libervia-backend: libervia/backend/plugins/plugin_xep

comparison libervia/backend/plugins/plugin_xep_0448.py @ 4270:0d7bb4df2343

Reformatted code base using black.

author	Goffi <goffi@goffi.org>
date	Wed, 19 Jun 2024 18:44:57 +0200
parents	4b842c1fb686
children	111dce64dcb5

comparison

equal deleted inserted replaced

-:64a85ce8be70
+:0d7bb4df2343
 C.PI_NAME: "Encryption for Stateless File Sharing",
 C.PI_IMPORT_NAME: IMPORT_NAME,
 C.PI_TYPE: C.PLUG_TYPE_EXP,
 C.PI_PROTOCOLS: ["XEP-0448"],
 C.PI_DEPENDENCIES: [
-"XEP-0103", "XEP-0300", "XEP-0334", "XEP-0363", "XEP-0384", "XEP-0447",
+"XEP-0103",
-"DOWNLOAD", "ATTACH"
+"XEP-0300",
+"XEP-0334",
+"XEP-0363",
+"XEP-0384",
+"XEP-0447",
+"DOWNLOAD",
+"ATTACH",
 ],
 C.PI_MAIN: "XEP_0448",
 C.PI_HANDLER: "yes",
-C.PI_DESCRIPTION: dedent(_("""\
+C.PI_DESCRIPTION: dedent(
+_(
+"""\
 Implementation of e2e encryption for media sharing
-""")),
+"""
+)
+),
 }
 NS_ESFS = "urn:xmpp:esfs:0"
 NS_AES_128_GCM = "urn:xmpp:ciphers:aes-128-gcm-nopadding:0"
 NS_AES_256_GCM = "urn:xmpp:ciphers:aes-256-gcm-nopadding:0"
 self,
 client: SatXMPPEntity,
 attachment: Dict[str, Any],
 source: Dict[str, Any],
 dest_path: Union[Path, str],
-extra: Optional[Dict[str, Any]] = None
+extra: Optional[Dict[str, Any]] = None,
 ) -> Tuple[str, defer.Deferred]:
 # TODO: check hash
 if extra is None:
 extra = {}
 try:
 try:
 download_url = source["url"]
 except KeyError:
 raise ValueError(f"{source} has missing URL")
-if extra.get('ignore_tls_errors', False):
+if extra.get("ignore_tls_errors", False):
-log.warning(
+log.warning("TLS certificate check disabled, this is highly insecure")
-"TLS certificate check disabled, this is highly insecure"
-)
 treq_client = treq_client_no_ssl
 else:
 treq_client = treq
 try:
 file_size = int(attachment["size"])
 except (KeyError, ValueError):
 head_data = await treq_client.head(download_url)
-content_length = int(head_data.headers.getRawHeaders('content-length')[0])
+content_length = int(head_data.headers.getRawHeaders("content-length")[0])
 # the 128 bits tag is put at the end
 file_size = content_length - 16
 file_obj = stream.SatFile(
 self.host,
 client,
 dest_path,
 mode="wb",
-size = file_size,
+size=file_size,
 )
 if cipher in (NS_AES_128_GCM, NS_AES_256_GCM):
 decryptor = ciphers.Cipher(
 ciphers.algorithms.AES(key),
 decrypt_cb = partial(
 self.cbc_decrypt,
 client=client,
 file_obj=file_obj,
 decryptor=decryptor,
-unpadder=unpadder
+unpadder=unpadder,
 )
 finalize_cb = partial(
 self.cbc_decrypt_finalize,
 file_obj=file_obj,
 decryptor=decryptor,
-unpadder=unpadder
+unpadder=unpadder,
 )
 else:
 msg = f"cipher {cipher!r} is not supported"
 file_obj.close(error=msg)
 log.warning(msg)
 "iv": secrets.token_bytes(12),
 "key": secrets.token_bytes(32),
 }
 attachment["filename"] = filename
 return await self._http_upload.file_http_upload(
-client=client,
+client=client, filepath=filepath, filename="encrypted", extra=extra
-filepath=filepath,
-filename="encrypted",
-extra=extra
 )
 async def attach(self, client, data):
 # XXX: for now, XEP-0447/XEP-0448 only allow to send one file per <message/>, thus
 #   we need to send each file in a separate message, in the same way as for
 #   plugin_sec_aesgcm.
 attachments = data["extra"][C.KEY_ATTACHMENTS]
-if not data['message'] or data['message'] == {'': ''}:
+if not data["message"] or data["message"] == {"": ""}:
 extra_attachments = attachments[1:]
 del attachments[1:]
 else:
 # we have a message, we must send first attachment separately
 extra_attachments = attachments[:]
 file_hash = (attachment["hash_algo"], attachment["hash"])
 file_sharing_elt = self._sfs.get_file_sharing_elt(
 [],
 name=attachment["filename"],
 size=attachment["size"],
-file_hash=file_hash
+file_hash=file_hash,
 )
 encrypted_elt = file_sharing_elt.sources.addElement(
 (NS_ESFS, "encrypted")
 )
 encrypted_elt["cipher"] = NS_AES_256_GCM
 encrypted_elt.addElement(
-"key",
+"key", content=base64.b64encode(encryption_data["key"]).decode()
-content=base64.b64encode(encryption_data["key"]).decode()
 )
 encrypted_elt.addElement(
-"iv",
+"iv", content=base64.b64encode(encryption_data["iv"]).decode()
-content=base64.b64encode(encryption_data["iv"]).decode()
+)
-)
+encrypted_elt.addChild(
-encrypted_elt.addChild(self._h.build_hash_elt(
+self._h.build_hash_elt(
-attachment["encrypted_hash"],
+attachment["encrypted_hash"], attachment["encrypted_hash_algo"]
-attachment["encrypted_hash_algo"]
+)
-))
+)
 encrypted_elt.addChild(
 self._sfs.get_sources_elt(
 [self._u.get_url_data_elt(attachment["url"])]
 )
 )
 data["xml"].addChild(file_sharing_elt)
 for attachment in extra_attachments:
 # we send all remaining attachment in a separate message
 await client.sendMessage(
-to_jid=data['to'],
+to_jid=data["to"],
-message={'': ''},
+message={"": ""},
-subject=data['subject'],
+subject=data["subject"],
-mess_type=data['type'],
+mess_type=data["type"],
 extra={C.KEY_ATTACHMENTS: [attachment]},
 )
-if ((not data['extra']
+if (
-and (not data['message'] or data['message'] == {'': ''})
+not data["extra"]
-and not data['subject'])):
+and (not data["message"] or data["message"] == {"": ""})
+and not data["subject"]
+):
 # nothing left to send, we can cancel the message
 raise exceptions.CancelError("Cancelled by XEP_0448 attachment handling")
 def gcm_decrypt(
 self,
 data: bytes,
 client: SatXMPPEntity,
 file_obj: stream.SatFile,
-decryptor: CipherContext
+decryptor: CipherContext,
 ) -> None:
 if file_obj.tell() + len(data) > file_obj.size:  # type: ignore
 # we're reaching end of file with this bunch of data
 # we may still have a last bunch if the tag is incomplete
 bytes_left = file_obj.size - file_obj.tell()  # type: ignore
 self,
 data: bytes,
 client: SatXMPPEntity,
 file_obj: stream.SatFile,
 decryptor: CipherContext,
-unpadder: PaddingContext
+unpadder: PaddingContext,
 ) -> None:
 decrypted = decryptor.update(data)
 file_obj.write(unpadder.update(decrypted))
 def cbc_decrypt_finalize(
-self,
+self, file_obj: stream.SatFile, decryptor: CipherContext, unpadder: PaddingContext
-file_obj: stream.SatFile,
-decryptor: CipherContext,
-unpadder: PaddingContext
 ) -> None:
 decrypted = decryptor.finalize()
 file_obj.write(unpadder.update(decrypted))
 file_obj.write(unpadder.finalize())
 file_obj.close()
 def _upload_pre_slot(self, client, extra, file_metadata):
-if extra.get('encryption') != IMPORT_NAME:
+if extra.get("encryption") != IMPORT_NAME:
 return True
 # the tag is appended to the file
 file_metadata["size"] += 16
 return True
 encrypted_hasher.update(ret)
 attachment["encrypted_hash"] = encrypted_hasher.hexdigest()
 return ret
 except AlreadyFinalized:
 # as we have already finalized, we can now send EOF
-return b''
+return b""
 def _upload_trigger(self, client, extra, sat_file, file_producer, slot):
-if extra.get('encryption') != IMPORT_NAME:
+if extra.get("encryption") != IMPORT_NAME:
 return True
 attachment = extra["attachment"]
 encryption_data = extra["encryption_data"]
 log.debug("encrypting file with AES-GCM")
 iv = encryption_data["iv"]
 backend=backends.default_backend(),
 ).encryptor()
 if sat_file.data_cb is not None:
 raise exceptions.InternalError(
-f"data_cb was expected to be None, it is set to {sat_file.data_cb}")
+f"data_cb was expected to be None, it is set to {sat_file.data_cb}"
+)
-attachment.update({
-"hash_algo": self._h.ALGO_DEFAULT,
+attachment.update(
-"hasher": self._h.get_hasher(),
+{
-"encrypted_hash_algo": self._h.ALGO_DEFAULT,
+"hash_algo": self._h.ALGO_DEFAULT,
-"encrypted_hasher": self._h.get_hasher(),
+"hasher": self._h.get_hasher(),
-})
+"encrypted_hash_algo": self._h.ALGO_DEFAULT,
+"encrypted_hasher": self._h.get_hasher(),
+}
+)
 # with data_cb we encrypt the file on the fly
 sat_file.data_cb = partial(
 self._encrypt, encryptor=encryptor, attachment=attachment
 )

Mercurial > libervia-backend

comparison libervia/backend/plugins/plugin_xep_0448.py @ 4270:0d7bb4df2343