def test_secrets(self):
res = secrets('ifmmpXPSME', -1)
self.assertEqual(res, 'hello world')
res = secrets('mxxKAGDnmeqMDQnqxazsFAge', 40)
self.assertEqual(res, 'all your base are belong to us')
res = secrets('XPSMEifmmp', -1)
self.assertEqual(res, 'world hello')
def ady_payment_scheme(**kwargs):
# Arguments needed:
# - currency in minor unit - https://docs.adyen.com/development-resources/currency-codes
# - amount in int
# - reference
# Import all secrets
secret = secrets()
payment_info = {
"amount": {
"currency": "USD",
"value": 1000,
},
"reference": kwargs['reference'],
"paymentMethod": {
"type": "scheme",
"number": "4111111111111111",
"expiryMonth": "10",
"expiryYear": "2020",
"cvc": "737",
"holderName": "S.Hopper"
},
"returnUrl": "https://your-company.com/..",
"merchantAccount": secret['merchantAccount']
}
def final_steps_alice(self, form):
srs = ""
srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped())
srshash = base64.b64decode(form["srshash"])
for (secret, verified) in srses:
if self.hmac(secret, "Shared Retained Secret") == srshash:
srs = secret
break
oss = ""
k = crypto.sha256(self.k + srs + oss)
del self.k
self.do_retained_secret(k, srs)
# ks_s doesn't need to be calculated here
self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(k)
self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(k)
# 4.6.2 Verifying Bob's Identity
self.verify_identity(form, self.d, False, "b")
# Note: If Alice discovers an error then she SHOULD ignore any encrypted
# content she received in the stanza.
if self.negotiated["logging"] == "mustnot":
self.loggable = False
self.status = "active"
self.enable_encryption = True
if self.control:
self.control.print_esession_details()
def do_retained_secret(self, k, old_srs):
'''calculate the new retained secret. determine if the user needs to check
the remote party's identity. set up callbacks for when the identity has
been verified.'''
new_srs = self.hmac(k, 'New Retained Secret')
self.srs = new_srs
account = self.conn.name
bjid = self.jid.getStripped()
self.verified_identity = False
if old_srs:
if secrets.secrets().srs_verified(account, bjid, old_srs):
# already had a stored secret verified by the user.
secrets.secrets().replace_srs(account, bjid, old_srs, new_srs,
True)
# continue without warning.
self.verified_identity = True
else:
# had a secret, but it wasn't verified.
secrets.secrets().replace_srs(account, bjid, old_srs, new_srs,
False)
else:
# we don't even have an SRS
secrets.secrets().save_new_srs(account, bjid, new_srs, False)
def do_retained_secret(self, k, old_srs):
"""
Calculate the new retained secret. determine if the user needs to check
the remote party's identity. Set up callbacks for when the identity has
been verified
"""
new_srs = self.hmac(k, 'New Retained Secret')
self.srs = new_srs
account = self.conn.name
bjid = self.jid.getStripped()
self.verified_identity = False
if old_srs:
if secrets.secrets().srs_verified(account, bjid, old_srs):
# already had a stored secret verified by the user.
secrets.secrets().replace_srs(account, bjid, old_srs, new_srs, True)
# continue without warning.
self.verified_identity = True
else:
# had a secret, but it wasn't verified.
secrets.secrets().replace_srs(account, bjid, old_srs, new_srs,
False)
else:
# we don't even have an SRS
secrets.secrets().save_new_srs(account, bjid, new_srs, False)
def make_identity(self, form, dh_i):
if self.negotiated['send_pubkey']:
if self.negotiated['sign_algs'] == (XmlDsig + 'rsa-sha256'):
pubkey = secrets.secrets().my_pubkey(self.conn.name)
fields = (pubkey.n, pubkey.e)
cb_fields = [
base64.b64encode(crypto.encode_mpi(f)) for f in fields
]
pubkey_s = b'<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"'
'><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>' % \
tuple(cb_fields)
else:
pubkey_s = b''
form_s2 = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) for el \
in form.getChildren())
old_c_s = self.c_s
content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + \
self.form_s.encode('utf-8') + form_s2.encode('utf-8')
mac_s = self.hmac(self.ks_s, content)
if self.negotiated['send_pubkey']:
signature = self.sign(mac_s)
sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">'
'%s</SignatureValue>' % base64.b64encode(signature)
if self.negotiated['send_pubkey'] == 'hash':
b64ed = base64.b64encode(self.hash(pubkey_s))
pubkey_s = '<fingerprint>%s</fingerprint>' % b64ed
id_s = self.encrypt(pubkey_s + sign_s)
else:
id_s = self.encrypt(mac_s)
m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s)
if self.status == 'requested-e2e' and self.sas_algs == 'sas28x5':
# we're alice; check for a retained secret
# if none exists, prompt the user with the SAS
self.sas = crypto.sas_28x5(m_s, self.form_o.encode('utf-8'))
if self.sigmai:
# FIXME save retained secret?
self.check_identity(tuple)
return (nbxmpp.DataField(name='identity',
value=base64.b64encode(id_s).decode('utf-8')),
nbxmpp.DataField(name='mac',
value=base64.b64encode(m_s).decode('utf-8')))
def make_identity(self, form, dh_i):
if self.negotiated['send_pubkey']:
if self.negotiated['sign_algs'] == (XmlDsig + 'rsa-sha256'):
pubkey = secrets.secrets().my_pubkey(self.conn.name)
fields = (pubkey.n, pubkey.e)
cb_fields = [base64.b64encode(crypto.encode_mpi(f)) for f in
fields]
pubkey_s = b'<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"'
'><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>' % \
tuple(cb_fields)
else:
pubkey_s = b''
form_s2 = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) for el \
in form.getChildren())
old_c_s = self.c_s
content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + \
self.form_s.encode('utf-8') + form_s2.encode('utf-8')
mac_s = self.hmac(self.ks_s, content)
if self.negotiated['send_pubkey']:
signature = self.sign(mac_s)
sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">'
'%s</SignatureValue>' % base64.b64encode(signature)
if self.negotiated['send_pubkey'] == 'hash':
b64ed = base64.b64encode(self.hash(pubkey_s))
pubkey_s = '<fingerprint>%s</fingerprint>' % b64ed
id_s = self.encrypt(pubkey_s + sign_s)
else:
id_s = self.encrypt(mac_s)
m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s)
if self.status == 'requested-e2e' and self.sas_algs == 'sas28x5':
# we're alice; check for a retained secret
# if none exists, prompt the user with the SAS
self.sas = crypto.sas_28x5(m_s, self.form_o.encode('utf-8'))
if self.sigmai:
# FIXME save retained secret?
self.check_identity(tuple)
return (nbxmpp.DataField(name='identity',
value=base64.b64encode(id_s).decode('utf-8')),
nbxmpp.DataField(name='mac',
value=base64.b64encode(m_s).decode('utf-8')))
def make_identity(self, form, dh_i):
if self.negotiated["send_pubkey"]:
if self.negotiated["sign_algs"] == (XmlDsig + "rsa-sha256"):
pubkey = secrets.secrets().my_pubkey(self.conn.name)
fields = (pubkey.n, pubkey.e)
cb_fields = map(lambda f: base64.b64encode(crypto.encode_mpi(f)), fields)
pubkey_s = '<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"'
"><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>" % tuple(cb_fields)
else:
pubkey_s = ""
form_s2 = "".join(map(lambda el: xmpp.c14n.c14n(el), form.getChildren()))
old_c_s = self.c_s
content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + self.form_s + form_s2
mac_s = self.hmac(self.ks_s, content)
if self.negotiated["send_pubkey"]:
signature = self.sign(mac_s)
sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">'
"%s</SignatureValue>" % base64.b64encode(signature)
if self.negotiated["send_pubkey"] == "hash":
b64ed = base64.b64encode(self.hash(pubkey_s))
pubkey_s = "<fingerprint>%s</fingerprint>" % b64ed
id_s = self.encrypt(pubkey_s + sign_s)
else:
id_s = self.encrypt(mac_s)
m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s)
if self.status == "requested-e2e" and self.sas_algs == "sas28x5":
# we're alice; check for a retained secret
# if none exists, prompt the user with the SAS
self.sas = crypto.sas_28x5(m_s, self.form_o)
if self.sigmai:
# XXX save retained secret?
self.check_identity(lambda: ())
return (
xmpp.DataField(name="identity", value=base64.b64encode(id_s)),
xmpp.DataField(name="mac", value=base64.b64encode(m_s)),
)
def final_steps_alice(self, form):
srs = b''
srses = secrets.secrets().retained_secrets(self.conn.name,
self.jid.getStripped())
try:
srshash = base64.b64decode(form['srshash'])
except IndexError:
return
for s in srses:
secret = s[0]
if self.hmac(secret, b'Shared Retained Secret') == srshash:
srs = secret
break
oss = b''
k = crypto.sha256(self.k + srs + oss)
del self.k
self.do_retained_secret(k, srs)
# ks_s doesn't need to be calculated here
self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(k)
self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(k)
# 4.6.2 Verifying Bob's Identity
self.verify_identity(form, self.d, False, 'b')
# Note: If Alice discovers an error then she SHOULD ignore any encrypted
# content she received in the stanza.
if self.negotiated['logging'] == 'mustnot':
self.loggable = False
self.status = 'active'
self.enable_encryption = True
if self.control:
self.control.print_esession_details()
self.stop_archiving_for_session()
def final_steps_alice(self, form):
srs = ''
srses = secrets.secrets().retained_secrets(self.conn.name,
self.jid.getStripped())
try:
srshash = base64.b64decode(form['srshash'])
except IndexError:
return
for s in srses:
secret = s[0]
if self.hmac(secret, 'Shared Retained Secret') == srshash:
srs = secret
break
oss = ''
k = crypto.sha256(self.k + srs + oss)
del self.k
self.do_retained_secret(k, srs)
# ks_s doesn't need to be calculated here
self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(k)
self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(k)
# 4.6.2 Verifying Bob's Identity
self.verify_identity(form, self.d, False, 'b')
# Note: If Alice discovers an error then she SHOULD ignore any encrypted
# content she received in the stanza.
if self.negotiated['logging'] == 'mustnot':
self.loggable = False
self.status = 'active'
self.enable_encryption = True
if self.control:
self.control.print_esession_details()
self.stop_archiving_for_session()
def ady_paymentMethods(country, currency):
# Import all secrets
secret = secrets()
ady = Adyen.Adyen()
client = ady.client
client.xapikey = secret['xapikey']
client.platform = secret['platform']
client.app_name = secret['app_name']
request = {
'merchantAccount': secret['merchantAccount'],
'countryCode': country,
'amount': {
'value': 100,
'currency': currency,
},
'channel': 'Web'
}
response = ady.checkout.payment_methods(request)
return response
def _verified_srs_cb(self):
secrets.secrets().replace_srs(self.conn.name, self.jid.getStripped(),
self.srs, self.srs, True)
def accept_e2e_bob(self, form):
response = xmpp.Message()
init = response.NT.init
init.setNamespace(xmpp.NS_ESESSION_INIT)
x = xmpp.DataForm(typ='result')
for field in ('nonce', 'dhkeys', 'rshashes', 'identity', 'mac'):
assert field in form.asDict(), "alice's form didn't have a %s field" \
% field
# 4.5.1 generating provisory session keys
e = crypto.decode_mpi(base64.b64decode(form['dhkeys']))
p = dh.primes[self.modp]
if crypto.sha256(crypto.encode_mpi(e)) != self.negotiated['He']:
raise exceptions.NegotiationError, 'SHA256(e) != He'
k = self.get_shared_secret(e, self.y, p)
self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k)
# 4.5.2 verifying alice's identity
self.verify_identity(form, e, False, 'a')
# 4.5.4 generating bob's final session keys
srs = ''
srses = secrets.secrets().retained_secrets(self.conn.name,
self.jid.getStripped())
rshashes = [
base64.b64decode(rshash)
for rshash in form.getField('rshashes').getValues()
]
for (secret, verified) in srses:
if self.hmac(self.n_o, secret) in rshashes:
srs = secret
break
# other shared secret
# (we're not using one)
oss = ''
k = crypto.sha256(k + srs + oss)
self.kc_s, self.km_s, self.ks_s = self.generate_responder_keys(k)
self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k)
# 4.5.5
if srs:
srshash = self.hmac(srs, 'Shared Retained Secret')
else:
srshash = crypto.random_bytes(32)
x.addChild(node=xmpp.DataField(name='FORM_TYPE', value='urn:xmpp:ssn'))
x.addChild(node=xmpp.DataField(name='nonce',
value=base64.b64encode(self.n_o)))
x.addChild(node=xmpp.DataField(name='srshash',
value=base64.b64encode(srshash)))
for datafield in self.make_identity(x, self.d):
x.addChild(node=datafield)
init.addChild(node=x)
self.send(response)
self.do_retained_secret(k, srs)
if self.negotiated['logging'] == 'mustnot':
self.loggable = False
self.status = 'active'
self.enable_encryption = True
if self.control:
self.control.print_esession_details()
def accept_e2e_alice(self, form, negotiated):
self.encryptable_stanzas = ["message"]
self.sas_algs = "sas28x5"
self.cipher = AES
self.hash_alg = SHA256
self.compression = None
self.negotiated = negotiated
accept = xmpp.Message()
feature = accept.NT.feature
feature.setNamespace(xmpp.NS_FEATURE)
result = xmpp.DataForm(typ="result")
self.c_s = crypto.decode_mpi(base64.b64decode(form["counter"]))
self.c_o = self.c_s ^ (2 ** (self.n - 1))
self.n_o = base64.b64decode(form["my_nonce"])
mod_p = int(form["modp"])
p = dh.primes[mod_p]
x = self.xes[mod_p]
e = self.es[mod_p]
self.d = crypto.decode_mpi(base64.b64decode(form["dhkeys"]))
self.k = self.get_shared_secret(self.d, x, p)
result.addChild(node=xmpp.DataField(name="FORM_TYPE", value="urn:xmpp:ssn"))
result.addChild(node=xmpp.DataField(name="accept", value="1"))
result.addChild(node=xmpp.DataField(name="nonce", value=base64.b64encode(self.n_o)))
self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(self.k)
if self.sigmai:
self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(self.k)
self.verify_identity(form, self.d, True, "b")
else:
srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped())
rshashes = [self.hmac(self.n_s, rs) for (rs, v) in srses]
if not rshashes:
# we've never spoken before, but we'll pretend we have
rshash_size = self.hash_alg.digest_size
rshashes.append(crypto.random_bytes(rshash_size))
rshashes = [base64.b64encode(rshash) for rshash in rshashes]
result.addChild(node=xmpp.DataField(name="rshashes", value=rshashes))
result.addChild(node=xmpp.DataField(name="dhkeys", value=base64.b64encode(crypto.encode_mpi(e))))
self.form_o = "".join(map(lambda el: xmpp.c14n.c14n(el), form.getChildren()))
# MUST securely destroy K unless it will be used later to generate the
# final shared secret
for datafield in self.make_identity(result, e):
result.addChild(node=datafield)
feature.addChild(node=result)
self.send(accept)
if self.sigmai:
self.status = "active"
self.enable_encryption = True
else:
self.status = "identified-alice"
def accept_e2e_alice(self, form, negotiated):
self.encryptable_stanzas = ['message']
self.sas_algs = 'sas28x5'
self.cipher = AES
self.hash_alg = SHA256
self.compression = None
self.negotiated = negotiated
accept = xmpp.Message()
feature = accept.NT.feature
feature.setNamespace(xmpp.NS_FEATURE)
result = xmpp.DataForm(typ='result')
self.c_s = crypto.decode_mpi(base64.b64decode(form['counter']))
self.c_o = self.c_s ^ (2**(self.n - 1))
self.n_o = base64.b64decode(form['my_nonce'])
mod_p = int(form['modp'])
p = dh.primes[mod_p]
x = self.xes[mod_p]
e = self.es[mod_p]
self.d = crypto.decode_mpi(base64.b64decode(form['dhkeys']))
self.k = self.get_shared_secret(self.d, x, p)
result.addChild(
node=xmpp.DataField(name='FORM_TYPE', value='urn:xmpp:ssn'))
result.addChild(node=xmpp.DataField(name='accept', value='1'))
result.addChild(node=xmpp.DataField(name='nonce',
value=base64.b64encode(self.n_o)))
self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(self.k)
if self.sigmai:
self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(
self.k)
self.verify_identity(form, self.d, True, 'b')
else:
srses = secrets.secrets().retained_secrets(self.conn.name,
self.jid.getStripped())
rshashes = [self.hmac(self.n_s, rs) for (rs, v) in srses]
if not rshashes:
# we've never spoken before, but we'll pretend we have
rshash_size = self.hash_alg.digest_size
rshashes.append(crypto.random_bytes(rshash_size))
rshashes = [base64.b64encode(rshash) for rshash in rshashes]
result.addChild(
node=xmpp.DataField(name='rshashes', value=rshashes))
result.addChild(node=xmpp.DataField(
name='dhkeys', value=base64.b64encode(crypto.encode_mpi(e))))
self.form_o = ''.join(
map(lambda el: xmpp.c14n.c14n(el), form.getChildren()))
# MUST securely destroy K unless it will be used later to generate the
# final shared secret
for datafield in self.make_identity(result, e):
result.addChild(node=datafield)
feature.addChild(node=result)
self.send(accept)
if self.sigmai:
self.status = 'active'
self.enable_encryption = True
else:
self.status = 'identified-alice'
def accept_e2e_bob(self, form):
response = xmpp.Message()
init = response.NT.init
init.setNamespace(xmpp.NS_ESESSION_INIT)
x = xmpp.DataForm(typ="result")
for field in ("nonce", "dhkeys", "rshashes", "identity", "mac"):
assert field in form.asDict(), "alice's form didn't have a %s field" % field
# 4.5.1 generating provisory session keys
e = crypto.decode_mpi(base64.b64decode(form["dhkeys"]))
p = dh.primes[self.modp]
if crypto.sha256(crypto.encode_mpi(e)) != self.negotiated["He"]:
raise exceptions.NegotiationError, "SHA256(e) != He"
k = self.get_shared_secret(e, self.y, p)
self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k)
# 4.5.2 verifying alice's identity
self.verify_identity(form, e, False, "a")
# 4.5.4 generating bob's final session keys
srs = ""
srses = secrets.secrets().retained_secrets(self.conn.name, self.jid.getStripped())
rshashes = [base64.b64decode(rshash) for rshash in form.getField("rshashes").getValues()]
for (secret, verified) in srses:
if self.hmac(self.n_o, secret) in rshashes:
srs = secret
break
# other shared secret
# (we're not using one)
oss = ""
k = crypto.sha256(k + srs + oss)
self.kc_s, self.km_s, self.ks_s = self.generate_responder_keys(k)
self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k)
# 4.5.5
if srs:
srshash = self.hmac(srs, "Shared Retained Secret")
else:
srshash = crypto.random_bytes(32)
x.addChild(node=xmpp.DataField(name="FORM_TYPE", value="urn:xmpp:ssn"))
x.addChild(node=xmpp.DataField(name="nonce", value=base64.b64encode(self.n_o)))
x.addChild(node=xmpp.DataField(name="srshash", value=base64.b64encode(srshash)))
for datafield in self.make_identity(x, self.d):
x.addChild(node=datafield)
init.addChild(node=x)
self.send(response)
self.do_retained_secret(k, srs)
if self.negotiated["logging"] == "mustnot":
self.loggable = False
self.status = "active"
self.enable_encryption = True
if self.control:
self.control.print_esession_details()
def accept_e2e_bob(self, form):
"""
4.5 esession accept (bob)
"""
response = nbxmpp.Message()
init = response.NT.init
init.setNamespace(nbxmpp.NS_ESESSION_INIT)
x = nbxmpp.DataForm(typ='result')
for field in ('nonce', 'dhkeys', 'rshashes', 'identity', 'mac'):
# FIXME: will do nothing in real world...
assert field in form.asDict(), "alice's form didn't have a %s field" \
% field
# 4.5.1 generating provisory session keys
e = crypto.decode_mpi(base64.b64decode(form['dhkeys']))
p = dh.primes[self.modp]
if crypto.sha256(crypto.encode_mpi(e)) != self.negotiated['He']:
raise NegotiationError('SHA256(e) != He')
k = self.get_shared_secret(e, self.y, p)
self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k)
# 4.5.2 verifying alice's identity
self.verify_identity(form, e, False, 'a')
# 4.5.4 generating bob's final session keys
srs = ''
srses = secrets.secrets().retained_secrets(self.conn.name,
self.jid.getStripped())
rshashes = [base64.b64decode(rshash) for rshash in form.getField(
'rshashes').getValues()]
for s in srses:
secret = s[0]
if self.hmac(self.n_o, secret) in rshashes:
srs = secret
break
# other shared secret
# (we're not using one)
oss = ''
k = crypto.sha256(k + srs + oss)
self.kc_s, self.km_s, self.ks_s = self.generate_responder_keys(k)
self.kc_o, self.km_o, self.ks_o = self.generate_initiator_keys(k)
# 4.5.5
if srs:
srshash = self.hmac(srs, 'Shared Retained Secret')
else:
srshash = crypto.random_bytes(32)
x.addChild(node=nbxmpp.DataField(name='FORM_TYPE',
value='urn:xmpp:ssn'))
x.addChild(node=nbxmpp.DataField(name='nonce', value=base64.b64encode(
self.n_o)))
x.addChild(node=nbxmpp.DataField(name='srshash', value=base64.b64encode(
srshash)))
for datafield in self.make_identity(x, self.d):
x.addChild(node=datafield)
init.addChild(node=x)
self.send(response)
self.do_retained_secret(k, srs)
if self.negotiated['logging'] == 'mustnot':
self.loggable = False
self.status = 'active'
self.enable_encryption = True
if self.control:
self.control.print_esession_details()
self.stop_archiving_for_session()
def accept_e2e_alice(self, form, negotiated):
"""
'Alice Accepts', continued
"""
self.encryptable_stanzas = ['message']
self.sas_algs = 'sas28x5'
self.cipher = AES
self.hash_alg = sha256
self.compression = None
self.negotiated = negotiated
accept = nbxmpp.Message()
feature = accept.NT.feature
feature.setNamespace(nbxmpp.NS_FEATURE)
result = nbxmpp.DataForm(typ='result')
self.c_s = crypto.decode_mpi(base64.b64decode(form['counter']))
self.c_o = self.c_s ^ (2 ** (self.n - 1))
self.n_o = base64.b64decode(form['my_nonce'])
mod_p = int(form['modp'])
p = dh.primes[mod_p]
x = self.xes[mod_p]
e = self.es[mod_p]
self.d = crypto.decode_mpi(base64.b64decode(form['dhkeys']))
self.k = self.get_shared_secret(self.d, x, p)
result.addChild(node=nbxmpp.DataField(name='FORM_TYPE',
value='urn:xmpp:ssn'))
result.addChild(node=nbxmpp.DataField(name='accept', value='1'))
result.addChild(node=nbxmpp.DataField(name='nonce',
value=base64.b64encode(self.n_o)))
self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(self.k)
if self.sigmai:
self.kc_o, self.km_o, self.ks_o = self.generate_responder_keys(self.k)
self.verify_identity(form, self.d, True, 'b')
else:
srses = secrets.secrets().retained_secrets(self.conn.name,
self.jid.getStripped())
rshashes = [self.hmac(self.n_s, rs[0]) for rs in srses]
if not rshashes:
# we've never spoken before, but we'll pretend we have
rshash_size = self.hash_alg().digest_size
rshashes.append(crypto.random_bytes(rshash_size))
rshashes = [base64.b64encode(rshash) for rshash in rshashes]
result.addChild(node=nbxmpp.DataField(name='rshashes',
value=rshashes))
result.addChild(node=nbxmpp.DataField(name='dhkeys',
value=base64.b64encode(crypto.encode_mpi(e))))
self.form_o = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) \
for el in form.getChildren())
# MUST securely destroy K unless it will be used later to generate the
# final shared secret
for datafield in self.make_identity(result, e):
result.addChild(node=datafield)
feature.addChild(node=result)
self.send(accept)
if self.sigmai:
self.status = 'active'
self.enable_encryption = True
else:
self.status = 'identified-alice'
def _unverified_srs_cb(self):
secrets.secrets().replace_srs(self.conn.name, self.jid.getStripped(),
self.srs, self.srs, False)
