diff options
Diffstat (limited to 'client/src/leap/soledad/client/_crypto.py')
-rw-r--r-- | client/src/leap/soledad/client/_crypto.py | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py index cee4f0f4..1492c1ab 100644 --- a/client/src/leap/soledad/client/_crypto.py +++ b/client/src/leap/soledad/client/_crypto.py @@ -28,7 +28,6 @@ import struct import time from io import BytesIO -from cStringIO import StringIO from collections import namedtuple import six @@ -36,8 +35,6 @@ import six from twisted.internet import defer from twisted.internet import interfaces from twisted.logger import Logger -from twisted.persisted import dirdbm -from twisted.web import client from twisted.web.client import FileBodyProducer from cryptography.exceptions import InvalidSignature @@ -50,8 +47,6 @@ from cryptography.hazmat.backends.openssl.backend \ from zope.interface import implements -from leap.common.config import get_path_prefix - log = Logger() @@ -241,7 +236,6 @@ class BlobDecryptor(object): raise InvalidBlob self.ciphertext.close() - current_time = int(time.time()) if not data or six.indexbytes(data, 0) != 0x80: raise InvalidBlob try: @@ -259,7 +253,6 @@ class BlobDecryptor(object): iv = data[11:27] docidlen = len(self.doc_id) ciph_idx = 26 + docidlen - doc_id = data[26:ciph_idx] revlen = len(self.rev) rev_idx = ciph_idx + 1 + revlen rev = data[ciph_idx + 1:rev_idx] @@ -313,7 +306,7 @@ class AESEncryptor(object): def end(self): if not self.done: - final = self.encryptor.finalize() + self.fd.write(self.encryptor.finalize()) self.done = True @@ -354,7 +347,7 @@ class AESDecryptor(object): if iv is None: iv = os.urandom(16) if len(key) != 32: - raise EncryptionhDecryptionError('key is not 256 bits') + raise EncryptionDecryptionError('key is not 256 bits') if len(iv) != 16: raise EncryptionDecryptionError('iv is not 128 bits') @@ -380,9 +373,12 @@ class AESDecryptor(object): def is_symmetrically_encrypted(payload): - header = base64.urlsafe_b64decode(enc[:15] + '===') + if not payload or len(payload) < 24 \ + or not payload.startswith('{"raw": "'): + return False + header = base64.urlsafe_b64decode(payload[9:24] + '==') ts, sch, meth = struct.unpack('Qbb', header[1:11]) - return sch == ENC_SCHEME.symkey + return sch == ENC_SCHEME.symkey and meth == ENC_METHOD.aes_256_ctr # utils |