diff options
author | drebs <drebs@leap.se> | 2013-05-21 16:45:32 -0300 |
---|---|---|
committer | drebs <drebs@leap.se> | 2013-05-21 17:43:20 -0300 |
commit | 0f822e6b75e842bbc086cbcbdd096316533ca7ca (patch) | |
tree | c9cbb510acc357804eb99401064ded73fe93be79 /src/leap/soledad/crypto.py | |
parent | e9c65f1aab207ea663561946d2733d9741ca4733 (diff) |
Change symmetric encryption scheme to use AES256.
Diffstat (limited to 'src/leap/soledad/crypto.py')
-rw-r--r-- | src/leap/soledad/crypto.py | 64 |
1 files changed, 27 insertions, 37 deletions
diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py index d0e2c720..0a459293 100644 --- a/src/leap/soledad/crypto.py +++ b/src/leap/soledad/crypto.py @@ -25,7 +25,7 @@ import hmac import hashlib -from leap.common.keymanager import openpgp +from leap.common import crypto class NoSymmetricSecret(Exception): @@ -49,56 +49,46 @@ class SoledadCrypto(object): @type soledad: leap.soledad.Soledad """ self._soledad = soledad - self._pgp = openpgp.OpenPGPScheme(self._soledad) - def encrypt_sym(self, data, passphrase): + def encrypt_sym(self, data, key, + method=crypto.EncryptionMethods.AES_256_CTR): """ Encrypt C{data} using a {password}. - @param data: the data to be encrypted + Currently, the only encryption method supported is AES-256 CTR mode. + + @param data: The data to be encrypted. @type data: str - @param passphrase: the passphrase to use for encryption - @type passphrase: str + @param key: The key used to encrypt C{data} (must be 256 bits long). + @type key: str + @param method: The encryption method to use. + @type method: str - @return: the encrypted data - @rtype: str + @return: A tuple with the initial value and the encrypted data. + @rtype: (long, str) """ - return openpgp.encrypt_sym(data, passphrase) + return crypto.encrypt_sym(data, key, method) - def decrypt_sym(self, data, passphrase): + def decrypt_sym(self, data, key, + method=crypto.EncryptionMethods.AES_256_CTR, **kwargs): """ Decrypt data using symmetric secret. - @param data: the data to be decrypted - @type data: str - @param passphrase: the passphrase to use for decryption - @type passphrase: str - - @return: the decrypted data - @rtype: str - """ - return openpgp.decrypt_sym(data, passphrase) - - def is_encrypted(self, data): - """ - Test whether some chunk of data is a cyphertext. + Currently, the only encryption method supported is AES-256 CTR mode. - @param data: the data to be tested + @param data: The data to be decrypted. @type data: str - - @return: whether the data is a cyphertext - @rtype: bool - """ - return openpgp.is_encrypted(data) - - def is_encrypted_sym(self, data): - """ - Test whether some chunk of data was encrypted with a symmetric key. - - @return: whether data is encrypted to a symmetric key - @rtype: bool + @param key: The key used to decrypt C{data} (must be 256 bits long). + @type key: str + @param method: The encryption method to use. + @type method: str + @param kwargs: Other parameters specific to each encryption method. + @type kwargs: dict + + @return: The decrypted data. + @rtype: str """ - return openpgp.is_encrypted_sym(data) + return crypto.decrypt_sym(data, key, method, **kwargs) def doc_passphrase(self, doc_id): """ |