[gnome-keysign: 16/65] bluetoothreceive: add the key mac check
- From: Gitlab System User <gitlab src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keysign: 16/65] bluetoothreceive: add the key mac check
- Date: Tue, 3 Oct 2017 11:38:14 +0000 (UTC)
commit 7a2bd525a09095b80780320e5b0363ecfff67e3c
Author: RyuzakiKK <aasonykk gmail com>
Date: Fri Aug 11 13:10:34 2017 +0200
bluetoothreceive: add the key mac check
As a design choice we use Bluetooth only with the QRcode, so the mac
should be always available
keysign/bluetoothreceive.py | 29 +++++++++++++++++++++++++++--
keysign/discover.py | 3 ++-
2 files changed, 29 insertions(+), 3 deletions(-)
---
diff --git a/keysign/bluetoothreceive.py b/keysign/bluetoothreceive.py
index b8f951f..c1f2072 100644
--- a/keysign/bluetoothreceive.py
+++ b/keysign/bluetoothreceive.py
@@ -11,6 +11,21 @@ if __name__ == "__main__":
from twisted.internet import threads
from twisted.internet.defer import inlineCallbacks, returnValue
+if __name__ == "__main__" and __package__ is None:
+ logging.getLogger().error("You seem to be trying to execute " +
+ "this script directly which is discouraged. " +
+ "Try python -m instead.")
+ parent_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+ os.sys.path.insert(0, parent_dir)
+ os.sys.path.insert(0, os.path.join(parent_dir, 'monkeysign'))
+ import keysign
+ #mod = __import__('keysign')
+ #sys.modules["keysign"] = mod
+ __package__ = str('keysign')
+
+from .gpgmh import fingerprint_from_keydata
+from .util import mac_verify
+
log = logging.getLogger(__name__)
@@ -22,13 +37,13 @@ class BluetoothReceive:
self.stopped = False
@inlineCallbacks
- def find_key(self, mac):
+ def find_key(self, bt_mac, mac):
self.client_socket = BluetoothSocket(RFCOMM)
message = b""
try:
self.client_socket.setblocking(False)
try:
- self.client_socket.connect((mac, self.port))
+ self.client_socket.connect((bt_mac, self.port))
except BluetoothError as be:
if be.args[0] == "(115, 'Operation now in progress')":
pass
@@ -44,6 +59,16 @@ class BluetoothReceive:
while len(message) < 35 or message[-35:] != b"-----END PGP PUBLIC KEY BLOCK-----\n":
part_message = yield threads.deferToThread(self.client_socket.recv, self.size)
message += part_message
+ mac_key = fingerprint_from_keydata(message)
+ verified = None
+ if mac:
+ verified = mac_verify(mac_key.encode('ascii'), message, mac)
+ if verified:
+ success = True
+ else:
+ log.info("MAC validation failed: %r", verified)
+ success = False
+ message = b""
except BluetoothError as be:
if be.args[0] == "(16, 'Device or resource busy')":
log.info("Probably has been provided a partial bt mac")
diff --git a/keysign/discover.py b/keysign/discover.py
index d529408..1aad94c 100644
--- a/keysign/discover.py
+++ b/keysign/discover.py
@@ -14,6 +14,7 @@ class Discover:
def __init__(self, userdata, discovery):
# if the userdata is a qr code we extract the bluetooth code
self.bt_code = parse_barcode(userdata).get("BT", [None])[0]
+ self.mac = parse_barcode(userdata).get("MAC", [None])[0]
self.userdata = userdata
if discovery:
self.discovery = discovery
@@ -36,7 +37,7 @@ class Discover:
# We try Bluetooth, if we have it
log.info("Trying to connect to %s with Bluetooth", self.bt_code)
self.bt = BluetoothReceive()
- msg_tuple = yield self.bt.find_key(self.bt_code)
+ msg_tuple = yield self.bt.find_key(self.bt_code, self.mac)
key_data, success, message = msg_tuple
if key_data:
# If we found the key
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
