soledad.git/testing/tests, branch feature/streaming-transfer [soledad] [feature] Change CTR to GCM on secrets.py 2016-12-07T05:03:58+00:00 Victor Shyba victor1984@riseup.net 2016-12-07T05:03:58+00:00 ee5c8675eb68b075552a03a914699c841a98306e Current implementation can allow tampering and the CTR->GCM exchange can help to avoid it. This commits also alters a behaviour where we moved ahead after failing to decrypt a recovery document. IMHO we can't move ahead as this is a fatal error. Signed-off-by: Victor Shyba <victor1984@riseup.net> 
Current implementation can allow tampering and the CTR->GCM exchange can
help to avoid it.
This commits also alters a behaviour where we moved ahead after failing
to decrypt a recovery document. IMHO we can't move ahead as this is a
fatal error.

Signed-off-by: Victor Shyba <victor1984@riseup.net>
[feature] Add retro compat on secrets.py ciphers 2016-12-07T04:27:50+00:00 Victor Shyba victor1984@riseup.net 2016-12-07T04:24:53+00:00 1bc85d13569635644f9954dea5f615c9256c8c56 Integrated the secrets's JSON key that specifies ciphers into _crypto and added optional GCM. Also added a test to check if both cipher types can be imported. Resolves: #8680 Signed-off-by: Victor Shyba <victor1984@riseup.net> 
Integrated the secrets's JSON key that specifies ciphers into _crypto
and added optional GCM. Also added a test to check if both cipher types
can be imported.

Resolves: #8680
Signed-off-by: Victor Shyba <victor1984@riseup.net>
[feature] use GCM instead of CTR+HMAC 2016-12-07T02:30:42+00:00 Victor Shyba victor1984@riseup.net 2016-12-07T02:16:28+00:00 0b96f01d40da37747d94f4182ea4a8cc8ebb1b05 Resolves: #8668 - client: substitute usage of CTR mode + HMAC by GCM cipher mode Signed-off-by: Victor Shyba <victor1984@riseup.net> 
Resolves: #8668 - client: substitute usage of CTR mode + HMAC by GCM
cipher mode

Signed-off-by: Victor Shyba <victor1984@riseup.net>
[refactor] improve blob signature magic usage 2016-11-30T04:55:33+00:00 Victor Shyba victor1984@riseup.net 2016-11-30T03:07:24+00:00 efb37c37bda119d3f73cc4d79f3b663585219c23 Our magic value wasn't being used and were represented as a string. Refactored it to a constant, increased it's size to 2 bytes and optimzed is_symmetrically_encrypted to look for the magic and symmetrically encrypted flag under base64 encoding. Most file types will use this feature to help identifying themselves, so it got refactored to serve the purpose it was created. 
Our magic value wasn't being used and were represented as a string.
Refactored it to a constant, increased it's size to 2 bytes and optimzed
is_symmetrically_encrypted to look for the magic and symmetrically
encrypted flag under base64 encoding. Most file types will use this
feature to help identifying themselves, so it got refactored to serve
the purpose it was created.
[feature] speed up sync benchmark setup code 2016-11-29T05:04:57+00:00 Victor Shyba victor1984@riseup.net 2016-11-29T05:04:57+00:00 91870566bbfc642d43e927ea714192b9962f7a7f We aren't testing huge payloads on CI, so it doesn't make sense to insert docs one by one. 'gatherResults' can speed up bench setup. 
We aren't testing huge payloads on CI, so it doesn't make sense to
insert docs one by one. 'gatherResults' can speed up bench setup.
[refactor] introduces a GenericWriter 2016-11-28T16:47:30+00:00 Victor Shyba victor1984@riseup.net 2016-11-27T05:25:07+00:00 aecd9f068300fdf31a096b24385e163636d187f6 AESWriter and HMACWriter are just applying hmac or aes into a flow of data. Abstracted the application of those operations into a super class and highlighted just the difference on each implementation. 
AESWriter and HMACWriter are just applying hmac or aes into a flow of
data. Abstracted the application of those operations into a super class
and highlighted just the difference on each implementation.
[refactor] simplify _crypto 2016-11-28T16:47:30+00:00 Victor Shyba victor1984@riseup.net 2016-11-27T00:26:23+00:00 2d82d01a95f6da0c3206bf5de083a3aa465eb084 After adding the streaming decrypt, some classes were doing almost the same thing. Unified them. Also fixed some module level variables to upper case and some class name to camel case. 
After adding the streaming decrypt, some classes were doing almost the
same thing. Unified them.
Also fixed some module level variables to upper case and some class name
to camel case.
[bug] make the semaphore cover all parsing 2016-11-28T16:47:30+00:00 Victor Shyba victor1984@riseup.net 2016-11-26T21:11:11+00:00 d374223c38862961c205139006639ed5b8878465 Unfortunately, if a doc finishes decryption before the previous one we will still have an issue while inserting. This commits solves it by adding the parse and decrypt inside of the semaphore. 
Unfortunately, if a doc finishes decryption before the previous one we
will still have an issue while inserting. This commits solves it by
adding the parse and decrypt inside of the semaphore.
[feature] make _crypto stream on decryption 2016-11-28T16:47:30+00:00 Victor Shyba victor1984@riseup.net 2016-11-26T21:09:26+00:00 7006b88db2a5f6bca5b401800d8e14821371216a We are already doing this on encryption, now we can stream also from decryption. This unblocks the reactor and will be valuable for blobs-io. 
We are already doing this on encryption, now we can stream also from
decryption. This unblocks the reactor and will be valuable for blobs-io.
[feature] delimit preamble from ciphertext 2016-11-28T16:47:30+00:00 Victor Shyba victor1984@riseup.net 2016-11-26T04:11:28+00:00 93815e28de5c8b1968cd9d3cf59800c9023983cf We now encode preamble and ciphertext+hmac in two distinct payloads separated by a space. This allows metadata to be extracted and used before decoding the whole document. It also introduces a single packer for packing and unpacking of data instead of reads and writes. Downside: doc_id and rev are limited to 255 chars now. 
We now encode preamble and ciphertext+hmac in two distinct payloads
separated by a space. This allows metadata to be extracted and used
before decoding the whole document.
It also introduces a single packer for packing and unpacking of data
instead of reads and writes. Downside: doc_id and rev are limited to 255
chars now.