OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
8 # | 8 # |
9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
10 | 10 |
(...skipping 963 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
974 yield result | 974 yield result |
975 | 975 |
976 #If client authentication was requested and we have a | 976 #If client authentication was requested and we have a |
977 #private key, send CertificateVerify | 977 #private key, send CertificateVerify |
978 if certificateRequest and privateKey: | 978 if certificateRequest and privateKey: |
979 signatureAlgorithm = None | 979 signatureAlgorithm = None |
980 if self.version == (3,0): | 980 if self.version == (3,0): |
981 masterSecret = calcMasterSecret(self.version, | 981 masterSecret = calcMasterSecret(self.version, |
982 premasterSecret, | 982 premasterSecret, |
983 clientRandom, | 983 clientRandom, |
984 serverRandom, | 984 serverRandom) |
985 b"", False) | |
986 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") | 985 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
987 elif self.version in ((3,1), (3,2)): | 986 elif self.version in ((3,1), (3,2)): |
988 verifyBytes = self._handshake_md5.digest() + \ | 987 verifyBytes = self._handshake_md5.digest() + \ |
989 self._handshake_sha.digest() | 988 self._handshake_sha.digest() |
990 elif self.version == (3,3): | 989 elif self.version == (3,3): |
991 # TODO: Signature algorithm negotiation not supported. | 990 # TODO: Signature algorithm negotiation not supported. |
992 signatureAlgorithm = (HashAlgorithm.sha1, SignatureAlgorithm.rsa
) | 991 signatureAlgorithm = (HashAlgorithm.sha1, SignatureAlgorithm.rsa
) |
993 verifyBytes = self._handshake_sha.digest() | 992 verifyBytes = self._handshake_sha.digest() |
994 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) | 993 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) |
995 if self.fault == Fault.badVerifyMessage: | 994 if self.fault == Fault.badVerifyMessage: |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1030 #Calculate premaster secret | 1029 #Calculate premaster secret |
1031 S = powMod(dh_Ys, dh_Xc, dh_p) | 1030 S = powMod(dh_Ys, dh_Xc, dh_p) |
1032 premasterSecret = numberToByteArray(S) | 1031 premasterSecret = numberToByteArray(S) |
1033 | 1032 |
1034 yield (premasterSecret, None, None) | 1033 yield (premasterSecret, None, None) |
1035 | 1034 |
1036 def _clientFinished(self, premasterSecret, clientRandom, serverRandom, | 1035 def _clientFinished(self, premasterSecret, clientRandom, serverRandom, |
1037 cipherSuite, cipherImplementations, nextProto): | 1036 cipherSuite, cipherImplementations, nextProto): |
1038 | 1037 |
1039 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1038 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1040 clientRandom, serverRandom, b"", False) | 1039 clientRandom, serverRandom) |
1041 self._calcPendingStates(cipherSuite, masterSecret, | 1040 self._calcPendingStates(cipherSuite, masterSecret, |
1042 clientRandom, serverRandom, | 1041 clientRandom, serverRandom, |
1043 cipherImplementations) | 1042 cipherImplementations) |
1044 | 1043 |
1045 #Exchange ChangeCipherSpec and Finished messages | 1044 #Exchange ChangeCipherSpec and Finished messages |
1046 for result in self._sendFinished(masterSecret, nextProto): | 1045 for result in self._sendFinished(masterSecret, nextProto): |
1047 yield result | 1046 yield result |
1048 for result in self._getFinished(masterSecret, nextProto=nextProto): | 1047 for result in self._getFinished(masterSecret, nextProto=nextProto): |
1049 yield result | 1048 yield result |
1050 yield masterSecret | 1049 yield masterSecret |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1320 # Prepare a TACK Extension if requested | 1319 # Prepare a TACK Extension if requested |
1321 if clientHello.tack: | 1320 if clientHello.tack: |
1322 tackExt = TackExtension.create(tacks, activationFlags) | 1321 tackExt = TackExtension.create(tacks, activationFlags) |
1323 else: | 1322 else: |
1324 tackExt = None | 1323 tackExt = None |
1325 serverHello = ServerHello() | 1324 serverHello = ServerHello() |
1326 serverHello.create(self.version, getRandomBytes(32), sessionID, \ | 1325 serverHello.create(self.version, getRandomBytes(32), sessionID, \ |
1327 cipherSuite, CertificateType.x509, tackExt, | 1326 cipherSuite, CertificateType.x509, tackExt, |
1328 nextProtos) | 1327 nextProtos) |
1329 serverHello.channel_id = clientHello.channel_id | 1328 serverHello.channel_id = clientHello.channel_id |
1330 serverHello.extended_master_secret = \ | |
1331 clientHello.extended_master_secret and \ | |
1332 settings.enableExtendedMasterSecret | |
1333 if clientHello.support_signed_cert_timestamps: | 1329 if clientHello.support_signed_cert_timestamps: |
1334 serverHello.signed_cert_timestamps = signedCertTimestamps | 1330 serverHello.signed_cert_timestamps = signedCertTimestamps |
1335 if clientHello.status_request: | 1331 if clientHello.status_request: |
1336 serverHello.status_request = ocspResponse | 1332 serverHello.status_request = ocspResponse |
1337 | 1333 |
1338 # Perform the SRP key exchange | 1334 # Perform the SRP key exchange |
1339 clientCertChain = None | 1335 clientCertChain = None |
1340 if cipherSuite in CipherSuite.srpAllSuites: | 1336 if cipherSuite in CipherSuite.srpAllSuites: |
1341 for result in self._serverSRPKeyExchange(clientHello, serverHello, | 1337 for result in self._serverSRPKeyExchange(clientHello, serverHello, |
1342 verifierDB, cipherSuite, | 1338 verifierDB, cipherSuite, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1380 else: break | 1376 else: break |
1381 premasterSecret = result | 1377 premasterSecret = result |
1382 | 1378 |
1383 else: | 1379 else: |
1384 assert(False) | 1380 assert(False) |
1385 | 1381 |
1386 # Exchange Finished messages | 1382 # Exchange Finished messages |
1387 for result in self._serverFinished(premasterSecret, | 1383 for result in self._serverFinished(premasterSecret, |
1388 clientHello.random, serverHello.random, | 1384 clientHello.random, serverHello.random, |
1389 cipherSuite, settings.cipherImplementations, | 1385 cipherSuite, settings.cipherImplementations, |
1390 nextProtos, clientHello.channel_id, | 1386 nextProtos, clientHello.channel_id): |
1391 serverHello.extended_master_secret): | |
1392 if result in (0,1): yield result | 1387 if result in (0,1): yield result |
1393 else: break | 1388 else: break |
1394 masterSecret = result | 1389 masterSecret = result |
1395 | 1390 |
1396 #Create the session object | 1391 #Create the session object |
1397 self.session = Session() | 1392 self.session = Session() |
1398 if cipherSuite in CipherSuite.certAllSuites: | 1393 if cipherSuite in CipherSuite.certAllSuites: |
1399 serverCertChain = certChain | 1394 serverCertChain = certChain |
1400 else: | 1395 else: |
1401 serverCertChain = None | 1396 serverCertChain = None |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1521 except KeyError: | 1516 except KeyError: |
1522 pass | 1517 pass |
1523 | 1518 |
1524 #If a session is found.. | 1519 #If a session is found.. |
1525 if session: | 1520 if session: |
1526 #Send ServerHello | 1521 #Send ServerHello |
1527 serverHello = ServerHello() | 1522 serverHello = ServerHello() |
1528 serverHello.create(self.version, getRandomBytes(32), | 1523 serverHello.create(self.version, getRandomBytes(32), |
1529 session.sessionID, session.cipherSuite, | 1524 session.sessionID, session.cipherSuite, |
1530 CertificateType.x509, None, None) | 1525 CertificateType.x509, None, None) |
1531 serverHello.extended_master_secret = \ | |
1532 clientHello.extended_master_secret and \ | |
1533 settings.enableExtendedMasterSecret | |
1534 for result in self._sendMsg(serverHello): | 1526 for result in self._sendMsg(serverHello): |
1535 yield result | 1527 yield result |
1536 | 1528 |
1537 #From here on, the client's messages must have right version | 1529 #From here on, the client's messages must have right version |
1538 self._versionCheck = True | 1530 self._versionCheck = True |
1539 | 1531 |
1540 #Calculate pending connection states | 1532 #Calculate pending connection states |
1541 self._calcPendingStates(session.cipherSuite, | 1533 self._calcPendingStates(session.cipherSuite, |
1542 session.masterSecret, | 1534 session.masterSecret, |
1543 clientHello.random, | 1535 clientHello.random, |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1744 premasterSecret = \ | 1736 premasterSecret = \ |
1745 keyExchange.processClientKeyExchange(clientKeyExchange) | 1737 keyExchange.processClientKeyExchange(clientKeyExchange) |
1746 except TLSLocalAlert, alert: | 1738 except TLSLocalAlert, alert: |
1747 for result in self._sendError(alert.description, alert.message): | 1739 for result in self._sendError(alert.description, alert.message): |
1748 yield result | 1740 yield result |
1749 | 1741 |
1750 #Get and check CertificateVerify, if relevant | 1742 #Get and check CertificateVerify, if relevant |
1751 if clientCertChain: | 1743 if clientCertChain: |
1752 if self.version == (3,0): | 1744 if self.version == (3,0): |
1753 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1745 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1754 clientHello.random, serverHello.random, | 1746 clientHello.random, serverHello.random) |
1755 b"", False) | |
1756 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") | 1747 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
1757 elif self.version in ((3,1), (3,2)): | 1748 elif self.version in ((3,1), (3,2)): |
1758 verifyBytes = self._handshake_md5.digest() + \ | 1749 verifyBytes = self._handshake_md5.digest() + \ |
1759 self._handshake_sha.digest() | 1750 self._handshake_sha.digest() |
1760 elif self.version == (3,3): | 1751 elif self.version == (3,3): |
1761 verifyBytes = self._handshake_sha.digest() | 1752 verifyBytes = self._handshake_sha.digest() |
1762 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) | 1753 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) |
1763 for result in self._getMsg(ContentType.handshake, | 1754 for result in self._getMsg(ContentType.handshake, |
1764 HandshakeType.certificate_verify): | 1755 HandshakeType.certificate_verify): |
1765 if result in (0,1): yield result | 1756 if result in (0,1): yield result |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1829 | 1820 |
1830 #Calculate premaster secre | 1821 #Calculate premaster secre |
1831 S = powMod(dh_Yc,dh_Xs,dh_p) | 1822 S = powMod(dh_Yc,dh_Xs,dh_p) |
1832 premasterSecret = numberToByteArray(S) | 1823 premasterSecret = numberToByteArray(S) |
1833 | 1824 |
1834 yield premasterSecret | 1825 yield premasterSecret |
1835 | 1826 |
1836 | 1827 |
1837 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, | 1828 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, |
1838 cipherSuite, cipherImplementations, nextProtos, | 1829 cipherSuite, cipherImplementations, nextProtos, |
1839 doingChannelID, useExtendedMasterSecret): | 1830 doingChannelID): |
1840 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1831 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1841 clientRandom, serverRandom, | 1832 clientRandom, serverRandom) |
1842 self._getHandshakeHash(), | |
1843 useExtendedMasterSecret) | |
1844 | 1833 |
1845 #Calculate pending connection states | 1834 #Calculate pending connection states |
1846 self._calcPendingStates(cipherSuite, masterSecret, | 1835 self._calcPendingStates(cipherSuite, masterSecret, |
1847 clientRandom, serverRandom, | 1836 clientRandom, serverRandom, |
1848 cipherImplementations) | 1837 cipherImplementations) |
1849 | 1838 |
1850 #Exchange ChangeCipherSpec and Finished messages | 1839 #Exchange ChangeCipherSpec and Finished messages |
1851 for result in self._getFinished(masterSecret, | 1840 for result in self._getFinished(masterSecret, |
1852 expect_next_protocol=nextProtos is not None, | 1841 expect_next_protocol=nextProtos is not None, |
1853 expect_channel_id=doingChannelID): | 1842 expect_channel_id=doingChannelID): |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2001 except TLSAlert as alert: | 1990 except TLSAlert as alert: |
2002 if not self.fault: | 1991 if not self.fault: |
2003 raise | 1992 raise |
2004 if alert.description not in Fault.faultAlerts[self.fault]: | 1993 if alert.description not in Fault.faultAlerts[self.fault]: |
2005 raise TLSFaultError(str(alert)) | 1994 raise TLSFaultError(str(alert)) |
2006 else: | 1995 else: |
2007 pass | 1996 pass |
2008 except: | 1997 except: |
2009 self._shutdown(False) | 1998 self._shutdown(False) |
2010 raise | 1999 raise |
OLD | NEW |