# Copyright (C) 2003-2007 Robey Pointer <robeypointer@gmail.com>
#
# This file is part of paramiko.
#
# Paramiko is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Paramiko; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
"""
Utility functions for dealing with primes.
"""
import os
from paramiko import util
from paramiko.py3compat import byte_mask, long
from paramiko.ssh_exception import SSHException
def _roll_random(n):
"""returns a random # from 0 to N-1"""
bits = util.bit_length(n - 1)
byte_count = (bits + 7) // 8
hbyte_mask = pow(2, bits % 8) - 1
# so here's the plan:
# we fetch as many random bits as we'd need to fit N-1, and if the
# generated number is >= N, we try again. in the worst case (N-1 is a
# power of 2), we have slightly better than 50% odds of getting one that
# fits, so i can't guarantee that this loop will ever finish, but the odds
# of it looping forever should be infinitesimal.
while True:
x = os.urandom(byte_count)
if hbyte_mask > 0:
x = byte_mask(x[0], hbyte_mask) + x[1:]
num = util.inflate_long(x, 1)
if num < n:
break
return num
class ModulusPack(object):
"""
convenience object for holding the contents of the /etc/ssh/moduli file,
on systems that have such a file.
"""
def __init__(self):
# pack is a hash of: bits -> [ (generator, modulus) ... ]
self.pack = {}
self.discarded = []
def _parse_modulus(self, line):
(
timestamp,
mod_type,
tests,
tries,
size,
generator,
modulus,
) = line.split()
mod_type = int(mod_type)
tests = int(tests)
tries = int(tries)
size = int(size)
generator = int(generator)
modulus = long(modulus, 16)
# weed out primes that aren't at least:
# type 2 (meets basic structural requirements)
# test 4 (more than just a small-prime sieve)
# tries < 100 if test & 4 (at least 100 tries of miller-rabin)
if (
mod_type < 2
or tests < 4
or (tests & 4 and tests < 8 and tries < 100)
):
self.discarded.append(
(modulus, "does not meet basic requirements")
)
return
if generator == 0:
generator = 2
# there's a bug in the ssh "moduli" file (yeah, i know: shock! dismay!
# call cnn!) where it understates the bit lengths of these primes by 1.
# this is okay.
bl = util.bit_length(modulus)
if (bl != size) and (bl != size + 1):
self.discarded.append(
(modulus, "incorrectly reported bit length {}".format(size))
)
return
if bl not in self.pack:
self.pack[bl] = []
self.pack[bl].append((generator, modulus))
def read_file(self, filename):
"""
:raises IOError: passed from any file operations that fail.
"""
self.pack = {}
with open(filename, "r") as f:
for line in f:
line = line.strip()
if (len(line) == 0) or (line[0] == "#"):
continue
try:
self._parse_modulus(line)
except:
continue
def get_modulus(self, min, prefer, max):
bitsizes = sorted(self.pack.keys())
if len(bitsizes) == 0:
raise SSHException("no moduli available")
good = -1
# find nearest bitsize >= preferred
for b in bitsizes:
if (b >= prefer) and (b <= max) and (b < good or good == -1):
good = b
# if that failed, find greatest bitsize >= min
if good == -1:
for b in bitsizes:
if (b >= min) and (b <= max) and (b > good):
good = b
if good == -1:
# their entire (min, max) range has no intersection with our range.
# if their range is below ours, pick the smallest. otherwise pick
# the largest. it'll be out of their range requirement either way,
# but we'll be sending them the closest one we have.
good = bitsizes[0]
if min > good:
good = bitsizes[-1]
# now pick a random modulus of this bitsize
n = _roll_random(len(self.pack[good]))
return self.pack[good][n]
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| __init__.py | File | 3.76 KB | 0644 |
|
| _version.py | File | 80 B | 0644 |
|
| _winapi.py | File | 11.09 KB | 0644 |
|
| agent.py | File | 12.46 KB | 0644 |
|
| auth_handler.py | File | 31.19 KB | 0644 |
|
| ber.py | File | 4.25 KB | 0644 |
|
| buffered_pipe.py | File | 7.29 KB | 0644 |
|
| channel.py | File | 48.18 KB | 0644 |
|
| client.py | File | 31.32 KB | 0644 |
|
| common.py | File | 8.04 KB | 0644 |
|
| compress.py | File | 1.26 KB | 0644 |
|
| config.py | File | 13.17 KB | 0644 |
|
| dsskey.py | File | 7.65 KB | 0644 |
|
| ecdsakey.py | File | 10.1 KB | 0644 |
|
| ed25519key.py | File | 7.84 KB | 0644 |
|
| file.py | File | 19.13 KB | 0644 |
|
| hostkeys.py | File | 12.95 KB | 0644 |
|
| kex_curve25519.py | File | 4.3 KB | 0644 |
|
| kex_ecdh_nist.py | File | 4.86 KB | 0644 |
|
| kex_gex.py | File | 10.06 KB | 0644 |
|
| kex_group1.py | File | 5.6 KB | 0644 |
|
| kex_group14.py | File | 1.79 KB | 0644 |
|
| kex_group16.py | File | 2.23 KB | 0644 |
|
| kex_gss.py | File | 24 KB | 0644 |
|
| message.py | File | 8.8 KB | 0644 |
|
| packet.py | File | 22.13 KB | 0644 |
|
| pipe.py | File | 3.83 KB | 0644 |
|
| pkey.py | File | 21.04 KB | 0644 |
|
| primes.py | File | 5 KB | 0644 |
|
| proxy.py | File | 4.34 KB | 0644 |
|
| py3compat.py | File | 3.71 KB | 0644 |
|
| rsakey.py | File | 5.84 KB | 0644 |
|
| server.py | File | 29.7 KB | 0644 |
|
| sftp.py | File | 5.89 KB | 0644 |
|
| sftp_attr.py | File | 8.15 KB | 0644 |
|
| sftp_client.py | File | 33.4 KB | 0644 |
|
| sftp_file.py | File | 20.1 KB | 0644 |
|
| sftp_handle.py | File | 7.26 KB | 0644 |
|
| sftp_server.py | File | 19.14 KB | 0644 |
|
| sftp_si.py | File | 12.28 KB | 0644 |
|
| ssh_exception.py | File | 6.24 KB | 0644 |
|
| ssh_gss.py | File | 28.22 KB | 0644 |
|
| transport.py | File | 117.68 KB | 0644 |
|
| util.py | File | 8.37 KB | 0644 |
|
| win_pageant.py | File | 4.17 KB | 0644 |
|