OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
8 # | 8 # |
9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
10 | 10 |
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
174 def __init__(self, sock): | 174 def __init__(self, sock): |
175 """Create a new TLSConnection instance. | 175 """Create a new TLSConnection instance. |
176 | 176 |
177 @param sock: The socket data will be transmitted on. The | 177 @param sock: The socket data will be transmitted on. The |
178 socket should already be connected. It may be in blocking or | 178 socket should already be connected. It may be in blocking or |
179 non-blocking mode. | 179 non-blocking mode. |
180 | 180 |
181 @type sock: L{socket.socket} | 181 @type sock: L{socket.socket} |
182 """ | 182 """ |
183 TLSRecordLayer.__init__(self, sock) | 183 TLSRecordLayer.__init__(self, sock) |
| 184 self.clientRandom = b"" |
| 185 self.serverRandom = b"" |
184 | 186 |
185 #********************************************************* | 187 #********************************************************* |
186 # Client Handshake Functions | 188 # Client Handshake Functions |
187 #********************************************************* | 189 #********************************************************* |
188 | 190 |
189 def handshakeClientAnonymous(self, session=None, settings=None, | 191 def handshakeClientAnonymous(self, session=None, settings=None, |
190 checker=None, serverName="", | 192 checker=None, serverName="", |
191 async=False): | 193 async=False): |
192 """Perform an anonymous handshake in the role of client. | 194 """Perform an anonymous handshake in the role of client. |
193 | 195 |
(...skipping 405 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
599 #initiates an exchange of Finished messages. | 601 #initiates an exchange of Finished messages. |
600 for result in self._clientFinished(premasterSecret, | 602 for result in self._clientFinished(premasterSecret, |
601 clientHello.random, | 603 clientHello.random, |
602 serverHello.random, | 604 serverHello.random, |
603 cipherSuite, settings.cipherImplementations, | 605 cipherSuite, settings.cipherImplementations, |
604 nextProto): | 606 nextProto): |
605 if result in (0,1): yield result | 607 if result in (0,1): yield result |
606 else: break | 608 else: break |
607 masterSecret = result | 609 masterSecret = result |
608 | 610 |
| 611 self.clientRandom = clientHello.random |
| 612 self.serverRandom = serverHello.random |
| 613 |
609 # Create the session object which is used for resumptions | 614 # Create the session object which is used for resumptions |
610 self.session = Session() | 615 self.session = Session() |
611 self.session.create(masterSecret, serverHello.session_id, cipherSuite, | 616 self.session.create(masterSecret, serverHello.session_id, cipherSuite, |
612 srpUsername, clientCertChain, serverCertChain, | 617 srpUsername, clientCertChain, serverCertChain, |
613 tackExt, serverHello.tackExt!=None, serverName) | 618 tackExt, serverHello.tackExt!=None, serverName) |
614 self._handshakeDone(resumed=False) | 619 self._handshakeDone(resumed=False) |
615 | 620 |
616 | 621 |
617 def _clientSendClientHello(self, settings, session, srpUsername, | 622 def _clientSendClientHello(self, settings, session, srpUsername, |
618 srpParams, certParams, anonParams, | 623 srpParams, certParams, anonParams, |
(...skipping 772 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1391 # Exchange Finished messages | 1396 # Exchange Finished messages |
1392 for result in self._serverFinished(premasterSecret, | 1397 for result in self._serverFinished(premasterSecret, |
1393 clientHello.random, serverHello.random, | 1398 clientHello.random, serverHello.random, |
1394 cipherSuite, settings.cipherImplementations, | 1399 cipherSuite, settings.cipherImplementations, |
1395 nextProtos, serverHello.channel_id, | 1400 nextProtos, serverHello.channel_id, |
1396 serverHello.extended_master_secret): | 1401 serverHello.extended_master_secret): |
1397 if result in (0,1): yield result | 1402 if result in (0,1): yield result |
1398 else: break | 1403 else: break |
1399 masterSecret = result | 1404 masterSecret = result |
1400 | 1405 |
| 1406 self.clientRandom = clientHello.random |
| 1407 self.serverRandom = serverHello.random |
| 1408 |
1401 #Create the session object | 1409 #Create the session object |
1402 self.session = Session() | 1410 self.session = Session() |
1403 if cipherSuite in CipherSuite.certAllSuites: | 1411 if cipherSuite in CipherSuite.certAllSuites: |
1404 serverCertChain = certChain | 1412 serverCertChain = certChain |
1405 else: | 1413 else: |
1406 serverCertChain = None | 1414 serverCertChain = None |
1407 srpUsername = None | 1415 srpUsername = None |
1408 serverName = None | 1416 serverName = None |
1409 if clientHello.srp_username: | 1417 if clientHello.srp_username: |
1410 srpUsername = clientHello.srp_username.decode("utf-8") | 1418 srpUsername = clientHello.srp_username.decode("utf-8") |
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1529 #If a session is found.. | 1537 #If a session is found.. |
1530 if session: | 1538 if session: |
1531 #Send ServerHello | 1539 #Send ServerHello |
1532 serverHello = ServerHello() | 1540 serverHello = ServerHello() |
1533 serverHello.create(self.version, getRandomBytes(32), | 1541 serverHello.create(self.version, getRandomBytes(32), |
1534 session.sessionID, session.cipherSuite, | 1542 session.sessionID, session.cipherSuite, |
1535 CertificateType.x509, None, None) | 1543 CertificateType.x509, None, None) |
1536 serverHello.extended_master_secret = \ | 1544 serverHello.extended_master_secret = \ |
1537 clientHello.extended_master_secret and \ | 1545 clientHello.extended_master_secret and \ |
1538 settings.enableExtendedMasterSecret | 1546 settings.enableExtendedMasterSecret |
| 1547 for param in clientHello.tb_client_params: |
| 1548 if param in settings.supportedTokenBindingParams: |
| 1549 serverHello.tb_params = param |
| 1550 break |
1539 for result in self._sendMsg(serverHello): | 1551 for result in self._sendMsg(serverHello): |
1540 yield result | 1552 yield result |
1541 | 1553 |
1542 #From here on, the client's messages must have right version | 1554 #From here on, the client's messages must have right version |
1543 self._versionCheck = True | 1555 self._versionCheck = True |
1544 | 1556 |
1545 #Calculate pending connection states | 1557 #Calculate pending connection states |
1546 self._calcPendingStates(session.cipherSuite, | 1558 self._calcPendingStates(session.cipherSuite, |
1547 session.masterSecret, | 1559 session.masterSecret, |
1548 clientHello.random, | 1560 clientHello.random, |
(...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2006 except TLSAlert as alert: | 2018 except TLSAlert as alert: |
2007 if not self.fault: | 2019 if not self.fault: |
2008 raise | 2020 raise |
2009 if alert.description not in Fault.faultAlerts[self.fault]: | 2021 if alert.description not in Fault.faultAlerts[self.fault]: |
2010 raise TLSFaultError(str(alert)) | 2022 raise TLSFaultError(str(alert)) |
2011 else: | 2023 else: |
2012 pass | 2024 pass |
2013 except: | 2025 except: |
2014 self._shutdown(False) | 2026 self._shutdown(False) |
2015 raise | 2027 raise |
| 2028 |
| 2029 |
| 2030 def exportKeyingMaterial(self, label, context, use_context, length): |
| 2031 """Returns the exported keying material as defined in RFC 5705.""" |
| 2032 |
| 2033 seed = self.clientRandom + self.serverRandom |
| 2034 if use_context: |
| 2035 if len(context) > 65535: |
| 2036 raise ValueError("Context is too long") |
| 2037 seed += bytearray(2) |
| 2038 seed[len(seed) - 2] = len(context) >> 8 |
| 2039 seed[len(seed) - 1] = len(context) & 0xFF |
| 2040 seed += context |
| 2041 if self.version in ((3,1), (3,2)): |
| 2042 return PRF(self.session.masterSecret, label, seed, length) |
| 2043 elif self.version == (3,3): |
| 2044 return PRF_1_2(self.session.masterSecret, label, seed, length) |
| 2045 else: |
| 2046 raise AssertionError() |
OLD | NEW |