From dc2b2d688827a6d6020d3aec45fac89b2b55c859 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 22 Feb 2017 02:43:34 +0100 Subject: [feature] enable simple obfuscation of blob size in preamble use a powers of two ceiling for the reported size in the preamble. for this to be effective against a passive adversary, cover traffic should be used in the uploads too. This is just a first-stop measure; proper research should be done to determine a good tradeoff between avoiding information leakage and saving some storage and bandwidth.. - Documentation: #8759 - Related: #8759 --- client/src/leap/soledad/client/_blobs.py | 2 ++ client/src/leap/soledad/client/_crypto.py | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'client/src/leap') diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py index 426de56c..4581af60 100644 --- a/client/src/leap/soledad/client/_blobs.py +++ b/client/src/leap/soledad/client/_blobs.py @@ -44,6 +44,8 @@ Ideally, the decrypting flow goes like this: - Allocate a zeroblob in the sqlcipher sink - Mark the blob as unusable (ie, not verified) - Decrypt the payload incrementally, and write chunks to sqlcipher + ** Is it possible to use a small buffer for the aes writer w/o + ** allocating all the memory in openssl? - Finalize the AES decryption - If preamble + payload verifies correctly, mark the blob as usable diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py index 8fc5154c..f72571c2 100644 --- a/client/src/leap/soledad/client/_crypto.py +++ b/client/src/leap/soledad/client/_crypto.py @@ -210,9 +210,11 @@ class BlobEncryptor(object): """ Produces encrypted data from the cleartext data associated with a given SoledadDocument using AES-256 cipher in GCM mode. + The production happens using a Twisted's FileBodyProducer, which uses a Cooperator to schedule calls and can be paused/resumed. Each call takes at most 65536 bytes from the input. + Both the production input and output are file descriptors, so they can be applied to a stream of data. """ @@ -226,7 +228,7 @@ class BlobEncryptor(object): self._content_fd = content_fd content_fd.seek(0, os.SEEK_END) - self._content_size = content_fd.tell() + self._content_size = _ceiling(content_fd.tell()) content_fd.seek(0) self._producer = FileBodyProducer(content_fd, readSize=2**16) @@ -547,6 +549,7 @@ def _ceiling(size): """ Some simplistic ceiling scheme that uses powers of 2. We report everything below 4096 bytes as that minimum threshold. + See #8759 for research pending for less simplistic/aggresive strategies. """ for i in xrange(12, 31): step = 2**i -- cgit v1.2.3