diff options
Diffstat (limited to 'service/pixelated')
-rw-r--r-- | service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py | 5 | ||||
-rw-r--r-- | service/pixelated/support/encrypted_file_storage.py | 14 |
2 files changed, 7 insertions, 12 deletions
diff --git a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py index 14472693..d2d6f416 100644 --- a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py +++ b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py @@ -14,8 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. from pixelated.adapter.soledad.soledad_facade_mixin import SoledadDbFacadeMixin -import nacl.secret -import nacl.utils +import os import base64 @@ -26,7 +25,7 @@ class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object): index_key_doc = result[0] if result else None if not index_key_doc: - new_index_key = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE) + new_index_key = os.urandom(32) self.create_doc(dict(type='index_key', value=base64.encodestring(new_index_key))) return new_index_key return base64.decodestring(index_key_doc.content['value']) diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py index b859863b..04f2e6e8 100644 --- a/service/pixelated/support/encrypted_file_storage.py +++ b/service/pixelated/support/encrypted_file_storage.py @@ -20,15 +20,15 @@ from hashlib import sha512 import os from whoosh.filedb.filestore import FileStorage from whoosh.filedb.structfile import StructFile, BufferFile -from nacl.secret import SecretBox -import nacl.utils +from leap.soledad.client.crypto import encrypt_sym +from leap.soledad.client.crypto import decrypt_sym +from leap.soledad.client.crypto import EncryptionMethods from whoosh.util import random_name class EncryptedFileStorage(FileStorage): def __init__(self, path, masterkey=None): self.masterkey = masterkey - self.secret_box = SecretBox(masterkey) self._tmp_storage = self.temp_storage self.length_cache = {} FileStorage.__init__(self, path, supports_mmap=False) @@ -49,10 +49,6 @@ class EncryptedFileStorage(FileStorage): def file_length(self, name): return self.length_cache[name][0] - @property - def _nonce(self): - return nacl.utils.random(SecretBox.NONCE_SIZE) - def _encrypt_index_on_close(self, name): def wrapper(struct_file): struct_file.seek(0) @@ -61,13 +57,13 @@ class EncryptedFileStorage(FileStorage): if name in self.length_cache and file_hash == self.length_cache[name][1]: return self.length_cache[name] = (len(content), file_hash) - encrypted_content = self.secret_box.encrypt(content, self._nonce) + encrypted_content = ''.join(encrypt_sym(content, self.masterkey, EncryptionMethods.XSALSA20)) with open(self._fpath(name), 'w+b') as f: f.write(encrypted_content) return wrapper def _open_encrypted_file(self, name, onclose=lambda x: None): file_content = open(self._fpath(name), "rb").read() - decrypted = self.secret_box.decrypt(file_content) + decrypted = decrypt_sym(file_content[33:], self.masterkey, EncryptionMethods.XSALSA20, iv=file_content[:33]) self.length_cache[name] = (len(decrypted), sha512(decrypted).digest()) return BufferFile(buffer(decrypted), name=name, onclose=onclose) |