Support receiving Diaspora new style encrypted JSON payloads

Decrypt the JSON and extract the Magic Envelope inside.

Closes #83
merge-requests/130/head
Jason Robinson 2017-07-04 23:17:19 +03:00
rodzic ccf161a5d3
commit 2e8d608256
3 zmienionych plików z 61 dodań i 7 usunięć

Wyświetl plik

@ -2,6 +2,10 @@
## [unreleased] ## [unreleased]
### Added
* New style Diaspora private encrypted JSON payloads are now supported in the receiving side. Outbound private Diaspora payloads are still sent as legacy encrypted payloads. ([issue](https://github.com/jaywink/federation/issues/83))
* No additional changes need to be made when calling `handle_receive` from your task processing. Just pass in the full received XML or JSON payload as a string with recipient user object as before.
### Fixed ### Fixed
* Fix getting sender from a combination of legacy Diaspora encrypted payload and new entity names (for example `author`). This combination probably only existed in this library. * Fix getting sender from a combination of legacy Diaspora encrypted payload and new entity names (for example `author`). This combination probably only existed in this library.
* Correctly extend entity `_children`. Certain Diaspora payloads caused `_children` for an entity to be written over by an empty list, causing for example status message photos to not be saved. Correctly do an extend on it. ([issue](https://github.com/jaywink/federation/issues/89)) * Correctly extend entity `_children`. Certain Diaspora payloads caused `_children` for an entity to be written over by an empty list, causing for example status message photos to not be saved. Correctly do an extend on it. ([issue](https://github.com/jaywink/federation/issues/89))

Wyświetl plik

@ -0,0 +1,31 @@
import json
from base64 import b64decode
from Crypto.Cipher import PKCS1_v1_5, AES
from lxml import etree
def pkcs7_unpad(data):
"""Remove the padding bytes that were added at point of encryption."""
if isinstance(data, str):
return data[0:-ord(data[-1])]
else:
return data[0:-data[-1]]
class EncryptedPayload:
"""Diaspora encrypted JSON payloads."""
@staticmethod
def decrypt(payload, private_key):
"""Decrypt an encrypted JSON payload and return the Magic Envelope document inside."""
cipher = PKCS1_v1_5.new(private_key)
aes_key = json.loads(
cipher.decrypt(b64decode(payload.get("aes_key")), sentinel=None)
)
key = b64decode(aes_key.get("key"))
iv = b64decode(aes_key.get("iv"))
encrypted_magic_envelope = b64decode(payload.get("encrypted_magic_envelope"))
encrypter = AES.new(key, AES.MODE_CBC, iv)
content = encrypter.decrypt(encrypted_magic_envelope)
return etree.fromstring(pkcs7_unpad(content))

Wyświetl plik

@ -2,6 +2,7 @@ import json
import logging import logging
import warnings import warnings
from base64 import b64decode, urlsafe_b64decode, b64encode, urlsafe_b64encode from base64 import b64decode, urlsafe_b64decode, b64encode, urlsafe_b64encode
from json import JSONDecodeError
from urllib.parse import unquote_plus from urllib.parse import unquote_plus
from Crypto.Cipher import AES, PKCS1_v1_5 from Crypto.Cipher import AES, PKCS1_v1_5
@ -13,6 +14,7 @@ from lxml import etree
from federation.exceptions import EncryptedMessageError, NoSenderKeyFoundError, SignatureVerificationError from federation.exceptions import EncryptedMessageError, NoSenderKeyFoundError, SignatureVerificationError
from federation.protocols.base import BaseProtocol from federation.protocols.base import BaseProtocol
from federation.protocols.diaspora.encrypted import EncryptedPayload
from federation.protocols.diaspora.magic_envelope import MagicEnvelope from federation.protocols.diaspora.magic_envelope import MagicEnvelope
logger = logging.getLogger("federation") logger = logging.getLogger("federation")
@ -55,17 +57,35 @@ class Protocol(BaseProtocol):
Mostly taken from Pyaspora (https://github.com/lukeross/pyaspora). Mostly taken from Pyaspora (https://github.com/lukeross/pyaspora).
""" """
def receive(self, payload, user=None, sender_key_fetcher=None, skip_author_verification=False, *args, **kwargs): def __init__(self):
super().__init__()
self.encrypted = self.legacy = False
def get_json_payload_magic_envelope(self, payload):
"""Encrypted JSON payload"""
private_key = self._get_user_key(self.user)
return EncryptedPayload.decrypt(payload=payload, private_key=private_key)
def store_magic_envelope_doc(self, payload):
"""Get the Magic Envelope, trying JSON first."""
try:
json_payload = json.loads(payload)
logger.debug("diaspora.protocol.store_magic_envelope_doc: json payload: %s", json_payload)
self.doc = self.get_json_payload_magic_envelope(json_payload)
except JSONDecodeError:
# XML payload
xml = unquote_plus(payload)
xml = xml.lstrip().encode("utf-8")
logger.debug("diaspora.protocol.store_magic_envelope_doc: xml payload: %s", xml)
self.doc = etree.fromstring(xml)
def receive(self, payload, user=None, sender_key_fetcher=None, skip_author_verification=False):
"""Receive a payload. """Receive a payload.
For testing purposes, `skip_author_verification` can be passed. Authorship will not be verified.""" For testing purposes, `skip_author_verification` can be passed. Authorship will not be verified."""
self.user = user self.user = user
self.get_contact_key = sender_key_fetcher self.get_contact_key = sender_key_fetcher
# Prepare payload self.store_magic_envelope_doc(payload)
xml = unquote_plus(payload)
xml = xml.lstrip().encode("utf-8")
logger.debug("diaspora.protocol.receive: xml content: %s", xml)
self.doc = etree.fromstring(xml)
# Check for a legacy header # Check for a legacy header
self.find_header() self.find_header()
# Open payload and get actual message # Open payload and get actual message
@ -83,7 +103,6 @@ class Protocol(BaseProtocol):
return self.user.private_key return self.user.private_key
def find_header(self): def find_header(self):
self.encrypted = self.legacy = False
self.header = self.doc.find(".//{"+PROTOCOL_NS+"}header") self.header = self.doc.find(".//{"+PROTOCOL_NS+"}header")
if self.header != None: if self.header != None:
# Legacy public header found # Legacy public header found