changeset 02813e917bf3 in /home/hg/repos/gajim
author: Yann Leboulanger <[email protected]>
branches:
details:http://hg.gajim.org/gajim?cmd=changeset;node=02813e917bf3
description: make e2e work with py3
diffstat:
src/common/crypto.py | 13 +++---
src/common/dh.py | 5 +-
src/common/stanza_session.py | 84 +++++++++++++++++++++++--------------------
src/secrets.py | 14 +++++-
4 files changed, 64 insertions(+), 52 deletions(-)
diffs (truncated from 375 to 300 lines):
diff -r 5301bed9a8f8 -r 02813e917bf3 src/common/crypto.py
--- a/src/common/crypto.py Sun Nov 09 22:33:32 2014 +0100
+++ b/src/common/crypto.py Tue Nov 11 15:07:53 2014 +0100
@@ -28,9 +28,9 @@
# convert a large integer to a big-endian bitstring
def encode_mpi(n):
if n >= 256:
- return encode_mpi(n / 256) + chr(n % 256)
+ return encode_mpi(n // 256) + bytes([n % 256])
else:
- return chr(n)
+ return bytes([n])
# convert a large integer to a big-endian bitstring, padded with \x00s to
# a multiple of 16 bytes
@@ -56,7 +56,7 @@
if len(s) == 0:
return 0
else:
- return 256 * decode_mpi(s[:-1]) + ord(s[-1])
+ return 256 * decode_mpi(s[:-1]) + s[-1]
def sha256(string):
sh = SHA256()
@@ -66,13 +66,13 @@
base28_chr = "acdefghikmopqruvwxy123456789"
def sas_28x5(m_a, form_b):
- sha = sha256(m_a + form_b + 'Short Authentication String')
+ sha = sha256(m_a + form_b + b'Short Authentication String')
lsb24 = decode_mpi(sha[-3:])
return base28(lsb24)
def base28(n):
if n >= 28:
- return base28(n / 28) + base28_chr[n % 28]
+ return base28(n // 28) + base28_chr[n % 28]
else:
return base28_chr[n]
@@ -147,6 +147,5 @@
result = (result * square) % mod
square = (square * square) % mod
- exp /= 2
-
+ exp //= 2
return result
diff -r 5301bed9a8f8 -r 02813e917bf3 src/common/dh.py
--- a/src/common/dh.py Sun Nov 09 22:33:32 2014 +0100
+++ b/src/common/dh.py Tue Nov 11 15:07:53 2014 +0100
@@ -224,6 +224,7 @@
if not stripee:
return None
- return int(stripee.translate(all_ascii, string.whitespace), 16)
+ return int(stripee.translate(all_ascii).translate(str.maketrans("", "",
+ string.whitespace)), 16)
-primes = map(hex_to_decimal, hex_primes)
+primes = list(map(hex_to_decimal, hex_primes))
diff -r 5301bed9a8f8 -r 02813e917bf3 src/common/stanza_session.py
--- a/src/common/stanza_session.py Sun Nov 09 22:33:32 2014 +0100
+++ b/src/common/stanza_session.py Tue Nov 11 15:07:53 2014 +0100
@@ -410,21 +410,21 @@
c = stanza.NT.c
c.setNamespace('http://www.xmpp.org/extensions/xep-0200.html#ns')
- c.NT.data = base64.b64encode(m_final)
+ c.NT.data = base64.b64encode(m_final).decode('utf-8')
# FIXME check for rekey request, handle <key/> elements
- m_content = ''.join(map(str, c.getChildren()))
+ m_content = (''.join(map(str, c.getChildren()))).encode('utf-8')
c.NT.mac = base64.b64encode(self.hmac(self.km_s, m_content + \
- crypto.encode_mpi(old_en_counter)))
+ crypto.encode_mpi(old_en_counter))).decode('utf-8')
msgtxt = '[This is part of an encrypted session. ' \
'If you see this message, something went wrong.]'
lang = os.getenv('LANG')
if lang is not None and lang != 'en': # we're not english
msgtxt = _('[This is part of an encrypted session. '
- 'If you see this message, something went wrong.]') + ' ('
+ \
- msgtxt + ')'
+ 'If you see this message, something went wrong.]') + ' (' + \
+ msgtxt + ')'
stanza.setBody(msgtxt)
return stanza
@@ -436,14 +436,14 @@
return HMAC(key, content, self.hash_alg).digest()
def generate_initiator_keys(self, k):
- return (self.hmac(k, 'Initiator Cipher Key'),
- self.hmac(k, 'Initiator MAC Key'),
- self.hmac(k, 'Initiator SIGMA Key'))
+ return (self.hmac(k, b'Initiator Cipher Key'),
+ self.hmac(k, b'Initiator MAC Key'),
+ self.hmac(k, b'Initiator SIGMA Key'))
def generate_responder_keys(self, k):
- return (self.hmac(k, 'Responder Cipher Key'),
- self.hmac(k, 'Responder MAC Key'),
- self.hmac(k, 'Responder SIGMA Key'))
+ return (self.hmac(k, b'Responder Cipher Key'),
+ self.hmac(k, b'Responder MAC Key'),
+ self.hmac(k, b'Responder SIGMA Key'))
def compress(self, plaintext):
if self.compression is None:
@@ -473,6 +473,7 @@
# contents of <c>, minus <mac>, minus whitespace
macable = ''.join(str(x) for x in c.getChildren() if x.getName() !=
'mac')
+ macable = macable.encode('utf-8')
received_mac = base64.b64decode(c.getTagData('mac'))
calculated_mac = self.hmac(self.km_o, macable + \
@@ -483,7 +484,7 @@
m_final = base64.b64decode(c.getTagData('data'))
m_compressed = self.decrypt(m_final)
- plaintext = self.decompress(m_compressed)
+ plaintext = self.decompress(m_compressed).decode('utf-8')
try:
parsed = nbxmpp.Node(node='<node>' + plaintext + '</node>')
@@ -536,7 +537,7 @@
if i_o == 'a' and self.sas_algs == 'sas28x5':
# we don't need to calculate this if there's a verified retained
secret
# (but we do anyways)
- self.sas = crypto.sas_28x5(m_o, self.form_s)
+ self.sas = crypto.sas_28x5(m_o, self.form_s.encode('utf-8'))
if self.negotiated['recv_pubkey']:
plaintext = self.decrypt(id_o)
@@ -564,18 +565,18 @@
signature = (crypto.decode_mpi(base64.b64decode(enc_sig)), )
else:
mac_o = self.decrypt(id_o)
- pubkey_o = ''
+ pubkey_o = b''
c7l_form = self.c7lize_mac_id(form)
content = self.n_s + self.n_o + crypto.encode_mpi(dh_i) + pubkey_o
if sigmai:
- self.form_o = c7l_form
+ self.form_o = c7l_form.encode('utf-8')
content += self.form_o
else:
- form_o2 = c7l_form
- content += self.form_o + form_o2
+ form_o2 = c7l_form.encode('utf-8')
+ content += self.form_o.encode('utf-8') + form_o2
mac_o_calculated = self.hmac(self.ks_o, content)
@@ -598,18 +599,18 @@
cb_fields = [base64.b64encode(crypto.encode_mpi(f)) for f in
fields]
- pubkey_s = '<RSAKeyValue
xmlns="http://www.w3.org/2000/09/xmldsig#";'
+ pubkey_s = b'<RSAKeyValue
xmlns="http://www.w3.org/2000/09/xmldsig#";'
'><Modulus>%s</Modulus><Exponent>%s</Exponent></RSAKeyValue>'
% \
tuple(cb_fields)
else:
- pubkey_s = ''
+ pubkey_s = b''
form_s2 = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) for el \
in form.getChildren())
old_c_s = self.c_s
content = self.n_o + self.n_s + crypto.encode_mpi(dh_i) + pubkey_s + \
- self.form_s + form_s2
+ self.form_s.encode('utf-8') + form_s2.encode('utf-8')
mac_s = self.hmac(self.ks_s, content)
@@ -632,14 +633,16 @@
if self.status == 'requested-e2e' and self.sas_algs == 'sas28x5':
# we're alice; check for a retained secret
# if none exists, prompt the user with the SAS
- self.sas = crypto.sas_28x5(m_s, self.form_o)
+ self.sas = crypto.sas_28x5(m_s, self.form_o.encode('utf-8'))
if self.sigmai:
# FIXME save retained secret?
self.check_identity(tuple)
- return (nbxmpp.DataField(name='identity',
value=base64.b64encode(id_s)),
- nbxmpp.DataField(name='mac', value=base64.b64encode(m_s)))
+ return (nbxmpp.DataField(name='identity',
+ value=base64.b64encode(id_s).decode('utf-8')),
+ nbxmpp.DataField(name='mac',
+ value=base64.b64encode(m_s).decode('utf-8')))
def negotiate_e2e(self, sigmai):
self.negotiated = {}
@@ -695,7 +698,7 @@
self.n_s = crypto.generate_nonce()
x.addChild(node=nbxmpp.DataField(name='my_nonce',
- value=base64.b64encode(self.n_s), typ='hidden'))
+ value=base64.b64encode(self.n_s).decode('utf-8'), typ='hidden'))
modp_options = [ int(g) for g in
gajim.config.get('esession_modp').split(
',') ]
@@ -826,7 +829,7 @@
return
dhhashes = dhhashes_f.getValues()
self.negotiated['He'] = base64.b64decode(dhhashes[group_order].encode(
- 'utf8'))
+ 'utf8'))
bytes = int(self.n / 8)
@@ -845,7 +848,7 @@
'nonce': self.n_o}
for name in to_add:
- b64ed = base64.b64encode(to_add[name])
+ b64ed = base64.b64encode(to_add[name]).decode('utf-8')
x.addChild(node=nbxmpp.DataField(name=name, value=b64ed))
self.form_o = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim()) for
\
@@ -935,7 +938,7 @@
value='urn:xmpp:ssn'))
result.addChild(node=nbxmpp.DataField(name='accept', value='1'))
result.addChild(node=nbxmpp.DataField(name='nonce',
- value=base64.b64encode(self.n_o)))
+ value=base64.b64encode(self.n_o).decode('utf-8')))
self.kc_s, self.km_s, self.ks_s = self.generate_initiator_keys(self.k)
@@ -952,11 +955,12 @@
rshash_size = self.hash_alg().digest_size
rshashes.append(crypto.random_bytes(rshash_size))
- rshashes = [base64.b64encode(rshash) for rshash in rshashes]
+ rshashes = [base64.b64encode(rshash).decode('utf-8') for rshash in
\
+ rshashes]
result.addChild(node=nbxmpp.DataField(name='rshashes',
value=rshashes))
result.addChild(node=nbxmpp.DataField(name='dhkeys',
- value=base64.b64encode(crypto.encode_mpi(e))))
+ value=base64.b64encode(crypto.encode_mpi(e)).decode('utf-8')))
self.form_o = ''.join(nbxmpp.c14n.c14n(el, self._is_buggy_gajim())
\
for el in form.getChildren())
@@ -1006,7 +1010,7 @@
self.verify_identity(form, e, False, 'a')
# 4.5.4 generating bob's final session keys
- srs = ''
+ srs = b''
srses = secrets.secrets().retained_secrets(self.conn.name,
self.jid.getStripped())
@@ -1021,7 +1025,7 @@
# other shared secret
# (we're not using one)
- oss = ''
+ oss = b''
k = crypto.sha256(k + srs + oss)
@@ -1030,16 +1034,16 @@
# 4.5.5
if srs:
- srshash = self.hmac(srs, 'Shared Retained Secret')
+ srshash = self.hmac(srs, b'Shared Retained Secret')
else:
srshash = crypto.random_bytes(32)
x.addChild(node=nbxmpp.DataField(name='FORM_TYPE',
value='urn:xmpp:ssn'))
x.addChild(node=nbxmpp.DataField(name='nonce', value=base64.b64encode(
- self.n_o)))
+ self.n_o).decode('utf-8')))
x.addChild(node=nbxmpp.DataField(name='srshash',
value=base64.b64encode(
- srshash)))
+ srshash).decode('utf-8')))
for datafield in self.make_identity(x, self.d):
x.addChild(node=datafield)
@@ -1062,7 +1066,7 @@
self.stop_archiving_for_session()
def final_steps_alice(self, form):
- srs = ''
+ srs = b''
srses = secrets.secrets().retained_secrets(self.conn.name,
self.jid.getStripped())
_______________________________________________
Commits mailing list
[email protected]
https://lists.gajim.org/cgi-bin/listinfo/commits
