diff options
| author | Kali Kaneko <kali@leap.se> | 2017-02-22 02:43:34 +0100 |
|---|---|---|
| committer | drebs <drebs@leap.se> | 2017-04-04 18:27:31 +0200 |
| commit | dc2b2d688827a6d6020d3aec45fac89b2b55c859 (patch) | |
| tree | ce2edc5162f0b714b1a5c8417edf25c851a77340 /client/src/leap | |
| parent | fc7b99dab54ed59f0465f77f17b61486d4323fd0 (diff) | |
[feature] enable simple obfuscation of blob size in preamble
use a powers of two ceiling for the reported size in the preamble.
for this to be effective against a passive adversary, cover traffic
should be used in the uploads too.
This is just a first-stop measure; proper research should be done to
determine a good tradeoff between avoiding information leakage and
saving some storage and bandwidth..
- Documentation: #8759
- Related: #8759
Diffstat (limited to 'client/src/leap')
| -rw-r--r-- | client/src/leap/soledad/client/_blobs.py | 2 | ||||
| -rw-r--r-- | client/src/leap/soledad/client/_crypto.py | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py index 426de56c..4581af60 100644 --- a/client/src/leap/soledad/client/_blobs.py +++ b/client/src/leap/soledad/client/_blobs.py @@ -44,6 +44,8 @@ Ideally, the decrypting flow goes like this: - Allocate a zeroblob in the sqlcipher sink - Mark the blob as unusable (ie, not verified) - Decrypt the payload incrementally, and write chunks to sqlcipher + ** Is it possible to use a small buffer for the aes writer w/o + ** allocating all the memory in openssl? - Finalize the AES decryption - If preamble + payload verifies correctly, mark the blob as usable diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py index 8fc5154c..f72571c2 100644 --- a/client/src/leap/soledad/client/_crypto.py +++ b/client/src/leap/soledad/client/_crypto.py @@ -210,9 +210,11 @@ class BlobEncryptor(object): """ Produces encrypted data from the cleartext data associated with a given SoledadDocument using AES-256 cipher in GCM mode. + The production happens using a Twisted's FileBodyProducer, which uses a Cooperator to schedule calls and can be paused/resumed. Each call takes at most 65536 bytes from the input. + Both the production input and output are file descriptors, so they can be applied to a stream of data. """ @@ -226,7 +228,7 @@ class BlobEncryptor(object): self._content_fd = content_fd content_fd.seek(0, os.SEEK_END) - self._content_size = content_fd.tell() + self._content_size = _ceiling(content_fd.tell()) content_fd.seek(0) self._producer = FileBodyProducer(content_fd, readSize=2**16) @@ -547,6 +549,7 @@ def _ceiling(size): """ Some simplistic ceiling scheme that uses powers of 2. We report everything below 4096 bytes as that minimum threshold. + See #8759 for research pending for less simplistic/aggresive strategies. """ for i in xrange(12, 31): step = 2**i |