| OLD | NEW |
|---|
| (Empty) |
| 1 """Class for setting handshake parameters.""" | |
| 2 | |
| 3 from constants import CertificateType | |
| 4 from utils import cryptomath | |
| 5 from utils import cipherfactory | |
| 6 | |
| 7 class HandshakeSettings: | |
| 8 """This class encapsulates various parameters that can be used with | |
| 9 a TLS handshake. | |
| 10 @sort: minKeySize, maxKeySize, cipherNames, certificateTypes, | |
| 11 minVersion, maxVersion | |
| 12 | |
| 13 @type minKeySize: int | |
| 14 @ivar minKeySize: The minimum bit length for asymmetric keys. | |
| 15 | |
| 16 If the other party tries to use SRP, RSA, or Diffie-Hellman | |
| 17 parameters smaller than this length, an alert will be | |
| 18 signalled. The default is 1023. | |
| 19 | |
| 20 @type maxKeySize: int | |
| 21 @ivar maxKeySize: The maximum bit length for asymmetric keys. | |
| 22 | |
| 23 If the other party tries to use SRP, RSA, or Diffie-Hellman | |
| 24 parameters larger than this length, an alert will be signalled. | |
| 25 The default is 8193. | |
| 26 | |
| 27 @type cipherNames: list | |
| 28 @ivar cipherNames: The allowed ciphers, in order of preference. | |
| 29 | |
| 30 The allowed values in this list are 'aes256', 'aes128', '3des', and | |
| 31 'rc4'. If these settings are used with a client handshake, they | |
| 32 determine the order of the ciphersuites offered in the ClientHello | |
| 33 message. | |
| 34 | |
| 35 If these settings are used with a server handshake, the server will | |
| 36 choose whichever ciphersuite matches the earliest entry in this | |
| 37 list. | |
| 38 | |
| 39 NOTE: If '3des' is used in this list, but TLS Lite can't find an | |
| 40 add-on library that supports 3DES, then '3des' will be silently | |
| 41 removed. | |
| 42 | |
| 43 The default value is ['aes256', 'aes128', '3des', 'rc4']. | |
| 44 | |
| 45 @type certificateTypes: list | |
| 46 @ivar certificateTypes: The allowed certificate types, in order of | |
| 47 preference. | |
| 48 | |
| 49 The allowed values in this list are 'x509' and 'cryptoID'. This | |
| 50 list is only used with a client handshake. The client will | |
| 51 advertise to the server which certificate types are supported, and | |
| 52 will check that the server uses one of the appropriate types. | |
| 53 | |
| 54 NOTE: If 'cryptoID' is used in this list, but cryptoIDlib is not | |
| 55 installed, then 'cryptoID' will be silently removed. | |
| 56 | |
| 57 @type minVersion: tuple | |
| 58 @ivar minVersion: The minimum allowed SSL/TLS version. | |
| 59 | |
| 60 This variable can be set to (3,0) for SSL 3.0, (3,1) for | |
| 61 TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to | |
| 62 use a lower version, a protocol_version alert will be signalled. | |
| 63 The default is (3,0). | |
| 64 | |
| 65 @type maxVersion: tuple | |
| 66 @ivar maxVersion: The maximum allowed SSL/TLS version. | |
| 67 | |
| 68 This variable can be set to (3,0) for SSL 3.0, (3,1) for | |
| 69 TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to | |
| 70 use a higher version, a protocol_version alert will be signalled. | |
| 71 The default is (3,2). (WARNING: Some servers may (improperly) | |
| 72 reject clients which offer support for TLS 1.1. In this case, | |
| 73 try lowering maxVersion to (3,1)). | |
| 74 """ | |
| 75 def __init__(self): | |
| 76 self.minKeySize = 1023 | |
| 77 self.maxKeySize = 8193 | |
| 78 self.cipherNames = ["aes256", "aes128", "3des", "rc4"] | |
| 79 self.cipherImplementations = ["cryptlib", "openssl", "pycrypto", | |
| 80 "python"] | |
| 81 self.certificateTypes = ["x509", "cryptoID"] | |
| 82 self.minVersion = (3,0) | |
| 83 self.maxVersion = (3,2) | |
| 84 | |
| 85 #Filters out options that are not supported | |
| 86 def _filter(self): | |
| 87 other = HandshakeSettings() | |
| 88 other.minKeySize = self.minKeySize | |
| 89 other.maxKeySize = self.maxKeySize | |
| 90 other.cipherNames = self.cipherNames | |
| 91 other.cipherImplementations = self.cipherImplementations | |
| 92 other.certificateTypes = self.certificateTypes | |
| 93 other.minVersion = self.minVersion | |
| 94 other.maxVersion = self.maxVersion | |
| 95 | |
| 96 if not cipherfactory.tripleDESPresent: | |
| 97 other.cipherNames = [e for e in self.cipherNames if e != "3des"] | |
| 98 if len(other.cipherNames)==0: | |
| 99 raise ValueError("No supported ciphers") | |
| 100 | |
| 101 try: | |
| 102 import cryptoIDlib | |
| 103 except ImportError: | |
| 104 other.certificateTypes = [e for e in self.certificateTypes \ | |
| 105 if e != "cryptoID"] | |
| 106 if len(other.certificateTypes)==0: | |
| 107 raise ValueError("No supported certificate types") | |
| 108 | |
| 109 if not cryptomath.cryptlibpyLoaded: | |
| 110 other.cipherImplementations = [e for e in \ | |
| 111 self.cipherImplementations if e != "cryptlib"] | |
| 112 if not cryptomath.m2cryptoLoaded: | |
| 113 other.cipherImplementations = [e for e in \ | |
| 114 other.cipherImplementations if e != "openssl"] | |
| 115 if not cryptomath.pycryptoLoaded: | |
| 116 other.cipherImplementations = [e for e in \ | |
| 117 other.cipherImplementations if e != "pycrypto"] | |
| 118 if len(other.cipherImplementations)==0: | |
| 119 raise ValueError("No supported cipher implementations") | |
| 120 | |
| 121 if other.minKeySize<512: | |
| 122 raise ValueError("minKeySize too small") | |
| 123 if other.minKeySize>16384: | |
| 124 raise ValueError("minKeySize too large") | |
| 125 if other.maxKeySize<512: | |
| 126 raise ValueError("maxKeySize too small") | |
| 127 if other.maxKeySize>16384: | |
| 128 raise ValueError("maxKeySize too large") | |
| 129 for s in other.cipherNames: | |
| 130 if s not in ("aes256", "aes128", "rc4", "3des"): | |
| 131 raise ValueError("Unknown cipher name: '%s'" % s) | |
| 132 for s in other.cipherImplementations: | |
| 133 if s not in ("cryptlib", "openssl", "python", "pycrypto"): | |
| 134 raise ValueError("Unknown cipher implementation: '%s'" % s) | |
| 135 for s in other.certificateTypes: | |
| 136 if s not in ("x509", "cryptoID"): | |
| 137 raise ValueError("Unknown certificate type: '%s'" % s) | |
| 138 | |
| 139 if other.minVersion > other.maxVersion: | |
| 140 raise ValueError("Versions set incorrectly") | |
| 141 | |
| 142 if not other.minVersion in ((3,0), (3,1), (3,2)): | |
| 143 raise ValueError("minVersion set incorrectly") | |
| 144 | |
| 145 if not other.maxVersion in ((3,0), (3,1), (3,2)): | |
| 146 raise ValueError("maxVersion set incorrectly") | |
| 147 | |
| 148 return other | |
| 149 | |
| 150 def _getCertificateTypes(self): | |
| 151 l = [] | |
| 152 for ct in self.certificateTypes: | |
| 153 if ct == "x509": | |
| 154 l.append(CertificateType.x509) | |
| 155 elif ct == "cryptoID": | |
| 156 l.append(CertificateType.cryptoID) | |
| 157 else: | |
| 158 raise AssertionError() | |
| 159 return l | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 211173006:
Perform tlslite 0.3.8 -> 0.4.6 renames ahead of time. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src