OLD | NEW |
---|---|
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
8 # | 8 # |
9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
10 | 10 |
(...skipping 963 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
974 yield result | 974 yield result |
975 | 975 |
976 #If client authentication was requested and we have a | 976 #If client authentication was requested and we have a |
977 #private key, send CertificateVerify | 977 #private key, send CertificateVerify |
978 if certificateRequest and privateKey: | 978 if certificateRequest and privateKey: |
979 signatureAlgorithm = None | 979 signatureAlgorithm = None |
980 if self.version == (3,0): | 980 if self.version == (3,0): |
981 masterSecret = calcMasterSecret(self.version, | 981 masterSecret = calcMasterSecret(self.version, |
982 premasterSecret, | 982 premasterSecret, |
983 clientRandom, | 983 clientRandom, |
984 serverRandom) | 984 serverRandom, |
985 b"", False) | |
985 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") | 986 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
986 elif self.version in ((3,1), (3,2)): | 987 elif self.version in ((3,1), (3,2)): |
987 verifyBytes = self._handshake_md5.digest() + \ | 988 verifyBytes = self._handshake_md5.digest() + \ |
988 self._handshake_sha.digest() | 989 self._handshake_sha.digest() |
989 elif self.version == (3,3): | 990 elif self.version == (3,3): |
990 # TODO: Signature algorithm negotiation not supported. | 991 # TODO: Signature algorithm negotiation not supported. |
991 signatureAlgorithm = (HashAlgorithm.sha1, SignatureAlgorithm.rsa ) | 992 signatureAlgorithm = (HashAlgorithm.sha1, SignatureAlgorithm.rsa ) |
992 verifyBytes = self._handshake_sha.digest() | 993 verifyBytes = self._handshake_sha.digest() |
993 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) | 994 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) |
994 if self.fault == Fault.badVerifyMessage: | 995 if self.fault == Fault.badVerifyMessage: |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1029 #Calculate premaster secret | 1030 #Calculate premaster secret |
1030 S = powMod(dh_Ys, dh_Xc, dh_p) | 1031 S = powMod(dh_Ys, dh_Xc, dh_p) |
1031 premasterSecret = numberToByteArray(S) | 1032 premasterSecret = numberToByteArray(S) |
1032 | 1033 |
1033 yield (premasterSecret, None, None) | 1034 yield (premasterSecret, None, None) |
1034 | 1035 |
1035 def _clientFinished(self, premasterSecret, clientRandom, serverRandom, | 1036 def _clientFinished(self, premasterSecret, clientRandom, serverRandom, |
1036 cipherSuite, cipherImplementations, nextProto): | 1037 cipherSuite, cipherImplementations, nextProto): |
1037 | 1038 |
1038 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1039 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1039 clientRandom, serverRandom) | 1040 clientRandom, serverRandom, b"", False) |
1040 self._calcPendingStates(cipherSuite, masterSecret, | 1041 self._calcPendingStates(cipherSuite, masterSecret, |
1041 clientRandom, serverRandom, | 1042 clientRandom, serverRandom, |
1042 cipherImplementations) | 1043 cipherImplementations) |
1043 | 1044 |
1044 #Exchange ChangeCipherSpec and Finished messages | 1045 #Exchange ChangeCipherSpec and Finished messages |
1045 for result in self._sendFinished(masterSecret, nextProto): | 1046 for result in self._sendFinished(masterSecret, nextProto): |
1046 yield result | 1047 yield result |
1047 for result in self._getFinished(masterSecret, nextProto=nextProto): | 1048 for result in self._getFinished(masterSecret, nextProto=nextProto): |
1048 yield result | 1049 yield result |
1049 yield masterSecret | 1050 yield masterSecret |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1319 # Prepare a TACK Extension if requested | 1320 # Prepare a TACK Extension if requested |
1320 if clientHello.tack: | 1321 if clientHello.tack: |
1321 tackExt = TackExtension.create(tacks, activationFlags) | 1322 tackExt = TackExtension.create(tacks, activationFlags) |
1322 else: | 1323 else: |
1323 tackExt = None | 1324 tackExt = None |
1324 serverHello = ServerHello() | 1325 serverHello = ServerHello() |
1325 serverHello.create(self.version, getRandomBytes(32), sessionID, \ | 1326 serverHello.create(self.version, getRandomBytes(32), sessionID, \ |
1326 cipherSuite, CertificateType.x509, tackExt, | 1327 cipherSuite, CertificateType.x509, tackExt, |
1327 nextProtos) | 1328 nextProtos) |
1328 serverHello.channel_id = clientHello.channel_id | 1329 serverHello.channel_id = clientHello.channel_id |
1330 serverHello.extended_master_secret = clientHello.extended_master_secret | |
1329 if clientHello.support_signed_cert_timestamps: | 1331 if clientHello.support_signed_cert_timestamps: |
1330 serverHello.signed_cert_timestamps = signedCertTimestamps | 1332 serverHello.signed_cert_timestamps = signedCertTimestamps |
1331 if clientHello.status_request: | 1333 if clientHello.status_request: |
1332 serverHello.status_request = ocspResponse | 1334 serverHello.status_request = ocspResponse |
1333 | 1335 |
1334 # Perform the SRP key exchange | 1336 # Perform the SRP key exchange |
1335 clientCertChain = None | 1337 clientCertChain = None |
1336 if cipherSuite in CipherSuite.srpAllSuites: | 1338 if cipherSuite in CipherSuite.srpAllSuites: |
1337 for result in self._serverSRPKeyExchange(clientHello, serverHello, | 1339 for result in self._serverSRPKeyExchange(clientHello, serverHello, |
1338 verifierDB, cipherSuite, | 1340 verifierDB, cipherSuite, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1376 else: break | 1378 else: break |
1377 premasterSecret = result | 1379 premasterSecret = result |
1378 | 1380 |
1379 else: | 1381 else: |
1380 assert(False) | 1382 assert(False) |
1381 | 1383 |
1382 # Exchange Finished messages | 1384 # Exchange Finished messages |
1383 for result in self._serverFinished(premasterSecret, | 1385 for result in self._serverFinished(premasterSecret, |
1384 clientHello.random, serverHello.random, | 1386 clientHello.random, serverHello.random, |
1385 cipherSuite, settings.cipherImplementations, | 1387 cipherSuite, settings.cipherImplementations, |
1386 nextProtos, clientHello.channel_id): | 1388 nextProtos, clientHello.channel_id, |
1389 clientHello.extended_master_secret): | |
1387 if result in (0,1): yield result | 1390 if result in (0,1): yield result |
1388 else: break | 1391 else: break |
1389 masterSecret = result | 1392 masterSecret = result |
1390 | 1393 |
1391 #Create the session object | 1394 #Create the session object |
1392 self.session = Session() | 1395 self.session = Session() |
1393 if cipherSuite in CipherSuite.certAllSuites: | 1396 if cipherSuite in CipherSuite.certAllSuites: |
1394 serverCertChain = certChain | 1397 serverCertChain = certChain |
1395 else: | 1398 else: |
1396 serverCertChain = None | 1399 serverCertChain = None |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1516 except KeyError: | 1519 except KeyError: |
1517 pass | 1520 pass |
1518 | 1521 |
1519 #If a session is found.. | 1522 #If a session is found.. |
1520 if session: | 1523 if session: |
1521 #Send ServerHello | 1524 #Send ServerHello |
1522 serverHello = ServerHello() | 1525 serverHello = ServerHello() |
1523 serverHello.create(self.version, getRandomBytes(32), | 1526 serverHello.create(self.version, getRandomBytes(32), |
1524 session.sessionID, session.cipherSuite, | 1527 session.sessionID, session.cipherSuite, |
1525 CertificateType.x509, None, None) | 1528 CertificateType.x509, None, None) |
1529 serverHello.extended_master_secret = \ | |
1530 clientHello.extended_master_secret | |
davidben
2015/08/17 17:10:22
To confirm, this will make every connection we mak
nharper
2015/08/18 00:03:31
I added a setting to HandshakeSettings, since I'll
| |
1526 for result in self._sendMsg(serverHello): | 1531 for result in self._sendMsg(serverHello): |
1527 yield result | 1532 yield result |
1528 | 1533 |
1529 #From here on, the client's messages must have right version | 1534 #From here on, the client's messages must have right version |
1530 self._versionCheck = True | 1535 self._versionCheck = True |
1531 | 1536 |
1532 #Calculate pending connection states | 1537 #Calculate pending connection states |
1533 self._calcPendingStates(session.cipherSuite, | 1538 self._calcPendingStates(session.cipherSuite, |
1534 session.masterSecret, | 1539 session.masterSecret, |
1535 clientHello.random, | 1540 clientHello.random, |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1736 premasterSecret = \ | 1741 premasterSecret = \ |
1737 keyExchange.processClientKeyExchange(clientKeyExchange) | 1742 keyExchange.processClientKeyExchange(clientKeyExchange) |
1738 except TLSLocalAlert, alert: | 1743 except TLSLocalAlert, alert: |
1739 for result in self._sendError(alert.description, alert.message): | 1744 for result in self._sendError(alert.description, alert.message): |
1740 yield result | 1745 yield result |
1741 | 1746 |
1742 #Get and check CertificateVerify, if relevant | 1747 #Get and check CertificateVerify, if relevant |
1743 if clientCertChain: | 1748 if clientCertChain: |
1744 if self.version == (3,0): | 1749 if self.version == (3,0): |
1745 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1750 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1746 clientHello.random, serverHello.random) | 1751 clientHello.random, serverHello.random, |
1752 b"", False) | |
1747 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") | 1753 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
1748 elif self.version in ((3,1), (3,2)): | 1754 elif self.version in ((3,1), (3,2)): |
1749 verifyBytes = self._handshake_md5.digest() + \ | 1755 verifyBytes = self._handshake_md5.digest() + \ |
1750 self._handshake_sha.digest() | 1756 self._handshake_sha.digest() |
1751 elif self.version == (3,3): | 1757 elif self.version == (3,3): |
1752 verifyBytes = self._handshake_sha.digest() | 1758 verifyBytes = self._handshake_sha.digest() |
1753 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) | 1759 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) |
1754 for result in self._getMsg(ContentType.handshake, | 1760 for result in self._getMsg(ContentType.handshake, |
1755 HandshakeType.certificate_verify): | 1761 HandshakeType.certificate_verify): |
1756 if result in (0,1): yield result | 1762 if result in (0,1): yield result |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1820 | 1826 |
1821 #Calculate premaster secre | 1827 #Calculate premaster secre |
1822 S = powMod(dh_Yc,dh_Xs,dh_p) | 1828 S = powMod(dh_Yc,dh_Xs,dh_p) |
1823 premasterSecret = numberToByteArray(S) | 1829 premasterSecret = numberToByteArray(S) |
1824 | 1830 |
1825 yield premasterSecret | 1831 yield premasterSecret |
1826 | 1832 |
1827 | 1833 |
1828 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, | 1834 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, |
1829 cipherSuite, cipherImplementations, nextProtos, | 1835 cipherSuite, cipherImplementations, nextProtos, |
1830 doingChannelID): | 1836 doingChannelID, useExtendedMasterSecret): |
1831 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1837 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1832 clientRandom, serverRandom) | 1838 clientRandom, serverRandom, |
1839 self._getHandshakeHash(), | |
1840 useExtendedMasterSecret) | |
1833 | 1841 |
1834 #Calculate pending connection states | 1842 #Calculate pending connection states |
1835 self._calcPendingStates(cipherSuite, masterSecret, | 1843 self._calcPendingStates(cipherSuite, masterSecret, |
1836 clientRandom, serverRandom, | 1844 clientRandom, serverRandom, |
1837 cipherImplementations) | 1845 cipherImplementations) |
1838 | 1846 |
1839 #Exchange ChangeCipherSpec and Finished messages | 1847 #Exchange ChangeCipherSpec and Finished messages |
1840 for result in self._getFinished(masterSecret, | 1848 for result in self._getFinished(masterSecret, |
1841 expect_next_protocol=nextProtos is not None, | 1849 expect_next_protocol=nextProtos is not None, |
1842 expect_channel_id=doingChannelID): | 1850 expect_channel_id=doingChannelID): |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1990 except TLSAlert as alert: | 1998 except TLSAlert as alert: |
1991 if not self.fault: | 1999 if not self.fault: |
1992 raise | 2000 raise |
1993 if alert.description not in Fault.faultAlerts[self.fault]: | 2001 if alert.description not in Fault.faultAlerts[self.fault]: |
1994 raise TLSFaultError(str(alert)) | 2002 raise TLSFaultError(str(alert)) |
1995 else: | 2003 else: |
1996 pass | 2004 pass |
1997 except: | 2005 except: |
1998 self._shutdown(False) | 2006 self._shutdown(False) |
1999 raise | 2007 raise |
OLD | NEW |