diff options
author | Victor Shyba <victor1984@riseup.net> | 2016-11-30 00:07:24 -0300 |
---|---|---|
committer | drebs <drebs@leap.se> | 2016-12-12 09:17:51 -0200 |
commit | 694e5670da53e923cf809948e400cd546154162b (patch) | |
tree | 1e81c5f098e00e806377564b5ffd449f0f4e66ca /client/src | |
parent | 5a1827f87dafbf64cfd39dd26e1923a456f05d44 (diff) |
[refactor] improve blob signature magic usage
Our magic value wasn't being used and were represented as a string.
Refactored it to a constant, increased it's size to 2 bytes and optimzed
is_symmetrically_encrypted to look for the magic and symmetrically
encrypted flag under base64 encoding. Most file types will use this
feature to help identifying themselves, so it got refactored to serve
the purpose it was created.
Diffstat (limited to 'client/src')
-rw-r--r-- | client/src/leap/soledad/client/_crypto.py | 36 | ||||
-rw-r--r-- | client/src/leap/soledad/client/http_target/fetch.py | 2 |
2 files changed, 14 insertions, 24 deletions
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py index 574e2b6e..b1c6b059 100644 --- a/client/src/leap/soledad/client/_crypto.py +++ b/client/src/leap/soledad/client/_crypto.py @@ -32,8 +32,6 @@ from io import BytesIO from itertools import imap from collections import namedtuple -import six - from twisted.internet import defer from twisted.internet import interfaces from twisted.web.client import FileBodyProducer @@ -50,7 +48,8 @@ MAC_KEY_LENGTH = 64 CRYPTO_BACKEND = MultiBackend([OpenSSLBackend()]) -PACMAN = struct.Struct('cQbb16s255p255p') +PACMAN = struct.Struct('2sbbQ16s255p255p') +BLOB_SIGNATURE_MAGIC = '\x13\x37' ENC_SCHEME = namedtuple('SCHEME', 'symkey')(1) @@ -226,10 +225,10 @@ class BlobEncryptor(object): current_time = int(time.time()) write(PACMAN.pack( - '\x80', - current_time, + BLOB_SIGNATURE_MAGIC, ENC_SCHEME.symkey, ENC_METHOD.aes_256_ctr, + current_time, self.iv, str(self.doc_id), str(self.rev))) @@ -292,11 +291,11 @@ class BlobDecryptor(object): try: unpacked_data = PACMAN.unpack(preamble) - magic, ts, sch, meth, iv, doc_id, rev = unpacked_data + magic, sch, meth, ts, iv, doc_id, rev = unpacked_data except struct.error: raise InvalidBlob - if magic != '\x80': + if magic != BLOB_SIGNATURE_MAGIC: raise InvalidBlob # TODO check timestamp if sch != ENC_SCHEME.symkey: @@ -405,27 +404,18 @@ class VerifiedAESWriter(object): return self.aes_writer.end(), self.hmac_writer.end() -def is_symmetrically_encrypted(doc): +def is_symmetrically_encrypted(content): """ - Return True if the document was symmetrically encrypted. + Returns True if the document was symmetrically encrypted. + 'EzcB' is the base64 encoding of \x13\x37 magic number and 1 (symmetrically + encrypted value for enc_scheme flag). - :param doc: The document to check. - :type doc: SoledadDocument + :param doc: The document content as string + :type doc: str :rtype: bool """ - payload = doc.content - if not payload or 'raw' not in payload: - return False - payload = str(payload['raw']) - if len(payload) < PACMAN.size: - return False - payload = _split(payload).next() - if six.indexbytes(payload, 0) != 0x80: - return False - unpacked = PACMAN.unpack(payload) - ts, sch, meth = unpacked[1:4] - return sch == ENC_SCHEME.symkey and meth == ENC_METHOD.aes_256_ctr + return content and content[:13] == '{"raw": "EzcB' # utils diff --git a/client/src/leap/soledad/client/http_target/fetch.py b/client/src/leap/soledad/client/http_target/fetch.py index df07a96a..8676ceed 100644 --- a/client/src/leap/soledad/client/http_target/fetch.py +++ b/client/src/leap/soledad/client/http_target/fetch.py @@ -114,7 +114,7 @@ class HTTPDocFetcher(object): @defer.inlineCallbacks def __atomic_doc_parse(self, doc_info, content, total): doc = SoledadDocument(doc_info['id'], doc_info['rev'], content) - if is_symmetrically_encrypted(doc): + if is_symmetrically_encrypted(content): content = yield self._crypto.decrypt_doc(doc) elif old_crypto.is_symmetrically_encrypted(doc): content = self._deprecated_crypto.decrypt_doc(doc) |