def _parse_kexdh_reply(self, m):
# client mode
host_key = m.host_key
self.f = m.f
if (self.f < 1) or (self.f > self.P - 1):
raise SshException('Server kex "f" is out of range')
sig = m.signature
K = pow(self.f, self.x, self.P)
if log.isEnabledFor(logging.DEBUG):
log.debug("K=[{}].".format(K))
# okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K)
hm = bytearray()
hm += sshtype.encodeString(self.protocol.local_banner)
hm += sshtype.encodeString(self.protocol.remote_banner)
hm += sshtype.encodeBinary(self.protocol.local_kex_init_message)
hm += sshtype.encodeBinary(self.protocol.remote_kex_init_message)
hm += sshtype.encodeBinary(host_key)
hm += sshtype.encodeMpint(self.e)
hm += sshtype.encodeMpint(self.f)
hm += sshtype.encodeMpint(K)
H = sha1(hm).digest()
self.protocol.set_K_H(K, H)
log.info("Verifying signature...")
r = yield from self.protocol.verify_server_key(host_key, sig)
return r
def encode(self, obuf=None):
self.buf = buf = obuf if obuf else bytearray()
buf += struct.pack(">L", self.version)
buf += sshtype.encodeBinary(self.sender_pubkey)
buf += sshtype.encodeBinary(self.destination_addr)
buf += sshtype.encodeString(self.subject)
buf += sshtype.encodeString(self.date)
buf += struct.pack(">H", len(self.parts))
for part in self.parts:
part.encode(buf)
self.signature_offset = len(buf)
# Reserve space for signature, MorphisBlock and TargetedBlock header.
max_size = consts.MAX_DATA_BLOCK_SIZE - 2768
if len(buf) > max_size:
raise DmailException(\
"Dmail is [{}] bytes, yet cannot be larger than [{}] bytes."\
.format(len(buf), max_size))
# 512 byte RSA-4096 signature goes at the end.
return buf
def _parse_kexdh_reply(self, m):
# The client runs this function.
host_key = m.host_key
server_f = self.dh.f = m.f
if (server_f < 1) or (server_f > self.dh.P - 1):
raise SshException('Server kex "f" is out of range')
K = self.dh.calculate_k()
if log.isEnabledFor(logging.DEBUG):
log.debug("K=[{}].".format(K))
# H = (V_C || V_S || I_C || I_S || K_S || e || f || K).
hm = bytearray()
hm += sshtype.encodeString(self.protocol.local_banner)
hm += sshtype.encodeString(self.protocol.remote_banner)
hm += sshtype.encodeBinary(self.protocol.local_kex_init_message)
hm += sshtype.encodeBinary(self.protocol.remote_kex_init_message)
hm += sshtype.encodeBinary(host_key)
hm += sshtype.encodeMpint(self.dh.e)
hm += sshtype.encodeMpint(server_f)
hm += sshtype.encodeMpint(K)
H = sha1(hm).digest()
self.protocol.set_K_H(K, H)
log.info("Verifying signature...")
r = yield from self.protocol.verify_server_key(host_key, m.signature)
return r
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.sender_address)
nbuf += sshtype.encodeString(self.version)
return nbuf
def _parse_kexdh_init(self, m):
# server mode
self.e = m.e
if (self.e < 1) or (self.e > self.P - 1):
raise SshException('Client kex "e" is out of range')
K = pow(self.e, self.x, self.P)
if log.isEnabledFor(logging.DEBUG):
log.debug("K=[{}].".format(K))
key = self.protocol.server_key.asbytes()
# okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K)
hm = bytearray()
hm += sshtype.encodeString(self.protocol.remote_banner)
hm += sshtype.encodeString(self.protocol.local_banner)
hm += sshtype.encodeBinary(self.protocol.remote_kex_init_message)
hm += sshtype.encodeBinary(self.protocol.local_kex_init_message)
hm += sshtype.encodeBinary(key)
hm += sshtype.encodeMpint(self.e)
hm += sshtype.encodeMpint(self.f)
hm += sshtype.encodeMpint(K)
H = sha1(hm).digest()
self.protocol.set_K_H(K, H)
# sign it
sig = self.protocol.server_key.sign_ssh_data(H)
# send reply
m = mnetpacket.SshKexdhReplyMessage()
m.host_key = key
m.f = self.f
m.signature = sig
m.encode()
self.protocol.write_packet(m)
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.sender_address)
nbuf += sshtype.encodeString(self.version)
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += struct.pack(">L", self.self.reason_code)
nbuf += sshtype.encodeString(self.description)
nbuf += sshtype.encodeString(self.language_tag)
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += struct.pack(">L", self.self.reason_code)
nbuf += sshtype.encodeString(self.description)
nbuf += sshtype.encodeString(self.language_tag)
return nbuf
def encode(self, obuf=None):
buf = obuf if obuf else bytearray()
buf += struct.pack(">L", self.version)
buf += sshtype.encodeBinary(self.sender_pubkey)
buf += sshtype.encodeString(self.subject)
buf += sshtype.encodeString(self.date)
for part in self.parts:
part.encode(buf)
return buf
def encode(self, obuf=None):
buf = obuf if obuf else bytearray()
buf += struct.pack(">L", self.version)
buf += sshtype.encodeBinary(self.sender_pubkey)
buf += sshtype.encodeString(self.subject)
buf += sshtype.encodeString(self.date)
for part in self.parts:
part.encode(buf)
return buf
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.user_name)
nbuf += sshtype.encodeString(self.service_name)
nbuf += sshtype.encodeString(self.method_name)
if self.method_name == "publickey":
nbuf += struct.pack("B", self.signature_present)
nbuf += sshtype.encodeString(self.algorithm_name)
nbuf += sshtype.encodeBinary(self.public_key)
# Leave signature for caller to append, as they need this encoded
# data to sign.
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.user_name)
nbuf += sshtype.encodeString(self.service_name)
nbuf += sshtype.encodeString(self.method_name)
if self.method_name == "publickey":
nbuf += struct.pack("B", self.signature_present)
nbuf += sshtype.encodeString(self.algorithm_name)
nbuf += sshtype.encodeBinary(self.public_key)
# Leave signature for caller to append, as they need this encoded
# data to sign.
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.algorithm_name)
nbuf += sshtype.encodeBinary(self.public_key)
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.algorithm_name)
nbuf += sshtype.encodeBinary(self.public_key)
return nbuf
def asbytes(self):
m = bytearray()
m += sshtype.encodeString('ssh-dss')
m += sshtype.encodeMpint(self.p)
m += sshtype.encodeMpint(self.q)
m += sshtype.encodeMpint(self.g)
m += sshtype.encodeMpint(self.y)
return m
def asbytes(self):
m = bytearray()
m += sshtype.encodeString('ssh-dss')
m += sshtype.encodeMpint(self.p)
m += sshtype.encodeMpint(self.q)
m += sshtype.encodeMpint(self.g)
m += sshtype.encodeMpint(self.y)
return m
def encode(self, obuf=None):
buf = obuf if obuf else bytearray()
buf += struct.pack(">L", self.version)
buf += sshtype.encodeString(self.ssm)
buf += sshtype.encodeMpint(self.sse)
buf += sshtype.encodeMpint(self.ssf)
buf += struct.pack(">L", self.data_len)
buf += self.data_enc
def sign_ssh_data(self, data):
digest = sha1(data).digest()
rsa = self._private_key()
sig = util.deflate_long(rsa.sign(self._pkcs1imify(digest), bytes())[0], 0)
m = bytearray()
m += sshtype.encodeString("ssh-rsa")
m += sshtype.encodeBinary(sig)
return m
def encode(self):
nbuf = super().encode()
nbuf += struct.pack(">L", self.recipient_channel)
nbuf += sshtype.encodeString(self.request_type)
nbuf += struct.pack("?", self.want_reply)
if self.payload:
nbuf += self.payload
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += struct.pack(">L", self.recipient_channel)
nbuf += sshtype.encodeString(self.request_type)
nbuf += struct.pack("?", self.want_reply)
if self.payload:
nbuf += self.payload
return nbuf
def sign_ssh_data(self, data):
digest = sha1(data).digest()
rsa = self._private_key()
sig = util.deflate_long(\
rsa.sign(self._pkcs1imify(digest), bytes())[0], 0)
m = bytearray()
m += sshtype.encodeString('ssh-rsa')
m += sshtype.encodeBinary(sig)
return m
def encode(self, obuf=None):
buf = obuf if obuf else bytearray()
buf += struct.pack(">L", self.version)
buf += sshtype.encodeString(self.ssm)
buf += sshtype.encodeMpint(self.sse)
buf += sshtype.encodeMpint(self.ssf)
buf += sshtype.encodeBinary(self.signature)
buf += struct.pack(">L", self.data_len)
buf += self.data_enc
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.channel_type)
nbuf += struct.pack(">L", self.sender_channel)
nbuf += struct.pack(">L", self.initial_window_size)
nbuf += struct.pack(">L", self.maximum_packet_size)
if self.data_packet:
nbuf += self.data_packet
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.channel_type)
nbuf += struct.pack(">L", self.sender_channel)
nbuf += struct.pack(">L", self.initial_window_size)
nbuf += struct.pack(">L", self.maximum_packet_size)
if self.data_packet:
nbuf += self.data_packet
return nbuf
def _parse_kexdh_init(self, m):
# The server runs this function.
client_e = self.dh.f = m.e
if (client_e < 1) or (client_e > self.dh.P - 1):
raise SshException("Client kex 'e' is out of range")
K = self.dh.calculate_k()
if log.isEnabledFor(logging.DEBUG):
log.debug("K=[{}].".format(K))
key = self.protocol.server_key.asbytes()
# H = (V_C || V_S || I_C || I_S || K_S || e || f || K).
hm = bytearray()
hm += sshtype.encodeString(self.protocol.remote_banner)
hm += sshtype.encodeString(self.protocol.local_banner)
hm += sshtype.encodeBinary(self.protocol.remote_kex_init_message)
hm += sshtype.encodeBinary(self.protocol.local_kex_init_message)
hm += sshtype.encodeBinary(key)
hm += sshtype.encodeMpint(client_e)
hm += sshtype.encodeMpint(self.dh.e)
hm += sshtype.encodeMpint(K)
H = sha1(hm).digest()
self.protocol.set_K_H(K, H)
# Sign it.
sig = self.protocol.server_key.sign_ssh_data(H)
# Send reply.
m = mnp.SshKexdhReplyMessage()
m.host_key = key
m.f = self.dh.e
m.signature = sig
m.encode()
self.protocol.write_packet(m)
def encode(self):
nbuf = super().encode()
nbuf += struct.pack(">L", len(self.peers))
for peer in self.peers:
nbuf += sshtype.encodeString(peer.address)
nbuf += sshtype.encodeBinary(peer.node_id)
if type(peer) is mnpeer.Peer:
nbuf += sshtype.encodeBinary(peer.node_key.asbytes())
else:
assert type(peer) is Peer
nbuf += sshtype.encodeBinary(peer.pubkey)
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += struct.pack(">L", len(self.peers))
for peer in self.peers:
nbuf += sshtype.encodeString(peer.address)
nbuf += sshtype.encodeBinary(peer.node_id)
if type(peer) is mnpeer.Peer:
nbuf += sshtype.encodeBinary(peer.node_key.asbytes())
else:
assert type(peer) is Peer
nbuf += sshtype.encodeBinary(peer.pubkey)
return nbuf
def asbytes(self):
m = self.__public_key_bytes
if m:
return m
m = bytearray()
m += sshtype.encodeString('ssh-rsa')
m += sshtype.encodeMpint(self.e)
m += sshtype.encodeMpint(self.n)
self.__public_key_bytes = m
return m
def sign_ssh_data(self, data):
digest = sha1(data).digest()
dss = DSA.construct((int(self.y), int(self.g), int(self.p), int(self.q), int(self.x)))
# generate a suitable k
qsize = len(util.deflate_long(self.q, 0))
while True:
k = util.inflate_long(os.urandom(qsize), 1)
if (k > 2) and (k < self.q):
break
r, s = dss.sign(util.inflate_long(digest, 1), k)
m = bytearray()
m += sshtype.encodeString("ssh-dss")
# apparently, in rare cases, r or s may be shorter than 20 bytes!
rstr = util.deflate_long(r, 0)
sstr = util.deflate_long(s, 0)
if len(rstr) < 20:
rstr = zero_byte * (20 - len(rstr)) + rstr
if len(sstr) < 20:
sstr = zero_byte * (20 - len(sstr)) + sstr
m += sshtype.encodeBinary(rstr + sstr)
return m
def sign_ssh_data(self, data):
digest = sha1(data).digest()
dss = DSA.construct(
(int(self.y), int(self.g), int(self.p), int(self.q), int(self.x)))
# generate a suitable k
qsize = len(util.deflate_long(self.q, 0))
while True:
k = util.inflate_long(os.urandom(qsize), 1)
if (k > 2) and (k < self.q):
break
r, s = dss.sign(util.inflate_long(digest, 1), k)
m = bytearray()
m += sshtype.encodeString("ssh-dss")
# apparently, in rare cases, r or s may be shorter than 20 bytes!
rstr = util.deflate_long(r, 0)
sstr = util.deflate_long(s, 0)
if len(rstr) < 20:
rstr = zero_byte * (20 - len(rstr)) + rstr
if len(sstr) < 20:
sstr = zero_byte * (20 - len(sstr)) + sstr
m += sshtype.encodeBinary(rstr + sstr)
return m
def asbytes(self):
m = bytearray()
m += sshtype.encodeString("ssh-rsa")
m += sshtype.encodeMpint(self.e)
m += sshtype.encodeMpint(self.n)
return m
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.service_name)
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.service_name)
return nbuf
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.mime_type)
nbuf += self.destination
return nbuf
def encode(self, obuf=None):
buf = obuf if obuf else bytearray()
buf += sshtype.encodeString(self.mime_type)
buf += sshtype.encodeBinary(self.data)
return buf
def encode(self, obuf=None):
buf = obuf if obuf else bytearray()
buf += sshtype.encodeString(self.mime_type)
buf += sshtype.encodeBinary(self.data)
return buf
def encode(self):
nbuf = super().encode()
nbuf += sshtype.encodeString(self.mime_type)
nbuf += self.destination
return nbuf
