From 88d52a578d0d7b06e138820fc0df24ba5f22e0e1 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Fri, 30 Jun 2017 12:38:40 +0200 Subject: [feat] use OpenSSL backend for scrypt if available This needs OpenSSL >= 1.1, otherwise it will keep using the scrypt dependency. We should think about deprecating scrypt as a dependency when we can be sure that the adoption of libssl 1.1 is wide enough. I think that at some point (soledad 0.11 or so) we can drop the scrypt dependency, which was being somehow problematic at times (the _scrypt.so was not appearing when installing with pip, needed workarounds). From that moment on, we can raise an error if an old libssl is found and no scrypt can be imported - leaving that to the user/packager. In debian stretch and afterwards, you can get that version by installing libssl-dev - Related: #8472 --- testing/requirements-testing.pip | 3 ++- testing/tests/client/test_crypto.py | 12 ++++++++++++ testing/tox.ini | 7 +++---- 3 files changed, 17 insertions(+), 5 deletions(-) (limited to 'testing') diff --git a/testing/requirements-testing.pip b/testing/requirements-testing.pip index a33c65ab..a80b1b34 100644 --- a/testing/requirements-testing.pip +++ b/testing/requirements-testing.pip @@ -1,2 +1,3 @@ pip -tox \ No newline at end of file +tox +pytest-twisted diff --git a/testing/tests/client/test_crypto.py b/testing/tests/client/test_crypto.py index 11384ad7..10cccbb2 100644 --- a/testing/tests/client/test_crypto.py +++ b/testing/tests/client/test_crypto.py @@ -33,6 +33,7 @@ from cryptography.exceptions import InvalidTag from leap.soledad.common.document import SoledadDocument from test_soledad.util import BaseSoledadTest from leap.soledad.client import _crypto +from leap.soledad.client import _scrypt from twisted.trial import unittest from twisted.internet import defer @@ -46,6 +47,17 @@ snowden1 = ( "they will.") +class ScryptTest(unittest.TestCase): + + def test_scrypt(self): + secret = 'supersikret' + salt = 'randomsalt' + key = _scrypt.hash(secret, salt, buflen=32) + expected = ('47996b569ea58d51ccbcc318d710' + 'a537acd28bb7a94615ab8d061d4b2a920f01') + assert binascii.b2a_hex(key) == expected + + class AESTest(unittest.TestCase): def test_chunked_encryption(self): diff --git a/testing/tox.ini b/testing/tox.ini index bb8f0913..6a6275f3 100644 --- a/testing/tox.ini +++ b/testing/tox.ini @@ -5,8 +5,7 @@ skipsdist=True [testenv] basepython = python2.7 commands = - pip uninstall -y pysqlcipher - pip install --install-option="--bundled" pysqlcipher + pip install -I --install-option="--bundled" pysqlcipher py.test -x --ignore=tests/benchmarks \ --cov-report=html \ --cov-report=term \ @@ -25,6 +24,7 @@ deps = couchdb requests service_identity + leap.common # install soledad from current tree -e../ -e../[client] @@ -75,8 +75,7 @@ deps = commands = # use a bundled version of pysqlcipher to ensure HAVE_USLEEP is set and we # don't have problems with concurrent db access. - pip uninstall -y pysqlcipher - pip install --install-option="--bundled" pysqlcipher + pip install -I --install-option="--bundled" pysqlcipher ./check-pysqlcipher.py # and only then run benchmark py.test --benchmark-only -m 'not synchronous' {posargs} -- cgit v1.2.3