Use native cryptography lib if installed

omemo/omemo/aes_gcm.py

 # -*- coding: utf-8 -*-
 #
-# Copyright 2014 Jonathan Zdziarski <jonathan@zdziarski.com>
+# Copyright 2015 Bahtiar `kalkin-` Gadimov <bahtiar@gadimov.de>
 #
-# All rights reserved.
+# This file is part of python-omemo library.
 #
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
+# The python-omemo library is free software: you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
 #
-# 1. Redistributions of source code must retain the above copyright notice, this
-# list of conditions and the following disclaimer.
+# python-omemo is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 #
-# 2. Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation
-# and/or other materials provided with the distribution.
+# You should have received a copy of the GNU General Public License along with
+# the python-omemo library.  If not, see <http://www.gnu.org/licenses/>.
 #
-# 3. Neither the name of the copyright holder nor the names of its contributors
-# may be used to endorse or promote products derived from this software without
-# specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-import logging
-from struct import pack, unpack
 
-from Crypto.Cipher import AES
-from Crypto.Util import strxor
 
+import sys
+import logging
 log = logging.getLogger('gajim.plugin_system.omemo')
+try:
+    from .aes_gcm_native import aes_decrypt
+    from .aes_gcm_native import aes_encrypt
+    log.debug('Using fast cryptography')
+except ImportError:
+    from .aes_gcm_fallback import aes_decrypt
+    from .aes_gcm_fallback import aes_encrypt
+    log.debug('Using slow cryptography')
 
 
-def gcm_rightshift(vec):
-    for x in range(15, 0, -1):
-        c = vec[x] >> 1
-        c |= (vec[x - 1] << 7) & 0x80
-        vec[x] = c
-    vec[0] >>= 1
-    return vec
-
-
-def gcm_gf_mult(a, b):
-    mask = [0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01]
-    poly = [0x00, 0xe1]
-
-    Z = [0] * 16
-    V = [c for c in a]
-
-    for x in range(128):
-        if b[x >> 3] & mask[x & 7]:
-            Z = [V[y] ^ Z[y] for y in range(16)]
-        bit = V[15] & 1
-        V = gcm_rightshift(V)
-        V[0] ^= poly[bit]
-    return Z
-
-
-def ghash(h, auth_data, data):
-    u = (16 - len(data)) % 16
-    v = (16 - len(auth_data)) % 16
-
-    x = auth_data + chr(0) * v + data + chr(0) * u
-    x += pack('>QQ', len(auth_data) * 8, len(data) * 8)
-
-    y = [0] * 16
-    vec_h = [ord(c) for c in h]
-
-    for i in range(0, len(x), 16):
-        block = [ord(c) for c in x[i:i + 16]]
-        y = [y[j] ^ block[j] for j in range(16)]
-        y = gcm_gf_mult(y, vec_h)
-
-    return ''.join(chr(c) for c in y)
-
-
-def inc32(block):
-    counter, = unpack('>L', block[12:])
-    counter += 1
-    return block[:12] + pack('>L', counter)
-
-
-def gctr(k, icb, plaintext):
-    y = ''
-    if len(plaintext) == 0:
-        return y
+def encrypt(key, iv, plaintext):
+    return aes_encrypt(key, iv, plaintext)
 
-    aes = AES.new(k)
-    cb = icb
 
-    for i in range(0, len(plaintext), aes.block_size):
-        cb = inc32(cb)
-        encrypted = aes.encrypt(cb)
-        plaintext_block = plaintext[i:i + aes.block_size]
-        y += strxor.strxor(plaintext_block, encrypted[:len(plaintext_block)])
-
-    return y
-
-
-def gcm_decrypt(k, iv, encrypted, auth_data, tag):
-    aes = AES.new(k)
-    h = aes.encrypt(chr(0) * aes.block_size)
-
-    if len(iv) == 12:
-        y0 = iv + "\x00\x00\x00\x01"
+def decrypt(key, iv, ciphertext):
+    plaintext = aes_decrypt(key, iv, ciphertext).decode('utf-8')
+    if sys.version_info < (3, 0):
+        return unicode(plaintext)
     else:
-        y0 = ghash(h, '', iv)
-
-    decrypted = gctr(k, y0, encrypted)
-    s = ghash(h, auth_data, encrypted)
-
-    t = aes.encrypt(y0)
-    T = strxor.strxor(s, t)
-    if T != tag:
-        raise ValueError('Decrypted data is invalid')
-    else:
-        return decrypted
-
-
-def gcm_encrypt(k, iv, plaintext, auth_data):
-    aes = AES.new(k)
-    h = aes.encrypt(chr(0) * aes.block_size)
-
-    if len(iv) == 12:
-        y0 = iv + "\x00\x00\x00\x01"
-    else:
-        y0 = ghash(h, '', iv)
-
-    encrypted = gctr(k, y0, plaintext)
-    s = ghash(h, auth_data, encrypted)
-
-    t = aes.encrypt(y0)
-    T = strxor.strxor(s, t)
-    return (encrypted, T)
-
-
-def aes_encrypt(key, nonce, plaintext):
-    """ Use AES128 GCM with the given key and iv to encrypt the payload. """
-    c, t = gcm_encrypt(key, nonce, plaintext, '')
-    result = c + t
-    return result
-
-
-def aes_decrypt(key, nonce, payload):
-    """ Use AES128 GCM with the given key and iv to decrypt the payload. """
-    ciphertext = payload[:-16]
-    mac = payload[-16:]
-    return gcm_decrypt(key, nonce, ciphertext, '', mac)
+        return plaintext
 
 
 class NoValidSessions(Exception):

omemo/omemo/aes_gcm_fallback.py

+# -*- coding: utf-8 -*-
+#
+# Copyright 2014 Jonathan Zdziarski <jonathan@zdziarski.com>
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its contributors
+# may be used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+from struct import pack, unpack
+
+from Crypto.Cipher import AES
+from Crypto.Util import strxor
+
+
+def gcm_rightshift(vec):
+    for x in range(15, 0, -1):
+        c = vec[x] >> 1
+        c |= (vec[x - 1] << 7) & 0x80
+        vec[x] = c
+    vec[0] >>= 1
+    return vec
+
+
+def gcm_gf_mult(a, b):
+    mask = [0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01]
+    poly = [0x00, 0xe1]
+
+    Z = [0] * 16
+    V = [c for c in a]
+
+    for x in range(128):
+        if b[x >> 3] & mask[x & 7]:
+            Z = [V[y] ^ Z[y] for y in range(16)]
+        bit = V[15] & 1
+        V = gcm_rightshift(V)
+        V[0] ^= poly[bit]
+    return Z
+
+
+def ghash(h, auth_data, data):
+    u = (16 - len(data)) % 16
+    v = (16 - len(auth_data)) % 16
+
+    x = auth_data + chr(0) * v + data + chr(0) * u
+    x += pack('>QQ', len(auth_data) * 8, len(data) * 8)
+
+    y = [0] * 16
+    vec_h = [ord(c) for c in h]
+
+    for i in range(0, len(x), 16):
+        block = [ord(c) for c in x[i:i + 16]]
+        y = [y[j] ^ block[j] for j in range(16)]
+        y = gcm_gf_mult(y, vec_h)
+
+    return ''.join(chr(c) for c in y)
+
+
+def inc32(block):
+    counter, = unpack('>L', block[12:])
+    counter += 1
+    return block[:12] + pack('>L', counter)
+
+
+def gctr(k, icb, plaintext):
+    y = ''
+    if len(plaintext) == 0:
+        return y
+
+    aes = AES.new(k)
+    cb = icb
+
+    for i in range(0, len(plaintext), aes.block_size):
+        cb = inc32(cb)
+        encrypted = aes.encrypt(cb)
+        plaintext_block = plaintext[i:i + aes.block_size]
+        y += strxor.strxor(plaintext_block, encrypted[:len(plaintext_block)])
+
+    return y
+
+
+def gcm_decrypt(k, iv, encrypted, auth_data, tag):
+    aes = AES.new(k)
+    h = aes.encrypt(chr(0) * aes.block_size)
+
+    if len(iv) == 12:
+        y0 = iv + "\x00\x00\x00\x01"
+    else:
+        y0 = ghash(h, '', iv)
+
+    decrypted = gctr(k, y0, encrypted)
+    s = ghash(h, auth_data, encrypted)
+
+    t = aes.encrypt(y0)
+    T = strxor.strxor(s, t)
+    if T != tag:
+        raise ValueError('Decrypted data is invalid')
+    else:
+        return decrypted
+
+
+def gcm_encrypt(k, iv, plaintext, auth_data):
+    aes = AES.new(k)
+    h = aes.encrypt(chr(0) * aes.block_size)
+
+    if len(iv) == 12:
+        y0 = iv + "\x00\x00\x00\x01"
+    else:
+        y0 = ghash(h, '', iv)
+
+    encrypted = gctr(k, y0, plaintext)
+    s = ghash(h, auth_data, encrypted)
+
+    t = aes.encrypt(y0)
+    T = strxor.strxor(s, t)
+    return (encrypted, T)
+
+
+def aes_encrypt(key, nonce, plaintext):
+    """ Use AES128 GCM with the given key and iv to encrypt the payload. """
+    c, t = gcm_encrypt(key, nonce, plaintext, '')
+    result = c + t
+    return result
+
+
+def aes_decrypt(key, nonce, payload):
+    """ Use AES128 GCM with the given key and iv to decrypt the payload. """
+    ciphertext = payload[:-16]
+    mac = payload[-16:]
+    return gcm_decrypt(key, nonce, ciphertext, '', mac)

omemo/omemo/aes_gcm_native.py

+# -*- coding: utf-8 -*-
+#
+# Copyright 2015 Bahtiar `kalkin-` Gadimov <bahtiar@gadimov.de>
+#
+# This file is part of python-omemo library.
+#
+# The python-omemo library is free software: you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# python-omemo is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# the python-omemo library.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+import os
+from cryptography.hazmat.primitives.ciphers import Cipher
+from cryptography.hazmat.primitives.ciphers import algorithms
+from cryptography.hazmat.primitives.ciphers.modes import GCM
+
+# On Windows we have to import a specific backend because the
+# default_backend() mechanism doesnt work in Gajim for Windows.
+# Its because of how Gajim is build with cx_freeze
+
+if os.name == 'nt':
+    from cryptography.hazmat.backends.openssl import backend
+else:
+    from cryptography.hazmat.backends import default_backend
+
+
+def aes_decrypt(key, iv, payload):
+    """ Use AES128 GCM with the given key and iv to decrypt the payload. """
+    data = payload[:-16]
+    tag = payload[-16:]
+    if os.name == 'nt':
+        _backend = backend
+    else:
+        _backend = default_backend()
+    decryptor = Cipher(
+        algorithms.AES(key),
+        GCM(iv, tag=tag),
+        backend=_backend).decryptor()
+    return decryptor.update(data) + decryptor.finalize()
+
+
+def aes_encrypt(key, iv, plaintext):
+    """ Use AES128 GCM with the given key and iv to encrypt the plaintext. """
+    if os.name == 'nt':
+        _backend = backend
+    else:
+        _backend = default_backend()
+    encryptor = Cipher(
+        algorithms.AES(key),
+        GCM(iv),
+        backend=_backend).encryptor()
+    return encryptor.update(plaintext) + encryptor.finalize() + encryptor.tag

omemo/omemo/state.py

@@ -35,7 +35,7 @@ from axolotl.state.prekeybundle import PreKeyBundle
 from axolotl.util.keyhelper import KeyHelper
 from Crypto.Random import get_random_bytes
 
-from .aes_gcm import NoValidSessions, aes_decrypt, aes_encrypt
+from .aes_gcm import NoValidSessions, decrypt, encrypt
 from .liteaxolotlstore import (LiteAxolotlStore, DEFAULT_PREKEY_AMOUNT,
                                MIN_PREKEY_AMOUNT, SPK_CYCLE_TIME,
                                SPK_ARCHIVE_TIME)
@@ -210,7 +210,7 @@ class OmemoState:
                       ' sid => ' + str(sid))
             return
 
-        result = unicode(aes_decrypt(key, iv, payload))
+        result = unicode(decrypt(key, iv, payload))
 
         if self.own_jid == sender_jid:
             self.add_own_device(sid)
@@ -263,7 +263,7 @@ class OmemoState:
                 log.debug('Skipped own Device because Trust is: ' +
                           str(self.isTrusted(cipher)))
 
-        payload = aes_encrypt(key, iv, plaintext)
+        payload = encrypt(key, iv, plaintext)
 
         result = {'sid': self.own_device_id,
                   'keys': encrypted_keys,