diff --git a/omemo/omemo/aes_gcm.py b/omemo/omemo/aes_gcm.py index 38394bd..4d92e87 100644 --- a/omemo/omemo/aes_gcm.py +++ b/omemo/omemo/aes_gcm.py @@ -20,15 +20,11 @@ import sys import logging + +from .aes_gcm_native import aes_decrypt +from .aes_gcm_native import aes_encrypt + log = logging.getLogger('gajim.plugin_system.omemo') -try: - from .aes_gcm_native import aes_decrypt - from .aes_gcm_native import aes_encrypt - log.debug('Using fast cryptography') -except ImportError: - from .aes_gcm_fallback import aes_decrypt - from .aes_gcm_fallback import aes_encrypt - log.debug('Using slow cryptography') def encrypt(key, iv, plaintext): diff --git a/omemo/omemo/aes_gcm_fallback.py b/omemo/omemo/aes_gcm_fallback.py deleted file mode 100644 index 0117c9f..0000000 --- a/omemo/omemo/aes_gcm_fallback.py +++ /dev/null @@ -1,162 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2014 Jonathan Zdziarski -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, this -# list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# 3. Neither the name of the copyright holder nor the names of its contributors -# may be used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -import logging -from struct import pack, unpack - -from Crypto.Cipher import AES -from Crypto.Util import strxor - -log = logging.getLogger('gajim.plugin_system.omemo') - - -def gcm_rightshift(vec): - for x in range(15, 0, -1): - c = vec[x] >> 1 - c |= (vec[x - 1] << 7) & 0x80 - vec[x] = c - vec[0] >>= 1 - return vec - - -def gcm_gf_mult(a, b): - mask = [0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01] - poly = [0x00, 0xe1] - - Z = [0] * 16 - V = [c for c in a] - - for x in range(128): - if b[x >> 3] & mask[x & 7]: - Z = [V[y] ^ Z[y] for y in range(16)] - bit = V[15] & 1 - V = gcm_rightshift(V) - V[0] ^= poly[bit] - return Z - - -def ghash(h, auth_data, data): - u = (16 - len(data)) % 16 - v = (16 - len(auth_data)) % 16 - - x = auth_data + chr(0) * v + data + chr(0) * u - x += pack('>QQ', len(auth_data) * 8, len(data) * 8) - - y = [0] * 16 - vec_h = [ord(c) for c in h] - - for i in range(0, len(x), 16): - block = [ord(c) for c in x[i:i + 16]] - y = [y[j] ^ block[j] for j in range(16)] - y = gcm_gf_mult(y, vec_h) - - return ''.join(chr(c) for c in y) - - -def inc32(block): - counter, = unpack('>L', block[12:]) - counter += 1 - return block[:12] + pack('>L', counter) - - -def gctr(k, icb, plaintext): - y = '' - if len(plaintext) == 0: - return y - - aes = AES.new(k) - cb = icb - - for i in range(0, len(plaintext), aes.block_size): - cb = inc32(cb) - encrypted = aes.encrypt(cb) - plaintext_block = plaintext[i:i + aes.block_size] - y += strxor.strxor(plaintext_block, encrypted[:len(plaintext_block)]) - - return y - - -def gcm_decrypt(k, iv, encrypted, auth_data, tag): - aes = AES.new(k) - h = aes.encrypt(chr(0) * aes.block_size) - - if len(iv) == 12: - y0 = iv + "\x00\x00\x00\x01" - else: - y0 = ghash(h, '', iv) - - decrypted = gctr(k, y0, encrypted) - s = ghash(h, auth_data, encrypted) - - t = aes.encrypt(y0) - T = strxor.strxor(s, t) - if T != tag: - raise ValueError('Decrypted data is invalid') - else: - return decrypted - - -def gcm_encrypt(k, iv, plaintext, auth_data): - aes = AES.new(k) - h = aes.encrypt(chr(0) * aes.block_size) - - if len(iv) == 12: - y0 = iv + "\x00\x00\x00\x01" - else: - y0 = ghash(h, '', iv) - - encrypted = gctr(k, y0, plaintext) - s = ghash(h, auth_data, encrypted) - - t = aes.encrypt(y0) - T = strxor.strxor(s, t) - return (encrypted, T) - - -def aes_encrypt(key, nonce, plaintext): - """ Use AES128 GCM with the given key and iv to encrypt the payload. """ - return gcm_encrypt(key, nonce, plaintext, '') - -def aes_decrypt(_key, nonce, payload): - """ Use AES128 GCM with the given key and iv to decrypt the payload. """ - if len(_key) >= 32: - # XEP-0384 - log.debug('XEP Compliant Key/Tag') - ciphertext = payload - key = _key[:16] - mac = _key[16:] - else: - # Legacy - log.debug('Legacy Key/Tag') - ciphertext = payload[:-16] - key = _key - mac = payload[-16:] - return gcm_decrypt(key, nonce, ciphertext, '', mac)