| OLD | NEW |
|---|
| 1 """ | 1 """ |
| 2 MAIN CLASS FOR TLS LITE (START HERE!). | 2 MAIN CLASS FOR TLS LITE (START HERE!). |
| 3 """ | 3 """ |
| 4 from __future__ import generators | 4 from __future__ import generators |
| 5 | 5 |
| 6 import socket | 6 import socket |
| 7 from utils.compat import formatExceptionTrace | 7 from utils.compat import formatExceptionTrace |
| 8 from TLSRecordLayer import TLSRecordLayer | 8 from TLSRecordLayer import TLSRecordLayer |
| 9 from Session import Session | 9 from Session import Session |
| 10 from constants import * | 10 from constants import * |
| (...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 507 | 507 |
| 508 #Or send ClientHello (without) | 508 #Or send ClientHello (without) |
| 509 else: | 509 else: |
| 510 clientHello = ClientHello() | 510 clientHello = ClientHello() |
| 511 clientHello.create(settings.maxVersion, clientRandom, | 511 clientHello.create(settings.maxVersion, clientRandom, |
| 512 createByteArraySequence([]), cipherSuites, | 512 createByteArraySequence([]), cipherSuites, |
| 513 certificateTypes, srpUsername) | 513 certificateTypes, srpUsername) |
| 514 for result in self._sendMsg(clientHello): | 514 for result in self._sendMsg(clientHello): |
| 515 yield result | 515 yield result |
| 516 | 516 |
| 517 #Get ServerHello (or missing_srp_username) | 517 #Get ServerHello (or unknown_psk_identity) |
| 518 for result in self._getMsg((ContentType.handshake, | 518 for result in self._getMsg((ContentType.handshake, |
| 519 ContentType.alert), | 519 ContentType.alert), |
| 520 HandshakeType.server_hello): | 520 HandshakeType.server_hello): |
| 521 if result in (0,1): | 521 if result in (0,1): |
| 522 yield result | 522 yield result |
| 523 else: | 523 else: |
| 524 break | 524 break |
| 525 msg = result | 525 msg = result |
| 526 | 526 |
| 527 if isinstance(msg, ServerHello): | 527 if isinstance(msg, ServerHello): |
| 528 serverHello = msg | 528 serverHello = msg |
| 529 elif isinstance(msg, Alert): | 529 elif isinstance(msg, Alert): |
| 530 alert = msg | 530 alert = msg |
| 531 | 531 |
| 532 #If it's not a missing_srp_username, re-raise | 532 #If it's not a unknown_psk_identity, re-raise |
| 533 if alert.description != AlertDescription.missing_srp_username: | 533 if alert.description != AlertDescription.unknown_psk_identity: |
| 534 self._shutdown(False) | 534 self._shutdown(False) |
| 535 raise TLSRemoteAlert(alert) | 535 raise TLSRemoteAlert(alert) |
| 536 | 536 |
| 537 #If we're not in SRP callback mode, we won't have offered SRP | 537 #Our SRP credentials were wrong, so try getting new ones. |
| 538 #without a username, so we shouldn't get this alert | 538 if srpCallback: |
| 539 if not srpCallback: | 539 srpParams = srpCallback() |
| 540 for result in self._sendError(\ | 540 |
| 541 AlertDescription.unexpected_message): | 541 #If we can't get different credentials, cancel the handshake |
| 542 yield result | 542 if srpParams == None or not srpCallback: |
| 543 srpParams = srpCallback() | |
| 544 #If the callback returns None, cancel the handshake | |
| 545 if srpParams == None: | |
| 546 for result in self._sendError(AlertDescription.user_canceled): | 543 for result in self._sendError(AlertDescription.user_canceled): |
| 547 yield result | 544 yield result |
| 548 | 545 |
| 549 #Recursively perform handshake | 546 #Recursively perform handshake |
| 550 for result in self._handshakeClientAsyncHelper(srpParams, | 547 for result in self._handshakeClientAsyncHelper(srpParams, |
| 551 None, None, None, None, settings, True): | 548 None, None, None, None, settings, True): |
| 552 yield result | 549 yield result |
| 553 return | 550 return |
| 554 | 551 |
| 555 #Get the server version. Do this before anything else, so any | 552 #Get the server version. Do this before anything else, so any |
| (...skipping 696 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1252 | 1249 |
| 1253 #If we've selected an SRP suite, exchange keys and calculate | 1250 #If we've selected an SRP suite, exchange keys and calculate |
| 1254 #premaster secret: | 1251 #premaster secret: |
| 1255 if cipherSuite in CipherSuite.srpSuites + CipherSuite.srpRsaSuites: | 1252 if cipherSuite in CipherSuite.srpSuites + CipherSuite.srpRsaSuites: |
| 1256 | 1253 |
| 1257 #If there's no SRP username... | 1254 #If there's no SRP username... |
| 1258 if not clientHello.srp_username: | 1255 if not clientHello.srp_username: |
| 1259 | 1256 |
| 1260 #Ask the client to re-send ClientHello with one | 1257 #Ask the client to re-send ClientHello with one |
| 1261 for result in self._sendMsg(Alert().create(\ | 1258 for result in self._sendMsg(Alert().create(\ |
| 1262 AlertDescription.missing_srp_username, | 1259 AlertDescription.unknown_psk_identity, |
| 1263 AlertLevel.warning)): | 1260 AlertLevel.fatal)): |
| 1264 yield result | 1261 yield result |
| 1265 | 1262 |
| 1266 #Get ClientHello | 1263 #Get ClientHello |
| 1267 for result in self._getMsg(ContentType.handshake, | 1264 for result in self._getMsg(ContentType.handshake, |
| 1268 HandshakeType.client_hello): | 1265 HandshakeType.client_hello): |
| 1269 if result in (0,1): | 1266 if result in (0,1): |
| 1270 yield result | 1267 yield result |
| 1271 else: | 1268 else: |
| 1272 break | 1269 break |
| 1273 clientHello = result | 1270 clientHello = result |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1316 | 1313 |
| 1317 | 1314 |
| 1318 #Get username | 1315 #Get username |
| 1319 self.allegedSrpUsername = clientHello.srp_username | 1316 self.allegedSrpUsername = clientHello.srp_username |
| 1320 | 1317 |
| 1321 #Get parameters from username | 1318 #Get parameters from username |
| 1322 try: | 1319 try: |
| 1323 entry = verifierDB[self.allegedSrpUsername] | 1320 entry = verifierDB[self.allegedSrpUsername] |
| 1324 except KeyError: | 1321 except KeyError: |
| 1325 for result in self._sendError(\ | 1322 for result in self._sendError(\ |
| 1326 AlertDescription.unknown_srp_username): | 1323 AlertDescription.unknown_psk_identity): |
| 1327 yield result | 1324 yield result |
| 1328 (N, g, s, v) = entry | 1325 (N, g, s, v) = entry |
| 1329 | 1326 |
| 1330 #Calculate server's ephemeral DH values (b, B) | 1327 #Calculate server's ephemeral DH values (b, B) |
| 1331 b = bytesToNumber(getRandomBytes(32)) | 1328 b = bytesToNumber(getRandomBytes(32)) |
| 1332 k = makeK(N, g) | 1329 k = makeK(N, g) |
| 1333 B = (powMod(g, b, N) + (k*v)) % N | 1330 B = (powMod(g, b, N) + (k*v)) % N |
| 1334 | 1331 |
| 1335 #Create ServerKeyExchange, signing it if necessary | 1332 #Create ServerKeyExchange, signing it if necessary |
| 1336 serverKeyExchange = ServerKeyExchange(cipherSuite) | 1333 serverKeyExchange = ServerKeyExchange(cipherSuite) |
| (...skipping 266 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1603 if len(publicKey) < settings.minKeySize: | 1600 if len(publicKey) < settings.minKeySize: |
| 1604 for result in self._sendError(AlertDescription.handshake_failure, | 1601 for result in self._sendError(AlertDescription.handshake_failure, |
| 1605 "Other party's public key too small: %d" % len(publicKey)): | 1602 "Other party's public key too small: %d" % len(publicKey)): |
| 1606 yield result | 1603 yield result |
| 1607 if len(publicKey) > settings.maxKeySize: | 1604 if len(publicKey) > settings.maxKeySize: |
| 1608 for result in self._sendError(AlertDescription.handshake_failure, | 1605 for result in self._sendError(AlertDescription.handshake_failure, |
| 1609 "Other party's public key too large: %d" % len(publicKey)): | 1606 "Other party's public key too large: %d" % len(publicKey)): |
| 1610 yield result | 1607 yield result |
| 1611 | 1608 |
| 1612 yield publicKey, certChain | 1609 yield publicKey, certChain |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6804032:
Add TLS-SRP (RFC 5054) support
Base URL: http://git.chromium.org/git/chromium.git@trunk