diff options
author | drebs <drebs@leap.se> | 2017-02-25 09:42:38 -0300 |
---|---|---|
committer | drebs <drebs@leap.se> | 2017-02-25 09:42:38 -0300 |
commit | a0029b3c7beb8682c8aa3691a5d67003168c3e07 (patch) | |
tree | e44580010559cbffb123f5dc74171ffef9e49466 /client | |
parent | 425bfe42ca3758cfa4cda4589ebb42530313850b (diff) |
[refactor] improve secret bootstrap code and doc
Diffstat (limited to 'client')
-rw-r--r-- | client/src/leap/soledad/client/_secrets/__init__.py | 50 |
1 files changed, 22 insertions, 28 deletions
diff --git a/client/src/leap/soledad/client/_secrets/__init__.py b/client/src/leap/soledad/client/_secrets/__init__.py index 79b6844a..f8da792d 100644 --- a/client/src/leap/soledad/client/_secrets/__init__.py +++ b/client/src/leap/soledad/client/_secrets/__init__.py @@ -55,33 +55,29 @@ class Secrets(UserDataMixin): # def _bootstrap(self): - force_storage = False - # attempt to load secrets from local storage encrypted = self.storage.load_local() - # if not found, attempt to load secrets from remote storage if not encrypted: + # we have not found a secret stored locally, so this is a first run + # of soledad for this user in this device. It is mandatory that we + # check if there's a secret stored in server. encrypted = self.storage.load_remote() - if not encrypted: - # if not found, generate new secrets - secrets = self._generate() - encrypted = self.crypto.encrypt(secrets) - force_storage = True + if encrypted: + # we found a secret either in local or in remote storage, so we + # have to decrypt it. + self._secrets = self.crypto.decrypt(encrypted) + if encrypted['version'] < self.crypto.VERSION: + # there is a format version for secret storage that is newer + # than the one we found (either in local or remote storage), so + # we re-encrypt and store with the newest version. + self.store_secrets() else: - # decrypt secrets found either in local or remote storage - secrets = self.crypto.decrypt(encrypted) - - self._secrets = secrets - - if encrypted['version'] < self.crypto.VERSION or force_storage: - # TODO: what should we do if it's the first run and remote save - # fails? - # TODO: we have to actually update the encrypted version before - # saving, we are currently not doing it. - self.storage.save_local(encrypted) - self.storage.save_remote(encrypted) + # we have *not* found a secret neither in local nor in remote + # storage, so we have to generate a new one, and store it. + self._secrets = self._generate() + self.store_secrets() # # generation @@ -101,15 +97,13 @@ class Secrets(UserDataMixin): # crypto # - def _encrypt(self): - # encrypt secrets - secrets = self._secrets - encrypted = self.crypto.encrypt(secrets) - # create the recovery document - data = {'secret': encrypted, 'version': 2} - return data - def store_secrets(self): + # TODO: we have to improve the logic here, as we want to make sure that + # whatever is stored locally should only be used after remote storage + # is successful. Otherwise, this soledad could start encrypting with a + # secret while another soledad in another device could start encrypting + # with another secret, which would lead to decryption failures during + # sync. encrypted = self.crypto.encrypt(self._secrets) self.storage.save_local(encrypted) self.storage.save_remote(encrypted) |