OLD | NEW |
---|---|
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google (adapted by Sam Rushing) - NPN support | 3 # Google (adapted by Sam Rushing) - NPN support |
4 # Martin von Loewis - python 3 port | 4 # Martin von Loewis - python 3 port |
5 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 5 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
6 # | 6 # |
7 # See the LICENSE file for legal information regarding use of this file. | 7 # See the LICENSE file for legal information regarding use of this file. |
8 | 8 |
9 """Helper class for TLSConnection.""" | 9 """Helper class for TLSConnection.""" |
10 from __future__ import generators | 10 from __future__ import generators |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
108 self.session = None | 108 self.session = None |
109 | 109 |
110 #Am I a client or server? | 110 #Am I a client or server? |
111 self._client = None | 111 self._client = None |
112 | 112 |
113 #Buffers for processing messages | 113 #Buffers for processing messages |
114 self._handshakeBuffer = [] | 114 self._handshakeBuffer = [] |
115 self.clearReadBuffer() | 115 self.clearReadBuffer() |
116 self.clearWriteBuffer() | 116 self.clearWriteBuffer() |
117 | 117 |
118 #All handshake messages, for use in extended master secret | |
119 self.handshakeMessages = [] | |
davidben
2015/08/14 22:31:18
You should be able to just use the handshake diges
nharper
2015/08/15 00:37:43
Ah, I should have read the surrounding code and se
| |
120 | |
118 #Handshake digests | 121 #Handshake digests |
119 self._handshake_md5 = hashlib.md5() | 122 self._handshake_md5 = hashlib.md5() |
120 self._handshake_sha = hashlib.sha1() | 123 self._handshake_sha = hashlib.sha1() |
121 self._handshake_sha256 = hashlib.sha256() | 124 self._handshake_sha256 = hashlib.sha256() |
122 | 125 |
123 #TLS Protocol Version | 126 #TLS Protocol Version |
124 self.version = (0,0) #read-only | 127 self.version = (0,0) #read-only |
125 self._versionCheck = False #Once we choose a version, this is True | 128 self._versionCheck = False #Once we choose a version, this is True |
126 | 129 |
127 #Current and Pending connection states | 130 #Current and Pending connection states |
(...skipping 423 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
551 if not self.closed and randomizeFirstBlock and self.version <= (3,1) \ | 554 if not self.closed and randomizeFirstBlock and self.version <= (3,1) \ |
552 and self._writeState.encContext \ | 555 and self._writeState.encContext \ |
553 and self._writeState.encContext.isBlockCipher \ | 556 and self._writeState.encContext.isBlockCipher \ |
554 and isinstance(msg, ApplicationData): | 557 and isinstance(msg, ApplicationData): |
555 msgFirstByte = msg.splitFirstByte() | 558 msgFirstByte = msg.splitFirstByte() |
556 for result in self._sendMsg(msgFirstByte, | 559 for result in self._sendMsg(msgFirstByte, |
557 randomizeFirstBlock = False): | 560 randomizeFirstBlock = False): |
558 yield result | 561 yield result |
559 | 562 |
560 b = msg.write() | 563 b = msg.write() |
564 self.handshakeMessages.append(b) | |
561 | 565 |
562 # If a 1-byte message was passed in, and we "split" the | 566 # If a 1-byte message was passed in, and we "split" the |
563 # first(only) byte off above, we may have a 0-length msg: | 567 # first(only) byte off above, we may have a 0-length msg: |
564 if len(b) == 0: | 568 if len(b) == 0: |
565 return | 569 return |
566 | 570 |
567 contentType = msg.contentType | 571 contentType = msg.contentType |
568 | 572 |
569 #Update handshake hashes | 573 #Update handshake hashes |
570 if contentType == ContentType.handshake: | 574 if contentType == ContentType.handshake: |
(...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
807 if subType not in secondaryType: | 811 if subType not in secondaryType: |
808 for result in self._sendError(\ | 812 for result in self._sendError(\ |
809 AlertDescription.unexpected_message, | 813 AlertDescription.unexpected_message, |
810 "Expecting %s, got %s" % (str(secondaryType), su bType)): | 814 "Expecting %s, got %s" % (str(secondaryType), su bType)): |
811 yield result | 815 yield result |
812 | 816 |
813 #Update handshake hashes | 817 #Update handshake hashes |
814 self._handshake_md5.update(compat26Str(p.bytes)) | 818 self._handshake_md5.update(compat26Str(p.bytes)) |
815 self._handshake_sha.update(compat26Str(p.bytes)) | 819 self._handshake_sha.update(compat26Str(p.bytes)) |
816 self._handshake_sha256.update(compat26Str(p.bytes)) | 820 self._handshake_sha256.update(compat26Str(p.bytes)) |
821 self.handshakeMessages.append(p.bytes) | |
817 | 822 |
818 #Parse based on handshake type | 823 #Parse based on handshake type |
819 if subType == HandshakeType.client_hello: | 824 if subType == HandshakeType.client_hello: |
820 yield ClientHello(recordHeader.ssl2).parse(p) | 825 yield ClientHello(recordHeader.ssl2).parse(p) |
821 elif subType == HandshakeType.server_hello: | 826 elif subType == HandshakeType.server_hello: |
822 yield ServerHello().parse(p) | 827 yield ServerHello().parse(p) |
823 elif subType == HandshakeType.certificate: | 828 elif subType == HandshakeType.certificate: |
824 yield Certificate(constructorType).parse(p) | 829 yield Certificate(constructorType).parse(p) |
825 elif subType == HandshakeType.certificate_request: | 830 elif subType == HandshakeType.certificate_request: |
826 yield CertificateRequest(self.version).parse(p) | 831 yield CertificateRequest(self.version).parse(p) |
(...skipping 422 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1249 imac_md5.update(compatHMAC(label + masterSecret + bytearray([0x36]*48))) | 1254 imac_md5.update(compatHMAC(label + masterSecret + bytearray([0x36]*48))) |
1250 imac_sha.update(compatHMAC(label + masterSecret + bytearray([0x36]*40))) | 1255 imac_sha.update(compatHMAC(label + masterSecret + bytearray([0x36]*40))) |
1251 | 1256 |
1252 md5Bytes = MD5(masterSecret + bytearray([0x5c]*48) + \ | 1257 md5Bytes = MD5(masterSecret + bytearray([0x5c]*48) + \ |
1253 bytearray(imac_md5.digest())) | 1258 bytearray(imac_md5.digest())) |
1254 shaBytes = SHA1(masterSecret + bytearray([0x5c]*40) + \ | 1259 shaBytes = SHA1(masterSecret + bytearray([0x5c]*40) + \ |
1255 bytearray(imac_sha.digest())) | 1260 bytearray(imac_sha.digest())) |
1256 | 1261 |
1257 return md5Bytes + shaBytes | 1262 return md5Bytes + shaBytes |
1258 | 1263 |
OLD | NEW |