OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
8 # | 8 # |
9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
10 | 10 |
(...skipping 591 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
602 serverHello.random, | 602 serverHello.random, |
603 cipherSuite, settings.cipherImplementations, | 603 cipherSuite, settings.cipherImplementations, |
604 nextProto): | 604 nextProto): |
605 if result in (0,1): yield result | 605 if result in (0,1): yield result |
606 else: break | 606 else: break |
607 masterSecret = result | 607 masterSecret = result |
608 | 608 |
609 # Create the session object which is used for resumptions | 609 # Create the session object which is used for resumptions |
610 self.session = Session() | 610 self.session = Session() |
611 self.session.create(masterSecret, serverHello.session_id, cipherSuite, | 611 self.session.create(masterSecret, serverHello.session_id, cipherSuite, |
612 srpUsername, clientCertChain, serverCertChain, | 612 srpUsername, clientCertChain, serverCertChain, clientHello.random, |
613 tackExt, serverHello.tackExt!=None, serverName) | 613 serverHello.random, tackExt, serverHello.tackExt!=None, serverName) |
614 self._handshakeDone(resumed=False) | 614 self._handshakeDone(resumed=False) |
615 | 615 |
616 | 616 |
617 def _clientSendClientHello(self, settings, session, srpUsername, | 617 def _clientSendClientHello(self, settings, session, srpUsername, |
618 srpParams, certParams, anonParams, | 618 srpParams, certParams, anonParams, |
619 serverName, nextProtos, reqTack): | 619 serverName, nextProtos, reqTack): |
620 #Initialize acceptable ciphersuites | 620 #Initialize acceptable ciphersuites |
621 cipherSuites = [CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] | 621 cipherSuites = [CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] |
622 if srpParams: | 622 if srpParams: |
623 cipherSuites += CipherSuite.getSrpAllSuites(settings) | 623 cipherSuites += CipherSuite.getSrpAllSuites(settings) |
(...skipping 780 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1404 serverCertChain = certChain | 1404 serverCertChain = certChain |
1405 else: | 1405 else: |
1406 serverCertChain = None | 1406 serverCertChain = None |
1407 srpUsername = None | 1407 srpUsername = None |
1408 serverName = None | 1408 serverName = None |
1409 if clientHello.srp_username: | 1409 if clientHello.srp_username: |
1410 srpUsername = clientHello.srp_username.decode("utf-8") | 1410 srpUsername = clientHello.srp_username.decode("utf-8") |
1411 if clientHello.server_name: | 1411 if clientHello.server_name: |
1412 serverName = clientHello.server_name.decode("utf-8") | 1412 serverName = clientHello.server_name.decode("utf-8") |
1413 self.session.create(masterSecret, serverHello.session_id, cipherSuite, | 1413 self.session.create(masterSecret, serverHello.session_id, cipherSuite, |
1414 srpUsername, clientCertChain, serverCertChain, | 1414 srpUsername, clientCertChain, serverCertChain, clientHello.random, |
1415 tackExt, serverHello.tackExt!=None, serverName) | 1415 serverHello.random, tackExt, serverHello.tackExt!=None, serverName) |
1416 | 1416 |
1417 #Add the session object to the session cache | 1417 #Add the session object to the session cache |
1418 if sessionCache and sessionID: | 1418 if sessionCache and sessionID: |
1419 sessionCache[sessionID] = self.session | 1419 sessionCache[sessionID] = self.session |
1420 | 1420 |
1421 self._handshakeDone(resumed=False) | 1421 self._handshakeDone(resumed=False) |
1422 | 1422 |
1423 | 1423 |
1424 def _serverGetClientHello(self, settings, certChain, verifierDB, | 1424 def _serverGetClientHello(self, settings, certChain, verifierDB, |
1425 sessionCache, anon, fallbackSCSV): | 1425 sessionCache, anon, fallbackSCSV): |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1529 #If a session is found.. | 1529 #If a session is found.. |
1530 if session: | 1530 if session: |
1531 #Send ServerHello | 1531 #Send ServerHello |
1532 serverHello = ServerHello() | 1532 serverHello = ServerHello() |
1533 serverHello.create(self.version, getRandomBytes(32), | 1533 serverHello.create(self.version, getRandomBytes(32), |
1534 session.sessionID, session.cipherSuite, | 1534 session.sessionID, session.cipherSuite, |
1535 CertificateType.x509, None, None) | 1535 CertificateType.x509, None, None) |
1536 serverHello.extended_master_secret = \ | 1536 serverHello.extended_master_secret = \ |
1537 clientHello.extended_master_secret and \ | 1537 clientHello.extended_master_secret and \ |
1538 settings.enableExtendedMasterSecret | 1538 settings.enableExtendedMasterSecret |
| 1539 for param in clientHello.tb_client_params: |
| 1540 if param in settings.supportedTokenBindingParams: |
| 1541 serverHello.tb_params = param |
| 1542 break |
1539 for result in self._sendMsg(serverHello): | 1543 for result in self._sendMsg(serverHello): |
1540 yield result | 1544 yield result |
1541 | 1545 |
1542 #From here on, the client's messages must have right version | 1546 #From here on, the client's messages must have right version |
1543 self._versionCheck = True | 1547 self._versionCheck = True |
1544 | 1548 |
1545 #Calculate pending connection states | 1549 #Calculate pending connection states |
1546 self._calcPendingStates(session.cipherSuite, | 1550 self._calcPendingStates(session.cipherSuite, |
1547 session.masterSecret, | 1551 session.masterSecret, |
1548 clientHello.random, | 1552 clientHello.random, |
(...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2006 except TLSAlert as alert: | 2010 except TLSAlert as alert: |
2007 if not self.fault: | 2011 if not self.fault: |
2008 raise | 2012 raise |
2009 if alert.description not in Fault.faultAlerts[self.fault]: | 2013 if alert.description not in Fault.faultAlerts[self.fault]: |
2010 raise TLSFaultError(str(alert)) | 2014 raise TLSFaultError(str(alert)) |
2011 else: | 2015 else: |
2012 pass | 2016 pass |
2013 except: | 2017 except: |
2014 self._shutdown(False) | 2018 self._shutdown(False) |
2015 raise | 2019 raise |
OLD | NEW |