diff options
| -rw-r--r-- | changes/feature_use-pycryptopp-for-symmetric-encryption | 1 | ||||
| -rw-r--r-- | soledad/setup.py | 4 | ||||
| -rw-r--r-- | soledad/src/leap/soledad/crypto.py | 15 | ||||
| -rw-r--r-- | soledad/src/leap/soledad/target.py | 2 |
4 files changed, 10 insertions, 12 deletions
diff --git a/changes/feature_use-pycryptopp-for-symmetric-encryption b/changes/feature_use-pycryptopp-for-symmetric-encryption new file mode 100644 index 00000000..1f28db97 --- /dev/null +++ b/changes/feature_use-pycryptopp-for-symmetric-encryption @@ -0,0 +1 @@ + o Use pycryptopp for symmetric encryption. diff --git a/soledad/setup.py b/soledad/setup.py index f2291662..6da976a9 100644 --- a/soledad/setup.py +++ b/soledad/setup.py @@ -32,8 +32,7 @@ install_requirements = [ 'six==1.1.0', 'scrypt', 'pyxdg', - 'pycrypto', - 'pyOpenSSL', + 'pycryptopp', ] @@ -43,6 +42,7 @@ tests_requirements = [ 'testscenarios', 'leap.common', 'leap.soledad_server', + 'pyOpenSSL', ] diff --git a/soledad/src/leap/soledad/crypto.py b/soledad/src/leap/soledad/crypto.py index bfad66d1..6187b1ab 100644 --- a/soledad/src/leap/soledad/crypto.py +++ b/soledad/src/leap/soledad/crypto.py @@ -27,8 +27,7 @@ import hmac import hashlib -from Crypto.Cipher import AES -from Crypto.Util import Counter +from pycryptopp.cipher.aes import AES from leap.soledad import ( @@ -99,10 +98,9 @@ class SoledadCrypto(object): len(key) == 32, # 32 x 8 = 256 bits. 'Wrong key size: %s bits (must be 256 bits long).' % (len(key) * 8)) - iv = os.urandom(8) - ctr = Counter.new(64, prefix=iv) - cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr) - return binascii.b2a_base64(iv), cipher.encrypt(data) + iv = os.urandom(16) + ciphertext = AES(key=key, iv=iv).process(data) + return binascii.b2a_base64(iv), ciphertext # raise if method is unknown raise UnknownEncryptionMethod('Unkwnown method: %s' % method) @@ -137,9 +135,8 @@ class SoledadCrypto(object): soledad_assert( 'iv' in kwargs, 'AES-256-CTR needs an initial value.') - ctr = Counter.new(64, prefix=binascii.a2b_base64(kwargs['iv'])) - cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr) - return cipher.decrypt(data) + return AES( + key=key, iv=binascii.a2b_base64(kwargs['iv'])).process(data) # raise if method is unknown raise UnknownEncryptionMethod('Unkwnown method: %s' % method) diff --git a/soledad/src/leap/soledad/target.py b/soledad/src/leap/soledad/target.py index 9fac9f54..cad51b74 100644 --- a/soledad/src/leap/soledad/target.py +++ b/soledad/src/leap/soledad/target.py @@ -168,7 +168,7 @@ def encrypt_doc(crypto, doc): soledad_assert(doc.is_tombstone() is False) # encrypt content using AES-256 CTR mode iv, ciphertext = crypto.encrypt_sym( - doc.get_json(), + str(doc.get_json()), # encryption/decryption routines expect str crypto.doc_passphrase(doc.doc_id), method=EncryptionMethods.AES_256_CTR) # Return a representation for the encrypted content. In the following, we |