OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
8 # | 8 # |
9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
10 | 10 |
(...skipping 963 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
974 yield result | 974 yield result |
975 | 975 |
976 #If client authentication was requested and we have a | 976 #If client authentication was requested and we have a |
977 #private key, send CertificateVerify | 977 #private key, send CertificateVerify |
978 if certificateRequest and privateKey: | 978 if certificateRequest and privateKey: |
979 signatureAlgorithm = None | 979 signatureAlgorithm = None |
980 if self.version == (3,0): | 980 if self.version == (3,0): |
981 masterSecret = calcMasterSecret(self.version, | 981 masterSecret = calcMasterSecret(self.version, |
982 premasterSecret, | 982 premasterSecret, |
983 clientRandom, | 983 clientRandom, |
984 serverRandom) | 984 serverRandom, |
| 985 b"", False) |
985 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") | 986 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
986 elif self.version in ((3,1), (3,2)): | 987 elif self.version in ((3,1), (3,2)): |
987 verifyBytes = self._handshake_md5.digest() + \ | 988 verifyBytes = self._handshake_md5.digest() + \ |
988 self._handshake_sha.digest() | 989 self._handshake_sha.digest() |
989 elif self.version == (3,3): | 990 elif self.version == (3,3): |
990 # TODO: Signature algorithm negotiation not supported. | 991 # TODO: Signature algorithm negotiation not supported. |
991 signatureAlgorithm = (HashAlgorithm.sha1, SignatureAlgorithm.rsa
) | 992 signatureAlgorithm = (HashAlgorithm.sha1, SignatureAlgorithm.rsa
) |
992 verifyBytes = self._handshake_sha.digest() | 993 verifyBytes = self._handshake_sha.digest() |
993 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) | 994 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) |
994 if self.fault == Fault.badVerifyMessage: | 995 if self.fault == Fault.badVerifyMessage: |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1029 #Calculate premaster secret | 1030 #Calculate premaster secret |
1030 S = powMod(dh_Ys, dh_Xc, dh_p) | 1031 S = powMod(dh_Ys, dh_Xc, dh_p) |
1031 premasterSecret = numberToByteArray(S) | 1032 premasterSecret = numberToByteArray(S) |
1032 | 1033 |
1033 yield (premasterSecret, None, None) | 1034 yield (premasterSecret, None, None) |
1034 | 1035 |
1035 def _clientFinished(self, premasterSecret, clientRandom, serverRandom, | 1036 def _clientFinished(self, premasterSecret, clientRandom, serverRandom, |
1036 cipherSuite, cipherImplementations, nextProto): | 1037 cipherSuite, cipherImplementations, nextProto): |
1037 | 1038 |
1038 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1039 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1039 clientRandom, serverRandom) | 1040 clientRandom, serverRandom, b"", False) |
1040 self._calcPendingStates(cipherSuite, masterSecret, | 1041 self._calcPendingStates(cipherSuite, masterSecret, |
1041 clientRandom, serverRandom, | 1042 clientRandom, serverRandom, |
1042 cipherImplementations) | 1043 cipherImplementations) |
1043 | 1044 |
1044 #Exchange ChangeCipherSpec and Finished messages | 1045 #Exchange ChangeCipherSpec and Finished messages |
1045 for result in self._sendFinished(masterSecret, nextProto): | 1046 for result in self._sendFinished(masterSecret, nextProto): |
1046 yield result | 1047 yield result |
1047 for result in self._getFinished(masterSecret, nextProto=nextProto): | 1048 for result in self._getFinished(masterSecret, nextProto=nextProto): |
1048 yield result | 1049 yield result |
1049 yield masterSecret | 1050 yield masterSecret |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1319 # Prepare a TACK Extension if requested | 1320 # Prepare a TACK Extension if requested |
1320 if clientHello.tack: | 1321 if clientHello.tack: |
1321 tackExt = TackExtension.create(tacks, activationFlags) | 1322 tackExt = TackExtension.create(tacks, activationFlags) |
1322 else: | 1323 else: |
1323 tackExt = None | 1324 tackExt = None |
1324 serverHello = ServerHello() | 1325 serverHello = ServerHello() |
1325 serverHello.create(self.version, getRandomBytes(32), sessionID, \ | 1326 serverHello.create(self.version, getRandomBytes(32), sessionID, \ |
1326 cipherSuite, CertificateType.x509, tackExt, | 1327 cipherSuite, CertificateType.x509, tackExt, |
1327 nextProtos) | 1328 nextProtos) |
1328 serverHello.channel_id = clientHello.channel_id | 1329 serverHello.channel_id = clientHello.channel_id |
| 1330 serverHello.extended_master_secret = \ |
| 1331 clientHello.extended_master_secret and \ |
| 1332 settings.enableExtendedMasterSecret |
1329 if clientHello.support_signed_cert_timestamps: | 1333 if clientHello.support_signed_cert_timestamps: |
1330 serverHello.signed_cert_timestamps = signedCertTimestamps | 1334 serverHello.signed_cert_timestamps = signedCertTimestamps |
1331 if clientHello.status_request: | 1335 if clientHello.status_request: |
1332 serverHello.status_request = ocspResponse | 1336 serverHello.status_request = ocspResponse |
1333 | 1337 |
1334 # Perform the SRP key exchange | 1338 # Perform the SRP key exchange |
1335 clientCertChain = None | 1339 clientCertChain = None |
1336 if cipherSuite in CipherSuite.srpAllSuites: | 1340 if cipherSuite in CipherSuite.srpAllSuites: |
1337 for result in self._serverSRPKeyExchange(clientHello, serverHello, | 1341 for result in self._serverSRPKeyExchange(clientHello, serverHello, |
1338 verifierDB, cipherSuite, | 1342 verifierDB, cipherSuite, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1376 else: break | 1380 else: break |
1377 premasterSecret = result | 1381 premasterSecret = result |
1378 | 1382 |
1379 else: | 1383 else: |
1380 assert(False) | 1384 assert(False) |
1381 | 1385 |
1382 # Exchange Finished messages | 1386 # Exchange Finished messages |
1383 for result in self._serverFinished(premasterSecret, | 1387 for result in self._serverFinished(premasterSecret, |
1384 clientHello.random, serverHello.random, | 1388 clientHello.random, serverHello.random, |
1385 cipherSuite, settings.cipherImplementations, | 1389 cipherSuite, settings.cipherImplementations, |
1386 nextProtos, clientHello.channel_id): | 1390 nextProtos, clientHello.channel_id, |
| 1391 serverHello.extended_master_secret): |
1387 if result in (0,1): yield result | 1392 if result in (0,1): yield result |
1388 else: break | 1393 else: break |
1389 masterSecret = result | 1394 masterSecret = result |
1390 | 1395 |
1391 #Create the session object | 1396 #Create the session object |
1392 self.session = Session() | 1397 self.session = Session() |
1393 if cipherSuite in CipherSuite.certAllSuites: | 1398 if cipherSuite in CipherSuite.certAllSuites: |
1394 serverCertChain = certChain | 1399 serverCertChain = certChain |
1395 else: | 1400 else: |
1396 serverCertChain = None | 1401 serverCertChain = None |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1516 except KeyError: | 1521 except KeyError: |
1517 pass | 1522 pass |
1518 | 1523 |
1519 #If a session is found.. | 1524 #If a session is found.. |
1520 if session: | 1525 if session: |
1521 #Send ServerHello | 1526 #Send ServerHello |
1522 serverHello = ServerHello() | 1527 serverHello = ServerHello() |
1523 serverHello.create(self.version, getRandomBytes(32), | 1528 serverHello.create(self.version, getRandomBytes(32), |
1524 session.sessionID, session.cipherSuite, | 1529 session.sessionID, session.cipherSuite, |
1525 CertificateType.x509, None, None) | 1530 CertificateType.x509, None, None) |
| 1531 serverHello.extended_master_secret = \ |
| 1532 clientHello.extended_master_secret and \ |
| 1533 settings.enableExtendedMasterSecret |
1526 for result in self._sendMsg(serverHello): | 1534 for result in self._sendMsg(serverHello): |
1527 yield result | 1535 yield result |
1528 | 1536 |
1529 #From here on, the client's messages must have right version | 1537 #From here on, the client's messages must have right version |
1530 self._versionCheck = True | 1538 self._versionCheck = True |
1531 | 1539 |
1532 #Calculate pending connection states | 1540 #Calculate pending connection states |
1533 self._calcPendingStates(session.cipherSuite, | 1541 self._calcPendingStates(session.cipherSuite, |
1534 session.masterSecret, | 1542 session.masterSecret, |
1535 clientHello.random, | 1543 clientHello.random, |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1736 premasterSecret = \ | 1744 premasterSecret = \ |
1737 keyExchange.processClientKeyExchange(clientKeyExchange) | 1745 keyExchange.processClientKeyExchange(clientKeyExchange) |
1738 except TLSLocalAlert, alert: | 1746 except TLSLocalAlert, alert: |
1739 for result in self._sendError(alert.description, alert.message): | 1747 for result in self._sendError(alert.description, alert.message): |
1740 yield result | 1748 yield result |
1741 | 1749 |
1742 #Get and check CertificateVerify, if relevant | 1750 #Get and check CertificateVerify, if relevant |
1743 if clientCertChain: | 1751 if clientCertChain: |
1744 if self.version == (3,0): | 1752 if self.version == (3,0): |
1745 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1753 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1746 clientHello.random, serverHello.random) | 1754 clientHello.random, serverHello.random, |
| 1755 b"", False) |
1747 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") | 1756 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
1748 elif self.version in ((3,1), (3,2)): | 1757 elif self.version in ((3,1), (3,2)): |
1749 verifyBytes = self._handshake_md5.digest() + \ | 1758 verifyBytes = self._handshake_md5.digest() + \ |
1750 self._handshake_sha.digest() | 1759 self._handshake_sha.digest() |
1751 elif self.version == (3,3): | 1760 elif self.version == (3,3): |
1752 verifyBytes = self._handshake_sha.digest() | 1761 verifyBytes = self._handshake_sha.digest() |
1753 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) | 1762 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) |
1754 for result in self._getMsg(ContentType.handshake, | 1763 for result in self._getMsg(ContentType.handshake, |
1755 HandshakeType.certificate_verify): | 1764 HandshakeType.certificate_verify): |
1756 if result in (0,1): yield result | 1765 if result in (0,1): yield result |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1820 | 1829 |
1821 #Calculate premaster secre | 1830 #Calculate premaster secre |
1822 S = powMod(dh_Yc,dh_Xs,dh_p) | 1831 S = powMod(dh_Yc,dh_Xs,dh_p) |
1823 premasterSecret = numberToByteArray(S) | 1832 premasterSecret = numberToByteArray(S) |
1824 | 1833 |
1825 yield premasterSecret | 1834 yield premasterSecret |
1826 | 1835 |
1827 | 1836 |
1828 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, | 1837 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, |
1829 cipherSuite, cipherImplementations, nextProtos, | 1838 cipherSuite, cipherImplementations, nextProtos, |
1830 doingChannelID): | 1839 doingChannelID, useExtendedMasterSecret): |
1831 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1840 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1832 clientRandom, serverRandom) | 1841 clientRandom, serverRandom, |
| 1842 self._ems_handshake_hash, |
| 1843 useExtendedMasterSecret) |
1833 | 1844 |
1834 #Calculate pending connection states | 1845 #Calculate pending connection states |
1835 self._calcPendingStates(cipherSuite, masterSecret, | 1846 self._calcPendingStates(cipherSuite, masterSecret, |
1836 clientRandom, serverRandom, | 1847 clientRandom, serverRandom, |
1837 cipherImplementations) | 1848 cipherImplementations) |
1838 | 1849 |
1839 #Exchange ChangeCipherSpec and Finished messages | 1850 #Exchange ChangeCipherSpec and Finished messages |
1840 for result in self._getFinished(masterSecret, | 1851 for result in self._getFinished(masterSecret, |
1841 expect_next_protocol=nextProtos is not None, | 1852 expect_next_protocol=nextProtos is not None, |
1842 expect_channel_id=doingChannelID): | 1853 expect_channel_id=doingChannelID): |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1990 except TLSAlert as alert: | 2001 except TLSAlert as alert: |
1991 if not self.fault: | 2002 if not self.fault: |
1992 raise | 2003 raise |
1993 if alert.description not in Fault.faultAlerts[self.fault]: | 2004 if alert.description not in Fault.faultAlerts[self.fault]: |
1994 raise TLSFaultError(str(alert)) | 2005 raise TLSFaultError(str(alert)) |
1995 else: | 2006 else: |
1996 pass | 2007 pass |
1997 except: | 2008 except: |
1998 self._shutdown(False) | 2009 self._shutdown(False) |
1999 raise | 2010 raise |
OLD | NEW |