summaryrefslogtreecommitdiff
path: root/client/src/leap
diff options
context:
space:
mode:
Diffstat (limited to 'client/src/leap')
-rw-r--r--client/src/leap/soledad/client/_crypto.py35
-rw-r--r--client/src/leap/soledad/client/http_target/send.py2
-rw-r--r--client/src/leap/soledad/client/secrets.py6
3 files changed, 24 insertions, 19 deletions
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py
index 2a523144..deba5590 100644
--- a/client/src/leap/soledad/client/_crypto.py
+++ b/client/src/leap/soledad/client/_crypto.py
@@ -35,7 +35,6 @@ import six
from twisted.internet import defer
from twisted.internet import interfaces
-from twisted.internet import reactor
from twisted.logger import Logger
from twisted.persisted import dirdbm
from twisted.web import client
@@ -88,7 +87,8 @@ class SoledadCrypto(object):
def encrypt_doc(self, doc):
def put_raw(blob):
- return '{"raw": "' + blob.getvalue() + '"}'
+ raw = blob.getvalue()
+ return '{"raw": "' + raw + '"}'
content = BytesIO()
content.write(str(doc.get_json()))
@@ -105,9 +105,9 @@ class SoledadCrypto(object):
payload = doc.content['raw']
del doc
ciphertext.write(str(payload))
- ciphertext.seek(0)
decryptor = BlobDecryptor(info, ciphertext, secret=self.secret)
- return decryptor.decrypt()
+ buf = decryptor.decrypt()
+ return buf.getvalue()
def encrypt_sym(data, key):
@@ -116,11 +116,11 @@ def encrypt_sym(data, key):
encryptor.write(data)
encryptor.end()
ciphertext = encryptor.fd.getvalue()
- return base64.urlsafe_b64encode(iv), ciphertext
+ return base64.b64encode(iv), ciphertext
def decrypt_sym(data, key, iv):
- _iv = base64.urlsafe_b64decode(iv)
+ _iv = base64.b64decode(str(iv))
decryptor = AESDecryptor(key, _iv)
decryptor.write(data)
decryptor.end()
@@ -136,7 +136,6 @@ class BlobEncryptor(object):
"""
def __init__(self, doc_info, content_fd, result=None, secret=None, iv=None):
-
if iv is None:
iv = os.urandom(16)
else:
@@ -148,7 +147,9 @@ class BlobEncryptor(object):
self.doc_id = doc_info.doc_id
self.rev = doc_info.rev
+ content_fd.seek(0)
self._producer = FileBodyProducer(content_fd, readSize=2**16)
+ self._content_fd = content_fd
self._preamble = BytesIO()
if result is None:
@@ -170,6 +171,11 @@ class BlobEncryptor(object):
d.addCallback(self._end_crypto_stream)
return d
+ def encrypt_whole(self):
+ self._crypter.write(self._content_fd.getvalue())
+ self._end_crypto_stream(None)
+ return '{"raw":"' + self.result.getvalue() + '"}'
+
def _write_preamble(self):
def write(data):
@@ -191,6 +197,7 @@ class BlobEncryptor(object):
def _end_crypto_stream(self, ignored):
self._aes.end()
self._hmac.end()
+ self._content_fd.close()
preamble = self._preamble.getvalue()
encrypted = self._aes_fd.getvalue()
@@ -274,6 +281,7 @@ class BlobDecryptor(object):
# TODO pass chunks, streaming, instead
# Use AESDecryptor below
+
self.result.write(decryptor.update(ciphertext))
self.result.write(decryptor.finalize())
return self.result
@@ -296,6 +304,7 @@ class AESEncryptor(object):
fd = BytesIO()
self.fd = fd
+
self.done = False
def write(self, data):
@@ -373,6 +382,12 @@ class AESDecryptor(object):
self.done = True
+def is_symmetrically_encrypted(payload):
+ header = base64.urlsafe_b64decode(enc[:15] + '===')
+ ts, sch, meth = struct.unpack('Qbb', header[1:11])
+ return sch == ENC_SCHEME.symkey
+
+
# utils
@@ -392,9 +407,3 @@ def _get_sym_key_for_doc(doc_id, secret):
def _get_aes_ctr_cipher(key, iv):
return Cipher(algorithms.AES(key), modes.CTR(iv), backend=crypto_backend)
-
-
-def is_symmetrically_encrypted(payload):
- header = base64.urlsafe_b64decode(enc[:15] + '===')
- ts, sch, meth = struct.unpack('Qbb', header[1:11])
- return sch == ENC_SCHEME.symkey
diff --git a/client/src/leap/soledad/client/http_target/send.py b/client/src/leap/soledad/client/http_target/send.py
index 6f5893b1..e562a128 100644
--- a/client/src/leap/soledad/client/http_target/send.py
+++ b/client/src/leap/soledad/client/http_target/send.py
@@ -112,7 +112,7 @@ class HTTPDocSender(object):
# TODO -- for blobs, should stream the doc raw content
# TODO -- get rid of this json encoding
content = yield self._crypto.encrypt_doc(doc)
- defer.returnValue((doc, content.getvalue()))
+ defer.returnValue((doc, content))
def _emit_send_status(user_data, idx, total):
diff --git a/client/src/leap/soledad/client/secrets.py b/client/src/leap/soledad/client/secrets.py
index 8543df01..21c4f291 100644
--- a/client/src/leap/soledad/client/secrets.py
+++ b/client/src/leap/soledad/client/secrets.py
@@ -266,11 +266,7 @@ class SoledadSecrets(object):
# read storage secrets from file
content = None
with open(self._secrets_path, 'r') as f:
- raw = f.read()
- raw = raw.replace('\n', '')
- content = json.loads(raw)
-
- print "LOADING", content
+ content = json.loads(f.read())
_, active_secret, version = self._import_recovery_document(content)
self._maybe_set_active_secret(active_secret)