changeset 0f37eb28f572 in /home/hg/repos/gajim-plugins author: lovetox <[email protected]> branches: details:gajim-plugins?cmd=changeset;node=0f37eb28f572 description: Use native cryptography lib if installed
diffstat: omemo/omemo/aes_gcm.py | 170 ++++++--------------------------------- omemo/omemo/aes_gcm_fallback.py | 152 +++++++++++++++++++++++++++++++++++ omemo/omemo/aes_gcm_native.py | 61 ++++++++++++++ omemo/omemo/state.py | 6 +- 4 files changed, 245 insertions(+), 144 deletions(-) diffs (truncated from 442 to 300 lines): diff -r c13c8cf83523 -r 0f37eb28f572 omemo/omemo/aes_gcm.py --- a/omemo/omemo/aes_gcm.py Sun Jul 24 11:12:31 2016 +0200 +++ b/omemo/omemo/aes_gcm.py Tue Jul 26 19:47:05 2016 +0200 @@ -1,158 +1,46 @@ # -*- coding: utf-8 -*- # -# Copyright 2014 Jonathan Zdziarski <[email protected]> +# Copyright 2015 Bahtiar `kalkin-` Gadimov <[email protected]> # -# All rights reserved. +# This file is part of python-omemo library. # -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: +# The python-omemo library is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. # -# 1. Redistributions of source code must retain the above copyright notice, this -# list of conditions and the following disclaimer. +# python-omemo is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. +# You should have received a copy of the GNU General Public License along with +# the python-omemo library. If not, see <http://www.gnu.org/licenses/>. # -# 3. Neither the name of the copyright holder nor the names of its contributors -# may be used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import sys import logging -from struct import pack, unpack +log = logging.getLogger('gajim.plugin_system.omemo') +try: + from .aes_gcm_native import aes_decrypt + from .aes_gcm_native import aes_encrypt + log.debug('Using fast cryptography') +except ImportError: + from .aes_gcm_fallback import aes_decrypt + from .aes_gcm_fallback import aes_encrypt + log.debug('Using slow cryptography') -from Crypto.Cipher import AES -from Crypto.Util import strxor -log = logging.getLogger('gajim.plugin_system.omemo') +def encrypt(key, iv, plaintext): + return aes_encrypt(key, iv, plaintext) -def gcm_rightshift(vec): - for x in range(15, 0, -1): - c = vec[x] >> 1 - c |= (vec[x - 1] << 7) & 0x80 - vec[x] = c - vec[0] >>= 1 - return vec - - -def gcm_gf_mult(a, b): - mask = [0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01] - poly = [0x00, 0xe1] - - Z = [0] * 16 - V = [c for c in a] - - for x in range(128): - if b[x >> 3] & mask[x & 7]: - Z = [V[y] ^ Z[y] for y in range(16)] - bit = V[15] & 1 - V = gcm_rightshift(V) - V[0] ^= poly[bit] - return Z - - -def ghash(h, auth_data, data): - u = (16 - len(data)) % 16 - v = (16 - len(auth_data)) % 16 - - x = auth_data + chr(0) * v + data + chr(0) * u - x += pack('>QQ', len(auth_data) * 8, len(data) * 8) - - y = [0] * 16 - vec_h = [ord(c) for c in h] - - for i in range(0, len(x), 16): - block = [ord(c) for c in x[i:i + 16]] - y = [y[j] ^ block[j] for j in range(16)] - y = gcm_gf_mult(y, vec_h) - - return ''.join(chr(c) for c in y) - - -def inc32(block): - counter, = unpack('>L', block[12:]) - counter += 1 - return block[:12] + pack('>L', counter) - - -def gctr(k, icb, plaintext): - y = '' - if len(plaintext) == 0: - return y - - aes = AES.new(k) - cb = icb - - for i in range(0, len(plaintext), aes.block_size): - cb = inc32(cb) - encrypted = aes.encrypt(cb) - plaintext_block = plaintext[i:i + aes.block_size] - y += strxor.strxor(plaintext_block, encrypted[:len(plaintext_block)]) - - return y - - -def gcm_decrypt(k, iv, encrypted, auth_data, tag): - aes = AES.new(k) - h = aes.encrypt(chr(0) * aes.block_size) - - if len(iv) == 12: - y0 = iv + "\x00\x00\x00\x01" +def decrypt(key, iv, ciphertext): + plaintext = aes_decrypt(key, iv, ciphertext).decode('utf-8') + if sys.version_info < (3, 0): + return unicode(plaintext) else: - y0 = ghash(h, '', iv) - - decrypted = gctr(k, y0, encrypted) - s = ghash(h, auth_data, encrypted) - - t = aes.encrypt(y0) - T = strxor.strxor(s, t) - if T != tag: - raise ValueError('Decrypted data is invalid') - else: - return decrypted - - -def gcm_encrypt(k, iv, plaintext, auth_data): - aes = AES.new(k) - h = aes.encrypt(chr(0) * aes.block_size) - - if len(iv) == 12: - y0 = iv + "\x00\x00\x00\x01" - else: - y0 = ghash(h, '', iv) - - encrypted = gctr(k, y0, plaintext) - s = ghash(h, auth_data, encrypted) - - t = aes.encrypt(y0) - T = strxor.strxor(s, t) - return (encrypted, T) - - -def aes_encrypt(key, nonce, plaintext): - """ Use AES128 GCM with the given key and iv to encrypt the payload. """ - c, t = gcm_encrypt(key, nonce, plaintext, '') - result = c + t - return result - - -def aes_decrypt(key, nonce, payload): - """ Use AES128 GCM with the given key and iv to decrypt the payload. """ - ciphertext = payload[:-16] - mac = payload[-16:] - return gcm_decrypt(key, nonce, ciphertext, '', mac) + return plaintext class NoValidSessions(Exception): diff -r c13c8cf83523 -r 0f37eb28f572 omemo/omemo/aes_gcm_fallback.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/omemo/omemo/aes_gcm_fallback.py Tue Jul 26 19:47:05 2016 +0200 @@ -0,0 +1,152 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2014 Jonathan Zdziarski <[email protected]> +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# 3. Neither the name of the copyright holder nor the names of its contributors +# may be used to endorse or promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +from struct import pack, unpack + +from Crypto.Cipher import AES +from Crypto.Util import strxor + + +def gcm_rightshift(vec): + for x in range(15, 0, -1): + c = vec[x] >> 1 + c |= (vec[x - 1] << 7) & 0x80 + vec[x] = c + vec[0] >>= 1 + return vec + + +def gcm_gf_mult(a, b): + mask = [0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01] + poly = [0x00, 0xe1] + + Z = [0] * 16 + V = [c for c in a] + + for x in range(128): + if b[x >> 3] & mask[x & 7]: + Z = [V[y] ^ Z[y] for y in range(16)] + bit = V[15] & 1 + V = gcm_rightshift(V) + V[0] ^= poly[bit] + return Z + + +def ghash(h, auth_data, data): + u = (16 - len(data)) % 16 + v = (16 - len(auth_data)) % 16 + + x = auth_data + chr(0) * v + data + chr(0) * u + x += pack('>QQ', len(auth_data) * 8, len(data) * 8) + + y = [0] * 16 + vec_h = [ord(c) for c in h] + + for i in range(0, len(x), 16): + block = [ord(c) for c in x[i:i + 16]] + y = [y[j] ^ block[j] for j in range(16)] + y = gcm_gf_mult(y, vec_h) + + return ''.join(chr(c) for c in y) + + +def inc32(block): + counter, = unpack('>L', block[12:]) + counter += 1 + return block[:12] + pack('>L', counter) + + +def gctr(k, icb, plaintext): + y = '' + if len(plaintext) == 0: + return y + + aes = AES.new(k) + cb = icb + + for i in range(0, len(plaintext), aes.block_size): + cb = inc32(cb) + encrypted = aes.encrypt(cb) + plaintext_block = plaintext[i:i + aes.block_size] + y += strxor.strxor(plaintext_block, encrypted[:len(plaintext_block)]) + + return y + + +def gcm_decrypt(k, iv, encrypted, auth_data, tag): + aes = AES.new(k) _______________________________________________ Commits mailing list [email protected] https://lists.gajim.org/cgi-bin/listinfo/commits
