + "Incorrect uuid or token.") del environ['HTTP_AUTHORIZATION'] shift_path_info(environ) return self.app(environ, start_response) - def verify_token(self, environ, address, token): + def verify_token(self, environ, uuid, token): """ Verify if token is valid for authenticating this request. @param environ: Dictionary containing CGI variables. @type environ: dict - @param token: The user address. - @type token: str + @param uuid: The user's uuid. + @type uuid: str @param token: The authentication token. @type token: str diff --git a/src/leap/soledad/tests/test_crypto.py b/src/leap/soledad/tests/test_crypto.py index 322be622..abe32661 100644 --- a/src/leap/soledad/tests/test_crypto.py +++ b/src/leap/soledad/tests/test_crypto.py @@ -167,7 +167,7 @@ class EncryptedSyncTestCase(BaseSoledadTest): # # setup credentials for access to soledad server # creds = { # 'token': { -# 'address': 'leap@leap.se', +# 'uuid': 'leap@leap.se', # 'token': '1234', # } # } @@ -189,7 +189,7 @@ class RecoveryDocumentTestCase(BaseSoledadTest): rd = self._soledad.export_recovery_document(None) self.assertEqual( { - self._soledad.ADDRESS_KEY: self._soledad._address, + self._soledad.UUID_KEY: self._soledad._uuid, self._soledad.SYMKEY_KEY: self._soledad._symkey }, json.loads(rd), @@ -201,7 +201,7 @@ class RecoveryDocumentTestCase(BaseSoledadTest): self.assertEqual(True, self._soledad._crypto.is_encrypted_sym(rd)) data = { - self._soledad.ADDRESS_KEY: self._soledad._address, + self._soledad.UUID_KEY: self._soledad._uuid, self._soledad.SYMKEY_KEY: self._soledad._symkey, } raw_data = json.loads(self._soledad._crypto.decrypt_sym( @@ -224,8 +224,8 @@ class RecoveryDocumentTestCase(BaseSoledadTest): s._init_dirs() s._crypto = SoledadCrypto(s) s.import_recovery_document(rd, None) - self.assertEqual(self._soledad._address, - s._address, 'Failed setting user email.') + self.assertEqual(self._soledad._uuid, + s._uuid, 'Failed setting user uuid.') self.assertEqual(self._soledad._symkey, s._symkey, 'Failed settinng secret for symmetric encryption.') @@ -236,8 +236,8 @@ class RecoveryDocumentTestCase(BaseSoledadTest): s._init_dirs() s._crypto = SoledadCrypto(s) s.import_recovery_document(rd, '123456') - self.assertEqual(self._soledad._address, - s._address, 'Failed setting user email.') + self.assertEqual(self._soledad._uuid, + s._uuid, 'Failed setting user uuid.') self.assertEqual(self._soledad._symkey, s._symkey, 'Failed settinng secret for symmetric encryption.') diff --git a/src/leap/soledad/tests/test_soledad.py b/src/leap/soledad/tests/test_soledad.py index 1ce9adb7..e7d34a87 100644 --- a/src/leap/soledad/tests/test_soledad.py +++ b/src/leap/soledad/tests/test_soledad.py @@ -105,7 +105,7 @@ class SoledadSharedDBTestCase(BaseSoledadTest): Ensure the shared db is queried with the correct doc_id. """ self._soledad._shared_db = Mock() - doc_id = self._soledad._address_hash() + doc_id = self._soledad._uuid_hash() self._soledad._fetch_keys_from_shared_db() self.assertTrue( self._soledad._shared_db.get_doc_unauth.assert_called_once(doc_id), @@ -128,7 +128,7 @@ class SoledadSharedDBTestCase(BaseSoledadTest): return self self._soledad._shared_db = MockSharedDB() - doc_id = self._soledad._address_hash() + doc_id = self._soledad._uuid_hash() self._soledad._assert_keys_in_shared_db() self.assertTrue( self._soledad._shared_db().get_doc_unauth.assert_called_once_with( -- cgit v1.2.3