[bug] use derived key for local storage

3 files changed, 32 insertions, 14 deletions

diff --git a/client/src/leap/soledad/client/_secrets/__init__.py b/client/src/leap/soledad/client/_secrets/__init__.py
index f9da8423..42fe5a2d 100644
--- a/client/src/leap/soledad/client/_secrets/__init__.py
+++ b/client/src/leap/soledad/client/_secrets/__init__.py
@@ -16,6 +16,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 import os
+import scrypt
 
 from collections import namedtuple
 
@@ -34,10 +35,12 @@ SecretLength = namedtuple('SecretLength', 'name length')
 
 class Secrets(object):
 
+    # remote secret is used
+
     lengths = {
-        'remote': 512,
-        'salt': 64,
-        'local': 448,
+        'remote_secret': 512,  # remote_secret is used to encrypt remote data.
+        'local_salt': 64,      # local_salt is used in conjunction with
+        'local_secret': 448,   # local_secret to derive a local_key for storage
     }
 
     def __init__(self, uuid, passphrase, url, local_path, creds, userid,
@@ -119,14 +122,29 @@ class Secrets(object):
         self.storage.save_local(encrypted)
         self.storage.save_remote(encrypted)
 
+    #
+    # secrets
+    #
+
+    @property
+    def remote_secret(self):
+        return self._secrets.get('remote_secret')
+
     @property
-    def remote(self):
-        return self._secrets.get('remote')
+    def local_salt(self):
+        return self._secrets.get('local_salt')
 
     @property
-    def salt(self):
-        return self._secrets.get('salt')
+    def local_secret(self):
+        return self._secrets.get('local_secret')
 
     @property
-    def local(self):
-        return self._secrets.get('local')
+    def local_key(self):
+        # local storage key is scrypt-derived from `local_secret` and
+        # `local_salt` above
+        secret = scrypt.hash(
+            password=self.local_secret,
+            salt=self.local_salt,
+            buflen=32,  # we need a key with 256 bits (32 bytes)
+        )
+        return secret
diff --git a/client/src/leap/soledad/client/_secrets/crypto.py b/client/src/leap/soledad/client/_secrets/crypto.py
index 76e80222..88f32507 100644
--- a/client/src/leap/soledad/client/_secrets/crypto.py
+++ b/client/src/leap/soledad/client/_secrets/crypto.py
@@ -92,9 +92,9 @@ class SecretsCrypto(object):
         plaintext = self._decrypt(
             key, iv, ciphertext, encrypted, ENC_METHOD.aes_256_ctr)
         secrets = {
-            'remote': plaintext[0:512],
-            'salt': plaintext[512:576],
-            'local': plaintext[576:1024],
+            'remote_secret': plaintext[0:512],
+            'local_salt': plaintext[512:576],
+            'local_secret': plaintext[576:1024],
         }
         return secrets
 
diff --git a/client/src/leap/soledad/client/api.py b/client/src/leap/soledad/client/api.py
index 2e1d1cd3..54cbcd9d 100644
--- a/client/src/leap/soledad/client/api.py
+++ b/client/src/leap/soledad/client/api.py
@@ -196,7 +196,7 @@ class Soledad(object):
 
         self._init_secrets(shared_db=shared_db)
 
-        self._crypto = SoledadCrypto(self._secrets.remote)
+        self._crypto = SoledadCrypto(self._secrets.remote_secret)
 
         try:
             # initialize database access, trap any problems so we can shutdown
@@ -268,7 +268,7 @@ class Soledad(object):
         """
         tohex = binascii.b2a_hex
         # sqlcipher only accepts the hex version
-        key = tohex(self._secrets.local)
+        key = tohex(self._secrets.local_key)
 
         opts = sqlcipher.SQLCipherOptions(
             self._local_db_path, key,