OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
7 # | 7 # |
8 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
9 | 9 |
10 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
133 self.srp_username = None # a string | 133 self.srp_username = None # a string |
134 self.tack = False | 134 self.tack = False |
135 self.alpn_protos_advertised = None | 135 self.alpn_protos_advertised = None |
136 self.supports_npn = False | 136 self.supports_npn = False |
137 self.server_name = bytearray(0) | 137 self.server_name = bytearray(0) |
138 self.channel_id = False | 138 self.channel_id = False |
139 self.extended_master_secret = False | 139 self.extended_master_secret = False |
140 self.tb_client_params = [] | 140 self.tb_client_params = [] |
141 self.support_signed_cert_timestamps = False | 141 self.support_signed_cert_timestamps = False |
142 self.status_request = False | 142 self.status_request = False |
| 143 self.ri = False |
143 | 144 |
144 def create(self, version, random, session_id, cipher_suites, | 145 def create(self, version, random, session_id, cipher_suites, |
145 certificate_types=None, srpUsername=None, | 146 certificate_types=None, srpUsername=None, |
146 tack=False, alpn_protos_advertised=None, | 147 tack=False, alpn_protos_advertised=None, |
147 supports_npn=False, serverName=None): | 148 supports_npn=False, serverName=None): |
148 self.client_version = version | 149 self.client_version = version |
149 self.random = random | 150 self.random = random |
150 self.session_id = session_id | 151 self.session_id = session_id |
151 self.cipher_suites = cipher_suites | 152 self.cipher_suites = cipher_suites |
152 self.certificate_types = certificate_types | 153 self.certificate_types = certificate_types |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
216 break | 217 break |
217 elif extType == ExtensionType.channel_id: | 218 elif extType == ExtensionType.channel_id: |
218 self.channel_id = True | 219 self.channel_id = True |
219 elif extType == ExtensionType.extended_master_secret: | 220 elif extType == ExtensionType.extended_master_secret: |
220 self.extended_master_secret = True | 221 self.extended_master_secret = True |
221 elif extType == ExtensionType.token_binding: | 222 elif extType == ExtensionType.token_binding: |
222 tokenBindingBytes = p.getFixBytes(extLength) | 223 tokenBindingBytes = p.getFixBytes(extLength) |
223 p2 = Parser(tokenBindingBytes) | 224 p2 = Parser(tokenBindingBytes) |
224 ver_minor = p2.get(1) | 225 ver_minor = p2.get(1) |
225 ver_major = p2.get(1) | 226 ver_major = p2.get(1) |
226 if (ver_major, ver_minor) >= (0, 6): | 227 if (ver_major, ver_minor) >= (0, 10): |
227 p2.startLengthCheck(1) | 228 p2.startLengthCheck(1) |
228 while not p2.atLengthCheck(): | 229 while not p2.atLengthCheck(): |
229 self.tb_client_params.append(p2.get(1)) | 230 self.tb_client_params.append(p2.get(1)) |
230 elif extType == ExtensionType.signed_cert_timestamps: | 231 elif extType == ExtensionType.signed_cert_timestamps: |
231 if extLength: | 232 if extLength: |
232 raise SyntaxError() | 233 raise SyntaxError() |
233 self.support_signed_cert_timestamps = True | 234 self.support_signed_cert_timestamps = True |
234 elif extType == ExtensionType.status_request: | 235 elif extType == ExtensionType.status_request: |
235 # Extension contents are currently ignored. | 236 # Extension contents are currently ignored. |
236 # According to RFC 6066, this is not strictly forbidden | 237 # According to RFC 6066, this is not strictly forbidden |
237 # (although it is suboptimal): | 238 # (although it is suboptimal): |
238 # Servers that receive a client hello containing the | 239 # Servers that receive a client hello containing the |
239 # "status_request" extension MAY return a suitable | 240 # "status_request" extension MAY return a suitable |
240 # certificate status response to the client along with | 241 # certificate status response to the client along with |
241 # their certificate. If OCSP is requested, they | 242 # their certificate. If OCSP is requested, they |
242 # SHOULD use the information contained in the extension | 243 # SHOULD use the information contained in the extension |
243 # when selecting an OCSP responder and SHOULD include | 244 # when selecting an OCSP responder and SHOULD include |
244 # request_extensions in the OCSP request. | 245 # request_extensions in the OCSP request. |
245 p.getFixBytes(extLength) | 246 p.getFixBytes(extLength) |
246 self.status_request = True | 247 self.status_request = True |
| 248 elif extType == ExtensionType.renegotiation_info: |
| 249 # We don't support renegotiation, so if we receive this |
| 250 # extension, it should contain a single null byte. |
| 251 if extLength != 1 or p.getFixBytes(extLength)[0] != 0: |
| 252 raise SyntaxError() |
| 253 self.ri = True |
247 else: | 254 else: |
248 _ = p.getFixBytes(extLength) | 255 _ = p.getFixBytes(extLength) |
249 index2 = p.index | 256 index2 = p.index |
250 if index2 - index1 != extLength: | 257 if index2 - index1 != extLength: |
251 raise SyntaxError("Bad length for extension_data") | 258 raise SyntaxError("Bad length for extension_data") |
252 soFar += 4 + extLength | 259 soFar += 4 + extLength |
| 260 if CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV in self.cipher_suit
es: |
| 261 self.ri = True |
253 p.stopLengthCheck() | 262 p.stopLengthCheck() |
254 return self | 263 return self |
255 | 264 |
256 def write(self): | 265 def write(self): |
257 w = Writer() | 266 w = Writer() |
258 w.add(self.client_version[0], 1) | 267 w.add(self.client_version[0], 1) |
259 w.add(self.client_version[1], 1) | 268 w.add(self.client_version[1], 1) |
260 w.addFixSeq(self.random, 1) | 269 w.addFixSeq(self.random, 1) |
261 w.addVarSeq(self.session_id, 1, 1) | 270 w.addVarSeq(self.session_id, 1, 1) |
262 w.addVarSeq(self.cipher_suites, 2, 2) | 271 w.addVarSeq(self.cipher_suites, 2, 2) |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
320 self.compression_method = 0 | 329 self.compression_method = 0 |
321 self.tackExt = None | 330 self.tackExt = None |
322 self.alpn_proto_selected = None | 331 self.alpn_proto_selected = None |
323 self.next_protos_advertised = None | 332 self.next_protos_advertised = None |
324 self.next_protos = None | 333 self.next_protos = None |
325 self.channel_id = False | 334 self.channel_id = False |
326 self.extended_master_secret = False | 335 self.extended_master_secret = False |
327 self.tb_params = None | 336 self.tb_params = None |
328 self.signed_cert_timestamps = None | 337 self.signed_cert_timestamps = None |
329 self.status_request = False | 338 self.status_request = False |
| 339 self.send_ri = False |
330 | 340 |
331 def create(self, version, random, session_id, cipher_suite, | 341 def create(self, version, random, session_id, cipher_suite, |
332 certificate_type, tackExt, alpn_proto_selected, | 342 certificate_type, tackExt, alpn_proto_selected, |
333 next_protos_advertised): | 343 next_protos_advertised): |
334 self.server_version = version | 344 self.server_version = version |
335 self.random = random | 345 self.random = random |
336 self.session_id = session_id | 346 self.session_id = session_id |
337 self.cipher_suite = cipher_suite | 347 self.cipher_suite = cipher_suite |
338 self.certificate_type = certificate_type | 348 self.certificate_type = certificate_type |
339 self.compression_method = 0 | 349 self.compression_method = 0 |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
414 w2.add(0, 2) | 424 w2.add(0, 2) |
415 if self.extended_master_secret: | 425 if self.extended_master_secret: |
416 w2.add(ExtensionType.extended_master_secret, 2) | 426 w2.add(ExtensionType.extended_master_secret, 2) |
417 w2.add(0, 2) | 427 w2.add(0, 2) |
418 if self.tb_params: | 428 if self.tb_params: |
419 w2.add(ExtensionType.token_binding, 2) | 429 w2.add(ExtensionType.token_binding, 2) |
420 # length of extension | 430 # length of extension |
421 w2.add(4, 2) | 431 w2.add(4, 2) |
422 # version | 432 # version |
423 w2.add(0, 1) | 433 w2.add(0, 1) |
424 w2.add(6, 1) | 434 w2.add(10, 1) |
425 # length of params (defined as variable length <1..2^8-1>, but in | 435 # length of params (defined as variable length <1..2^8-1>, but in |
426 # this context the server can only send a single value. | 436 # this context the server can only send a single value. |
427 w2.add(1, 1) | 437 w2.add(1, 1) |
428 w2.add(self.tb_params, 1) | 438 w2.add(self.tb_params, 1) |
429 if self.signed_cert_timestamps: | 439 if self.signed_cert_timestamps: |
430 w2.add(ExtensionType.signed_cert_timestamps, 2) | 440 w2.add(ExtensionType.signed_cert_timestamps, 2) |
431 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) | 441 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) |
432 if self.status_request: | 442 if self.status_request: |
433 w2.add(ExtensionType.status_request, 2) | 443 w2.add(ExtensionType.status_request, 2) |
434 w2.add(0, 2) | 444 w2.add(0, 2) |
| 445 if self.send_ri: |
| 446 w2.add(ExtensionType.renegotiation_info, 2) |
| 447 w2.add(1, 2) |
| 448 w2.add(0, 1) |
435 if len(w2.bytes): | 449 if len(w2.bytes): |
436 w.add(len(w2.bytes), 2) | 450 w.add(len(w2.bytes), 2) |
437 w.bytes += w2.bytes | 451 w.bytes += w2.bytes |
438 return self.postWrite(w) | 452 return self.postWrite(w) |
439 | 453 |
440 | 454 |
441 class Certificate(HandshakeMsg): | 455 class Certificate(HandshakeMsg): |
442 def __init__(self, certificateType): | 456 def __init__(self, certificateType): |
443 HandshakeMsg.__init__(self, HandshakeType.certificate) | 457 HandshakeMsg.__init__(self, HandshakeType.certificate) |
444 self.certificateType = certificateType | 458 self.certificateType = certificateType |
(...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
864 newMsg = ApplicationData().create(self.bytes[:1]) | 878 newMsg = ApplicationData().create(self.bytes[:1]) |
865 self.bytes = self.bytes[1:] | 879 self.bytes = self.bytes[1:] |
866 return newMsg | 880 return newMsg |
867 | 881 |
868 def parse(self, p): | 882 def parse(self, p): |
869 self.bytes = p.bytes | 883 self.bytes = p.bytes |
870 return self | 884 return self |
871 | 885 |
872 def write(self): | 886 def write(self): |
873 return self.bytes | 887 return self.bytes |
OLD | NEW |