Age | Commit message (Collapse) | Author |
|
AES can generate base64 valid strings, making this test flaky. Try to
decrypt using armor=False instead.
|
|
|
|
|
|
|
|
This class implements a process flow between the ones defined at #8881
and #8874. It uses a LoopingCall to keep running in a loop and accepts
IIncomingBoxConsumers defined by soledad users, such as leap mail.
- Resolves: #8874
|
|
Refactor suggested from !105 review.
|
|
|
|
This move allows server to use it on #8868 as described in #8890
-- Relates: #8890
|
|
Extracted preamble code for making space to #8890 changes.
-- Related: #8890
|
|
This needs OpenSSL >= 1.1, otherwise it will keep using the scrypt
dependency.
We should think about deprecating scrypt as a dependency when we can be
sure that the adoption of libssl 1.1 is wide enough. I think that at
some point (soledad 0.11 or so) we can drop the scrypt dependency, which
was being somehow problematic at times (the _scrypt.so was not appearing
when installing with pip, needed workarounds). From that moment on, we
can raise an error if an old libssl is found and no scrypt can be
imported - leaving that to the user/packager.
In debian stretch and afterwards, you can get that version by installing
libssl-dev
- Related: #8472
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with @tayane
|
|
|
|
|
|
Resolves: https://0xacab.org/leap/soledad/issues/8788
|
|
In order to be able to change passphrase, token and offline status of
soledad from the bitmask client api, the secrets api also has to be able
to use up-to-date values when encrypting/decrypting secrets and
uploading/downloading them to the server. This commit makes public some
soledad attributes that were previously "private" (i.e. used to start
with "_" and were not meant to be accessed from outside), and passes the
whole soledad object to the client secrets api. This makes the code
cleaner and also allows for always getting newest values of soledad
attributes.
|
|
|
|
That's necessary for blobs-io. Current code includes backwards
compatibility branching and tests, which shall be removed on next
releases.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Current implementation can allow tampering and the CTR->GCM exchange can
help to avoid it.
This commits also alters a behaviour where we moved ahead after failing
to decrypt a recovery document. IMHO we can't move ahead as this is a
fatal error.
Signed-off-by: Victor Shyba <victor1984@riseup.net>
|
|
Integrated the secrets's JSON key that specifies ciphers into _crypto
and added optional GCM. Also added a test to check if both cipher types
can be imported.
Resolves: #8680
Signed-off-by: Victor Shyba <victor1984@riseup.net>
|
|
Resolves: #8668 - client: substitute usage of CTR mode + HMAC by GCM
cipher mode
Signed-off-by: Victor Shyba <victor1984@riseup.net>
|
|
Our magic value wasn't being used and were represented as a string.
Refactored it to a constant, increased it's size to 2 bytes and optimzed
is_symmetrically_encrypted to look for the magic and symmetrically
encrypted flag under base64 encoding. Most file types will use this
feature to help identifying themselves, so it got refactored to serve
the purpose it was created.
|
|
AESWriter and HMACWriter are just applying hmac or aes into a flow of
data. Abstracted the application of those operations into a super class
and highlighted just the difference on each implementation.
|
|
After adding the streaming decrypt, some classes were doing almost the
same thing. Unified them.
Also fixed some module level variables to upper case and some class name
to camel case.
|
|
We are already doing this on encryption, now we can stream also from
decryption. This unblocks the reactor and will be valuable for blobs-io.
|
|
We now encode preamble and ciphertext+hmac in two distinct payloads
separated by a space. This allows metadata to be extracted and used
before decoding the whole document.
It also introduces a single packer for packing and unpacking of data
instead of reads and writes. Downside: doc_id and rev are limited to 255
chars now.
|
|
IV was being set during tests and this required some defensive coding to
avoid IV being set in production. This commits makes the test use the
generated IV and "hides" it using a read-only property to let it clear
this should never happen.
Also refactored out some parameters that are generated automatically to
reduce some lines of code and enhance readability.
|
|
test_deprecated_crypto was using pytest, which unfortunately doesnt work
when mixed with trial. Migrated back.
Also added norecursedirs option back, as it is necessary for parallel
testing mode.
|
|
|
|
Fixes setup.cfg, adding current exclude rules, simplified tox.ini to use
setup.cfg and fixed all.
|
|
|
|
|
|
|
|
Tests that were imported from u1db or created on top of that structure
were leaving temporary directories behind. This could cause problems in
test servers, either by filling the partition or by extrapolating the
maximum amount of files in a directory.
This commit replaces all usages of temporary directories in the old test
structure by pytest tmpdir fixture, which properly cares for removing
temporary directories.
|
|
|
|
|
|
|