for #227, MAC on encrypted storage

2 files changed, 24 insertions, 7 deletions

diff --git a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
index d2d6f416..05d32779 100644
--- a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
+++ b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
@@ -25,7 +25,7 @@ class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object):
         index_key_doc = result[0] if result else None
 
         if not index_key_doc:
-            new_index_key = os.urandom(32)
+            new_index_key = os.urandom(64)  # 32 for encryption, 32 for hmac
             self.create_doc(dict(type='index_key', value=base64.encodestring(new_index_key)))
             return new_index_key
         return base64.decodestring(index_key_doc.content['value'])
diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py
index 04f2e6e8..49a67627 100644
--- a/service/pixelated/support/encrypted_file_storage.py
+++ b/service/pixelated/support/encrypted_file_storage.py
@@ -15,9 +15,10 @@
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 
 import io
-from hashlib import sha512
+from hashlib import sha256
 
 import os
+import hmac
 from whoosh.filedb.filestore import FileStorage
 from whoosh.filedb.structfile import StructFile, BufferFile
 from leap.soledad.client.crypto import encrypt_sym
@@ -28,7 +29,8 @@ from whoosh.util import random_name
 
 class EncryptedFileStorage(FileStorage):
     def __init__(self, path, masterkey=None):
-        self.masterkey = masterkey
+        self.masterkey = masterkey[:32]
+        self.signkey = masterkey[32:]
         self._tmp_storage = self.temp_storage
         self.length_cache = {}
         FileStorage.__init__(self, path, supports_mmap=False)
@@ -49,21 +51,36 @@ class EncryptedFileStorage(FileStorage):
     def file_length(self, name):
         return self.length_cache[name][0]
 
+    def gen_mac(self, ciphertext):
+        return hmac.new(self.signkey, ciphertext, sha256).digest()
+
+    def encrypt(self, content):
+        iv, ciphertext = encrypt_sym(content, self.masterkey, EncryptionMethods.XSALSA20)
+        mac = self.gen_mac(ciphertext)
+        return ''.join((mac, iv, ciphertext))
+
+    def decrypt(self, payload):
+        payload_mac, iv, ciphertext = payload[:32], payload[32:65], payload[65:]
+        generated_mac = self.gen_mac(ciphertext)
+        if sha256(payload_mac).digest() != sha256(generated_mac).digest():
+            raise Exception("EncryptedFileStorage  - Error opening file. Wrong MAC")
+        return decrypt_sym(ciphertext, self.masterkey, EncryptionMethods.XSALSA20, iv=iv)
+
     def _encrypt_index_on_close(self, name):
         def wrapper(struct_file):
             struct_file.seek(0)
             content = struct_file.file.read()
-            file_hash = sha512(content).digest()
+            file_hash = sha256(content).digest()
             if name in self.length_cache and file_hash == self.length_cache[name][1]:
                 return
             self.length_cache[name] = (len(content), file_hash)
-            encrypted_content = ''.join(encrypt_sym(content, self.masterkey, EncryptionMethods.XSALSA20))
+            encrypted_content = self.encrypt(content)
             with open(self._fpath(name), 'w+b') as f:
                 f.write(encrypted_content)
         return wrapper
 
     def _open_encrypted_file(self, name, onclose=lambda x: None):
         file_content = open(self._fpath(name), "rb").read()
-        decrypted = decrypt_sym(file_content[33:], self.masterkey, EncryptionMethods.XSALSA20, iv=file_content[:33])
-        self.length_cache[name] = (len(decrypted), sha512(decrypted).digest())
+        decrypted = self.decrypt(file_content)
+        self.length_cache[name] = (len(decrypted), sha256(decrypted).digest())
         return BufferFile(buffer(decrypted), name=name, onclose=onclose)