| Index: tools/telemetry/third_party/webpagereplay/third_party/dns/tsig.py
|
| diff --git a/tools/telemetry/third_party/webpagereplay/third_party/dns/tsig.py b/tools/telemetry/third_party/webpagereplay/third_party/dns/tsig.py
|
| deleted file mode 100644
|
| index b4deeca859dcaac594acd4733326c17b64f5a4c7..0000000000000000000000000000000000000000
|
| --- a/tools/telemetry/third_party/webpagereplay/third_party/dns/tsig.py
|
| +++ /dev/null
|
| @@ -1,216 +0,0 @@
|
| -# Copyright (C) 2001-2007, 2009, 2010 Nominum, Inc.
|
| -#
|
| -# Permission to use, copy, modify, and distribute this software and its
|
| -# documentation for any purpose with or without fee is hereby granted,
|
| -# provided that the above copyright notice and this permission notice
|
| -# appear in all copies.
|
| -#
|
| -# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
|
| -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
| -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
|
| -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
| -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
| -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
|
| -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
| -
|
| -"""DNS TSIG support."""
|
| -
|
| -import hmac
|
| -import struct
|
| -
|
| -import dns.exception
|
| -import dns.rdataclass
|
| -import dns.name
|
| -
|
| -class BadTime(dns.exception.DNSException):
|
| - """Raised if the current time is not within the TSIG's validity time."""
|
| - pass
|
| -
|
| -class BadSignature(dns.exception.DNSException):
|
| - """Raised if the TSIG signature fails to verify."""
|
| - pass
|
| -
|
| -class PeerError(dns.exception.DNSException):
|
| - """Base class for all TSIG errors generated by the remote peer"""
|
| - pass
|
| -
|
| -class PeerBadKey(PeerError):
|
| - """Raised if the peer didn't know the key we used"""
|
| - pass
|
| -
|
| -class PeerBadSignature(PeerError):
|
| - """Raised if the peer didn't like the signature we sent"""
|
| - pass
|
| -
|
| -class PeerBadTime(PeerError):
|
| - """Raised if the peer didn't like the time we sent"""
|
| - pass
|
| -
|
| -class PeerBadTruncation(PeerError):
|
| - """Raised if the peer didn't like amount of truncation in the TSIG we sent"""
|
| - pass
|
| -
|
| -default_algorithm = "HMAC-MD5.SIG-ALG.REG.INT"
|
| -
|
| -BADSIG = 16
|
| -BADKEY = 17
|
| -BADTIME = 18
|
| -BADTRUNC = 22
|
| -
|
| -def sign(wire, keyname, secret, time, fudge, original_id, error,
|
| - other_data, request_mac, ctx=None, multi=False, first=True,
|
| - algorithm=default_algorithm):
|
| - """Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata
|
| - for the input parameters, the HMAC MAC calculated by applying the
|
| - TSIG signature algorithm, and the TSIG digest context.
|
| - @rtype: (string, string, hmac.HMAC object)
|
| - @raises ValueError: I{other_data} is too long
|
| - @raises NotImplementedError: I{algorithm} is not supported
|
| - """
|
| -
|
| - (algorithm_name, digestmod) = get_algorithm(algorithm)
|
| - if first:
|
| - ctx = hmac.new(secret, digestmod=digestmod)
|
| - ml = len(request_mac)
|
| - if ml > 0:
|
| - ctx.update(struct.pack('!H', ml))
|
| - ctx.update(request_mac)
|
| - id = struct.pack('!H', original_id)
|
| - ctx.update(id)
|
| - ctx.update(wire[2:])
|
| - if first:
|
| - ctx.update(keyname.to_digestable())
|
| - ctx.update(struct.pack('!H', dns.rdataclass.ANY))
|
| - ctx.update(struct.pack('!I', 0))
|
| - long_time = time + 0L
|
| - upper_time = (long_time >> 32) & 0xffffL
|
| - lower_time = long_time & 0xffffffffL
|
| - time_mac = struct.pack('!HIH', upper_time, lower_time, fudge)
|
| - pre_mac = algorithm_name + time_mac
|
| - ol = len(other_data)
|
| - if ol > 65535:
|
| - raise ValueError('TSIG Other Data is > 65535 bytes')
|
| - post_mac = struct.pack('!HH', error, ol) + other_data
|
| - if first:
|
| - ctx.update(pre_mac)
|
| - ctx.update(post_mac)
|
| - else:
|
| - ctx.update(time_mac)
|
| - mac = ctx.digest()
|
| - mpack = struct.pack('!H', len(mac))
|
| - tsig_rdata = pre_mac + mpack + mac + id + post_mac
|
| - if multi:
|
| - ctx = hmac.new(secret)
|
| - ml = len(mac)
|
| - ctx.update(struct.pack('!H', ml))
|
| - ctx.update(mac)
|
| - else:
|
| - ctx = None
|
| - return (tsig_rdata, mac, ctx)
|
| -
|
| -def hmac_md5(wire, keyname, secret, time, fudge, original_id, error,
|
| - other_data, request_mac, ctx=None, multi=False, first=True,
|
| - algorithm=default_algorithm):
|
| - return sign(wire, keyname, secret, time, fudge, original_id, error,
|
| - other_data, request_mac, ctx, multi, first, algorithm)
|
| -
|
| -def validate(wire, keyname, secret, now, request_mac, tsig_start, tsig_rdata,
|
| - tsig_rdlen, ctx=None, multi=False, first=True):
|
| - """Validate the specified TSIG rdata against the other input parameters.
|
| -
|
| - @raises FormError: The TSIG is badly formed.
|
| - @raises BadTime: There is too much time skew between the client and the
|
| - server.
|
| - @raises BadSignature: The TSIG signature did not validate
|
| - @rtype: hmac.HMAC object"""
|
| -
|
| - (adcount,) = struct.unpack("!H", wire[10:12])
|
| - if adcount == 0:
|
| - raise dns.exception.FormError
|
| - adcount -= 1
|
| - new_wire = wire[0:10] + struct.pack("!H", adcount) + wire[12:tsig_start]
|
| - current = tsig_rdata
|
| - (aname, used) = dns.name.from_wire(wire, current)
|
| - current = current + used
|
| - (upper_time, lower_time, fudge, mac_size) = \
|
| - struct.unpack("!HIHH", wire[current:current + 10])
|
| - time = ((upper_time + 0L) << 32) + (lower_time + 0L)
|
| - current += 10
|
| - mac = wire[current:current + mac_size]
|
| - current += mac_size
|
| - (original_id, error, other_size) = \
|
| - struct.unpack("!HHH", wire[current:current + 6])
|
| - current += 6
|
| - other_data = wire[current:current + other_size]
|
| - current += other_size
|
| - if current != tsig_rdata + tsig_rdlen:
|
| - raise dns.exception.FormError
|
| - if error != 0:
|
| - if error == BADSIG:
|
| - raise PeerBadSignature
|
| - elif error == BADKEY:
|
| - raise PeerBadKey
|
| - elif error == BADTIME:
|
| - raise PeerBadTime
|
| - elif error == BADTRUNC:
|
| - raise PeerBadTruncation
|
| - else:
|
| - raise PeerError('unknown TSIG error code %d' % error)
|
| - time_low = time - fudge
|
| - time_high = time + fudge
|
| - if now < time_low or now > time_high:
|
| - raise BadTime
|
| - (junk, our_mac, ctx) = sign(new_wire, keyname, secret, time, fudge,
|
| - original_id, error, other_data,
|
| - request_mac, ctx, multi, first, aname)
|
| - if (our_mac != mac):
|
| - raise BadSignature
|
| - return ctx
|
| -
|
| -def get_algorithm(algorithm):
|
| - """Returns the wire format string and the hash module to use for the
|
| - specified TSIG algorithm
|
| -
|
| - @rtype: (string, hash constructor)
|
| - @raises NotImplementedError: I{algorithm} is not supported
|
| - """
|
| -
|
| - hashes = {}
|
| - try:
|
| - import hashlib
|
| - hashes[dns.name.from_text('hmac-sha224')] = hashlib.sha224
|
| - hashes[dns.name.from_text('hmac-sha256')] = hashlib.sha256
|
| - hashes[dns.name.from_text('hmac-sha384')] = hashlib.sha384
|
| - hashes[dns.name.from_text('hmac-sha512')] = hashlib.sha512
|
| - hashes[dns.name.from_text('hmac-sha1')] = hashlib.sha1
|
| - hashes[dns.name.from_text('HMAC-MD5.SIG-ALG.REG.INT')] = hashlib.md5
|
| -
|
| - import sys
|
| - if sys.hexversion < 0x02050000:
|
| - # hashlib doesn't conform to PEP 247: API for
|
| - # Cryptographic Hash Functions, which hmac before python
|
| - # 2.5 requires, so add the necessary items.
|
| - class HashlibWrapper:
|
| - def __init__(self, basehash):
|
| - self.basehash = basehash
|
| - self.digest_size = self.basehash().digest_size
|
| -
|
| - def new(self, *args, **kwargs):
|
| - return self.basehash(*args, **kwargs)
|
| -
|
| - for name in hashes:
|
| - hashes[name] = HashlibWrapper(hashes[name])
|
| -
|
| - except ImportError:
|
| - import md5, sha
|
| - hashes[dns.name.from_text('HMAC-MD5.SIG-ALG.REG.INT')] = md5.md5
|
| - hashes[dns.name.from_text('hmac-sha1')] = sha.sha
|
| -
|
| - if isinstance(algorithm, (str, unicode)):
|
| - algorithm = dns.name.from_text(algorithm)
|
| -
|
| - if algorithm in hashes:
|
| - return (algorithm.to_digestable(), hashes[algorithm])
|
| -
|
| - raise NotImplementedError("TSIG algorithm " + str(algorithm) +
|
| - " is not supported")
|
|
|
Chromium Code Reviews
Issue 1647513002:
Delete tools/telemetry. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master