From be5542c05e46b500e47b94bc8a6254cae8335a8b Mon Sep 17 00:00:00 2001 From: "Jeremy T. Bouse" Date: Sun, 29 May 2011 08:16:54 -0400 Subject: Imported Upstream version 1.7.7.1 --- docs/paramiko.kex_gex-pysrc.html | 400 +++++++++++++++++++-------------------- 1 file changed, 190 insertions(+), 210 deletions(-) (limited to 'docs/paramiko.kex_gex-pysrc.html') diff --git a/docs/paramiko.kex_gex-pysrc.html b/docs/paramiko.kex_gex-pysrc.html index 9dd880c..82f065e 100644 --- a/docs/paramiko.kex_gex-pysrc.html +++ b/docs/paramiko.kex_gex-pysrc.html @@ -158,80 +158,60 @@ paramiko.kex_group1.KexGroup1.name" class="py-name" href="#" onclick="return doc 101 qhbyte <<= 1 102 qmask >>= 1 103 while True: -104 self.transport.randpool.stir() -105 x_bytes = self.transport.randpool.get_bytes(bytes) -106 x_bytes = chr(ord(x_bytes[0]) & qmask) + x_bytes[1:] -107 x = util.inflate_long(x_bytes, 1) -108 if (x > 1) and (x < q): -109 break -110 self.x = x -111 -
112 - def _parse_kexdh_gex_request(self, m): -
113 minbits = m.get_int() -114 preferredbits = m.get_int() -115 maxbits = m.get_int() -116 # smoosh the user's preferred size into our own limits -117 if preferredbits > self.max_bits: -118 preferredbits = self.max_bits -119 if preferredbits < self.min_bits: -120 preferredbits = self.min_bits -121 # fix min/max if they're inconsistent. technically, we could just pout -122 # and hang up, but there's no harm in giving them the benefit of the -123 # doubt and just picking a bitsize for them. -124 if minbits > preferredbits: -125 minbits = preferredbits -126 if maxbits < preferredbits: -127 maxbits = preferredbits -128 # now save a copy -129 self.min_bits = minbits -130 self.preferred_bits = preferredbits -131 self.max_bits = maxbits -132 # generate prime -133 pack = self.transport._get_modulus_pack() -134 if pack is None: -135 raise SSHException('Can\'t do server-side gex with no modulus pack') -136 self.transport._log(104 x_bytes = self.transport.rng.read(bytes) +105 x_bytes = chr(ord(x_bytes[0]) & qmask) + x_bytes[1:] +106 x = util.inflate_long(x_bytes, 1) +107 if (x > 1) and (x < q): +108 break +109 self.x = x +
110 +
111 - def _parse_kexdh_gex_request(self, m): +
112 minbits = m.get_int() +113 preferredbits = m.get_int() +114 maxbits = m.get_int() +115 # smoosh the user's preferred size into our own limits +116 if preferredbits > self.max_bits: +117 preferredbits = self.max_bits +118 if preferredbits < self.min_bits: +119 preferredbits = self.min_bits +120 # fix min/max if they're inconsistent. technically, we could just pout +121 # and hang up, but there's no harm in giving them the benefit of the +122 # doubt and just picking a bitsize for them. +123 if minbits > preferredbits: +124 minbits = preferredbits +125 if maxbits < preferredbits: +126 maxbits = preferredbits +127 # now save a copy +128 self.min_bits = minbits +129 self.preferred_bits = preferredbits +130 self.max_bits = maxbits +131 # generate prime +132 pack = self.transport._get_modulus_pack() +133 if pack is None: +134 raise SSHException('Can\'t do server-side gex with no modulus pack') +135 self.transport._log(DEBUG, 'Picking p (%d <= %d <= %d bits)' % (minbits, preferredbits, maxbits)) -137 self.g, self.p = pack.get_modulus(minbits, preferredbits, maxbits) -138 m = Message() -139 m.add_byte(chr(_MSG_KEXDH_GEX_GROUP)) -140 m.add_mpint(self.p) -141 m.add_mpint(self.g) -142 self.transport._send_message(m) -143 self.transport._expect_packet(_MSG_KEXDH_GEX_INIT) -
144 -
145 - def _parse_kexdh_gex_request_old(self, m): -
146 # same as above, but without min_bits or max_bits (used by older clients like putty) -147 self.preferred_bits = m.get_int() -148 # smoosh the user's preferred size into our own limits -149 if self.preferred_bits > self.max_bits: -150 self.preferred_bits = self.max_bits -151 if self.preferred_bits < self.min_bits: -152 self.preferred_bits = self.min_bits -153 # generate prime -154 pack = self.transport._get_modulus_pack() -155 if pack is None: -156 raise SSHException('Can\'t do server-side gex with no modulus pack') -157 self.transport._log(DEBUG, 'Picking p (%d <= %d <= %d bits)' % (minbits, preferredbits, maxbits)) +136 self.g, self.p = pack.get_modulus(minbits, preferredbits, maxbits) +137 m = Message() +138 m.add_byte(chr(_MSG_KEXDH_GEX_GROUP)) +139 m.add_mpint(self.p) +140 m.add_mpint(self.g) +141 self.transport._send_message(m) +142 self.transport._expect_packet(_MSG_KEXDH_GEX_INIT) +
143 +
144 - def _parse_kexdh_gex_request_old(self, m): +
145 # same as above, but without min_bits or max_bits (used by older clients like putty) +146 self.preferred_bits = m.get_int() +147 # smoosh the user's preferred size into our own limits +148 if self.preferred_bits > self.max_bits: +149 self.preferred_bits = self.max_bits +150 if self.preferred_bits < self.min_bits: +151 self.preferred_bits = self.min_bits +152 # generate prime +153 pack = self.transport._get_modulus_pack() +154 if pack is None: +155 raise SSHException('Can\'t do server-side gex with no modulus pack') +156 self.transport._log(DEBUG, 'Picking p (~ %d bits)' % (self.preferred_bits,)) -158 self.g, self.p = pack.get_modulus(self.min_bits, self.preferred_bits, self.max_bits) -159 m = Message() -160 m.add_byte(chr(_MSG_KEXDH_GEX_GROUP)) -161 m.add_mpint(self.p) -162 m.add_mpint(self.g) -163 self.transport._send_message(m) -164 self.transport._expect_packet(_MSG_KEXDH_GEX_INIT) -165 self.old_style = True -
166 -
167 - def _parse_kexdh_gex_group(self, m): -
168 self.p = m.get_mpint() -169 self.g = m.get_mpint() -170 # reject if p's bit length < 1024 or > 8192 -171 bitlen = util.bit_length(self.p) -172 if (bitlen < 1024) or (bitlen > 8192): -173 raise SSHException('Server-generated gex p (don\'t ask) is out of range (%d bits)' % bitlen) -174 self.transport._log(DEBUG, 'Picking p (~ %d bits)' % (self.preferred_bits,)) +157 self.g, self.p = pack.get_modulus(self.min_bits, self.preferred_bits, self.max_bits) +158 m = Message() +159 m.add_byte(chr(_MSG_KEXDH_GEX_GROUP)) +160 m.add_mpint(self.p) +161 m.add_mpint(self.g) +162 self.transport._send_message(m) +163 self.transport._expect_packet(_MSG_KEXDH_GEX_INIT) +164 self.old_style = True +
165 +
166 - def _parse_kexdh_gex_group(self, m): +
167 self.p = m.get_mpint() +168 self.g = m.get_mpint() +169 # reject if p's bit length < 1024 or > 8192 +170 bitlen = util.bit_length(self.p) +171 if (bitlen < 1024) or (bitlen > 8192): +172 raise SSHException('Server-generated gex p (don\'t ask) is out of range (%d bits)' % bitlen) +173 self.transport._log(DEBUG, 'Got server p (%d bits)' % bitlen) -175 self._generate_x() -176 # now compute e = g^x mod p -177 self.e = pow(self.g, self.x, self.p) -178 m = Message() -179 m.add_byte(chr(_MSG_KEXDH_GEX_INIT)) -180 m.add_mpint(self.e) -181 self.transport._send_message(m) -182 self.transport._expect_packet(_MSG_KEXDH_GEX_REPLY) -
183 -
184 - def _parse_kexdh_gex_init(self, m): -
185 self.e = m.get_mpint() -186 if (self.e < 1) or (self.e > self.p - 1): -187 raise SSHException('Client kex "e" is out of range') -188 self._generate_x() -189 self.f = pow(self.g, self.x, self.p) -190 K = pow(self.e, self.x, self.p) -191 key = str(self.transport.get_server_key()) -192 # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) -193 hm = Message() -194 hm.add(self.transport.remote_version, self.transport.local_version, -195 self.transport.remote_kex_init, self.transport.local_kex_init, -196 key) -197 if not self.old_style: -198 hm.add_int(self.min_bits) -199 hm.add_int(self.preferred_bits) -200 if not self.old_style: -201 hm.add_int(self.max_bits) -202 hm.add_mpint(self.p) -203 hm.add_mpint(self.g) -204 hm.add_mpint(self.e) -205 hm.add_mpint(self.f) -206 hm.add_mpint(K) -207 H = SHA.new(str(hm)).digest() -208 self.transport._set_K_H(K, H) -209 # sign it -210 sig = self.transport.get_server_key().DEBUG, 'Got server p (%d bits)' % bitlen) +174 self._generate_x() +175 # now compute e = g^x mod p +176 self.e = pow(self.g, self.x, self.p) +177 m = Message() +178 m.add_byte(chr(_MSG_KEXDH_GEX_INIT)) +179 m.add_mpint(self.e) +180 self.transport._send_message(m) +181 self.transport._expect_packet(_MSG_KEXDH_GEX_REPLY) +
182 +
183 - def _parse_kexdh_gex_init(self, m): +
184 self.e = m.get_mpint() +185 if (self.e < 1) or (self.e > self.p - 1): +186 raise SSHException('Client kex "e" is out of range') +187 self._generate_x() +188 self.f = pow(self.g, self.x, self.p) +189 K = pow(self.e, self.x, self.p) +190 key = str(self.transport.get_server_key()) +191 # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) +192 hm = Message() +193 hm.add(self.transport.remote_version, self.transport.local_version, +194 self.transport.remote_kex_init, self.transport.local_kex_init, +195 key) +196 if not self.old_style: +197 hm.add_int(self.min_bits) +198 hm.add_int(self.preferred_bits) +199 if not self.old_style: +200 hm.add_int(self.max_bits) +201 hm.add_mpint(self.p) +202 hm.add_mpint(self.g) +203 hm.add_mpint(self.e) +204 hm.add_mpint(self.f) +205 hm.add_mpint(K) +206 H = SHA.new(str(hm)).digest() +207 self.transport._set_K_H(K, H) +208 # sign it +209 sig = self.transport.get_server_key().sign_ssh_data(self.transport.randpool, H) -211 # send reply -212 m = Message() -213 m.add_byte(chr(_MSG_KEXDH_GEX_REPLY)) -214 m.add_string(key) -215 m.add_mpint(self.f) -216 m.add_string(str(sig)) -217 self.transport._send_message(m) -218 self.transport._activate_outbound() -
219 -
220 - def _parse_kexdh_gex_reply(self, m): -
221 host_key = m.get_string() -222 self.f = m.get_mpint() -223 sig = m.get_string() -224 if (self.f < 1) or (self.f > self.p - 1): -225 raise SSHException('Server kex "f" is out of range') -226 K = pow(self.f, self.x, self.p) -227 # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) -228 hm = Message() -229 hm.add(self.transport.local_version, self.transport.remote_version, -230 self.transport.local_kex_init, self.transport.remote_kex_init, -231 host_key) -232 if not self.old_style: -233 hm.add_int(self.min_bits) -234 hm.add_int(self.preferred_bits) -235 if not self.old_style: -236 hm.add_int(self.max_bits) -237 hm.add_mpint(self.p) -238 hm.add_mpint(self.g) -239 hm.add_mpint(self.e) -240 hm.add_mpint(self.f) -241 hm.add_mpint(K) -242 self.transport._set_K_H(K, SHA.new(str(hm)).digest()) -243 self.transport._verify_key(host_key, sig) -244 self.transport._activate_outbound() -
245