summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--client/changes/feat_use_cryptography1
-rw-r--r--client/pkg/requirements.pip1
-rw-r--r--client/src/leap/soledad/client/crypto.py15
3 files changed, 12 insertions, 5 deletions
diff --git a/client/changes/feat_use_cryptography b/client/changes/feat_use_cryptography
new file mode 100644
index 00000000..6e8fe3bf
--- /dev/null
+++ b/client/changes/feat_use_cryptography
@@ -0,0 +1 @@
+o Use cryptography instead of pycryptopp. Stick with AES-CTR.
diff --git a/client/pkg/requirements.pip b/client/pkg/requirements.pip
index f29d5c74..2f658d76 100644
--- a/client/pkg/requirements.pip
+++ b/client/pkg/requirements.pip
@@ -1,7 +1,6 @@
pysqlcipher>2.6.3
u1db
scrypt
-pycryptopp
cchardet
zope.proxy
twisted
diff --git a/client/src/leap/soledad/client/crypto.py b/client/src/leap/soledad/client/crypto.py
index 90ad656e..07a3eaab 100644
--- a/client/src/leap/soledad/client/crypto.py
+++ b/client/src/leap/soledad/client/crypto.py
@@ -24,7 +24,8 @@ import hashlib
import json
import logging
-from pycryptopp.cipher.aes import AES
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.backends import default_backend
from leap.soledad.common import soledad_assert
from leap.soledad.common import soledad_assert_type
@@ -56,7 +57,10 @@ def encrypt_sym(data, key):
(len(key) * 8))
iv = os.urandom(16)
- ciphertext = AES(key=key, iv=iv).process(data)
+ backend = default_backend()
+ cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend)
+ encryptor = cipher.encryptor()
+ ciphertext = encryptor.update(data) + encryptor.finalize()
return binascii.b2a_base64(iv), ciphertext
@@ -81,8 +85,11 @@ def decrypt_sym(data, key, iv):
soledad_assert(
len(key) == 32, # 32 x 8 = 256 bits.
'Wrong key size: %s (must be 256 bits long).' % len(key))
- return AES(
- key=key, iv=binascii.a2b_base64(iv)).process(data)
+ backend = default_backend()
+ iv = binascii.a2b_base64(iv)
+ cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend)
+ decryptor = cipher.decryptor()
+ return decryptor.update(data) + decryptor.finalize()
def doc_mac_key(doc_id, secret):