1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
# -*- coding: utf-8 -*-
# encdecpool.py
# Copyright (C) 2015 LEAP
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
A pool of encryption/decryption concurrent and parallel workers for using
during synchronization.
"""
from twisted.internet import threads
from twisted.internet import defer
from leap.soledad.common import soledad_assert
from leap.soledad.common.log import getLogger
from leap.soledad.client.crypto import encrypt_docstr
from leap.soledad.client.crypto import decrypt_doc_dict
logger = getLogger(__name__)
#
# Encrypt pool of workers
#
class SyncEncryptDecryptPool(object):
"""
Base class for encrypter/decrypter pools.
"""
def __init__(self, crypto, sync_db):
"""
Initialize the pool of encryption-workers.
:param crypto: A SoledadCryto instance to perform the encryption.
:type crypto: leap.soledad.crypto.SoledadCrypto
:param sync_db: A database connection handle
:type sync_db: pysqlcipher.dbapi2.Connection
"""
self._crypto = crypto
self._sync_db = sync_db
self._delayed_call = None
self._started = False
def start(self):
self._started = True
def stop(self):
self._started = False
# maybe cancel the next delayed call
if self._delayed_call \
and not self._delayed_call.called:
self._delayed_call.cancel()
@property
def running(self):
return self._started
def _runOperation(self, query, *args):
"""
Run an operation on the sync db.
:param query: The query to be executed.
:type query: str
:param args: A list of query arguments.
:type args: list
:return: A deferred that will fire when the operation in the database
has finished.
:rtype: twisted.internet.defer.Deferred
"""
return self._sync_db.runOperation(query, *args)
def _runQuery(self, query, *args):
"""
Run a query on the sync db.
:param query: The query to be executed.
:type query: str
:param args: A list of query arguments.
:type args: list
:return: A deferred that will fire with the results of the database
query.
:rtype: twisted.internet.defer.Deferred
"""
return self._sync_db.runQuery(query, *args)
def encrypt_doc_task(doc_id, doc_rev, content, key, secret):
"""
Encrypt the content of the given document.
:param doc_id: The document id.
:type doc_id: str
:param doc_rev: The document revision.
:type doc_rev: str
:param content: The serialized content of the document.
:type content: str
:param key: The encryption key.
:type key: str
:param secret: The Soledad storage secret (used for MAC auth).
:type secret: str
:return: A tuple containing the doc id, revision and encrypted content.
:rtype: tuple(str, str, str)
"""
encrypted_content = encrypt_docstr(
content, doc_id, doc_rev, key, secret)
return doc_id, doc_rev, encrypted_content
class SyncEncrypterPool(SyncEncryptDecryptPool):
"""
Pool of workers that spawn subprocesses to execute the symmetric encryption
of documents to be synced.
"""
TABLE_NAME = "docs_tosync"
FIELD_NAMES = "doc_id PRIMARY KEY, rev, content"
ENCRYPT_LOOP_PERIOD = 2
def __init__(self, *args, **kwargs):
"""
Initialize the sync encrypter pool.
"""
SyncEncryptDecryptPool.__init__(self, *args, **kwargs)
# TODO delete already synced files from database
def start(self):
"""
Start the encrypter pool.
"""
SyncEncryptDecryptPool.start(self)
logger.debug("starting the encryption loop...")
def stop(self):
"""
Stop the encrypter pool.
"""
SyncEncryptDecryptPool.stop(self)
def encrypt_doc(self, doc):
"""
Encrypt document asynchronously then insert it on
local staging database.
:param doc: The document to be encrypted.
:type doc: SoledadDocument
"""
soledad_assert(self._crypto is not None, "need a crypto object")
docstr = doc.get_json()
key = self._crypto.doc_passphrase(doc.doc_id)
secret = self._crypto.secret
args = doc.doc_id, doc.rev, docstr, key, secret
# encrypt asynchronously
# TODO use dedicated threadpool / move to ampoule
d = threads.deferToThread(
encrypt_doc_task, *args)
d.addCallback(self._encrypt_doc_cb)
return d
def _encrypt_doc_cb(self, result):
"""
Insert results of encryption routine into the local sync database.
:param result: A tuple containing the doc id, revision and encrypted
content.
:type result: tuple(str, str, str)
"""
doc_id, doc_rev, content = result
return self._insert_encrypted_local_doc(doc_id, doc_rev, content)
def _insert_encrypted_local_doc(self, doc_id, doc_rev, content):
"""
Insert the contents of the encrypted doc into the local sync
database.
:param doc_id: The document id.
:type doc_id: str
:param doc_rev: The document revision.
:type doc_rev: str
:param content: The serialized content of the document.
:type content: str
"""
query = "INSERT OR REPLACE INTO '%s' VALUES (?, ?, ?)" \
% (self.TABLE_NAME,)
return self._runOperation(query, (doc_id, doc_rev, content))
@defer.inlineCallbacks
def get_encrypted_doc(self, doc_id, doc_rev):
"""
Get an encrypted document from the sync db.
:param doc_id: The id of the document.
:type doc_id: str
:param doc_rev: The revision of the document.
:type doc_rev: str
:return: A deferred that will fire with the encrypted content of the
document or None if the document was not found in the sync
db.
:rtype: twisted.internet.defer.Deferred
"""
query = "SELECT content FROM %s WHERE doc_id=? and rev=?" \
% self.TABLE_NAME
result = yield self._runQuery(query, (doc_id, doc_rev))
if result:
logger.debug("found doc on sync db: %s" % doc_id)
val = result.pop()
defer.returnValue(val[0])
logger.debug("did not find doc on sync db: %s" % doc_id)
defer.returnValue(None)
def delete_encrypted_doc(self, doc_id, doc_rev):
"""
Delete an encrypted document from the sync db.
:param doc_id: The id of the document.
:type doc_id: str
:param doc_rev: The revision of the document.
:type doc_rev: str
:return: A deferred that will fire when the operation in the database
has finished.
:rtype: twisted.internet.defer.Deferred
"""
query = "DELETE FROM %s WHERE doc_id=? and rev=?" \
% self.TABLE_NAME
self._runOperation(query, (doc_id, doc_rev))
def decrypt_doc_task(doc_id, doc_rev, content, gen, trans_id, key, secret,
idx):
"""
Decrypt the content of the given document.
:param doc_id: The document id.
:type doc_id: str
:param doc_rev: The document revision.
:type doc_rev: str
:param content: The encrypted content of the document as JSON dict.
:type content: dict
:param gen: The generation corresponding to the modification of that
document.
:type gen: int
:param trans_id: The transaction id corresponding to the modification of
that document.
:type trans_id: str
:param key: The encryption key.
:type key: str
:param secret: The Soledad storage secret (used for MAC auth).
:type secret: str
:param idx: The index of this document in the current sync process.
:type idx: int
:return: A tuple containing the doc id, revision and encrypted content.
:rtype: tuple(str, str, str)
"""
decrypted_content = decrypt_doc_dict(content, doc_id, doc_rev, key, secret)
return doc_id, doc_rev, decrypted_content, gen, trans_id, idx
|
