diff options
Diffstat (limited to 'service')
4 files changed, 14 insertions, 8 deletions
diff --git a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py index 6bc2ca2f..f8fed0aa 100644 --- a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py +++ b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py @@ -14,7 +14,8 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. from pixelated.adapter.soledad.soledad_facade_mixin import SoledadDbFacadeMixin -from cryptography.fernet import Fernet +import nacl.secret +import nacl.utils class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object): @@ -22,7 +23,7 @@ class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object): def get_index_masterkey(self): index_key = self.get_search_index_masterkey() if len(index_key) == 0: - index_key = Fernet.generate_key() + index_key = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE) self.create_doc(dict(type='index_key', value=index_key)) return index_key return str(index_key[0].content['value']) diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py index 5661b5e5..b859863b 100644 --- a/service/pixelated/support/encrypted_file_storage.py +++ b/service/pixelated/support/encrypted_file_storage.py @@ -20,14 +20,15 @@ from hashlib import sha512 import os from whoosh.filedb.filestore import FileStorage from whoosh.filedb.structfile import StructFile, BufferFile -from cryptography.fernet import Fernet +from nacl.secret import SecretBox +import nacl.utils from whoosh.util import random_name class EncryptedFileStorage(FileStorage): def __init__(self, path, masterkey=None): self.masterkey = masterkey - self.f = Fernet(masterkey) + self.secret_box = SecretBox(masterkey) self._tmp_storage = self.temp_storage self.length_cache = {} FileStorage.__init__(self, path, supports_mmap=False) @@ -48,6 +49,10 @@ class EncryptedFileStorage(FileStorage): def file_length(self, name): return self.length_cache[name][0] + @property + def _nonce(self): + return nacl.utils.random(SecretBox.NONCE_SIZE) + def _encrypt_index_on_close(self, name): def wrapper(struct_file): struct_file.seek(0) @@ -56,13 +61,13 @@ class EncryptedFileStorage(FileStorage): if name in self.length_cache and file_hash == self.length_cache[name][1]: return self.length_cache[name] = (len(content), file_hash) - encrypted_content = self.f.encrypt(content) + encrypted_content = self.secret_box.encrypt(content, self._nonce) with open(self._fpath(name), 'w+b') as f: f.write(encrypted_content) return wrapper def _open_encrypted_file(self, name, onclose=lambda x: None): file_content = open(self._fpath(name), "rb").read() - decrypted = self.f.decrypt(file_content) + decrypted = self.secret_box.decrypt(file_content) self.length_cache[name] = (len(decrypted), sha512(decrypted).digest()) return BufferFile(buffer(decrypted), name=name, onclose=onclose) diff --git a/service/requirements.txt b/service/requirements.txt index 01b1b760..ae85f211 100644 --- a/service/requirements.txt +++ b/service/requirements.txt @@ -1,4 +1,3 @@ -cryptography==0.6.1 pyasn1==0.1.7 gnupg==1.4.0 Twisted==14.0.2 @@ -17,3 +16,4 @@ leap.soledad.common==0.6.0-26-g509f76c leap.soledad.client==0.6.0-26-g509f76c leap.mail==0.3.9-1-gc1f9c92 whoosh==2.6.0 +pynacl==0.2.3 diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py index 32d70a66..ffd6e975 100644 --- a/service/test/support/integration/app_test_client.py +++ b/service/test/support/integration/app_test_client.py @@ -51,7 +51,7 @@ class AppTestClient: self.app = pixelated.runserver.app self.soledad_querier = SoledadQuerier(self.soledad) - self.soledad_querier.get_index_masterkey = lambda: '_yg2oG_5ELM8_-sQYcsxI37WesI0dOtZQXpwAqjvhR4=' + self.soledad_querier.get_index_masterkey = lambda: 'h\xbcpC\xb1\xafc\x92\xf3\xa1v\x1fa\x9dlA\x1a\xf7\xcf\xf2\nG\xad4\xb8m\x01\xf5\xa0\xa9\xd8\xca' self.account = SoledadBackedAccount('test', self.soledad, MagicMock()) self.mailboxes = Mailboxes(self.account, self.soledad_querier) |