From dc2b2d688827a6d6020d3aec45fac89b2b55c859 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Wed, 22 Feb 2017 02:43:34 +0100
Subject: [feature] enable simple obfuscation of blob size in preamble

use a powers of two ceiling for the reported size in the preamble.
for this to be effective against a passive adversary, cover traffic
should be used in the uploads too.

This is just a first-stop measure; proper research should be done to
determine a good tradeoff between avoiding information leakage and
saving some storage and bandwidth..

- Documentation: #8759
- Related: #8759
---
 client/src/leap/soledad/client/_blobs.py  | 2 ++
 client/src/leap/soledad/client/_crypto.py | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'client/src')

diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py
index 426de56c..4581af60 100644
--- a/client/src/leap/soledad/client/_blobs.py
+++ b/client/src/leap/soledad/client/_blobs.py
@@ -44,6 +44,8 @@ Ideally, the decrypting flow goes like this:
 - Allocate a zeroblob in the sqlcipher sink
 - Mark the blob as unusable (ie, not verified)
 - Decrypt the payload incrementally, and write chunks to sqlcipher
+  ** Is it possible to use a small buffer for the aes writer w/o 
+  ** allocating all the memory in openssl?
 - Finalize the AES decryption
 - If preamble + payload verifies correctly, mark the blob as usable
 
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py
index 8fc5154c..f72571c2 100644
--- a/client/src/leap/soledad/client/_crypto.py
+++ b/client/src/leap/soledad/client/_crypto.py
@@ -210,9 +210,11 @@ class BlobEncryptor(object):
     """
     Produces encrypted data from the cleartext data associated with a given
     SoledadDocument using AES-256 cipher in GCM mode.
+
     The production happens using a Twisted's FileBodyProducer, which uses a
     Cooperator to schedule calls and can be paused/resumed. Each call takes at
     most 65536 bytes from the input.
+
     Both the production input and output are file descriptors, so they can be
     applied to a stream of data.
     """
@@ -226,7 +228,7 @@ class BlobEncryptor(object):
 
         self._content_fd = content_fd
         content_fd.seek(0, os.SEEK_END)
-        self._content_size = content_fd.tell()
+        self._content_size = _ceiling(content_fd.tell())
         content_fd.seek(0)
         self._producer = FileBodyProducer(content_fd, readSize=2**16)
 
@@ -547,6 +549,7 @@ def _ceiling(size):
     """
     Some simplistic ceiling scheme that uses powers of 2.
     We report everything below 4096 bytes as that minimum threshold.
+    See #8759 for research pending for less simplistic/aggresive strategies.
     """
     for i in xrange(12, 31):
         step = 2**i
-- 
cgit v1.2.3