def ssh_KEXINIT(self, packet):
self.serverKexInitPayload = chr(MSG_KEXINIT) + packet
#cookie = packet[: 16] # taking this is unimportant
k = getNS(packet[16:], 10)
strings, rest = k[:-1], k[-1]
kexAlgs, keyAlgs, encCS, encSC, macCS, macSC, compCS, compSC, langCS, langSC = \
[s.split(',')for s in strings]
self.kexAlg = ffs(self.supportedKeyExchanges, kexAlgs)
self.keyAlg = ffs(self.supportedPublicKeys, keyAlgs)
self.nextEncryptions = SSHCiphers(
ffs(self.supportedCiphers, encCS),
ffs(self.supportedCiphers, encSC),
ffs(self.supportedMACs, macCS),
ffs(self.supportedMACs, macSC),
)
self.outgoingCompressionType = ffs(self.supportedCompressions, compCS)
self.incomingCompressionType = ffs(self.supportedCompressions, compSC)
if None in (self.kexAlg, self.keyAlg, self.outgoingCompressionType,
self.incomingCompressionType):
self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED,
"couldn't match all kex parts")
return
if None in self.nextEncryptions.__dict__.values():
self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED,
"couldn't match all kex parts")
return
log.msg('kex alg, key alg: %s %s' % (self.kexAlg, self.keyAlg))
log.msg(
'client->server: %s %s %s' %
(self.nextEncryptions.outCipType, self.nextEncryptions.outMacType,
self.outgoingCompressionType))
log.msg('server->client: %s %s %s' %
(self.nextEncryptions.inCipType,
self.nextEncryptions.inMacType, self.incomingCompressionType))
if self.kexAlg == 'diffie-hellman-group1-sha1':
self.x = Util.number.getRandomNumber(512, entropy.get_bytes)
self.DHpubKey = pow(DH_GENERATOR, self.x, DH_PRIME)
self.sendPacket(MSG_KEXDH_INIT, MP(self.DHpubKey))
else:
self.sendPacket(MSG_KEX_DH_GEX_REQUEST_OLD, '\x00\x00\x08\x00')
def ssh_KEXINIT(self, packet):
self.serverKexInitPayload = chr(MSG_KEXINIT)+packet
#cookie = packet[: 16] # taking this is unimportant
k = getNS(packet[16:], 10)
strings, rest = k[:-1], k[-1]
kexAlgs, keyAlgs, encCS, encSC, macCS, macSC, compCS, compSC, langCS, langSC = \
[s.split(',')for s in strings]
self.kexAlg = ffs(self.supportedKeyExchanges, kexAlgs)
self.keyAlg = ffs(self.supportedPublicKeys, keyAlgs)
self.nextEncryptions = SSHCiphers(
ffs(self.supportedCiphers, encCS),
ffs(self.supportedCiphers, encSC),
ffs(self.supportedMACs, macCS),
ffs(self.supportedMACs, macSC),
)
self.outgoingCompressionType = ffs(self.supportedCompressions, compCS)
self.incomingCompressionType = ffs(self.supportedCompressions, compSC)
if None in(self.kexAlg, self.keyAlg, self.outgoingCompressionType, self.incomingCompressionType):
self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED, "couldn't match all kex parts")
return
if None in self.nextEncryptions.__dict__.values():
self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED, "couldn't match all kex parts")
return
log.msg('kex alg, key alg: %s %s'%(self.kexAlg, self.keyAlg))
log.msg('client->server: %s %s %s'%(self.nextEncryptions.outCipType,
self.nextEncryptions.outMacType,
self.outgoingCompressionType))
log.msg('server->client: %s %s %s'%(self.nextEncryptions.inCipType,
self.nextEncryptions.inMacType,
self.incomingCompressionType))
if self.kexAlg == 'diffie-hellman-group1-sha1':
self.x = Util.number.getRandomNumber(512, entropy.get_bytes)
self.DHpubKey = pow(DH_GENERATOR, self.x, DH_PRIME)
self.sendPacket(MSG_KEXDH_INIT, MP(self.DHpubKey))
else:
self.sendPacket(MSG_KEX_DH_GEX_REQUEST_OLD, '\x00\x00\x08\x00')
def ssh_KEXINIT(self, packet):
self.clientKexInitPayload = chr(MSG_KEXINIT)+packet
#cookie = packet[: 16] # taking this is useless
k = getNS(packet[16:], 10)
strings, rest = k[:-1], k[-1]
kexAlgs, keyAlgs, encCS, encSC, macCS, macSC, compCS, compSC, langCS, langSC = \
[s.split(',')for s in strings]
if ord(rest[0]): # first_kex_packet_follows
if kexAlgs[0] != self.supportedKeyExchanges[0]or \
keyAlgs[0] != self.supportedPublicKeys[0]or \
not ffs(encSC, self.supportedCiphers)or \
not ffs(encCS, self.supportedCiphers)or \
not ffs(macSC, self.supportedMACs)or \
not ffs(macCS, self.supportedMACs)or \
not ffs(compCS, self.supportedCompressions)or \
not ffs(compSC, self.supportedCompressions):
self.ignoreNextPacket = 1 # guess was wrong
self.kexAlg = ffs(kexAlgs, self.supportedKeyExchanges)
self.keyAlg = ffs(keyAlgs, self.supportedPublicKeys)
self.nextEncryptions = SSHCiphers(
ffs(encSC, self.supportedCiphers),
ffs(encCS, self.supportedCiphers),
ffs(macSC, self.supportedMACs),
ffs(macCS, self.supportedMACs),
)
self.outgoingCompressionType = ffs(compSC, self.supportedCompressions)
self.incomingCompressionType = ffs(compCS, self.supportedCompressions)
if None in(self.kexAlg, self.keyAlg, self.outgoingCompressionType, self.incomingCompressionType):
self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED, "couldn't match all kex parts")
return
if None in self.nextEncryptions.__dict__.values():
self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED, "couldn't match all kex parts")
return
log.msg('kex alg, key alg: %s %s'%(self.kexAlg, self.keyAlg))
log.msg('server->client: %s %s %s'%(self.nextEncryptions.outCipType,
self.nextEncryptions.outMacType,
self.outgoingCompressionType))
log.msg('client->server: %s %s %s'%(self.nextEncryptions.inCipType,
self.nextEncryptions.inMacType,
self.incomingCompressionType))
def ssh_KEXINIT(self, packet):
self.clientKexInitPayload = chr(MSG_KEXINIT) + packet
#cookie = packet[: 16] # taking this is useless
k = getNS(packet[16:], 10)
strings, rest = k[:-1], k[-1]
kexAlgs, keyAlgs, encCS, encSC, macCS, macSC, compCS, compSC, langCS, langSC = \
[s.split(',')for s in strings]
if ord(rest[0]): # first_kex_packet_follows
if kexAlgs[0] != self.supportedKeyExchanges[0]or \
keyAlgs[0] != self.supportedPublicKeys[0]or \
not ffs(encSC, self.supportedCiphers)or \
not ffs(encCS, self.supportedCiphers)or \
not ffs(macSC, self.supportedMACs)or \
not ffs(macCS, self.supportedMACs)or \
not ffs(compCS, self.supportedCompressions)or \
not ffs(compSC, self.supportedCompressions):
self.ignoreNextPacket = 1 # guess was wrong
self.kexAlg = ffs(kexAlgs, self.supportedKeyExchanges)
self.keyAlg = ffs(keyAlgs, self.supportedPublicKeys)
self.nextEncryptions = SSHCiphers(
ffs(encSC, self.supportedCiphers),
ffs(encCS, self.supportedCiphers),
ffs(macSC, self.supportedMACs),
ffs(macCS, self.supportedMACs),
)
self.outgoingCompressionType = ffs(compSC, self.supportedCompressions)
self.incomingCompressionType = ffs(compCS, self.supportedCompressions)
if None in (self.kexAlg, self.keyAlg, self.outgoingCompressionType,
self.incomingCompressionType):
self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED,
"couldn't match all kex parts")
return
if None in self.nextEncryptions.__dict__.values():
self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED,
"couldn't match all kex parts")
return
log.msg('kex alg, key alg: %s %s' % (self.kexAlg, self.keyAlg))
log.msg(
'server->client: %s %s %s' %
(self.nextEncryptions.outCipType, self.nextEncryptions.outMacType,
self.outgoingCompressionType))
log.msg('client->server: %s %s %s' %
(self.nextEncryptions.inCipType,
self.nextEncryptions.inMacType, self.incomingCompressionType))