summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2013-05-21 17:02:54 -0300
committerdrebs <drebs@leap.se>2013-05-21 17:43:22 -0300
commitb86442d9ae23b91e81bcfa2d82ed90638f849578 (patch)
tree05811108f78caf96c1ed52b15c10b429452f7ef5
parente048f0e7e6a56e289188b02e1205fbb025cb38a6 (diff)
Increase storage secret size and use half of it to get the local storage passphrase.
-rw-r--r--src/leap/soledad/__init__.py30
-rw-r--r--src/leap/soledad/crypto.py11
2 files changed, 31 insertions, 10 deletions
diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py
index 9824c5f6..ab8c03b4 100644
--- a/src/leap/soledad/__init__.py
+++ b/src/leap/soledad/__init__.py
@@ -136,9 +136,23 @@ class Soledad(object):
The name of the file where the storage secrets will be stored.
"""
- STORAGE_SECRET_LENGTH = 512
+ GENERATED_SECRET_LENGTH = 1024
"""
- The length of the secret used for symmetric encryption.
+ The length of the generated secret used to derive keys for symmetric
+ encryption for local and remote storage.
+ """
+
+ LOCAL_STORAGE_SECRET_LENGTH = 512
+ """
+ The length of the secret used to derive a passphrase for the SQLCipher
+ database.
+ """
+
+ REMOTE_STORAGE_SECRET_LENGTH = \
+ GENERATED_SECRET_LENGTH - LOCAL_STORAGE_SECRET_LENGTH
+ """
+ The length of the secret used to derive an encryption key and a MAC auth
+ key for remote storage.
"""
SALT_LENGTH = 64
@@ -302,11 +316,15 @@ class Soledad(object):
def _init_db(self):
"""
Initialize the U1DB SQLCipher database for local storage.
+
+ The local storage passphrase is hexlified version of the last
+ C{LOCAL_STORAGE_SECRET_LENGTH} bytes of the storage secret.
"""
self._db = sqlcipher.open(
self._local_db_path,
# storage secret is binary but sqlcipher passphrase must be string
- binascii.b2a_hex(self._get_storage_secret()),
+ binascii.b2a_hex(
+ self._get_storage_secret()[self.LOCAL_STORAGE_SECRET_LENGTH:]),
create=True,
document_factory=LeapDocument,
crypto=self._crypto)
@@ -350,7 +368,7 @@ class Soledad(object):
)
# recover the initial value and ciphertext
iv, ciphertext = self._secrets[self._secret_id][self.SECRET_KEY].split(
- self.IV_SEPARATOR, 1)
+ self.IV_SEPARATOR, 1)
iv = int(iv)
ciphertext = binascii.a2b_base64(ciphertext)
return self._crypto.decrypt_sym(ciphertext, key, iv=iv)
@@ -445,7 +463,7 @@ class Soledad(object):
"""
events.signal(events.events_pb2.SOLEDAD_CREATING_KEYS, self._uuid)
# generate random secret
- secret = os.urandom(self.STORAGE_SECRET_LENGTH)
+ secret = os.urandom(self.GENERATED_SECRET_LENGTH)
secret_id = sha256(secret).hexdigest()
# generate random salt
salt = os.urandom(self.SALT_LENGTH)
@@ -481,7 +499,7 @@ class Soledad(object):
'kdf_salt': '<salt>'
'kdf_length': <len>
'cipher': 'aes256',
- 'length': 512,
+ 'length': 1024,
'secret': '<encrypted storage_secret 1>',
}
}
diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py
index 0a459293..e020eee6 100644
--- a/src/leap/soledad/crypto.py
+++ b/src/leap/soledad/crypto.py
@@ -95,9 +95,10 @@ class SoledadCrypto(object):
Generate a passphrase for symmetric encryption of document's contents.
The password is derived using HMAC having sha256 as underlying hash
- function. The key used for HMAC is Soledad's storage secret stripped
- from the first MAC_KEY_LENGTH characters. The HMAC message is
- C{doc_id}.
+ function. The key used for HMAC are the first
+ C{soledad.REMOTE_STORAGE_SECRET_KENGTH} bytes of Soledad's storage
+ secret stripped from the first MAC_KEY_LENGTH characters. The HMAC
+ message is C{doc_id}.
@param doc_id: The id of the document that will be encrypted using
this passphrase.
@@ -111,7 +112,9 @@ class SoledadCrypto(object):
if self.secret is None:
raise NoSymmetricSecret()
return hmac.new(
- self.secret[self.MAC_KEY_LENGTH:],
+ self.secret[
+ self.MAC_KEY_LENGTH:
+ self._soledad.REMOTE_STORAGE_SECRET_LENGTH],
doc_id,
hashlib.sha256).digest()