src/leap/soledad/__init__.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

# License?

"""A U1DB implementation for using Object Stores as its persistence layer."""

import os
import string
import random
import cStringIO
import hmac
from soledad.util import GPGWrapper

class Soledad(object):

    PREFIX        = os.environ['HOME']  + '/.config/leap/soledad'
    SECRET_PATH   = PREFIX + '/secret.gpg'
    GNUPG_HOME    = PREFIX + '/gnupg'
    SECRET_LENGTH = 50

    def __init__(self, user_email, gpghome=None):
        self._user_email = user_email
        if not os.path.isdir(self.PREFIX):
            os.makedirs(self.PREFIX)
        if not gpghome:
            gpghome = self.GNUPG_HOME
        self._gpg = GPGWrapper(gpghome=gpghome)
        # load OpenPGP keypair
        if not self._has_openpgp_keypair():
            self._gen_openpgp_keypair()
        self._load_openpgp_keypair()
        # load secret
        if not self._has_secret():
            self._gen_secret()
        self._load_secret()

    def _has_secret(self):
        if os.path.isfile(self.SECRET_PATH):
            return True
        return False

    def _load_secret(self):
        try:
            with open(self.SECRET_PATH) as f:
               self._secret = str(self._gpg.decrypt(f.read()))
        except IOError as e:
           raise IOError('Failed to open secret file %s.' % self.SECRET_PATH)

    def _gen_secret(self):
        self._secret = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(self.SECRET_LENGTH))
        ciphertext = self._gpg.encrypt(self._secret, self._fingerprint, self._fingerprint)
        f = open(self.SECRET_PATH, 'w')
        f.write(str(ciphertext))
        f.close()


    def _has_openpgp_keypair(self):
        try:
            self._gpg.find_key(self._user_email)
            return True
        except LookupError:
            return False

    def _gen_openpgp_keypair(self):
        params = self._gpg.gen_key_input(
          key_type='RSA',
          key_length=4096,
          name_real=self._user_email,
          name_email=self._user_email,
          name_comment='Generated by LEAP Soledad.')
        self._gpg.gen_key(params)

    def _load_openpgp_keypair(self):
        self._fingerprint = self._gpg.find_key(self._user_email)['fingerprint']

    def encrypt(self, data, sign=None, passphrase=None, symmetric=False):
        return str(self._gpg.encrypt(data, self._fingerprint, sign=sign,
                                     passphrase=passphrase, symmetric=symmetric))

    def encrypt_symmetric(self, doc_id, data, sign=None):
        h = hmac.new(self._secret, doc_id).hexdigest()
        return self.encrypt(data, sign=sign, passphrase=h, symmetric=True)

    def decrypt(self, data, passphrase=None, symmetric=False):
        return str(self._gpg.decrypt(data, passphrase=passphrase))

    def decrypt_symmetric(self, doc_id, data):
        h = hmac.new(self._secret, doc_id).hexdigest()
        return self.decrypt(data, passphrase=h)