summaryrefslogtreecommitdiff
path: root/client/src/leap/soledad
AgeCommit message (Collapse)Author
2017-04-04[refactor] refactor crypto api to better allow streamingKali Kaneko
Motivation is that I need to pass partial data to the decryptor, mainly.
2017-04-04first implementation of client blobsKali Kaneko
2017-03-31[feature] raise earlier when deleting NoneVictor Shyba
If an application tries to delete None, by accident, raising earlier would help to show the caller stack trace instead of inner sqlite backend stack and make the error more friendly. - Resolves: #8791
2017-03-23[feature] generate recovery codeAnike Arni
with @tayane
2017-03-17[refactor] Improve python3 compatibilityefkin
With this commit all tests on py34 tox environment are collected.
2017-03-13[docs] explain sync bypass due lack of tokenVictor Shyba
2017-03-13[feat] make database creation appear in logsdrebs
2017-03-13[bug] remove offline flagdrebs
The offline flag is not needed and rendered the soledad client prone to bugs because it would need to be toggled and that is succeptible to timing problems.
2017-03-13[bug] fix raising of invalid auth token errordrebs
2017-03-09[bug] secrets version defaults to v1Tulio Casagrande
2017-03-09[bug] add default version when decrypting secretsTulio Casagrande
Resolves: https://0xacab.org/leap/soledad/issues/8788
2017-03-02[bug] handle error onceVictor Shyba
Handle it only if self.deferred wasnt called yet, otherwise that's just an out-of-sync call from a scheduled deferred. Since it was already logged, it's ok to ignore.
2017-03-02[bug] fix shared database initializationdrebs
2017-02-25[bug] save client secret downloaded from remote storagedrebs
After refactor, the client secret bootstrap logic was flawed, and remote secret was not being saved properly. This commit fixed that and tries to improve the bootstrap code to make it more clear.
2017-02-25[bug] remove unused named tuple from client secretsdrebs
2017-02-25[refactor] improve secret bootstrap code and docdrebs
2017-02-25[doc] improve doc and rename EmitMixin to UserDataMixindrebs
2017-02-25[refactor] pass soledad object to client secrets apidrebs
In order to be able to change passphrase, token and offline status of soledad from the bitmask client api, the secrets api also has to be able to use up-to-date values when encrypting/decrypting secrets and uploading/downloading them to the server. This commit makes public some soledad attributes that were previously "private" (i.e. used to start with "_" and were not meant to be accessed from outside), and passes the whole soledad object to the client secrets api. This makes the code cleaner and also allows for always getting newest values of soledad attributes.
2017-02-23[refactor] remove syncable property from shared dbdrebs
2017-02-23[feature] add offline status to soledad client apidrebs
2017-02-23[feat] avoid client sync if no token is setdrebs
2017-02-23[refactor] use get_token in client secrets apidrebs
2017-02-23[refactor] add EmitMixin for a cleaner emitting experiencedrebs
2017-02-23[refactor] remove creds from client apidrebs
2017-02-16[style] add deprecation warning on legacy decoderVictor Shyba
2017-02-16[feature] add doc size to preambleVictor Shyba
That's necessary for blobs-io. Current code includes backwards compatibility branching and tests, which shall be removed on next releases.
2017-02-15[tests] add tests for preamble encodingVictor Shyba
2017-02-09[refactor] remove twisted session persistencedrebs
The need for token caching in server is a matter of debate, as is the ideal way to do it. Twisted sessions store the session id in a cookie and use that session id to persist. It is not clear if that implementation is needed, works with future features (as multiple soledad servers) or represents a security problem in some way. Because of these, this commit removes it for now. The feature is left in git history so we can bring it back later if needed.
2017-02-09[feat] use cookies in the client syncerdrebs
2017-02-09[doc] improve comment for client secrets file migration functiondrebs
2017-02-09[bug] several fixes for secrets refactordrebs
- store ENC_METHOD value instead of string in secrets file - allow for migration of not-activated secrets - allow migration of 'aes256' and ENC_METHOD secrets cipher
2017-02-09[bug] use derived key for local storagedrebs
2017-02-09[refactor] improve secrets generation and storage codedrebs
2016-12-12[feature] Change CTR to GCM on secrets.pyVictor Shyba
Current implementation can allow tampering and the CTR->GCM exchange can help to avoid it. This commits also alters a behaviour where we moved ahead after failing to decrypt a recovery document. IMHO we can't move ahead as this is a fatal error. Signed-off-by: Victor Shyba <victor1984@riseup.net>
2016-12-12[feature] Add retro compat on secrets.py ciphersVictor Shyba
Integrated the secrets's JSON key that specifies ciphers into _crypto and added optional GCM. Also added a test to check if both cipher types can be imported. Resolves: #8680 Signed-off-by: Victor Shyba <victor1984@riseup.net>
2016-12-12[feature] use GCM instead of CTR+HMACVictor Shyba
Resolves: #8668 - client: substitute usage of CTR mode + HMAC by GCM cipher mode Signed-off-by: Victor Shyba <victor1984@riseup.net>
2016-12-12[refactor] improve blob signature magic usageVictor Shyba
Our magic value wasn't being used and were represented as a string. Refactored it to a constant, increased it's size to 2 bytes and optimzed is_symmetrically_encrypted to look for the magic and symmetrically encrypted flag under base64 encoding. Most file types will use this feature to help identifying themselves, so it got refactored to serve the purpose it was created.
2016-12-12[style] fixes from code-reviewVictor Shyba
Naming, interfaces and other details.
2016-12-12[refactor] introduces a GenericWriterVictor Shyba
AESWriter and HMACWriter are just applying hmac or aes into a flow of data. Abstracted the application of those operations into a super class and highlighted just the difference on each implementation.
2016-12-12[refactor] adds PipeableWriter to pipe two streamsVictor Shyba
VerifiedEncryptor and VerifiedDecryptor are just a pipe and a fan-out. This class provides both behaviors to two distinct writeable things.
2016-12-12[refactor] simplify _cryptoVictor Shyba
After adding the streaming decrypt, some classes were doing almost the same thing. Unified them. Also fixed some module level variables to upper case and some class name to camel case.
2016-12-12[refactor] improve loggingVictor Shyba
Some exceptions were missing a proper description and client_side_db.py script wasn't capturing logs from Twisted.
2016-12-12[bug] make the semaphore cover all parsingVictor Shyba
Unfortunately, if a doc finishes decryption before the previous one we will still have an issue while inserting. This commits solves it by adding the parse and decrypt inside of the semaphore.
2016-12-12[feature] make _crypto stream on decryptionVictor Shyba
We are already doing this on encryption, now we can stream also from decryption. This unblocks the reactor and will be valuable for blobs-io.
2016-12-12[feature] delimit preamble from ciphertextVictor Shyba
We now encode preamble and ciphertext+hmac in two distinct payloads separated by a space. This allows metadata to be extracted and used before decoding the whole document. It also introduces a single packer for packing and unpacking of data instead of reads and writes. Downside: doc_id and rev are limited to 255 chars now.
2016-12-12[refactor] Hide IV, simplify some callsVictor Shyba
IV was being set during tests and this required some defensive coding to avoid IV being set in production. This commits makes the test use the generated IV and "hides" it using a read-only property to let it clear this should never happen. Also refactored out some parameters that are generated automatically to reduce some lines of code and enhance readability.
2016-12-12[docs] add docstrings for _cryptoVictor Shyba
Also explaining how we are using Twisted's consumer interfaces.
2016-12-12[refactor] remove dead parameters, improve commentsVictor Shyba
received docs makes no sense for a single request download, plus all its comments and docstrings. Also updated docstrings for other methods. The method that tests if sqlcipher is encrypted can return a db handle that can be used right away. If we ignore it and reopen we can end up with a lost open cursor.
2016-12-12[refactor] Remove dead codeVictor Shyba
Batching is now decided on server side, so the code can be simplified. Also, sync_db and other parameters were used to initialize encdecpool, which is no longer supported.
2016-12-12[bug] emit last sent doc eventVictor Shyba
Document sending happens after encryption, so the last sent document needs to be signalled after request end.