def get_tlv(self):
tlv_type = _OT.bytes_to_int(self.get_short())
tlv_len = _OT.bytes_to_int(self.get_short())
value = []
if tlv_len > 0:
value.extend(self.get_n_bytes(tlv_len))
return {'type': tlv_type, 'length': tlv_len, 'value': value}
def check_their_sig(self, enc_sig, sig_mac, usePrimes=False):
my_dh_key = self.dh_keys.get_my_cur_keyid()
if usePrimes:
cKey = self.dh_keys.cprime
m1Key = self.dh_keys.m1prime
m2Key = self.dh_keys.m2prime
else:
cKey = self.dh_keys.c
m1Key = self.dh_keys.m1
m2Key = self.dh_keys.m2
sig = OtrCrypt.aes_zero_ctr_crypt(cKey, enc_sig)
#print sig
byte_reader = ByteStreamReader(sig)
their_dsa_key = byte_reader.get_pubkey()
if their_dsa_key["cipher_code"] != list(OtrConstants["dsa_code_bytes"]):
return False
# now keyid
their_dh_keyid = _OT.bytes_to_int(byte_reader.get_int())
self.dh_keys.associate_their_keyid(their_dh_keyid)
# load their DSA public key - (y,g,p,q)
their_dsa_key_tup = (
_OT.mpi_to_int(their_dsa_key["y_mpi"]),
_OT.mpi_to_int(their_dsa_key["g_mpi"]),
_OT.mpi_to_int(their_dsa_key["p_mpi"]),
_OT.mpi_to_int(their_dsa_key["q_mpi"])
)
self.dsa_keys.load_their_key(their_dsa_key_tup)
# compute their M factor
self.compute_their_M_factor(usePrimes=usePrimes)
# now load their signed M factor
q_len = their_dsa_key["q_len"]
M_sig_r_factor = _OT.bytes_to_int(byte_reader.get_n_bytes(q_len))
M_sig_s_factor = _OT.bytes_to_int(byte_reader.get_n_bytes(q_len))
assert (byte_reader.consumed_all())
if not OtrDSA.verify(self.dsa_keys.their_public_key, self.their_M,
M_sig_r_factor, M_sig_s_factor):
logging.debug("DID NOT VERIFY")
return False
# now check their MAC
calc_sig_mac = OtrCrypt.get_sha256_hmac_160(m2Key, _OT.bytes_to_data(enc_sig))
if calc_sig_mac != sig_mac:
logging.debug( "MAC INCORRECT" )
#print enc_sig
#print calc_sig_mac
#print sig_mac
return False
# alright, looks like everything checks out
return True
def receive_data_message(self, msg):
#global memo
self.my_sess_keyid = _OT.bytes_to_int(msg.recipient_keyid)
self.their_sess_keyid = _OT.bytes_to_int(msg.sender_keyid)
logging.debug( "KEYIDS %d %d " % (self.my_sess_keyid, self.their_sess_keyid))
if len(msg.next_dh) > 4:
logging.debug( "GOT NEXT DH" )
logging.debug( msg.next_dh )
self.associate_their_keyid(self.their_sess_keyid+1, _OT.mpi_to_int(msg.next_dh))
self.update_next_counter(self.my_sess_keyid, self.their_sess_keyid, _OT.bytes_to_int(msg.counter))
logging.debug( (msg.counter, _OT.int_to_bytes(self.ctr)) )
self.compute_c_and_m_factors(self.my_sess_keyid, self.their_sess_keyid)
self.compute_ek_and_mk_factors(self.my_sess_keyid, self.their_sess_keyid)
#assert memo.sender_keyid == msg.sender_keyid
#assert memo.recipient_keyid == msg.recipient_keyid
#assert memo.next_dh == msg.next_dh
#assert memo.counter == msg.counter
#assert memo.enc_msg == _OT.data_to_bytes(msg.enc_msg)
T = [0,2,3, msg.flags[0]] # protocol version and type code
# my_keyid
T.extend( msg.sender_keyid )
# their_keyid
T.extend( msg.recipient_keyid )
# next_dh
T.extend( msg.next_dh )
# ctr
T.extend( msg.counter )
# enc_msg
logging.debug(("ENC DATA: ", msg.enc_msg))
T.extend( msg.enc_msg )
#assert memo.T == T
#print memo.sender_factor
#print "RECVER"
#for x in sorted(self.their_public_factors.keys()):
# print (x, self.their_public_factor_to_mpi(x))
#r = raw_input()
#assert memo.sender_factor == self.their_public_factor_to_mpi(self.their_sess_keyid)
#assert memo.recipient_factor == self.my_public_factor_to_mpi(self.my_sess_keyid)
#assert memo.secbytes == self.secbytes
# compute MAC_mk(T)
auth_check = OtrCrypt.get_sha1_hmac(self.recv_mac_key, T)
if auth_check != msg.authenticator:
logging.debug( ("got: ", auth_check) )
logging.debug( ("exp: ", msg.authenticator) )
#print self.recv_mac_key, self.send_mac_key
#print memo.send_mac_key
raise Exception("mac fail")
return OtrCrypt.aes_ctr_crypt(self.recv_aes_key, _OT.data_to_bytes(msg.enc_msg), msg.counter)
def respond_to_dh_commit(self, msg):
logging.debug("Responding to DH Commit")
send_dh_key = True
if self.auth.auth_state_is("AUTHSTATE_NONE"):
# Reply with a D-H Key Message, and transition authstate to AUTHSTATE_AWAITING_REVEALSIG.
pass # pick it up in the 'if' below
elif self.auth.auth_state_is("AUTHSTATE_AWAITING_DHKEY"):
#This is the trickiest transition in the whole protocol. It indicates that you have
# already sent a D-H Commit message to your correspondent, but that he either
# didn't receive it, or just didn't receive it yet, and has sent you one as well.
# The symmetry will be broken by comparing the hashed gx you sent in your D-H Commit
# Message with the one you received, considered as 32-byte unsigned big-endian values.
my_dh_keyid = self.auth.dh_keys.get_my_cur_keyid()
my_hashed_gxmpi = self.auth.dh_keys.hash_my_public_factor_mpi(my_dh_keyid)
their_hashed_gxmpi = _OT.data_to_bytes(msg.hash_gxmpi_data)
my_hash_as_int = _OT.bytes_to_int(my_hashed_gxmpi)
their_hash_as_int = _OT.bytes_to_int(their_hashed_gxmpi)
if my_hash_as_int > their_hash_as_int:
# If yours is the higher hash value:
# Ignore the incoming D-H Commit message, but resend your D-H Commit message.
self.auth.dh_keys.mark_my_key_as_used(my_dh_keyid)
enc_gxmpi_data = self.auth.dh_keys.encrypt_my_public_factor_mpi(my_dh_keyid)
hash_gxmpi_data = self.auth.dh_keys.hash_my_public_factor_mpi(my_dh_keyid)
response = self.message_factory().create_dh_commit(enc_gxmpi_data, hash_gxmpi_data)
self.replay.check('msg_dh_commit', response.jabber_msg.getBody())
send_dh_key = False
self.client.send(response.jabber_msg)
if send_dh_key:
my_dh_keyid = self.auth.dh_keys.get_my_cur_keyid()
self.auth.dh_keys.mark_my_key_as_used(my_dh_keyid)
# this is g**y formatted as an MPI (4 byte length prepended)
# our D-H secret is y (with g**x the shared key is g**(xy))
gympi = self.auth.dh_keys.my_public_factor_to_mpi(my_dh_keyid)
# SAVE their info
self.auth.dh_keys.store_their_commitment( _OT.data_to_bytes(msg.enc_gxmpi_data),
_OT.data_to_bytes(msg.hash_gxmpi_data) )
# ok, now make dh_key message
response = self.message_factory().create_dh_key(gympi)
self.replay.check('msg_dh_key', response.jabber_msg.getBody())
self.auth.set_auth_state("AUTHSTATE_AWAITING_REVEALSIG")
self.client.send(response.jabber_msg)
return None # nothing for user
def make_new_key(self, add_as_seen=False):
# RCHANGE
if self.my_cur_keyid==0 and self.replay.can_replay('private_dh_key'):
x = _OT.int_to_bytes(self.replay.data['private_dh_key'])
else:
#r = raw_input("random x")
x = _OT.make_random_bytes(320/8) # Byte range?
new_keyid = self.my_cur_keyid + 1
logging.debug( "making new key %d" % new_keyid)
x_int = _OT.bytes_to_int(x)
new_factor = pow(self.dh_g, x_int, self.dh_mod)
self.my_private_keys[new_keyid] = x_int
self.my_public_factors[new_keyid] = new_factor
self.my_key_has_been_used[new_keyid] = False
self.my_cur_keyid = new_keyid
if add_as_seen:
self.my_most_recently_seen.append(new_keyid)
#r=raw_input()
# RCHANGE
if self.authing and self.my_cur_keyid==1: self.replay.check('public_dh_factor', self.my_public_factors[1])
def get_data(self): len_array = self.get_n_bytes(4) length = _OT.bytes_to_int(len_array) value_array = self.get_n_bytes(length) return len_array+value_array
def __init__(self, start = 0): if type(start) == type(0): # initialize it w/ an int self.count = _OT.bytes_to_int(_OT.int_to_bytes(start)+[0]*8) else: # or initialize it with the top half of the ctr array self.count = _OT.bytes_to_int(start+[0]*8)
