def check_their_sig(self, enc_sig, sig_mac, usePrimes=False): my_dh_key = self.dh_keys.get_my_cur_keyid() if usePrimes: cKey = self.dh_keys.cprime m1Key = self.dh_keys.m1prime m2Key = self.dh_keys.m2prime else: cKey = self.dh_keys.c m1Key = self.dh_keys.m1 m2Key = self.dh_keys.m2 sig = OtrCrypt.aes_zero_ctr_crypt(cKey, enc_sig) #print sig byte_reader = ByteStreamReader(sig) their_dsa_key = byte_reader.get_pubkey() if their_dsa_key["cipher_code"] != list(OtrConstants["dsa_code_bytes"]): return False # now keyid their_dh_keyid = _OT.bytes_to_int(byte_reader.get_int()) self.dh_keys.associate_their_keyid(their_dh_keyid) # load their DSA public key - (y,g,p,q) their_dsa_key_tup = ( _OT.mpi_to_int(their_dsa_key["y_mpi"]), _OT.mpi_to_int(their_dsa_key["g_mpi"]), _OT.mpi_to_int(their_dsa_key["p_mpi"]), _OT.mpi_to_int(their_dsa_key["q_mpi"]) ) self.dsa_keys.load_their_key(their_dsa_key_tup) # compute their M factor self.compute_their_M_factor(usePrimes=usePrimes) # now load their signed M factor q_len = their_dsa_key["q_len"] M_sig_r_factor = _OT.bytes_to_int(byte_reader.get_n_bytes(q_len)) M_sig_s_factor = _OT.bytes_to_int(byte_reader.get_n_bytes(q_len)) assert (byte_reader.consumed_all()) if not OtrDSA.verify(self.dsa_keys.their_public_key, self.their_M, M_sig_r_factor, M_sig_s_factor): logging.debug("DID NOT VERIFY") return False # now check their MAC calc_sig_mac = OtrCrypt.get_sha256_hmac_160(m2Key, _OT.bytes_to_data(enc_sig)) if calc_sig_mac != sig_mac: logging.debug( "MAC INCORRECT" ) #print enc_sig #print calc_sig_mac #print sig_mac return False # alright, looks like everything checks out return True
def decrypt_their_public_factor(self, r_secret): self.r_secret = r_secret their_public_factor_mpi = \ OtrCrypt.aes_zero_ctr_crypt(r_secret, self.enc_gxmpi) calculated_hash = OtrCrypt.get_sha256_bytes(their_public_factor_mpi) if calculated_hash == self.hash_gxmpi: self.store_their_public_factor(_OT.mpi_to_int(their_public_factor_mpi)) return True else: return False
def receive_data_message(self, msg): #global memo self.my_sess_keyid = _OT.bytes_to_int(msg.recipient_keyid) self.their_sess_keyid = _OT.bytes_to_int(msg.sender_keyid) logging.debug( "KEYIDS %d %d " % (self.my_sess_keyid, self.their_sess_keyid)) if len(msg.next_dh) > 4: logging.debug( "GOT NEXT DH" ) logging.debug( msg.next_dh ) self.associate_their_keyid(self.their_sess_keyid+1, _OT.mpi_to_int(msg.next_dh)) self.update_next_counter(self.my_sess_keyid, self.their_sess_keyid, _OT.bytes_to_int(msg.counter)) logging.debug( (msg.counter, _OT.int_to_bytes(self.ctr)) ) self.compute_c_and_m_factors(self.my_sess_keyid, self.their_sess_keyid) self.compute_ek_and_mk_factors(self.my_sess_keyid, self.their_sess_keyid) #assert memo.sender_keyid == msg.sender_keyid #assert memo.recipient_keyid == msg.recipient_keyid #assert memo.next_dh == msg.next_dh #assert memo.counter == msg.counter #assert memo.enc_msg == _OT.data_to_bytes(msg.enc_msg) T = [0,2,3, msg.flags[0]] # protocol version and type code # my_keyid T.extend( msg.sender_keyid ) # their_keyid T.extend( msg.recipient_keyid ) # next_dh T.extend( msg.next_dh ) # ctr T.extend( msg.counter ) # enc_msg logging.debug(("ENC DATA: ", msg.enc_msg)) T.extend( msg.enc_msg ) #assert memo.T == T #print memo.sender_factor #print "RECVER" #for x in sorted(self.their_public_factors.keys()): # print (x, self.their_public_factor_to_mpi(x)) #r = raw_input() #assert memo.sender_factor == self.their_public_factor_to_mpi(self.their_sess_keyid) #assert memo.recipient_factor == self.my_public_factor_to_mpi(self.my_sess_keyid) #assert memo.secbytes == self.secbytes # compute MAC_mk(T) auth_check = OtrCrypt.get_sha1_hmac(self.recv_mac_key, T) if auth_check != msg.authenticator: logging.debug( ("got: ", auth_check) ) logging.debug( ("exp: ", msg.authenticator) ) #print self.recv_mac_key, self.send_mac_key #print memo.send_mac_key raise Exception("mac fail") return OtrCrypt.aes_ctr_crypt(self.recv_aes_key, _OT.data_to_bytes(msg.enc_msg), msg.counter)
def load_dsa_key(self): assert self.can_replay('dsa_public_key') assert self.can_replay('dsa_private_key') key = self.data['dsa_public_key'] priv_key = self.data['dsa_private_key'] key_reader = ByteStreamReader(key) p = _OT.mpi_to_int(key_reader.get_mpi()) q = _OT.mpi_to_int(key_reader.get_mpi()) g = _OT.mpi_to_int(key_reader.get_mpi()) y = _OT.mpi_to_int(key_reader.get_mpi()) assert (key_reader.consumed_all()) priv_key_reader = ByteStreamReader(priv_key) x = _OT.mpi_to_int(priv_key_reader.get_mpi()) assert (priv_key_reader.consumed_all()) return DSA.construct((y,g,p,q,x))
def respond_to_dh_key(self, msg): logging.debug("Responding to DH Key") send_reveal_sig = True my_dh_keyid = self.auth.dh_keys.get_my_cur_keyid() if self.auth.auth_state_is("AUTHSTATE_AWAITING_DHKEY"): # calculate the shared dh key their_dh_factor = _OT.mpi_to_int(msg.gympi) self.auth.dh_keys.store_their_public_factor(their_dh_factor) # calculate the factor's we'll need self.auth.dh_keys.compute_c_and_m_factors() # load DSA key self.auth.dsa_keys.load_my_key() self.auth.compute_my_M_and_X_values() elif self.auth.auth_state_is("AUTHSTATE_AWAITING_SIG"): if msg.gympi == self.auth.dh_keys.their_public_factor_to_mpi(): pass # retransmit reveal sig msg else: send_reveal_sig = False else: send_reveal_sig = False if send_reveal_sig: revealed_key_data = self.auth.dh_keys.get_r_secret() enc_sig_data = self.auth.get_enc_sig() sig_mac = self.auth.get_enc_sig_mac() response = self.message_factory().create_reveal_sig(revealed_key_data, enc_sig_data, sig_mac) self.replay.check('msg_reveal_sig', response.jabber_msg.getBody()) self.auth.set_auth_state("AUTHSTATE_AWAITING_SIG") self.client.send(response.jabber_msg) return None # nothing for user