| OLD | NEW |
|---|
| 1 """Constants used in various places.""" | 1 """Constants used in various places.""" |
| 2 | 2 |
| 3 class CertificateType: | 3 class CertificateType: |
| 4 x509 = 0 | 4 x509 = 0 |
| 5 openpgp = 1 | 5 openpgp = 1 |
| 6 cryptoID = 2 | 6 cryptoID = 2 |
| 7 | 7 |
| 8 class ClientCertificateType: | 8 class ClientCertificateType: |
| 9 rsa_sign = 1 | 9 rsa_sign = 1 |
| 10 dss_sign = 2 | 10 dss_sign = 2 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 client_key_exchange = 16 | 23 client_key_exchange = 16 |
| 24 finished = 20 | 24 finished = 20 |
| 25 | 25 |
| 26 class ContentType: | 26 class ContentType: |
| 27 change_cipher_spec = 20 | 27 change_cipher_spec = 20 |
| 28 alert = 21 | 28 alert = 21 |
| 29 handshake = 22 | 29 handshake = 22 |
| 30 application_data = 23 | 30 application_data = 23 |
| 31 all = (20,21,22,23) | 31 all = (20,21,22,23) |
| 32 | 32 |
| 33 class ClientHelloExtension: |
| 34 srp = 12 |
| 35 |
| 33 class AlertLevel: | 36 class AlertLevel: |
| 34 warning = 1 | 37 warning = 1 |
| 35 fatal = 2 | 38 fatal = 2 |
| 36 | 39 |
| 37 class AlertDescription: | 40 class AlertDescription: |
| 38 """ | 41 """ |
| 39 @cvar bad_record_mac: A TLS record failed to decrypt properly. | 42 @cvar bad_record_mac: A TLS record failed to decrypt properly. |
| 40 | 43 |
| 41 If this occurs during a shared-key or SRP handshake it most likely | 44 If this occurs during a shared-key or SRP handshake it most likely |
| 42 indicates a bad password. It may also indicate an implementation | 45 indicates a bad password. It may also indicate an implementation |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 unknown_ca = 48 | 84 unknown_ca = 48 |
| 82 access_denied = 49 | 85 access_denied = 49 |
| 83 decode_error = 50 | 86 decode_error = 50 |
| 84 decrypt_error = 51 | 87 decrypt_error = 51 |
| 85 export_restriction = 60 | 88 export_restriction = 60 |
| 86 protocol_version = 70 | 89 protocol_version = 70 |
| 87 insufficient_security = 71 | 90 insufficient_security = 71 |
| 88 internal_error = 80 | 91 internal_error = 80 |
| 89 user_canceled = 90 | 92 user_canceled = 90 |
| 90 no_renegotiation = 100 | 93 no_renegotiation = 100 |
| 91 unknown_srp_username = 120 | 94 unknown_psk_identity = 115 |
| 92 missing_srp_username = 121 | 95 untrusted_srp_parameters = 122 # TODO(sqs): probably outdated wrt RFC 5054 |
| 93 untrusted_srp_parameters = 122 | |
| 94 | 96 |
| 95 class CipherSuite: | 97 class CipherSuite: |
| 96 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0x0050 | 98 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A |
| 97 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0053 | 99 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D |
| 98 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0056 | 100 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 |
| 99 | 101 |
| 100 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0051 | 102 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B |
| 101 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0054 | 103 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E |
| 102 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0057 | 104 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 |
| 105 |
| 106 # TODO(sqs): No SRP DSS cipher suites |
| 103 | 107 |
| 104 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A | 108 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A |
| 105 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F | 109 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F |
| 106 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 | 110 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 |
| 107 TLS_RSA_WITH_RC4_128_SHA = 0x0005 | 111 TLS_RSA_WITH_RC4_128_SHA = 0x0005 |
| 108 | 112 |
| 109 srpSuites = [] | 113 srpSuites = [] |
| 110 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 114 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
| 111 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 115 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
| 112 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 116 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 195 | 199 |
| 196 badB = 201 | 200 badB = 201 |
| 197 serverFaults = range(201,202) | 201 serverFaults = range(201,202) |
| 198 | 202 |
| 199 badFinished = 300 | 203 badFinished = 300 |
| 200 badMAC = 301 | 204 badMAC = 301 |
| 201 badPadding = 302 | 205 badPadding = 302 |
| 202 genericFaults = range(300,303) | 206 genericFaults = range(300,303) |
| 203 | 207 |
| 204 faultAlerts = {\ | 208 faultAlerts = {\ |
| 205 badUsername: (AlertDescription.unknown_srp_username, \ | 209 badUsername: (AlertDescription.unknown_psk_identity, \ |
| 206 AlertDescription.bad_record_mac),\ | 210 AlertDescription.bad_record_mac, \ |
| 211 AlertDescription.user_canceled),\ |
| 207 badPassword: (AlertDescription.bad_record_mac,),\ | 212 badPassword: (AlertDescription.bad_record_mac,),\ |
| 208 badA: (AlertDescription.illegal_parameter,),\ | 213 badA: (AlertDescription.illegal_parameter,),\ |
| 209 badIdentifier: (AlertDescription.handshake_failure,),\ | 214 badIdentifier: (AlertDescription.handshake_failure,),\ |
| 210 badSharedKey: (AlertDescription.bad_record_mac,),\ | 215 badSharedKey: (AlertDescription.bad_record_mac,),\ |
| 211 badPremasterPadding: (AlertDescription.bad_record_mac,),\ | 216 badPremasterPadding: (AlertDescription.bad_record_mac,),\ |
| 212 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ | 217 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ |
| 213 badVerifyMessage: (AlertDescription.decrypt_error,),\ | 218 badVerifyMessage: (AlertDescription.decrypt_error,),\ |
| 214 badFinished: (AlertDescription.decrypt_error,),\ | 219 badFinished: (AlertDescription.decrypt_error,),\ |
| 215 badMAC: (AlertDescription.bad_record_mac,),\ | 220 badMAC: (AlertDescription.bad_record_mac,),\ |
| 216 badPadding: (AlertDescription.bad_record_mac,) | 221 badPadding: (AlertDescription.bad_record_mac,) |
| 217 } | 222 } |
| 218 | 223 |
| 219 faultNames = {\ | 224 faultNames = {\ |
| 220 badUsername: "bad username",\ | 225 badUsername: "bad username",\ |
| 221 badPassword: "bad password",\ | 226 badPassword: "bad password",\ |
| 222 badA: "bad A",\ | 227 badA: "bad A",\ |
| 223 badIdentifier: "bad identifier",\ | 228 badIdentifier: "bad identifier",\ |
| 224 badSharedKey: "bad sharedkey",\ | 229 badSharedKey: "bad sharedkey",\ |
| 225 badPremasterPadding: "bad premaster padding",\ | 230 badPremasterPadding: "bad premaster padding",\ |
| 226 shortPremasterSecret: "short premaster secret",\ | 231 shortPremasterSecret: "short premaster secret",\ |
| 227 badVerifyMessage: "bad verify message",\ | 232 badVerifyMessage: "bad verify message",\ |
| 228 badFinished: "bad finished message",\ | 233 badFinished: "bad finished message",\ |
| 229 badMAC: "bad MAC",\ | 234 badMAC: "bad MAC",\ |
| 230 badPadding: "bad padding" | 235 badPadding: "bad padding" |
| 231 } | 236 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6804032:
Add TLS-SRP (RFC 5054) support
Base URL: http://git.chromium.org/git/chromium.git@trunk