magic-wormhole/src/wormhole/twisted/transcribe.py

from __future__ import print_function
import os, sys, json, re
from binascii import hexlify, unhexlify
from zope.interface import implementer
from twisted.internet import reactor, defer
from twisted.web import client as web_client
from twisted.web import error as web_error
from twisted.web.iweb import IBodyProducer
from nacl.secret import SecretBox
from nacl.exceptions import CryptoError
from nacl import utils
from spake2 import SPAKE2_Symmetric
from .eventsource_twisted import ReconnectingEventSource
from .. import __version__
from .. import codes
from ..errors import ServerError, WrongPasswordError, UsageError
from ..util.hkdf import HKDF

@implementer(IBodyProducer)
class DataProducer:
    def __init__(self, data):
        self.data = data
        self.length = len(data)
    def startProducing(self, consumer):
        consumer.write(self.data)
        return defer.succeed(None)
    def stopProducing(self):
        pass
    def pauseProducing(self):
        pass
    def resumeProducing(self):
        pass


def post_json(agent, url, request_body):
    # POST a JSON body to a URL, parsing the response as JSON
    data = json.dumps(request_body).encode("utf-8")
    d = agent.request("POST", url, bodyProducer=DataProducer(data))
    def _check_error(resp):
        if resp.code != 200:
            raise web_error.Error(resp.code, resp.phrase)
        return resp
    d.addCallback(_check_error)
    d.addCallback(web_client.readBody)
    d.addCallback(lambda data: json.loads(data))
    return d

class Channel:
    def __init__(self, relay, channel_id, side, handle_welcome,
                 agent):
        self._channel_url = "%s%d" % (relay, channel_id)
        self._side = side
        self._handle_welcome = handle_welcome
        self._agent = agent
        self._messages = set() # (phase,body) , body is bytes
        self._sent_messages = set() # (phase,body)

    def _add_inbound_messages(self, messages):
        for msg in messages:
            phase = msg["phase"]
            body = unhexlify(msg["body"].encode("ascii"))
            self._messages.add( (phase, body) )

    def _find_inbound_message(self, phase):
        for (their_phase,body) in self._messages - self._sent_messages:
            if their_phase == phase:
                return body
        return None

    def send(self, phase, msg):
        # TODO: retry on failure, with exponential backoff. We're guarding
        # against the rendezvous server being temporarily offline.
        if not isinstance(phase, type(u"")): raise UsageError(type(phase))
        if not isinstance(msg, type(b"")): raise UsageError(type(msg))
        self._sent_messages.add( (phase,msg) )
        payload = {"side": self._side,
                   "phase": phase,
                   "body": hexlify(msg).decode("ascii")}
        d = post_json(self._agent, self._channel_url, payload)
        d.addCallback(lambda resp: self._add_inbound_messages(resp["messages"]))
        return d

    def get(self, phase):
        # fire with a bytestring of the first message for 'phase' that wasn't
        # one of ours. It will either come from previously-received messages,
        # or from an EventSource that we attach to the corresponding URL
        body = self._find_inbound_message(phase)
        if body is not None:
            return defer.succeed(body)
        d = defer.Deferred()
        msgs = []
        def _handle(name, data):
            if name == "welcome":
                self._handle_welcome(json.loads(data))
            if name == "message":
                self._add_inbound_messages([json.loads(data)])
                body = self._find_inbound_message(phase)
                if body is not None and not msgs:
                    msgs.append(body)
                    d.callback(None)
        # TODO: use agent=self._agent
        es = ReconnectingEventSource(self._channel_url, _handle)
        es.startService() # TODO: .setServiceParent(self)
        es.activate()
        d.addCallback(lambda _: es.deactivate())
        d.addCallback(lambda _: es.stopService())
        d.addCallback(lambda _: msgs[0])
        return d

    def deallocate(self, res):
        # only try once, no retries
        d = post_json(self._agent, self._channel_url+"/deallocate",
                      {"side": self._side})
        d.addBoth(lambda _: res) # ignore POST failure, pass-through result
        return d

class ChannelManager:
    def __init__(self, relay, side, handle_welcome):
        self._relay = relay
        self._side = side
        self._handle_welcome = handle_welcome
        self._agent = web_client.Agent(reactor)

    def allocate(self):
        url = self._relay + "allocate"
        d = post_json(self._agent, url, {"side": self._side})
        def _got_channel(data):
            if "welcome" in data:
                self._handle_welcome(data["welcome"])
            return data["channel-id"]
        d.addCallback(_got_channel)
        return d

    def list_channels(self):
        raise NotImplementedError

    def connect(self, channel_id):
        return Channel(self._relay, channel_id, self._side,
                       self._handle_welcome, self._agent)

class Wormhole:
    motd_displayed = False
    version_warning_displayed = False

    def __init__(self, appid, relay):
        if not isinstance(appid, type(b"")): raise UsageError
        self.appid = appid
        self.relay = relay
        self._set_side(hexlify(os.urandom(5)).decode("ascii"))
        self.code = None
        self.key = None
        self._started_get_code = False

    def _set_side(self, side):
        self._side = side
        self._channel_manager = ChannelManager(self.relay, self._side,
                                               self.handle_welcome)

    def handle_welcome(self, welcome):
        if ("motd" in welcome and
            not self.motd_displayed):
            motd_lines = welcome["motd"].splitlines()
            motd_formatted = "\n ".join(motd_lines)
            print("Server (at %s) says:\n %s" % (self.relay, motd_formatted),
                  file=sys.stderr)
            self.motd_displayed = True

        # Only warn if we're running a release version (e.g. 0.0.6, not
        # 0.0.6-DISTANCE-gHASH). Only warn once.
        if ("-" not in __version__ and
            not self.version_warning_displayed and
            welcome["current_version"] != __version__):
            print("Warning: errors may occur unless both sides are running the same version", file=sys.stderr)
            print("Server claims %s is current, but ours is %s"
                  % (welcome["current_version"], __version__), file=sys.stderr)
            self.version_warning_displayed = True

        if "error" in welcome:
            raise ServerError(welcome["error"], self.relay)

    def get_code(self, code_length=2):
        if self.code is not None: raise UsageError
        if self._started_get_code: raise UsageError
        self._started_get_code = True
        d = self._channel_manager.allocate()
        def _got_channel_id(channel_id):
            code = codes.make_code(channel_id, code_length)
            assert isinstance(code, str), type(code)
            self._set_code_and_channel_id(code)
            self._start()
            return code
        d.addCallback(_got_channel_id)
        return d

    def set_code(self, code):
        if not isinstance(code, str): raise UsageError
        if self.code is not None: raise UsageError
        self._set_code_and_channel_id(code)
        self._start()

    def _set_code_and_channel_id(self, code):
        if self.code is not None: raise UsageError
        mo = re.search(r'^(\d+)-', code)
        if not mo:
            raise ValueError("code (%s) must start with NN-" % code)
        self.code = code
        channel_id = int(mo.group(1))
        self.channel = self._channel_manager.connect(channel_id)

    def _start(self):
        # allocate the rest now too, so it can be serialized
        self.sp = SPAKE2_Symmetric(self.code.encode("ascii"),
                                   idSymmetric=self.appid)
        self.msg1 = self.sp.start()

    def serialize(self):
        # I can only be serialized after get_code/set_code and before
        # get_verifier/get_data
        if self.code is None: raise UsageError
        if self.key is not None: raise UsageError
        data = {
            "appid": self.appid,
            "relay": self.relay,
            "code": self.code,
            "side": self._side,
            "spake2": json.loads(self.sp.serialize()),
            "msg1": self.msg1.encode("hex"),
        }
        return json.dumps(data)

    @classmethod
    def from_serialized(klass, data):
        d = json.loads(data)
        self = klass(d["appid"].encode("ascii"), d["relay"].encode("ascii"))
        self._set_side(d["side"].encode("ascii"))
        self._set_code_and_channel_id(d["code"].encode("ascii"))
        self.sp = SPAKE2_Symmetric.from_serialized(json.dumps(d["spake2"]))
        self.msg1 = d["msg1"].decode("hex")
        return self

    def derive_key(self, purpose, length=SecretBox.KEY_SIZE):
        if self.key is None:
            # call after get_verifier() or get_data()
            raise UsageError
        if not isinstance(purpose, type(b"")): raise UsageError
        return HKDF(self.key, length, CTXinfo=purpose)

    def _encrypt_data(self, key, data):
        assert isinstance(key, type(b"")), type(key)
        assert isinstance(data, type(b"")), type(data)
        if len(key) != SecretBox.KEY_SIZE: raise UsageError
        box = SecretBox(key)
        nonce = utils.random(SecretBox.NONCE_SIZE)
        return box.encrypt(data, nonce)

    def _decrypt_data(self, key, encrypted):
        assert isinstance(key, type(b"")), type(key)
        assert isinstance(encrypted, type(b"")), type(encrypted)
        if len(key) != SecretBox.KEY_SIZE: raise UsageError
        box = SecretBox(key)
        data = box.decrypt(encrypted)
        return data


    def _get_key(self):
        # TODO: prevent multiple invocation
        if self.key:
            return defer.succeed(self.key)
        d = self.channel.send(u"pake", self.msg1)
        d.addCallback(lambda _: self.channel.get(u"pake"))
        def _got_pake(pake_msg):
            key = self.sp.finish(pake_msg)
            self.key = key
            self.verifier = self.derive_key(self.appid+b":Verifier")
            return key
        d.addCallback(_got_pake)
        return d

    def get_verifier(self):
        if self.code is None: raise UsageError
        d = self._get_key()
        d.addCallback(lambda _: self.verifier)
        return d

    def get_data(self, outbound_data):
        # only call this once
        if not isinstance(outbound_data, type(b"")): raise UsageError
        if self.code is None: raise UsageError
        d = self._get_key()
        d.addCallback(self._get_data2, outbound_data)
        d.addBoth(self.channel.deallocate)
        return d

    def _get_data2(self, key, outbound_data):
        # Without predefined roles, we can't derive predictably unique keys
        # for each side, so we use the same key for both. We use random
        # nonces to keep the messages distinct, and check for reflection.
        data_key = self.derive_key(b"data-key")

        outbound_encrypted = self._encrypt_data(data_key, outbound_data)
        d = self.channel.send(u"data", outbound_encrypted)

        d.addCallback(lambda _: self.channel.get(u"data"))
        def _got_data(inbound_encrypted):
            #if inbound_encrypted == outbound_encrypted:
            #    raise ReflectionAttack
            try:
                inbound_data = self._decrypt_data(data_key, inbound_encrypted)
                return inbound_data
            except CryptoError:
                raise WrongPasswordError
        d.addCallback(_got_data)
        return d
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`from __future__ import print_function`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`import os, sys, json, re`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`from binascii import hexlify, unhexlify`
			`from zope.interface import implementer`
			`from twisted.internet import reactor, defer`
			`from twisted.web import client as web_client`
			`from twisted.web import error as web_error`
			`from twisted.web.iweb import IBodyProducer`
			`from nacl.secret import SecretBox`
			`from nacl.exceptions import CryptoError`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`from nacl import utils`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`from spake2 import SPAKE2_Symmetric`
rename twisted/eventsource.py in prep for directory merge 2015-07-25 00:55:23 +00:00			`from .eventsource_twisted import ReconnectingEventSource`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`from .. import __version__`
			`from .. import codes`
rewrite server API This removes "side" and "msgnum" from the URLs, and puts them in a JSON request body instead. The server now maintains a simple set of messages for each channel-id, and isn't responsible for removing duplicates. The client now fetches all messages, and just ignores everything it sent itself. This removes the "reflection attack". Deallocate now returns JSON, for consistency. DB and API use "phase" and "body" instead of msgnum/message. This changes the DB schema, so delete the DB before upgrading the server. 2015-10-03 19:36:14 +00:00			`from ..errors import ServerError, WrongPasswordError, UsageError`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`from ..util.hkdf import HKDF`
fill in initiator flow, define relay API 2015-02-11 02:34:13 +00:00
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`@implementer(IBodyProducer)`
			`class DataProducer:`
			`def __init__(self, data):`
			`self.data = data`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`self.length = len(data)`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`def startProducing(self, consumer):`
			`consumer.write(self.data)`
			`return defer.succeed(None)`
			`def stopProducing(self):`
			`pass`
			`def pauseProducing(self):`
			`pass`
			`def resumeProducing(self):`
			`pass`

make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`def post_json(agent, url, request_body):`
			`# POST a JSON body to a URL, parsing the response as JSON`
			`data = json.dumps(request_body).encode("utf-8")`
			`d = agent.request("POST", url, bodyProducer=DataProducer(data))`
			`def _check_error(resp):`
			`if resp.code != 200:`
			`raise web_error.Error(resp.code, resp.phrase)`
			`return resp`
			`d.addCallback(_check_error)`
			`d.addCallback(web_client.readBody)`
			`d.addCallback(lambda data: json.loads(data))`
			`return d`

			`class Channel:`
			`def __init__(self, relay, channel_id, side, handle_welcome,`
			`agent):`
			`self._channel_url = "%s%d" % (relay, channel_id)`
			`self._side = side`
			`self._handle_welcome = handle_welcome`
			`self._agent = agent`
			`self._messages = set() # (phase,body) , body is bytes`
			`self._sent_messages = set() # (phase,body)`

			`def _add_inbound_messages(self, messages):`
			`for msg in messages:`
			`phase = msg["phase"]`
			`body = unhexlify(msg["body"].encode("ascii"))`
			`self._messages.add( (phase, body) )`

			`def _find_inbound_message(self, phase):`
			`for (their_phase,body) in self._messages - self._sent_messages:`
			`if their_phase == phase:`
			`return body`
			`return None`

			`def send(self, phase, msg):`
			`# TODO: retry on failure, with exponential backoff. We're guarding`
			`# against the rendezvous server being temporarily offline.`
			`if not isinstance(phase, type(u"")): raise UsageError(type(phase))`
			`if not isinstance(msg, type(b"")): raise UsageError(type(msg))`
			`self._sent_messages.add( (phase,msg) )`
			`payload = {"side": self._side,`
			`"phase": phase,`
			`"body": hexlify(msg).decode("ascii")}`
			`d = post_json(self._agent, self._channel_url, payload)`
			`d.addCallback(lambda resp: self._add_inbound_messages(resp["messages"]))`
			`return d`

			`def get(self, phase):`
			`# fire with a bytestring of the first message for 'phase' that wasn't`
			`# one of ours. It will either come from previously-received messages,`
			`# or from an EventSource that we attach to the corresponding URL`
			`body = self._find_inbound_message(phase)`
			`if body is not None:`
			`return defer.succeed(body)`
			`d = defer.Deferred()`
			`msgs = []`
			`def _handle(name, data):`
			`if name == "welcome":`
			`self._handle_welcome(json.loads(data))`
			`if name == "message":`
			`self._add_inbound_messages([json.loads(data)])`
			`body = self._find_inbound_message(phase)`
			`if body is not None and not msgs:`
			`msgs.append(body)`
			`d.callback(None)`
			`# TODO: use agent=self._agent`
			`es = ReconnectingEventSource(self._channel_url, _handle)`
			`es.startService() # TODO: .setServiceParent(self)`
			`es.activate()`
			`d.addCallback(lambda _: es.deactivate())`
			`d.addCallback(lambda _: es.stopService())`
			`d.addCallback(lambda _: msgs[0])`
			`return d`

			`def deallocate(self, res):`
			`# only try once, no retries`
			`d = post_json(self._agent, self._channel_url+"/deallocate",`
			`{"side": self._side})`
			`d.addBoth(lambda _: res) # ignore POST failure, pass-through result`
			`return d`

			`class ChannelManager:`
			`def __init__(self, relay, side, handle_welcome):`
			`self._relay = relay`
			`self._side = side`
			`self._handle_welcome = handle_welcome`
			`self._agent = web_client.Agent(reactor)`

			`def allocate(self):`
			`url = self._relay + "allocate"`
			`d = post_json(self._agent, url, {"side": self._side})`
			`def _got_channel(data):`
			`if "welcome" in data:`
			`self._handle_welcome(data["welcome"])`
			`return data["channel-id"]`
			`d.addCallback(_got_channel)`
			`return d`

			`def list_channels(self):`
			`raise NotImplementedError`

			`def connect(self, channel_id):`
			`return Channel(self._relay, channel_id, self._side,`
			`self._handle_welcome, self._agent)`

rename SymmetricWormhole to just "Wormhole" Update docs too. Now both blocking/ and twisted/ use "Wormhole". 2015-07-25 00:47:46 +00:00			`class Wormhole:`
minor reformatting, improve test error messages 2015-07-24 23:57:19 +00:00			`motd_displayed = False`
			`version_warning_displayed = False`

make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`def __init__(self, appid, relay):`
appid and derive_key(purpose=) must be bytes, not unicode 2015-09-24 19:37:55 +00:00			`if not isinstance(appid, type(b"")): raise UsageError`
fill in initiator flow, define relay API 2015-02-11 02:34:13 +00:00			`self.appid = appid`
			`self.relay = relay`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`self._set_side(hexlify(os.urandom(5)).decode("ascii"))`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`self.code = None`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`self.key = None`
			`self._started_get_code = False`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00
			`def _set_side(self, side):`
			`self._side = side`
			`self._channel_manager = ChannelManager(self.relay, self._side,`
			`self.handle_welcome)`
minor reformatting, improve test error messages 2015-07-24 23:57:19 +00:00
			`def handle_welcome(self, welcome):`
			`if ("motd" in welcome and`
			`not self.motd_displayed):`
			`motd_lines = welcome["motd"].splitlines()`
			`motd_formatted = "\n ".join(motd_lines)`
			`print("Server (at %s) says:\n %s" % (self.relay, motd_formatted),`
			`file=sys.stderr)`
			`self.motd_displayed = True`

			`# Only warn if we're running a release version (e.g. 0.0.6, not`
			`# 0.0.6-DISTANCE-gHASH). Only warn once.`
			`if ("-" not in __version__ and`
			`not self.version_warning_displayed and`
			`welcome["current_version"] != __version__):`
			`print("Warning: errors may occur unless both sides are running the same version", file=sys.stderr)`
			`print("Server claims %s is current, but ours is %s"`
			`% (welcome["current_version"], __version__), file=sys.stderr)`
			`self.version_warning_displayed = True`

			`if "error" in welcome:`
			`raise ServerError(welcome["error"], self.relay)`

rearrange twisted+blocking to look roughly the same 2015-07-25 00:02:32 +00:00			`def get_code(self, code_length=2):`
			`if self.code is not None: raise UsageError`
			`if self._started_get_code: raise UsageError`
			`self._started_get_code = True`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`d = self._channel_manager.allocate()`
rearrange twisted+blocking to look roughly the same 2015-07-25 00:02:32 +00:00			`def _got_channel_id(channel_id):`
			`code = codes.make_code(channel_id, code_length)`
enforce bytes-vs-str in the API The main wormhole code is str (unicode in py3, bytes in py2). Most everything else must be passed as bytes in both py2/py3. Keep the internal "side" string as a str, to make it easier to merge with other URL pieces. 2015-09-28 06:09:51 +00:00			`assert isinstance(code, str), type(code)`
rearrange twisted+blocking to look roughly the same 2015-07-25 00:02:32 +00:00			`self._set_code_and_channel_id(code)`
			`self._start()`
			`return code`
			`d.addCallback(_got_channel_id)`
			`return d`

make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`def set_code(self, code):`
enforce bytes-vs-str in the API The main wormhole code is str (unicode in py3, bytes in py2). Most everything else must be passed as bytes in both py2/py3. Keep the internal "side" string as a str, to make it easier to merge with other URL pieces. 2015-09-28 06:09:51 +00:00			`if not isinstance(code, str): raise UsageError`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`if self.code is not None: raise UsageError`
			`self._set_code_and_channel_id(code)`
			`self._start()`

			`def _set_code_and_channel_id(self, code):`
			`if self.code is not None: raise UsageError`
			`mo = re.search(r'^(\d+)-', code)`
			`if not mo:`
			`raise ValueError("code (%s) must start with NN-" % code)`
			`self.code = code`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`channel_id = int(mo.group(1))`
			`self.channel = self._channel_manager.connect(channel_id)`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`def _start(self):`
			`# allocate the rest now too, so it can be serialized`
			`self.sp = SPAKE2_Symmetric(self.code.encode("ascii"),`
update idSymmetric= to match SPAKE2-0.3 2015-09-22 08:07:46 +00:00			`idSymmetric=self.appid)`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`self.msg1 = self.sp.start()`

			`def serialize(self):`
			`# I can only be serialized after get_code/set_code and before`
			`# get_verifier/get_data`
			`if self.code is None: raise UsageError`
			`if self.key is not None: raise UsageError`
			`data = {`
			`"appid": self.appid,`
			`"relay": self.relay,`
			`"code": self.code,`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`"side": self._side,`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`"spake2": json.loads(self.sp.serialize()),`
			`"msg1": self.msg1.encode("hex"),`
			`}`
			`return json.dumps(data)`

			`@classmethod`
			`def from_serialized(klass, data):`
			`d = json.loads(data)`
			`self = klass(d["appid"].encode("ascii"), d["relay"].encode("ascii"))`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`self._set_side(d["side"].encode("ascii"))`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`self._set_code_and_channel_id(d["code"].encode("ascii"))`
			`self.sp = SPAKE2_Symmetric.from_serialized(json.dumps(d["spake2"]))`
			`self.msg1 = d["msg1"].decode("hex")`
			`return self`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00
			`def derive_key(self, purpose, length=SecretBox.KEY_SIZE):`
replace base asserts with UsageError 2015-07-24 22:55:42 +00:00			`if self.key is None:`
			`# call after get_verifier() or get_data()`
			`raise UsageError`
improve typechecking, nacl.utils.EncryptedMessage is not a bytestring but it derives from one 2015-07-24 23:45:20 +00:00			`if not isinstance(purpose, type(b"")): raise UsageError`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`return HKDF(self.key, length, CTXinfo=purpose)`

make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`def _encrypt_data(self, key, data):`
enforce bytes-vs-str in the API The main wormhole code is str (unicode in py3, bytes in py2). Most everything else must be passed as bytes in both py2/py3. Keep the internal "side" string as a str, to make it easier to merge with other URL pieces. 2015-09-28 06:09:51 +00:00			`assert isinstance(key, type(b"")), type(key)`
			`assert isinstance(data, type(b"")), type(data)`
replace base asserts with UsageError 2015-07-24 22:55:42 +00:00			`if len(key) != SecretBox.KEY_SIZE: raise UsageError`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`box = SecretBox(key)`
			`nonce = utils.random(SecretBox.NONCE_SIZE)`
			`return box.encrypt(data, nonce)`

			`def _decrypt_data(self, key, encrypted):`
enforce bytes-vs-str in the API The main wormhole code is str (unicode in py3, bytes in py2). Most everything else must be passed as bytes in both py2/py3. Keep the internal "side" string as a str, to make it easier to merge with other URL pieces. 2015-09-28 06:09:51 +00:00			`assert isinstance(key, type(b"")), type(key)`
			`assert isinstance(encrypted, type(b"")), type(encrypted)`
replace base asserts with UsageError 2015-07-24 22:55:42 +00:00			`if len(key) != SecretBox.KEY_SIZE: raise UsageError`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`box = SecretBox(key)`
			`data = box.decrypt(encrypted)`
			`return data`

rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00
			`def _get_key(self):`
			`# TODO: prevent multiple invocation`
			`if self.key:`
			`return defer.succeed(self.key)`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`d = self.channel.send(u"pake", self.msg1)`
			`d.addCallback(lambda _: self.channel.get(u"pake"))`
refactor: _get_message() (singular) does unhexlify too 2015-07-24 23:33:29 +00:00			`def _got_pake(pake_msg):`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`key = self.sp.finish(pake_msg)`
			`self.key = key`
			`self.verifier = self.derive_key(self.appid+b":Verifier")`
			`return key`
			`d.addCallback(_got_pake)`
			`return d`

			`def get_verifier(self):`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`if self.code is None: raise UsageError`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`d = self._get_key()`
			`d.addCallback(lambda _: self.verifier)`
			`return d`

			`def get_data(self, outbound_data):`
			`# only call this once`
enforce bytes-vs-str in the API The main wormhole code is str (unicode in py3, bytes in py2). Most everything else must be passed as bytes in both py2/py3. Keep the internal "side" string as a str, to make it easier to merge with other URL pieces. 2015-09-28 06:09:51 +00:00			`if not isinstance(outbound_data, type(b"")): raise UsageError`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`if self.code is None: raise UsageError`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`d = self._get_key()`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`d.addCallback(self._get_data2, outbound_data)`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`d.addBoth(self.channel.deallocate)`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`return d`

			`def _get_data2(self, key, outbound_data):`
			`# Without predefined roles, we can't derive predictably unique keys`
			`# for each side, so we use the same key for both. We use random`
			`# nonces to keep the messages distinct, and check for reflection.`
			`data_key = self.derive_key(b"data-key")`
minor reformatting, improve test error messages 2015-07-24 23:57:19 +00:00
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`outbound_encrypted = self._encrypt_data(data_key, outbound_data)`
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`d = self.channel.send(u"data", outbound_encrypted)`
minor reformatting, improve test error messages 2015-07-24 23:57:19 +00:00
split transcribe.py into two layers: comms and crypto 2015-10-04 00:46:11 +00:00			`d.addCallback(lambda _: self.channel.get(u"data"))`
refactor: _get_message() (singular) does unhexlify too 2015-07-24 23:33:29 +00:00			`def _got_data(inbound_encrypted):`
rewrite server API This removes "side" and "msgnum" from the URLs, and puts them in a JSON request body instead. The server now maintains a simple set of messages for each channel-id, and isn't responsible for removing duplicates. The client now fetches all messages, and just ignores everything it sent itself. This removes the "reflection attack". Deallocate now returns JSON, for consistency. DB and API use "phase" and "body" instead of msgnum/message. This changes the DB schema, so delete the DB before upgrading the server. 2015-10-03 19:36:14 +00:00			`#if inbound_encrypted == outbound_encrypted:`
			`# raise ReflectionAttack`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`try:`
make twisted work, get serialization into shape, add proper tests 2015-06-21 02:18:21 +00:00			`inbound_data = self._decrypt_data(data_key, inbound_encrypted)`
rough out twisted.SymmetricWormhole 2015-06-21 01:36:22 +00:00			`return inbound_data`
			`except CryptoError:`
			`raise WrongPasswordError`
			`d.addCallback(_got_data)`
			`return d`