OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
7 # | 7 # |
8 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
9 | 9 |
10 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
(...skipping 491 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
502 | 502 |
503 class ServerKeyExchange(HandshakeMsg): | 503 class ServerKeyExchange(HandshakeMsg): |
504 def __init__(self, cipherSuite, version): | 504 def __init__(self, cipherSuite, version): |
505 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) | 505 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) |
506 self.cipherSuite = cipherSuite | 506 self.cipherSuite = cipherSuite |
507 self.version = version | 507 self.version = version |
508 self.srp_N = 0 | 508 self.srp_N = 0 |
509 self.srp_g = 0 | 509 self.srp_g = 0 |
510 self.srp_s = bytearray(0) | 510 self.srp_s = bytearray(0) |
511 self.srp_B = 0 | 511 self.srp_B = 0 |
512 # Anon DH params: | 512 # DH params: |
513 self.dh_p = 0 | 513 self.dh_p = 0 |
514 self.dh_g = 0 | 514 self.dh_g = 0 |
515 self.dh_Ys = 0 | 515 self.dh_Ys = 0 |
| 516 # ECDH params: |
| 517 self.ecdhCurve = 0 |
| 518 self.ecdhPublic = bytearray(0) |
516 self.signature = bytearray(0) | 519 self.signature = bytearray(0) |
517 | 520 |
518 def createSRP(self, srp_N, srp_g, srp_s, srp_B): | 521 def createSRP(self, srp_N, srp_g, srp_s, srp_B): |
519 self.srp_N = srp_N | 522 self.srp_N = srp_N |
520 self.srp_g = srp_g | 523 self.srp_g = srp_g |
521 self.srp_s = srp_s | 524 self.srp_s = srp_s |
522 self.srp_B = srp_B | 525 self.srp_B = srp_B |
523 return self | 526 return self |
524 | 527 |
525 def createDH(self, dh_p, dh_g, dh_Ys): | 528 def createDH(self, dh_p, dh_g, dh_Ys): |
526 self.dh_p = dh_p | 529 self.dh_p = dh_p |
527 self.dh_g = dh_g | 530 self.dh_g = dh_g |
528 self.dh_Ys = dh_Ys | 531 self.dh_Ys = dh_Ys |
529 return self | 532 return self |
530 | 533 |
| 534 def createECDH(self, ecdhCurve, ecdhPublic): |
| 535 self.ecdhCurve = ecdhCurve |
| 536 self.ecdhPublic = ecdhPublic |
| 537 return self |
| 538 |
531 def parse(self, p): | 539 def parse(self, p): |
532 p.startLengthCheck(3) | 540 p.startLengthCheck(3) |
533 if self.cipherSuite in CipherSuite.srpAllSuites: | 541 if self.cipherSuite in CipherSuite.srpAllSuites: |
534 self.srp_N = bytesToNumber(p.getVarBytes(2)) | 542 self.srp_N = bytesToNumber(p.getVarBytes(2)) |
535 self.srp_g = bytesToNumber(p.getVarBytes(2)) | 543 self.srp_g = bytesToNumber(p.getVarBytes(2)) |
536 self.srp_s = p.getVarBytes(1) | 544 self.srp_s = p.getVarBytes(1) |
537 self.srp_B = bytesToNumber(p.getVarBytes(2)) | 545 self.srp_B = bytesToNumber(p.getVarBytes(2)) |
538 if self.cipherSuite in CipherSuite.srpCertSuites: | 546 if self.cipherSuite in CipherSuite.srpCertSuites: |
539 self.signature = p.getVarBytes(2) | 547 self.signature = p.getVarBytes(2) |
540 elif self.cipherSuite in CipherSuite.anonSuites: | 548 elif self.cipherSuite in CipherSuite.anonSuites: |
541 self.dh_p = bytesToNumber(p.getVarBytes(2)) | 549 self.dh_p = bytesToNumber(p.getVarBytes(2)) |
542 self.dh_g = bytesToNumber(p.getVarBytes(2)) | 550 self.dh_g = bytesToNumber(p.getVarBytes(2)) |
543 self.dh_Ys = bytesToNumber(p.getVarBytes(2)) | 551 self.dh_Ys = bytesToNumber(p.getVarBytes(2)) |
544 p.stopLengthCheck() | 552 p.stopLengthCheck() |
545 return self | 553 return self |
546 | 554 |
547 def write_params(self): | 555 def write_params(self): |
548 w = Writer() | 556 w = Writer() |
549 if self.cipherSuite in CipherSuite.srpAllSuites: | 557 if self.cipherSuite in CipherSuite.srpAllSuites: |
550 w.addVarSeq(numberToByteArray(self.srp_N), 1, 2) | 558 w.addVarSeq(numberToByteArray(self.srp_N), 1, 2) |
551 w.addVarSeq(numberToByteArray(self.srp_g), 1, 2) | 559 w.addVarSeq(numberToByteArray(self.srp_g), 1, 2) |
552 w.addVarSeq(self.srp_s, 1, 1) | 560 w.addVarSeq(self.srp_s, 1, 1) |
553 w.addVarSeq(numberToByteArray(self.srp_B), 1, 2) | 561 w.addVarSeq(numberToByteArray(self.srp_B), 1, 2) |
554 elif self.cipherSuite in CipherSuite.dhAllSuites: | 562 elif self.cipherSuite in CipherSuite.dhAllSuites: |
555 w.addVarSeq(numberToByteArray(self.dh_p), 1, 2) | 563 w.addVarSeq(numberToByteArray(self.dh_p), 1, 2) |
556 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) | 564 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) |
557 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) | 565 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) |
| 566 elif self.cipherSuite in CipherSuite.ecdhAllSuites: |
| 567 w.add(ECCurveType.named_curve, 1) |
| 568 w.add(self.ecdhCurve, 2) |
| 569 w.addVarSeq(self.ecdhPublic, 1, 1) |
558 else: | 570 else: |
559 assert(False) | 571 assert(False) |
560 return w.bytes | 572 return w.bytes |
561 | 573 |
562 def write(self): | 574 def write(self): |
563 w = Writer() | 575 w = Writer() |
564 w.bytes += self.write_params() | 576 w.bytes += self.write_params() |
565 if self.cipherSuite in CipherSuite.certAllSuites: | 577 if self.cipherSuite in CipherSuite.certAllSuites: |
566 if self.version >= (3,3): | 578 if self.version >= (3,3): |
567 # TODO: Signature algorithm negotiation not supported. | 579 # TODO: Signature algorithm negotiation not supported. |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
619 self.srp_A = bytesToNumber(p.getVarBytes(2)) | 631 self.srp_A = bytesToNumber(p.getVarBytes(2)) |
620 elif self.cipherSuite in CipherSuite.certSuites: | 632 elif self.cipherSuite in CipherSuite.certSuites: |
621 if self.version in ((3,1), (3,2), (3,3)): | 633 if self.version in ((3,1), (3,2), (3,3)): |
622 self.encryptedPreMasterSecret = p.getVarBytes(2) | 634 self.encryptedPreMasterSecret = p.getVarBytes(2) |
623 elif self.version == (3,0): | 635 elif self.version == (3,0): |
624 self.encryptedPreMasterSecret = \ | 636 self.encryptedPreMasterSecret = \ |
625 p.getFixBytes(len(p.bytes)-p.index) | 637 p.getFixBytes(len(p.bytes)-p.index) |
626 else: | 638 else: |
627 raise AssertionError() | 639 raise AssertionError() |
628 elif self.cipherSuite in CipherSuite.dhAllSuites: | 640 elif self.cipherSuite in CipherSuite.dhAllSuites: |
629 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) | 641 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) |
| 642 elif self.cipherSuite in CipherSuite.ecdhAllSuites: |
| 643 self.ecdh_Yc = p.getVarBytes(1) |
630 else: | 644 else: |
631 raise AssertionError() | 645 raise AssertionError() |
632 p.stopLengthCheck() | 646 p.stopLengthCheck() |
633 return self | 647 return self |
634 | 648 |
635 def write(self): | 649 def write(self): |
636 w = Writer() | 650 w = Writer() |
637 if self.cipherSuite in CipherSuite.srpAllSuites: | 651 if self.cipherSuite in CipherSuite.srpAllSuites: |
638 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) | 652 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) |
639 elif self.cipherSuite in CipherSuite.certSuites: | 653 elif self.cipherSuite in CipherSuite.certSuites: |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
782 newMsg = ApplicationData().create(self.bytes[:1]) | 796 newMsg = ApplicationData().create(self.bytes[:1]) |
783 self.bytes = self.bytes[1:] | 797 self.bytes = self.bytes[1:] |
784 return newMsg | 798 return newMsg |
785 | 799 |
786 def parse(self, p): | 800 def parse(self, p): |
787 self.bytes = p.bytes | 801 self.bytes = p.bytes |
788 return self | 802 return self |
789 | 803 |
790 def write(self): | 804 def write(self): |
791 return self.bytes | 805 return self.bytes |
OLD | NEW |