diff options
| author | drebs <drebs@leap.se> | 2012-12-20 11:35:19 -0200 |
|---|---|---|
| committer | drebs <drebs@leap.se> | 2012-12-20 11:35:19 -0200 |
| commit | 7161784fc65698e2603cf53e797dbd13711689e0 (patch) | |
| tree | eaa54667917b07f1ec6d16454814ad5086ee6183 /src | |
| parent | 4cd81148ec25cd6f1a9498345c7405a4d37a4012 (diff) | |
Use doc_id with HMAC for symmetric encryption
Diffstat (limited to 'src')
| -rw-r--r-- | src/leap/soledad/__init__.py | 14 | ||||
| -rw-r--r-- | src/leap/soledad/backends/leap.py | 4 |
2 files changed, 10 insertions, 8 deletions
diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py index 4325d773..9f5d6e22 100644 --- a/src/leap/soledad/__init__.py +++ b/src/leap/soledad/__init__.py @@ -6,6 +6,7 @@ import os import string import random import cStringIO +import hmac from soledad.util import GPGWrapper class Soledad(object): @@ -39,7 +40,7 @@ class Soledad(object): def _load_secret(self): try: with open(self.SECRET_PATH) as f: - self._secret = self._gpg.decrypt(f.read()) + self._secret = str(self._gpg.decrypt(f.read())) except IOError as e: raise IOError('Failed to open secret file %s.' % self.SECRET_PATH) @@ -72,12 +73,13 @@ class Soledad(object): return str(self._gpg.encrypt(data, self._fingerprint, sign=sign, passphrase=passphrase, symmetric=symmetric)) - def encrypt_symmetric(self, data, sign=None): - return self.encrypt(data, sign=sign, passphrase=self._secret, - symmetric=True) + def encrypt_symmetric(self, doc_id, data, sign=None): + h = hmac.new(self._secret, doc_id).hexdigest() + return self.encrypt(data, sign=sign, passphrase=h, symmetric=True) def decrypt(self, data, passphrase=None, symmetric=False): return str(self._gpg.decrypt(data, passphrase=passphrase)) - def decrypt_symmetric(self, data): - return self.decrypt(data, passphrase=self._secret) + def decrypt_symmetric(self, doc_id, data): + h = hmac.new(self._secret, doc_id).hexdigest() + return self.decrypt(data, passphrase=h) diff --git a/src/leap/soledad/backends/leap.py b/src/leap/soledad/backends/leap.py index c019ed3f..9fbd49fe 100644 --- a/src/leap/soledad/backends/leap.py +++ b/src/leap/soledad/backends/leap.py @@ -37,7 +37,7 @@ class LeapDocument(Document): """ if not self._soledad: raise NoSoledadInstance() - ciphertext = self._soledad.encrypt_symmetric(self.get_json()) + ciphertext = self._soledad.encrypt_symmetric(self.doc_id, self.get_json()) return json.dumps({'_encrypted_json' : ciphertext}) def set_encrypted_json(self, encrypted_json): @@ -47,7 +47,7 @@ class LeapDocument(Document): if not self._soledad: raise NoSoledadInstance() ciphertext = json.loads(encrypted_json)['_encrypted_json'] - plaintext = self._soledad.decrypt_symmetric(ciphertext) + plaintext = self._soledad.decrypt_symmetric(self.doc_id, ciphertext) return self.set_json(plaintext) |