Mercurial Mercurial > upstream > spec-files-extra / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patches/python-paramiko-01-arc4_and_ctr.patch
author dnsbrnrd
Sun, 17 May 2009 15:27:29 +0000
changeset 1879 165510f78f50
permissions -rw-r--r--
2009-05-17 Denis Bernard <[email protected]> * SFEpython25-crypto.spec: * SFEpython25-paramiko.spec, patches/python-paramiko-01-arc4_and_ctr.patch: Python 2.5, bump to paramiko 1.7.4, patch to implement AEC-CTR and arcfour ciphers for OpenSolaris interoperability.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1879
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     1
 
diff -ur paramiko-1.7.4.orig/paramiko/transport.py paramiko-1.7.4/paramiko/transport.py
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     2
 
--- paramiko-1.7.4.orig/paramiko/transport.py	2008-07-07 02:12:55.000000000 +0100
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     3
 
+++ paramiko-1.7.4/paramiko/transport.py	2009-05-15 12:44:50.322005250 +0100
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     4
 
@@ -50,8 +50,12 @@
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     5
 
 # i believe this on the standards track.
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     6
 
 # PyCrypt compiled for Win32 can be downloaded from the HashTar homepage:
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     7
 
 #     http://nitace.bsd.uchicago.edu:8080/hashtar
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     8
 
-from Crypto.Cipher import Blowfish, AES, DES3
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
     9
 
+from Crypto.Cipher import Blowfish, AES, DES3, ARC4
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    10
 
 from Crypto.Hash import SHA, MD5
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    11
 
+try:
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    12
 
+    from Crypto.Util import Counter
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    13
 
+except ImportError:
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    14
 
+    from paramiko.util import Counter
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    15
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    16
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    17
 
 # for thread cleanup
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    18
 
@@ -196,17 +200,22 @@
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    19
 
     _PROTO_ID = '2.0'
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    20
 
     _CLIENT_ID = 'paramiko_1.7.4'
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    21
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    22
 
-    _preferred_ciphers = ( 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc' )
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    23
 
+    _preferred_ciphers = ( 'aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc',
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    24
 
+        'arcfour128', 'arcfour256' )
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    25
 
     _preferred_macs = ( 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96' )
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    26
 
     _preferred_keys = ( 'ssh-rsa', 'ssh-dss' )
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    27
 
     _preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1' )
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    28
 
     _preferred_compression = ( 'none', )
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    29
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    30
 
     _cipher_info = {
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    31
 
+        'aes128-ctr': { 'class': AES, 'mode': AES.MODE_CTR, 'block-size': 16, 'key-size': 16 },
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    32
 
+        'aes256-ctr': { 'class': AES, 'mode': AES.MODE_CTR, 'block-size': 16, 'key-size': 32 },
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    33
 
         'blowfish-cbc': { 'class': Blowfish, 'mode': Blowfish.MODE_CBC, 'block-size': 8, 'key-size': 16 },
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    34
 
         'aes128-cbc': { 'class': AES, 'mode': AES.MODE_CBC, 'block-size': 16, 'key-size': 16 },
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    35
 
         'aes256-cbc': { 'class': AES, 'mode': AES.MODE_CBC, 'block-size': 16, 'key-size': 32 },
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    36
 
         '3des-cbc': { 'class': DES3, 'mode': DES3.MODE_CBC, 'block-size': 8, 'key-size': 24 },
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    37
 
+        'arcfour128': { 'class': ARC4, 'mode': None, 'block-size': 8, 'key-size': 16 },
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    38
 
+        'arcfour256': { 'class': ARC4, 'mode': None, 'block-size': 8, 'key-size': 32 },
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    39
 
         }
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    40
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    41
 
     _mac_info = {
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    42
 
@@ -1446,7 +1455,19 @@
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    43
 
     def _get_cipher(self, name, key, iv):
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    44
 
         if name not in self._cipher_info:
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    45
 
             raise SSHException('Unknown client cipher ' + name)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    46
 
-        return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    47
 
+        if name in ('arcfour128', 'arcfour256'):
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    48
 
+            # arcfour cipher
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    49
 
+            cipher = self._cipher_info[name]['class'].new(key)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    50
 
+            # as per RFC 4345, the first 1536 bytes of keystream
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    51
 
+            # generated by the cipher MUST be discarded
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    52
 
+            cipher.encrypt(" " * 1536)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    53
 
+            return cipher
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    54
 
+        elif name.endswith("-ctr"):
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    55
 
+            # CTR modes, we need a counter
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    56
 
+            return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv,
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    57
 
+                Counter.new(nbits=self._cipher_info[name]['block-size']*8, initial_value=util.inflate_long(iv, True)))
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    58
 
+        else:
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    59
 
+            return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    60
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    61
 
     def _set_x11_handler(self, handler):
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    62
 
         # only called if a channel has turned on x11 forwarding
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    63
 
diff -ur paramiko-1.7.4.orig/paramiko/util.py paramiko-1.7.4/paramiko/util.py
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    64
 
--- paramiko-1.7.4.orig/paramiko/util.py	2007-02-13 02:59:59.000000000 +0000
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    65
 
+++ paramiko-1.7.4/paramiko/util.py	2009-05-16 17:27:21.266831004 +0100
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    66
 
@@ -22,6 +22,7 @@
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    67
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    68
 
 from __future__ import generators
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    69
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    70
 
+import array
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    71
 
 from binascii import hexlify, unhexlify
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    72
 
 import sys
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    73
 
 import struct
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    74
 
@@ -267,4 +268,33 @@
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    75
 
     l.addFilter(_pfilter)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    76
 
     return l
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    77
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    78
 
+class Counter(object):
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    79
 
+    """Stateful counter for CTR mode crypto"""
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    80
 
+    def __init__(self, nbits, initial_value, overflow):
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    81
 
+        self.blocksize = nbits / 8
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    82
 
+        self.overflow = overflow
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    83
 
+        # start with value - 1 so we don't have to store intermediate values when counting
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    84
 
+        # could the iv be 0?
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    85
 
+        if initial_value != 0:
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    86
 
+            self.value = deflate_long(initial_value - 1, add_sign_padding=False)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    87
 
+            self.value = '\x00' * (self.blocksize-len(self.value)) + self.value
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    88
 
+        else:
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    89
 
+            self.value = '\xFF' * self.blocksize
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    90
 
+        self.value = array.array('c', self.value)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    91
 
+
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    92
 
+    def __call__(self):
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    93
 
+        """Increament the counter and return the new value"""
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    94
 
+        i = self.blocksize - 1
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    95
 
+        while i > -1:
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    96
 
+            c = self.value[i] = chr((ord(self.value[i]) + 1) % 256)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    97
 
+            if c != '\x00':
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    98
 
+                return self.value.tostring()
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
    99
 
+            i -= 1
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
   100
 
+        # counter reset
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
   101
 
+        self.value = array.array('c', Util.number.long_to_bytes(self.overflow, self.blocksize))
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
   102
 
+        return self.value.tostring()
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
   103
 
+
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
   104
 
+    def new(cls, nbits, initial_value=1L, overflow=0L):
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
   105
 
+        return cls(nbits, initial_value=initial_value, overflow=overflow)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
   106
 
+    new = classmethod(new)
165510f78f50 2009-05-17 Denis Bernard <[email protected]>
dnsbrnrd
parents:
diff changeset 
   107
upstream/spec-files-extra