OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - defining ClientCertificateType | 3 # Google - defining ClientCertificateType |
4 # Google (adapted by Sam Rushing) - NPN support | 4 # Google (adapted by Sam Rushing) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Dave Baggett (Arcode Corporation) - canonicalCipherName | 6 # Dave Baggett (Arcode Corporation) - canonicalCipherName |
7 # | 7 # |
8 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
9 | 9 |
10 """Constants used in various places.""" | 10 """Constants used in various places.""" |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
136 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 | 136 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 |
137 | 137 |
138 | 138 |
139 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A | 139 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A |
140 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F | 140 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F |
141 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 | 141 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 |
142 TLS_RSA_WITH_RC4_128_SHA = 0x0005 | 142 TLS_RSA_WITH_RC4_128_SHA = 0x0005 |
143 | 143 |
144 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 | 144 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 |
145 | 145 |
| 146 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 |
| 147 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 |
| 148 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 |
| 149 |
146 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 | 150 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 |
147 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A | 151 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A |
148 | 152 |
149 tripleDESSuites = [] | 153 tripleDESSuites = [] |
150 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 154 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
151 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | 155 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
152 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 156 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
| 157 tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
153 | 158 |
154 aes128Suites = [] | 159 aes128Suites = [] |
155 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 160 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
156 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | 161 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
157 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 162 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
| 163 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
158 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 164 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
159 | 165 |
160 aes256Suites = [] | 166 aes256Suites = [] |
161 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 167 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
162 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | 168 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
163 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 169 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
| 170 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
164 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 171 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
165 | 172 |
166 rc4Suites = [] | 173 rc4Suites = [] |
167 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) | 174 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) |
168 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) | 175 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
169 | 176 |
170 shaSuites = [] | 177 shaSuites = [] |
171 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 178 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
172 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 179 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
173 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 180 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
174 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | 181 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
175 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | 182 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
176 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | 183 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
177 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 184 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
178 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 185 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
179 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 186 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
180 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) | 187 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) |
| 188 shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
| 189 shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
| 190 shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
181 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 191 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
182 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 192 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
183 | 193 |
184 md5Suites = [] | 194 md5Suites = [] |
185 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) | 195 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
186 | 196 |
187 @staticmethod | 197 @staticmethod |
188 def _filterSuites(suites, settings): | 198 def _filterSuites(suites, settings): |
189 macNames = settings.macNames | 199 macNames = settings.macNames |
190 cipherNames = settings.cipherNames | 200 cipherNames = settings.cipherNames |
| 201 keyExchangeNames = settings.keyExchangeNames |
191 macSuites = [] | 202 macSuites = [] |
192 if "sha" in macNames: | 203 if "sha" in macNames: |
193 macSuites += CipherSuite.shaSuites | 204 macSuites += CipherSuite.shaSuites |
194 if "md5" in macNames: | 205 if "md5" in macNames: |
195 macSuites += CipherSuite.md5Suites | 206 macSuites += CipherSuite.md5Suites |
196 | 207 |
197 cipherSuites = [] | 208 cipherSuites = [] |
198 if "aes128" in cipherNames: | 209 if "aes128" in cipherNames: |
199 cipherSuites += CipherSuite.aes128Suites | 210 cipherSuites += CipherSuite.aes128Suites |
200 if "aes256" in cipherNames: | 211 if "aes256" in cipherNames: |
201 cipherSuites += CipherSuite.aes256Suites | 212 cipherSuites += CipherSuite.aes256Suites |
202 if "3des" in cipherNames: | 213 if "3des" in cipherNames: |
203 cipherSuites += CipherSuite.tripleDESSuites | 214 cipherSuites += CipherSuite.tripleDESSuites |
204 if "rc4" in cipherNames: | 215 if "rc4" in cipherNames: |
205 cipherSuites += CipherSuite.rc4Suites | 216 cipherSuites += CipherSuite.rc4Suites |
206 | 217 |
207 return [s for s in suites if s in macSuites and s in cipherSuites] | 218 keyExchangeSuites = [] |
| 219 if "rsa" in keyExchangeNames: |
| 220 keyExchangeSuites += CipherSuite.certSuites |
| 221 if "dhe_rsa" in keyExchangeNames: |
| 222 keyExchangeSuites += CipherSuite.dheCertSuites |
| 223 if "srp_sha" in keyExchangeNames: |
| 224 keyExchangeSuites += CipherSuite.srpSuites |
| 225 if "srp_sha_rsa" in keyExchangeNames: |
| 226 keyExchangeSuites += CipherSuite.srpCertSuites |
| 227 if "dh_anon" in keyExchangeNames: |
| 228 keyExchangeSuites += CipherSuite.anonSuites |
| 229 |
| 230 return [s for s in suites if s in macSuites and |
| 231 s in cipherSuites and s in keyExchangeSuites] |
208 | 232 |
209 srpSuites = [] | 233 srpSuites = [] |
210 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 234 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
211 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 235 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
212 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 236 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
213 | 237 |
214 @staticmethod | 238 @staticmethod |
215 def getSrpSuites(settings): | 239 def getSrpSuites(settings): |
216 return CipherSuite._filterSuites(CipherSuite.srpSuites, settings) | 240 return CipherSuite._filterSuites(CipherSuite.srpSuites, settings) |
217 | 241 |
(...skipping 11 matching lines...) Expand all Loading... |
229 @staticmethod | 253 @staticmethod |
230 def getSrpAllSuites(settings): | 254 def getSrpAllSuites(settings): |
231 return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings) | 255 return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings) |
232 | 256 |
233 certSuites = [] | 257 certSuites = [] |
234 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 258 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
235 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 259 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
236 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 260 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
237 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) | 261 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) |
238 certSuites.append(TLS_RSA_WITH_RC4_128_MD5) | 262 certSuites.append(TLS_RSA_WITH_RC4_128_MD5) |
239 certAllSuites = srpCertSuites + certSuites | |
240 | 263 |
241 @staticmethod | 264 @staticmethod |
242 def getCertSuites(settings): | 265 def getCertSuites(settings): |
243 return CipherSuite._filterSuites(CipherSuite.certSuites, settings) | 266 return CipherSuite._filterSuites(CipherSuite.certSuites, settings) |
244 | 267 |
| 268 dheCertSuites = [] |
| 269 dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
| 270 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
| 271 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
| 272 |
| 273 @staticmethod |
| 274 def getDheCertSuites(settings): |
| 275 return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings) |
| 276 |
| 277 certAllSuites = srpCertSuites + certSuites + dheCertSuites |
| 278 |
245 anonSuites = [] | 279 anonSuites = [] |
246 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) | 280 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
247 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) | 281 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
248 | 282 |
249 @staticmethod | 283 @staticmethod |
250 def getAnonSuites(settings): | 284 def getAnonSuites(settings): |
251 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings) | 285 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings) |
252 | 286 |
| 287 dhAllSuites = dheCertSuites + anonSuites |
| 288 |
253 @staticmethod | 289 @staticmethod |
254 def canonicalCipherName(ciphersuite): | 290 def canonicalCipherName(ciphersuite): |
255 "Return the canonical name of the cipher whose number is provided." | 291 "Return the canonical name of the cipher whose number is provided." |
256 if ciphersuite in CipherSuite.aes128Suites: | 292 if ciphersuite in CipherSuite.aes128Suites: |
257 return "aes128" | 293 return "aes128" |
258 elif ciphersuite in CipherSuite.aes256Suites: | 294 elif ciphersuite in CipherSuite.aes256Suites: |
259 return "aes256" | 295 return "aes256" |
260 elif ciphersuite in CipherSuite.rc4Suites: | 296 elif ciphersuite in CipherSuite.rc4Suites: |
261 return "rc4" | 297 return "rc4" |
262 elif ciphersuite in CipherSuite.tripleDESSuites: | 298 elif ciphersuite in CipherSuite.tripleDESSuites: |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
316 badUsername: "bad username",\ | 352 badUsername: "bad username",\ |
317 badPassword: "bad password",\ | 353 badPassword: "bad password",\ |
318 badA: "bad A",\ | 354 badA: "bad A",\ |
319 badPremasterPadding: "bad premaster padding",\ | 355 badPremasterPadding: "bad premaster padding",\ |
320 shortPremasterSecret: "short premaster secret",\ | 356 shortPremasterSecret: "short premaster secret",\ |
321 badVerifyMessage: "bad verify message",\ | 357 badVerifyMessage: "bad verify message",\ |
322 badFinished: "bad finished message",\ | 358 badFinished: "bad finished message",\ |
323 badMAC: "bad MAC",\ | 359 badMAC: "bad MAC",\ |
324 badPadding: "bad padding" | 360 badPadding: "bad padding" |
325 } | 361 } |
OLD | NEW |