Hello community,
here is the log from the commit of package cnetworkmanager for openSUSE:Factory
checked in at Thu Mar 5 16:40:06 CET 2009.
--------
--- cnetworkmanager/cnetworkmanager.changes 2008-11-22 20:27:35.000000000 +0100
+++ /mounts/work_src_done/STABLE/cnetworkmanager/cnetworkmanager.changes 2009-03-05 15:52:27.000000000 +0100
@@ -1,0 +2,15 @@
+Thu Mar 05 13:33:31 CET 2009 - mvidner@suse.cz
+
+- v0.8.3
+- Fix: secrets leak via o.fd.NMS.Connection.Secrets (bnc#479566, CVE-2009-0365)
+- Fix: secrets leak via o.fd.NMS.Connection.GetSettings (bnc#479566#c3)
+
+-------------------------------------------------------------------
+Mon Mar 02 13:33:33 CET 2009 - mvidner@suse.cz
+
+- v0.8.2
+- New: --wpa-pass
+- Fix: connecting to unsecured WEP
+- Fix: do not crash when inspecting wired, 802-1x, NM 0.7.0 API
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
cnetworkmanager-0.8.tar.gz
New:
----
cnetworkmanager-0.8.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cnetworkmanager.spec ++++++
--- /var/tmp/diff_new_pack.u20262/_old 2009-03-05 16:39:00.000000000 +0100
+++ /var/tmp/diff_new_pack.u20262/_new 2009-03-05 16:39:00.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package cnetworkmanager (Version 0.8)
+# spec file for package cnetworkmanager (Version 0.8.3)
#
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,8 +18,8 @@
Name: cnetworkmanager
-Version: 0.8
-Release: 2
+Version: 0.8.3
+Release: 1
Summary: Command-line client for NetworkManager
License: GPL v2 or later
Url: http://vidner.net/martin/software/cnetworkmanager/
@@ -55,10 +55,22 @@
%files
%defattr(-,root,root)
/usr/bin/cnetworkmanager
+/usr/share/cnetworkmanager/cnetworkmanager
+/usr/share/cnetworkmanager/pbkdf2.py
/etc/dbus-1/system.d/cnetworkmanager.conf
+/etc/dbus-1/system.d/cnetworkmanager-06.conf
%doc /usr/share/doc/packages/cnetworkmanager
%changelog
+* Thu Mar 05 2009 mvidner@suse.cz
+- v0.8.3
+- Fix: secrets leak via o.fd.NMS.Connection.Secrets (bnc#479566, CVE-2009-0365)
+- Fix: secrets leak via o.fd.NMS.Connection.GetSettings (bnc#479566#c3)
+* Mon Mar 02 2009 mvidner@suse.cz
+- v0.8.2
+- New: --wpa-pass
+- Fix: connecting to unsecured WEP
+- Fix: do not crash when inspecting wired, 802-1x, NM 0.7.0 API
* Sat Nov 22 2008 coolo@suse.de
- buildrequire dbus-1 to fix file list check
* Tue Nov 18 2008 mvidner@suse.cz
++++++ cnetworkmanager-0.8.tar.gz -> cnetworkmanager-0.8.3.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cnetworkmanager-0.8/cnetworkmanager new/cnetworkmanager-0.8.3/cnetworkmanager
--- old/cnetworkmanager-0.8/cnetworkmanager 2008-11-18 18:16:18.000000000 +0100
+++ new/cnetworkmanager-0.8.3/cnetworkmanager 2009-03-05 15:48:44.000000000 +0100
@@ -3,11 +3,17 @@
# by: http://en.opensuse.org/User:Mvidner
# license: http://www.gnu.org/licenses/gpl-2.0.html or later
-VERSION = "0.8"
+VERSION = "0.8.3"
print "cnetworkmanager %s - Command Line Interface for NetworkManager" % VERSION
norpm = False
import sys
+# find other modules in our prefix, if specified
+if len(sys.argv) > 2 and sys.argv[1] == "--prefix":
+ prefix = sys.argv[2]
+ sys.argv[1:] = sys.argv[3:]
+ sys.path.append(prefix + "/share/cnetworkmanager");
+
import os
import string
import re
@@ -15,6 +21,8 @@
import uuid
import math
import hashlib
+import pbkdf2
+from binascii import hexlify
import ConfigParser # knm config
from optparse import OptionParser
try:
@@ -225,7 +233,7 @@
print self.opath
co = bus.get_object(NMC, self.opath)
copi = dbus.Interface(co, PI)
- for P in ["ServiceName", "Connection", "SharedServiceName", "SharedConnection", "SpecificObject",]:
+ for P in ["ServiceName", "Connection", "SpecificObject",]:
print " %s: %s" % (P, copi.Get(NMI, P))
devs = copi.Get(NMI, "Devices")
print " Devices:"
@@ -278,16 +286,10 @@
addrs = pi.Get(NMI, "Addresses")
for addr in addrs:
print " %s/%s via %s" % tuple(map(self.ip_str, addr))
- hn = pi.Get(NMI, "Hostname")
- print " Hostname:", hn
nss = pi.Get(NMI, "Nameservers")
print " Nameservers:", " ".join(map(self.ip_str, nss))
doms = pi.Get(NMI, "Domains")
print " Domains:", " ".join(doms)
- nisd = pi.Get(NMI, "NisDomain")
- print " NisDomain:", nisd
- niss = pi.Get(NMI, "NisServers")
- print " NisServers:", " ".join(map(self.ip_str, niss))
NM_DEVICE_CAP = {1: "NM_SUPPORTED", 2: "CARRIER_DETECT", 4: "SCANNING", }
@@ -647,7 +649,6 @@
def Dump(self):
print "Conn:", self.opath
- print " Id:", self.ci.GetID()
settings = self.Settings()
settings.Dump()
@@ -655,9 +656,13 @@
security = settings.Security()
if security != "":
print " SECRETS:", security
- # TODO merge them
- secrets = cSettings(si.GetSecrets(security,[],False))
- secrets.Dump()
+ try:
+ # TODO merge them
+ secrets = cSettings(si.GetSecrets(security,[],False))
+ secrets.Dump()
+ except dbus.exceptions.DBusException, e:
+ print e
+ print " FIXME figure out 802-1x secrets"
def Settings(self):
return cSettings(self.ci.GetSettings())
@@ -724,9 +729,12 @@
return self.conmap["connection"]["id"]
def Ssid(self):
- s = self.conmap["802-11-wireless"]["ssid"]
- #print s
- return s
+ try:
+ return self.conmap["802-11-wireless"]["ssid"]
+ except KeyError:
+ pass
+ # probably 802-3-ethernet
+ return ""
def Timestamp(self):
try:
@@ -830,10 +838,6 @@
'802-11-wireless': {
'ssid': dbus.ByteArray(ssid),
'mode': 'infrastructure',
- 'security': '802-11-wireless-security',
- },
- '802-11-wireless-security': {
- 'key-mgmt': 'none',
},
}
@@ -850,6 +854,8 @@
def mkconmap_wep_pass(ssid, key):
cm = mkconmap_wifi(ssid)
+ cm["802-11-wireless"]["security"] = "802-11-wireless-security"
+ cm["802-11-wireless-security"] = {}
cm["802-11-wireless-security"]["key-mgmt"] = "none"
cm["802-11-wireless-security"]["wep-tx-keyidx"] = 0
cm["802-11-wireless-security"]["wep-key0"] = wep_passphrase_to_hash(key)
@@ -864,9 +870,12 @@
def mkconmap_psk(ssid, key):
cm = mkconmap_wifi(ssid)
+ cm["802-11-wireless"]["security"] = "802-11-wireless-security"
+ cm["802-11-wireless-security"] = {}
cm["802-11-wireless-security"]["key-mgmt"] = "wpa-psk"
- cm["802-11-wireless-security"]["wep-tx-keyidx"] = 0
cm["802-11-wireless-security"]["psk"] = key
+ cm["802-11-wireless-security"]["group"] = ["tkip", "ccmp"]
+ cm["802-11-wireless-security"]["pairwise"] = ["tkip", "ccmp"]
return cm
@@ -996,11 +1005,19 @@
self.settings = cSettings(conmap)
@dbus.service.method(dbus_interface='org.freedesktop.NetworkManagerSettings.Connection',
+ sender_keyword='sender',
in_signature='', out_signature='a{sa{sv}}')
- def GetSettings(self):
+ def GetSettings(self, sender):
#print "Getting settings:", self. __dbus_object_path__
# return self.settings.ConMap()
# grr, censoring secrets makes NM complain!?
+ # bnc#479566#c3: Until I figure out how to make it work with
+ # censored secrets, only pass the settings to the same user.
+ sender_uid = bus.get_unix_user(sender)
+ if sender_uid != 0 and sender_uid != os.geteuid():
+ e = "User %u is not permitted to read the settings" % sender_uid
+ print e
+ raise dbus.exceptions.DBusException(e) # could do NM_SETTINGS_ERROR_* instead
return self.settings.conmap
@dbus.service.method(dbus_interface='org.freedesktop.NetworkManagerSettings.Connection.Secrets',
@@ -1219,6 +1236,9 @@
op.add_option("--wpa-psk-hex",
metavar="KEY",
help="use this WPA key of 64 hex digits")
+op.add_option("--wpa-pass",
+ metavar="KEY",
+ help="use this WPA passphrase")
op.add_option("-m", "--monitor",
action="store_true", default=False,
help="loop to show dbus signals")
@@ -1340,6 +1360,11 @@
if options.wpa_psk_hex != None:
c = mkconmap_psk(options.connect, options.wpa_psk_hex)
us.addCon(c)
+ if options.wpa_pass != None:
+ wpa_psk_hex = hexlify(pbkdf2.pbkdf2(options.wpa_pass, options.connect, 4096, 32))
+ print "pbkdf2", wpa_psk_hex
+ c = mkconmap_psk(options.connect, wpa_psk_hex)
+ us.addCon(c)
if Connect(options.connect):
LOOP = True
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cnetworkmanager-0.8/cnetworkmanager-06.conf new/cnetworkmanager-0.8.3/cnetworkmanager-06.conf
--- old/cnetworkmanager-0.8/cnetworkmanager-06.conf 1970-01-01 01:00:00.000000000 +0100
+++ new/cnetworkmanager-0.8.3/cnetworkmanager-06.conf 2009-03-05 15:48:44.000000000 +0100
@@ -0,0 +1,40 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManagerInfo"/>
+
+ <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
+ <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
+ </policy>
+ <policy at_console="true">
+ <allow own="org.freedesktop.NetworkManagerInfo"/>
+
+ <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
+ <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
+
+ <!-- Only root can get keys -->
+
+
+
+
+
+
+ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManagerInfo"/>
+
+ <deny send_destination="org.freedesktop.NetworkManagerInfo"/>
+ <deny send_interface="org.freedesktop.NetworkManagerInfo"/>
+ </policy>
+
+ <limit name="max_replies_per_connection">512</limit>
+</busconfig>
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cnetworkmanager-0.8/cnetworkmanager.conf new/cnetworkmanager-0.8.3/cnetworkmanager.conf
--- old/cnetworkmanager-0.8/cnetworkmanager.conf 2008-11-18 18:16:18.000000000 +0100
+++ new/cnetworkmanager-0.8.3/cnetworkmanager.conf 2009-03-05 15:48:44.000000000 +0100
@@ -1,43 +1,28 @@
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-
<busconfig>
- <policy user="root">
- <allow own="org.freedesktop.NetworkManagerInfo"/>
- <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
- <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
-
+ <policy user="root">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
- <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
- <allow send_interface="org.freedesktop.NetworkManagerSettings"/>
- <!-- Only root can get secrets -->
- <allow send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
- </policy>
- <policy at_console="true">
- <allow own="org.freedesktop.NetworkManagerInfo"/>
- <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
- <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
+ <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
+ </policy>
+ <policy at_console="true">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
+
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
- <allow send_interface="org.freedesktop.NetworkManagerSettings"/>
- <!-- Only root can get secrets -->
- <deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.NetworkManagerInfo"/>
- <deny send_destination="org.freedesktop.NetworkManagerInfo"/>
- <deny send_interface="org.freedesktop.NetworkManagerInfo"/>
- <deny own="org.freedesktop.NetworkManagerUserSettings"/>
- <deny send_destination="org.freedesktop.NetworkManagerUserSettings"/>
- <deny send_interface="org.freedesktop.NetworkManagerSettings"/>
<!-- Only root can get secrets -->
- <deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
- </policy>
+
+ </policy>
+ <policy context="default">
+ <deny send_destination="org.freedesktop.NetworkManagerUserSettings"/>
+
+
+ </policy>
+
+ <limit name="max_replies_per_connection">512</limit>
</busconfig>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cnetworkmanager-0.8/cnetworkmanager-proxy.in new/cnetworkmanager-0.8.3/cnetworkmanager-proxy.in
--- old/cnetworkmanager-0.8/cnetworkmanager-proxy.in 1970-01-01 01:00:00.000000000 +0100
+++ new/cnetworkmanager-0.8.3/cnetworkmanager-proxy.in 2009-03-05 15:48:44.000000000 +0100
@@ -0,0 +1,3 @@
+#!/bin/sh
+# @configure_input@
+exec @PREFIX@/share/@PACKAGE@/@PACKAGE@ --prefix "@PREFIX@" "$@"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cnetworkmanager-0.8/cnetworkmanager.spec new/cnetworkmanager-0.8.3/cnetworkmanager.spec
--- old/cnetworkmanager-0.8/cnetworkmanager.spec 2008-11-18 18:16:18.000000000 +0100
+++ new/cnetworkmanager-0.8.3/cnetworkmanager.spec 2009-03-05 15:48:44.000000000 +0100
@@ -1,23 +1,40 @@
+#
+# spec file for package cnetworkmanager (Version 0.8)
+#
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+
Name: cnetworkmanager
-Version: 0.8
+Version: 0.8.3
Release: 1
Summary: Command-line client for NetworkManager
-License: GPL
-URL: http://vidner.net/martin/software/cnetworkmanager/
+License: GPL v2 or later
+Url: http://vidner.net/martin/software/cnetworkmanager/
Group: Productivity/Networking/System
-Requires: dbus-1-python python-gobject2
-BuildRoot: %{_tmppath}/%{name}-root
-BuildArch: noarch
-Source: %{name}-%{version}.tar.gz
+BuildRequires: dbus-1
+Requires: dbus-1-python python-gobject2
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildArch: noarch
+Source: %{name}-%{version}.tar.gz
%description
+Cnetworkmanager is a command-line client for NetworkManager, intended
+to supplement and replace the GUI applets.
-Cnetworkmanager is a command-line client for NetworkManager,
-intended to supplement and replace the GUI applets.
-Authors:
---------
- Martin Vidner
%prep
%setup
@@ -30,7 +47,6 @@
make install DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr sysconfdir=/etc
%check
-
# nothing
%clean
@@ -39,10 +55,23 @@
%files
%defattr(-,root,root)
/usr/bin/cnetworkmanager
+/usr/share/cnetworkmanager/cnetworkmanager
+/usr/share/cnetworkmanager/pbkdf2.py
/etc/dbus-1/system.d/cnetworkmanager.conf
+/etc/dbus-1/system.d/cnetworkmanager-06.conf
%doc /usr/share/doc/packages/cnetworkmanager
%changelog
-
-* Fri Nov 07 2008 - Martin Vidner
-- Initial packaging
+* Thu Mar 05 2009 mvidner@suse.cz
+- v0.8.3
+- Fix: secrets leak via o.fd.NMS.Connection.Secrets (CVE-2009-0365)
+- Fix: secrets leak via o.fd.NMS.Connection.GetSettings (bnc#479566#c3)
+* Sat Nov 22 2008 coolo@suse.de
+- buildrequire dbus-1 to fix file list check
+* Tue Nov 18 2008 mvidner@suse.cz
+- v0.8
+- New: --wep-pass
+- New: if there is another applet, report its pid
+- Fix: do not rely on DBus config from GUI applets
+* Fri Nov 07 2008 mvidner@suse.cz
+- initial packaging
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cnetworkmanager-0.8/Makefile new/cnetworkmanager-0.8.3/Makefile
--- old/cnetworkmanager-0.8/Makefile 2008-11-18 18:16:18.000000000 +0100
+++ new/cnetworkmanager-0.8.3/Makefile 2009-03-05 15:48:44.000000000 +0100
@@ -1,29 +1,47 @@
PACKAGE=cnetworkmanager
-VERSION=0.8
+VERSION=0.8.3
PREFIX=/usr/local
bindir=${PREFIX}/bin
+pkgdatadir=${PREFIX}/share/${PACKAGE}
sysconfdir=${PREFIX}/etc
dbusdir=${sysconfdir}/dbus-1/system.d
docdir=${PREFIX}/share/doc/packages/${PACKAGE}
-bin_SCRIPTS=cnetworkmanager
-dbus_DATA=cnetworkmanager.conf
+nodist_bin_SCRIPTS=cnetworkmanager-proxy
+pkgdata_SCRIPTS=cnetworkmanager
+pkgdata_DATA=pbkdf2.py
+dbus_DATA=cnetworkmanager.conf cnetworkmanager-06.conf
doc_DATA=README NEWS COPYING
+EXTRA_DIST=cnetworkmanager-proxy.in
all:
+ for IN in cnetworkmanager-proxy.in; do \
+ OUT=$${IN%.in}; \
+ sed \
+ -e "s|@configure_input@|$$OUT. Generated from $$IN by bikemake.|g" \
+ -e 's|@PREFIX@|${PREFIX}|g' \
+ -e 's|@PACKAGE@|${PACKAGE}|g' \
+ <$$IN >$$OUT ;\
+ done
install:
install -d ${DESTDIR}${bindir}
- install -t ${DESTDIR}${bindir} ${bin_SCRIPTS}
+ install -T cnetworkmanager-proxy ${DESTDIR}${bindir}/cnetworkmanager
+ install -d ${DESTDIR}${pkgdatadir}
+ install -t ${DESTDIR}${pkgdatadir} ${pkgdata_SCRIPTS}
+ install -d ${DESTDIR}${pkgdatadir}
+ install -t ${DESTDIR}${pkgdatadir} -m644 ${pkgdata_DATA}
install -d ${DESTDIR}${dbusdir}
install -t ${DESTDIR}${dbusdir} -m644 ${dbus_DATA}
install -d ${DESTDIR}${docdir}
install -t ${DESTDIR}${docdir} -m644 ${doc_DATA}
dist:
+ rm -rf ${PACKAGE}-${VERSION}
mkdir -p ${PACKAGE}-${VERSION}
- cp -t ${PACKAGE}-${VERSION} ${PACKAGE}.spec Makefile ${bin_SCRIPTS} ${dbus_DATA} ${doc_DATA}
+ cp -t ${PACKAGE}-${VERSION} ${PACKAGE}.spec Makefile ${pkgdata_SCRIPTS} ${pkgdata_DATA} ${dbus_DATA} ${doc_DATA} ${EXTRA_DIST}
tar cvfz ${PACKAGE}-${VERSION}.tar.gz ${PACKAGE}-${VERSION}
+ rm -rf ${PACKAGE}-${VERSION}
# bikemake: serves similar purpose as automake, but is much less resource hungry
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cnetworkmanager-0.8/NEWS new/cnetworkmanager-0.8.3/NEWS
--- old/cnetworkmanager-0.8/NEWS 2008-11-18 18:16:18.000000000 +0100
+++ new/cnetworkmanager-0.8.3/NEWS 2009-03-05 15:48:44.000000000 +0100
@@ -1,3 +1,12 @@
+0.8.3, Thu 2009-03-05
+Fix: secrets leak via o.fd.NMS.Connection.Secrets (CVE-2009-0365)
+Fix: secrets leak via o.fd.NMS.Connection.GetSettings (bnc#479566#c3)
+
+0.8.2, Mon 2009-03-02
+New: --wpa-pass
+Fix: connecting to unsecured WEP
+Fix: do not crash when inspecting wired, 802-1x, NM 0.7.0 API
+
0.8, Fri 2008-11-14
New: --wep-pass
New: if there is another applet, report its pid
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cnetworkmanager-0.8/pbkdf2.py new/cnetworkmanager-0.8.3/pbkdf2.py
--- old/cnetworkmanager-0.8/pbkdf2.py 1970-01-01 01:00:00.000000000 +0100
+++ new/cnetworkmanager-0.8.3/pbkdf2.py 2009-03-05 15:48:44.000000000 +0100
@@ -0,0 +1,103 @@
+#!/usr/bin/env python
+
+# A simple implementation of pbkdf2 using stock python modules. See RFC2898
+# for details. Basically, it derives a key from a password and salt.
+
+# (c) 2004 Matt Johnston
+# This code may be freely used and modified for any purpose.
+
+# Revision history
+# v0.1 October 2004 - Initial release
+# v0.2 8 March 2007 - Make usable with hashlib in Python 2.5 and use
+# v0.3 "" the correct digest_size rather than always 20
+
+import sys
+import hmac
+from binascii import hexlify, unhexlify
+from struct import pack
+try:
+ # only in python 2.5
+ import hashlib
+ sha = hashlib.sha1
+ md5 = hashlib.md5
+ sha256 = hashlib.sha256
+except ImportError:
+ # fallback
+ import sha
+ import md5
+
+# this is what you want to call.
+def pbkdf2( password, salt, itercount, keylen, hashfn = sha ):
+ try:
+ # depending whether the hashfn is from hashlib or sha/md5
+ digest_size = hashfn().digest_size
+ except TypeError:
+ digest_size = hashfn.digest_size
+ # l - number of output blocks to produce
+ l = keylen / digest_size
+ if keylen % digest_size != 0:
+ l += 1
+
+ h = hmac.new( password, None, hashfn )
+
+ T = ""
+ for i in range(1, l+1):
+ T += pbkdf2_F( h, salt, itercount, i )
+
+ return T[0: keylen]
+
+def xorstr( a, b ):
+ if len(a) != len(b):
+ raise "xorstr(): lengths differ"
+
+ ret = ''
+ for i in range(len(a)):
+ ret += chr(ord(a[i]) ^ ord(b[i]))
+
+ return ret
+
+def prf( h, data ):
+ hm = h.copy()
+ hm.update( data )
+ return hm.digest()
+
+# Helper as per the spec. h is a hmac which has been created seeded with the
+# password, it will be copy()ed and not modified.
+def pbkdf2_F( h, salt, itercount, blocknum ):
+ U = prf( h, salt + pack('>i',blocknum ) )
+ T = U
+
+ for i in range(2, itercount+1):
+ U = prf( h, U )
+ T = xorstr( T, U )
+
+ return T
+
+
+def test():
+ # test vector from rfc3211
+ password = 'password'
+ salt = unhexlify( '1234567878563412' )
+ password = 'All n-entities must communicate with other n-entities via n-1 entiteeheehees'
+ itercount = 500
+ keylen = 16
+ ret = pbkdf2( password, salt, itercount, keylen )
+ hexret = ' '.join(map(lambda c: '%02x' % ord(c), ret)).upper()
+ print "key: %s" % hexret
+ print "expected: 6A 89 70 BF 68 C9 2C AE A8 4A 8D F2 85 10 85 86"
+
+ # from botan
+ password = unhexlify('6561696D72627A70636F706275736171746B6D77')
+ expect = 'C9A0B2622F13916036E29E7462E206E8BA5B50CE9212752EB8EA2A4AA7B40A4CC1BF'
+ salt = unhexlify('45248F9D0CEBCB86A18243E76C972A1F3B36772A')
+ keylen = 34
+ itercount = 100
+ ret = pbkdf2( password, salt, itercount, keylen )
+ hexret = hexlify(ret).upper()
+ print "key: %s" % hexret
+ print "expected: %s" % expect
+
+
+
+if __name__ == '__main__':
+ test()
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org