summaryrefslogtreecommitdiff
path: root/client/src/leap
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2017-02-22 02:43:34 +0100
committerdrebs <drebs@leap.se>2017-04-04 18:27:31 +0200
commitdc2b2d688827a6d6020d3aec45fac89b2b55c859 (patch)
treece2edc5162f0b714b1a5c8417edf25c851a77340 /client/src/leap
parentfc7b99dab54ed59f0465f77f17b61486d4323fd0 (diff)
[feature] enable simple obfuscation of blob size in preamble
use a powers of two ceiling for the reported size in the preamble. for this to be effective against a passive adversary, cover traffic should be used in the uploads too. This is just a first-stop measure; proper research should be done to determine a good tradeoff between avoiding information leakage and saving some storage and bandwidth.. - Documentation: #8759 - Related: #8759
Diffstat (limited to 'client/src/leap')
-rw-r--r--client/src/leap/soledad/client/_blobs.py2
-rw-r--r--client/src/leap/soledad/client/_crypto.py5
2 files changed, 6 insertions, 1 deletions
diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py
index 426de56c..4581af60 100644
--- a/client/src/leap/soledad/client/_blobs.py
+++ b/client/src/leap/soledad/client/_blobs.py
@@ -44,6 +44,8 @@ Ideally, the decrypting flow goes like this:
- Allocate a zeroblob in the sqlcipher sink
- Mark the blob as unusable (ie, not verified)
- Decrypt the payload incrementally, and write chunks to sqlcipher
+ ** Is it possible to use a small buffer for the aes writer w/o
+ ** allocating all the memory in openssl?
- Finalize the AES decryption
- If preamble + payload verifies correctly, mark the blob as usable
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py
index 8fc5154c..f72571c2 100644
--- a/client/src/leap/soledad/client/_crypto.py
+++ b/client/src/leap/soledad/client/_crypto.py
@@ -210,9 +210,11 @@ class BlobEncryptor(object):
"""
Produces encrypted data from the cleartext data associated with a given
SoledadDocument using AES-256 cipher in GCM mode.
+
The production happens using a Twisted's FileBodyProducer, which uses a
Cooperator to schedule calls and can be paused/resumed. Each call takes at
most 65536 bytes from the input.
+
Both the production input and output are file descriptors, so they can be
applied to a stream of data.
"""
@@ -226,7 +228,7 @@ class BlobEncryptor(object):
self._content_fd = content_fd
content_fd.seek(0, os.SEEK_END)
- self._content_size = content_fd.tell()
+ self._content_size = _ceiling(content_fd.tell())
content_fd.seek(0)
self._producer = FileBodyProducer(content_fd, readSize=2**16)
@@ -547,6 +549,7 @@ def _ceiling(size):
"""
Some simplistic ceiling scheme that uses powers of 2.
We report everything below 4096 bytes as that minimum threshold.
+ See #8759 for research pending for less simplistic/aggresive strategies.
"""
for i in xrange(12, 31):
step = 2**i