| OLD | NEW |
|---|
| 1 # Authors: | 1 # Authors: |
| 2 # Trevor Perrin | 2 # Trevor Perrin |
| 3 # Google - defining ClientCertificateType | 3 # Google - defining ClientCertificateType |
| 4 # Google (adapted by Sam Rushing) - NPN support | 4 # Google (adapted by Sam Rushing) - NPN support |
| 5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
| 6 # Dave Baggett (Arcode Corporation) - canonicalCipherName | 6 # Dave Baggett (Arcode Corporation) - canonicalCipherName |
| 7 # | 7 # |
| 8 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
| 9 | 9 |
| 10 """Constants used in various places.""" | 10 """Constants used in various places.""" |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 136 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 | 136 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 |
| 137 | 137 |
| 138 | 138 |
| 139 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A | 139 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A |
| 140 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F | 140 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F |
| 141 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 | 141 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 |
| 142 TLS_RSA_WITH_RC4_128_SHA = 0x0005 | 142 TLS_RSA_WITH_RC4_128_SHA = 0x0005 |
| 143 | 143 |
| 144 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 | 144 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 |
| 145 | 145 |
| 146 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 |
| 147 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 |
| 148 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 |
| 149 |
| 146 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 | 150 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 |
| 147 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A | 151 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A |
| 148 | 152 |
| 149 tripleDESSuites = [] | 153 tripleDESSuites = [] |
| 150 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 154 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
| 151 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | 155 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
| 152 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 156 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
| 157 tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
| 153 | 158 |
| 154 aes128Suites = [] | 159 aes128Suites = [] |
| 155 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 160 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
| 156 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | 161 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
| 157 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 162 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
| 163 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
| 158 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 164 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
| 159 | 165 |
| 160 aes256Suites = [] | 166 aes256Suites = [] |
| 161 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 167 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
| 162 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | 168 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
| 163 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 169 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
| 170 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
| 164 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 171 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
| 165 | 172 |
| 166 rc4Suites = [] | 173 rc4Suites = [] |
| 167 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) | 174 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) |
| 168 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) | 175 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
| 169 | 176 |
| 170 shaSuites = [] | 177 shaSuites = [] |
| 171 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 178 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
| 172 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 179 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
| 173 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 180 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
| 174 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | 181 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
| 175 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | 182 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
| 176 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | 183 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
| 177 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 184 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
| 178 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 185 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
| 179 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 186 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
| 180 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) | 187 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) |
| 188 shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
| 189 shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
| 190 shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
| 181 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 191 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
| 182 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 192 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
| 183 | 193 |
| 184 md5Suites = [] | 194 md5Suites = [] |
| 185 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) | 195 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
| 186 | 196 |
| 187 @staticmethod | 197 @staticmethod |
| 188 def _filterSuites(suites, settings): | 198 def _filterSuites(suites, settings): |
| 189 macNames = settings.macNames | 199 macNames = settings.macNames |
| 190 cipherNames = settings.cipherNames | 200 cipherNames = settings.cipherNames |
| 201 keyExchangeNames = settings.keyExchangeNames |
| 191 macSuites = [] | 202 macSuites = [] |
| 192 if "sha" in macNames: | 203 if "sha" in macNames: |
| 193 macSuites += CipherSuite.shaSuites | 204 macSuites += CipherSuite.shaSuites |
| 194 if "md5" in macNames: | 205 if "md5" in macNames: |
| 195 macSuites += CipherSuite.md5Suites | 206 macSuites += CipherSuite.md5Suites |
| 196 | 207 |
| 197 cipherSuites = [] | 208 cipherSuites = [] |
| 198 if "aes128" in cipherNames: | 209 if "aes128" in cipherNames: |
| 199 cipherSuites += CipherSuite.aes128Suites | 210 cipherSuites += CipherSuite.aes128Suites |
| 200 if "aes256" in cipherNames: | 211 if "aes256" in cipherNames: |
| 201 cipherSuites += CipherSuite.aes256Suites | 212 cipherSuites += CipherSuite.aes256Suites |
| 202 if "3des" in cipherNames: | 213 if "3des" in cipherNames: |
| 203 cipherSuites += CipherSuite.tripleDESSuites | 214 cipherSuites += CipherSuite.tripleDESSuites |
| 204 if "rc4" in cipherNames: | 215 if "rc4" in cipherNames: |
| 205 cipherSuites += CipherSuite.rc4Suites | 216 cipherSuites += CipherSuite.rc4Suites |
| 206 | 217 |
| 207 return [s for s in suites if s in macSuites and s in cipherSuites] | 218 keyExchangeSuites = [] |
| 219 if "rsa" in keyExchangeNames: |
| 220 keyExchangeSuites += CipherSuite.certSuites |
| 221 if "dhe_rsa" in keyExchangeNames: |
| 222 keyExchangeSuites += CipherSuite.dheCertSuites |
| 223 if "srp_sha" in keyExchangeNames: |
| 224 keyExchangeSuites += CipherSuite.srpSuites |
| 225 if "srp_sha_rsa" in keyExchangeNames: |
| 226 keyExchangeSuites += CipherSuite.srpCertSuites |
| 227 if "dh_anon" in keyExchangeNames: |
| 228 keyExchangeSuites += CipherSuite.anonSuites |
| 229 |
| 230 return [s for s in suites if s in macSuites and |
| 231 s in cipherSuites and s in keyExchangeSuites] |
| 208 | 232 |
| 209 srpSuites = [] | 233 srpSuites = [] |
| 210 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 234 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
| 211 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 235 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
| 212 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 236 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
| 213 | 237 |
| 214 @staticmethod | 238 @staticmethod |
| 215 def getSrpSuites(settings): | 239 def getSrpSuites(settings): |
| 216 return CipherSuite._filterSuites(CipherSuite.srpSuites, settings) | 240 return CipherSuite._filterSuites(CipherSuite.srpSuites, settings) |
| 217 | 241 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 229 @staticmethod | 253 @staticmethod |
| 230 def getSrpAllSuites(settings): | 254 def getSrpAllSuites(settings): |
| 231 return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings) | 255 return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings) |
| 232 | 256 |
| 233 certSuites = [] | 257 certSuites = [] |
| 234 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 258 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
| 235 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 259 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
| 236 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 260 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
| 237 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) | 261 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) |
| 238 certSuites.append(TLS_RSA_WITH_RC4_128_MD5) | 262 certSuites.append(TLS_RSA_WITH_RC4_128_MD5) |
| 239 certAllSuites = srpCertSuites + certSuites | |
| 240 | 263 |
| 241 @staticmethod | 264 @staticmethod |
| 242 def getCertSuites(settings): | 265 def getCertSuites(settings): |
| 243 return CipherSuite._filterSuites(CipherSuite.certSuites, settings) | 266 return CipherSuite._filterSuites(CipherSuite.certSuites, settings) |
| 244 | 267 |
| 268 dheCertSuites = [] |
| 269 dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
| 270 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
| 271 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
| 272 |
| 273 @staticmethod |
| 274 def getDheCertSuites(settings): |
| 275 return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings) |
| 276 |
| 277 certAllSuites = srpCertSuites + certSuites + dheCertSuites |
| 278 |
| 245 anonSuites = [] | 279 anonSuites = [] |
| 246 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 280 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
| 247 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 281 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
| 248 | 282 |
| 249 @staticmethod | 283 @staticmethod |
| 250 def getAnonSuites(settings): | 284 def getAnonSuites(settings): |
| 251 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings) | 285 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings) |
| 252 | 286 |
| 287 dhAllSuites = dheCertSuites + anonSuites |
| 288 |
| 253 @staticmethod | 289 @staticmethod |
| 254 def canonicalCipherName(ciphersuite): | 290 def canonicalCipherName(ciphersuite): |
| 255 "Return the canonical name of the cipher whose number is provided." | 291 "Return the canonical name of the cipher whose number is provided." |
| 256 if ciphersuite in CipherSuite.aes128Suites: | 292 if ciphersuite in CipherSuite.aes128Suites: |
| 257 return "aes128" | 293 return "aes128" |
| 258 elif ciphersuite in CipherSuite.aes256Suites: | 294 elif ciphersuite in CipherSuite.aes256Suites: |
| 259 return "aes256" | 295 return "aes256" |
| 260 elif ciphersuite in CipherSuite.rc4Suites: | 296 elif ciphersuite in CipherSuite.rc4Suites: |
| 261 return "rc4" | 297 return "rc4" |
| 262 elif ciphersuite in CipherSuite.tripleDESSuites: | 298 elif ciphersuite in CipherSuite.tripleDESSuites: |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 316 badUsername: "bad username",\ | 352 badUsername: "bad username",\ |
| 317 badPassword: "bad password",\ | 353 badPassword: "bad password",\ |
| 318 badA: "bad A",\ | 354 badA: "bad A",\ |
| 319 badPremasterPadding: "bad premaster padding",\ | 355 badPremasterPadding: "bad premaster padding",\ |
| 320 shortPremasterSecret: "short premaster secret",\ | 356 shortPremasterSecret: "short premaster secret",\ |
| 321 badVerifyMessage: "bad verify message",\ | 357 badVerifyMessage: "bad verify message",\ |
| 322 badFinished: "bad finished message",\ | 358 badFinished: "bad finished message",\ |
| 323 badMAC: "bad MAC",\ | 359 badMAC: "bad MAC",\ |
| 324 badPadding: "bad padding" | 360 badPadding: "bad padding" |
| 325 } | 361 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 212883008:
Add DHE_RSA support to tlslite. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src