aboutsummaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
Diffstat (limited to 'python')
-rw-r--r--python/.gitignore1
-rw-r--r--python/olm/__init__.py2
-rwxr-xr-xpython/olm/__main__.py105
-rw-r--r--python/olm/inbound_group_session.py86
-rw-r--r--python/olm/outbound_group_session.py107
-rwxr-xr-xpython/test_olm.sh10
6 files changed, 309 insertions, 2 deletions
diff --git a/python/.gitignore b/python/.gitignore
index 4e9d33a..b8ca4f7 100644
--- a/python/.gitignore
+++ b/python/.gitignore
@@ -1,3 +1,4 @@
*.pyc
/*.account
/*.session
+/*.group_session
diff --git a/python/olm/__init__.py b/python/olm/__init__.py
index 5520132..31b29b9 100644
--- a/python/olm/__init__.py
+++ b/python/olm/__init__.py
@@ -1,2 +1,4 @@
from .account import Account
from .session import Session
+from .outbound_group_session import OutboundGroupSession
+from .inbound_group_session import InboundGroupSession
diff --git a/python/olm/__main__.py b/python/olm/__main__.py
index 35ccd01..a34d52a 100755
--- a/python/olm/__main__.py
+++ b/python/olm/__main__.py
@@ -10,8 +10,7 @@ import yaml
from . import *
-
-if __name__ == '__main__':
+def build_arg_parser():
parser = argparse.ArgumentParser()
parser.add_argument("--key", help="Account encryption key", default="")
commands = parser.add_subparsers()
@@ -242,5 +241,107 @@ if __name__ == '__main__':
decrypt.set_defaults(func=do_decrypt)
+ outbound_group = commands.add_parser("outbound_group", help="Create an outbound group session")
+ outbound_group.add_argument("session_file", help="Local group session file")
+ outbound_group.set_defaults(func=do_outbound_group)
+
+ group_credentials = commands.add_parser("group_credentials", help="Export the current outbound group session credentials")
+ group_credentials.add_argument("session_file", help="Local outbound group session file")
+ group_credentials.add_argument("credentials_file", help="File to write credentials to (default stdout)",
+ type=argparse.FileType('w'), nargs='?',
+ default=sys.stdout)
+ group_credentials.set_defaults(func=do_group_credentials)
+
+ group_encrypt = commands.add_parser("group_encrypt", help="Encrypt a group message")
+ group_encrypt.add_argument("session_file", help="Local outbound group session file")
+ group_encrypt.add_argument("plaintext_file", help="Plaintext file (default stdin)",
+ type=argparse.FileType('rb'), nargs='?',
+ default=sys.stdin)
+ group_encrypt.add_argument("message_file", help="Message file (default stdout)",
+ type=argparse.FileType('w'), nargs='?',
+ default=sys.stdout)
+ group_encrypt.set_defaults(func=do_group_encrypt)
+
+ inbound_group = commands.add_parser(
+ "inbound_group",
+ help=("Create an inbound group session based on credentials from an "+
+ "outbound group session"))
+ inbound_group.add_argument("session_file", help="Local inbound group session file")
+ inbound_group.add_argument("credentials_file",
+ help="File to read credentials from (default stdin)",
+ type=argparse.FileType('r'), nargs='?',
+ default=sys.stdin)
+ inbound_group.set_defaults(func=do_inbound_group)
+
+ group_decrypt = commands.add_parser("group_decrypt", help="Decrypt a group message")
+ group_decrypt.add_argument("session_file", help="Local inbound group session file")
+ group_decrypt.add_argument("message_file", help="Message file (default stdin)",
+ type=argparse.FileType('r'), nargs='?',
+ default=sys.stdin)
+ group_decrypt.add_argument("plaintext_file", help="Plaintext file (default stdout)",
+ type=argparse.FileType('wb'), nargs='?',
+ default=sys.stdout)
+ group_decrypt.set_defaults(func=do_group_decrypt)
+ return parser
+
+def do_outbound_group(args):
+ if os.path.exists(args.session_file):
+ sys.stderr.write("Session %r file already exists" % (
+ args.session_file,
+ ))
+ sys.exit(1)
+ session = OutboundGroupSession()
+ with open(args.session_file, "wb") as f:
+ f.write(session.pickle(args.key))
+
+def do_group_encrypt(args):
+ session = OutboundGroupSession()
+ with open(args.session_file, "rb") as f:
+ session.unpickle(args.key, f.read())
+ plaintext = args.plaintext_file.read()
+ message = session.encrypt(plaintext)
+ with open(args.session_file, "wb") as f:
+ f.write(session.pickle(args.key))
+ args.message_file.write(message)
+
+def do_group_credentials(args):
+ session = OutboundGroupSession()
+ with open(args.session_file, "rb") as f:
+ session.unpickle(args.key, f.read())
+ result = {
+ 'message_index': session.message_index(),
+ 'session_key': session.session_key(),
+ }
+ json.dump(result, args.credentials_file, indent=4)
+
+def do_inbound_group(args):
+ if os.path.exists(args.session_file):
+ sys.stderr.write("Session %r file already exists\n" % (
+ args.session_file,
+ ))
+ sys.exit(1)
+ credentials = json.load(args.credentials_file)
+ for k in ('message_index', 'session_key'):
+ if not k in credentials:
+ sys.stderr.write("Credentials file is missing %s\n" % k)
+ sys.exit(1);
+
+ session = InboundGroupSession()
+ session.init(credentials['message_index'], credentials['session_key'])
+ with open(args.session_file, "wb") as f:
+ f.write(session.pickle(args.key))
+
+def do_group_decrypt(args):
+ session = InboundGroupSession()
+ with open(args.session_file, "rb") as f:
+ session.unpickle(args.key, f.read())
+ message = args.message_file.read()
+ plaintext = session.decrypt(message)
+ with open(args.session_file, "wb") as f:
+ f.write(session.pickle(args.key))
+ args.plaintext_file.write(plaintext)
+
+if __name__ == '__main__':
+ parser = build_arg_parser()
args = parser.parse_args()
args.func(args)
diff --git a/python/olm/inbound_group_session.py b/python/olm/inbound_group_session.py
new file mode 100644
index 0000000..6c01095
--- /dev/null
+++ b/python/olm/inbound_group_session.py
@@ -0,0 +1,86 @@
+import json
+
+from ._base import *
+
+lib.olm_inbound_group_session_size.argtypes = []
+lib.olm_inbound_group_session_size.restype = c_size_t
+
+lib.olm_inbound_group_session.argtypes = [c_void_p]
+lib.olm_inbound_group_session.restype = c_void_p
+
+lib.olm_inbound_group_session_last_error.argtypes = [c_void_p]
+lib.olm_inbound_group_session_last_error.restype = c_char_p
+
+def inbound_group_session_errcheck(res, func, args):
+ if res == ERR:
+ raise OlmError("%s: %s" % (
+ func.__name__, lib.olm_inbound_group_session_last_error(args[0])
+ ))
+ return res
+
+
+def inbound_group_session_function(func, *types):
+ func.argtypes = (c_void_p,) + types
+ func.restypes = c_size_t
+ func.errcheck = inbound_group_session_errcheck
+
+
+inbound_group_session_function(
+ lib.olm_pickle_inbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
+)
+inbound_group_session_function(
+ lib.olm_unpickle_inbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
+)
+
+inbound_group_session_function(
+ lib.olm_init_inbound_group_session, c_uint32, c_void_p, c_size_t
+)
+
+inbound_group_session_function(
+ lib.olm_group_decrypt_max_plaintext_length, c_void_p, c_size_t
+)
+inbound_group_session_function(
+ lib.olm_group_decrypt,
+ c_void_p, c_size_t, # message
+ c_void_p, c_size_t, # plaintext
+)
+
+class InboundGroupSession(object):
+ def __init__(self):
+ self.buf = create_string_buffer(lib.olm_inbound_group_session_size())
+ self.ptr = lib.olm_inbound_group_session(self.buf)
+
+ def pickle(self, key):
+ key_buffer = create_string_buffer(key)
+ pickle_length = lib.olm_pickle_inbound_group_session_length(self.ptr)
+ pickle_buffer = create_string_buffer(pickle_length)
+ lib.olm_pickle_inbound_group_session(
+ self.ptr, key_buffer, len(key), pickle_buffer, pickle_length
+ )
+ return pickle_buffer.raw
+
+ def unpickle(self, key, pickle):
+ key_buffer = create_string_buffer(key)
+ pickle_buffer = create_string_buffer(pickle)
+ lib.olm_unpickle_inbound_group_session(
+ self.ptr, key_buffer, len(key), pickle_buffer, len(pickle)
+ )
+
+ def init(self, message_index, session_key):
+ key_buffer = create_string_buffer(session_key)
+ lib.olm_init_inbound_group_session(
+ self.ptr, message_index, key_buffer, len(session_key)
+ )
+
+ def decrypt(self, message):
+ message_buffer = create_string_buffer(message)
+ max_plaintext_length = lib.olm_group_decrypt_max_plaintext_length(
+ self.ptr, message_buffer, len(message)
+ )
+ plaintext_buffer = create_string_buffer(max_plaintext_length)
+ message_buffer = create_string_buffer(message)
+ plaintext_length = lib.olm_group_decrypt(
+ self.ptr, message_buffer, len(message),
+ plaintext_buffer, max_plaintext_length
+ )
+ return plaintext_buffer.raw[:plaintext_length]
diff --git a/python/olm/outbound_group_session.py b/python/olm/outbound_group_session.py
new file mode 100644
index 0000000..56f0962
--- /dev/null
+++ b/python/olm/outbound_group_session.py
@@ -0,0 +1,107 @@
+import json
+
+from ._base import *
+
+lib.olm_outbound_group_session_size.argtypes = []
+lib.olm_outbound_group_session_size.restype = c_size_t
+
+lib.olm_outbound_group_session.argtypes = [c_void_p]
+lib.olm_outbound_group_session.restype = c_void_p
+
+lib.olm_outbound_group_session_last_error.argtypes = [c_void_p]
+lib.olm_outbound_group_session_last_error.restype = c_char_p
+
+def outbound_group_session_errcheck(res, func, args):
+ if res == ERR:
+ raise OlmError("%s: %s" % (
+ func.__name__, lib.olm_outbound_group_session_last_error(args[0])
+ ))
+ return res
+
+
+def outbound_group_session_function(func, *types):
+ func.argtypes = (c_void_p,) + types
+ func.restypes = c_size_t
+ func.errcheck = outbound_group_session_errcheck
+
+
+outbound_group_session_function(
+ lib.olm_pickle_outbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
+)
+outbound_group_session_function(
+ lib.olm_unpickle_outbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
+)
+
+outbound_group_session_function(lib.olm_init_outbound_group_session_random_length)
+outbound_group_session_function(lib.olm_init_outbound_group_session, c_void_p, c_size_t)
+
+lib.olm_outbound_group_session_message_index.argtypes = [c_void_p]
+lib.olm_outbound_group_session_message_index.restype = c_uint32
+
+outbound_group_session_function(lib.olm_group_encrypt_message_length, c_size_t)
+outbound_group_session_function(lib.olm_group_encrypt,
+ c_void_p, c_size_t, # Plaintext
+ c_void_p, c_size_t, # Message
+)
+
+outbound_group_session_function(lib.olm_outbound_group_session_id_length)
+outbound_group_session_function(lib.olm_outbound_group_session_id, c_void_p, c_size_t)
+outbound_group_session_function(lib.olm_outbound_group_session_key_length)
+outbound_group_session_function(lib.olm_outbound_group_session_key, c_void_p, c_size_t)
+
+
+class OutboundGroupSession(object):
+ def __init__(self):
+ self.buf = create_string_buffer(lib.olm_outbound_group_session_size())
+ self.ptr = lib.olm_outbound_group_session(self.buf)
+
+ random_length = lib.olm_init_outbound_group_session_random_length(self.ptr)
+ random = read_random(random_length)
+ random_buffer = create_string_buffer(random)
+ lib.olm_init_outbound_group_session(self.ptr, random_buffer, random_length)
+
+ def pickle(self, key):
+ key_buffer = create_string_buffer(key)
+ pickle_length = lib.olm_pickle_outbound_group_session_length(self.ptr)
+ pickle_buffer = create_string_buffer(pickle_length)
+ lib.olm_pickle_outbound_group_session(
+ self.ptr, key_buffer, len(key), pickle_buffer, pickle_length
+ )
+ return pickle_buffer.raw
+
+ def unpickle(self, key, pickle):
+ key_buffer = create_string_buffer(key)
+ pickle_buffer = create_string_buffer(pickle)
+ lib.olm_unpickle_outbound_group_session(
+ self.ptr, key_buffer, len(key), pickle_buffer, len(pickle)
+ )
+
+ def encrypt(self, plaintext):
+ message_length = lib.olm_group_encrypt_message_length(
+ self.ptr, len(plaintext)
+ )
+ message_buffer = create_string_buffer(message_length)
+
+ plaintext_buffer = create_string_buffer(plaintext)
+
+ lib.olm_group_encrypt(
+ self.ptr,
+ plaintext_buffer, len(plaintext),
+ message_buffer, message_length,
+ )
+ return message_buffer.raw
+
+ def session_id(self):
+ id_length = lib.olm_outbound_group_session_id_length(self.ptr)
+ id_buffer = create_string_buffer(id_length)
+ lib.olm_outbound_group_session_id(self.ptr, id_buffer, id_length);
+ return id_buffer.raw
+
+ def message_index(self):
+ return lib.olm_outbound_group_session_message_index(self.ptr)
+
+ def session_key(self):
+ key_length = lib.olm_outbound_group_session_key_length(self.ptr)
+ key_buffer = create_string_buffer(key_length)
+ lib.olm_outbound_group_session_key(self.ptr, key_buffer, key_length);
+ return key_buffer.raw
diff --git a/python/test_olm.sh b/python/test_olm.sh
index 916322e..989e166 100755
--- a/python/test_olm.sh
+++ b/python/test_olm.sh
@@ -6,11 +6,14 @@ OLM="python -m olm"
ALICE_ACCOUNT=alice.account
ALICE_SESSION=alice.session
+ALICE_GROUP_SESSION=alice.group_session
BOB_ACCOUNT=bob.account
BOB_SESSION=bob.session
+BOB_GROUP_SESSION=bob.group_session
rm $ALICE_ACCOUNT $BOB_ACCOUNT
rm $ALICE_SESSION $BOB_SESSION
+rm $ALICE_GROUP_SESSION $BOB_GROUP_SESSION
$OLM create_account $ALICE_ACCOUNT
$OLM create_account $BOB_ACCOUNT
@@ -22,3 +25,10 @@ BOB_ONE_TIME_KEY="$($OLM one_time_key $BOB_ACCOUNT)"
$OLM outbound $ALICE_ACCOUNT $ALICE_SESSION "$BOB_IDENTITY_KEY" "$BOB_ONE_TIME_KEY"
echo "Hello world" | $OLM encrypt $ALICE_SESSION - - | $OLM inbound $BOB_ACCOUNT $BOB_SESSION - -
+
+
+### group sessions
+
+$OLM outbound_group $ALICE_GROUP_SESSION
+$OLM group_credentials $ALICE_GROUP_SESSION | $OLM inbound_group $BOB_GROUP_SESSION
+echo "Hello group" | $OLM group_encrypt $ALICE_GROUP_SESSION - - | $OLM group_decrypt $BOB_GROUP_SESSION