[Tkabber-dev] r2062 - in trunk/tkabber-plugins: . otr otr/tclotr

tkabber-svn at jabber.ru tkabber-svn at jabber.ru
Sun Jan 19 17:16:11 MSK 2014


Author: sergei
Date: 2014-01-19 17:16:11 +0400 (Sun, 19 Jan 2014)
New Revision: 2062

Modified:
   trunk/tkabber-plugins/ChangeLog
   trunk/tkabber-plugins/otr/otr.tcl
   trunk/tkabber-plugins/otr/tclotr/message.tcl
   trunk/tkabber-plugins/otr/tclotr/otr.tcl
   trunk/tkabber-plugins/otr/tclotr/smp.tcl
Log:
	* otr/*: SMP protocol is now working, but its outcome isn't utilised
	  anywhere.


Modified: trunk/tkabber-plugins/ChangeLog
===================================================================
--- trunk/tkabber-plugins/ChangeLog	2014-01-19 10:10:14 UTC (rev 2061)
+++ trunk/tkabber-plugins/ChangeLog	2014-01-19 13:16:11 UTC (rev 2062)
@@ -10,6 +10,9 @@
 
 	* otr/*: Continue developing OTR plugin.
 
+	* otr/*: SMP protocol is now working, but its outcome isn't utilised
+	  anywhere.
+
 2014-01-18  Sergei Golovan <sgolovan at nes.ru>
 
 	* otr/*: Better error reporting. Continue implementing peer

Modified: trunk/tkabber-plugins/otr/otr.tcl
===================================================================
--- trunk/tkabber-plugins/otr/otr.tcl	2014-01-19 10:10:14 UTC (rev 2061)
+++ trunk/tkabber-plugins/otr/otr.tcl	2014-01-19 13:16:11 UTC (rev 2062)
@@ -370,23 +370,7 @@
 
     once_only $xlib $jid
 
-    if {$ctx(msgstate,$xlib,$jid) ne "MSGSTATE_ENCRYPTED"} {
-	MessageDlg .otrautherr -aspect 50000 -icon error \
-	    -message [::msgcat::mc "You cannot authenticate the peer's identity\
-				    if an OTR session is not in progress"] \
-	    -type user -buttons ok -default 0 -cancel 0
-	return
-    }
-
-    if {$ctx(smpstate,$xlib,$jid) ne "SMPSTATE_EXPECT1"} {
-	MessageDlg .otrautherr -aspect 50000 -icon error \
-	    -message [::msgcat::mc "Authentication is in progress. If you want to\
-				    start new one, abort the current one first"] \
-	    -type user -buttons ok -default 0 -cancel 0
-	return
-    }
-
-    set w .otrauth
+    set w .otrstartauth[jid_to_tag $jid]
     set bjid [::xmpp::jid::removeResource $jid]
 
     Dialog $w -title [::msgcat::mc "Authenticate %s" $bjid] \
@@ -560,6 +544,135 @@
 
 #############################################################################
 
+proc otr::reply_smp_dialog_qa {xlib jid question} {
+    variable ctx
+
+    once_only $xlib $jid
+
+    set w .otrreplauth[jid_to_tag $jid]
+    set bjid [::xmpp::jid::removeResource $jid]
+
+    Dialog $w -title [::msgcat::mc "Authentication from %s" $bjid] \
+	      -separator 1 -anchor e -default 0 -cancel 1
+
+    wm resizable $w 0 0
+
+    $w add -text [::msgcat::mc "Authenticate"] \
+	   -command [namespace code [list reply_smp $w $xlib $jid]]
+    $w add -text [::msgcat::mc "Cancel"] \
+	   -command [list destroy $w]
+
+    set f [$w getframe]
+
+    set m [message $f.header -text [::msgcat::mc "Authenticate %s\n\nAuthenticating\
+					   a peer helps ensure that\
+					   the person you are talking to is who he\
+					   or she claims to be." \
+					   $jid] \
+			     -width 12c]
+    grid $m -row 1 -column 0 -sticky nswe
+
+    set m1 [message $f.instr -text [::msgcat::mc "Your peer is attempting to determine\
+					if he or she is really talking to you, or if\
+					it's someone pretending to be you. Your peer\
+					has asked a question, indicated below. To\
+					authenticate to your peer, enter the answer\
+					and click 'Authenticate'."] \
+			      -width 12c]
+    grid $m1 -row 2 -column 0 -sticky nswe
+    set l1 [label $f.l1 -text [::msgcat::mc "This is the question asked by your peer:"]]
+    grid $l1 -row 3 -column 0 -sticky nsw
+    set m2 [message $f.m2 -text $question -width 12c]
+    grid $m2 -row 4 -column 0 -sticky nsw
+    set l2 [label $f.l2 -text [::msgcat::mc "Enter secret answer here (case sensitive):"]]
+    grid $l2 -row 5 -column 0 -sticky nsw
+    set e1 [entry $f.e1]
+    grid $e1 -row 6 -column 0 -sticky nswe
+    $w draw
+}
+
+proc otr::reply_smp_dialog_ss {xlib jid} {
+    variable ctx
+
+    once_only $xlib $jid
+
+    set w .otrreplauth[jid_to_tag $jid]
+    set bjid [::xmpp::jid::removeResource $jid]
+
+    Dialog $w -title [::msgcat::mc "Authentication from %s" $bjid] \
+	      -separator 1 -anchor e -default 0 -cancel 1
+
+    wm resizable $w 0 0
+
+    $w add -text [::msgcat::mc "Authenticate"] \
+	   -command [namespace code [list reply_smp $w $xlib $jid]]
+    $w add -text [::msgcat::mc "Cancel"] \
+	   -command [list destroy $w]
+
+    set f [$w getframe]
+
+    set m [message $f.header -text [::msgcat::mc "Authenticate %s\n\nAuthenticating\
+					   a peer helps ensure that\
+					   the person you are talking to is who he\
+					   or she claims to be." \
+					   $jid] \
+			     -width 12c]
+    grid $m -row 1 -column 0 -sticky nswe
+
+    set m2 [message $f.instr -text [::msgcat::mc "Your peer is attempting to determine\
+					if he or she is really talking to you, or if\
+					it's someone pretending to be you. Your peer\
+					has picked a secret known only to him or her\
+					and you. To authenticate to your peer, enter\
+					this secret and click 'Authenticate'."] \
+			      -width 12c]
+    grid $m2 -row 2 -column 0 -sticky nswe
+    set l3 [label $f.l3 -text [::msgcat::mc "Enter secret here (case sensitive):"]]
+    grid $l3 -row 3 -column 0 -sticky nsw
+    set e1 [entry $f.e1]
+    grid $e1 -row 4 -column 0 -sticky nswe
+
+    $w draw
+}
+
+proc otr::reply_smp {w xlib jid} {
+    variable ctx
+
+    once_only $xlib $jid
+
+    if {$ctx(msgstate,$xlib,$jid) ne "MSGSTATE_ENCRYPTED"} {
+	MessageDlg .beginsmperr -aspect 50000 -icon error \
+	    -message [::msgcat::mc "You cannot verify the peer's identity using\
+				    SMP\nif an OTR session is not in progress"] \
+	    -type user -buttons ok -default 0 -cancel 0
+	return
+    }
+
+    if {$ctx(smpstate,$xlib,$jid) ne "SMPSTATE_EXPECT1"} {
+	MessageDlg .beginsmperr -aspect 50000 -icon error \
+	    -message [::msgcat::mc "SMP verification is in progress. If you want to\
+				    start new one, abort the current one first"] \
+	    -type user -buttons ok -default 0 -cancel 0
+	return
+    }
+
+    set f [$w getframe]
+    set secret [$f.e1 get]
+
+    set result [::otr::replySMP $ctx($xlib,$jid) $secret]
+    array set res $result
+    if {$res(action) eq "send"} {
+	::xmpp::sendMessage $xlib $jid -body $res(body)
+    }
+    foreach state {authstate msgstate smpstate} {
+	if {[info exists res($state)]} {
+	    set ctx($state,$xlib,$jid) $res($state)
+	}
+    }
+}
+
+#############################################################################
+
 proc otr::rewrite_message_body \
      {vxlib vfrom vid vtype vis_subject vsubject vbody verr vthread vpriority vx} {
     upvar 2 $vxlib xlib
@@ -619,6 +732,25 @@
 	lappend x [::xmpp::xml::create "" -xmlns $ns -attrs {discard 1}]
     }
 
+    if {[info exists res(interaction)]} {
+	switch -- $res(interaction) {
+	    smp {
+		if {[info exists res(question)]} {
+		    after idle [namespace code \
+					  [list reply_smp_dialog_qa \
+						$xlib $from $res(question)]]
+		} else {
+		    after idle [namespace code \
+					  [list reply_smp_dialog_ss \
+						$xlib $from]]
+		}
+	    }
+	    default {
+		# Nothing to do
+	    }
+	}
+    }
+
     return
 }
 

Modified: trunk/tkabber-plugins/otr/tclotr/message.tcl
===================================================================
--- trunk/tkabber-plugins/otr/tclotr/message.tcl	2014-01-19 10:10:14 UTC (rev 2061)
+++ trunk/tkabber-plugins/otr/tclotr/message.tcl	2014-01-19 13:16:11 UTC (rev 2062)
@@ -221,29 +221,11 @@
                 # Don't process it immediately, just store and go
                 # after the user will supply the shared secret
 
-                # TODO
-                return [list nextkey $gy reply [list "" {6 ""}]]
+                uplevel #0 $smpcommand set data1     [list $value]
+                uplevel #0 $smpcommand set dhpubkey  [list $gy1]
+                uplevel #0 $smpcommand set dhprivkey [list $x]
 
-                set privkey [uplevel #0 $smpcommand get privkey]
-                set pubkey  [uplevel #0 $smpcommand get pubkey]
-                set secret  [uplevel #0 $smpcommand get secret]
-                lassign [::otr::smp::processSMPMessage1 \
-                           $smpstate $value $privkey $pubkey $gy1 $x $secret] \
-                        smpstate tlv payload g3a g2 g3 b3 Pb Qb
-                if {$tlv == 6} {
-                    uplevel #0 $smpcommand clear
-                    set answer SMP_CHEATING
-                } else {
-                    uplevel #0 $smpcommand set g3a $g3a
-                    uplevel #0 $smpcommand set g2  $g2
-                    uplevel #0 $smpcommand set g3  $g3
-                    uplevel #0 $smpcommand set b3  $b3
-                    uplevel #0 $smpcommand set Pb  $Pb
-                    uplevel #0 $smpcommand set Qb  $Qb
-                    set answer SMP_PROGRESS
-                }
-                #TODO
-                return [list $msgstate $smpstate $message $gy $answer $tlv $payload]
+                return [list nextkey $gy interaction smp]
             }
             3 {
                 # SMP message 2
@@ -347,40 +329,26 @@
                 # Don't process it immediately, just store and go
                 # after the user will supply the shared secret
 
-                # TODO
-                return [list nextkey $gy reply [list "" {6 ""}]]
-
                 set idx [string first \x00 $value]
                 if {$idx < 0} {
                     set smpstate SMPSTATE_EXPECT1
                     uplevel #0 $smpcommand clear
-                    return [list $msgstate $smpstate $message $gy SMP_CHEATING 6 ""]
+                    return [list msgstate $msgstate \
+                                 smpstate $smpstate \
+                                 nextkey  $gy \
+                                 smpprogr SMP_CHEATING \
+                                 reply    {"" {6 ""}} \
+                                 {*}$msg]
                 }
                 set question [encoding convertfrom utf-8 \
                                        [string range $value 0 [expr {$idx-1}]]]
                 set value [string range $value [expr {$idx+1}] end]
 
-                set privkey [uplevel #0 $smpcommand get privkey]
-                set pubkey  [uplevel #0 $smpcommand get pubkey]
-                set secret  [uplevel #0 $smpcommand get secret]
-                lassign [::otr::smp::processSMPMessage1 \
-                           $smpstate $value $privkey $pubkey $gy1 $x $secret \
-                           -question $question] \
-                        smpstate tlv payload g3a g2 g3 b3 Pb Qb
-                if {$tlv == 6} {
-                    uplevel #0 $smpcommand clear
-                    set answer SMP_CHEATING
-                } else {
-                    uplevel #0 $smpcommand set g3a $g3a
-                    uplevel #0 $smpcommand set g2  $g2
-                    uplevel #0 $smpcommand set g3  $g3
-                    uplevel #0 $smpcommand set b3  $b3
-                    uplevel #0 $smpcommand set Pb  $Pb
-                    uplevel #0 $smpcommand set Qb  $Qb
-                    set answer SMP_PROGRESS
-                }
-                #TODO
-                return [list $msgstate $smpstate $message $gy $answer $tlv $payload]
+                uplevel #0 $smpcommand set data1     [list $value]
+                uplevel #0 $smpcommand set dhpubkey  [list $gy1]
+                uplevel #0 $smpcommand set dhprivkey [list $x]
+
+                return [list nextkey $gy interaction smp question $question]
             }
         }
     }

Modified: trunk/tkabber-plugins/otr/tclotr/otr.tcl
===================================================================
--- trunk/tkabber-plugins/otr/tclotr/otr.tcl	2014-01-19 10:10:14 UTC (rev 2061)
+++ trunk/tkabber-plugins/otr/tclotr/otr.tcl	2014-01-19 13:16:11 UTC (rev 2062)
@@ -232,10 +232,7 @@
             return [list action discard]
         }
         MSGSTATE_ENCRYPTED {
-            set message [CreateEncryptedMessage \
-                                $token \
-                                {apply {{token i1 i2}
-                                        {return {{} "" {1 ""}}}}}]
+            set message [CreateEncryptedMessage $token {} "" {1 ""}]
             set state(MsgState) MSGSTATE_PLAINTEXT
             InitDHKeys $token
             return [list action   send \
@@ -266,11 +263,10 @@
 
     switch -- $state(MsgState) {
         MSGSTATE_ENCRYPTED {
-            set message [CreateEncryptedMessage \
-                             $token \
-                             [namespace code \
-                                        [list CreateSMP1 $question $secret]]]
-            # CreateSMP changes SMPState
+            lassign [CreateSMP1 $question $secret $token] flags body tlvlist
+            set message [CreateEncryptedMessage $token $flags $body $tlvlist]
+
+            # CreateSMP1 changes SMPState
             return [list action   send \
                          body     $message \
                          smpstate $state(SMPState)]
@@ -281,6 +277,26 @@
     }
 }
 
+proc ::otr::replySMP {token secret} {
+    variable $token
+    upvar $token state
+
+    switch -- $state(MsgState) {
+        MSGSTATE_ENCRYPTED {
+            lassign [CreateSMP2 $secret $token] flags body tlvlist
+            set message [CreateEncryptedMessage $token $flags $body $tlvlist]
+
+            # CreateSMP2 changes SMPState
+            return [list action   send \
+                         body     $message \
+                         smpstate $state(SMPState)]
+        }
+        default {
+            return [list action discard]
+        }
+    }
+}
+
 ##############################################################################
 
 proc ::otr::outgoingMessage {token body} {
@@ -303,11 +319,7 @@
         }
         MSGSTATE_ENCRYPTED {
             Store $token $body
-            set message [CreateEncryptedMessage \
-                             $token \
-                             [list apply \
-                                   [list {token i1 i2} \
-                                         [list return [list {} $body {}]]]]]
+            set message [CreateEncryptedMessage $token {} $body {}]
             return [list action send \
                          body   $message]
         }
@@ -614,6 +626,7 @@
                      msgstate  $state(MsgState)]
     } else {
         UpdatePeerDHKeysAfterAKE $token $gy $keyidy
+        StoreSSID $token
 
         # TODO: Send stored messages
         return [list authstate $state(AuthState) \
@@ -640,6 +653,7 @@
 
     if {$keyidy ne ""} {
         UpdatePeerDHKeysAfterAKE $token $state(gy) $keyidy
+        StoreSSID $token
 
         # TODO: Send stored messages
     }
@@ -666,6 +680,16 @@
     }
 }
 
+proc ::otr::StoreSSID {token} {
+    variable $token
+    upvar 0 $token state
+
+    set gy $state(gy,$state(keyidy))
+    set x  $state(x,[expr {$state(keyid)-1}])
+
+    lassign [::otr::crypto::DHKeys $gy $x] state(ssid)
+}
+
 proc ::otr::ProcessDataMessage {token data} {
     variable $token
     upvar 0 $token state
@@ -727,7 +751,7 @@
             }
 
             set ret {}
-            foreach field {msgstate smpstate info error body} {
+            foreach field {msgstate smpstate info error body interaction question} {
                 if {[info exists res($field)]} {
                     lappend ret $field $res($field)
                 }
@@ -750,11 +774,7 @@
                         set repl {}
                         foreach {body tlvlist} $res(reply) {
                             lappend repl \
-                                [CreateEncryptedMessage \
-                                    $token \
-                                    [list apply \
-                                          [list {token i1 i2} \
-                                                [list return [list {} $body $tlvlist]]]]]
+                                [CreateEncryptedMessage $token {} $body $tlvlist]
                         }
                         lappend ret reply $repl
                     }
@@ -829,7 +849,7 @@
 
 ##############################################################################
 
-proc ::otr::CreateSMP1 {question secret token i1 i2} {
+proc ::otr::CreateSMP1 {question secret token} {
     variable $token
     upvar $token state
 
@@ -842,31 +862,49 @@
     lassign [::otr::smp::createSMPMessage1 $state(SMPState) \
                                            $state(PrivateKey) \
                                            $state(PublicKey) \
-                                           $state(gy,$i2) \
-                                           $state(x,$i1) \
+                                           $state(ssid) \
                                            $secret \
                                            {*}$quest] \
             state(SMPState) type payload x a2 a3
-    SMPCallback $token set x $x
+    SMPCallback $token set x  $x
     SMPCallback $token set a2 $a2
     SMPCallback $token set a3 $a3
     list {} "" [list $type $payload]
 }
 
-proc ::otr::CreateEncryptedMessage {token command} {
+proc ::otr::CreateSMP2 {secret token} {
     variable $token
     upvar $token state
 
+    set data1     [SMPCallback $token get data1]
+    lassign [::otr::smp::processSMPMessage1 $state(SMPState) \
+                                            $data1 \
+                                            $state(PrivateKey) \
+                                            $state(PublicKey) \
+                                            $state(ssid) \
+                                            $secret] \
+            state(SMPState) type payload g3a g2 g3 b3 Pb Qb
+    SMPCallback $token set g3a $g3a
+    SMPCallback $token set g2  $g2
+    SMPCallback $token set g3  $g3
+    SMPCallback $token set b3  $b3
+    SMPCallback $token set Pb  $Pb
+    SMPCallback $token set Qb  $Qb
+    list {} "" [list $type $payload]
+}
+
+##############################################################################
+
+proc ::otr::CreateEncryptedMessage {token flags body tlvlist} {
+    variable $token
+    upvar $token state
+
     # Key management 3
     set keyid1 [expr {$state(keyid)-1}]
     set keyid2 $state(keyid)
     set keyidy $state(keyidy)
     # TODO: reveal old MACs
 
-    # Sometimes the message body is created using the D-H keys currently in use
-
-    lassign [uplevel #0 $command $token $keyid1 $keyidy] flags body tlvlist
-
     ::otr::message::createDataMessage \
             $state(version) $flags $keyid1 $keyidy $state(x,$keyid1) \
             $state(x,$keyid2) $state(gy,$keyidy) [incr state(ctrtop)] \
@@ -875,6 +913,8 @@
             -rinstance $state(rinstance)
 }
 
+##############################################################################
+
 # ::otr::FindVersion --
 #
 #       Check if the given versions list contains one of the supported.

Modified: trunk/tkabber-plugins/otr/tclotr/smp.tcl
===================================================================
--- trunk/tkabber-plugins/otr/tclotr/smp.tcl	2014-01-19 10:10:14 UTC (rev 2061)
+++ trunk/tkabber-plugins/otr/tclotr/smp.tcl	2014-01-19 13:16:11 UTC (rev 2062)
@@ -26,7 +26,7 @@
 
 # ::otr::smp::createSMPMessage1 --
 
-proc ::otr::smp::createSMPMessage1 {smpstate privkey pubkey gy dh
+proc ::otr::smp::createSMPMessage1 {smpstate privkey pubkey ssid \
                                     usersecret args} {
     variable q
     variable g1
@@ -49,7 +49,7 @@
                 }
             }
 
-            set x [Secret $privkey $pubkey $gy $dh $usersecret]
+            set x [Secret $privkey $pubkey $ssid $usersecret]
             set g2a [Exp $g1 $a2]
             set g3a [Exp $g1 $a3]
             set c2 [Hash 1 [Exp $g1 $r2]]
@@ -69,7 +69,7 @@
 
 # ::otr::smp::processSMPMessage1 --
 
-proc ::otr::smp::processSMPMessage1 {smpstate data privkey pubkey gy dh
+proc ::otr::smp::processSMPMessage1 {smpstate data privkey pubkey ssid
                                      usersecret} {
     variable q
     variable g1
@@ -108,7 +108,7 @@
                 return [list $smpstate 6 ""]
             }
 
-            set y [Secret $pubkey $privkey $gy $dh $usersecret]
+            set y [Secret $pubkey $privkey $ssid $usersecret]
             set g2b [Exp $g1 $b2]
             set g3b [Exp $g1 $b3]
             set c2 [Hash 3 [Exp $g1 $r2]]
@@ -252,6 +252,8 @@
             set Rab [Exp $Ra $b3]
             set res [expr {$PaPb == $Rab}]
 
+            puts "$smpstate $res"
+
             return [list SMPSTATE_EXPECT1 5 \
                          [Payload $Rb $cR $D7] \
                          $res]
@@ -293,6 +295,8 @@
             set Rab [Exp $Rb $a3]
             set res [expr {$PaPb == $Rab}]
 
+            puts "$smpstate $res"
+
             return [list SMPSTATE_EXPECT1 0 "" $res]
         }
         default {
@@ -361,12 +365,11 @@
 
 # ::otr::smp::Secret --
 
-proc ::otr::smp::Secret {pubkey1 pubkey2 gy x secret} {
+proc ::otr::smp::Secret {pubkey1 pubkey2 ssid secret} {
     set res ""
     append res [::otr::data::encode BYTE 1]
     append res [::otr::crypto::DSAFingerprint $pubkey1]
     append res [::otr::crypto::DSAFingerprint $pubkey2]
-    lassign [::otr::crypto::DHKeys $gy $x] ssid
     append res $ssid
     append res [encoding convertto utf-8 $secret]
     ::otr::crypto::Bits2Int [::sha2::sha256 -bin $res]



More information about the Tkabber-dev mailing list