diff options
| author | Victor Shyba <victor.shyba@gmail.com> | 2016-01-26 16:05:20 -0300 |
|---|---|---|
| committer | Victor Shyba <victor.shyba@gmail.com> | 2016-01-26 16:05:20 -0300 |
| commit | 456e6911445dd255580ff023f12e1db3c6a91f7d (patch) | |
| tree | ea96d18942861e9258dc251f5e5b1b9d7cd30b8f | |
| parent | 402099735333fb27707224fb90ba1b485b380b29 (diff) | |
[feat] use cryptography instead of pycryptopp
cryptography comes from OpenSSL and Twisted dependencies, so it's
already installed.
This commit removes a compiled dependency, also possibly making it
easier to use on Windows.
| -rw-r--r-- | client/changes/feat_use_cryptography | 1 | ||||
| -rw-r--r-- | client/pkg/requirements.pip | 1 | ||||
| -rw-r--r-- | client/src/leap/soledad/client/crypto.py | 15 |
3 files changed, 12 insertions, 5 deletions
diff --git a/client/changes/feat_use_cryptography b/client/changes/feat_use_cryptography new file mode 100644 index 00000000..6e8fe3bf --- /dev/null +++ b/client/changes/feat_use_cryptography @@ -0,0 +1 @@ +o Use cryptography instead of pycryptopp. Stick with AES-CTR. diff --git a/client/pkg/requirements.pip b/client/pkg/requirements.pip index f29d5c74..2f658d76 100644 --- a/client/pkg/requirements.pip +++ b/client/pkg/requirements.pip @@ -1,7 +1,6 @@ pysqlcipher>2.6.3 u1db scrypt -pycryptopp cchardet zope.proxy twisted diff --git a/client/src/leap/soledad/client/crypto.py b/client/src/leap/soledad/client/crypto.py index 90ad656e..07a3eaab 100644 --- a/client/src/leap/soledad/client/crypto.py +++ b/client/src/leap/soledad/client/crypto.py @@ -24,7 +24,8 @@ import hashlib import json import logging -from pycryptopp.cipher.aes import AES +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.backends import default_backend from leap.soledad.common import soledad_assert from leap.soledad.common import soledad_assert_type @@ -56,7 +57,10 @@ def encrypt_sym(data, key): (len(key) * 8)) iv = os.urandom(16) - ciphertext = AES(key=key, iv=iv).process(data) + backend = default_backend() + cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend) + encryptor = cipher.encryptor() + ciphertext = encryptor.update(data) + encryptor.finalize() return binascii.b2a_base64(iv), ciphertext @@ -81,8 +85,11 @@ def decrypt_sym(data, key, iv): soledad_assert( len(key) == 32, # 32 x 8 = 256 bits. 'Wrong key size: %s (must be 256 bits long).' % len(key)) - return AES( - key=key, iv=binascii.a2b_base64(iv)).process(data) + backend = default_backend() + iv = binascii.a2b_base64(iv) + cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend) + decryptor = cipher.decryptor() + return decryptor.update(data) + decryptor.finalize() def doc_mac_key(doc_id, secret): |