def make_identity(self, form, dh_i):
if self.negotiated['send_pubkey']:
if self.negotiated['sign_algs'] == (XmlDsig + 'rsa-sha256'):
pubkey = secrets.secrets().my_pubkey(self.conn.name)
fields = (pubkey.n, pubkey.e)
cb_fields = [
base64.b64encode(crypto.encode_mpi(f)) for f in fields
]
pubkey_s = b'<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"'
'><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>' % \
tuple(cb_fields)
else:
pubkey_s = b''
form_s2 = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) for el \
in form.getChildren())
old_c_s = self.c_s
content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + \
self.form_s.encode('utf-8') + form_s2.encode('utf-8')
mac_s = self.hmac(self.ks_s, content)
if self.negotiated['send_pubkey']:
signature = self.sign(mac_s)
sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">'
'%s</SignatureValue>' % base64.b64encode(signature)
if self.negotiated['send_pubkey'] == 'hash':
b64ed = base64.b64encode(self.hash(pubkey_s))
pubkey_s = '<fingerprint>%s</fingerprint>' % b64ed
id_s = self.encrypt(pubkey_s + sign_s)
else:
id_s = self.encrypt(mac_s)
m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s)
if self.status == 'requested-e2e' and self.sas_algs == 'sas28x5':
# we're alice; check for a retained secret
# if none exists, prompt the user with the SAS
self.sas = crypto.sas_28x5(m_s, self.form_o.encode('utf-8'))
if self.sigmai:
# FIXME save retained secret?
self.check_identity(tuple)
return (nbxmpp.DataField(name='identity',
value=base64.b64encode(id_s).decode('utf-8')),
nbxmpp.DataField(name='mac',
value=base64.b64encode(m_s).decode('utf-8')))
def make_identity(self, form, dh_i):
if self.negotiated['send_pubkey']:
if self.negotiated['sign_algs'] == (XmlDsig + 'rsa-sha256'):
pubkey = secrets.secrets().my_pubkey(self.conn.name)
fields = (pubkey.n, pubkey.e)
cb_fields = [base64.b64encode(crypto.encode_mpi(f)) for f in
fields]
pubkey_s = b'<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"'
'><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>' % \
tuple(cb_fields)
else:
pubkey_s = b''
form_s2 = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) for el \
in form.getChildren())
old_c_s = self.c_s
content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + \
self.form_s.encode('utf-8') + form_s2.encode('utf-8')
mac_s = self.hmac(self.ks_s, content)
if self.negotiated['send_pubkey']:
signature = self.sign(mac_s)
sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">'
'%s</SignatureValue>' % base64.b64encode(signature)
if self.negotiated['send_pubkey'] == 'hash':
b64ed = base64.b64encode(self.hash(pubkey_s))
pubkey_s = '<fingerprint>%s</fingerprint>' % b64ed
id_s = self.encrypt(pubkey_s + sign_s)
else:
id_s = self.encrypt(mac_s)
m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s)
if self.status == 'requested-e2e' and self.sas_algs == 'sas28x5':
# we're alice; check for a retained secret
# if none exists, prompt the user with the SAS
self.sas = crypto.sas_28x5(m_s, self.form_o.encode('utf-8'))
if self.sigmai:
# FIXME save retained secret?
self.check_identity(tuple)
return (nbxmpp.DataField(name='identity',
value=base64.b64encode(id_s).decode('utf-8')),
nbxmpp.DataField(name='mac',
value=base64.b64encode(m_s).decode('utf-8')))
def make_identity(self, form, dh_i):
if self.negotiated["send_pubkey"]:
if self.negotiated["sign_algs"] == (XmlDsig + "rsa-sha256"):
pubkey = secrets.secrets().my_pubkey(self.conn.name)
fields = (pubkey.n, pubkey.e)
cb_fields = map(lambda f: base64.b64encode(crypto.encode_mpi(f)), fields)
pubkey_s = '<RSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"'
"><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>" % tuple(cb_fields)
else:
pubkey_s = ""
form_s2 = "".join(map(lambda el: xmpp.c14n.c14n(el), form.getChildren()))
old_c_s = self.c_s
content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + self.form_s + form_s2
mac_s = self.hmac(self.ks_s, content)
if self.negotiated["send_pubkey"]:
signature = self.sign(mac_s)
sign_s = '<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">'
"%s</SignatureValue>" % base64.b64encode(signature)
if self.negotiated["send_pubkey"] == "hash":
b64ed = base64.b64encode(self.hash(pubkey_s))
pubkey_s = "<fingerprint>%s</fingerprint>" % b64ed
id_s = self.encrypt(pubkey_s + sign_s)
else:
id_s = self.encrypt(mac_s)
m_s = self.hmac(self.km_s, crypto.encode_mpi(old_c_s) + id_s)
if self.status == "requested-e2e" and self.sas_algs == "sas28x5":
# we're alice; check for a retained secret
# if none exists, prompt the user with the SAS
self.sas = crypto.sas_28x5(m_s, self.form_o)
if self.sigmai:
# XXX save retained secret?
self.check_identity(lambda: ())
return (
xmpp.DataField(name="identity", value=base64.b64encode(id_s)),
xmpp.DataField(name="mac", value=base64.b64encode(m_s)),
)
def verify_identity(self, form, dh_i, sigmai, i_o):
m_o = base64.b64decode(form['mac'])
id_o = base64.b64decode(form['identity'])
m_o_calculated = self.hmac(self.km_o,
crypto.encode_mpi(self.c_o) + id_o)
if m_o_calculated != m_o:
raise exceptions.NegotiationError, 'calculated m_%s differs from received m_%s' % (
i_o, i_o)
if i_o == 'a' and self.sas_algs == 'sas28x5':
# we don't need to calculate this if there's a verified retained secret
# (but we do anyways)
self.sas = crypto.sas_28x5(m_o, self.form_s)
if self.negotiated['recv_pubkey']:
plaintext = self.decrypt(id_o)
parsed = xmpp.Node(node='<node>' + plaintext + '</node>')
if self.negotiated['recv_pubkey'] == 'hash':
fingerprint = parsed.getTagData('fingerprint')
# XXX find stored pubkey or terminate session
raise 'unimplemented'
else:
if self.negotiated['sign_algs'] == (XmlDsig + 'rsa-sha256'):
keyvalue = parsed.getTag(name='RSAKeyValue',
namespace=XmlDsig)
n, e = map(
lambda x: crypto.decode_mpi(
base64.b64decode(keyvalue.getTagData(x))),
('Modulus', 'Exponent'))
eir_pubkey = RSA.construct((n, long(e)))
pubkey_o = xmpp.c14n.c14n(keyvalue)
else:
# XXX DSA, etc.
raise 'unimplemented'
enc_sig = parsed.getTag(name='SignatureValue',
namespace=XmlDsig).getData()
signature = (crypto.decode_mpi(base64.b64decode(enc_sig)), )
else:
mac_o = self.decrypt(id_o)
pubkey_o = ''
c7l_form = self.c7lize_mac_id(form)
content = self.n_s + self.n_o + crypto.encode_mpi(dh_i) + pubkey_o
if sigmai:
self.form_o = c7l_form
content += self.form_o
else:
form_o2 = c7l_form
content += self.form_o + form_o2
mac_o_calculated = self.hmac(self.ks_o, content)
if self.negotiated['recv_pubkey']:
hash = crypto.sha256(mac_o_calculated)
if not eir_pubkey.verify(hash, signature):
raise exceptions.NegotiationError, 'public key signature verification failed!'
elif mac_o_calculated != mac_o:
raise exceptions.NegotiationError, 'calculated mac_%s differs from received mac_%s' % (
i_o, i_o)
def verify_identity(self, form, dh_i, sigmai, i_o):
m_o = base64.b64decode(form['mac'])
id_o = base64.b64decode(form['identity'])
m_o_calculated = self.hmac(self.km_o, crypto.encode_mpi(self.c_o) + id_o)
if m_o_calculated != m_o:
raise NegotiationError('calculated m_%s differs from received m_%s' %
(i_o, i_o))
if i_o == 'a' and self.sas_algs == 'sas28x5':
# we don't need to calculate this if there's a verified retained secret
# (but we do anyways)
self.sas = crypto.sas_28x5(m_o, self.form_s)
if self.negotiated['recv_pubkey']:
plaintext = self.decrypt(id_o)
parsed = nbxmpp.Node(node='<node>' + plaintext + '</node>')
if self.negotiated['recv_pubkey'] == 'hash':
# fingerprint = parsed.getTagData('fingerprint')
# FIXME find stored pubkey or terminate session
raise NotImplementedError()
else:
if self.negotiated['sign_algs'] == (XmlDsig + 'rsa-sha256'):
keyvalue = parsed.getTag(name='RSAKeyValue', namespace=XmlDsig)
n, e = (crypto.decode_mpi(base64.b64decode(
keyvalue.getTagData(x))) for x in ('Modulus', 'Exponent'))
eir_pubkey = RSA.construct((n, long(e)))
pubkey_o = nbxmpp.c14n.c14n(keyvalue, self._is_buggy_gajim())
else:
# FIXME DSA, etc.
raise NotImplementedError()
enc_sig = parsed.getTag(name='SignatureValue',
namespace=XmlDsig).getData()
signature = (crypto.decode_mpi(base64.b64decode(enc_sig)), )
else:
mac_o = self.decrypt(id_o)
pubkey_o = ''
c7l_form = self.c7lize_mac_id(form)
content = self.n_s + self.n_o + crypto.encode_mpi(dh_i) + pubkey_o
if sigmai:
self.form_o = c7l_form
content += self.form_o
else:
form_o2 = c7l_form
content += self.form_o + form_o2
mac_o_calculated = self.hmac(self.ks_o, content)
if self.negotiated['recv_pubkey']:
hash_ = crypto.sha256(mac_o_calculated)
if not eir_pubkey.verify(hash_, signature):
raise NegotiationError('public key signature verification failed!')
elif mac_o_calculated != mac_o:
raise NegotiationError('calculated mac_%s differs from received mac_%s'
% (i_o, i_o))
def verify_identity(self, form, dh_i, sigmai, i_o):
m_o = base64.b64decode(form["mac"])
id_o = base64.b64decode(form["identity"])
m_o_calculated = self.hmac(self.km_o, crypto.encode_mpi(self.c_o) + id_o)
if m_o_calculated != m_o:
raise exceptions.NegotiationError, "calculated m_%s differs from received m_%s" % (i_o, i_o)
if i_o == "a" and self.sas_algs == "sas28x5":
# we don't need to calculate this if there's a verified retained secret
# (but we do anyways)
self.sas = crypto.sas_28x5(m_o, self.form_s)
if self.negotiated["recv_pubkey"]:
plaintext = self.decrypt(id_o)
parsed = xmpp.Node(node="<node>" + plaintext + "</node>")
if self.negotiated["recv_pubkey"] == "hash":
fingerprint = parsed.getTagData("fingerprint")
# XXX find stored pubkey or terminate session
raise "unimplemented"
else:
if self.negotiated["sign_algs"] == (XmlDsig + "rsa-sha256"):
keyvalue = parsed.getTag(name="RSAKeyValue", namespace=XmlDsig)
n, e = map(
lambda x: crypto.decode_mpi(base64.b64decode(keyvalue.getTagData(x))), ("Modulus", "Exponent")
)
eir_pubkey = RSA.construct((n, long(e)))
pubkey_o = xmpp.c14n.c14n(keyvalue)
else:
# XXX DSA, etc.
raise "unimplemented"
enc_sig = parsed.getTag(name="SignatureValue", namespace=XmlDsig).getData()
signature = (crypto.decode_mpi(base64.b64decode(enc_sig)),)
else:
mac_o = self.decrypt(id_o)
pubkey_o = ""
c7l_form = self.c7lize_mac_id(form)
content = self.n_s + self.n_o + crypto.encode_mpi(dh_i) + pubkey_o
if sigmai:
self.form_o = c7l_form
content += self.form_o
else:
form_o2 = c7l_form
content += self.form_o + form_o2
mac_o_calculated = self.hmac(self.ks_o, content)
if self.negotiated["recv_pubkey"]:
hash = crypto.sha256(mac_o_calculated)
if not eir_pubkey.verify(hash, signature):
raise exceptions.NegotiationError, "public key signature verification failed!"
elif mac_o_calculated != mac_o:
raise exceptions.NegotiationError, "calculated mac_%s differs from received mac_%s" % (i_o, i_o)
