soledad.git/client/src/leap, branch release/0.9.x [soledad] [feature] Change CTR to GCM on secrets.py 2016-12-12T11:17:52+00:00 Victor Shyba victor1984@riseup.net 2016-12-07T05:03:58+00:00 7877527fe64eaee1f7f107913a4a3dc78767a338 Current implementation can allow tampering and the CTR->GCM exchange can help to avoid it. This commits also alters a behaviour where we moved ahead after failing to decrypt a recovery document. IMHO we can't move ahead as this is a fatal error. Signed-off-by: Victor Shyba <victor1984@riseup.net> 
Current implementation can allow tampering and the CTR->GCM exchange can
help to avoid it.
This commits also alters a behaviour where we moved ahead after failing
to decrypt a recovery document. IMHO we can't move ahead as this is a
fatal error.

Signed-off-by: Victor Shyba <victor1984@riseup.net>
[feature] Add retro compat on secrets.py ciphers 2016-12-12T11:17:52+00:00 Victor Shyba victor1984@riseup.net 2016-12-07T04:24:53+00:00 b3fcc5c5bddc73475596c4fe74e3402f0d5c021a Integrated the secrets's JSON key that specifies ciphers into _crypto and added optional GCM. Also added a test to check if both cipher types can be imported. Resolves: #8680 Signed-off-by: Victor Shyba <victor1984@riseup.net> 
Integrated the secrets's JSON key that specifies ciphers into _crypto
and added optional GCM. Also added a test to check if both cipher types
can be imported.

Resolves: #8680
Signed-off-by: Victor Shyba <victor1984@riseup.net>
[feature] use GCM instead of CTR+HMAC 2016-12-12T11:17:52+00:00 Victor Shyba victor1984@riseup.net 2016-12-07T02:16:28+00:00 349a49d2be011a428023a4ece14001fda57e65c4 Resolves: #8668 - client: substitute usage of CTR mode + HMAC by GCM cipher mode Signed-off-by: Victor Shyba <victor1984@riseup.net> 
Resolves: #8668 - client: substitute usage of CTR mode + HMAC by GCM
cipher mode

Signed-off-by: Victor Shyba <victor1984@riseup.net>
[refactor] improve blob signature magic usage 2016-12-12T11:17:51+00:00 Victor Shyba victor1984@riseup.net 2016-11-30T03:07:24+00:00 694e5670da53e923cf809948e400cd546154162b Our magic value wasn't being used and were represented as a string. Refactored it to a constant, increased it's size to 2 bytes and optimzed is_symmetrically_encrypted to look for the magic and symmetrically encrypted flag under base64 encoding. Most file types will use this feature to help identifying themselves, so it got refactored to serve the purpose it was created. 
Our magic value wasn't being used and were represented as a string.
Refactored it to a constant, increased it's size to 2 bytes and optimzed
is_symmetrically_encrypted to look for the magic and symmetrically
encrypted flag under base64 encoding. Most file types will use this
feature to help identifying themselves, so it got refactored to serve
the purpose it was created.
[style] fixes from code-review 2016-12-12T11:17:51+00:00 Victor Shyba victor1984@riseup.net 2016-11-29T05:20:03+00:00 5a93aeaab78c95dd707f922a4f45bb5d2eeca951 Naming, interfaces and other details. 
Naming, interfaces and other details.
[refactor] introduces a GenericWriter 2016-12-12T11:17:51+00:00 Victor Shyba victor1984@riseup.net 2016-11-27T05:25:07+00:00 dc80d2b59edd14ab463dc74e5fa19d1a04c27ca1 AESWriter and HMACWriter are just applying hmac or aes into a flow of data. Abstracted the application of those operations into a super class and highlighted just the difference on each implementation. 
AESWriter and HMACWriter are just applying hmac or aes into a flow of
data. Abstracted the application of those operations into a super class
and highlighted just the difference on each implementation.
[refactor] adds PipeableWriter to pipe two streams 2016-12-12T11:17:51+00:00 Victor Shyba victor1984@riseup.net 2016-11-27T04:13:04+00:00 b7bf30ca644775b38473571e47cbe102a5216d19 VerifiedEncryptor and VerifiedDecryptor are just a pipe and a fan-out. This class provides both behaviors to two distinct writeable things. 
VerifiedEncryptor and VerifiedDecryptor are just a pipe and a fan-out.
This class provides both behaviors to two distinct writeable things.
[refactor] simplify _crypto 2016-12-12T11:17:51+00:00 Victor Shyba victor1984@riseup.net 2016-11-27T00:26:23+00:00 bae95c183e68481db0fe36f066cd14c97bff3013 After adding the streaming decrypt, some classes were doing almost the same thing. Unified them. Also fixed some module level variables to upper case and some class name to camel case. 
After adding the streaming decrypt, some classes were doing almost the
same thing. Unified them.
Also fixed some module level variables to upper case and some class name
to camel case.
[refactor] improve logging 2016-12-12T11:17:51+00:00 Victor Shyba victor1984@riseup.net 2016-11-26T21:12:36+00:00 fbca1644823acbe4165ad1087db5baed28a6809d Some exceptions were missing a proper description and client_side_db.py script wasn't capturing logs from Twisted. 
Some exceptions were missing a proper description and client_side_db.py
script wasn't capturing logs from Twisted.
[bug] make the semaphore cover all parsing 2016-12-12T11:17:51+00:00 Victor Shyba victor1984@riseup.net 2016-11-26T21:11:11+00:00 d72e3763538d1156bcf72b643626c2111a5a02cf Unfortunately, if a doc finishes decryption before the previous one we will still have an issue while inserting. This commits solves it by adding the parse and decrypt inside of the semaphore. 
Unfortunately, if a doc finishes decryption before the previous one we
will still have an issue while inserting. This commits solves it by
adding the parse and decrypt inside of the semaphore.