pyca/cryptography library contains flaw in AES-GCM primitive

[emkll]

Description

pyca/cryptography is used on both the app server and on the tails workstation, and should be updated due to a vulnerability in the implementation of AES-GCM: https://nvd.nist.gov/vuln/detail/CVE-2018-10903

Based on discussions with @redshiftzero, we are planning to move forward with the following:

Securedrop app server

For the SecureDrop application, we are using pyca/cryptography exclusively in the secure temp file [0,1], where we use AES in CTR mode (therefore not affected by this flaw). When switching to this library, we've encountered issues in getting the library functional in Ubuntu 14.04 (see #3441), which would make an upgrade of the library less trivial.

For the reasons above, let's wait for the Xenial migration, while closely monitoring advisories for the pyca/cryptography library. If another flaw is found, we can re-evaluate this decision.

Tails workstation

Used by Paramiko [2], which currently does not support GCM [3] (it's reasonable to assume that the AES GCM functions are not being used). However, there is no reason not to upgrade, so let's bump versions for the admin tails workstation.

Steps to Reproduce

Observe the version of the cryptography package version

Expected Behavior

The cryptography package version should be >= 2.3

Actual Behavior

The cryptography package version is < 2.3

[0] : https://github.com/freedomofpress/securedrop/blob/develop/securedrop/requirements/securedrop-app-code-requirements.txt
[1] : https://github.com/freedomofpress/securedrop/blob/develop/securedrop/secure_tempfile.py
[2] : https://github.com/freedomofpress/securedrop/blob/develop/admin/requirements.txt
[3] : paramiko/paramiko#982