From d6175ee2c9d41458d303993ec8a10db2b220be7f Mon Sep 17 00:00:00 2001 From: edgsousa Date: Tue, 12 Jun 2018 16:09:57 +0100 Subject: flake8 warnings Change order of preference of -etm hmac algos (fixes test_transport zlib) --- paramiko/kex_group16.py | 4 ++-- paramiko/packet.py | 35 +++++++++++++++++++++-------------- paramiko/transport.py | 4 ++-- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/paramiko/kex_group16.py b/paramiko/kex_group16.py index b1c1e60d..812dfd20 100644 --- a/paramiko/kex_group16.py +++ b/paramiko/kex_group16.py @@ -29,9 +29,9 @@ class KexGroup16SHA512(KexGroup1): name = 'diffie-hellman-group16-sha512' # http://tools.ietf.org/html/rfc3526#section-5 P = ( - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF + 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF # noqa ) G = 2 name = "diffie-hellman-group16-sha512" - hash_algo = sha512 \ No newline at end of file + hash_algo = sha512 diff --git a/paramiko/packet.py b/paramiko/packet.py index 76e10dbd..3b897cdd 100644 --- a/paramiko/packet.py +++ b/paramiko/packet.py @@ -166,7 +166,8 @@ class Packetizer(object): self.__need_rekey = False def set_inbound_cipher( - self, block_engine, block_size, mac_engine, mac_size, mac_key, etm=False + self, block_engine, block_size, mac_engine, mac_size, mac_key, + etm=False ): """ Switch inbound data cipher. @@ -403,8 +404,9 @@ class Packetizer(object): self._log(DEBUG, util.format_binary(packet, "OUT: ")) if self.__block_engine_out is not None: if self.__etm_out: - ## packet length is not encrypted in EtM - out = packet[0:4] + self.__block_engine_out.update(packet[4:]) + # packet length is not encrypted in EtM + out = packet[0:4] + self.__block_engine_out.update( + packet[4:]) else: out = self.__block_engine_out.update(packet) else: @@ -413,7 +415,7 @@ class Packetizer(object): if self.__block_engine_out is not None: if self.__etm_out: payload = ( - struct.pack(">I", self.__sequence_number_out) + out + struct.pack(">I", self.__sequence_number_out) + out ) else: payload = ( @@ -456,11 +458,12 @@ class Packetizer(object): header = self.read_all(self.__block_size_in, check_rekey=True) if self.__etm_in: packet_size = struct.unpack(">I", header[:4])[0] - packet = header[4:] + self.read_all(packet_size-self.__block_size_in+4, check_rekey=False) + remaining = packet_size - self.__block_size_in + 4 + packet = header[4:] + self.read_all(remaining, check_rekey=False) mac = self.read_all(self.__mac_size_in, check_rekey=False) mac_payload = ( - struct.pack(">II", self.__sequence_number_in, packet_size) - + packet + struct.pack(">II", self.__sequence_number_in, packet_size) + + packet ) my_mac = compute_hmac( self.__mac_key_in, mac_payload, self.__mac_engine_in @@ -474,17 +477,19 @@ class Packetizer(object): if self.__dump_packets: self._log(DEBUG, util.format_binary(header, "IN: ")) - #already computed - packet_size = packet_size if self.__etm_in else struct.unpack(">I", header[:4])[0] + # already computed + packet_size = packet_size if self.__etm_in else \ + struct.unpack(">I", header[:4])[0] # leftover contains decrypted bytes from the first block (after the # length field) - #no leftovers + # no leftovers if not self.__etm_in: leftover = header[4:] if (packet_size - len(leftover)) % self.__block_size_in != 0: raise SSHException("Invalid packet blocking") - buf = self.read_all(packet_size + self.__mac_size_in - len(leftover)) + buf = self.read_all(packet_size + self.__mac_size_in + - len(leftover)) packet = buf[: packet_size - len(leftover)] post_packet = buf[packet_size - len(leftover) :] @@ -493,7 +498,7 @@ class Packetizer(object): packet = leftover + packet else: - #already decrypted everything above + # already decrypted everything above packet = header if self.__dump_packets: @@ -620,8 +625,10 @@ class Packetizer(object): def _build_packet(self, payload): # pad up at least 4 bytes, to nearest block-size (usually 8) bsize = self.__block_size_out - # do not include payload length in computations for padding in EtM mode (payload lenght won't be encrypted) - padding = 3 + bsize - ((len(payload) + (4 if self.__etm_out else 8)) % bsize) + # do not include payload length in computations for padding in EtM mode + # (payload length won't be encrypted) + padding = 3 + bsize - ((len(payload) + + (4 if self.__etm_out else 8)) % bsize) packet = struct.pack(">IB", len(payload) + padding + 1, padding) packet += payload if self.__sdctr_out or self.__block_engine_out is None: diff --git a/paramiko/transport.py b/paramiko/transport.py index d7ab0351..66bf22e7 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -152,10 +152,10 @@ class Transport(threading.Thread, ClosingContextManager): "3des-cbc", ) _preferred_macs = ( - "hmac-sha2-256-etm@openssh.com", - "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", + "hmac-sha2-256-etm@openssh.com", + "hmac-sha2-512-etm@openssh.com", "hmac-sha1", "hmac-md5", "hmac-sha1-96", -- cgit v1.2.3