OLD | NEW |
---|---|
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
7 # | 7 # |
8 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
9 | 9 |
10 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
108 self.session_id = bytearray(0) | 108 self.session_id = bytearray(0) |
109 self.cipher_suites = [] # a list of 16-bit values | 109 self.cipher_suites = [] # a list of 16-bit values |
110 self.certificate_types = [CertificateType.x509] | 110 self.certificate_types = [CertificateType.x509] |
111 self.compression_methods = [] # a list of 8-bit values | 111 self.compression_methods = [] # a list of 8-bit values |
112 self.srp_username = None # a string | 112 self.srp_username = None # a string |
113 self.tack = False | 113 self.tack = False |
114 self.supports_npn = False | 114 self.supports_npn = False |
115 self.server_name = bytearray(0) | 115 self.server_name = bytearray(0) |
116 self.channel_id = False | 116 self.channel_id = False |
117 self.extended_master_secret = False | 117 self.extended_master_secret = False |
118 self.tb_client_params = [] | |
118 self.support_signed_cert_timestamps = False | 119 self.support_signed_cert_timestamps = False |
119 self.status_request = False | 120 self.status_request = False |
120 | 121 |
121 def create(self, version, random, session_id, cipher_suites, | 122 def create(self, version, random, session_id, cipher_suites, |
122 certificate_types=None, srpUsername=None, | 123 certificate_types=None, srpUsername=None, |
123 tack=False, supports_npn=False, serverName=None): | 124 tack=False, supports_npn=False, serverName=None): |
124 self.client_version = version | 125 self.client_version = version |
125 self.random = random | 126 self.random = random |
126 self.session_id = session_id | 127 self.session_id = session_id |
127 self.cipher_suites = cipher_suites | 128 self.cipher_suites = cipher_suites |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
181 break # no host_name, oh well | 182 break # no host_name, oh well |
182 name_type = p2.get(1) | 183 name_type = p2.get(1) |
183 hostNameBytes = p2.getVarBytes(2) | 184 hostNameBytes = p2.getVarBytes(2) |
184 if name_type == NameType.host_name: | 185 if name_type == NameType.host_name: |
185 self.server_name = hostNameBytes | 186 self.server_name = hostNameBytes |
186 break | 187 break |
187 elif extType == ExtensionType.channel_id: | 188 elif extType == ExtensionType.channel_id: |
188 self.channel_id = True | 189 self.channel_id = True |
189 elif extType == ExtensionType.extended_master_secret: | 190 elif extType == ExtensionType.extended_master_secret: |
190 self.extended_master_secret = True | 191 self.extended_master_secret = True |
192 elif extType == ExtensionType.token_binding: | |
193 tokenBindingBytes = p.getFixBytes(extLength) | |
194 p2 = Parser(tokenBindingBytes) | |
195 ver_minor = p2.get(1) | |
196 ver_major = p2.get(1) | |
davidben
2015/09/15 15:49:40
Should we do anything with this value? Require (ve
nharper
2015/09/15 19:12:29
Yes, that sounds like a good idea.
| |
197 p2.startLengthCheck(1) | |
198 while not p2.atLengthCheck(): | |
199 self.tb_client_params.append(p2.get(1)) | |
191 elif extType == ExtensionType.signed_cert_timestamps: | 200 elif extType == ExtensionType.signed_cert_timestamps: |
192 if extLength: | 201 if extLength: |
193 raise SyntaxError() | 202 raise SyntaxError() |
194 self.support_signed_cert_timestamps = True | 203 self.support_signed_cert_timestamps = True |
195 elif extType == ExtensionType.status_request: | 204 elif extType == ExtensionType.status_request: |
196 # Extension contents are currently ignored. | 205 # Extension contents are currently ignored. |
197 # According to RFC 6066, this is not strictly forbidden | 206 # According to RFC 6066, this is not strictly forbidden |
198 # (although it is suboptimal): | 207 # (although it is suboptimal): |
199 # Servers that receive a client hello containing the | 208 # Servers that receive a client hello containing the |
200 # "status_request" extension MAY return a suitable | 209 # "status_request" extension MAY return a suitable |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
264 self.random = bytearray(32) | 273 self.random = bytearray(32) |
265 self.session_id = bytearray(0) | 274 self.session_id = bytearray(0) |
266 self.cipher_suite = 0 | 275 self.cipher_suite = 0 |
267 self.certificate_type = CertificateType.x509 | 276 self.certificate_type = CertificateType.x509 |
268 self.compression_method = 0 | 277 self.compression_method = 0 |
269 self.tackExt = None | 278 self.tackExt = None |
270 self.next_protos_advertised = None | 279 self.next_protos_advertised = None |
271 self.next_protos = None | 280 self.next_protos = None |
272 self.channel_id = False | 281 self.channel_id = False |
273 self.extended_master_secret = False | 282 self.extended_master_secret = False |
283 self.tb_params = None | |
274 self.signed_cert_timestamps = None | 284 self.signed_cert_timestamps = None |
275 self.status_request = False | 285 self.status_request = False |
276 | 286 |
277 def create(self, version, random, session_id, cipher_suite, | 287 def create(self, version, random, session_id, cipher_suite, |
278 certificate_type, tackExt, next_protos_advertised): | 288 certificate_type, tackExt, next_protos_advertised): |
279 self.server_version = version | 289 self.server_version = version |
280 self.random = random | 290 self.random = random |
281 self.session_id = session_id | 291 self.session_id = session_id |
282 self.cipher_suite = cipher_suite | 292 self.cipher_suite = cipher_suite |
283 self.certificate_type = certificate_type | 293 self.certificate_type = certificate_type |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
358 encoded_next_protos_advertised = self.__next_protos_encoded() | 368 encoded_next_protos_advertised = self.__next_protos_encoded() |
359 w2.add(ExtensionType.supports_npn, 2) | 369 w2.add(ExtensionType.supports_npn, 2) |
360 w2.add(len(encoded_next_protos_advertised), 2) | 370 w2.add(len(encoded_next_protos_advertised), 2) |
361 w2.addFixSeq(encoded_next_protos_advertised, 1) | 371 w2.addFixSeq(encoded_next_protos_advertised, 1) |
362 if self.channel_id: | 372 if self.channel_id: |
363 w2.add(ExtensionType.channel_id, 2) | 373 w2.add(ExtensionType.channel_id, 2) |
364 w2.add(0, 2) | 374 w2.add(0, 2) |
365 if self.extended_master_secret: | 375 if self.extended_master_secret: |
366 w2.add(ExtensionType.extended_master_secret, 2) | 376 w2.add(ExtensionType.extended_master_secret, 2) |
367 w2.add(0, 2) | 377 w2.add(0, 2) |
378 if self.tb_params: | |
379 w2.add(ExtensionType.token_binding, 2) | |
380 # length of extension | |
381 w2.add(4, 2) | |
382 # version | |
383 w2.add(0, 1) | |
384 w2.add(2, 1) | |
385 # length of params (defined as variable length <1..2^8-1>, but in | |
386 # this context the server can only send a single value. | |
387 w2.add(1, 1) | |
388 w2.add(self.tb_params, 1) | |
368 if self.signed_cert_timestamps: | 389 if self.signed_cert_timestamps: |
369 w2.add(ExtensionType.signed_cert_timestamps, 2) | 390 w2.add(ExtensionType.signed_cert_timestamps, 2) |
370 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) | 391 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) |
371 if self.status_request: | 392 if self.status_request: |
372 w2.add(ExtensionType.status_request, 2) | 393 w2.add(ExtensionType.status_request, 2) |
373 w2.add(0, 2) | 394 w2.add(0, 2) |
374 if len(w2.bytes): | 395 if len(w2.bytes): |
375 w.add(len(w2.bytes), 2) | 396 w.add(len(w2.bytes), 2) |
376 w.bytes += w2.bytes | 397 w.bytes += w2.bytes |
377 return self.postWrite(w) | 398 return self.postWrite(w) |
(...skipping 425 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
803 newMsg = ApplicationData().create(self.bytes[:1]) | 824 newMsg = ApplicationData().create(self.bytes[:1]) |
804 self.bytes = self.bytes[1:] | 825 self.bytes = self.bytes[1:] |
805 return newMsg | 826 return newMsg |
806 | 827 |
807 def parse(self, p): | 828 def parse(self, p): |
808 self.bytes = p.bytes | 829 self.bytes = p.bytes |
809 return self | 830 return self |
810 | 831 |
811 def write(self): | 832 def write(self): |
812 return self.bytes | 833 return self.bytes |
OLD | NEW |