From 92d19ed855cda44d3fa10777020594d8b345ff18 Mon Sep 17 00:00:00 2001
From: Victor Shyba <victor.shyba@gmail.com>
Date: Mon, 12 Jan 2015 16:23:04 -0300
Subject: card #227, replacing lib for debian compatibility: cryptography ->
 nacl

---
 .../soledad/soledad_search_key_masterkey_retrieval_mixin.py |  5 +++--
 service/pixelated/support/encrypted_file_storage.py         | 13 +++++++++----
 service/requirements.txt                                    |  2 +-
 service/test/support/integration/app_test_client.py         |  2 +-
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
index 6bc2ca2f..f8fed0aa 100644
--- a/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
+++ b/service/pixelated/adapter/soledad/soledad_search_key_masterkey_retrieval_mixin.py
@@ -14,7 +14,8 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 from pixelated.adapter.soledad.soledad_facade_mixin import SoledadDbFacadeMixin
-from cryptography.fernet import Fernet
+import nacl.secret
+import nacl.utils
 
 
 class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object):
@@ -22,7 +23,7 @@ class SoledadSearchIndexMasterkeyRetrievalMixin(SoledadDbFacadeMixin, object):
     def get_index_masterkey(self):
         index_key = self.get_search_index_masterkey()
         if len(index_key) == 0:
-            index_key = Fernet.generate_key()
+            index_key = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE)
             self.create_doc(dict(type='index_key', value=index_key))
             return index_key
         return str(index_key[0].content['value'])
diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py
index 5661b5e5..b859863b 100644
--- a/service/pixelated/support/encrypted_file_storage.py
+++ b/service/pixelated/support/encrypted_file_storage.py
@@ -20,14 +20,15 @@ from hashlib import sha512
 import os
 from whoosh.filedb.filestore import FileStorage
 from whoosh.filedb.structfile import StructFile, BufferFile
-from cryptography.fernet import Fernet
+from nacl.secret import SecretBox
+import nacl.utils
 from whoosh.util import random_name
 
 
 class EncryptedFileStorage(FileStorage):
     def __init__(self, path, masterkey=None):
         self.masterkey = masterkey
-        self.f = Fernet(masterkey)
+        self.secret_box = SecretBox(masterkey)
         self._tmp_storage = self.temp_storage
         self.length_cache = {}
         FileStorage.__init__(self, path, supports_mmap=False)
@@ -48,6 +49,10 @@ class EncryptedFileStorage(FileStorage):
     def file_length(self, name):
         return self.length_cache[name][0]
 
+    @property
+    def _nonce(self):
+        return nacl.utils.random(SecretBox.NONCE_SIZE)
+
     def _encrypt_index_on_close(self, name):
         def wrapper(struct_file):
             struct_file.seek(0)
@@ -56,13 +61,13 @@ class EncryptedFileStorage(FileStorage):
             if name in self.length_cache and file_hash == self.length_cache[name][1]:
                 return
             self.length_cache[name] = (len(content), file_hash)
-            encrypted_content = self.f.encrypt(content)
+            encrypted_content = self.secret_box.encrypt(content, self._nonce)
             with open(self._fpath(name), 'w+b') as f:
                 f.write(encrypted_content)
         return wrapper
 
     def _open_encrypted_file(self, name, onclose=lambda x: None):
         file_content = open(self._fpath(name), "rb").read()
-        decrypted = self.f.decrypt(file_content)
+        decrypted = self.secret_box.decrypt(file_content)
         self.length_cache[name] = (len(decrypted), sha512(decrypted).digest())
         return BufferFile(buffer(decrypted), name=name, onclose=onclose)
diff --git a/service/requirements.txt b/service/requirements.txt
index 01b1b760..ae85f211 100644
--- a/service/requirements.txt
+++ b/service/requirements.txt
@@ -1,4 +1,3 @@
-cryptography==0.6.1
 pyasn1==0.1.7
 gnupg==1.4.0
 Twisted==14.0.2
@@ -17,3 +16,4 @@ leap.soledad.common==0.6.0-26-g509f76c
 leap.soledad.client==0.6.0-26-g509f76c
 leap.mail==0.3.9-1-gc1f9c92
 whoosh==2.6.0
+pynacl==0.2.3
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index 32d70a66..ffd6e975 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -51,7 +51,7 @@ class AppTestClient:
         self.app = pixelated.runserver.app
 
         self.soledad_querier = SoledadQuerier(self.soledad)
-        self.soledad_querier.get_index_masterkey = lambda: '_yg2oG_5ELM8_-sQYcsxI37WesI0dOtZQXpwAqjvhR4='
+        self.soledad_querier.get_index_masterkey = lambda: 'h\xbcpC\xb1\xafc\x92\xf3\xa1v\x1fa\x9dlA\x1a\xf7\xcf\xf2\nG\xad4\xb8m\x01\xf5\xa0\xa9\xd8\xca'
 
         self.account = SoledadBackedAccount('test', self.soledad, MagicMock())
         self.mailboxes = Mailboxes(self.account, self.soledad_querier)
-- 
cgit v1.2.3