diff options
Diffstat (limited to 'client')
-rw-r--r-- | client/pkg/requirements.pip | 1 | ||||
-rw-r--r-- | client/src/leap/soledad/client/_crypto.py | 36 | ||||
-rw-r--r-- | client/src/leap/soledad/client/http_target/fetch.py | 2 |
3 files changed, 14 insertions, 25 deletions
diff --git a/client/pkg/requirements.pip b/client/pkg/requirements.pip index a18fe124..24b168b4 100644 --- a/client/pkg/requirements.pip +++ b/client/pkg/requirements.pip @@ -2,5 +2,4 @@ pysqlcipher>2.6.3 scrypt zope.proxy twisted -six cryptography diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py index 574e2b6e..b1c6b059 100644 --- a/client/src/leap/soledad/client/_crypto.py +++ b/client/src/leap/soledad/client/_crypto.py @@ -32,8 +32,6 @@ from io import BytesIO from itertools import imap from collections import namedtuple -import six - from twisted.internet import defer from twisted.internet import interfaces from twisted.web.client import FileBodyProducer @@ -50,7 +48,8 @@ MAC_KEY_LENGTH = 64 CRYPTO_BACKEND = MultiBackend([OpenSSLBackend()]) -PACMAN = struct.Struct('cQbb16s255p255p') +PACMAN = struct.Struct('2sbbQ16s255p255p') +BLOB_SIGNATURE_MAGIC = '\x13\x37' ENC_SCHEME = namedtuple('SCHEME', 'symkey')(1) @@ -226,10 +225,10 @@ class BlobEncryptor(object): current_time = int(time.time()) write(PACMAN.pack( - '\x80', - current_time, + BLOB_SIGNATURE_MAGIC, ENC_SCHEME.symkey, ENC_METHOD.aes_256_ctr, + current_time, self.iv, str(self.doc_id), str(self.rev))) @@ -292,11 +291,11 @@ class BlobDecryptor(object): try: unpacked_data = PACMAN.unpack(preamble) - magic, ts, sch, meth, iv, doc_id, rev = unpacked_data + magic, sch, meth, ts, iv, doc_id, rev = unpacked_data except struct.error: raise InvalidBlob - if magic != '\x80': + if magic != BLOB_SIGNATURE_MAGIC: raise InvalidBlob # TODO check timestamp if sch != ENC_SCHEME.symkey: @@ -405,27 +404,18 @@ class VerifiedAESWriter(object): return self.aes_writer.end(), self.hmac_writer.end() -def is_symmetrically_encrypted(doc): +def is_symmetrically_encrypted(content): """ - Return True if the document was symmetrically encrypted. + Returns True if the document was symmetrically encrypted. + 'EzcB' is the base64 encoding of \x13\x37 magic number and 1 (symmetrically + encrypted value for enc_scheme flag). - :param doc: The document to check. - :type doc: SoledadDocument + :param doc: The document content as string + :type doc: str :rtype: bool """ - payload = doc.content - if not payload or 'raw' not in payload: - return False - payload = str(payload['raw']) - if len(payload) < PACMAN.size: - return False - payload = _split(payload).next() - if six.indexbytes(payload, 0) != 0x80: - return False - unpacked = PACMAN.unpack(payload) - ts, sch, meth = unpacked[1:4] - return sch == ENC_SCHEME.symkey and meth == ENC_METHOD.aes_256_ctr + return content and content[:13] == '{"raw": "EzcB' # utils diff --git a/client/src/leap/soledad/client/http_target/fetch.py b/client/src/leap/soledad/client/http_target/fetch.py index df07a96a..8676ceed 100644 --- a/client/src/leap/soledad/client/http_target/fetch.py +++ b/client/src/leap/soledad/client/http_target/fetch.py @@ -114,7 +114,7 @@ class HTTPDocFetcher(object): @defer.inlineCallbacks def __atomic_doc_parse(self, doc_info, content, total): doc = SoledadDocument(doc_info['id'], doc_info['rev'], content) - if is_symmetrically_encrypted(doc): + if is_symmetrically_encrypted(content): content = yield self._crypto.decrypt_doc(doc) elif old_crypto.is_symmetrically_encrypted(doc): content = self._deprecated_crypto.decrypt_doc(doc) |