From 88d52a578d0d7b06e138820fc0df24ba5f22e0e1 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Fri, 30 Jun 2017 12:38:40 +0200 Subject: [feat] use OpenSSL backend for scrypt if available This needs OpenSSL >= 1.1, otherwise it will keep using the scrypt dependency. We should think about deprecating scrypt as a dependency when we can be sure that the adoption of libssl 1.1 is wide enough. I think that at some point (soledad 0.11 or so) we can drop the scrypt dependency, which was being somehow problematic at times (the _scrypt.so was not appearing when installing with pip, needed workarounds). From that moment on, we can raise an error if an old libssl is found and no scrypt can be imported - leaving that to the user/packager. In debian stretch and afterwards, you can get that version by installing libssl-dev - Related: #8472 --- testing/tests/client/test_crypto.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'testing/tests/client/test_crypto.py') diff --git a/testing/tests/client/test_crypto.py b/testing/tests/client/test_crypto.py index 11384ad7..10cccbb2 100644 --- a/testing/tests/client/test_crypto.py +++ b/testing/tests/client/test_crypto.py @@ -33,6 +33,7 @@ from cryptography.exceptions import InvalidTag from leap.soledad.common.document import SoledadDocument from test_soledad.util import BaseSoledadTest from leap.soledad.client import _crypto +from leap.soledad.client import _scrypt from twisted.trial import unittest from twisted.internet import defer @@ -46,6 +47,17 @@ snowden1 = ( "they will.") +class ScryptTest(unittest.TestCase): + + def test_scrypt(self): + secret = 'supersikret' + salt = 'randomsalt' + key = _scrypt.hash(secret, salt, buflen=32) + expected = ('47996b569ea58d51ccbcc318d710' + 'a537acd28bb7a94615ab8d061d4b2a920f01') + assert binascii.b2a_hex(key) == expected + + class AESTest(unittest.TestCase): def test_chunked_encryption(self): -- cgit v1.2.3