changeset 5a7484b789c8 in /home/hg/repos/gajim-plugins author: lovetox <[email protected]> branches: details:gajim-plugins?cmd=changeset;node=5a7484b789c8 description: Remove old decryption logic
diffstat: url_image_preview/aes_gcm.py | 155 --------------------------------- url_image_preview/url_image_preview.py | 42 ++++---- 2 files changed, 20 insertions(+), 177 deletions(-) diffs (truncated from 325 to 300 lines): diff -r 11561dfb7445 -r 5a7484b789c8 url_image_preview/aes_gcm.py --- a/url_image_preview/aes_gcm.py Wed Sep 07 21:07:30 2016 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,155 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2014 Jonathan Zdziarski <[email protected]> -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, this -# list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# 3. Neither the name of the copyright holder nor the names of its contributors -# may be used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -import logging -from struct import pack, unpack - -from Crypto.Cipher import AES -from Crypto.Util import strxor - -log = logging.getLogger('gajim.plugin_system.aes_gcm') - - -def gcm_rightshift(vec): - for x in range(15, 0, -1): - c = vec[x] >> 1 - c |= (vec[x - 1] << 7) & 0x80 - vec[x] = c - vec[0] >>= 1 - return vec - - -def gcm_gf_mult(a, b): - mask = [0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01] - poly = [0x00, 0xe1] - - Z = [0] * 16 - V = [c for c in a] - - for x in range(128): - if b[x >> 3] & mask[x & 7]: - Z = [V[y] ^ Z[y] for y in range(16)] - bit = V[15] & 1 - V = gcm_rightshift(V) - V[0] ^= poly[bit] - return Z - - -def ghash(h, auth_data, data): - u = (16 - len(data)) % 16 - v = (16 - len(auth_data)) % 16 - - x = auth_data + chr(0) * v + data + chr(0) * u - x += pack('>QQ', len(auth_data) * 8, len(data) * 8) - - y = [0] * 16 - vec_h = [ord(c) for c in h] - - for i in range(0, len(x), 16): - block = [ord(c) for c in x[i:i + 16]] - y = [y[j] ^ block[j] for j in range(16)] - y = gcm_gf_mult(y, vec_h) - - return ''.join(chr(c) for c in y) - - -def inc32(block): - counter, = unpack('>L', block[12:]) - counter += 1 - return block[:12] + pack('>L', counter) - - -def gctr(k, icb, plaintext): - y = '' - if len(plaintext) == 0: - return y - - aes = AES.new(k) - cb = icb - - for i in range(0, len(plaintext), aes.block_size): - cb = inc32(cb) - encrypted = aes.encrypt(cb) - plaintext_block = plaintext[i:i + aes.block_size] - y += strxor.strxor(plaintext_block, encrypted[:len(plaintext_block)]) - - return y - - -def gcm_decrypt(k, iv, encrypted, auth_data, tag): - aes = AES.new(k) - h = aes.encrypt(chr(0) * aes.block_size) - - if len(iv) == 12: - y0 = iv + "\x00\x00\x00\x01" - else: - y0 = ghash(h, '', iv) - - decrypted = gctr(k, y0, encrypted) - s = ghash(h, auth_data, encrypted) - - t = aes.encrypt(y0) - T = strxor.strxor(s, t) - if T != tag: - raise ValueError('Decrypted data is invalid') - else: - return decrypted - - -def gcm_encrypt(k, iv, plaintext, auth_data): - aes = AES.new(k) - h = aes.encrypt(chr(0) * aes.block_size) - - if len(iv) == 12: - y0 = iv + "\x00\x00\x00\x01" - else: - y0 = ghash(h, '', iv) - - encrypted = gctr(k, y0, plaintext) - s = ghash(h, auth_data, encrypted) - - t = aes.encrypt(y0) - T = strxor.strxor(s, t) - return (encrypted, T) - - -def aes_encrypt(key, nonce, plaintext): - """ Use AES128 GCM with the given key and iv to encrypt the payload. """ - c, t = gcm_encrypt(key, nonce, plaintext, '') - result = c + t - return result - - -def aes_decrypt(key, nonce, payload): - """ Use AES128 GCM with the given key and iv to decrypt the payload. """ - ciphertext = payload[:-16] - mac = payload[-16:] - return gcm_decrypt(key, nonce, ciphertext, '', mac) diff -r 11561dfb7445 -r 5a7484b789c8 url_image_preview/url_image_preview.py --- a/url_image_preview/url_image_preview.py Wed Sep 07 21:07:30 2016 +0200 +++ b/url_image_preview/url_image_preview.py Wed Sep 07 22:07:07 2016 +0200 @@ -22,7 +22,6 @@ from plugins.helpers import log_calls, log from plugins.gui import GajimPluginConfigDialog from conversation_textview import TextViewImage -from .aes_gcm import aes_decrypt from .http_functions import get_http_head, get_http_file from common import demandimport @@ -140,7 +139,7 @@ if self.handlers[i].handler_is_connected(i): self.handlers[i].disconnect(i) del self.handlers[i] - + def print_special_text(self, special_text, other_tags, graphics=True, iter_=None): # remove qip bbcode @@ -191,7 +190,7 @@ iv = fragment[:16] if len(key) == 32 and len(iv) == 16: encrypted = True - + # file exists but thumbnail got deleted if os.path.exists(filepath) and not os.path.exists(thumbpath): with open(filepath, 'rb') as f: @@ -201,14 +200,14 @@ self._save_thumbnail, [thumbpath, (mem, '')], self._update_img, [special_text, repl_start, repl_end, filepath, encrypted]) - + # display thumbnail if already downloaded (but only if file also exists) elif os.path.exists(filepath) and os.path.exists(thumbpath): gajim.thread_interface( self._load_thumbnail, [thumbpath], self._update_img, [special_text, repl_start, repl_end, filepath, encrypted]) - + # or download file, calculate thumbnail and finally display it else: if encrypted and not decryption_available: @@ -221,7 +220,7 @@ get_http_head, [self.textview.account, special_text], self._check_mime_size, [special_text, repl_start, repl_end, filepaths, key, iv, encrypted]) - + # Don't print the URL in the message window (in the calling function) self.textview.plugin_modified = True @@ -229,7 +228,7 @@ size = self.plugin.config['PREVIEW_SIZE'] use_gtk = False output = None - + try: output = BytesIO() im = Image.open(BytesIO(mem)) @@ -241,7 +240,7 @@ log.info("Failed to load image using pillow, falling back to gdk pixbuf.") log.debug(e) use_gtk = True - + if use_gtk: log.info("Pillow not available or file corrupt, trying to load using gdk pixbuf.") try: @@ -261,7 +260,7 @@ log.info("Failed to load image using gdk pixbuf, ignoring image.") log.debug(e) return ('', '') - + mem = output.getvalue() output.close() try: @@ -274,7 +273,7 @@ transient_for=self.chat_control.parent_win.window) log.error(str(e)) return (mem, alt) - + def _load_thumbnail(self, thumbpath): with open(thumbpath, 'rb') as f: mem = f.read() @@ -312,13 +311,13 @@ anchor = buffer_.create_child_anchor(iter_) # Use url as tooltip for image img = TextViewImage(anchor, url) - + loader = gtk.gdk.PixbufLoader() loader.write(mem) loader.close() pixbuf = loader.get_pixbuf() img.set_from_pixbuf(pixbuf) - + eb.add(img) eb.show_all() self.textview.tv.add_child_at_anchor(eb, anchor) @@ -390,10 +389,9 @@ ' (see error log for more information)'), transient_for=self.chat_control.parent_win.window) log.error(str(e)) - + # Create thumbnail, write it to harddisk and return it return self._save_thumbnail(thumbpath, (mem, alt)) - def _create_path(self, folder): if os.path.exists(folder): @@ -441,10 +439,10 @@ save_as_menuitem = xml.get_object('save_as_menuitem') copy_link_location_menuitem = xml.get_object('copy_link_location_menuitem') open_link_in_browser_menuitem = xml.get_object('open_link_in_browser_menuitem') - + if encrypted: open_link_in_browser_menuitem.hide() - + id_ = open_menuitem.connect('activate', self.on_open_menuitem_activate, filepath) self.handlers[id_] = open_menuitem id_ = save_as_menuitem.connect('activate', self.on_save_as_menuitem_activate, @@ -456,12 +454,12 @@ id_ = open_link_in_browser_menuitem.connect('activate', self.on_open_link_in_browser_menuitem_activate, url) self.handlers[id_] = open_link_in_browser_menuitem - + return menu - + _______________________________________________ Commits mailing list [email protected] https://lists.gajim.org/cgi-bin/listinfo/commits
