diff options
Diffstat (limited to 'client/src/leap/soledad/client/_crypto.py')
-rw-r--r-- | client/src/leap/soledad/client/_crypto.py | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py index 61a190c7..a2de0ae1 100644 --- a/client/src/leap/soledad/client/_crypto.py +++ b/client/src/leap/soledad/client/_crypto.py @@ -77,6 +77,31 @@ class InvalidBlob(Exception): pass +docinfo = namedtuple('docinfo', 'doc_id rev') + + +class SoledadCrypto(object): + + def __init__(self, secret): + self.secret = secret + + def encrypt_doc(self, doc): + content = BytesIO() + content.write(str(doc.get_json())) + info = docinfo(doc.doc_id, doc.rev) + del doc + encryptor = BlobEncryptor(info, content, secret=self.secret) + return encryptor.encrypt() + + def decrypt_doc(self, doc): + info = docinfo(doc.doc_id, doc.rev) + ciphertext = BytesIO() + ciphertext.write(doc.get_json()) + ciphertext.seek(0) + del doc + decryptor = BlobDecryptor(info, ciphertext, secret=self.secret) + return decryptor.decrypt() + class BlobEncryptor(object): @@ -134,8 +159,8 @@ class BlobEncryptor(object): ENC_SCHEME.symkey, ENC_METHOD.aes_256_ctr)) write(self.iv) - write(self.doc_id) - write(self.rev) + write(str(self.doc_id)) + write(str(self.rev)) def _end_crypto_stream(self, ignored): self._aes.end() @@ -177,7 +202,6 @@ class BlobDecryptor(object): self.result = result def decrypt(self): - try: data = base64.urlsafe_b64decode(self.ciphertext.getvalue()) except (TypeError, binascii.Error): @@ -341,3 +365,9 @@ def _get_sym_key_for_doc(doc_id, secret): def _get_aes_ctr_cipher(key, iv): return Cipher(algorithms.AES(key), modes.CTR(iv), backend=crypto_backend) + + +def is_symmetrically_encrypted(payload): + header = base64.urlsafe_b64decode(enc[:15] + '===') + ts, sch, meth = struct.unpack('Qbb', header[1:11]) + return sch == ENC_SCHEME.symkey |