From 456e6911445dd255580ff023f12e1db3c6a91f7d Mon Sep 17 00:00:00 2001 From: Victor Shyba Date: Tue, 26 Jan 2016 16:05:20 -0300 Subject: [feat] use cryptography instead of pycryptopp cryptography comes from OpenSSL and Twisted dependencies, so it's already installed. This commit removes a compiled dependency, also possibly making it easier to use on Windows. --- client/changes/feat_use_cryptography | 1 + client/pkg/requirements.pip | 1 - client/src/leap/soledad/client/crypto.py | 15 +++++++++++---- 3 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 client/changes/feat_use_cryptography (limited to 'client') diff --git a/client/changes/feat_use_cryptography b/client/changes/feat_use_cryptography new file mode 100644 index 00000000..6e8fe3bf --- /dev/null +++ b/client/changes/feat_use_cryptography @@ -0,0 +1 @@ +o Use cryptography instead of pycryptopp. Stick with AES-CTR. diff --git a/client/pkg/requirements.pip b/client/pkg/requirements.pip index f29d5c74..2f658d76 100644 --- a/client/pkg/requirements.pip +++ b/client/pkg/requirements.pip @@ -1,7 +1,6 @@ pysqlcipher>2.6.3 u1db scrypt -pycryptopp cchardet zope.proxy twisted diff --git a/client/src/leap/soledad/client/crypto.py b/client/src/leap/soledad/client/crypto.py index 90ad656e..07a3eaab 100644 --- a/client/src/leap/soledad/client/crypto.py +++ b/client/src/leap/soledad/client/crypto.py @@ -24,7 +24,8 @@ import hashlib import json import logging -from pycryptopp.cipher.aes import AES +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.backends import default_backend from leap.soledad.common import soledad_assert from leap.soledad.common import soledad_assert_type @@ -56,7 +57,10 @@ def encrypt_sym(data, key): (len(key) * 8)) iv = os.urandom(16) - ciphertext = AES(key=key, iv=iv).process(data) + backend = default_backend() + cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend) + encryptor = cipher.encryptor() + ciphertext = encryptor.update(data) + encryptor.finalize() return binascii.b2a_base64(iv), ciphertext @@ -81,8 +85,11 @@ def decrypt_sym(data, key, iv): soledad_assert( len(key) == 32, # 32 x 8 = 256 bits. 'Wrong key size: %s (must be 256 bits long).' % len(key)) - return AES( - key=key, iv=binascii.a2b_base64(iv)).process(data) + backend = default_backend() + iv = binascii.a2b_base64(iv) + cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend) + decryptor = cipher.decryptor() + return decryptor.update(data) + decryptor.finalize() def doc_mac_key(doc_id, secret): -- cgit v1.2.3