initial commit

Author: mikegogulski

README.md

@@ -0,0 +1,89 @@
+XMPP-OTR channel for Python
+===========================
+
+This is a Python library for communicating with XMPP destinations using OTR
+([Off-the-Record Messaging](https://otr.cypherpunks.ca/)) encryption.
+
+Features
+--------
+
+* Your internet application can talk securely to you on your PC or smartphone
+using readily-available chat software with OTR support
+* OTRv2
+* Send to and receive from multiple destinations, with or without fingerprint
+verification
+* Pure python (no libotr dependency)
+
+Example
+-------
+
+    import time
+    from otrxmppchannel import OTRXMPPChannel
+    from otrxmppchannel.connection import OTR_TRUSTED, OTR_UNTRUSTED,
+        OTR_UNENCRYPTED, OTR_UNKNOWN
+
+    # Load the base64-encoded OTR DSA key. Constructing the object without
+    # a key will generate one and provide it via ValueError exception.
+    privkey = open('.otrprivkey', 'r').read()
+
+    class MyOTRChannel(OTRXMPPChannel):
+        def on_receive(self, message, from_jid, otr_state):
+            if otr_state == OTR_TRUSTED:
+                state = 'trusted'
+            elif otr_state == OTR_UNTRUSTED:
+                state = 'UNTRUSTED!'
+            elif otr_state == OTR_UNENCRYPTED:
+                state = 'UNENCRYPTED!'
+            else:
+                state = 'UNKNOWN OTR STATUS!'
+            print('received %s from %s (%s)' % (message, from_jid, state))
+
+    mychan = MyOTRXMPPChannel(
+        '[email protected]/datadiode',
+        'supersecret',
+        [
+            (
+                '[email protected]',
+                '33eb6b01c97ceba92bd6b5e3777189c43f8d6f03'
+            ),
+            '[email protected]'
+        ],
+        privkey
+    )
+
+    mychan.send('')  # Force OTR setup
+    time.sleep(3)  # Wait a bit for OTR setup to complete
+    mychan.send('This message should be encrypted')
+
+Notes
+-----
+
+* XMPP invitations are not handled
+* It seems to take roughly 3 seconds to set up an OTR session. Messages sent
+before the session is ready may be lost.
+* The private key serialization format is specific to pure-python-otr.
+Conversions from other formats are not handled.
+
+Dependencies
+------------
+
+* [xmpppy](http://xmpppy.sourceforge.net/) (>= 0.4.1)
+* [pure-python-otr](https://github.com/afflux/pure-python-otr) (>= 1.0.0)
+
+Author
+------
+
+* [Mike Gogulski](mailto:[email protected]) - <https://github.com/mikegogulski>
+
+Donations
+---------
+
+If you found this software useful and would like to encourage its
+maintenance and further development, please consider making a donation to
+the Bitcoin address `1MWFhwdFVEhB3X4eVsm9WxwvAhaxQqNbJh`.
+
+License
+-------
+
+This is free and unencumbered public domain software. For more information,
+see <http://unlicense.org/> or the accompanying UNLICENSE file.

UNLICENSE

@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <http://unlicense.org/>

otrxmppchannel/__init__.py

@@ -0,0 +1,123 @@
+# -*- coding: utf-8 -*-
+
+from connection import Connection
+
+
+class OTRXMPPChannel(object):
+    """
+    OTR-XMPP communications channel
+    -------------------------------
+    Uses Off-the-Record Messaging for communications with XMPP destinations
+    See https://otr.cypherpunks.ca/
+
+    Example::
+
+    import time
+    from otrxmppchannel import OTRXMPPChannel
+    from otrxmppchannel.connection import OTR_TRUSTED, OTR_UNTRUSTED,
+        OTR_UNENCRYPTED, OTR_UNKNOWN
+
+    privkey = open('.otrprivkey', 'r').read()
+    channel = OTRXMPPChannel(
+        '[email protected]/datadiode',
+        'supersecret',
+        [
+            (
+                '[email protected]',
+                '33eb6b01c97ceba92bd6b5e3777189c43f8d6f03'
+            ),
+            '[email protected]'
+        ],
+        privkey
+    )
+
+    def my_receive(msg, from_jid, otr_state):
+        state = ''
+        if otr_state == OTR_TRUSTED:
+            state = 'trusted'
+        elif otr_state == OTR_UNTRUSTED:
+            state = 'UNTRUSTED!'
+        elif otr_state == OTR_UNENCRYPTED:
+            state = 'UNENCRYPTED!'
+        else:
+            state = 'UNKNOWN OTR STATUS!'
+        print('received %s from %s (%s)' % (msg, from_jid, state))
+
+    channel.send('')  # set up OTR
+    time.sleep(3)
+    channel.send('This message should be encrypted')
+
+    NOTE: XMPP invitations are not handled
+    NOTE: It seems to take roughly 3 seconds to set up an OTR session.
+        Messages sent before the session is ready may be lost.
+
+    :param jid: source JID, e.g. '[email protected]'
+    :param password: XMPP server password
+    :param recipients: a single recipient JID, a tuple of
+        *(jid, OTRFingerprint/None)*, or a list of same
+    :param privkey: base64-encoded DSA private key for OTR. If *None* is
+        passed, a new key will be generated and dumped via a *ValueError*
+        exception.
+    """
+
+    def __init__(self, jid, password, recipients, privkey=None):
+        usage = 'recipients can be a single recipient JID, a tuple of ' \
+                '(jid, OTRFingerprint|None), or a list of same. Example: ' \
+                '[\'[email protected]\', ' \
+                '(\'[email protected]\', ' \
+                '\'43d36b01c67deba92bd6b5e3711189c43f8d6f04\')].'
+        # normalize recipients to a list of tuples
+        if isinstance(recipients, str):
+            self.recipients = [(recipients, None)]
+        elif isinstance(recipients, tuple):
+            self.recipients = [recipients]
+        elif isinstance(recipients, list):
+            self.recipients = recipients
+        else:
+            raise TypeError(usage)
+        for i in range(0, len(self.recipients) - 1):
+            if isinstance(self.recipients[i], str):
+                self.recipients[i] = self.recipients[i], None
+            elif isinstance(self.recipients[i], tuple):
+                if len(self.recipients[i]) > 2 or len(self.recipients[i]) < 1:
+                    raise TypeError(usage)
+                if len(self.recipients[i]) == 1:
+                    self.recipients[i] = self.recipients[i], None
+            else:
+                raise TypeError(usage)
+        self.connection = Connection(jid, password, privkey, self.on_receive)
+        self.connection.start()
+
+    def send(self, message):
+        """
+        Send *message* to recipients
+        :param message: message string
+        """
+        for recipient in self.recipients:
+            self.connection.send(message, recipient)
+
+    def on_receive(self, message, from_jid, otr_state):
+        """
+        Override this method to create a custom message receipt handler. The
+        handler provided simply discards received messages. Here is an
+        example::
+
+        from connection import OTR_TRUSTED, OTR_UNTRUSTED, OTR_UNENCRYPTED
+
+        if otr_state == OTR_TRUSTED:
+            state = 'trusted'
+        elif otr_state == OTR_UNTRUSTED:
+            state = 'UNTRUSTED!'
+        elif otr_state == OTR_UNENCRYPTED:
+            state = 'UNENCRYPTED!'
+        else:
+            state = 'UNKNOWN OTR STATUS!'
+        print('received %s from %s (%s)' % (message, from_jid, state))
+
+        :param message: received message body
+        :param from_jid: source JID of the message
+        :param otr_state: an integer describing the state of the OTR
+            relationship to the source JID (OTR_* constants defined in
+            otrxmppchannel.connection)
+        """
+        pass

otrxmppchannel/connection.py

@@ -0,0 +1,148 @@
+# -*- coding: utf-8 -*-
+
+import xmpp
+import threading
+import time
+from Queue import Queue
+import potr
+from otrmodule import OTRAccount, OTRManager
+
+OTR_TRUSTED = 0
+OTR_UNTRUSTED = 1
+OTR_UNENCRYPTED = 2
+OTR_UNKNOWN = 3
+
+
+def d(msg):
+    print('---> %s' % msg)
+
+
+class AuthenticationError(Exception):
+    pass
+
+
+class OTRXMPPMessage(object):
+    def __init__(self, body, to_jid, fp=None):
+        self.body = body
+        self.to_jid = to_jid
+        self.fp = fp
+
+
+class Connection(threading.Thread):
+    def __init__(self, jid, password, pk, on_receive=None):
+        threading.Thread.__init__(self)
+        self.jid = xmpp.protocol.JID(jid)
+        self.password = password
+        self.on_receive = on_receive
+        self.client = None
+        self.q = Queue(maxsize=100)
+        self.otr_account = OTRAccount(str(self.jid), pk)
+        self.otr_manager = OTRManager(self.otr_account)
+
+    def run(self):
+        while True:
+            while not self.client or not self.client.isConnected():
+                cl = xmpp.Client(
+                    self.jid.getDomain(),
+                    debug=[]
+                )
+                conntype = cl.connect()
+                if not conntype:
+                    d('XMPP connect failed, retrying in 5 seconds')
+                    time.sleep(5)
+                    continue
+                self.client = cl
+            self.client.UnregisterDisconnectHandler(
+                self.client.DisconnectHandler)
+            auth = self.client.auth(self.jid.getNode(), self.password,
+                                    self.jid.getResource())
+            if not auth:
+                d('XMPP authentication failed')
+                raise AuthenticationError
+            self.client.sendInitPresence(requestRoster=0)
+            self.client.RegisterDisconnectHandler(self._on_disconnect)
+            self.client.RegisterHandler('message', self._on_receive)
+            while self.client.isConnected() and self.client.Process(0.1):
+                if not self.q.empty():
+                    self._send(self.q.get())
+                pass
+
+    def _on_disconnect(self):
+        self.otr_manager.destroy_all_contexts()
+
+    def _on_receive(self, _, stanza):
+        fromjid = stanza.getFrom()
+        body = str(stanza.getBody())
+        # d('stanza from %s: %s' % (fromjid, body))
+        if stanza.getBody() is None:
+            return
+        fromjid = xmpp.protocol.JID(fromjid)
+        fromjid.setResource(None)
+        otrctx = self.otr_manager.get_context(self.client, str(fromjid))
+        encrypted = True
+        res = ()
+        try:
+            res = otrctx.receiveMessage(body)
+        except potr.context.UnencryptedMessage:
+            encrypted = False
+        except potr.context.NotEncryptedError:
+            # potr auto-responds saying we didn't expect an encrypted message
+            return
+
+        msg = ''
+        otr_state = OTR_UNKNOWN
+        if not encrypted:
+            if stanza['type'] in ('chat', 'normal'):
+                msg = stanza.getBody()
+                otr_state = OTR_UNENCRYPTED
+                d('unencrypted message: %s' % msg)
+        else:
+            if res[0] is not None:
+                msg = res[0]
+                trust = otrctx.getCurrentTrust()
+                if trust is None or trust == 'untrusted':
+                    otr_state = OTR_UNTRUSTED
+                    d('untrusted decrypted message: %s' % msg)
+                else:
+                    otr_state = OTR_TRUSTED
+                    d('trusted decrypted message: %s' % msg)
+        if msg is not None and msg != '':
+            self.on_receive(msg, str(fromjid), otr_state)
+
+    def _send(self, msg):
+        # d('_send(%s, %s, %s)' % (msg.body, msg.to_jid, msg.fp))
+        otrctx = self.otr_manager.get_context(self.client, msg.to_jid, msg.fp)
+        if otrctx.state == potr.context.STATE_ENCRYPTED:
+            if otrctx.getCurrentTrust() == 'untrusted':
+                d('fingerprint changed from %s to %s for %s!' % (
+                    msg.fp, otrctx.fp, msg.to_jid))
+                self.client.send(
+                    xmpp.protocol.Message(
+                        msg.to_jid,
+                        'I would like to tell you something, but I '
+                        'don\'t trust your OTR fingerprint.'))
+            else:
+                otrctx.sendMessage(0, str(msg.body))
+        else:
+            # d('Initializing OTR with %s (message "%s")' % (
+            #     msg.to_jid, msg.body))
+            self.client.send(
+                xmpp.protocol.Message(
+                    msg.to_jid,
+                    otrctx.account.getDefaultQueryMessage(otrctx.getPolicy),
+                    typ='chat'))
+
+    def send(self, text, to_jid, fp=None):
+        """
+        send a message to a JID, with an optional OTR fingerprint to verify
+        :param text: message body
+        :param to_jid: destination JID
+        :param fp: expected OTR fingerprint from the destination JID
+        :return:
+        """
+        while self.q.full():
+            d('queue full, discarding first entry')
+            _ = self.q.get_nowait()
+        if isinstance(to_jid, tuple):
+            to_jid, fp = to_jid
+        self.q.put_nowait(OTRXMPPMessage(text, to_jid, fp))