Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
nbxmpp/auth_nb.py
View file @ ef78e16c
......@@ -29,6 +29,8 @@ from .protocol import Node, NodeProcessed, isResultNode, Iq, Protocol, JID
from .plugin import PlugIn
import sys
import re
import os
import binascii
import base64
from . import dispatcher_nb
import hmac
......@@ -37,8 +39,6 @@ import hashlib
import logging
log = logging.getLogger('nbxmpp.auth_nb')
from . import rndg
def HH(some): return hashlib.md5(some).hexdigest()
def H(some): return hashlib.md5(some).digest()
def C(some): return b':'.join(some)
......@@ -463,7 +463,7 @@ class SASL(PlugIn):
(isinstance(chal['qop'], list) and 'auth' in chal['qop'])):
self.resp = {'username': self.username,
'nonce': chal['nonce'],
'cnonce': '%x' % rndg.getrandbits(196),
'cnonce': '%x' % int(binascii.hexlify(os.urandom(24)), 16),
'nc': ('00000001'), # ToDo: Is this a tupel or only a string?
'qop': 'auth',
'digest-uri': 'xmpp/' + self._owner.Server,
......@@ -498,7 +498,7 @@ class SASL(PlugIn):
def set_password(self, password):
self.password = '' if password is None else password
if self.mechanism in ('SCRAM-SHA-1', 'SCRAM-SHA-1-PLUS'):
self.client_nonce = '%x' % rndg.getrandbits(196)
self.client_nonce = '%x' % int(binascii.hexlify(os.urandom(24)), 16)
self.scram_soup = 'n=' + self.username + ',r=' + self.client_nonce
if self.mechanism == 'SCRAM-SHA-1':
if self.channel_binding is None:
......
nbxmpp/bosh.py
View file @ ef78e16c
......@@ -17,7 +17,8 @@
## You should have received a copy of the GNU General Public License
## along with Gajim. If not, see <http://www.gnu.org/licenses/>.
import os
import binascii
import locale
from hashlib import sha1
from .transports_nb import NonBlockingTransport, NonBlockingHTTPBOSH,\
......@@ -29,8 +30,6 @@ from .simplexml import Node
import logging
log = logging.getLogger('nbxmpp.bosh')
from . import rndg
KEY_COUNT = 10
# Fake file descriptor - it's used for setting read_timeout in idlequeue for
......@@ -486,11 +485,9 @@ class NonBlockingBOSH(NonBlockingTransport):
def get_rand_number():
# with 50-bit random initial rid, session would have to go up
# to 7881299347898368 messages to raise rid over 2**53
# (see http://www.xmpp.org/extensions/xep-0124.html#rids)
# it's also used for sequence key initialization
return rndg.getrandbits(50)
return int(binascii.hexlify(os.urandom(6)), 16)
class AckChecker(object):
......
nbxmpp/rndg.py deleted 100644 → 0
View file @ 6807867b
## rndg.py
##
## cryptographically secure pseudo-random number generator.
## When possible use OpenSSL PRNG combined with os.random,
## if OpenSSL PRNG is not available, use only os.random.
##
## Copyright (C) 2013 Fedor Brunner <fedor.brunner@azet.sk>
##
## This file is part of Gajim.
##
## Gajim is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published
## by the Free Software Foundation; version 3 only.
##
## Gajim is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with Gajim. If not, see <http://www.gnu.org/licenses/>.
USE_PYOPENSSL = False
try:
import OpenSSL.rand
import binascii, os
USE_PYOPENSSL = True
except ImportError:
import random
if not USE_PYOPENSSL:
getrandbits = random.SystemRandom().getrandbits
else:
def getrandbits(k):
"""getrandbits(k) -> x. Generates a long int with k random bits."""
if k <= 0:
raise ValueError('number of bits must be greater than zero')
if k != int(k):
raise TypeError('number of bits should be an integer')
bytes = (k + 7) // 8 # bits / 8 and rounded up
# Add system entropy to OpenSSL PRNG
OpenSSL.rand.add(os.urandom(bytes), bytes)
# Extract random bytes from OpenSSL PRNG
random_str = OpenSSL.rand.bytes(bytes)
x = int(binascii.hexlify(random_str), 16)
return x >> (bytes * 8 - k) # trim excess bits