summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
Diffstat (limited to 'service')
-rw-r--r--service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py5
-rw-r--r--service/pixelated/support/encrypted_file_storage.py13
-rw-r--r--service/requirements.txt2
-rw-r--r--service/test/support/integration/app_test_client.py2
4 files changed, 14 insertions, 8 deletions
diff --git a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
index 6bc2ca2f..f8fed0aa 100644
--- a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
+++ b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
@@ -14,7 +14,8 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
from pixelated.adapter.soledad.soledad_facade_mixin import SoledadDbFacadeMixin
-from cryptography.fernet import Fernet
+import nacl.secret
+import nacl.utils
class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object):
@@ -22,7 +23,7 @@ class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object):
def get_index_masterkey(self):
index_key = self.get_search_index_masterkey()
if len(index_key) == 0:
- index_key = Fernet.generate_key()
+ index_key = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE)
self.create_doc(dict(type='index_key', value=index_key))
return index_key
return str(index_key[0].content['value'])
diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py
index 5661b5e5..b859863b 100644
--- a/service/pixelated/support/encrypted_file_storage.py
+++ b/service/pixelated/support/encrypted_file_storage.py
@@ -20,14 +20,15 @@ from hashlib import sha512
import os
from whoosh.filedb.filestore import FileStorage
from whoosh.filedb.structfile import StructFile, BufferFile
-from cryptography.fernet import Fernet
+from nacl.secret import SecretBox
+import nacl.utils
from whoosh.util import random_name
class EncryptedFileStorage(FileStorage):
def __init__(self, path, masterkey=None):
self.masterkey = masterkey
- self.f = Fernet(masterkey)
+ self.secret_box = SecretBox(masterkey)
self._tmp_storage = self.temp_storage
self.length_cache = {}
FileStorage.__init__(self, path, supports_mmap=False)
@@ -48,6 +49,10 @@ class EncryptedFileStorage(FileStorage):
def file_length(self, name):
return self.length_cache[name][0]
+ @property
+ def _nonce(self):
+ return nacl.utils.random(SecretBox.NONCE_SIZE)
+
def _encrypt_index_on_close(self, name):
def wrapper(struct_file):
struct_file.seek(0)
@@ -56,13 +61,13 @@ class EncryptedFileStorage(FileStorage):
if name in self.length_cache and file_hash == self.length_cache[name][1]:
return
self.length_cache[name] = (len(content), file_hash)
- encrypted_content = self.f.encrypt(content)
+ encrypted_content = self.secret_box.encrypt(content, self._nonce)
with open(self._fpath(name), 'w+b') as f:
f.write(encrypted_content)
return wrapper
def _open_encrypted_file(self, name, onclose=lambda x: None):
file_content = open(self._fpath(name), "rb").read()
- decrypted = self.f.decrypt(file_content)
+ decrypted = self.secret_box.decrypt(file_content)
self.length_cache[name] = (len(decrypted), sha512(decrypted).digest())
return BufferFile(buffer(decrypted), name=name, onclose=onclose)
diff --git a/service/requirements.txt b/service/requirements.txt
index 01b1b760..ae85f211 100644
--- a/service/requirements.txt
+++ b/service/requirements.txt
@@ -1,4 +1,3 @@
-cryptography==0.6.1
pyasn1==0.1.7
gnupg==1.4.0
Twisted==14.0.2
@@ -17,3 +16,4 @@ leap.soledad.common==0.6.0-26-g509f76c
leap.soledad.client==0.6.0-26-g509f76c
leap.mail==0.3.9-1-gc1f9c92
whoosh==2.6.0
+pynacl==0.2.3
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index 32d70a66..ffd6e975 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -51,7 +51,7 @@ class AppTestClient:
self.app = pixelated.runserver.app
self.soledad_querier = SoledadQuerier(self.soledad)
- self.soledad_querier.get_index_masterkey = lambda: '_yg2oG_5ELM8_-sQYcsxI37WesI0dOtZQXpwAqjvhR4='
+ self.soledad_querier.get_index_masterkey = lambda: 'h\xbcpC\xb1\xafc\x92\xf3\xa1v\x1fa\x9dlA\x1a\xf7\xcf\xf2\nG\xad4\xb8m\x01\xf5\xa0\xa9\xd8\xca'
self.account = SoledadBackedAccount('test', self.soledad, MagicMock())
self.mailboxes = Mailboxes(self.account, self.soledad_querier)