soledad.git/client/changes, branch 0.7.2

[pkg] fold in changes

2015-08-26T18:49:37+00:00

[pkg] add missing changes files

2015-08-26T18:47:57+00:00

[refactor] add changes file about simplejson dep removal

2015-08-24T17:41:04+00:00

[bug] wait for db init on sync decrypter pool

2015-08-19T18:41:30+00:00

Previous to this modification, the initialization of the sync decrypter pool
could happen concurrently with other database operations. That could cause the
pool to hang because it could be waiting for something that was mistakenly
deleted because of the wrong order of database operations.

This commit implements a standard which we already use in leap.keymanager and
leap.mail which makes some methods wait for the initialization operation
before they are actually called.

Closes: #7386

[feat] emit a dict instead of a str

2015-08-11T15:50:29+00:00

[refactor] remove circular dependency in SoledadCrypto

2015-08-04T20:25:23+00:00

SoledadCrypto had Soledad as parameter to be able to use
SoledadSecrets. SoledadSecrets had SoledadCrypto as parameter to use
*crypt_sym. This commit removes this circular dependency passing
directly the secret that SoledadCrypto cares about to the constructor
and removing the *crypt_sym methods from SoledadCrypto.

- Resolves: #7338

[test] add initial enc/dec pool tests

2015-08-04T16:50:25+00:00

[bug] avoid double decryption of documents

2015-07-27T14:03:30+00:00

Because of how the incoming document queue is implemented, it could be the
case that a document was sent to async decryption queue more than once. This
commit creates a list of documents to be decrypted, so we avoid sending the
same document to the queue more than once.

[bug] fix order of incoming document events

2015-07-27T14:03:30+00:00

The incoming documents events are meant to be used by a progress bar for
soledad sync, yet to be implemented. When deferred decryption was used, the
events were sent out of order, depending on the order of arrival of the
documents. This commit changes it so that the content of the emited events are
in order, so it is meaningful for the implementation of a progress bar.

Note that even after documents are received from the server, they will still
be decrypted asynchronously, so another signal could be implemented to signal
for the waiting of the decryption of incoming documents.

[bug] remove mac from secrets file

2015-07-27T13:58:29+00:00

This is how a secret was stored in the secrets json file:

  * each secret is symmetrically encrypted amd MACed with keys derived from
    the user's passphrase.

  * the encrypted secrets dictionary is then MACed with another key derived
  * from the user's passphrase.

  * each key is derived using scrypt and a unique random salt.

There are disadvantages to this approach:

  * repeating scrypt many times is a waste of time.

  * an attacker could crack whichever has weaker parameters, if they get out
    of sync.

  * if an attacker can modify the secret in a way it is good to decrypt the
    database, then she can also modify the MAC.

The solution for this is:

  * completelly eliminate the MAC from the storage secrets file.

  * attempt to decrypt the database with whatever is got from the decryption
    of the secret. If that is wrong, report an error.

Closes #6980.