| OLD | NEW |
|---|
| 1 # Authors: | 1 # Authors: |
| 2 # Trevor Perrin | 2 # Trevor Perrin |
| 3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
| 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
| 5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
| 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
| 6 # | 7 # |
| 7 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
| 8 | 9 |
| 9 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
| 10 | 11 |
| 11 from .utils.compat import * | 12 from .utils.compat import * |
| 12 from .utils.cryptomath import * | 13 from .utils.cryptomath import * |
| 13 from .errors import * | 14 from .errors import * |
| 14 from .utils.codec import * | 15 from .utils.codec import * |
| 15 from .constants import * | 16 from .constants import * |
| (...skipping 429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 445 p.stopLengthCheck() | 446 p.stopLengthCheck() |
| 446 return self | 447 return self |
| 447 | 448 |
| 448 def write(self): | 449 def write(self): |
| 449 w = Writer() | 450 w = Writer() |
| 450 w.add(CertificateStatusType.ocsp, 1) | 451 w.add(CertificateStatusType.ocsp, 1) |
| 451 w.addVarSeq(bytearray(self.ocsp_response), 1, 3) | 452 w.addVarSeq(bytearray(self.ocsp_response), 1, 3) |
| 452 return self.postWrite(w) | 453 return self.postWrite(w) |
| 453 | 454 |
| 454 class CertificateRequest(HandshakeMsg): | 455 class CertificateRequest(HandshakeMsg): |
| 455 def __init__(self): | 456 def __init__(self, version): |
| 456 HandshakeMsg.__init__(self, HandshakeType.certificate_request) | 457 HandshakeMsg.__init__(self, HandshakeType.certificate_request) |
| 457 self.certificate_types = [] | 458 self.certificate_types = [] |
| 458 self.certificate_authorities = [] | 459 self.certificate_authorities = [] |
| 460 self.version = version |
| 461 self.supported_signature_algs = [] |
| 459 | 462 |
| 460 def create(self, certificate_types, certificate_authorities): | 463 def create(self, certificate_types, certificate_authorities, |
| 464 sig_algs=((HashAlgorithm.sha256, SignatureAlgorithm.rsa),)): |
| 461 self.certificate_types = certificate_types | 465 self.certificate_types = certificate_types |
| 462 self.certificate_authorities = certificate_authorities | 466 self.certificate_authorities = certificate_authorities |
| 467 self.supported_signature_algs = sig_algs |
| 463 return self | 468 return self |
| 464 | 469 |
| 465 def parse(self, p): | 470 def parse(self, p): |
| 466 p.startLengthCheck(3) | 471 p.startLengthCheck(3) |
| 467 self.certificate_types = p.getVarList(1, 1) | 472 self.certificate_types = p.getVarList(1, 1) |
| 473 if self.version >= (3,3): |
| 474 self.supported_signature_algs = \ |
| 475 [(b >> 8, b & 0xff) for b in p.getVarList(2, 2)] |
| 468 ca_list_length = p.get(2) | 476 ca_list_length = p.get(2) |
| 469 index = 0 | 477 index = 0 |
| 470 self.certificate_authorities = [] | 478 self.certificate_authorities = [] |
| 471 while index != ca_list_length: | 479 while index != ca_list_length: |
| 472 ca_bytes = p.getVarBytes(2) | 480 ca_bytes = p.getVarBytes(2) |
| 473 self.certificate_authorities.append(ca_bytes) | 481 self.certificate_authorities.append(ca_bytes) |
| 474 index += len(ca_bytes)+2 | 482 index += len(ca_bytes)+2 |
| 475 p.stopLengthCheck() | 483 p.stopLengthCheck() |
| 476 return self | 484 return self |
| 477 | 485 |
| 478 def write(self): | 486 def write(self): |
| 479 w = Writer() | 487 w = Writer() |
| 480 w.addVarSeq(self.certificate_types, 1, 1) | 488 w.addVarSeq(self.certificate_types, 1, 1) |
| 489 if self.version >= (3,3): |
| 490 w.add(2 * len(self.supported_signature_algs), 2) |
| 491 for (hash, signature) in self.supported_signature_algs: |
| 492 w.add(hash, 1) |
| 493 w.add(signature, 1) |
| 481 caLength = 0 | 494 caLength = 0 |
| 482 #determine length | 495 #determine length |
| 483 for ca_dn in self.certificate_authorities: | 496 for ca_dn in self.certificate_authorities: |
| 484 caLength += len(ca_dn)+2 | 497 caLength += len(ca_dn)+2 |
| 485 w.add(caLength, 2) | 498 w.add(caLength, 2) |
| 486 #add bytes | 499 #add bytes |
| 487 for ca_dn in self.certificate_authorities: | 500 for ca_dn in self.certificate_authorities: |
| 488 w.addVarSeq(ca_dn, 1, 2) | 501 w.addVarSeq(ca_dn, 1, 2) |
| 489 return self.postWrite(w) | 502 return self.postWrite(w) |
| 490 | 503 |
| 491 class ServerKeyExchange(HandshakeMsg): | 504 class ServerKeyExchange(HandshakeMsg): |
| 492 def __init__(self, cipherSuite): | 505 def __init__(self, cipherSuite, version): |
| 493 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) | 506 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) |
| 494 self.cipherSuite = cipherSuite | 507 self.cipherSuite = cipherSuite |
| 508 self.version = version |
| 495 self.srp_N = 0 | 509 self.srp_N = 0 |
| 496 self.srp_g = 0 | 510 self.srp_g = 0 |
| 497 self.srp_s = bytearray(0) | 511 self.srp_s = bytearray(0) |
| 498 self.srp_B = 0 | 512 self.srp_B = 0 |
| 499 # Anon DH params: | 513 # Anon DH params: |
| 500 self.dh_p = 0 | 514 self.dh_p = 0 |
| 501 self.dh_g = 0 | 515 self.dh_g = 0 |
| 502 self.dh_Ys = 0 | 516 self.dh_Ys = 0 |
| 503 self.signature = bytearray(0) | 517 self.signature = bytearray(0) |
| 504 | 518 |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 543 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) | 557 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) |
| 544 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) | 558 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) |
| 545 else: | 559 else: |
| 546 assert(False) | 560 assert(False) |
| 547 return w.bytes | 561 return w.bytes |
| 548 | 562 |
| 549 def write(self): | 563 def write(self): |
| 550 w = Writer() | 564 w = Writer() |
| 551 w.bytes += self.write_params() | 565 w.bytes += self.write_params() |
| 552 if self.cipherSuite in CipherSuite.certAllSuites: | 566 if self.cipherSuite in CipherSuite.certAllSuites: |
| 567 if self.version >= (3,3): |
| 568 # TODO: Signature algorithm negotiation not supported. |
| 569 w.add(HashAlgorithm.sha1, 1) |
| 570 w.add(SignatureAlgorithm.rsa, 1) |
| 553 w.addVarSeq(self.signature, 1, 2) | 571 w.addVarSeq(self.signature, 1, 2) |
| 554 return self.postWrite(w) | 572 return self.postWrite(w) |
| 555 | 573 |
| 556 def hash(self, clientRandom, serverRandom): | 574 def hash(self, clientRandom, serverRandom): |
| 557 bytes = clientRandom + serverRandom + self.write_params() | 575 bytes = clientRandom + serverRandom + self.write_params() |
| 576 if self.version >= (3,3): |
| 577 # TODO: Signature algorithm negotiation not supported. |
| 578 return SHA1(bytes) |
| 558 return MD5(bytes) + SHA1(bytes) | 579 return MD5(bytes) + SHA1(bytes) |
| 559 | 580 |
| 560 class ServerHelloDone(HandshakeMsg): | 581 class ServerHelloDone(HandshakeMsg): |
| 561 def __init__(self): | 582 def __init__(self): |
| 562 HandshakeMsg.__init__(self, HandshakeType.server_hello_done) | 583 HandshakeMsg.__init__(self, HandshakeType.server_hello_done) |
| 563 | 584 |
| 564 def create(self): | 585 def create(self): |
| 565 return self | 586 return self |
| 566 | 587 |
| 567 def parse(self, p): | 588 def parse(self, p): |
| (...skipping 23 matching lines...) Expand all Loading... |
| 591 | 612 |
| 592 def createDH(self, dh_Yc): | 613 def createDH(self, dh_Yc): |
| 593 self.dh_Yc = dh_Yc | 614 self.dh_Yc = dh_Yc |
| 594 return self | 615 return self |
| 595 | 616 |
| 596 def parse(self, p): | 617 def parse(self, p): |
| 597 p.startLengthCheck(3) | 618 p.startLengthCheck(3) |
| 598 if self.cipherSuite in CipherSuite.srpAllSuites: | 619 if self.cipherSuite in CipherSuite.srpAllSuites: |
| 599 self.srp_A = bytesToNumber(p.getVarBytes(2)) | 620 self.srp_A = bytesToNumber(p.getVarBytes(2)) |
| 600 elif self.cipherSuite in CipherSuite.certSuites: | 621 elif self.cipherSuite in CipherSuite.certSuites: |
| 601 if self.version in ((3,1), (3,2)): | 622 if self.version in ((3,1), (3,2), (3,3)): |
| 602 self.encryptedPreMasterSecret = p.getVarBytes(2) | 623 self.encryptedPreMasterSecret = p.getVarBytes(2) |
| 603 elif self.version == (3,0): | 624 elif self.version == (3,0): |
| 604 self.encryptedPreMasterSecret = \ | 625 self.encryptedPreMasterSecret = \ |
| 605 p.getFixBytes(len(p.bytes)-p.index) | 626 p.getFixBytes(len(p.bytes)-p.index) |
| 606 else: | 627 else: |
| 607 raise AssertionError() | 628 raise AssertionError() |
| 608 elif self.cipherSuite in CipherSuite.dhAllSuites: | 629 elif self.cipherSuite in CipherSuite.dhAllSuites: |
| 609 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) | 630 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) |
| 610 else: | 631 else: |
| 611 raise AssertionError() | 632 raise AssertionError() |
| 612 p.stopLengthCheck() | 633 p.stopLengthCheck() |
| 613 return self | 634 return self |
| 614 | 635 |
| 615 def write(self): | 636 def write(self): |
| 616 w = Writer() | 637 w = Writer() |
| 617 if self.cipherSuite in CipherSuite.srpAllSuites: | 638 if self.cipherSuite in CipherSuite.srpAllSuites: |
| 618 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) | 639 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) |
| 619 elif self.cipherSuite in CipherSuite.certSuites: | 640 elif self.cipherSuite in CipherSuite.certSuites: |
| 620 if self.version in ((3,1), (3,2)): | 641 if self.version in ((3,1), (3,2), (3,3)): |
| 621 w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) | 642 w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) |
| 622 elif self.version == (3,0): | 643 elif self.version == (3,0): |
| 623 w.addFixSeq(self.encryptedPreMasterSecret, 1) | 644 w.addFixSeq(self.encryptedPreMasterSecret, 1) |
| 624 else: | 645 else: |
| 625 raise AssertionError() | 646 raise AssertionError() |
| 626 elif self.cipherSuite in CipherSuite.anonSuites: | 647 elif self.cipherSuite in CipherSuite.anonSuites: |
| 627 w.addVarSeq(numberToByteArray(self.dh_Yc), 1, 2) | 648 w.addVarSeq(numberToByteArray(self.dh_Yc), 1, 2) |
| 628 else: | 649 else: |
| 629 raise AssertionError() | 650 raise AssertionError() |
| 630 return self.postWrite(w) | 651 return self.postWrite(w) |
| 631 | 652 |
| 632 class CertificateVerify(HandshakeMsg): | 653 class CertificateVerify(HandshakeMsg): |
| 633 def __init__(self): | 654 def __init__(self): |
| 655 # TODO: This does not handle the SignatureAlgorithm in TLS 1.2. |
| 634 HandshakeMsg.__init__(self, HandshakeType.certificate_verify) | 656 HandshakeMsg.__init__(self, HandshakeType.certificate_verify) |
| 635 self.signature = bytearray(0) | 657 self.signature = bytearray(0) |
| 636 | 658 |
| 637 def create(self, signature): | 659 def create(self, signature): |
| 638 self.signature = signature | 660 self.signature = signature |
| 639 return self | 661 return self |
| 640 | 662 |
| 641 def parse(self, p): | 663 def parse(self, p): |
| 642 p.startLengthCheck(3) | 664 p.startLengthCheck(3) |
| 643 self.signature = p.getVarBytes(2) | 665 self.signature = p.getVarBytes(2) |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 700 self.verify_data = bytearray(0) | 722 self.verify_data = bytearray(0) |
| 701 | 723 |
| 702 def create(self, verify_data): | 724 def create(self, verify_data): |
| 703 self.verify_data = verify_data | 725 self.verify_data = verify_data |
| 704 return self | 726 return self |
| 705 | 727 |
| 706 def parse(self, p): | 728 def parse(self, p): |
| 707 p.startLengthCheck(3) | 729 p.startLengthCheck(3) |
| 708 if self.version == (3,0): | 730 if self.version == (3,0): |
| 709 self.verify_data = p.getFixBytes(36) | 731 self.verify_data = p.getFixBytes(36) |
| 710 elif self.version in ((3,1), (3,2)): | 732 elif self.version in ((3,1), (3,2), (3,3)): |
| 711 self.verify_data = p.getFixBytes(12) | 733 self.verify_data = p.getFixBytes(12) |
| 712 else: | 734 else: |
| 713 raise AssertionError() | 735 raise AssertionError() |
| 714 p.stopLengthCheck() | 736 p.stopLengthCheck() |
| 715 return self | 737 return self |
| 716 | 738 |
| 717 def write(self): | 739 def write(self): |
| 718 w = Writer() | 740 w = Writer() |
| 719 w.addFixSeq(self.verify_data, 1) | 741 w.addFixSeq(self.verify_data, 1) |
| 720 return self.postWrite(w) | 742 return self.postWrite(w) |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 754 newMsg = ApplicationData().create(self.bytes[:1]) | 776 newMsg = ApplicationData().create(self.bytes[:1]) |
| 755 self.bytes = self.bytes[1:] | 777 self.bytes = self.bytes[1:] |
| 756 return newMsg | 778 return newMsg |
| 757 | 779 |
| 758 def parse(self, p): | 780 def parse(self, p): |
| 759 self.bytes = p.bytes | 781 self.bytes = p.bytes |
| 760 return self | 782 return self |
| 761 | 783 |
| 762 def write(self): | 784 def write(self): |
| 763 return self.bytes | 785 return self.bytes |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 858373002:
Update third_party/tlslite to 0.4.8. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master