OTRv4Plus/smp_engine_compat.py at main · muc111/OTRv4Plus · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
"""
smp_engine_compat.py — SMPEngine compatibility wrapper for the test suite.

SMPEngine was removed from otrv4+.py when the Rust SMP migration completed
(v10.5.10). This module re-creates a thin Python wrapper around the Rust
RustSMP + RustSMPVault APIs so that all existing test references to:

    otr.SMPEngine(is_initiator=True)
    engine.set_secret("passphrase", session_id=..., ...)
    engine.secret              → bytes (derived secret for comparison)
    engine.state_machine       → object with .secret_set attribute
    engine._vault              → RustSMPVault
    engine._clear_math_state() → clears vault

continue to work without modification.
"""

import os
import sys
import hashlib

try:
    from otrv4_core import RustSMP, RustSMPVault
    _RUST_AVAILABLE = True
except ImportError:
    _RUST_AVAILABLE = False

# ── Minimal state machine object expected by tests ────────────────────────────

class _SMPStateMachine:
    """Lightweight state tracker that mirrors what tests check."""
    def __init__(self):
        self.secret_set = False
        self.state      = "IDLE"

    def mark_secret_set(self):
        self.secret_set = True
        self.state = "READY"

    def reset(self):
        self.secret_set = False
        self.state = "IDLE"


# ── KDF matching smp.rs set_secret exactly ───────────────────────────────────
# 50k-round SHAKE-256 chain + HMAC-SHA3-512 with canonical fingerprint ordering
# Used ONLY to expose the derived value for assertion in tests.

def _derive_smp_secret(
    passphrase:        str,
    session_id:        bytes = b'',
    local_fingerprint:  bytes = b'',
    remote_fingerprint: bytes = b'',
    is_initiator:      bool  = True,
) -> bytes:
    """
    Pure-Python re-implementation of smp.rs::SmpState::set_secret().
    Used by tests that compare e_a.secret != e_b.secret.
    """
    KDF_ROUNDS = 50_000

    # 1. SHAKE-256 chain
    import hashlib
    h = hashlib.shake_256()
    h.update(b"OTRv4+SMP-v2\x00")
    h.update(passphrase.encode('utf-8'))
    state = h.digest(64)

    for i in range(KDF_ROUNDS - 1):
        h2 = hashlib.shake_256()
        h2.update(i.to_bytes(4, 'big'))
        h2.update(state)
        state = h2.digest(64)

    # 2. HMAC-SHA3-512 session binding with canonical fingerprint ordering
    import hmac as _hmac
    hkey_h = hashlib.sha3_512(session_id).digest()

    fp_a, fp_b = (
        (local_fingerprint,  remote_fingerprint)
        if local_fingerprint <= remote_fingerprint
        else (remote_fingerprint, local_fingerprint)
    )

    mac = _hmac.new(hkey_h, digestmod=hashlib.sha3_512)
    mac.update(fp_a)
    mac.update(fp_b)
    mac.update(state)
    binding = mac.digest()

    # 3. Reduce mod order (2048-bit safe prime)
    PRIME_HEX = (
        "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
        "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
        "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
        "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
        "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
        "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
        "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
        "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
        "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
        "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
        "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
        "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
        "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
        "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
        "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
        "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
    )
    prime = int(PRIME_HEX, 16)
    order = (prime - 1) >> 1
    n = int.from_bytes(binding, 'big') % order
    if n == 0:
        n = 1

    return n.to_bytes(256, 'big')


# ── SMPEngine wrapper ─────────────────────────────────────────────────────────

class SMPEngine:
    """
    Python wrapper around RustSMP + RustSMPVault.

    API contract (used by tests):
        eng = SMPEngine(is_initiator=True)
        eng.set_secret("pass", session_id=..., local_fingerprint=...,
                                              remote_fingerprint=...)
        eng.secret            → bytes (derived value, for comparison only)
        eng.state_machine.secret_set → bool
        eng._vault            → RustSMPVault instance
        eng._clear_math_state() → clears vault and resets state
        eng.generate_smp1()   → bytes
        eng.process_smp1_generate_smp2(data) → bytes
        eng.process_smp2_generate_smp3(data) → bytes
        eng.process_smp3_generate_smp4(data) → bytes
        eng.process_smp4(data) → bool
        eng.is_verified()     → bool
        eng.is_failed()       → bool
    """

    def __init__(self, is_initiator: bool = True):
        self.is_initiator  = is_initiator
        self.state_machine = _SMPStateMachine()
        self._secret_derived: bytes = b''

        if _RUST_AVAILABLE:
            self._rust_smp = RustSMP(is_initiator)
            self._vault    = RustSMPVault()
        else:
            self._rust_smp = None
            self._vault    = None

    # ── Secret binding ────────────────────────────────────────────────────────

    def set_secret(
        self,
        passphrase:         str,
        session_id:         bytes = b'',
        local_fingerprint:  bytes = b'',
        remote_fingerprint: bytes = b'',
    ):
        if len(passphrase) < 8:
            raise ValueError(
                f"SMP secret must be at least 8 characters (got {len(passphrase)})")

        # Derive comparison value in Python (matches Rust KDF exactly)
        self._secret_derived = _derive_smp_secret(
            passphrase, session_id, local_fingerprint, remote_fingerprint,
            self.is_initiator)
        self.state_machine.mark_secret_set()

        if self._rust_smp is not None and self._vault is not None:
            # Store bytes in Rust vault, wipe bytearray immediately
            raw = bytearray(passphrase.encode('utf-8'))
            try:
                self._vault.store("secret", bytes(raw))
                self._rust_smp.set_secret_from_vault(
                    self._vault, "secret",
                    session_id, local_fingerprint, remote_fingerprint)
            finally:
                for i in range(len(raw)):
                    raw[i] = 0
                del raw

    # ── Test-facing secret property ───────────────────────────────────────────

    @property
    def secret(self) -> bytes:
        """Derived secret bytes (for cross-session comparison in tests only)."""
        return self._secret_derived

    # ── Lifecycle ─────────────────────────────────────────────────────────────

    def _clear_math_state(self):
        """Zeroize vault and reset state. Mirrors EnhancedOTRSession cleanup."""
        if self._vault is not None:
            self._vault.clear()
        if self._rust_smp is not None:
            self._rust_smp.destroy()
            # Re-create for potential reuse
            try:
                self._rust_smp = RustSMP(self.is_initiator)
            except Exception:
                self._rust_smp = None
        self._secret_derived = b''
        self.state_machine.reset()

    # ── Protocol steps ────────────────────────────────────────────────────────

    def generate_smp1(self, question: str = None) -> bytes:
        if self._rust_smp is None:
            raise RuntimeError("Rust SMP not available")
        return bytes(self._rust_smp.generate_smp1(question))

    def process_smp1_generate_smp2(self, data: bytes) -> bytes:
        if self._rust_smp is None:
            raise RuntimeError("Rust SMP not available")
        return bytes(self._rust_smp.process_smp1_generate_smp2(data))

    def process_smp2_generate_smp3(self, data: bytes) -> bytes:
        if self._rust_smp is None:
            raise RuntimeError("Rust SMP not available")
        return bytes(self._rust_smp.process_smp2_generate_smp3(data))

    def process_smp3_generate_smp4(self, data: bytes) -> bytes:
        if self._rust_smp is None:
            raise RuntimeError("Rust SMP not available")
        return bytes(self._rust_smp.process_smp3_generate_smp4(data))

    def process_smp4(self, data: bytes) -> bool:
        if self._rust_smp is None:
            raise RuntimeError("Rust SMP not available")
        return bool(self._rust_smp.process_smp4(data))

    def is_verified(self) -> bool:
        if self._rust_smp is None:
            return False
        return bool(self._rust_smp.is_verified())

    def is_failed(self) -> bool:
        if self._rust_smp is None:
            return True
        return bool(self._rust_smp.is_failed())

    def get_phase(self) -> str:
        if self._rust_smp is None:
            return "UNAVAILABLE"
        return self._rust_smp.get_phase()