OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
7 # | 7 # |
8 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
9 | 9 |
10 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 self.session_id = bytearray(0) | 108 self.session_id = bytearray(0) |
109 self.cipher_suites = [] # a list of 16-bit values | 109 self.cipher_suites = [] # a list of 16-bit values |
110 self.certificate_types = [CertificateType.x509] | 110 self.certificate_types = [CertificateType.x509] |
111 self.compression_methods = [] # a list of 8-bit values | 111 self.compression_methods = [] # a list of 8-bit values |
112 self.srp_username = None # a string | 112 self.srp_username = None # a string |
113 self.tack = False | 113 self.tack = False |
114 self.supports_npn = False | 114 self.supports_npn = False |
115 self.server_name = bytearray(0) | 115 self.server_name = bytearray(0) |
116 self.channel_id = False | 116 self.channel_id = False |
117 self.extended_master_secret = False | 117 self.extended_master_secret = False |
| 118 self.tb_client_params = [] |
118 self.support_signed_cert_timestamps = False | 119 self.support_signed_cert_timestamps = False |
119 self.status_request = False | 120 self.status_request = False |
120 | 121 |
121 def create(self, version, random, session_id, cipher_suites, | 122 def create(self, version, random, session_id, cipher_suites, |
122 certificate_types=None, srpUsername=None, | 123 certificate_types=None, srpUsername=None, |
123 tack=False, supports_npn=False, serverName=None): | 124 tack=False, supports_npn=False, serverName=None): |
124 self.client_version = version | 125 self.client_version = version |
125 self.random = random | 126 self.random = random |
126 self.session_id = session_id | 127 self.session_id = session_id |
127 self.cipher_suites = cipher_suites | 128 self.cipher_suites = cipher_suites |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
181 break # no host_name, oh well | 182 break # no host_name, oh well |
182 name_type = p2.get(1) | 183 name_type = p2.get(1) |
183 hostNameBytes = p2.getVarBytes(2) | 184 hostNameBytes = p2.getVarBytes(2) |
184 if name_type == NameType.host_name: | 185 if name_type == NameType.host_name: |
185 self.server_name = hostNameBytes | 186 self.server_name = hostNameBytes |
186 break | 187 break |
187 elif extType == ExtensionType.channel_id: | 188 elif extType == ExtensionType.channel_id: |
188 self.channel_id = True | 189 self.channel_id = True |
189 elif extType == ExtensionType.extended_master_secret: | 190 elif extType == ExtensionType.extended_master_secret: |
190 self.extended_master_secret = True | 191 self.extended_master_secret = True |
| 192 elif extType == ExtensionType.token_binding: |
| 193 tokenBindingBytes = p.getFixBytes(extLength) |
| 194 p2 = Parser(tokenBindingBytes) |
| 195 ver_minor = p2.get(1) |
| 196 ver_major = p2.get(1) |
| 197 if (ver_major, ver_minor) >= (0, 2): |
| 198 p2.startLengthCheck(1) |
| 199 while not p2.atLengthCheck(): |
| 200 self.tb_client_params.append(p2.get(1)) |
191 elif extType == ExtensionType.signed_cert_timestamps: | 201 elif extType == ExtensionType.signed_cert_timestamps: |
192 if extLength: | 202 if extLength: |
193 raise SyntaxError() | 203 raise SyntaxError() |
194 self.support_signed_cert_timestamps = True | 204 self.support_signed_cert_timestamps = True |
195 elif extType == ExtensionType.status_request: | 205 elif extType == ExtensionType.status_request: |
196 # Extension contents are currently ignored. | 206 # Extension contents are currently ignored. |
197 # According to RFC 6066, this is not strictly forbidden | 207 # According to RFC 6066, this is not strictly forbidden |
198 # (although it is suboptimal): | 208 # (although it is suboptimal): |
199 # Servers that receive a client hello containing the | 209 # Servers that receive a client hello containing the |
200 # "status_request" extension MAY return a suitable | 210 # "status_request" extension MAY return a suitable |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
264 self.random = bytearray(32) | 274 self.random = bytearray(32) |
265 self.session_id = bytearray(0) | 275 self.session_id = bytearray(0) |
266 self.cipher_suite = 0 | 276 self.cipher_suite = 0 |
267 self.certificate_type = CertificateType.x509 | 277 self.certificate_type = CertificateType.x509 |
268 self.compression_method = 0 | 278 self.compression_method = 0 |
269 self.tackExt = None | 279 self.tackExt = None |
270 self.next_protos_advertised = None | 280 self.next_protos_advertised = None |
271 self.next_protos = None | 281 self.next_protos = None |
272 self.channel_id = False | 282 self.channel_id = False |
273 self.extended_master_secret = False | 283 self.extended_master_secret = False |
| 284 self.tb_params = None |
274 self.signed_cert_timestamps = None | 285 self.signed_cert_timestamps = None |
275 self.status_request = False | 286 self.status_request = False |
276 | 287 |
277 def create(self, version, random, session_id, cipher_suite, | 288 def create(self, version, random, session_id, cipher_suite, |
278 certificate_type, tackExt, next_protos_advertised): | 289 certificate_type, tackExt, next_protos_advertised): |
279 self.server_version = version | 290 self.server_version = version |
280 self.random = random | 291 self.random = random |
281 self.session_id = session_id | 292 self.session_id = session_id |
282 self.cipher_suite = cipher_suite | 293 self.cipher_suite = cipher_suite |
283 self.certificate_type = certificate_type | 294 self.certificate_type = certificate_type |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
358 encoded_next_protos_advertised = self.__next_protos_encoded() | 369 encoded_next_protos_advertised = self.__next_protos_encoded() |
359 w2.add(ExtensionType.supports_npn, 2) | 370 w2.add(ExtensionType.supports_npn, 2) |
360 w2.add(len(encoded_next_protos_advertised), 2) | 371 w2.add(len(encoded_next_protos_advertised), 2) |
361 w2.addFixSeq(encoded_next_protos_advertised, 1) | 372 w2.addFixSeq(encoded_next_protos_advertised, 1) |
362 if self.channel_id: | 373 if self.channel_id: |
363 w2.add(ExtensionType.channel_id, 2) | 374 w2.add(ExtensionType.channel_id, 2) |
364 w2.add(0, 2) | 375 w2.add(0, 2) |
365 if self.extended_master_secret: | 376 if self.extended_master_secret: |
366 w2.add(ExtensionType.extended_master_secret, 2) | 377 w2.add(ExtensionType.extended_master_secret, 2) |
367 w2.add(0, 2) | 378 w2.add(0, 2) |
| 379 if self.tb_params: |
| 380 w2.add(ExtensionType.token_binding, 2) |
| 381 # length of extension |
| 382 w2.add(4, 2) |
| 383 # version |
| 384 w2.add(0, 1) |
| 385 w2.add(2, 1) |
| 386 # length of params (defined as variable length <1..2^8-1>, but in |
| 387 # this context the server can only send a single value. |
| 388 w2.add(1, 1) |
| 389 w2.add(self.tb_params, 1) |
368 if self.signed_cert_timestamps: | 390 if self.signed_cert_timestamps: |
369 w2.add(ExtensionType.signed_cert_timestamps, 2) | 391 w2.add(ExtensionType.signed_cert_timestamps, 2) |
370 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) | 392 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) |
371 if self.status_request: | 393 if self.status_request: |
372 w2.add(ExtensionType.status_request, 2) | 394 w2.add(ExtensionType.status_request, 2) |
373 w2.add(0, 2) | 395 w2.add(0, 2) |
374 if len(w2.bytes): | 396 if len(w2.bytes): |
375 w.add(len(w2.bytes), 2) | 397 w.add(len(w2.bytes), 2) |
376 w.bytes += w2.bytes | 398 w.bytes += w2.bytes |
377 return self.postWrite(w) | 399 return self.postWrite(w) |
(...skipping 425 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
803 newMsg = ApplicationData().create(self.bytes[:1]) | 825 newMsg = ApplicationData().create(self.bytes[:1]) |
804 self.bytes = self.bytes[1:] | 826 self.bytes = self.bytes[1:] |
805 return newMsg | 827 return newMsg |
806 | 828 |
807 def parse(self, p): | 829 def parse(self, p): |
808 self.bytes = p.bytes | 830 self.bytes = p.bytes |
809 return self | 831 return self |
810 | 832 |
811 def write(self): | 833 def write(self): |
812 return self.bytes | 834 return self.bytes |
OLD | NEW |