[Git][NTPsec/ntpsec][master] 4 commits: In packet.py, trat the extension member consistently as bytes.
Eric S. Raymond
gitlab at mg.gitlab.com
Tue Nov 8 06:19:33 UTC 2016
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
ae876ba8 by Eric S. Raymond at 2016-11-08T00:17:51-05:00
In packet.py, trat the extension member consistently as bytes.
- - - - -
726281e7 by Eric S. Raymond at 2016-11-08T00:35:58-05:00
Preparing for Python 3.
- - - - -
36a03623 by Eric S. Raymond at 2016-11-08T01:10:08-05:00
A step towards refactoring packet authentication.
- - - - -
107f09d2 by Eric S. Raymond at 2016-11-08T01:19:23-05:00
Factor out packet MAC generation.
- - - - -
1 changed file:
- pylib/packet.py
Changes:
=====================================
pylib/packet.py
=====================================
--- a/pylib/packet.py
+++ b/pylib/packet.py
@@ -145,11 +145,19 @@ class Packet:
self.r_e_m_op = 0 # response, error, more, opcode (uint8_t)
# Subclasses have four uint16_t fields here
self.count = 0 # octet count of extension data
- self.extension = '' # extension data
+ self.extension = b'' # extension data
self.li_vn_mode = Packet.PKT_LI_VN_MODE(0, version, mode)
format = "!BBHHHHH"
HEADER_LEN = 12
+ # These decorators will allow us to assign the extension Python 3 strings
+ @property
+ def extension(self):
+ return self.__extension
+ @extension.setter
+ def extension(self, x):
+ self.__extension = polybytes(x)
+
def flatten(self, payload1, payload2, payload3, payload4):
"Flatten the packet into an octet sequence."
body = struct.pack(Packet.format,
@@ -157,7 +165,7 @@ class Packet:
self.r_e_m_op,
payload1, payload2, payload3, payload4,
self.count)
- return polybytes(body + self.extension)
+ return body + self.extension
def analyze(self, rawdata):
(self.li_vn_mode,
@@ -442,7 +450,6 @@ class Mode6Session:
if self.auth and self.hostname == "localhost":
try:
(self.keyid, self.keytype, self.passwd) = self.auth.control()
- print("Fooooo", self.passwd)
return
except ValueError:
# There are no trusted keys. Barf.
@@ -497,10 +504,8 @@ class Mode6Session:
# If we have data, pad it out to a 32-bit boundary.
# Do not include these in the payload count.
if pkt.extension:
- pkt.extension = polybytes(pkt.extension)
while ((Packet.HEADER_LEN + len(pkt.extension)) & 3):
pkt.extension += b"\x00"
- pkt.extension = polystr(pkt.extension)
# If it isn't authenticated we can just send it. Otherwise
# we're going to have to think about it a little.
@@ -513,23 +518,16 @@ class Mode6Session:
# Pad out packet to a multiple of 8 octets to be sure
# receiver can handle it. Note: these pad bytes should
# *not* be counted in the header count field.
- pkt.extension = polybytes(pkt.extension)
while ((Packet.HEADER_LEN + len(pkt.extension)) & 7):
pkt.extension += b"\x00"
- pkt.extension = polystr(pkt.extension)
- # Do the encryption.
- hasher = hashlib.new(self.keytype)
- hasher.update(self.passwd)
- hasher.update(pkt.flatten())
- if hasher.digest_size == 0:
+ # Do the MAC compuation.
+ mac = Authenticator.compute_mac(pkt.flatten(),
+ self.keyid, self.keytype, self.passwd)
+ if mac is None:
raise Mode6Exception(SERR_NOKEY)
else:
- prefix = polystr(struct.pack("!I", self.keyid))
- mac = polystr(hasher.digest())
- pkt.extension += prefix
pkt.extension += mac
-
return pkt.send()
def getresponse(self, opcode, associd, timeo):
@@ -1068,5 +1066,15 @@ class Authenticator:
return (keyid, keytype, passwd)
else:
raise ValueError
+ @staticmethod
+ def compute_mac(payload, keyid, keytype, passwd):
+ hasher = hashlib.new(keytype)
+ hasher.update(passwd)
+ hasher.update(payload)
+ if hasher.digest_size == 0:
+ return None
+ else:
+ return struct.pack("!I", keyid) + hasher.digest()
+
# end
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2c92e9a63531bbc88d544a7c2f88a5b276430137...107f09d2ededbfd20310af3a30ea954053fa1e32
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20161108/4c627900/attachment.html>
More information about the vc
mailing list