dorian
/
paramiko
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Don't random pad packets for SDCTR ciphers

This commit is contained in:
Kent Gibson 2012-11-04 13:58:04 +08:00 committed by Jeff Forcier
parent 8e697988af
commit adad068b13
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
paramiko/packet.py
View File

@ -87,6 +87,7 @@ class Packetizer (object):
self.__mac_size_in = 0 self.__mac_size_in = 0
self.__block_engine_out = None self.__block_engine_out = None
self.__block_engine_in = None self.__block_engine_in = None
self.__sdctr_out = False
self.__mac_engine_out = None self.__mac_engine_out = None
self.__mac_engine_in = None self.__mac_engine_in = None
self.__mac_key_out = '' self.__mac_key_out = ''
@ -110,11 +111,12 @@ class Packetizer (object):
""" """
self.__logger = log self.__logger = log
def set_outbound_cipher(self, block_engine, block_size, mac_engine, mac_size, mac_key): def set_outbound_cipher(self, block_engine, block_size, mac_engine, mac_size, mac_key, sdctr):
""" """
Switch outbound data cipher. Switch outbound data cipher.
""" """
self.__block_engine_out = block_engine self.__block_engine_out = block_engine
self.__sdctr_out = sdctr
self.__block_size_out = block_size self.__block_size_out = block_size
self.__mac_engine_out = mac_engine self.__mac_engine_out = mac_engine
self.__mac_size_out = mac_size self.__mac_size_out = mac_size
@ -490,12 +492,12 @@ class Packetizer (object):
padding = 3 + bsize - ((len(payload) + 8) % bsize) padding = 3 + bsize - ((len(payload) + 8) % bsize)
packet = struct.pack('>IB', len(payload) + padding + 1, padding) packet = struct.pack('>IB', len(payload) + padding + 1, padding)
packet += payload packet += payload
if self.__block_engine_out is not None: if self.__sdctr_out or self.__block_engine_out is None:
packet += rng.read(padding) # cute trick i caught openssh doing: if we're not encrypting or SDCTR mode (RFC4344),
else:
# cute trick i caught openssh doing: if we're not encrypting,
# don't waste random bytes for the padding # don't waste random bytes for the padding
packet += (chr(0) * padding) packet += (chr(0) * padding)
else:
packet += rng.read(padding)
return packet return packet
def _trigger_rekey(self): def _trigger_rekey(self):

3
paramiko/transport.py
View File

@ -1885,7 +1885,8 @@ class Transport (threading.Thread):
mac_key = self._compute_key('F', mac_engine.digest_size) mac_key = self._compute_key('F', mac_engine.digest_size)
else: else:
mac_key = self._compute_key('E', mac_engine.digest_size) mac_key = self._compute_key('E', mac_engine.digest_size)
self.packetizer.set_outbound_cipher(engine, block_size, mac_engine, mac_size, mac_key) sdctr = self.local_cipher.endswith('-ctr')
self.packetizer.set_outbound_cipher(engine, block_size, mac_engine, mac_size, mac_key, sdctr)
compress_out = self._compression_info[self.local_compression][0] compress_out = self._compression_info[self.local_compression][0]
if (compress_out is not None) and ((self.local_compression != 'zlib@openssh.com') or self.authenticated): if (compress_out is not None) and ((self.local_compression != 'zlib@openssh.com') or self.authenticated):
self._log(DEBUG, 'Switching on outbound compression ...') self._log(DEBUG, 'Switching on outbound compression ...')