From b86442d9ae23b91e81bcfa2d82ed90638f849578 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 21 May 2013 17:02:54 -0300 Subject: Increase storage secret size and use half of it to get the local storage passphrase. --- src/leap/soledad/__init__.py | 30 ++++++++++++++++++++++++------ src/leap/soledad/crypto.py | 11 +++++++---- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py index 9824c5f6..ab8c03b4 100644 --- a/src/leap/soledad/__init__.py +++ b/src/leap/soledad/__init__.py @@ -136,9 +136,23 @@ class Soledad(object): The name of the file where the storage secrets will be stored. """ - STORAGE_SECRET_LENGTH = 512 + GENERATED_SECRET_LENGTH = 1024 """ - The length of the secret used for symmetric encryption. + The length of the generated secret used to derive keys for symmetric + encryption for local and remote storage. + """ + + LOCAL_STORAGE_SECRET_LENGTH = 512 + """ + The length of the secret used to derive a passphrase for the SQLCipher + database. + """ + + REMOTE_STORAGE_SECRET_LENGTH = \ + GENERATED_SECRET_LENGTH - LOCAL_STORAGE_SECRET_LENGTH + """ + The length of the secret used to derive an encryption key and a MAC auth + key for remote storage. """ SALT_LENGTH = 64 @@ -302,11 +316,15 @@ class Soledad(object): def _init_db(self): """ Initialize the U1DB SQLCipher database for local storage. + + The local storage passphrase is hexlified version of the last + C{LOCAL_STORAGE_SECRET_LENGTH} bytes of the storage secret. """ self._db = sqlcipher.open( self._local_db_path, # storage secret is binary but sqlcipher passphrase must be string - binascii.b2a_hex(self._get_storage_secret()), + binascii.b2a_hex( + self._get_storage_secret()[self.LOCAL_STORAGE_SECRET_LENGTH:]), create=True, document_factory=LeapDocument, crypto=self._crypto) @@ -350,7 +368,7 @@ class Soledad(object): ) # recover the initial value and ciphertext iv, ciphertext = self._secrets[self._secret_id][self.SECRET_KEY].split( - self.IV_SEPARATOR, 1) + self.IV_SEPARATOR, 1) iv = int(iv) ciphertext = binascii.a2b_base64(ciphertext) return self._crypto.decrypt_sym(ciphertext, key, iv=iv) @@ -445,7 +463,7 @@ class Soledad(object): """ events.signal(events.events_pb2.SOLEDAD_CREATING_KEYS, self._uuid) # generate random secret - secret = os.urandom(self.STORAGE_SECRET_LENGTH) + secret = os.urandom(self.GENERATED_SECRET_LENGTH) secret_id = sha256(secret).hexdigest() # generate random salt salt = os.urandom(self.SALT_LENGTH) @@ -481,7 +499,7 @@ class Soledad(object): 'kdf_salt': '' 'kdf_length': 'cipher': 'aes256', - 'length': 512, + 'length': 1024, 'secret': '', } } diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py index 0a459293..e020eee6 100644 --- a/src/leap/soledad/crypto.py +++ b/src/leap/soledad/crypto.py @@ -95,9 +95,10 @@ class SoledadCrypto(object): Generate a passphrase for symmetric encryption of document's contents. The password is derived using HMAC having sha256 as underlying hash - function. The key used for HMAC is Soledad's storage secret stripped - from the first MAC_KEY_LENGTH characters. The HMAC message is - C{doc_id}. + function. The key used for HMAC are the first + C{soledad.REMOTE_STORAGE_SECRET_KENGTH} bytes of Soledad's storage + secret stripped from the first MAC_KEY_LENGTH characters. The HMAC + message is C{doc_id}. @param doc_id: The id of the document that will be encrypted using this passphrase. @@ -111,7 +112,9 @@ class SoledadCrypto(object): if self.secret is None: raise NoSymmetricSecret() return hmac.new( - self.secret[self.MAC_KEY_LENGTH:], + self.secret[ + self.MAC_KEY_LENGTH: + self._soledad.REMOTE_STORAGE_SECRET_LENGTH], doc_id, hashlib.sha256).digest() -- cgit v1.2.3