def _parse_kexdh_reply(self, m): # client mode host_key = m.host_key self.f = m.f if (self.f < 1) or (self.f > self.P - 1): raise SshException('Server kex "f" is out of range') sig = m.signature K = pow(self.f, self.x, self.P) if log.isEnabledFor(logging.DEBUG): log.debug("K=[{}].".format(K)) # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K) hm = bytearray() hm += sshtype.encodeString(self.protocol.local_banner) hm += sshtype.encodeString(self.protocol.remote_banner) hm += sshtype.encodeBinary(self.protocol.local_kex_init_message) hm += sshtype.encodeBinary(self.protocol.remote_kex_init_message) hm += sshtype.encodeBinary(host_key) hm += sshtype.encodeMpint(self.e) hm += sshtype.encodeMpint(self.f) hm += sshtype.encodeMpint(K) H = sha1(hm).digest() self.protocol.set_K_H(K, H) log.info("Verifying signature...") r = yield from self.protocol.verify_server_key(host_key, sig) return r
def encode(self, obuf=None): self.buf = buf = obuf if obuf else bytearray() buf += struct.pack(">L", self.version) buf += sshtype.encodeBinary(self.sender_pubkey) buf += sshtype.encodeBinary(self.destination_addr) buf += sshtype.encodeString(self.subject) buf += sshtype.encodeString(self.date) buf += struct.pack(">H", len(self.parts)) for part in self.parts: part.encode(buf) self.signature_offset = len(buf) # Reserve space for signature, MorphisBlock and TargetedBlock header. max_size = consts.MAX_DATA_BLOCK_SIZE - 2768 if len(buf) > max_size: raise DmailException(\ "Dmail is [{}] bytes, yet cannot be larger than [{}] bytes."\ .format(len(buf), max_size)) # 512 byte RSA-4096 signature goes at the end. return buf
def _parse_kexdh_reply(self, m): # The client runs this function. host_key = m.host_key server_f = self.dh.f = m.f if (server_f < 1) or (server_f > self.dh.P - 1): raise SshException('Server kex "f" is out of range') K = self.dh.calculate_k() if log.isEnabledFor(logging.DEBUG): log.debug("K=[{}].".format(K)) # H = (V_C || V_S || I_C || I_S || K_S || e || f || K). hm = bytearray() hm += sshtype.encodeString(self.protocol.local_banner) hm += sshtype.encodeString(self.protocol.remote_banner) hm += sshtype.encodeBinary(self.protocol.local_kex_init_message) hm += sshtype.encodeBinary(self.protocol.remote_kex_init_message) hm += sshtype.encodeBinary(host_key) hm += sshtype.encodeMpint(self.dh.e) hm += sshtype.encodeMpint(server_f) hm += sshtype.encodeMpint(K) H = sha1(hm).digest() self.protocol.set_K_H(K, H) log.info("Verifying signature...") r = yield from self.protocol.verify_server_key(host_key, m.signature) return r
def encode(self): nbuf = super().encode() nbuf += sshtype.encodeString(self.sender_address) nbuf += sshtype.encodeString(self.version) return nbuf
def _parse_kexdh_init(self, m): # server mode self.e = m.e if (self.e < 1) or (self.e > self.P - 1): raise SshException('Client kex "e" is out of range') K = pow(self.e, self.x, self.P) if log.isEnabledFor(logging.DEBUG): log.debug("K=[{}].".format(K)) key = self.protocol.server_key.asbytes() # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K) hm = bytearray() hm += sshtype.encodeString(self.protocol.remote_banner) hm += sshtype.encodeString(self.protocol.local_banner) hm += sshtype.encodeBinary(self.protocol.remote_kex_init_message) hm += sshtype.encodeBinary(self.protocol.local_kex_init_message) hm += sshtype.encodeBinary(key) hm += sshtype.encodeMpint(self.e) hm += sshtype.encodeMpint(self.f) hm += sshtype.encodeMpint(K) H = sha1(hm).digest() self.protocol.set_K_H(K, H) # sign it sig = self.protocol.server_key.sign_ssh_data(H) # send reply m = mnetpacket.SshKexdhReplyMessage() m.host_key = key m.f = self.f m.signature = sig m.encode() self.protocol.write_packet(m)
def encode(self): nbuf = super().encode() nbuf += struct.pack(">L", self.self.reason_code) nbuf += sshtype.encodeString(self.description) nbuf += sshtype.encodeString(self.language_tag) return nbuf
def encode(self, obuf=None): buf = obuf if obuf else bytearray() buf += struct.pack(">L", self.version) buf += sshtype.encodeBinary(self.sender_pubkey) buf += sshtype.encodeString(self.subject) buf += sshtype.encodeString(self.date) for part in self.parts: part.encode(buf) return buf
def encode(self): nbuf = super().encode() nbuf += sshtype.encodeString(self.user_name) nbuf += sshtype.encodeString(self.service_name) nbuf += sshtype.encodeString(self.method_name) if self.method_name == "publickey": nbuf += struct.pack("B", self.signature_present) nbuf += sshtype.encodeString(self.algorithm_name) nbuf += sshtype.encodeBinary(self.public_key) # Leave signature for caller to append, as they need this encoded # data to sign. return nbuf
def encode(self): nbuf = super().encode() nbuf += sshtype.encodeString(self.algorithm_name) nbuf += sshtype.encodeBinary(self.public_key) return nbuf
def asbytes(self): m = bytearray() m += sshtype.encodeString('ssh-dss') m += sshtype.encodeMpint(self.p) m += sshtype.encodeMpint(self.q) m += sshtype.encodeMpint(self.g) m += sshtype.encodeMpint(self.y) return m
def encode(self, obuf=None): buf = obuf if obuf else bytearray() buf += struct.pack(">L", self.version) buf += sshtype.encodeString(self.ssm) buf += sshtype.encodeMpint(self.sse) buf += sshtype.encodeMpint(self.ssf) buf += struct.pack(">L", self.data_len) buf += self.data_enc
def sign_ssh_data(self, data): digest = sha1(data).digest() rsa = self._private_key() sig = util.deflate_long(rsa.sign(self._pkcs1imify(digest), bytes())[0], 0) m = bytearray() m += sshtype.encodeString("ssh-rsa") m += sshtype.encodeBinary(sig) return m
def encode(self): nbuf = super().encode() nbuf += struct.pack(">L", self.recipient_channel) nbuf += sshtype.encodeString(self.request_type) nbuf += struct.pack("?", self.want_reply) if self.payload: nbuf += self.payload return nbuf
def sign_ssh_data(self, data): digest = sha1(data).digest() rsa = self._private_key() sig = util.deflate_long(\ rsa.sign(self._pkcs1imify(digest), bytes())[0], 0) m = bytearray() m += sshtype.encodeString('ssh-rsa') m += sshtype.encodeBinary(sig) return m
def encode(self, obuf=None): buf = obuf if obuf else bytearray() buf += struct.pack(">L", self.version) buf += sshtype.encodeString(self.ssm) buf += sshtype.encodeMpint(self.sse) buf += sshtype.encodeMpint(self.ssf) buf += sshtype.encodeBinary(self.signature) buf += struct.pack(">L", self.data_len) buf += self.data_enc
def encode(self): nbuf = super().encode() nbuf += sshtype.encodeString(self.channel_type) nbuf += struct.pack(">L", self.sender_channel) nbuf += struct.pack(">L", self.initial_window_size) nbuf += struct.pack(">L", self.maximum_packet_size) if self.data_packet: nbuf += self.data_packet return nbuf
def _parse_kexdh_init(self, m): # The server runs this function. client_e = self.dh.f = m.e if (client_e < 1) or (client_e > self.dh.P - 1): raise SshException("Client kex 'e' is out of range") K = self.dh.calculate_k() if log.isEnabledFor(logging.DEBUG): log.debug("K=[{}].".format(K)) key = self.protocol.server_key.asbytes() # H = (V_C || V_S || I_C || I_S || K_S || e || f || K). hm = bytearray() hm += sshtype.encodeString(self.protocol.remote_banner) hm += sshtype.encodeString(self.protocol.local_banner) hm += sshtype.encodeBinary(self.protocol.remote_kex_init_message) hm += sshtype.encodeBinary(self.protocol.local_kex_init_message) hm += sshtype.encodeBinary(key) hm += sshtype.encodeMpint(client_e) hm += sshtype.encodeMpint(self.dh.e) hm += sshtype.encodeMpint(K) H = sha1(hm).digest() self.protocol.set_K_H(K, H) # Sign it. sig = self.protocol.server_key.sign_ssh_data(H) # Send reply. m = mnp.SshKexdhReplyMessage() m.host_key = key m.f = self.dh.e m.signature = sig m.encode() self.protocol.write_packet(m)
def encode(self): nbuf = super().encode() nbuf += struct.pack(">L", len(self.peers)) for peer in self.peers: nbuf += sshtype.encodeString(peer.address) nbuf += sshtype.encodeBinary(peer.node_id) if type(peer) is mnpeer.Peer: nbuf += sshtype.encodeBinary(peer.node_key.asbytes()) else: assert type(peer) is Peer nbuf += sshtype.encodeBinary(peer.pubkey) return nbuf
def asbytes(self): m = self.__public_key_bytes if m: return m m = bytearray() m += sshtype.encodeString('ssh-rsa') m += sshtype.encodeMpint(self.e) m += sshtype.encodeMpint(self.n) self.__public_key_bytes = m return m
def sign_ssh_data(self, data): digest = sha1(data).digest() dss = DSA.construct((int(self.y), int(self.g), int(self.p), int(self.q), int(self.x))) # generate a suitable k qsize = len(util.deflate_long(self.q, 0)) while True: k = util.inflate_long(os.urandom(qsize), 1) if (k > 2) and (k < self.q): break r, s = dss.sign(util.inflate_long(digest, 1), k) m = bytearray() m += sshtype.encodeString("ssh-dss") # apparently, in rare cases, r or s may be shorter than 20 bytes! rstr = util.deflate_long(r, 0) sstr = util.deflate_long(s, 0) if len(rstr) < 20: rstr = zero_byte * (20 - len(rstr)) + rstr if len(sstr) < 20: sstr = zero_byte * (20 - len(sstr)) + sstr m += sshtype.encodeBinary(rstr + sstr) return m
def sign_ssh_data(self, data): digest = sha1(data).digest() dss = DSA.construct( (int(self.y), int(self.g), int(self.p), int(self.q), int(self.x))) # generate a suitable k qsize = len(util.deflate_long(self.q, 0)) while True: k = util.inflate_long(os.urandom(qsize), 1) if (k > 2) and (k < self.q): break r, s = dss.sign(util.inflate_long(digest, 1), k) m = bytearray() m += sshtype.encodeString("ssh-dss") # apparently, in rare cases, r or s may be shorter than 20 bytes! rstr = util.deflate_long(r, 0) sstr = util.deflate_long(s, 0) if len(rstr) < 20: rstr = zero_byte * (20 - len(rstr)) + rstr if len(sstr) < 20: sstr = zero_byte * (20 - len(sstr)) + sstr m += sshtype.encodeBinary(rstr + sstr) return m
def asbytes(self): m = bytearray() m += sshtype.encodeString("ssh-rsa") m += sshtype.encodeMpint(self.e) m += sshtype.encodeMpint(self.n) return m
def encode(self): nbuf = super().encode() nbuf += sshtype.encodeString(self.service_name) return nbuf
def encode(self): nbuf = super().encode() nbuf += sshtype.encodeString(self.mime_type) nbuf += self.destination return nbuf
def encode(self, obuf=None): buf = obuf if obuf else bytearray() buf += sshtype.encodeString(self.mime_type) buf += sshtype.encodeBinary(self.data) return buf