2007-09-16 06:16:45 +02:00
|
|
|
# common crypto functions (mostly specific to XEP-0116, but useful elsewhere)
|
2008-08-15 19:31:51 +02:00
|
|
|
# -*- coding:utf-8 -*-
|
2008-08-15 05:20:23 +02:00
|
|
|
## src/common/crypto.py
|
|
|
|
##
|
|
|
|
## Copyright (C) 2007 Brendan Taylor <whateley AT gmail.com>
|
|
|
|
##
|
|
|
|
## This file is part of Gajim.
|
|
|
|
##
|
|
|
|
## Gajim is free software; you can redistribute it and/or modify
|
|
|
|
## it under the terms of the GNU General Public License as published
|
|
|
|
## by the Free Software Foundation; version 3 only.
|
|
|
|
##
|
|
|
|
## Gajim is distributed in the hope that it will be useful,
|
|
|
|
## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
## GNU General Public License for more details.
|
|
|
|
##
|
|
|
|
## You should have received a copy of the GNU General Public License
|
|
|
|
## along with Gajim. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
##
|
2007-09-16 06:16:45 +02:00
|
|
|
|
2013-11-10 08:39:50 +01:00
|
|
|
import sys
|
2007-09-16 23:56:42 +02:00
|
|
|
import os
|
|
|
|
import math
|
|
|
|
|
2009-10-01 08:26:08 +02:00
|
|
|
from hashlib import sha256 as SHA256
|
2007-09-16 23:56:42 +02:00
|
|
|
|
2007-09-16 06:16:45 +02:00
|
|
|
# convert a large integer to a big-endian bitstring
|
|
|
|
def encode_mpi(n):
|
2010-02-08 15:08:40 +01:00
|
|
|
if n >= 256:
|
2014-11-11 15:07:53 +01:00
|
|
|
return encode_mpi(n // 256) + bytes([n % 256])
|
2010-02-08 15:08:40 +01:00
|
|
|
else:
|
2014-11-11 15:07:53 +01:00
|
|
|
return bytes([n])
|
2007-09-16 06:16:45 +02:00
|
|
|
|
|
|
|
# convert a large integer to a big-endian bitstring, padded with \x00s to
|
2007-09-16 23:56:42 +02:00
|
|
|
# a multiple of 16 bytes
|
2007-09-16 06:16:45 +02:00
|
|
|
def encode_mpi_with_padding(n):
|
2010-02-08 15:08:40 +01:00
|
|
|
return pad_to_multiple(encode_mpi(n), 16, '\x00', True)
|
2007-09-16 06:16:45 +02:00
|
|
|
|
2007-09-16 23:56:42 +02:00
|
|
|
# pad 'string' to a multiple of 'multiple_of' with 'char'.
|
|
|
|
# pad on the left if 'left', otherwise pad on the right.
|
|
|
|
def pad_to_multiple(string, multiple_of, char, left):
|
2010-02-08 15:08:40 +01:00
|
|
|
mod = len(string) % multiple_of
|
|
|
|
if mod == 0:
|
|
|
|
return string
|
|
|
|
else:
|
|
|
|
padding = (multiple_of - mod) * char
|
2007-09-16 06:16:45 +02:00
|
|
|
|
2010-02-08 15:08:40 +01:00
|
|
|
if left:
|
|
|
|
return padding + string
|
|
|
|
else:
|
|
|
|
return string + padding
|
2007-09-16 06:16:45 +02:00
|
|
|
|
|
|
|
# convert a big-endian bitstring to an integer
|
|
|
|
def decode_mpi(s):
|
2010-02-08 15:08:40 +01:00
|
|
|
if len(s) == 0:
|
|
|
|
return 0
|
|
|
|
else:
|
2014-11-11 15:07:53 +01:00
|
|
|
return 256 * decode_mpi(s[:-1]) + s[-1]
|
2007-09-16 06:16:45 +02:00
|
|
|
|
|
|
|
def sha256(string):
|
2010-02-08 15:08:40 +01:00
|
|
|
sh = SHA256()
|
|
|
|
sh.update(string)
|
|
|
|
return sh.digest()
|
2007-09-16 06:16:45 +02:00
|
|
|
|
|
|
|
base28_chr = "acdefghikmopqruvwxy123456789"
|
|
|
|
|
|
|
|
def sas_28x5(m_a, form_b):
|
2014-11-11 15:07:53 +01:00
|
|
|
sha = sha256(m_a + form_b + b'Short Authentication String')
|
2010-02-08 15:08:40 +01:00
|
|
|
lsb24 = decode_mpi(sha[-3:])
|
|
|
|
return base28(lsb24)
|
2007-09-16 06:16:45 +02:00
|
|
|
|
|
|
|
def base28(n):
|
2010-02-08 15:08:40 +01:00
|
|
|
if n >= 28:
|
2014-11-11 15:07:53 +01:00
|
|
|
return base28(n // 28) + base28_chr[n % 28]
|
2010-02-08 15:08:40 +01:00
|
|
|
else:
|
|
|
|
return base28_chr[n]
|
2007-09-16 06:16:45 +02:00
|
|
|
|
2008-10-11 12:22:04 +02:00
|
|
|
def random_bytes(bytes_):
|
2017-09-20 11:39:55 +02:00
|
|
|
return os.urandom(bytes_)
|
2007-09-16 06:16:45 +02:00
|
|
|
|
|
|
|
def generate_nonce():
|
2010-02-08 15:08:40 +01:00
|
|
|
return random_bytes(8)
|
2007-09-16 06:16:45 +02:00
|
|
|
|
|
|
|
# generate a random number between 'bottom' and 'top'
|
|
|
|
def srand(bottom, top):
|
2010-02-08 15:08:40 +01:00
|
|
|
# minimum number of bytes needed to represent that range
|
|
|
|
bytes = int(math.ceil(math.log(top - bottom, 256)))
|
2007-09-16 06:16:45 +02:00
|
|
|
|
2010-02-08 15:08:40 +01:00
|
|
|
# in retrospect, this is horribly inadequate.
|
|
|
|
return (decode_mpi(random_bytes(bytes)) % (top - bottom)) + bottom
|
2007-09-16 06:16:45 +02:00
|
|
|
|
|
|
|
# a faster version of (base ** exp) % mod
|
2010-02-08 15:08:40 +01:00
|
|
|
# taken from <http://lists.danga.com/pipermail/yadis/2005-September/001445.html>
|
2007-09-16 06:16:45 +02:00
|
|
|
def powmod(base, exp, mod):
|
2010-02-08 15:08:40 +01:00
|
|
|
square = base % mod
|
|
|
|
result = 1
|
2007-09-16 06:16:45 +02:00
|
|
|
|
2010-02-08 15:08:40 +01:00
|
|
|
while exp > 0:
|
|
|
|
if exp & 1: # exponent is odd
|
|
|
|
result = (result * square) % mod
|
2007-09-16 06:16:45 +02:00
|
|
|
|
2010-02-08 15:08:40 +01:00
|
|
|
square = (square * square) % mod
|
2014-11-11 15:07:53 +01:00
|
|
|
exp //= 2
|
2010-02-08 15:08:40 +01:00
|
|
|
return result
|