home *** CD-ROM | disk | FTP | other *** search
- # Source Generated with Decompyle++
- # File: in.pyo (Python 2.6)
-
- import hmac
- import struct
- import dns.exception as dns
- import dns.rdataclass as dns
- import dns.name as dns
-
- class BadTime(dns.exception.DNSException):
- pass
-
-
- class BadSignature(dns.exception.DNSException):
- pass
-
-
- class PeerError(dns.exception.DNSException):
- pass
-
-
- class PeerBadKey(PeerError):
- pass
-
-
- class PeerBadSignature(PeerError):
- pass
-
-
- class PeerBadTime(PeerError):
- pass
-
-
- class PeerBadTruncation(PeerError):
- pass
-
- default_algorithm = 'HMAC-MD5.SIG-ALG.REG.INT'
- BADSIG = 16
- BADKEY = 17
- BADTIME = 18
- BADTRUNC = 22
-
- def sign(wire, keyname, secret, time, fudge, original_id, error, other_data, request_mac, ctx = None, multi = False, first = True, algorithm = default_algorithm):
- (algorithm_name, digestmod) = get_algorithm(algorithm)
- if first:
- ctx = hmac.new(secret, digestmod = digestmod)
- ml = len(request_mac)
- if ml > 0:
- ctx.update(struct.pack('!H', ml))
- ctx.update(request_mac)
-
-
- id = struct.pack('!H', original_id)
- ctx.update(id)
- ctx.update(wire[2:])
- if first:
- ctx.update(keyname.to_digestable())
- ctx.update(struct.pack('!H', dns.rdataclass.ANY))
- ctx.update(struct.pack('!I', 0))
-
- long_time = time + 0x0L
- upper_time = long_time >> 32 & 0xFFFFL
- lower_time = long_time & 0xFFFFFFFFL
- time_mac = struct.pack('!HIH', upper_time, lower_time, fudge)
- pre_mac = algorithm_name + time_mac
- ol = len(other_data)
- if ol > 65535:
- raise ValueError('TSIG Other Data is > 65535 bytes')
- ol > 65535
- post_mac = struct.pack('!HH', error, ol) + other_data
- if first:
- ctx.update(pre_mac)
- ctx.update(post_mac)
- else:
- ctx.update(time_mac)
- mac = ctx.digest()
- mpack = struct.pack('!H', len(mac))
- tsig_rdata = pre_mac + mpack + mac + id + post_mac
- if multi:
- ctx = hmac.new(secret)
- ml = len(mac)
- ctx.update(struct.pack('!H', ml))
- ctx.update(mac)
- else:
- ctx = None
- return (tsig_rdata, mac, ctx)
-
-
- def hmac_md5(wire, keyname, secret, time, fudge, original_id, error, other_data, request_mac, ctx = None, multi = False, first = True, algorithm = default_algorithm):
- return sign(wire, keyname, secret, time, fudge, original_id, error, other_data, request_mac, ctx, multi, first, algorithm)
-
-
- def validate(wire, keyname, secret, now, request_mac, tsig_start, tsig_rdata, tsig_rdlen, ctx = None, multi = False, first = True):
- (adcount,) = struct.unpack('!H', wire[10:12])
- if adcount == 0:
- raise dns.exception.FormError
- adcount == 0
- adcount -= 1
- new_wire = wire[0:10] + struct.pack('!H', adcount) + wire[12:tsig_start]
- current = tsig_rdata
- (aname, used) = dns.name.from_wire(wire, current)
- current = current + used
- (upper_time, lower_time, fudge, mac_size) = struct.unpack('!HIHH', wire[current:current + 10])
- time = (upper_time + 0x0L << 32) + lower_time + 0x0L
- current += 10
- mac = wire[current:current + mac_size]
- current += mac_size
- (original_id, error, other_size) = struct.unpack('!HHH', wire[current:current + 6])
- current += 6
- other_data = wire[current:current + other_size]
- current += other_size
- if current != tsig_rdata + tsig_rdlen:
- raise dns.exception.FormError
- current != tsig_rdata + tsig_rdlen
- if error != 0:
- if error == BADSIG:
- raise PeerBadSignature
- error == BADSIG
- if error == BADKEY:
- raise PeerBadKey
- error == BADKEY
- if error == BADTIME:
- raise PeerBadTime
- error == BADTIME
- if error == BADTRUNC:
- raise PeerBadTruncation
- error == BADTRUNC
- raise PeerError('unknown TSIG error code %d' % error)
- error != 0
- time_low = time - fudge
- time_high = time + fudge
- if now < time_low or now > time_high:
- raise BadTime
- now > time_high
- (junk, our_mac, ctx) = sign(new_wire, keyname, secret, time, fudge, original_id, error, other_data, request_mac, ctx, multi, first, aname)
- if our_mac != mac:
- raise BadSignature
- our_mac != mac
- return ctx
-
-
- def get_algorithm(algorithm):
- hashes = { }
-
- try:
- import hashlib
- hashes[dns.name.from_text('hmac-sha224')] = hashlib.sha224
- hashes[dns.name.from_text('hmac-sha256')] = hashlib.sha256
- hashes[dns.name.from_text('hmac-sha384')] = hashlib.sha384
- hashes[dns.name.from_text('hmac-sha512')] = hashlib.sha512
- hashes[dns.name.from_text('hmac-sha1')] = hashlib.sha1
- hashes[dns.name.from_text('HMAC-MD5.SIG-ALG.REG.INT')] = hashlib.md5
- import sys
- if sys.hexversion < 33882112:
-
- class HashlibWrapper:
-
- def __init__(self, basehash):
- self.basehash = basehash
- self.digest_size = self.basehash().digest_size
-
-
- def new(self, *args, **kwargs):
- return self.basehash(*args, **kwargs)
-
-
- for name in hashes:
- hashes[name] = HashlibWrapper(hashes[name])
-
- except ImportError:
- import md5
- import sha
- hashes[dns.name.from_text('HMAC-MD5.SIG-ALG.REG.INT')] = md5.md5
- hashes[dns.name.from_text('hmac-sha1')] = sha.sha
-
- if isinstance(algorithm, (str, unicode)):
- algorithm = dns.name.from_text(algorithm)
-
- if algorithm in hashes:
- return (algorithm.to_digestable(), hashes[algorithm])
- raise NotImplementedError('TSIG algorithm ' + str(algorithm) + ' is not supported')
-
-