summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-02-09[doc] improve comment for client secrets file migration functiondrebs
2017-02-09[test] move client secrets tests to its own filedrebs
2017-02-09[bug] several fixes for secrets refactordrebs
- store ENC_METHOD value instead of string in secrets file - allow for migration of not-activated secrets - allow migration of 'aes256' and ENC_METHOD secrets cipher
2017-02-09[bug] Fix import for load_configuration on migration scriptThais Siqueira
Related with https://leap.se/code/issues/8742
2017-02-09[test] fix test after secrets refactordrebs
2017-02-09[bug] use derived key for local storagedrebs
2017-02-09[refactor] improve secrets generation and storage codedrebs
2016-12-22Merge tag '0.9.2'drebs
Tag version 0.9.2 # gpg: Signature made Thu 22 Dec 2016 05:33:30 PM BRST # gpg: using RSA key 0x6071E70DCACC60B2 # gpg: Good signature from "drebs (work key) <db@leap.se>" [ultimate] # gpg: aka "drebs (work key) <drebs@leap.se>" [ultimate] # Impressão da chave primária: 9F73 295B 6306 E06F 3151 99AE 6071 E70D CACC 60B2
2016-12-22[pkg] update changelog for 0.9.20.9.2release/0.9.xdrebs
2016-12-19[test] remove benchmark from ci pipelinedrebs
2016-12-17[test] add couchdb tag for testsdrebs
2016-12-17[pkg] use a twisted resource as server entrypointdrebs
2016-12-12[test] configure baremetal gitlab ci runnerdrebs
2016-12-12[feature] Change CTR to GCM on secrets.pyVictor Shyba
Current implementation can allow tampering and the CTR->GCM exchange can help to avoid it. This commits also alters a behaviour where we moved ahead after failing to decrypt a recovery document. IMHO we can't move ahead as this is a fatal error. Signed-off-by: Victor Shyba <victor1984@riseup.net>
2016-12-12[feature] Add retro compat on secrets.py ciphersVictor Shyba
Integrated the secrets's JSON key that specifies ciphers into _crypto and added optional GCM. Also added a test to check if both cipher types can be imported. Resolves: #8680 Signed-off-by: Victor Shyba <victor1984@riseup.net>
2016-12-12[feature] use GCM instead of CTR+HMACVictor Shyba
Resolves: #8668 - client: substitute usage of CTR mode + HMAC by GCM cipher mode Signed-off-by: Victor Shyba <victor1984@riseup.net>
2016-12-12[refactor] improve blob signature magic usageVictor Shyba
Our magic value wasn't being used and were represented as a string. Refactored it to a constant, increased it's size to 2 bytes and optimzed is_symmetrically_encrypted to look for the magic and symmetrically encrypted flag under base64 encoding. Most file types will use this feature to help identifying themselves, so it got refactored to serve the purpose it was created.
2016-12-12[bug] enable batching againVictor Shyba
Something happened during rebase. This configuration is supposed to be True by default now.
2016-12-12[style] fixes from code-reviewVictor Shyba
Naming, interfaces and other details.
2016-12-12[feature] speed up sync benchmark setup codeVictor Shyba
We aren't testing huge payloads on CI, so it doesn't make sense to insert docs one by one. 'gatherResults' can speed up bench setup.
2016-12-12[refactor] introduces a GenericWriterVictor Shyba
AESWriter and HMACWriter are just applying hmac or aes into a flow of data. Abstracted the application of those operations into a super class and highlighted just the difference on each implementation.
2016-12-12[refactor] adds PipeableWriter to pipe two streamsVictor Shyba
VerifiedEncryptor and VerifiedDecryptor are just a pipe and a fan-out. This class provides both behaviors to two distinct writeable things.
2016-12-12[refactor] simplify _cryptoVictor Shyba
After adding the streaming decrypt, some classes were doing almost the same thing. Unified them. Also fixed some module level variables to upper case and some class name to camel case.
2016-12-12[refactor] improve loggingVictor Shyba
Some exceptions were missing a proper description and client_side_db.py script wasn't capturing logs from Twisted.
2016-12-12[bug] make the semaphore cover all parsingVictor Shyba
Unfortunately, if a doc finishes decryption before the previous one we will still have an issue while inserting. This commits solves it by adding the parse and decrypt inside of the semaphore.
2016-12-12[feature] make _crypto stream on decryptionVictor Shyba
We are already doing this on encryption, now we can stream also from decryption. This unblocks the reactor and will be valuable for blobs-io.
2016-12-12[feature] delimit preamble from ciphertextVictor Shyba
We now encode preamble and ciphertext+hmac in two distinct payloads separated by a space. This allows metadata to be extracted and used before decoding the whole document. It also introduces a single packer for packing and unpacking of data instead of reads and writes. Downside: doc_id and rev are limited to 255 chars now.
2016-12-12[refactor] Hide IV, simplify some callsVictor Shyba
IV was being set during tests and this required some defensive coding to avoid IV being set in production. This commits makes the test use the generated IV and "hides" it using a read-only property to let it clear this should never happen. Also refactored out some parameters that are generated automatically to reduce some lines of code and enhance readability.
2016-12-12[docs] add docstrings for _cryptoVictor Shyba
Also explaining how we are using Twisted's consumer interfaces.
2016-12-12[refactor] separate server application into another filedrebs
2016-12-12[refactor] remove dead parameters, improve commentsVictor Shyba
received docs makes no sense for a single request download, plus all its comments and docstrings. Also updated docstrings for other methods. The method that tests if sqlcipher is encrypted can return a db handle that can be used right away. If we ignore it and reopen we can end up with a lost open cursor.
2016-12-12[refactor] Remove dead codeVictor Shyba
Batching is now decided on server side, so the code can be simplified. Also, sync_db and other parameters were used to initialize encdecpool, which is no longer supported.
2016-12-12[bug] emit last sent doc eventVictor Shyba
Document sending happens after encryption, so the last sent document needs to be signalled after request end.
2016-12-12[tests] fixes test_crypto benchVictor Shyba
encrypt returns a deferred and needs the adapted benchmark runner.
2016-12-12[tests] use options instead of marksVictor Shyba
When we use marks the new pytests from benchmarks folder are collected and ignored, but this causes trial to fail sometimes. Using --ignore avoids it from being loaded while --benchmark-only will properly select the benchmarks for tox, as intended.
2016-12-12[bug] fix upload progressVictor Shyba
We need to emit zmq status during doc prepare, which is called during upload.
2016-12-12[tests] migrate pytest to trialVictor Shyba
test_deprecated_crypto was using pytest, which unfortunately doesnt work when mixed with trial. Migrated back. Also added norecursedirs option back, as it is necessary for parallel testing mode.
2016-12-12[test] rename benchmark tests directory and tagdrebs
2016-12-12[test] add test for deprecated crypto format updatedrebs
2016-12-12[test] move fixtures one level updrebs
2016-12-12[test] use tags for selecting benchmark testsdrebs
2016-12-12[test] remove unneeded setting of environment variablesdrebs
2016-12-12[style] fix pep8 and confsVictor Shyba
Fixes setup.cfg, adding current exclude rules, simplified tox.ini to use setup.cfg and fixed all.
2016-12-12[bug] include_deleted=True on syncVictor Shyba
Also refactored tests and code to stop relying on old parameters which included docs instead of get_doc calls.
2016-12-12[refactor] better naming for producer callingVictor Shyba
Giving the proper name to the function and arguments helps to make the producer wizardry less magic.
2016-12-12[pkg] add six and cryptographyVictor Shyba
Those are already present, but we are using the ones coming from our dependencies. Explicit is better than implicit.
2016-12-12[tests] remove test_sync_deferredVictor Shyba
Deferred encryption option is gone.
2016-12-12[style] explicit unlimited request sizeVictor Shyba
Request size on a stream can't be measured upfront and a limit doesn't make much sense. The real limit is user's Quota, to be implemented.
2016-12-12[style] improve comments for sync.pyVictor Shyba
2016-12-12[refactor] simplify content as a new lineVictor Shyba
Code was complex and raised a flag during review.