Skip to content

Commit

Permalink
Replace sequester_crypto
Browse files Browse the repository at this point in the history
  • Loading branch information
TimeEngineer committed Nov 28, 2022
1 parent 9c5be21 commit a21c6a0
Show file tree
Hide file tree
Showing 17 changed files with 101 additions and 344 deletions.
6 changes: 3 additions & 3 deletions parsec/api/data/certif.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
from parsec._parsec import DateTime
from typing import Any, Dict, Literal

from parsec.sequester_crypto import SequesterVerifyKeyDer, SequesterEncryptionKeyDer
from parsec._parsec import SequesterVerifyKeyDer, SequesterPublicKeyDer
from parsec.serde import fields, post_load
from parsec.api.protocol import (
SequesterServiceID,
Expand Down Expand Up @@ -48,7 +48,7 @@ class SCHEMA_CLS(BaseSchema):
timestamp = fields.DateTime(required=True)
service_id = SequesterServiceIDField(required=True)
service_label = fields.String(required=True)
encryption_key_der = fields.SequesterEncryptionKeyDerField(required=True)
encryption_key_der = fields.SequesterPublicKeyDerField(required=True)

@post_load
def make_obj(self, data: Dict[str, Any]) -> "SequesterServiceCertificate": # type: ignore[misc]
Expand All @@ -58,4 +58,4 @@ def make_obj(self, data: Dict[str, Any]) -> "SequesterServiceCertificate": # ty
timestamp: DateTime
service_id: SequesterServiceID
service_label: str
encryption_key_der: SequesterEncryptionKeyDer
encryption_key_der: SequesterPublicKeyDer
37 changes: 18 additions & 19 deletions parsec/backend/cli/sequester.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,24 @@

import attr
import click
import oscrypto
import textwrap
from oscrypto.asymmetric import PrivateKey
from async_generator import asynccontextmanager
from base64 import b64encode, b64decode
from pathlib import Path
from typing import AsyncGenerator, Dict, List, Tuple

from parsec._parsec import DateTime
from parsec._parsec import (
DateTime,
SequesterPrivateKeyDer,
SequesterPublicKeyDer,
SequesterSigningKeyDer,
SequesterVerifyKeyDer,
)
from parsec.backend.postgresql.organization import PGOrganizationComponent
from parsec.event_bus import EventBus
from parsec.utils import open_service_nursery, trio_run
from parsec.cli_utils import operation, cli_exception_handler, debug_config_options
from parsec.sequester_crypto import (
sequester_authority_sign,
SequesterEncryptionKeyDer,
SequesterVerifyKeyDer,
CryptoError,
)
from parsec.crypto import CryptoError
from parsec.sequester_export_reader import extract_workspace, RealmExportProgress
from parsec.api.data import SequesterServiceCertificate, DataError
from parsec.api.protocol import OrganizationID, UserID, RealmID, SequesterServiceID, HumanHandle
Expand Down Expand Up @@ -49,11 +48,9 @@

def dump_sequester_service_certificate_pem(
certificate_data: SequesterServiceCertificate,
authority_signing_key: PrivateKey,
authority_signing_key: SequesterSigningKeyDer,
) -> str:
certificate = sequester_authority_sign(
signing_key=authority_signing_key, data=certificate_data.dump()
)
certificate = authority_signing_key.sign(certificate_data.dump())
return "\n".join(
(
SEQUESTER_SERVICE_CERTIFICATE_PEM_HEADER,
Expand Down Expand Up @@ -216,8 +213,10 @@ def generate_service_certificate(
) -> None:
with cli_exception_handler(debug):
# Load key files
service_key = SequesterEncryptionKeyDer(service_public_key.read_bytes())
authority_key = oscrypto.asymmetric.load_private_key(authority_private_key.read_bytes())
service_key = SequesterPublicKeyDer.load_pem(service_public_key.read_text())
authority_key = SequesterPrivateKeyDer.load_pem(
authority_private_key.read_text()
).signing_key

# Generate data schema
service_id = SequesterServiceID.new()
Expand Down Expand Up @@ -426,8 +425,8 @@ def create_service(
"Webhook sequester service requires webhook_url argument"
)
# Load key files
service_key = SequesterEncryptionKeyDer(service_public_key.read_bytes())
authority_key = oscrypto.asymmetric.load_private_key(authority_private_key.read_bytes())
service_key = SequesterPublicKeyDer.load_pem(service_public_key.read_text())
authority_key = SequesterPrivateKeyDer.load_pem(authority_private_key.read_text())
# Generate data schema
service_id = SequesterServiceID.new()
now = DateTime.now()
Expand All @@ -437,7 +436,7 @@ def create_service(
service_label=service_label,
encryption_key_der=service_key,
)
certificate = sequester_authority_sign(signing_key=authority_key, data=certif_data.dump())
certificate = authority_key.signing_key.sign(certif_data.dump())

sequester_service: BaseSequesterService
if cooked_service_type == SequesterServiceType.STORAGE:
Expand Down Expand Up @@ -796,7 +795,7 @@ def extract_realm_export(
# Finally a command that is not async !
# This is because here we do only a single thing at a time and sqlite3 provide
# a synchronous api anyway
decryption_key = oscrypto.asymmetric.load_private_key(service_decryption_key.read_bytes())
decryption_key = SequesterPrivateKeyDer.load_pem(service_decryption_key.read_text())

# Convert filter_date from click.Datetime to parsec.Datetime
date: DateTime
Expand Down
4 changes: 2 additions & 2 deletions parsec/backend/organization.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@
OrganizationConfigRep,
OrganizationConfigRepOk,
OrganizationConfigRepNotFound,
SequesterVerifyKeyDer,
UsersPerProfileDetailItem,
VerifyKey,
)
from parsec.utils import timestamps_in_the_ballpark
from parsec.crypto import VerifyKey
from parsec.sequester_crypto import SequesterVerifyKeyDer
from parsec.api.data import (
UserCertificate,
DeviceCertificate,
Expand Down
4 changes: 1 addition & 3 deletions parsec/backend/postgresql/organization.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,8 @@
from functools import lru_cache
from triopg import UniqueViolationError

from parsec._parsec import DateTime
from parsec._parsec import DateTime, SequesterVerifyKeyDer, VerifyKey
from parsec.api.protocol import OrganizationID, UserProfile
from parsec.crypto import VerifyKey
from parsec.sequester_crypto import SequesterVerifyKeyDer
from parsec.backend.events import BackendEvent
from parsec.backend.user import UserError, User, Device
from parsec.backend.utils import UnsetType, Unset
Expand Down
3 changes: 1 addition & 2 deletions parsec/backend/postgresql/sequester.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from collections import defaultdict
from typing import Any, List, Tuple

from parsec.sequester_crypto import SequesterVerifyKeyDer
from parsec._parsec import DateTime, SequesterVerifyKeyDer
from parsec.api.data import DataError, SequesterServiceCertificate
from parsec.api.protocol import OrganizationID, RealmID, SequesterServiceID, VlobID
from parsec.backend.organization import SequesterAuthority
Expand All @@ -28,7 +28,6 @@
SequesterWrongServiceTypeError,
)
from parsec.crypto import CryptoError
from parsec._parsec import DateTime


# Sequester authority never gets modified past organization bootstrap, hence no need
Expand Down
6 changes: 2 additions & 4 deletions parsec/core/cli/bootstrap_organization.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import platform
from typing import Any, Protocol

from parsec.sequester_crypto import SequesterVerifyKeyDer
from parsec._parsec import LocalDevice, SequesterVerifyKeyDer
from parsec.utils import trio_run
from parsec.cli_utils import spinner, cli_exception_handler, async_prompt, async_confirm
from parsec.api.protocol import HumanHandle, DeviceLabel
Expand All @@ -16,8 +16,6 @@
from parsec.core.invite import bootstrap_organization as do_bootstrap_organization
from parsec.core.cli.utils import cli_command_base_options, core_config_options, save_device_options

from parsec._parsec import LocalDevice


SEQUESTER_BRIEF = """A sequestered organization is able to ask it users to encrypt
their data with third party asymmetric keys (called "sequester service").
Expand Down Expand Up @@ -63,7 +61,7 @@ async def _bootstrap_organization(
)
if not answer:
raise SystemExit("Bootstrap aborted")
sequester_vrf_key = SequesterVerifyKeyDer(sequester_verify_key.read_bytes())
sequester_vrf_key = SequesterVerifyKeyDer.load_pem(sequester_verify_key.read_text())

human_label: str = human_label or await async_prompt("User fullname")
human_email: str = human_email or await async_prompt("User email")
Expand Down
7 changes: 5 additions & 2 deletions parsec/core/invite/organization.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
# Parsec Cloud (https://parsec.cloud) Copyright (c) AGPL-3.0 2016-present Scille SAS
from __future__ import annotations

from parsec.crypto import SigningKey, VerifyKey
from parsec.sequester_crypto import SequesterVerifyKeyDer
from parsec._parsec import (
SigningKey,
VerifyKey,
SequesterVerifyKeyDer,
)
from parsec.api.data import (
UserCertificate,
DeviceCertificate,
Expand Down
167 changes: 0 additions & 167 deletions parsec/sequester_crypto.py

This file was deleted.

Loading

0 comments on commit a21c6a0

Please sign in to comment.