def test_secrets(self): res = secrets('ifmmpXPSME', -1) self.assertEqual(res, 'hello world') res = secrets('mxxKAGDnmeqMDQnqxazsFAge', 40) self.assertEqual(res, 'all your base are belong to us') res = secrets('XPSMEifmmp', -1) self.assertEqual(res, 'world hello')
def ady_payment_scheme(**kwargs): # Arguments needed: # - currency in minor unit - https://docs.adyen.com/development-resources/currency-codes # - amount in int # - reference # Import all secrets secret = secrets() payment_info = { "amount": { "currency": "USD", "value": 1000, }, "reference": kwargs['reference'], "paymentMethod": { "type": "scheme", "number": "4111111111111111", "expiryMonth": "10", "expiryYear": "2020", "cvc": "737", "holderName": "S.Hopper" }, "returnUrl": "https://your-company.com/..", "merchantAccount": secret['merchantAccount'] }
def final_steps_alice(self, form): srs = "" srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) srshash = base64.b64decode(form["srshash"]) for (secret, verified) in srses: if self.hmac(secret, "Shared Retained Secret") == srshash: srs = secret break oss = "" k = crypto.sha256(self.k + srs + oss) del self.k self.do_retained_secret(k, srs) # ks_s doesn't need to be calculated here self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(k) self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(k) # 4.6.2 Verifying Bob's Identity self.verify_identity(form, self.d, False, "b") # Note: If Alice discovers an error then she SHOULD ignore any encrypted # content she received in the stanza. if self.negotiated["logging"] == "mustnot": self.loggable = False self.status = "active" self.enable_encryption = True if self.control: self.control.print_esession_details()
def do_retained_secret(self, k, old_srs): '''calculate the new retained secret. determine if the user needs to check the remote party's identity. set up callbacks for when the identity has been verified.''' new_srs = self.hmac(k, 'New Retained Secret') self.srs = new_srs account = self.conn.name bjid = self.jid.getStripped() self.verified_identity = False if old_srs: if secrets.secrets().srs_verified(account, bjid, old_srs): # already had a stored secret verified by the user. secrets.secrets().replace_srs(account, bjid, old_srs, new_srs, True) # continue without warning. self.verified_identity = True else: # had a secret, but it wasn't verified. secrets.secrets().replace_srs(account, bjid, old_srs, new_srs, False) else: # we don't even have an SRS secrets.secrets().save_new_srs(account, bjid, new_srs, False)
def do_retained_secret(self, k, old_srs): """ Calculate the new retained secret. determine if the user needs to check the remote party's identity. Set up callbacks for when the identity has been verified """ new_srs = self.hmac(k, 'New Retained Secret') self.srs = new_srs account = self.conn.name bjid = self.jid.getStripped() self.verified_identity = False if old_srs: if secrets.secrets().srs_verified(account, bjid, old_srs): # already had a stored secret verified by the user. secrets.secrets().replace_srs(account, bjid, old_srs, new_srs, True) # continue without warning. self.verified_identity = True else: # had a secret, but it wasn't verified. secrets.secrets().replace_srs(account, bjid, old_srs, new_srs, False) else: # we don't even have an SRS secrets.secrets().save_new_srs(account, bjid, new_srs, False)
def make_identity(self, form, dh_i): if self.negotiated['send_pubkey']: if self.negotiated['sign_algs'] == (XmlDsig + 'rsa-sha256'): pubkey = secrets.secrets().my_pubkey(self.conn.name) fields = (pubkey.n, pubkey.e) cb_fields = [ base64.b64encode(crypto.encode_mpi(f)) for f in fields ] pubkey_s = b'<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"' '><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>' % \ tuple(cb_fields) else: pubkey_s = b'' form_s2 = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) for el \ in form.getChildren()) old_c_s = self.c_s content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + \ self.form_s.encode('utf-8') + form_s2.encode('utf-8') mac_s = self.hmac(self.ks_s, content) if self.negotiated['send_pubkey']: signature = self.sign(mac_s) sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">' '%s</SignatureValue>' % base64.b64encode(signature) if self.negotiated['send_pubkey'] == 'hash': b64ed = base64.b64encode(self.hash(pubkey_s)) pubkey_s = '<fingerprint>%s</fingerprint>' % b64ed id_s = self.encrypt(pubkey_s + sign_s) else: id_s = self.encrypt(mac_s) m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s) if self.status == 'requested-e2e' and self.sas_algs == 'sas28x5': # we're alice; check for a retained secret # if none exists, prompt the user with the SAS self.sas = crypto.sas_28x5(m_s, self.form_o.encode('utf-8')) if self.sigmai: # FIXME save retained secret? self.check_identity(tuple) return (nbxmpp.DataField(name='identity', value=base64.b64encode(id_s).decode('utf-8')), nbxmpp.DataField(name='mac', value=base64.b64encode(m_s).decode('utf-8')))
def make_identity(self, form, dh_i): if self.negotiated['send_pubkey']: if self.negotiated['sign_algs'] == (XmlDsig + 'rsa-sha256'): pubkey = secrets.secrets().my_pubkey(self.conn.name) fields = (pubkey.n, pubkey.e) cb_fields = [base64.b64encode(crypto.encode_mpi(f)) for f in fields] pubkey_s = b'<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"' '><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>' % \ tuple(cb_fields) else: pubkey_s = b'' form_s2 = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) for el \ in form.getChildren()) old_c_s = self.c_s content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + \ self.form_s.encode('utf-8') + form_s2.encode('utf-8') mac_s = self.hmac(self.ks_s, content) if self.negotiated['send_pubkey']: signature = self.sign(mac_s) sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">' '%s</SignatureValue>' % base64.b64encode(signature) if self.negotiated['send_pubkey'] == 'hash': b64ed = base64.b64encode(self.hash(pubkey_s)) pubkey_s = '<fingerprint>%s</fingerprint>' % b64ed id_s = self.encrypt(pubkey_s + sign_s) else: id_s = self.encrypt(mac_s) m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s) if self.status == 'requested-e2e' and self.sas_algs == 'sas28x5': # we're alice; check for a retained secret # if none exists, prompt the user with the SAS self.sas = crypto.sas_28x5(m_s, self.form_o.encode('utf-8')) if self.sigmai: # FIXME save retained secret? self.check_identity(tuple) return (nbxmpp.DataField(name='identity', value=base64.b64encode(id_s).decode('utf-8')), nbxmpp.DataField(name='mac', value=base64.b64encode(m_s).decode('utf-8')))
def make_identity(self, form, dh_i): if self.negotiated["send_pubkey"]: if self.negotiated["sign_algs"] == (XmlDsig + "rsa-sha256"): pubkey = secrets.secrets().my_pubkey(self.conn.name) fields = (pubkey.n, pubkey.e) cb_fields = map(lambda f: base64.b64encode(crypto.encode_mpi(f)), fields) pubkey_s = '<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"' "><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>" % tuple(cb_fields) else: pubkey_s = "" form_s2 = "".join(map(lambda el: xmpp.c14n.c14n(el), form.getChildren())) old_c_s = self.c_s content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + self.form_s + form_s2 mac_s = self.hmac(self.ks_s, content) if self.negotiated["send_pubkey"]: signature = self.sign(mac_s) sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">' "%s</SignatureValue>" % base64.b64encode(signature) if self.negotiated["send_pubkey"] == "hash": b64ed = base64.b64encode(self.hash(pubkey_s)) pubkey_s = "<fingerprint>%s</fingerprint>" % b64ed id_s = self.encrypt(pubkey_s + sign_s) else: id_s = self.encrypt(mac_s) m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s) if self.status == "requested-e2e" and self.sas_algs == "sas28x5": # we're alice; check for a retained secret # if none exists, prompt the user with the SAS self.sas = crypto.sas_28x5(m_s, self.form_o) if self.sigmai: # XXX save retained secret? self.check_identity(lambda: ()) return ( xmpp.DataField(name="identity", value=base64.b64encode(id_s)), xmpp.DataField(name="mac", value=base64.b64encode(m_s)), )
def final_steps_alice(self, form): srs = b'' srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) try: srshash = base64.b64decode(form['srshash']) except IndexError: return for s in srses: secret = s[0] if self.hmac(secret, b'Shared Retained Secret') == srshash: srs = secret break oss = b'' k = crypto.sha256(self.k + srs + oss) del self.k self.do_retained_secret(k, srs) # ks_s doesn't need to be calculated here self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(k) self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(k) # 4.6.2 Verifying Bob's Identity self.verify_identity(form, self.d, False, 'b') # Note: If Alice discovers an error then she SHOULD ignore any encrypted # content she received in the stanza. if self.negotiated['logging'] == 'mustnot': self.loggable = False self.status = 'active' self.enable_encryption = True if self.control: self.control.print_esession_details() self.stop_archiving_for_session()
def final_steps_alice(self, form): srs = '' srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) try: srshash = base64.b64decode(form['srshash']) except IndexError: return for s in srses: secret = s[0] if self.hmac(secret, 'Shared Retained Secret') == srshash: srs = secret break oss = '' k = crypto.sha256(self.k + srs + oss) del self.k self.do_retained_secret(k, srs) # ks_s doesn't need to be calculated here self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(k) self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(k) # 4.6.2 Verifying Bob's Identity self.verify_identity(form, self.d, False, 'b') # Note: If Alice discovers an error then she SHOULD ignore any encrypted # content she received in the stanza. if self.negotiated['logging'] == 'mustnot': self.loggable = False self.status = 'active' self.enable_encryption = True if self.control: self.control.print_esession_details() self.stop_archiving_for_session()
def ady_paymentMethods(country, currency): # Import all secrets secret = secrets() ady = Adyen.Adyen() client = ady.client client.xapikey = secret['xapikey'] client.platform = secret['platform'] client.app_name = secret['app_name'] request = { 'merchantAccount': secret['merchantAccount'], 'countryCode': country, 'amount': { 'value': 100, 'currency': currency, }, 'channel': 'Web' } response = ady.checkout.payment_methods(request) return response
def _verified_srs_cb(self): secrets.secrets().replace_srs(self.conn.name, self.jid.getStripped(), self.srs, self.srs, True)
def accept_e2e_bob(self, form): response = xmpp.Message() init = response.NT.init init.setNamespace(xmpp.NS_ESESSION_INIT) x = xmpp.DataForm(typ='result') for field in ('nonce', 'dhkeys', 'rshashes', 'identity', 'mac'): assert field in form.asDict(), "alice's form didn't have a %s field" \ % field # 4.5.1 generating provisory session keys e = crypto.decode_mpi(base64.b64decode(form['dhkeys'])) p = dh.primes[self.modp] if crypto.sha256(crypto.encode_mpi(e)) != self.negotiated['He']: raise exceptions.NegotiationError, 'SHA256(e) != He' k = self.get_shared_secret(e, self.y, p) self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k) # 4.5.2 verifying alice's identity self.verify_identity(form, e, False, 'a') # 4.5.4 generating bob's final session keys srs = '' srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) rshashes = [ base64.b64decode(rshash) for rshash in form.getField('rshashes').getValues() ] for (secret, verified) in srses: if self.hmac(self.n_o, secret) in rshashes: srs = secret break # other shared secret # (we're not using one) oss = '' k = crypto.sha256(k + srs + oss) self.kc_s, self.km_s, self.ks_s = self.generate_responder_keys(k) self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k) # 4.5.5 if srs: srshash = self.hmac(srs, 'Shared Retained Secret') else: srshash = crypto.random_bytes(32) x.addChild(node=xmpp.DataField(name='FORM_TYPE', value='urn:xmpp:ssn')) x.addChild(node=xmpp.DataField(name='nonce', value=base64.b64encode(self.n_o))) x.addChild(node=xmpp.DataField(name='srshash', value=base64.b64encode(srshash))) for datafield in self.make_identity(x, self.d): x.addChild(node=datafield) init.addChild(node=x) self.send(response) self.do_retained_secret(k, srs) if self.negotiated['logging'] == 'mustnot': self.loggable = False self.status = 'active' self.enable_encryption = True if self.control: self.control.print_esession_details()
def accept_e2e_alice(self, form, negotiated): self.encryptable_stanzas = ["message"] self.sas_algs = "sas28x5" self.cipher = AES self.hash_alg = SHA256 self.compression = None self.negotiated = negotiated accept = xmpp.Message() feature = accept.NT.feature feature.setNamespace(xmpp.NS_FEATURE) result = xmpp.DataForm(typ="result") self.c_s = crypto.decode_mpi(base64.b64decode(form["counter"])) self.c_o = self.c_s ^ (2 ** (self.n - 1)) self.n_o = base64.b64decode(form["my_nonce"]) mod_p = int(form["modp"]) p = dh.primes[mod_p] x = self.xes[mod_p] e = self.es[mod_p] self.d = crypto.decode_mpi(base64.b64decode(form["dhkeys"])) self.k = self.get_shared_secret(self.d, x, p) result.addChild(node=xmpp.DataField(name="FORM_TYPE", value="urn:xmpp:ssn")) result.addChild(node=xmpp.DataField(name="accept", value="1")) result.addChild(node=xmpp.DataField(name="nonce", value=base64.b64encode(self.n_o))) self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(self.k) if self.sigmai: self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(self.k) self.verify_identity(form, self.d, True, "b") else: srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) rshashes = [self.hmac(self.n_s, rs) for (rs, v) in srses] if not rshashes: # we've never spoken before, but we'll pretend we have rshash_size = self.hash_alg.digest_size rshashes.append(crypto.random_bytes(rshash_size)) rshashes = [base64.b64encode(rshash) for rshash in rshashes] result.addChild(node=xmpp.DataField(name="rshashes", value=rshashes)) result.addChild(node=xmpp.DataField(name="dhkeys", value=base64.b64encode(crypto.encode_mpi(e)))) self.form_o = "".join(map(lambda el: xmpp.c14n.c14n(el), form.getChildren())) # MUST securely destroy K unless it will be used later to generate the # final shared secret for datafield in self.make_identity(result, e): result.addChild(node=datafield) feature.addChild(node=result) self.send(accept) if self.sigmai: self.status = "active" self.enable_encryption = True else: self.status = "identified-alice"
def accept_e2e_alice(self, form, negotiated): self.encryptable_stanzas = ['message'] self.sas_algs = 'sas28x5' self.cipher = AES self.hash_alg = SHA256 self.compression = None self.negotiated = negotiated accept = xmpp.Message() feature = accept.NT.feature feature.setNamespace(xmpp.NS_FEATURE) result = xmpp.DataForm(typ='result') self.c_s = crypto.decode_mpi(base64.b64decode(form['counter'])) self.c_o = self.c_s ^ (2**(self.n - 1)) self.n_o = base64.b64decode(form['my_nonce']) mod_p = int(form['modp']) p = dh.primes[mod_p] x = self.xes[mod_p] e = self.es[mod_p] self.d = crypto.decode_mpi(base64.b64decode(form['dhkeys'])) self.k = self.get_shared_secret(self.d, x, p) result.addChild( node=xmpp.DataField(name='FORM_TYPE', value='urn:xmpp:ssn')) result.addChild(node=xmpp.DataField(name='accept', value='1')) result.addChild(node=xmpp.DataField(name='nonce', value=base64.b64encode(self.n_o))) self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(self.k) if self.sigmai: self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys( self.k) self.verify_identity(form, self.d, True, 'b') else: srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) rshashes = [self.hmac(self.n_s, rs) for (rs, v) in srses] if not rshashes: # we've never spoken before, but we'll pretend we have rshash_size = self.hash_alg.digest_size rshashes.append(crypto.random_bytes(rshash_size)) rshashes = [base64.b64encode(rshash) for rshash in rshashes] result.addChild( node=xmpp.DataField(name='rshashes', value=rshashes)) result.addChild(node=xmpp.DataField( name='dhkeys', value=base64.b64encode(crypto.encode_mpi(e)))) self.form_o = ''.join( map(lambda el: xmpp.c14n.c14n(el), form.getChildren())) # MUST securely destroy K unless it will be used later to generate the # final shared secret for datafield in self.make_identity(result, e): result.addChild(node=datafield) feature.addChild(node=result) self.send(accept) if self.sigmai: self.status = 'active' self.enable_encryption = True else: self.status = 'identified-alice'
def accept_e2e_bob(self, form): response = xmpp.Message() init = response.NT.init init.setNamespace(xmpp.NS_ESESSION_INIT) x = xmpp.DataForm(typ="result") for field in ("nonce", "dhkeys", "rshashes", "identity", "mac"): assert field in form.asDict(), "alice's form didn't have a %s field" % field # 4.5.1 generating provisory session keys e = crypto.decode_mpi(base64.b64decode(form["dhkeys"])) p = dh.primes[self.modp] if crypto.sha256(crypto.encode_mpi(e)) != self.negotiated["He"]: raise exceptions.NegotiationError, "SHA256(e) != He" k = self.get_shared_secret(e, self.y, p) self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k) # 4.5.2 verifying alice's identity self.verify_identity(form, e, False, "a") # 4.5.4 generating bob's final session keys srs = "" srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) rshashes = [base64.b64decode(rshash) for rshash in form.getField("rshashes").getValues()] for (secret, verified) in srses: if self.hmac(self.n_o, secret) in rshashes: srs = secret break # other shared secret # (we're not using one) oss = "" k = crypto.sha256(k + srs + oss) self.kc_s, self.km_s, self.ks_s = self.generate_responder_keys(k) self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k) # 4.5.5 if srs: srshash = self.hmac(srs, "Shared Retained Secret") else: srshash = crypto.random_bytes(32) x.addChild(node=xmpp.DataField(name="FORM_TYPE", value="urn:xmpp:ssn")) x.addChild(node=xmpp.DataField(name="nonce", value=base64.b64encode(self.n_o))) x.addChild(node=xmpp.DataField(name="srshash", value=base64.b64encode(srshash))) for datafield in self.make_identity(x, self.d): x.addChild(node=datafield) init.addChild(node=x) self.send(response) self.do_retained_secret(k, srs) if self.negotiated["logging"] == "mustnot": self.loggable = False self.status = "active" self.enable_encryption = True if self.control: self.control.print_esession_details()
def accept_e2e_bob(self, form): """ 4.5 esession accept (bob) """ response = nbxmpp.Message() init = response.NT.init init.setNamespace(nbxmpp.NS_ESESSION_INIT) x = nbxmpp.DataForm(typ='result') for field in ('nonce', 'dhkeys', 'rshashes', 'identity', 'mac'): # FIXME: will do nothing in real world... assert field in form.asDict(), "alice's form didn't have a %s field" \ % field # 4.5.1 generating provisory session keys e = crypto.decode_mpi(base64.b64decode(form['dhkeys'])) p = dh.primes[self.modp] if crypto.sha256(crypto.encode_mpi(e)) != self.negotiated['He']: raise NegotiationError('SHA256(e) != He') k = self.get_shared_secret(e, self.y, p) self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k) # 4.5.2 verifying alice's identity self.verify_identity(form, e, False, 'a') # 4.5.4 generating bob's final session keys srs = '' srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) rshashes = [base64.b64decode(rshash) for rshash in form.getField( 'rshashes').getValues()] for s in srses: secret = s[0] if self.hmac(self.n_o, secret) in rshashes: srs = secret break # other shared secret # (we're not using one) oss = '' k = crypto.sha256(k + srs + oss) self.kc_s, self.km_s, self.ks_s = self.generate_responder_keys(k) self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k) # 4.5.5 if srs: srshash = self.hmac(srs, 'Shared Retained Secret') else: srshash = crypto.random_bytes(32) x.addChild(node=nbxmpp.DataField(name='FORM_TYPE', value='urn:xmpp:ssn')) x.addChild(node=nbxmpp.DataField(name='nonce', value=base64.b64encode( self.n_o))) x.addChild(node=nbxmpp.DataField(name='srshash', value=base64.b64encode( srshash))) for datafield in self.make_identity(x, self.d): x.addChild(node=datafield) init.addChild(node=x) self.send(response) self.do_retained_secret(k, srs) if self.negotiated['logging'] == 'mustnot': self.loggable = False self.status = 'active' self.enable_encryption = True if self.control: self.control.print_esession_details() self.stop_archiving_for_session()
def accept_e2e_alice(self, form, negotiated): """ 'Alice Accepts', continued """ self.encryptable_stanzas = ['message'] self.sas_algs = 'sas28x5' self.cipher = AES self.hash_alg = sha256 self.compression = None self.negotiated = negotiated accept = nbxmpp.Message() feature = accept.NT.feature feature.setNamespace(nbxmpp.NS_FEATURE) result = nbxmpp.DataForm(typ='result') self.c_s = crypto.decode_mpi(base64.b64decode(form['counter'])) self.c_o = self.c_s ^ (2 ** (self.n - 1)) self.n_o = base64.b64decode(form['my_nonce']) mod_p = int(form['modp']) p = dh.primes[mod_p] x = self.xes[mod_p] e = self.es[mod_p] self.d = crypto.decode_mpi(base64.b64decode(form['dhkeys'])) self.k = self.get_shared_secret(self.d, x, p) result.addChild(node=nbxmpp.DataField(name='FORM_TYPE', value='urn:xmpp:ssn')) result.addChild(node=nbxmpp.DataField(name='accept', value='1')) result.addChild(node=nbxmpp.DataField(name='nonce', value=base64.b64encode(self.n_o))) self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(self.k) if self.sigmai: self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(self.k) self.verify_identity(form, self.d, True, 'b') else: srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped()) rshashes = [self.hmac(self.n_s, rs[0]) for rs in srses] if not rshashes: # we've never spoken before, but we'll pretend we have rshash_size = self.hash_alg().digest_size rshashes.append(crypto.random_bytes(rshash_size)) rshashes = [base64.b64encode(rshash) for rshash in rshashes] result.addChild(node=nbxmpp.DataField(name='rshashes', value=rshashes)) result.addChild(node=nbxmpp.DataField(name='dhkeys', value=base64.b64encode(crypto.encode_mpi(e)))) self.form_o = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) \ for el in form.getChildren()) # MUST securely destroy K unless it will be used later to generate the # final shared secret for datafield in self.make_identity(result, e): result.addChild(node=datafield) feature.addChild(node=result) self.send(accept) if self.sigmai: self.status = 'active' self.enable_encryption = True else: self.status = 'identified-alice'
def _unverified_srs_cb(self): secrets.secrets().replace_srs(self.conn.name, self.jid.getStripped(), self.srs, self.srs, False)