diff options
Diffstat (limited to 'client/src/leap')
-rw-r--r-- | client/src/leap/soledad/client/_crypto.py | 83 |
1 files changed, 61 insertions, 22 deletions
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py index a235e246..163c9e4e 100644 --- a/client/src/leap/soledad/client/_crypto.py +++ b/client/src/leap/soledad/client/_crypto.py @@ -39,9 +39,6 @@ from twisted.internet import interfaces from twisted.logger import Logger from twisted.web.client import FileBodyProducer -from cryptography.exceptions import InvalidSignature -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.hmac import HMAC from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.backends.multibackend import MultiBackend from cryptography.hazmat.backends.openssl.backend \ @@ -133,8 +130,7 @@ class SoledadCrypto(object): del doc ciphertext.write(str(payload)) decryptor = BlobDecryptor(info, ciphertext, secret=self.secret) - buf = decryptor.decrypt() - return buf.getvalue() + return decryptor.decrypt() def encrypt_sym(data, key): @@ -291,29 +287,45 @@ class BlobDecryptor(object): def __init__(self, doc_info, ciphertext_fd, result=None, secret=None): + if not secret: + raise EncryptionDecryptionError('no secret given') + ciphertext_fd.seek(0) + self.doc_id = doc_info.doc_id self.rev = doc_info.rev - self.ciphertext = ciphertext_fd - self.sym_key = _get_sym_key_for_doc(doc_info.doc_id, secret) self.mac_key = _get_mac_key_for_doc(doc_info.doc_id, secret) + self._read_preamble(ciphertext_fd) + + self._producer = FileBodyProducer(self.ciphertext, readSize=2**16) + self._content_fd = self.ciphertext + self.result = result or BytesIO() - def decrypt(self): + self._aes_fd = BytesIO() + self._aes = AESDecryptor(self.sym_key, self.iv, self.result) + self._hmac = HMACWriter(self.mac_key) + self._hmac.write(self.preamble) + + self._decrypter = VerifiedDecrypter(self._aes, self._hmac) + + def _read_preamble(self, ciphertext): try: - preamble, ciphertext = _split(self.ciphertext.getvalue()) - hmac, ciphertext = ciphertext[-64:], ciphertext[:-64] + self.preamble, ciphertext = _split(ciphertext.getvalue()) + self.doc_hmac, self.ciphertext = ciphertext[-64:], ciphertext[:-64] except (TypeError, binascii.Error): raise InvalidBlob - self.ciphertext.close() - if len(preamble) != PACMAN.size: + self.ciphertext = BytesIO(self.ciphertext) + + if len(self.preamble) != PACMAN.size: raise InvalidBlob try: - unpacked_data = PACMAN.unpack(preamble) + unpacked_data = PACMAN.unpack(self.preamble) pad, ts, sch, meth, iv, doc_id, rev = unpacked_data + self.iv = iv except struct.error: raise InvalidBlob if pad != '\x80': @@ -329,18 +341,28 @@ class BlobDecryptor(object): if rev != self.rev: raise InvalidBlob('invalid revision') - h = HMAC(self.mac_key, hashes.SHA512(), backend=crypto_backend) - h.update(preamble) - h.update(ciphertext) - try: - h.verify(hmac) - except InvalidSignature: + def _check_hmac(self): + if self._hmac._hmac.digest() != self.doc_hmac: raise InvalidBlob('HMAC could not be verifed') - decryptor = _get_aes_ctr_cipher(self.sym_key, iv).decryptor() + def decrypt(self): + """ + Starts producing encrypted data from the cleartext data. + + :return: A deferred which will be fired when encryption ends and whose + callback will be invoked with the resulting ciphertext. + :rtype: twisted.internet.defer.Deferred + """ + d = self._producer.startProducing(self._decrypter) + d.addCallback(lambda _: self._check_hmac()) + d.addCallback(lambda _: self.result.getvalue()) + return d - # TODO pass chunks, streaming, instead - # Use AESDecryptor below + def decrypt_whole(self): + ciphertext = self.ciphertext.getvalue() + self.hmac_obj.update(ciphertext) + self._check_hmac() + decryptor = _get_aes_ctr_cipher(self.sym_key, self.iv).decryptor() self.result.write(decryptor.update(ciphertext)) self.result.write(decryptor.finalize()) @@ -412,6 +434,23 @@ class VerifiedEncrypter(object): self.hmac.write(enc_chunk) +class VerifiedDecrypter(object): + """ + A Twisted's Consumer implementation combining AESDecryptor and HMACWriter. + It directs the resulting ciphertext into HMAC-SHA512 processing, then + decrypt. + """ + implements(interfaces.IConsumer) + + def __init__(self, decrypter, hmac): + self.decrypter = decrypter + self.hmac = hmac + + def write(self, enc_chunk): + self.hmac.write(enc_chunk) + self.decrypter.write(enc_chunk) + + class AESDecryptor(object): """ A Twisted's Consumer implementation that consumes data encrypted with |