INCOMPATIBILITY: send pake message as dict, not raw bytes

This gives us room in the future to put other keys there, like one which
says we want to use Noise for the phase-message encryption instead of
our current HKDF scheme.

src/wormhole/test/test_wormhole.py

@@ -10,6 +10,8 @@ from .. import wormhole
 from ..errors import WrongPasswordError, WelcomeError, UsageError
 from spake2 import SPAKE2_Symmetric
 from ..timing import DebugTiming
+from ..util import (bytes_to_dict, dict_to_bytes,
+                    hexstr_to_bytes, bytes_to_hexstr)
 from nacl.secret import SecretBox
 
 APPID = u"appid"
@@ -149,9 +151,8 @@ class Basic(unittest.TestCase):
         sp2 = SPAKE2_Symmetric(wormhole.to_bytes(code),
                                idSymmetric=wormhole.to_bytes(APPID))
         msg2 = sp2.start()
-        msg2_hex = hexlify(msg2).decode("ascii")
         key = sp2.finish(msg1)
-        return key, msg2_hex
+        return key, msg2
 
     def test_create(self):
         wormhole._Wormhole(APPID, u"relay_url", reactor, None, None)
@@ -219,11 +220,16 @@ class Basic(unittest.TestCase):
                  side=w._side)
         self.assertNoResult(v)
 
+        # extract our outbound PAKE message
+        body = bytes_to_dict(hexstr_to_bytes(out[1][u"body"]))
+        msg1 = hexstr_to_bytes(body[u"pake_v1"])
+
         # next we build the simulated peer's PAKE operation
         side2 = w._side + u"other"
-        msg1 = unhexlify(out[1][u"body"].encode("ascii"))
+        key, msg2 = self.make_pake(CODE, side2, msg1)
-        key, msg2_hex = self.make_pake(CODE, side2, msg1)
+        payload = {u"pake_v1": bytes_to_hexstr(msg2)}
-        response(w, type=u"message", phase=u"pake", body=msg2_hex, side=side2)
+        body_hex = bytes_to_hexstr(dict_to_bytes(payload))
+        response(w, type=u"message", phase=u"pake", body=body_hex, side=side2)
 
         # hearing the peer's PAKE (msg2) makes us release the nameplate, send
         # the confirmation message, and sends any queued phase messages. It
@@ -638,8 +644,9 @@ class Basic(unittest.TestCase):
 
         sp2 = SPAKE2_Symmetric(b"", idSymmetric=wormhole.to_bytes(APPID))
         msg2 = sp2.start()
-        msg2_hex = hexlify(msg2).decode("ascii")
+        payload = {u"pake_v1": bytes_to_hexstr(msg2)}
-        response(w, type=u"message", phase=u"pake", body=msg2_hex, side=u"s2")
+        body_hex = bytes_to_hexstr(dict_to_bytes(payload))
+        response(w, type=u"message", phase=u"pake", body=body_hex, side=u"s2")
         self.assertNoResult(d1)
         self.assertNoResult(d2) # verify() waits for confirmation
 

src/wormhole/wormhole.py

@@ -538,12 +538,16 @@ class _Wormhole:
                 and self._mailbox_state == OPEN
                 and self._flag_need_to_send_PAKE):
             return
-        self._msg_send(u"pake", self._msg1)
+        body = {u"pake_v1": bytes_to_hexstr(self._msg1)}
+        payload = dict_to_bytes(body)
+        self._msg_send(u"pake", payload)
         self._flag_need_to_send_PAKE = False
 
     def _event_received_pake(self, pake_msg):
+        payload = bytes_to_dict(pake_msg)
+        msg2 = hexstr_to_bytes(payload[u"pake_v1"])
         with self._timing.add("pake2", waiting="crypto"):
-            self._key = self._sp.finish(pake_msg)
+            self._key = self._sp.finish(msg2)
         self._event_established_key()
 
     def _event_established_key(self):