Comment 1 for bug 54476

Here's a patch against paramiko 1.7.4 that implements aes128-ctr, aes256-ctr, arcfour128 and arcfour256

RFCs: 4344 (AES-CTR), and 4345 (arcfour128, arcfour256)

Support of the CTR modes has become critical now that the CTR modes are about to become mandatory (and CBC optional) and that some SSH servers do not support the CBC modes anymore (like on OpenSolaris 2009.06).

About the patch:

For arcfour, It was only a matter of handling the Crypto.Cipher.ARC4.new() for that specific case (and finding out the appropriate block sizes)

For the AES CTR modes, a stateful counter has to be passed as a 4th argument to Crypto.Cipher.AES.new(), and initialize it with the IV. I've implemented it as Transport._Counter, but it can be moved anywhere.

Other CTR modes should be easily implemented as long as pycrypto supports them.

Note that the counter is called for every block, so the performance is probably nothing spectacular, but it works with pycrypto 2.0.1. For people who need performance, the GIT version of pycrypto has a counter implemented in C.

Last thing, I did only some very limited testing (i.e. works for me, your mileage may vary).

Enjoy!