summaryrefslogtreecommitdiff
path: root/service/pixelated
diff options
context:
space:
mode:
Diffstat (limited to 'service/pixelated')
-rw-r--r--service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py5
-rw-r--r--service/pixelated/support/encrypted_file_storage.py14
2 files changed, 7 insertions, 12 deletions
diff --git a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
index 14472693..d2d6f416 100644
--- a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
+++ b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
@@ -14,8 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
from pixelated.adapter.soledad.soledad_facade_mixin import SoledadDbFacadeMixin
-import nacl.secret
-import nacl.utils
+import os
import base64
@@ -26,7 +25,7 @@ class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object):
index_key_doc = result[0] if result else None
if not index_key_doc:
- new_index_key = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE)
+ new_index_key = os.urandom(32)
self.create_doc(dict(type='index_key', value=base64.encodestring(new_index_key)))
return new_index_key
return base64.decodestring(index_key_doc.content['value'])
diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py
index b859863b..04f2e6e8 100644
--- a/service/pixelated/support/encrypted_file_storage.py
+++ b/service/pixelated/support/encrypted_file_storage.py
@@ -20,15 +20,15 @@ from hashlib import sha512
import os
from whoosh.filedb.filestore import FileStorage
from whoosh.filedb.structfile import StructFile, BufferFile
-from nacl.secret import SecretBox
-import nacl.utils
+from leap.soledad.client.crypto import encrypt_sym
+from leap.soledad.client.crypto import decrypt_sym
+from leap.soledad.client.crypto import EncryptionMethods
from whoosh.util import random_name
class EncryptedFileStorage(FileStorage):
def __init__(self, path, masterkey=None):
self.masterkey = masterkey
- self.secret_box = SecretBox(masterkey)
self._tmp_storage = self.temp_storage
self.length_cache = {}
FileStorage.__init__(self, path, supports_mmap=False)
@@ -49,10 +49,6 @@ class EncryptedFileStorage(FileStorage):
def file_length(self, name):
return self.length_cache[name][0]
- @property
- def _nonce(self):
- return nacl.utils.random(SecretBox.NONCE_SIZE)
-
def _encrypt_index_on_close(self, name):
def wrapper(struct_file):
struct_file.seek(0)
@@ -61,13 +57,13 @@ class EncryptedFileStorage(FileStorage):
if name in self.length_cache and file_hash == self.length_cache[name][1]:
return
self.length_cache[name] = (len(content), file_hash)
- encrypted_content = self.secret_box.encrypt(content, self._nonce)
+ encrypted_content = ''.join(encrypt_sym(content, self.masterkey, EncryptionMethods.XSALSA20))
with open(self._fpath(name), 'w+b') as f:
f.write(encrypted_content)
return wrapper
def _open_encrypted_file(self, name, onclose=lambda x: None):
file_content = open(self._fpath(name), "rb").read()
- decrypted = self.secret_box.decrypt(file_content)
+ decrypted = decrypt_sym(file_content[33:], self.masterkey, EncryptionMethods.XSALSA20, iv=file_content[:33])
self.length_cache[name] = (len(decrypted), sha512(decrypted).digest())
return BufferFile(buffer(decrypted), name=name, onclose=onclose)