def decrypt(data: str, gpg: GPG) -> str:
"""
Decrypt `data` with `gpg` and return its value.
"""
result = gpg.decrypt(data, always_trust=True)
if not result.ok:
raise DecryptionError(result.status)
else:
return str(gpg.decrypt(data, always_trust=True))
class DecryptMessage(Resource):
def __init__(self):
self.gpg = GPG(gpgbinary='/usr/bin/gpg',
gnupghome='/usr/local/src/keys')
def post(self):
parser = reqparse.RequestParser(bundle_errors=True)
parser.add_argument('Message',
type=str,
required=True,
location='json')
parser.add_argument('Passphrase',
type=str,
required=True,
location='json')
args = parser.parse_args(strict=True)
if not args['Message'] or not args['Passphrase']:
return {"Error": "Invalid Message or Passphrase"}
decrypted = self.gpg.decrypt(args['Message'],
passphrase=args['Passphrase'])
if decrypted.ok:
return {"DecryptedMessage": str(decrypted)}
else:
return {"Error": decrypted.status}
def finish_auth_pass(message, bot):
t_str = 'test_ur_crappy_password_str'
decrypt = None
try:
gpg = GPG()
encrypt = gpg.encrypt(t_str, recipients='user_' + str(message.chat.id))
decrypt = gpg.decrypt(str(encrypt), passphrase=str(message.text))
system('echo RELOADAGENT | gpg-connect-agent')
except:
msg = bot.send_message(message.chat.id, 'Произошла ошибка.')
del_mess(msg, bot, 4)
result_available.set()
if str(decrypt) == t_str:
global pas
msg = bot.send_message(message.chat.id, 'Вы аутентифицировались.')
pas = str(message.text)
del_mess(msg, bot, 4)
result_available.set()
else:
msg = bot.send_message(message.chat.id, 'Пароль не верен.')
del_mess(msg, bot, 4)
result_available.set()
def get_gpg_pwd(apistatus, userid_status, mfa, userid, g_home, g_pass):
"""Returns gpg password if all inputs are valid.
Keyword arguments:
apistatus - The true/false return value from the check_api_key
function.
userid_stauts - The true/false return value from the check_userid
function.
mfa - The true/false return value from the check_totp
function.
userid - The userid that corresponds (key:value) to sensitive data
that is being retrieved.
g_home - The GPG home directory for this application, i.e.
export |grep GNUPGHOME.
g_pass - The password for the GPG private key.
Output:
The function returns the sensitive data that corresponds to the
userid."""
# Performing input validation.
if not validate_userid(userid):
return 1
# Checking login status and that the API key is authorized to
# access the userid.
if apistatus and userid_status and mfa:
gpg_file = open(c_text, 'r', encoding='ascii').read().strip('\n')
g = GPG(homedir=g_home)
gpg_data = str(g.decrypt(gpg_file, passphrase=g_pass)).split('\n')
for line in gpg_data:
reg_search = search(r'(^' + userid + ': )(.+)', line)
if reg_search:
return reg_search.group(2)
else:
return False
def do_job_unit(self, event, corpus, unit, **kwargs):
preroll = kwargs.get("preroll", 0)
for i, (domain, count, path, url) in enumerate(self.get_chunk_info_paths_urls(
event, corpus, preroll=preroll)):
if i != unit:
continue
gpg = GPG()
#http = urllib3.PoolManager()
parent = os.path.dirname(path)
if not os.path.exists(parent):
try:
os.makedirs(parent)
except OSError as e:
if e.errno == errno.EEXIST and os.path.isdir(parent):
pass
retries = 3
while 1:
try:
r = requests.get(url, timeout=30)
with open(path, u'wb') as f:
f.write(str(gpg.decrypt(r.content)))
break
except requests.exceptions.ConnectionError:
retries -= 1
if retries == 0:
break
except urllib3.exceptions.ReadTimeoutError:
retries -= 1
if retries == 0:
break
def do_job_unit(self, event, corpus, unit, **kwargs):
preroll = kwargs.get("preroll", 0)
for i, (domain, count, path, url) in enumerate(
self.get_chunk_info_paths_urls(event, corpus,
preroll=preroll)):
if i != unit:
continue
gpg = GPG()
#http = urllib3.PoolManager()
parent = os.path.dirname(path)
if not os.path.exists(parent):
try:
os.makedirs(parent)
except OSError as e:
if e.errno == errno.EEXIST and os.path.isdir(parent):
pass
retries = 3
while 1:
try:
r = requests.get(url, timeout=30)
with open(path, u'wb') as f:
f.write(str(gpg.decrypt(r.content)))
break
except requests.exceptions.ConnectionError:
retries -= 1
if retries == 0:
break
except urllib3.exceptions.ReadTimeoutError:
retries -= 1
if retries == 0:
break
def finish_clone_pass(message, bot, path_to_user_folder):
t_str = 'test_ur_crappy_password_str'
decrypt = None
try:
gpg = GPG()
encrypt = gpg.encrypt(t_str, recipients='user_'+str(message.chat.id))
decrypt = gpg.decrypt(str(encrypt), passphrase=message.text)
system('echo RELOADAGENT | gpg-connect-agent')
except:
msg = bot.send_message(message.chat.id, 'Произошла ошибка.')
del_mess(msg, bot, 8)
return
if str(decrypt) == t_str:
try:
with open(path_to_user_folder+'/user_data/Nothing.txt', 'w') as f:
f.write(message.text)
msg = bot.send_message(message.chat.id, 'Пароль сохранен.', reply_markup = types.ReplyKeyboardRemove(selective=False))
del_mess(msg, bot, 8)
return
except:
msg = bot.send_message(message.chat.id, 'Произошла ошибка.', reply_markup = types.ReplyKeyboardRemove(selective=False))
del_mess(msg, bot, 8)
return
else:
msg = bot.send_message(message.chat.id, 'Пароль не верен.')
msg_handler = bot.send_message(message.chat.id, 'Введите пароль от нового ключа, я его сохраню.', reply_markup = types.ReplyKeyboardRemove(selective=False))
bot.register_next_step_handler(msg_handler, lambda msg: finish_clone_pass(msg, bot, path_to_user_folder))
def extract_content(path, keyring, output_dir, output_ext):
""" Use the keyring to decrypt a document """
name = os.path.splitext(os.path.basename(path))[0]
gpg = GPG(gnupghome=keyring)
new_path = os.path.join(output_dir, '.'.join([name, output_ext]))
try:
with open(path, 'rb') as content:
data = gpg.decrypt(content.read(), output=new_path)
except OSError:
raise DecryptionError("Could not open '%s'" % path, path)
return new_path
def extract_content(path, keyring, output_dir, output_ext):
""" Use the keyring to decrypt a document """
name = os.path.splitext(os.path.basename(path))[0]
gpg = GPG(gnupghome=keyring)
new_path = os.path.join(output_dir, '.'.join([name, output_ext]))
try:
with open(path, 'rb') as content:
data = gpg.decrypt(content.read(), output=new_path)
except OSError:
raise DecryptionError("Could not open '%s'" % path, path)
return new_path
def _pgp_decrypt(self, encrypted_firmware, key):
'''
This does the actual decryption.
'''
try:
tmp_dir = tempfile.mkdtemp()
gpg = GPG(gnupghome=tmp_dir)
gpg.import_keys(key)
decrypted_data = gpg.decrypt(encrypted_firmware)
finally:
try:
shutil.rmtree(tmp_dir)
except OSError as exc:
if exc.errno != errno.ENOENT:
raise
return bytes(decrypted_data.data)
def decrypt(message):
'''
decrypt a message sent to me, and verify sender email
'''
gpg = GPG()
verified = decoded = b''
logging.debug('decoding %s...', message[:64])
try:
decoded = b58decode(message)
logging.debug('decrypting %r...', decoded[:64])
decrypted = gpg.decrypt(decoded)
# pylint: disable=no-member
verified = 'trust level %s' % decrypted.trust_text
except ValueError:
logging.warning('%r... not base58 encoded', message[:32])
decrypted = type('', (), {'data': message})
verified = 'unencoded'
except subprocess.CalledProcessError as problem:
logging.exception(problem)
decrypted = type('', (), {'data': b''})
return decrypted.data, verified
def scchunk_worker_(job_queue, result_queue, **kwargs):
signal.signal(signal.SIGINT, signal.SIG_IGN)
gpg = GPG()
http = urllib3.PoolManager(timeout=15.0, retries=3)
while not job_queue.empty():
try:
path, url = job_queue.get(block=False)
parent = os.path.dirname(path)
if not os.path.exists(parent):
try:
os.makedirs(parent)
except OSError as e:
if e.errno == errno.EEXIST and os.path.isdir(parent):
pass
r = http.request('GET', url)
with open(path, u'wb') as f:
f.write(str(gpg.decrypt(r.data)))
result_queue.put(None)
except Queue.Empty:
pass
def scchunk_worker_(job_queue, result_queue, **kwargs):
signal.signal(signal.SIGINT, signal.SIG_IGN)
gpg = GPG()
http = urllib3.PoolManager(timeout=15.0, retries=3)
while not job_queue.empty():
try:
path, url = job_queue.get(block=False)
parent = os.path.dirname(path)
if not os.path.exists(parent):
try:
os.makedirs(parent)
except OSError as e:
if e.errno == errno.EEXIST and os.path.isdir(parent):
pass
r = http.request('GET', url)
with open(path, u'wb') as f:
f.write(str(gpg.decrypt(r.data)))
result_queue.put(None)
except Queue.Empty:
pass
#!/usr/bin/env python
import requests
from gnupg import GPG
passphrase = None
if __name__ == "__main__":
gpg = GPG()
url = "http://127.0.0.1:8000/students/crypto/"
r = requests.get(url)
print "cifrado", r.text
content = gpg.decrypt(r.text, always_trust=True, passphrase=passphrase)
print "decifrado"
if not content:
print "No se pudo descifrar"
else:
print content
def dec(data, key):
gpg = GPG()
return gpg.decrypt()
def decrypt(data: str, gpg: GPG) -> str:
"""
Decrypt `data` with `gpg` and return its value.
"""
return str(gpg.decrypt(data, always_trust=True))
class GpgSandbox:
"""
The GPG sandbox wraps a :class:`gnupg.GPG` instance that uses a temporary directory as its home directory. This
allows to import keys without messing with the user's system. It automatically imports files named `*.key` placed
in `keys_dir` (`data/keys`) by default. The keys can then be referenced by their filename minus the `.key`
extension, for example `john.doe.key` can then be used with `gpg.get_key('john.doe').
"""
def __init__(self, tmpdir: str, keys_dir: str = 'data/keys') -> None:
# GPG needs the homedir to have limited permissions
os.chmod(tmpdir, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
self.homedir = tmpdir
self.gpg = GPG(gnupghome=tmpdir)
self.keys = self.import_keys(keys_dir)
def get_key_files(self, keys_dir: str) -> Iterable[str]:
"""
Return the list of key files in the keys directory.
"""
return glob.glob(
os.path.join(os.path.dirname(__file__), '..', keys_dir, '*.key'))
def import_key(self, key: str) -> str:
"""
Import the given armored key and return its fingerprint.
"""
import_result = self.gpg.import_keys(key)
return import_result.fingerprints[0]
def import_keys(self, keys_dir: str) -> Dict[str, Tuple[str, str]]:
"""
Iterate over the `.key` files in `keys_dir` and import then into GPG.
"""
keys = {}
for key_path in self.get_key_files(keys_dir):
username = os.path.basename(key_path)[:-len('.key')]
with open(key_path) as key_file:
key = key_file.read()
keys[username] = (self.import_key(key), key)
return keys
def encrypt(self, data: str, username: str) -> str:
"""
Return `data` encrypted for `username`, which should match a key in the keys directory.
"""
return str(
self.gpg.encrypt(data, self.keys[username][0], always_trust=True))
def decrypt(self, data: str) -> str:
"""
Return `data` decrypted. A corresponding private key must be available so this data can be decrypted.
"""
return str(self.gpg.decrypt(data, always_trust=True))
def get_fingerprint(self, username: str) -> str:
"""
Return the key fingerprint of the given username.
"""
return self.keys[username][0]
def get_key(self, username: str) -> str:
"""
Return the armored key of the given username.
"""
return self.keys[username][1]
gpg = GPG(binary='/usr/bin/gpg2',
homedir='~/.gnupg',
keyring='pubring.gpg',
secring='secring.gpg')
stored_keys = gpg.list_keys()
message = "This is a test message to be encripted."
options_enc = {
'passphrase': passphrase,
'armor': True,
'default_key': gpg_test_fingerprint
}
encrypted_msg = gpg.encrypt(message, gpg_test_fingerprint, **options_enc)
print(encrypted_msg)
options_dec = {
'passphrase': passphrase
}
decrypted_msg = gpg.decrypt(str(encrypted_msg), **options_dec)
assert message == str(decrypted_msg)
print("This is the original message:", decrypted_msg)
''' "Valid" will return a boolean saying whether the decrypted message's
signature is valid.'''
assert decrypted_msg.valid
def DecryptGPG(cipher_file, gpghome, p_phrase):
"""Simple decrypt."""
cipher_data = str(open(cipher_file, 'r').read()).strip('\n')
g = GPG(gnupghome=gpghome)
clear_data = g.decrypt(cipher_data, passphrase=p_phrase)
return clear_data
class Axolotl:
def __init__(self, name, dbname='axolotl.db', dbpassphrase='',
user_pathstring='~'):
self.ratchetKey = None
self.ratchetPKey = None
self.name = name
self.db = None
self.mode = None
self.staged_HK_mk = None
self.state = None
self.handshakeKey = None
self.handshakePKey = None
self.storeTime = None
user_path = os.path.expanduser(user_pathstring)
keyring = [user_path + '/.gnupg/pubring.gpg']
secret_keyring = [user_path + '/.gnupg/secring.gpg']
self.dbname = user_path + '/tmp/pyaxo_db/' + dbname
self.gpg = GPG(gnupghome=user_path + '/.axolotl', gpgbinary='gpg',
keyring=keyring,
secret_keyring=secret_keyring,
options=['--throw-keyids',
'--personal-digest-preferences=sha256',
'--s2k-digest-algo=sha256'])
self.gpg.encoding = 'utf-8'
if dbpassphrase != '' or dbpassphrase is None:
self.dbpassphrase = dbpassphrase
else:
self.dbpassphrase = getpass(
'Database passphrase for ' + self.name + ': ').strip()
self.db_init()
def db_init(self):
try:
self.db = self.open_db()
except sqlite3.OperationalError:
raise (Axolotl_exception('Bad sql! Password problem - \
cannot create the database.'))
self.mode = None
self.staged_HK_mk = {}
self.state = {}
self.state['DHIs_priv'], self.state['DHIs'] = self.genKey()
self.state['DHRs_priv'], self.state['DHRs'] = self.genKey()
self.handshakeKey, self.handshakePKey = self.genKey()
# minimum time (seconds) to store missed ephemeral message keys
self.storeTime = 2 * 86400
with self.db:
cur = self.db.cursor()
cur.execute("""
CREATE TABLE IF NOT EXISTS skipped_mk
(my_identity, to_identity, HKr TEXT, mk TEXT,
timestamp INTEGER )""")
cur.execute("""
CREATE UNIQUE INDEX IF NOT EXISTS
message_keys ON skipped_mk (mk)""")
cur.execute("""
CREATE TABLE IF NOT EXISTS conversations
(my_identity TEXT, other_identity TEXT, RK TEXT, HKs TEXT,
HKr TEXT, NHKs TEXT, NHKr TEXT, CKs TEXT, CKr TEXT,
DHIs_priv TEXT, DHIs TEXT, DHIr TEXT, DHRs_priv TEXT,
DHRs TEXT, DHRr TEXT, CONVid TEXT, Ns INTEGER, Nr INTEGER,
PNs INTEGER, ratchet_flag INTEGER, mode INTEGER)""")
cur.execute("""
CREATE UNIQUE INDEX IF NOT EXISTS
conversation_route ON
conversations (my_identity, other_identity)""")
self.commit_skipped_mk()
def triple_dh(self, a, a0, B, B0):
if self.mode is None:
raise (Axolotl_exception('Mode must be set'))
if self.mode:
return sha256(
self.gen_dh(a, B0) + self.gen_dh(a0, B) +
self.gen_dh(a0, B0)).digest()
else:
return sha256(
self.gen_dh(a0, B) + self.gen_dh(a, B0) +
self.gen_dh(a0, B0)).digest()
def initState(self, other_name, other_identityKey, other_handshakeKey,
other_ratchetKey, verify=True):
if verify:
print('Confirm ' + other_name + ' has identity key fingerprint:\n')
fingerprint = sha224(other_identityKey).hexdigest().upper()
fprint = ''
for i in range(0, len(fingerprint), 4):
fprint += fingerprint[i:i + 2] + ':'
print(fprint[:-1] + '\n')
print('Be sure to verify this fingerprint with ' + other_name +
' by some out-of-band method!')
print('Otherwise, you may be subject to a \
Man-in-the-middle attack!\n')
ans = raw_input('Confirm? y/N: ').strip()
if ans != 'y':
raise (Axolotl_exception('Key fingerprint \
not confirmed - exception'))
if self.state['DHIs'] < other_identityKey:
self.mode = True
else:
self.mode = False
mkey = self.triple_dh(self.state['DHIs_priv'], self.handshakeKey,
other_identityKey, other_handshakeKey)
self.createState(other_name, mkey,
mode=self.mode,
other_identityKey=other_identityKey,
other_ratchetKey=other_ratchetKey)
def createState(self, other_name, mkey, mode=None, other_identityKey=None,
other_ratchetKey=None):
self.mode = mode
if self.mode is None: # mode not selected
raise (Axolotl_exception('Mode must be set'))
if self.mode: # alice mode
RK = pbkdf2(mkey, b'\x00', 10, prf='hmac-sha256')
HKs = None
HKr = pbkdf2(mkey, b'\x02', 10, prf='hmac-sha256')
NHKs = pbkdf2(mkey, b'\x03', 10, prf='hmac-sha256')
NHKr = pbkdf2(mkey, b'\x04', 10, prf='hmac-sha256')
CKs = None
CKr = pbkdf2(mkey, b'\x06', 10, prf='hmac-sha256')
DHRs_priv = None
DHRs = None
DHRr = other_ratchetKey
CONVid = pbkdf2(mkey, b'\x07', 10, prf='hmac-sha256')
Ns = 0
Nr = 0
PNs = 0
ratchet_flag = True
else: # bob mode
RK = pbkdf2(mkey, b'\x00', 10, prf='hmac-sha256')
HKs = pbkdf2(mkey, b'\x02', 10, prf='hmac-sha256')
HKr = None
NHKs = pbkdf2(mkey, b'\x04', 10, prf='hmac-sha256')
NHKr = pbkdf2(mkey, b'\x03', 10, prf='hmac-sha256')
CKs = pbkdf2(mkey, b'\x06', 10, prf='hmac-sha256')
CKr = None
DHRs_priv = self.state['DHRs_priv']
DHRs = self.state['DHRs']
DHRr = None
CONVid = pbkdf2(mkey, b'\x07', 10, prf='hmac-sha256')
Ns = 0
Nr = 0
PNs = 0
ratchet_flag = False
DHIr = other_identityKey
self.state = \
{'name': self.name, 'other_name': other_name, 'RK': RK,
'HKs': HKs, 'HKr': HKr, 'NHKs': NHKs, 'NHKr': NHKr, 'CKs': CKs,
'CKr': CKr, 'DHIs_priv': self.state['DHIs_priv'],
'DHIs': self.state['DHIs'], 'DHIr': DHIr,
'DHRs_priv': DHRs_priv, 'DHRs': DHRs, 'DHRr': DHRr,
'CONVid': CONVid, 'Ns': Ns, 'Nr': Nr, 'PNs': PNs,
'ratchet_flag': ratchet_flag,
}
self.ratchetKey = False
self.ratchetPKey = False
def encrypt(self, plaintext):
if self.state['ratchet_flag']:
self.state['DHRs_priv'], self.state['DHRs'] = self.genKey()
self.state['HKs'] = self.state['NHKs']
self.state['RK'] = sha256(self.state['RK'] +
self.gen_dh(
self.state['DHRs_priv'],
self.state['DHRr'])).digest()
if self.mode:
self.state['NHKs'] = pbkdf2(self.state['RK'], b'\x03', 10,
prf='hmac-sha256')
self.state['CKs'] = pbkdf2(self.state['RK'], b'\x05', 10,
prf='hmac-sha256')
else:
self.state['NHKs'] = pbkdf2(self.state['RK'], b'\x04', 10,
prf='hmac-sha256')
self.state['CKs'] = pbkdf2(self.state['RK'], b'\x06', 10,
prf='hmac-sha256')
self.state['PNs'] = self.state['Ns']
self.state['Ns'] = 0
self.state['ratchet_flag'] = False
mk = sha256(self.state['CKs'] + '0').digest()
msg1 = self.enc(self.state['HKs'], str(self.state['Ns']).zfill(3) +
str(self.state['PNs']).zfill(3) + self.state['DHRs'])
msg2 = self.enc(mk, plaintext)
pad_length = 106 - len(msg1)
pad = os.urandom(pad_length - 1) + chr(pad_length)
msg = msg1 + pad + msg2
self.state['Ns'] += 1
self.state['CKs'] = sha256(self.state['CKs'] + '1').digest()
return msg
def commit_skipped_mk(self):
timestamp = int(time())
with self.db:
cur = self.db.cursor()
for mk, HKr in self.staged_HK_mk.iteritems():
cur.execute("""REPLACE INTO skipped_mk (my_identity,
to_identity, HKr, mk, timestamp ) VALUES (?, ?, ?, ?, ?)""",
self.state['name'],
self.state['other_name'],
b2a_base64(HKr).strip(),
b2a_base64(mk).strip(),
timestamp)
rowtime = timestamp - self.storeTime
cur.execute('DELETE FROM skipped_mk WHERE timestamp < ?',
(rowtime,))
def trySkippedMK(self, msg, pad_length, name, other_name):
with self.db:
cur = self.db.cursor()
cur.execute('SELECT * FROM skipped_mk')
rows = cur.fetchall()
for row in rows:
if name == row[0] and other_name == row[1]:
msg1 = msg[:106 - pad_length]
msg2 = msg[106:]
header = self.dec(a2b_base64(row[2]), msg1)
body = self.dec(a2b_base64(row[3]), msg2)
if header != '' and body != '':
cur.execute('DELETE FROM skipped_mk WHERE mk = ?',
(row[3],))
return body
return False
def stageSkippedMK(self, HKr, Nr, Np, CKr):
CKp = CKr
for i in range(Np - Nr):
mk = sha256(CKp + '0').digest()
CKp = sha256(CKp + '1').digest()
self.staged_HK_mk[mk] = HKr
mk = sha256(CKp + '0').digest()
CKp = sha256(CKp + '1').digest()
return CKp, mk
def decrypt(self, msg):
pad = msg[105:106]
pad_length = ord(pad)
msg1 = msg[:106 - pad_length]
body = self.trySkippedMK(msg, pad_length, self.state['name'],
self.state['other_name'])
if body and body != '':
return body
header = None
if self.state['HKr']:
header = self.dec(self.state['HKr'], msg1)
if header and header != '':
Np = int(header[:3])
CKp, mk = self.stageSkippedMK(self.state['HKr'], self.state['Nr'],
Np, self.state['CKr'])
body = self.dec(mk, msg[106:])
if not body or body == '':
raise (Axolotl_exception('Undecipherable message'))
else:
header = self.dec(self.state['NHKr'], msg1)
if self.state['ratchet_flag'] or not header or header == '':
raise (Axolotl_exception('Undecipherable message'))
Np = int(header[:3])
PNp = int(header[3:6])
DHRp = header[6:]
if self.state['CKr']:
self.stageSkippedMK(self.state['HKr'], self.state['Nr'], PNp,
self.state['CKr'])
HKp = self.state['NHKr']
RKp = sha256(
self.state['RK'] + self.gen_dh(self.state['DHRs_priv'],
DHRp)).digest()
if self.mode:
NHKp = pbkdf2(RKp, b'\x04', 10, prf='hmac-sha256')
CKp = pbkdf2(RKp, b'\x06', 10, prf='hmac-sha256')
else:
NHKp = pbkdf2(RKp, b'\x03', 10, prf='hmac-sha256')
CKp = pbkdf2(RKp, b'\x05', 10, prf='hmac-sha256')
CKp, mk = self.stageSkippedMK(HKp, 0, Np, CKp)
body = self.dec(mk, msg[106:])
if not body or body == '':
raise (Axolotl_exception('Undecipherable message'))
self.state['RK'] = RKp
self.state['HKr'] = HKp
self.state['NHKr'] = NHKp
self.state['DHRr'] = DHRp
self.state['DHRs_priv'] = None
self.state['DHRs'] = None
self.state['ratchet_flag'] = True
self.commit_skipped_mk()
self.state['Nr'] = Np + 1
self.state['CKr'] = CKp
return body
def encrypt_file(self, filename):
with open(filename, 'r') as f:
plaintext = f.read()
ciphertext = b2a_base64(self.encrypt(plaintext))
with open(filename + '.asc', 'w') as f:
lines = [ciphertext[i:i + 64] for i in
xrange(0, len(ciphertext), 64)]
for line in lines:
f.write(line + '\n')
def decrypt_file(self, filename):
with open(filename, 'r') as f:
ciphertext = a2b_base64(f.read())
plaintext = self.decrypt(ciphertext)
print(plaintext)
def encrypt_pipe(self):
plaintext = sys.stdin.read()
ciphertext = b2a_base64(self.encrypt(plaintext))
sys.stdout.write(ciphertext)
sys.stdout.flush()
def decrypt_pipe(self):
ciphertext = a2b_base64(sys.stdin.read())
plaintext = self.decrypt(ciphertext)
sys.stdout.write(plaintext)
sys.stdout.flush()
def printKeys(self):
print('Your Identity key is:\n' + b2a_base64(
self.state['DHIs']))
fingerprint = sha224(self.state['DHIs']).hexdigest().upper()
fprint = ''
for i in range(0, len(fingerprint), 4):
fprint += fingerprint[i:i + 2] + ':'
print('Your identity key fingerprint is: ')
print(fprint[:-1] + '\n')
print('Your Ratchet key is:\n' + b2a_base64(
self.state['DHRs']))
if self.handshakeKey:
print('Your Handshake key is:\n' + b2a_base64(
self.handshakePKey))
else:
print('Your Handshake key is not available')
def to_json(self):
_j = {'name': self.name,
'identity_key': b2a_base64(self.state('DHIs')),
'fingerprint': sha224(self.state['DHIs']).hexdigest().upper(),
'ratchet_key': b2a_base64(self.state['DHRs'])}
return json.dumps(_j)
def init_from_json(self, _jsn):
_k = json.loads(_jsn)
self.initState(_k['name'], a2b_base64(_k['identity_key']),
a2b_base64(_k['fingerprint']),
a2b_base64(_k['ratchet_key']))
self.saveState()
def saveState(self):
ktup = ('HKs', 'HKr', 'CKs', 'CKR', 'DHIr', 'DHRs_priv', 'DHRs')
v = {k: b2a_base64(self.state[k]).strip for k in ktup}
ratchet_flag = 1 if self.state['ratchet_flag'] else 0
mode = 1 if self.mode else 0
with self.db:
cur = self.db.cursor()
cur.execute("""\
REPLACE INTO conversations (
my_identity, other_identity, RK,HKS, HKr, NHKs, NHKr,
CKs, CKr, DHIs_priv, DHIs, DHIr, DHRs_priv, DHRs,
DHRr, CONVid, Ns, Nr, PNs, ratchet_flag, mode)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)""",
(self.state['name'],
self.state['other_name'],
b2a_base64(self.state['RK']).strip(),
v['HKs'], v['HKr'],
b2a_base64(self.state['NHKs']).strip(),
b2a_base64(self.state['NHKr']).strip(),
v['CKs'], v['CKr'],
b2a_base64(self.state['DHIs_priv']).strip(),
b2a_base64(self.state['DHIs']).strip(),
v['DHIr'], v['DHRs_priv'], v['DHRs'], v['DHRr'],
b2a_base64(self.state['CONVid']).strip(),
self.state['Ns'], self.state['Nr'], self.state['PNs'],
ratchet_flag,
mode
))
self.write_db()
def loadState(self, name, other_name):
self.db = self.open_db()
with self.db:
cur = self.db.cursor()
try:
cur.execute('SELECT * FROM conversations')
except sqlite3.OperationalError:
raise (Axolotl_exception('Bad sql! Password problem - \
cannot loadState()'))
rows = cur.fetchall()
for row in rows:
if row[0] == name and row[1] == other_name:
self.state = {'name': row[0],
'other_name': row[1],
'RK': a2b_base64(row[2]),
'NHKs': a2b_base64(row[5]),
'NHKr': a2b_base64(row[6]),
'DHIs_priv': a2b_base64(row[9]),
'DHIs': a2b_base64(row[10]),
'CONVid': a2b_base64(row[15]),
'Ns': row[16],
'Nr': row[17],
'PNs': row[18]}
self.name = self.state['name']
def do_bin(loc):
if row[loc] == '0':
return None
else:
return a2b_base64(row[loc])
self.state['HKs'] = do_bin(3)
self.state['HKr'] = do_bin(4)
self.state['CKs'] = do_bin(7)
self.state['CKr'] = do_bin(8)
self.state['DHIr'] = do_bin(11)
self.state['DHRs_priv'] = do_bin(12)
self.state['DHRs'] = do_bin(13)
self.state['DHRr'] = do_bin(14)
ratchet_flag = row[19]
if ratchet_flag == 1:
self.state['ratchet_flag'] = True
else:
self.state['ratchet_flag'] = False
mode = row[20]
self.mode = True if mode == 1 else False
return # exit at first match
return False # if no matches
def open_db(self):
db = sqlite3.connect(':memory:')
try:
with open(self.dbname, 'rb') as f:
if self.dbpassphrase is not None:
sql = \
self.gpg.decrypt_file(f, passphrase=self.dbpassphrase)
if sql is not None and sql != '':
db.cursor().executescript(sql.data)
return db
else:
raise (Axolotl_exception('Bad passphrase!'))
else:
sql = f.read()
db.cursor().executescript(sql)
return db
except IOError:
return db
def write_db(self):
sql = ''
for item in self.db.iterdump():
sql = sql + item + '\n'
if self.dbpassphrase is not None:
crypt_sql = self.gpg.encrypt(sql, recipients=None,
symmetric='AES256',
armor=False,
always_trust=True,
passphrase=self.dbpassphrase)
with open(self.dbname, 'wb') as f:
f.write(crypt_sql.data)
else:
with open(self.dbname, 'w') as f:
f.write(sql)
def print_state(self):
print('\nWarning: saving this data to disk is insecure!\n')
for key in sorted(self.state):
if 'priv' in key:
pass
else:
if self.state[key] is None:
print(key + ': None')
elif type(self.state[key]) is bool:
if self.state[key]:
print(key + ': True')
else:
print(key + ': False')
elif type(self.state[key]) is str:
try:
self.state[key].decode('ascii')
print(key + ': ' + self.state[key])
except UnicodeDecodeError:
print(key + ': ' + b2a_base64(
self.state[key]).strip())
else:
print(key + ': ' + str(self.state[key]))
if self.mode:
print('Mode: Alice')
else:
print('Mode: Bob')
@staticmethod
def genKey():
key = keys.Private()
privkey = key.private
pubkey = key.get_public().serialize()
return privkey, pubkey
@staticmethod
def gen_dh(a, B):
key = keys.Private(secret=a)
return key.get_shared_key(keys.Public(B))
def dec(self, key, encrypted):
key = hexlify(key)
msg = self.gpg.decrypt(GPG_HEADER + encrypted,
passphrase=key, always_trust=True)
return msg.data
def enc(self, key, plaintext):
key = hexlify(key)
msg = self.gpg.encrypt(plaintext, recipients=None,
symmetric=GPG_CIPHER,
armor=False,
always_trust=True, passphrase=key)
return msg.data[6:]
def deciphersteg(stegdata, cipher, key, aesmode, verbose=False, unprep=True):
# Decipher hidden message from array of data hidden in JT65 errors
stegedmsg = ""
stegedmsgba = np.array(range(0), dtype=np.int32)
statusar = []
for index, value in enumerate(stegdata):
if unprep:
value = jt.unprepsteg(value) # Decode real data from FEC
if cipher == "none":
recoveredtext = jt.decode(value)[0:13]
if verbose:
print "Steg Text in Message " + str(index) + " : " + recoveredtext
stegedmsg += recoveredtext
elif cipher == "XOR" or cipher == "OTP":
thesebytes = jt65tobytes(value)
thisstatus = thesebytes[0:1]
if thisstatus & 0x40 == 0x40:
# This is the last packet, signals how many bytes to read
bytestoread = thisstatus & 0x3F
thisunstegbytes = thesebytes[1:bytestoread + 1]
else:
thisunstegbytes = thesebytes[1:]
if verbose:
print "Steg Data in Message " + str(index) + " : " + str(thisunstegbytes)
stegedmsgba = np.append(stegedmsgba, thisunstegbytes)
else:
thesebytes = jt65tobytes(value)
thisunstegbytes = thesebytes[1:10]
if verbose:
print "Steg Data in Message " + str(index) + " : " + str(thisunstegbytes)
stegedmsgba = np.append(stegedmsgba, thisunstegbytes)
if cipher == "XOR":
if verbose:
print"Cipher Data : " + str(stegedmsgba)
finalcipherdata = (
''.join('{0:02x}'.format(int(e)).decode("hex") for e in stegedmsgba))
if verbose:
print"Cipher Data Hex : " + finalcipherdata
cryptobj = XOR.new(key)
stegedmsg = cryptobj.decrypt(finalcipherdata)
if cipher == "ARC4":
if verbose:
print"Cipher Data : " + str(stegedmsgba)
finalcipherdata = (
''.join('{0:02x}'.format(int(e)).decode("hex") for e in stegedmsgba))
if verbose:
print"Cipher Data Hex : " + finalcipherdata
tempkey = SHA.new(key).digest()
cryptobj = ARC4.new(tempkey)
stegedmsg = cryptobj.decrypt(finalcipherdata)
if cipher == "AES":
if verbose:
print"Cipher Data : " + str(stegedmsgba)
finalcipherdata = (
''.join('{0:02x}'.format(int(e)).decode("hex") for e in stegedmsgba))
if verbose:
print"Cipher Data Hex : " + finalcipherdata
if aesmode == "ECB":
cryptobj = AES.new(key, AES.MODE_ECB)
elif aesmode == "CBC":
cryptobj = AES.new(key, AES.MODE_CBC, finalcipherdata[0:16])
finalcipherdata = finalcipherdata[16:]
elif aesmode == "CFB":
cryptobj = AES.new(key, AES.MODE_CFB, finalcipherdata[0:16])
finalcipherdata = finalcipherdata[16:]
stegedmsg = cryptobj.decrypt(finalcipherdata)
if cipher == "GPG":
if verbose:
print"Cipher Data : " + str(stegedmsgba)
finalcipherdata = (
''.join('{0:02x}'.format(int(e)).decode("hex") for e in stegedmsgba))
if verbose:
print"Cipher Data Hex : " + finalcipherdata
gpg = GPG()
stegedmsg = gpg.decrypt(finalcipherdata)
stegedmsg = str(stegedmsg)
if cipher == "OTP":
finalcipherdata = (''.join(chr(e) for e in stegedmsgba))
if verbose:
print"Cipher Data : " + str(finalcipherdata)
stegedmsg = otp_decode(str(finalcipherdata), key)
return stegedmsg
