1 files changed, 16 insertions, 29 deletions

diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py
index 4a59159c..109cf299 100644
--- a/client/src/leap/soledad/client/_crypto.py
+++ b/client/src/leap/soledad/client/_crypto.py
@@ -146,12 +146,11 @@ def encrypt_sym(data, key):
         encoded as base64.
     :rtype: (str, str)
     """
-    iv = os.urandom(16)
-    encryptor = AESEncryptor(key, iv)
+    encryptor = AESEncryptor(key)
     encryptor.write(data)
     encryptor.end()
     ciphertext = encryptor.fd.getvalue()
-    return base64.b64encode(iv), ciphertext
+    return base64.b64encode(encryptor.iv), ciphertext
 
 
 def decrypt_sym(data, key, iv):
@@ -188,13 +187,7 @@ class BlobEncryptor(object):
     Both the production input and output are file descriptors, so they can be
     applied to a stream of data.
     """
-    def __init__(self, doc_info, content_fd, result=None, secret=None,
-                 iv=None):
-        if iv is None:
-            iv = os.urandom(16)
-        else:
-            log.warn('Using a fixed IV. Use only for testing!')
-        self.iv = iv
+    def __init__(self, doc_info, content_fd, result=None, secret=None):
         if not secret:
             raise EncryptionDecryptionError('no secret given')
 
@@ -206,20 +199,22 @@ class BlobEncryptor(object):
         self._content_fd = content_fd
 
         self._preamble = BytesIO()
-        if result is None:
-            result = BytesIO()
-        self.result = result
+        self.result = result or BytesIO()
 
         sym_key = _get_sym_key_for_doc(doc_info.doc_id, secret)
         mac_key = _get_mac_key_for_doc(doc_info.doc_id, secret)
 
         self._aes_fd = BytesIO()
-        self._aes = AESEncryptor(sym_key, self.iv, self._aes_fd)
+        self._aes = AESEncryptor(sym_key, self._aes_fd)
         self._hmac = HMACWriter(mac_key)
         self._write_preamble()
 
         self._crypter = VerifiedEncrypter(self._aes, self._hmac)
 
+    @property
+    def iv(self):
+        return self._aes.iv
+
     def encrypt(self):
         """
         Starts producing encrypted data from the cleartext data.
@@ -298,9 +293,7 @@ class BlobDecryptor(object):
         self.sym_key = _get_sym_key_for_doc(doc_info.doc_id, secret)
         self.mac_key = _get_mac_key_for_doc(doc_info.doc_id, secret)
 
-        if result is None:
-            result = BytesIO()
-        self.result = result
+        self.result = result or BytesIO()
 
     def decrypt(self):
         try:
@@ -360,18 +353,15 @@ class AESEncryptor(object):
     """
     implements(interfaces.IConsumer)
 
-    def __init__(self, key, iv, fd=None):
+    def __init__(self, key, fd=None):
         if len(key) != 32:
             raise EncryptionDecryptionError('key is not 256 bits')
-        if len(iv) != 16:
-            raise EncryptionDecryptionError('iv is not 128 bits')
+        self.iv = os.urandom(16)
 
-        cipher = _get_aes_ctr_cipher(key, iv)
+        cipher = _get_aes_ctr_cipher(key, self.iv)
         self.encryptor = cipher.encryptor()
 
-        if fd is None:
-            fd = BytesIO()
-        self.fd = fd
+        self.fd = fd or BytesIO()
 
         self.done = False
 
@@ -429,8 +419,7 @@ class AESDecryptor(object):
     implements(interfaces.IConsumer)
 
     def __init__(self, key, iv, fd=None):
-        if iv is None:
-            iv = os.urandom(16)
+        iv = iv or os.urandom(16)
         if len(key) != 32:
             raise EncryptionDecryptionError('key is not 256 bits')
         if len(iv) != 16:
@@ -439,9 +428,7 @@ class AESDecryptor(object):
         cipher = _get_aes_ctr_cipher(key, iv)
         self.decryptor = cipher.decryptor()
 
-        if fd is None:
-            fd = BytesIO()
-        self.fd = fd
+        self.fd = fd or BytesIO()
         self.done = False
         self.deferred = defer.Deferred()