[Git][NTPsec/ntpsec][master] 4 commits: In packet.py, trat the extension member consistently as bytes.

Eric S. Raymond gitlab at mg.gitlab.com
Tue Nov 8 06:19:33 UTC 2016


Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
ae876ba8 by Eric S. Raymond at 2016-11-08T00:17:51-05:00
In packet.py, trat the extension member consistently as bytes.

- - - - -
726281e7 by Eric S. Raymond at 2016-11-08T00:35:58-05:00
Preparing for Python 3.

- - - - -
36a03623 by Eric S. Raymond at 2016-11-08T01:10:08-05:00
A step towards refactoring packet authentication.

- - - - -
107f09d2 by Eric S. Raymond at 2016-11-08T01:19:23-05:00
Factor out packet MAC generation.

- - - - -


1 changed file:

- pylib/packet.py


Changes:

=====================================
pylib/packet.py
=====================================
--- a/pylib/packet.py
+++ b/pylib/packet.py
@@ -145,11 +145,19 @@ class Packet:
         self.r_e_m_op = 0       # response, error, more, opcode (uint8_t)
         # Subclasses have four uint16_t fields here
         self.count = 0          # octet count of extension data
-        self.extension = ''     # extension data
+        self.extension = b''     # extension data
         self.li_vn_mode = Packet.PKT_LI_VN_MODE(0, version, mode)
     format = "!BBHHHHH"
     HEADER_LEN = 12
 
+    # These decorators will allow us to assign the extension Python 3 strings
+    @property
+    def extension(self):
+        return self.__extension
+    @extension.setter
+    def extension(self, x):
+        self.__extension = polybytes(x)
+
     def flatten(self, payload1, payload2, payload3, payload4):
         "Flatten the packet into an octet sequence."
         body = struct.pack(Packet.format,
@@ -157,7 +165,7 @@ class Packet:
                              self.r_e_m_op,
                              payload1, payload2, payload3, payload4,
                              self.count)
-        return polybytes(body + self.extension)
+        return body + self.extension
 
     def analyze(self, rawdata):
         (self.li_vn_mode,
@@ -442,7 +450,6 @@ class Mode6Session:
             if self.auth and self.hostname == "localhost":
                 try:
                     (self.keyid, self.keytype, self.passwd) = self.auth.control()
-                    print("Fooooo", self.passwd)
                     return
                 except ValueError:
                     # There are no trusted keys.  Barf.
@@ -497,10 +504,8 @@ class Mode6Session:
         # If we have data, pad it out to a 32-bit boundary.
         # Do not include these in the payload count.
         if pkt.extension:
-            pkt.extension = polybytes(pkt.extension)
             while ((Packet.HEADER_LEN + len(pkt.extension)) & 3):
                 pkt.extension += b"\x00"
-            pkt.extension = polystr(pkt.extension)
 
         # If it isn't authenticated we can just send it.  Otherwise
         # we're going to have to think about it a little.
@@ -513,23 +518,16 @@ class Mode6Session:
 	# Pad out packet to a multiple of 8 octets to be sure
 	# receiver can handle it. Note: these pad bytes should
         # *not* be counted in the header count field.
-        pkt.extension = polybytes(pkt.extension)
         while ((Packet.HEADER_LEN + len(pkt.extension)) & 7):
             pkt.extension += b"\x00"
-        pkt.extension = polystr(pkt.extension)
 
-        # Do the encryption.
-        hasher = hashlib.new(self.keytype)
-        hasher.update(self.passwd)
-	hasher.update(pkt.flatten())
-        if hasher.digest_size == 0:
+        # Do the MAC compuation.
+        mac = Authenticator.compute_mac(pkt.flatten(),
+                                        self.keyid, self.keytype, self.passwd)
+        if mac is None:
             raise Mode6Exception(SERR_NOKEY)
         else:
-            prefix = polystr(struct.pack("!I", self.keyid))
-            mac = polystr(hasher.digest())
-            pkt.extension += prefix
             pkt.extension += mac
-
 	return pkt.send()
 
     def getresponse(self, opcode, associd, timeo):
@@ -1068,5 +1066,15 @@ class Authenticator:
                 return (keyid, keytype, passwd)
         else:
             raise ValueError
+    @staticmethod
+    def compute_mac(payload, keyid, keytype, passwd):
+        hasher = hashlib.new(keytype)
+        hasher.update(passwd)
+        hasher.update(payload)
+        if hasher.digest_size == 0:
+            return None
+        else:
+            return struct.pack("!I", keyid) + hasher.digest()
+
 
 # end



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2c92e9a63531bbc88d544a7c2f88a5b276430137...107f09d2ededbfd20310af3a30ea954053fa1e32
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20161108/4c627900/attachment.html>


More information about the vc mailing list