summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2013-06-09 15:17:51 -0300
committerdrebs <drebs@leap.se>2013-08-14 08:14:54 -0300
commit26d5b4f30aff0bb3435b516cde8d188c0af334e2 (patch)
tree4ba24bbb14fa3f4f220d0e0f39372a8aeeb8c9ac
parent03b25515137012043121399f3b8e155b80403621 (diff)
Use pycryptopp for symmetric encryption.
-rw-r--r--changes/feature_use-pycryptopp-for-symmetric-encryption1
-rw-r--r--soledad/setup.py4
-rw-r--r--soledad/src/leap/soledad/crypto.py15
-rw-r--r--soledad/src/leap/soledad/target.py2
4 files changed, 10 insertions, 12 deletions
diff --git a/changes/feature_use-pycryptopp-for-symmetric-encryption b/changes/feature_use-pycryptopp-for-symmetric-encryption
new file mode 100644
index 00000000..1f28db97
--- /dev/null
+++ b/changes/feature_use-pycryptopp-for-symmetric-encryption
@@ -0,0 +1 @@
+ o Use pycryptopp for symmetric encryption.
diff --git a/soledad/setup.py b/soledad/setup.py
index f2291662..6da976a9 100644
--- a/soledad/setup.py
+++ b/soledad/setup.py
@@ -32,8 +32,7 @@ install_requirements = [
'six==1.1.0',
'scrypt',
'pyxdg',
- 'pycrypto',
- 'pyOpenSSL',
+ 'pycryptopp',
]
@@ -43,6 +42,7 @@ tests_requirements = [
'testscenarios',
'leap.common',
'leap.soledad_server',
+ 'pyOpenSSL',
]
diff --git a/soledad/src/leap/soledad/crypto.py b/soledad/src/leap/soledad/crypto.py
index bfad66d1..6187b1ab 100644
--- a/soledad/src/leap/soledad/crypto.py
+++ b/soledad/src/leap/soledad/crypto.py
@@ -27,8 +27,7 @@ import hmac
import hashlib
-from Crypto.Cipher import AES
-from Crypto.Util import Counter
+from pycryptopp.cipher.aes import AES
from leap.soledad import (
@@ -99,10 +98,9 @@ class SoledadCrypto(object):
len(key) == 32, # 32 x 8 = 256 bits.
'Wrong key size: %s bits (must be 256 bits long).' %
(len(key) * 8))
- iv = os.urandom(8)
- ctr = Counter.new(64, prefix=iv)
- cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr)
- return binascii.b2a_base64(iv), cipher.encrypt(data)
+ iv = os.urandom(16)
+ ciphertext = AES(key=key, iv=iv).process(data)
+ return binascii.b2a_base64(iv), ciphertext
# raise if method is unknown
raise UnknownEncryptionMethod('Unkwnown method: %s' % method)
@@ -137,9 +135,8 @@ class SoledadCrypto(object):
soledad_assert(
'iv' in kwargs,
'AES-256-CTR needs an initial value.')
- ctr = Counter.new(64, prefix=binascii.a2b_base64(kwargs['iv']))
- cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr)
- return cipher.decrypt(data)
+ return AES(
+ key=key, iv=binascii.a2b_base64(kwargs['iv'])).process(data)
# raise if method is unknown
raise UnknownEncryptionMethod('Unkwnown method: %s' % method)
diff --git a/soledad/src/leap/soledad/target.py b/soledad/src/leap/soledad/target.py
index 9fac9f54..cad51b74 100644
--- a/soledad/src/leap/soledad/target.py
+++ b/soledad/src/leap/soledad/target.py
@@ -168,7 +168,7 @@ def encrypt_doc(crypto, doc):
soledad_assert(doc.is_tombstone() is False)
# encrypt content using AES-256 CTR mode
iv, ciphertext = crypto.encrypt_sym(
- doc.get_json(),
+ str(doc.get_json()), # encryption/decryption routines expect str
crypto.doc_passphrase(doc.doc_id),
method=EncryptionMethods.AES_256_CTR)
# Return a representation for the encrypted content. In the following, we