From 3462abf72b9057855fe7e1b92b12f04bdbd67537 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Mon, 3 Jun 2013 16:19:13 -0300
Subject: Move symmetric encryption/decryption code from leap.common to
 leap.soledad.

---
 src/leap/soledad/crypto.py | 57 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 52 insertions(+), 5 deletions(-)

(limited to 'src/leap/soledad/crypto.py')

diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py
index e020eee6..e3d2c30c 100644
--- a/src/leap/soledad/crypto.py
+++ b/src/leap/soledad/crypto.py
@@ -21,11 +21,29 @@ Cryptographic utilities for Soledad.
 """
 
 
+import os
+import binascii
 import hmac
 import hashlib
 
+from Crypto.Cipher import AES
+from Crypto.Util import Counter
+from leap.common.check import leap_assert, leap_assert_type
 
-from leap.common import crypto
+
+class EncryptionMethods(object):
+    """
+    Representation of encryption methods that can be used.
+    """
+
+    AES_256_CTR = 'aes-256-ctr'
+
+
+class UnknownEncryptionMethod(Exception):
+    """
+    Raised when trying to encrypt/decrypt with unknown method.
+    """
+    pass
 
 
 class NoSymmetricSecret(Exception):
@@ -51,7 +69,7 @@ class SoledadCrypto(object):
         self._soledad = soledad
 
     def encrypt_sym(self, data, key,
-                    method=crypto.EncryptionMethods.AES_256_CTR):
+                    method=EncryptionMethods.AES_256_CTR):
         """
         Encrypt C{data} using a {password}.
 
@@ -67,10 +85,23 @@ class SoledadCrypto(object):
         @return: A tuple with the initial value and the encrypted data.
         @rtype: (long, str)
         """
-        return crypto.encrypt_sym(data, key, method)
+        leap_assert_type(key, str)
+
+        # AES-256 in CTR mode
+        if method == EncryptionMethods.AES_256_CTR:
+            leap_assert(
+                len(key) == 32,  # 32 x 8 = 256 bits.
+                'Wrong key size: %s bits (must be 256 bits long).' % (len(key)*8))
+            iv = os.urandom(8)
+            ctr = Counter.new(64, prefix=iv)
+            cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr)
+            return binascii.b2a_base64(iv), cipher.encrypt(data)
+
+        # raise if method is unknown
+        raise UnknownEncryptionMethod('Unkwnown method: %s' % method)
 
     def decrypt_sym(self, data, key,
-                    method=crypto.EncryptionMethods.AES_256_CTR, **kwargs):
+                    method=EncryptionMethods.AES_256_CTR, **kwargs):
         """
         Decrypt data using symmetric secret.
 
@@ -88,7 +119,23 @@ class SoledadCrypto(object):
         @return: The decrypted data.
         @rtype: str
         """
-        return crypto.decrypt_sym(data, key, method, **kwargs)
+        leap_assert_type(key, str)
+
+        # AES-256 in CTR mode
+        if method == EncryptionMethods.AES_256_CTR:
+            # assert params
+            leap_assert(
+                len(key) == 32,  # 32 x 8 = 256 bits.
+                'Wrong key size: %s (must be 256 bits long).' % len(key))
+            leap_assert(
+                'iv' in kwargs,
+                'AES-256-CTR needs an initial value given as.')
+            ctr = Counter.new(64, prefix=binascii.a2b_base64(kwargs['iv']))
+            cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr)
+            return cipher.decrypt(data)
+
+        # raise if method is unknown
+        raise UnknownEncryptionMethod('Unkwnown method: %s' % method)
 
     def doc_passphrase(self, doc_id):
         """
-- 
cgit v1.2.3


From f4561f3462d8a265f11811d65c4b50db1dd61b45 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Mon, 3 Jun 2013 17:10:15 -0300
Subject: Remove strict dependency on leap.common.

* Encapsulate leap_assert and leap_assert_type so Soledad works without them.
* Remove dependency on leap.common.files.mkdir_p().
* Encapsulate signaling.
* Add changes file.
---
 src/leap/soledad/crypto.py | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

(limited to 'src/leap/soledad/crypto.py')

diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py
index e3d2c30c..be83e4a2 100644
--- a/src/leap/soledad/crypto.py
+++ b/src/leap/soledad/crypto.py
@@ -26,9 +26,15 @@ import binascii
 import hmac
 import hashlib
 
+
 from Crypto.Cipher import AES
 from Crypto.Util import Counter
-from leap.common.check import leap_assert, leap_assert_type
+
+
+from leap.soledad import (
+    soledad_assert,
+    soledad_assert_type,
+)
 
 
 class EncryptionMethods(object):
@@ -85,13 +91,14 @@ class SoledadCrypto(object):
         @return: A tuple with the initial value and the encrypted data.
         @rtype: (long, str)
         """
-        leap_assert_type(key, str)
+        soledad_assert_type(key, str)
 
         # AES-256 in CTR mode
         if method == EncryptionMethods.AES_256_CTR:
-            leap_assert(
+            soledad_assert(
                 len(key) == 32,  # 32 x 8 = 256 bits.
-                'Wrong key size: %s bits (must be 256 bits long).' % (len(key)*8))
+                'Wrong key size: %s bits (must be 256 bits long).' %
+                (len(key) * 8))
             iv = os.urandom(8)
             ctr = Counter.new(64, prefix=iv)
             cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr)
@@ -119,15 +126,15 @@ class SoledadCrypto(object):
         @return: The decrypted data.
         @rtype: str
         """
-        leap_assert_type(key, str)
+        soledad_assert_type(key, str)
 
         # AES-256 in CTR mode
         if method == EncryptionMethods.AES_256_CTR:
             # assert params
-            leap_assert(
+            soledad_assert(
                 len(key) == 32,  # 32 x 8 = 256 bits.
                 'Wrong key size: %s (must be 256 bits long).' % len(key))
-            leap_assert(
+            soledad_assert(
                 'iv' in kwargs,
                 'AES-256-CTR needs an initial value given as.')
             ctr = Counter.new(64, prefix=binascii.a2b_base64(kwargs['iv']))
-- 
cgit v1.2.3