OLD | NEW |
---|---|
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google (adapted by Sam Rushing) - NPN support | 3 # Google (adapted by Sam Rushing) - NPN support |
4 # Martin von Loewis - python 3 port | 4 # Martin von Loewis - python 3 port |
5 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 5 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
6 # | 6 # |
7 # See the LICENSE file for legal information regarding use of this file. | 7 # See the LICENSE file for legal information regarding use of this file. |
8 | 8 |
9 """Helper class for TLSConnection.""" | 9 """Helper class for TLSConnection.""" |
10 from __future__ import generators | 10 from __future__ import generators |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
112 | 112 |
113 #Buffers for processing messages | 113 #Buffers for processing messages |
114 self._handshakeBuffer = [] | 114 self._handshakeBuffer = [] |
115 self.clearReadBuffer() | 115 self.clearReadBuffer() |
116 self.clearWriteBuffer() | 116 self.clearWriteBuffer() |
117 | 117 |
118 #Handshake digests | 118 #Handshake digests |
119 self._handshake_md5 = hashlib.md5() | 119 self._handshake_md5 = hashlib.md5() |
120 self._handshake_sha = hashlib.sha1() | 120 self._handshake_sha = hashlib.sha1() |
121 self._handshake_sha256 = hashlib.sha256() | 121 self._handshake_sha256 = hashlib.sha256() |
122 self._ems_handshake_hash = b"" | |
122 | 123 |
123 #TLS Protocol Version | 124 #TLS Protocol Version |
124 self.version = (0,0) #read-only | 125 self.version = (0,0) #read-only |
125 self._versionCheck = False #Once we choose a version, this is True | 126 self._versionCheck = False #Once we choose a version, this is True |
126 | 127 |
127 #Current and Pending connection states | 128 #Current and Pending connection states |
128 self._writeState = _ConnectionState() | 129 self._writeState = _ConnectionState() |
129 self._readState = _ConnectionState() | 130 self._readState = _ConnectionState() |
130 self._pendingWriteState = _ConnectionState() | 131 self._pendingWriteState = _ConnectionState() |
131 self._pendingReadState = _ConnectionState() | 132 self._pendingReadState = _ConnectionState() |
(...skipping 675 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
807 if subType not in secondaryType: | 808 if subType not in secondaryType: |
808 for result in self._sendError(\ | 809 for result in self._sendError(\ |
809 AlertDescription.unexpected_message, | 810 AlertDescription.unexpected_message, |
810 "Expecting %s, got %s" % (str(secondaryType), su bType)): | 811 "Expecting %s, got %s" % (str(secondaryType), su bType)): |
811 yield result | 812 yield result |
812 | 813 |
813 #Update handshake hashes | 814 #Update handshake hashes |
814 self._handshake_md5.update(compat26Str(p.bytes)) | 815 self._handshake_md5.update(compat26Str(p.bytes)) |
815 self._handshake_sha.update(compat26Str(p.bytes)) | 816 self._handshake_sha.update(compat26Str(p.bytes)) |
816 self._handshake_sha256.update(compat26Str(p.bytes)) | 817 self._handshake_sha256.update(compat26Str(p.bytes)) |
818 if subType == HandshakeType.client_key_exchange: | |
819 self._ems_handshake_hash = self._getHandshakeHash() | |
davidben
2015/08/20 15:31:46
Oh. That was the problem. Right. The dumb thing wh
| |
817 | 820 |
818 #Parse based on handshake type | 821 #Parse based on handshake type |
819 if subType == HandshakeType.client_hello: | 822 if subType == HandshakeType.client_hello: |
820 yield ClientHello(recordHeader.ssl2).parse(p) | 823 yield ClientHello(recordHeader.ssl2).parse(p) |
821 elif subType == HandshakeType.server_hello: | 824 elif subType == HandshakeType.server_hello: |
822 yield ServerHello().parse(p) | 825 yield ServerHello().parse(p) |
823 elif subType == HandshakeType.certificate: | 826 elif subType == HandshakeType.certificate: |
824 yield Certificate(constructorType).parse(p) | 827 yield Certificate(constructorType).parse(p) |
825 elif subType == HandshakeType.certificate_request: | 828 elif subType == HandshakeType.certificate_request: |
826 yield CertificateRequest(self.version).parse(p) | 829 yield CertificateRequest(self.version).parse(p) |
(...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1105 | 1108 |
1106 yield b | 1109 yield b |
1107 | 1110 |
1108 def _handshakeStart(self, client): | 1111 def _handshakeStart(self, client): |
1109 if not self.closed: | 1112 if not self.closed: |
1110 raise ValueError("Renegotiation disallowed for security reasons") | 1113 raise ValueError("Renegotiation disallowed for security reasons") |
1111 self._client = client | 1114 self._client = client |
1112 self._handshake_md5 = hashlib.md5() | 1115 self._handshake_md5 = hashlib.md5() |
1113 self._handshake_sha = hashlib.sha1() | 1116 self._handshake_sha = hashlib.sha1() |
1114 self._handshake_sha256 = hashlib.sha256() | 1117 self._handshake_sha256 = hashlib.sha256() |
1118 self._ems_handshake_hash = b"" | |
1115 self._handshakeBuffer = [] | 1119 self._handshakeBuffer = [] |
1116 self.allegedSrpUsername = None | 1120 self.allegedSrpUsername = None |
1117 self._refCount = 1 | 1121 self._refCount = 1 |
1118 | 1122 |
1119 def _handshakeDone(self, resumed): | 1123 def _handshakeDone(self, resumed): |
1120 self.resumed = resumed | 1124 self.resumed = resumed |
1121 self.closed = False | 1125 self.closed = False |
1122 | 1126 |
1123 def _calcPendingStates(self, cipherSuite, masterSecret, | 1127 def _calcPendingStates(self, cipherSuite, masterSecret, |
1124 clientRandom, serverRandom, implementations): | 1128 clientRandom, serverRandom, implementations): |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1249 imac_md5.update(compatHMAC(label + masterSecret + bytearray([0x36]*48))) | 1253 imac_md5.update(compatHMAC(label + masterSecret + bytearray([0x36]*48))) |
1250 imac_sha.update(compatHMAC(label + masterSecret + bytearray([0x36]*40))) | 1254 imac_sha.update(compatHMAC(label + masterSecret + bytearray([0x36]*40))) |
1251 | 1255 |
1252 md5Bytes = MD5(masterSecret + bytearray([0x5c]*48) + \ | 1256 md5Bytes = MD5(masterSecret + bytearray([0x5c]*48) + \ |
1253 bytearray(imac_md5.digest())) | 1257 bytearray(imac_md5.digest())) |
1254 shaBytes = SHA1(masterSecret + bytearray([0x5c]*40) + \ | 1258 shaBytes = SHA1(masterSecret + bytearray([0x5c]*40) + \ |
1255 bytearray(imac_sha.digest())) | 1259 bytearray(imac_sha.digest())) |
1256 | 1260 |
1257 return md5Bytes + shaBytes | 1261 return md5Bytes + shaBytes |
1258 | 1262 |
1263 def _getHandshakeHash(self): | |
1264 if self.version in ((3,1), (3,2)): | |
1265 return self._handshake_md5.digest() + \ | |
1266 self._handshake_sha.digest() | |
1267 elif self.version == (3,3): | |
1268 return self._handshake_sha256.digest() | |
OLD | NEW |