| OLD | NEW |
|---|
| 1 # Authors: | 1 # Authors: |
| 2 # Trevor Perrin | 2 # Trevor Perrin |
| 3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
| 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
| 5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
| 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
| 7 # | 7 # |
| 8 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
| 9 | 9 |
| 10 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 133 self.srp_username = None # a string | 133 self.srp_username = None # a string |
| 134 self.tack = False | 134 self.tack = False |
| 135 self.alpn_protos_advertised = None | 135 self.alpn_protos_advertised = None |
| 136 self.supports_npn = False | 136 self.supports_npn = False |
| 137 self.server_name = bytearray(0) | 137 self.server_name = bytearray(0) |
| 138 self.channel_id = False | 138 self.channel_id = False |
| 139 self.extended_master_secret = False | 139 self.extended_master_secret = False |
| 140 self.tb_client_params = [] | 140 self.tb_client_params = [] |
| 141 self.support_signed_cert_timestamps = False | 141 self.support_signed_cert_timestamps = False |
| 142 self.status_request = False | 142 self.status_request = False |
| 143 self.ri = False |
| 143 | 144 |
| 144 def create(self, version, random, session_id, cipher_suites, | 145 def create(self, version, random, session_id, cipher_suites, |
| 145 certificate_types=None, srpUsername=None, | 146 certificate_types=None, srpUsername=None, |
| 146 tack=False, alpn_protos_advertised=None, | 147 tack=False, alpn_protos_advertised=None, |
| 147 supports_npn=False, serverName=None): | 148 supports_npn=False, serverName=None): |
| 148 self.client_version = version | 149 self.client_version = version |
| 149 self.random = random | 150 self.random = random |
| 150 self.session_id = session_id | 151 self.session_id = session_id |
| 151 self.cipher_suites = cipher_suites | 152 self.cipher_suites = cipher_suites |
| 152 self.certificate_types = certificate_types | 153 self.certificate_types = certificate_types |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 216 break | 217 break |
| 217 elif extType == ExtensionType.channel_id: | 218 elif extType == ExtensionType.channel_id: |
| 218 self.channel_id = True | 219 self.channel_id = True |
| 219 elif extType == ExtensionType.extended_master_secret: | 220 elif extType == ExtensionType.extended_master_secret: |
| 220 self.extended_master_secret = True | 221 self.extended_master_secret = True |
| 221 elif extType == ExtensionType.token_binding: | 222 elif extType == ExtensionType.token_binding: |
| 222 tokenBindingBytes = p.getFixBytes(extLength) | 223 tokenBindingBytes = p.getFixBytes(extLength) |
| 223 p2 = Parser(tokenBindingBytes) | 224 p2 = Parser(tokenBindingBytes) |
| 224 ver_minor = p2.get(1) | 225 ver_minor = p2.get(1) |
| 225 ver_major = p2.get(1) | 226 ver_major = p2.get(1) |
| 226 if (ver_major, ver_minor) >= (0, 6): | 227 if (ver_major, ver_minor) >= (0, 10): |
| 227 p2.startLengthCheck(1) | 228 p2.startLengthCheck(1) |
| 228 while not p2.atLengthCheck(): | 229 while not p2.atLengthCheck(): |
| 229 self.tb_client_params.append(p2.get(1)) | 230 self.tb_client_params.append(p2.get(1)) |
| 230 elif extType == ExtensionType.signed_cert_timestamps: | 231 elif extType == ExtensionType.signed_cert_timestamps: |
| 231 if extLength: | 232 if extLength: |
| 232 raise SyntaxError() | 233 raise SyntaxError() |
| 233 self.support_signed_cert_timestamps = True | 234 self.support_signed_cert_timestamps = True |
| 234 elif extType == ExtensionType.status_request: | 235 elif extType == ExtensionType.status_request: |
| 235 # Extension contents are currently ignored. | 236 # Extension contents are currently ignored. |
| 236 # According to RFC 6066, this is not strictly forbidden | 237 # According to RFC 6066, this is not strictly forbidden |
| 237 # (although it is suboptimal): | 238 # (although it is suboptimal): |
| 238 # Servers that receive a client hello containing the | 239 # Servers that receive a client hello containing the |
| 239 # "status_request" extension MAY return a suitable | 240 # "status_request" extension MAY return a suitable |
| 240 # certificate status response to the client along with | 241 # certificate status response to the client along with |
| 241 # their certificate. If OCSP is requested, they | 242 # their certificate. If OCSP is requested, they |
| 242 # SHOULD use the information contained in the extension | 243 # SHOULD use the information contained in the extension |
| 243 # when selecting an OCSP responder and SHOULD include | 244 # when selecting an OCSP responder and SHOULD include |
| 244 # request_extensions in the OCSP request. | 245 # request_extensions in the OCSP request. |
| 245 p.getFixBytes(extLength) | 246 p.getFixBytes(extLength) |
| 246 self.status_request = True | 247 self.status_request = True |
| 248 elif extType == ExtensionType.renegotiation_info: |
| 249 # We don't support renegotiation, so if we receive this |
| 250 # extension, it should contain a single null byte. |
| 251 if extLength != 1 or p.getFixBytes(extLength)[0] != 0: |
| 252 raise SyntaxError() |
| 253 self.ri = True |
| 247 else: | 254 else: |
| 248 _ = p.getFixBytes(extLength) | 255 _ = p.getFixBytes(extLength) |
| 249 index2 = p.index | 256 index2 = p.index |
| 250 if index2 - index1 != extLength: | 257 if index2 - index1 != extLength: |
| 251 raise SyntaxError("Bad length for extension_data") | 258 raise SyntaxError("Bad length for extension_data") |
| 252 soFar += 4 + extLength | 259 soFar += 4 + extLength |
| 260 if CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV in self.cipher_suit
es: |
| 261 self.ri = True |
| 253 p.stopLengthCheck() | 262 p.stopLengthCheck() |
| 254 return self | 263 return self |
| 255 | 264 |
| 256 def write(self): | 265 def write(self): |
| 257 w = Writer() | 266 w = Writer() |
| 258 w.add(self.client_version[0], 1) | 267 w.add(self.client_version[0], 1) |
| 259 w.add(self.client_version[1], 1) | 268 w.add(self.client_version[1], 1) |
| 260 w.addFixSeq(self.random, 1) | 269 w.addFixSeq(self.random, 1) |
| 261 w.addVarSeq(self.session_id, 1, 1) | 270 w.addVarSeq(self.session_id, 1, 1) |
| 262 w.addVarSeq(self.cipher_suites, 2, 2) | 271 w.addVarSeq(self.cipher_suites, 2, 2) |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 320 self.compression_method = 0 | 329 self.compression_method = 0 |
| 321 self.tackExt = None | 330 self.tackExt = None |
| 322 self.alpn_proto_selected = None | 331 self.alpn_proto_selected = None |
| 323 self.next_protos_advertised = None | 332 self.next_protos_advertised = None |
| 324 self.next_protos = None | 333 self.next_protos = None |
| 325 self.channel_id = False | 334 self.channel_id = False |
| 326 self.extended_master_secret = False | 335 self.extended_master_secret = False |
| 327 self.tb_params = None | 336 self.tb_params = None |
| 328 self.signed_cert_timestamps = None | 337 self.signed_cert_timestamps = None |
| 329 self.status_request = False | 338 self.status_request = False |
| 339 self.send_ri = False |
| 330 | 340 |
| 331 def create(self, version, random, session_id, cipher_suite, | 341 def create(self, version, random, session_id, cipher_suite, |
| 332 certificate_type, tackExt, alpn_proto_selected, | 342 certificate_type, tackExt, alpn_proto_selected, |
| 333 next_protos_advertised): | 343 next_protos_advertised): |
| 334 self.server_version = version | 344 self.server_version = version |
| 335 self.random = random | 345 self.random = random |
| 336 self.session_id = session_id | 346 self.session_id = session_id |
| 337 self.cipher_suite = cipher_suite | 347 self.cipher_suite = cipher_suite |
| 338 self.certificate_type = certificate_type | 348 self.certificate_type = certificate_type |
| 339 self.compression_method = 0 | 349 self.compression_method = 0 |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 414 w2.add(0, 2) | 424 w2.add(0, 2) |
| 415 if self.extended_master_secret: | 425 if self.extended_master_secret: |
| 416 w2.add(ExtensionType.extended_master_secret, 2) | 426 w2.add(ExtensionType.extended_master_secret, 2) |
| 417 w2.add(0, 2) | 427 w2.add(0, 2) |
| 418 if self.tb_params: | 428 if self.tb_params: |
| 419 w2.add(ExtensionType.token_binding, 2) | 429 w2.add(ExtensionType.token_binding, 2) |
| 420 # length of extension | 430 # length of extension |
| 421 w2.add(4, 2) | 431 w2.add(4, 2) |
| 422 # version | 432 # version |
| 423 w2.add(0, 1) | 433 w2.add(0, 1) |
| 424 w2.add(6, 1) | 434 w2.add(10, 1) |
| 425 # length of params (defined as variable length <1..2^8-1>, but in | 435 # length of params (defined as variable length <1..2^8-1>, but in |
| 426 # this context the server can only send a single value. | 436 # this context the server can only send a single value. |
| 427 w2.add(1, 1) | 437 w2.add(1, 1) |
| 428 w2.add(self.tb_params, 1) | 438 w2.add(self.tb_params, 1) |
| 429 if self.signed_cert_timestamps: | 439 if self.signed_cert_timestamps: |
| 430 w2.add(ExtensionType.signed_cert_timestamps, 2) | 440 w2.add(ExtensionType.signed_cert_timestamps, 2) |
| 431 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) | 441 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) |
| 432 if self.status_request: | 442 if self.status_request: |
| 433 w2.add(ExtensionType.status_request, 2) | 443 w2.add(ExtensionType.status_request, 2) |
| 434 w2.add(0, 2) | 444 w2.add(0, 2) |
| 445 if self.send_ri: |
| 446 w2.add(ExtensionType.renegotiation_info, 2) |
| 447 w2.add(1, 2) |
| 448 w2.add(0, 1) |
| 435 if len(w2.bytes): | 449 if len(w2.bytes): |
| 436 w.add(len(w2.bytes), 2) | 450 w.add(len(w2.bytes), 2) |
| 437 w.bytes += w2.bytes | 451 w.bytes += w2.bytes |
| 438 return self.postWrite(w) | 452 return self.postWrite(w) |
| 439 | 453 |
| 440 | 454 |
| 441 class Certificate(HandshakeMsg): | 455 class Certificate(HandshakeMsg): |
| 442 def __init__(self, certificateType): | 456 def __init__(self, certificateType): |
| 443 HandshakeMsg.__init__(self, HandshakeType.certificate) | 457 HandshakeMsg.__init__(self, HandshakeType.certificate) |
| 444 self.certificateType = certificateType | 458 self.certificateType = certificateType |
| (...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 864 newMsg = ApplicationData().create(self.bytes[:1]) | 878 newMsg = ApplicationData().create(self.bytes[:1]) |
| 865 self.bytes = self.bytes[1:] | 879 self.bytes = self.bytes[1:] |
| 866 return newMsg | 880 return newMsg |
| 867 | 881 |
| 868 def parse(self, p): | 882 def parse(self, p): |
| 869 self.bytes = p.bytes | 883 self.bytes = p.bytes |
| 870 return self | 884 return self |
| 871 | 885 |
| 872 def write(self): | 886 def write(self): |
| 873 return self.bytes | 887 return self.bytes |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2337253004:
Update Token Binding code to the latest drafts (Closed)
