OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - defining ClientCertificateType | 3 # Google - defining ClientCertificateType |
4 # Google (adapted by Sam Rushing) - NPN support | 4 # Google (adapted by Sam Rushing) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Dave Baggett (Arcode Corporation) - canonicalCipherName | 6 # Dave Baggett (Arcode Corporation) - canonicalCipherName |
7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
8 # | 8 # |
9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
10 | 10 |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
69 | 69 |
70 class SignatureAlgorithm: | 70 class SignatureAlgorithm: |
71 anonymous = 0 | 71 anonymous = 0 |
72 rsa = 1 | 72 rsa = 1 |
73 dsa = 2 | 73 dsa = 2 |
74 ecdsa = 3 | 74 ecdsa = 3 |
75 | 75 |
76 class NameType: | 76 class NameType: |
77 host_name = 0 | 77 host_name = 0 |
78 | 78 |
79 class ECCurveType: | |
80 explicit_prime = 1 | |
81 explicit_char2 = 2 | |
82 named_curve = 3 | |
83 | |
84 class NamedCurve: | |
85 secp256r1 = 23 | |
86 | |
87 class AlertLevel: | 79 class AlertLevel: |
88 warning = 1 | 80 warning = 1 |
89 fatal = 2 | 81 fatal = 2 |
90 | 82 |
91 class AlertDescription: | 83 class AlertDescription: |
92 """ | 84 """ |
93 @cvar bad_record_mac: A TLS record failed to decrypt properly. | 85 @cvar bad_record_mac: A TLS record failed to decrypt properly. |
94 | 86 |
95 If this occurs during a SRP handshake it most likely | 87 If this occurs during a SRP handshake it most likely |
96 indicates a bad password. It may also indicate an implementation | 88 indicates a bad password. It may also indicate an implementation |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
179 | 171 |
180 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C | 172 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C |
181 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D | 173 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D |
182 | 174 |
183 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 | 175 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 |
184 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B | 176 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B |
185 | 177 |
186 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C | 178 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C |
187 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E | 179 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E |
188 | 180 |
189 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xc011 | |
190 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xc012 | |
191 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xc013 | |
192 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xc014 | |
193 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xc027 | |
194 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xc02f | |
195 | |
196 tripleDESSuites = [] | 181 tripleDESSuites = [] |
197 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 182 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
198 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | 183 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
199 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 184 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
200 tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) | 185 tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
201 tripleDESSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA) | |
202 | 186 |
203 aes128Suites = [] | 187 aes128Suites = [] |
204 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 188 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
205 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | 189 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
206 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 190 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
207 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) | 191 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
208 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 192 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
209 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) | 193 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) |
210 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) | 194 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) |
211 aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) | |
212 aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) | |
213 | 195 |
214 aes256Suites = [] | 196 aes256Suites = [] |
215 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 197 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
216 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | 198 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
217 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 199 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
218 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 200 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
219 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) | 201 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
220 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) | 202 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) |
221 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) | 203 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) |
222 aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) | |
223 | 204 |
224 aes128GcmSuites = [] | 205 aes128GcmSuites = [] |
225 aes128GcmSuites.append(TLS_RSA_WITH_AES_128_GCM_SHA256) | 206 aes128GcmSuites.append(TLS_RSA_WITH_AES_128_GCM_SHA256) |
226 aes128GcmSuites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) | 207 aes128GcmSuites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) |
227 aes128GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) | |
228 | 208 |
229 rc4Suites = [] | 209 rc4Suites = [] |
230 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) | 210 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) |
231 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) | 211 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
232 rc4Suites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA) | |
233 | 212 |
234 shaSuites = [] | 213 shaSuites = [] |
235 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 214 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
236 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 215 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
237 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 216 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
238 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | 217 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
239 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | 218 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
240 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | 219 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
241 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 220 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
242 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 221 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
243 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 222 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
244 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) | 223 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) |
245 shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) | 224 shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
246 shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) | 225 shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
247 shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) | 226 shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
248 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 227 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
249 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 228 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
250 shaSuites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA) | |
251 shaSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA) | |
252 shaSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) | |
253 shaSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) | |
254 | 229 |
255 sha256Suites = [] | 230 sha256Suites = [] |
256 sha256Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) | 231 sha256Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) |
257 sha256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) | 232 sha256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) |
258 sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) | 233 sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) |
259 sha256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) | 234 sha256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) |
260 sha256Suites.append(TLS_RSA_WITH_AES_128_GCM_SHA256) | 235 sha256Suites.append(TLS_RSA_WITH_AES_128_GCM_SHA256) |
261 sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) | 236 sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) |
262 sha256Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) | |
263 sha256Suites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) | |
264 | |
265 | 237 |
266 aeadSuites = aes128GcmSuites | 238 aeadSuites = aes128GcmSuites |
267 | 239 |
268 | 240 |
269 md5Suites = [] | 241 md5Suites = [] |
270 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) | 242 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
271 | 243 |
272 @staticmethod | 244 @staticmethod |
273 def _filterSuites(suites, settings, version=None): | 245 def _filterSuites(suites, settings, version=None): |
274 if version is None: | 246 if version is None: |
(...skipping 21 matching lines...) Expand all Loading... |
296 if "3des" in cipherNames: | 268 if "3des" in cipherNames: |
297 cipherSuites += CipherSuite.tripleDESSuites | 269 cipherSuites += CipherSuite.tripleDESSuites |
298 if "rc4" in cipherNames: | 270 if "rc4" in cipherNames: |
299 cipherSuites += CipherSuite.rc4Suites | 271 cipherSuites += CipherSuite.rc4Suites |
300 | 272 |
301 keyExchangeSuites = [] | 273 keyExchangeSuites = [] |
302 if "rsa" in keyExchangeNames: | 274 if "rsa" in keyExchangeNames: |
303 keyExchangeSuites += CipherSuite.certSuites | 275 keyExchangeSuites += CipherSuite.certSuites |
304 if "dhe_rsa" in keyExchangeNames: | 276 if "dhe_rsa" in keyExchangeNames: |
305 keyExchangeSuites += CipherSuite.dheCertSuites | 277 keyExchangeSuites += CipherSuite.dheCertSuites |
306 if "ecdhe_rsa" in keyExchangeNames: | |
307 keyExchangeSuites += CipherSuite.ecdheCertSuites | |
308 if "srp_sha" in keyExchangeNames: | 278 if "srp_sha" in keyExchangeNames: |
309 keyExchangeSuites += CipherSuite.srpSuites | 279 keyExchangeSuites += CipherSuite.srpSuites |
310 if "srp_sha_rsa" in keyExchangeNames: | 280 if "srp_sha_rsa" in keyExchangeNames: |
311 keyExchangeSuites += CipherSuite.srpCertSuites | 281 keyExchangeSuites += CipherSuite.srpCertSuites |
312 if "dh_anon" in keyExchangeNames: | 282 if "dh_anon" in keyExchangeNames: |
313 keyExchangeSuites += CipherSuite.anonSuites | 283 keyExchangeSuites += CipherSuite.anonSuites |
314 | 284 |
315 return [s for s in suites if s in macSuites and | 285 return [s for s in suites if s in macSuites and |
316 s in cipherSuites and s in keyExchangeSuites] | 286 s in cipherSuites and s in keyExchangeSuites] |
317 | 287 |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
358 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) | 328 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) |
359 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) | 329 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) |
360 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) | 330 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
361 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) | 331 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
362 dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) | 332 dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
363 | 333 |
364 @staticmethod | 334 @staticmethod |
365 def getDheCertSuites(settings, version=None): | 335 def getDheCertSuites(settings, version=None): |
366 return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings, ve
rsion) | 336 return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings, ve
rsion) |
367 | 337 |
368 ecdheCertSuites = [] | 338 certAllSuites = srpCertSuites + certSuites + dheCertSuites |
369 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) | |
370 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) | |
371 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) | |
372 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) | |
373 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA) | |
374 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA) | |
375 | |
376 @staticmethod | |
377 def getEcdheCertSuites(settings, version=None): | |
378 return CipherSuite._filterSuites(CipherSuite.ecdheCertSuites, settings,
version) | |
379 | |
380 certAllSuites = srpCertSuites + certSuites + dheCertSuites + ecdheCertSuites | |
381 | 339 |
382 anonSuites = [] | 340 anonSuites = [] |
383 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 341 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
384 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 342 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
385 | 343 |
386 @staticmethod | 344 @staticmethod |
387 def getAnonSuites(settings, version=None): | 345 def getAnonSuites(settings, version=None): |
388 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings, versi
on) | 346 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings, versi
on) |
389 | 347 |
390 dhAllSuites = dheCertSuites + anonSuites | 348 dhAllSuites = dheCertSuites + anonSuites |
391 ecdhAllSuites = ecdheCertSuites | |
392 | 349 |
393 @staticmethod | 350 @staticmethod |
394 def canonicalCipherName(ciphersuite): | 351 def canonicalCipherName(ciphersuite): |
395 "Return the canonical name of the cipher whose number is provided." | 352 "Return the canonical name of the cipher whose number is provided." |
396 if ciphersuite in CipherSuite.aes128Suites: | 353 if ciphersuite in CipherSuite.aes128Suites: |
397 return "aes128" | 354 return "aes128" |
398 elif ciphersuite in CipherSuite.aes256Suites: | 355 elif ciphersuite in CipherSuite.aes256Suites: |
399 return "aes256" | 356 return "aes256" |
400 elif ciphersuite in CipherSuite.rc4Suites: | 357 elif ciphersuite in CipherSuite.rc4Suites: |
401 return "rc4" | 358 return "rc4" |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
456 badUsername: "bad username",\ | 413 badUsername: "bad username",\ |
457 badPassword: "bad password",\ | 414 badPassword: "bad password",\ |
458 badA: "bad A",\ | 415 badA: "bad A",\ |
459 badPremasterPadding: "bad premaster padding",\ | 416 badPremasterPadding: "bad premaster padding",\ |
460 shortPremasterSecret: "short premaster secret",\ | 417 shortPremasterSecret: "short premaster secret",\ |
461 badVerifyMessage: "bad verify message",\ | 418 badVerifyMessage: "bad verify message",\ |
462 badFinished: "bad finished message",\ | 419 badFinished: "bad finished message",\ |
463 badMAC: "bad MAC",\ | 420 badMAC: "bad MAC",\ |
464 badPadding: "bad padding" | 421 badPadding: "bad padding" |
465 } | 422 } |
OLD | NEW |