OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
| 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
6 # | 7 # |
7 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
8 | 9 |
9 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
10 | 11 |
11 from .utils.compat import * | 12 from .utils.compat import * |
12 from .utils.cryptomath import * | 13 from .utils.cryptomath import * |
13 from .errors import * | 14 from .errors import * |
14 from .utils.codec import * | 15 from .utils.codec import * |
15 from .constants import * | 16 from .constants import * |
(...skipping 429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
445 p.stopLengthCheck() | 446 p.stopLengthCheck() |
446 return self | 447 return self |
447 | 448 |
448 def write(self): | 449 def write(self): |
449 w = Writer() | 450 w = Writer() |
450 w.add(CertificateStatusType.ocsp, 1) | 451 w.add(CertificateStatusType.ocsp, 1) |
451 w.addVarSeq(bytearray(self.ocsp_response), 1, 3) | 452 w.addVarSeq(bytearray(self.ocsp_response), 1, 3) |
452 return self.postWrite(w) | 453 return self.postWrite(w) |
453 | 454 |
454 class CertificateRequest(HandshakeMsg): | 455 class CertificateRequest(HandshakeMsg): |
455 def __init__(self): | 456 def __init__(self, version): |
456 HandshakeMsg.__init__(self, HandshakeType.certificate_request) | 457 HandshakeMsg.__init__(self, HandshakeType.certificate_request) |
457 self.certificate_types = [] | 458 self.certificate_types = [] |
458 self.certificate_authorities = [] | 459 self.certificate_authorities = [] |
| 460 self.version = version |
| 461 self.supported_signature_algs = [] |
459 | 462 |
460 def create(self, certificate_types, certificate_authorities): | 463 def create(self, certificate_types, certificate_authorities, |
| 464 sig_algs=((HashAlgorithm.sha256, SignatureAlgorithm.rsa),)): |
461 self.certificate_types = certificate_types | 465 self.certificate_types = certificate_types |
462 self.certificate_authorities = certificate_authorities | 466 self.certificate_authorities = certificate_authorities |
| 467 self.supported_signature_algs = sig_algs |
463 return self | 468 return self |
464 | 469 |
465 def parse(self, p): | 470 def parse(self, p): |
466 p.startLengthCheck(3) | 471 p.startLengthCheck(3) |
467 self.certificate_types = p.getVarList(1, 1) | 472 self.certificate_types = p.getVarList(1, 1) |
| 473 if self.version >= (3,3): |
| 474 self.supported_signature_algs = \ |
| 475 [(b >> 8, b & 0xff) for b in p.getVarList(2, 2)] |
468 ca_list_length = p.get(2) | 476 ca_list_length = p.get(2) |
469 index = 0 | 477 index = 0 |
470 self.certificate_authorities = [] | 478 self.certificate_authorities = [] |
471 while index != ca_list_length: | 479 while index != ca_list_length: |
472 ca_bytes = p.getVarBytes(2) | 480 ca_bytes = p.getVarBytes(2) |
473 self.certificate_authorities.append(ca_bytes) | 481 self.certificate_authorities.append(ca_bytes) |
474 index += len(ca_bytes)+2 | 482 index += len(ca_bytes)+2 |
475 p.stopLengthCheck() | 483 p.stopLengthCheck() |
476 return self | 484 return self |
477 | 485 |
478 def write(self): | 486 def write(self): |
479 w = Writer() | 487 w = Writer() |
480 w.addVarSeq(self.certificate_types, 1, 1) | 488 w.addVarSeq(self.certificate_types, 1, 1) |
| 489 if self.version >= (3,3): |
| 490 w.add(2 * len(self.supported_signature_algs), 2) |
| 491 for (hash, signature) in self.supported_signature_algs: |
| 492 w.add(hash, 1) |
| 493 w.add(signature, 1) |
481 caLength = 0 | 494 caLength = 0 |
482 #determine length | 495 #determine length |
483 for ca_dn in self.certificate_authorities: | 496 for ca_dn in self.certificate_authorities: |
484 caLength += len(ca_dn)+2 | 497 caLength += len(ca_dn)+2 |
485 w.add(caLength, 2) | 498 w.add(caLength, 2) |
486 #add bytes | 499 #add bytes |
487 for ca_dn in self.certificate_authorities: | 500 for ca_dn in self.certificate_authorities: |
488 w.addVarSeq(ca_dn, 1, 2) | 501 w.addVarSeq(ca_dn, 1, 2) |
489 return self.postWrite(w) | 502 return self.postWrite(w) |
490 | 503 |
491 class ServerKeyExchange(HandshakeMsg): | 504 class ServerKeyExchange(HandshakeMsg): |
492 def __init__(self, cipherSuite): | 505 def __init__(self, cipherSuite, version): |
493 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) | 506 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) |
494 self.cipherSuite = cipherSuite | 507 self.cipherSuite = cipherSuite |
| 508 self.version = version |
495 self.srp_N = 0 | 509 self.srp_N = 0 |
496 self.srp_g = 0 | 510 self.srp_g = 0 |
497 self.srp_s = bytearray(0) | 511 self.srp_s = bytearray(0) |
498 self.srp_B = 0 | 512 self.srp_B = 0 |
499 # Anon DH params: | 513 # Anon DH params: |
500 self.dh_p = 0 | 514 self.dh_p = 0 |
501 self.dh_g = 0 | 515 self.dh_g = 0 |
502 self.dh_Ys = 0 | 516 self.dh_Ys = 0 |
503 self.signature = bytearray(0) | 517 self.signature = bytearray(0) |
504 | 518 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
543 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) | 557 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) |
544 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) | 558 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) |
545 else: | 559 else: |
546 assert(False) | 560 assert(False) |
547 return w.bytes | 561 return w.bytes |
548 | 562 |
549 def write(self): | 563 def write(self): |
550 w = Writer() | 564 w = Writer() |
551 w.bytes += self.write_params() | 565 w.bytes += self.write_params() |
552 if self.cipherSuite in CipherSuite.certAllSuites: | 566 if self.cipherSuite in CipherSuite.certAllSuites: |
| 567 if self.version >= (3,3): |
| 568 # TODO: Signature algorithm negotiation not supported. |
| 569 w.add(HashAlgorithm.sha1, 1) |
| 570 w.add(SignatureAlgorithm.rsa, 1) |
553 w.addVarSeq(self.signature, 1, 2) | 571 w.addVarSeq(self.signature, 1, 2) |
554 return self.postWrite(w) | 572 return self.postWrite(w) |
555 | 573 |
556 def hash(self, clientRandom, serverRandom): | 574 def hash(self, clientRandom, serverRandom): |
557 bytes = clientRandom + serverRandom + self.write_params() | 575 bytes = clientRandom + serverRandom + self.write_params() |
| 576 if self.version >= (3,3): |
| 577 # TODO: Signature algorithm negotiation not supported. |
| 578 return SHA1(bytes) |
558 return MD5(bytes) + SHA1(bytes) | 579 return MD5(bytes) + SHA1(bytes) |
559 | 580 |
560 class ServerHelloDone(HandshakeMsg): | 581 class ServerHelloDone(HandshakeMsg): |
561 def __init__(self): | 582 def __init__(self): |
562 HandshakeMsg.__init__(self, HandshakeType.server_hello_done) | 583 HandshakeMsg.__init__(self, HandshakeType.server_hello_done) |
563 | 584 |
564 def create(self): | 585 def create(self): |
565 return self | 586 return self |
566 | 587 |
567 def parse(self, p): | 588 def parse(self, p): |
(...skipping 23 matching lines...) Expand all Loading... |
591 | 612 |
592 def createDH(self, dh_Yc): | 613 def createDH(self, dh_Yc): |
593 self.dh_Yc = dh_Yc | 614 self.dh_Yc = dh_Yc |
594 return self | 615 return self |
595 | 616 |
596 def parse(self, p): | 617 def parse(self, p): |
597 p.startLengthCheck(3) | 618 p.startLengthCheck(3) |
598 if self.cipherSuite in CipherSuite.srpAllSuites: | 619 if self.cipherSuite in CipherSuite.srpAllSuites: |
599 self.srp_A = bytesToNumber(p.getVarBytes(2)) | 620 self.srp_A = bytesToNumber(p.getVarBytes(2)) |
600 elif self.cipherSuite in CipherSuite.certSuites: | 621 elif self.cipherSuite in CipherSuite.certSuites: |
601 if self.version in ((3,1), (3,2)): | 622 if self.version in ((3,1), (3,2), (3,3)): |
602 self.encryptedPreMasterSecret = p.getVarBytes(2) | 623 self.encryptedPreMasterSecret = p.getVarBytes(2) |
603 elif self.version == (3,0): | 624 elif self.version == (3,0): |
604 self.encryptedPreMasterSecret = \ | 625 self.encryptedPreMasterSecret = \ |
605 p.getFixBytes(len(p.bytes)-p.index) | 626 p.getFixBytes(len(p.bytes)-p.index) |
606 else: | 627 else: |
607 raise AssertionError() | 628 raise AssertionError() |
608 elif self.cipherSuite in CipherSuite.dhAllSuites: | 629 elif self.cipherSuite in CipherSuite.dhAllSuites: |
609 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) | 630 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) |
610 else: | 631 else: |
611 raise AssertionError() | 632 raise AssertionError() |
612 p.stopLengthCheck() | 633 p.stopLengthCheck() |
613 return self | 634 return self |
614 | 635 |
615 def write(self): | 636 def write(self): |
616 w = Writer() | 637 w = Writer() |
617 if self.cipherSuite in CipherSuite.srpAllSuites: | 638 if self.cipherSuite in CipherSuite.srpAllSuites: |
618 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) | 639 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) |
619 elif self.cipherSuite in CipherSuite.certSuites: | 640 elif self.cipherSuite in CipherSuite.certSuites: |
620 if self.version in ((3,1), (3,2)): | 641 if self.version in ((3,1), (3,2), (3,3)): |
621 w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) | 642 w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) |
622 elif self.version == (3,0): | 643 elif self.version == (3,0): |
623 w.addFixSeq(self.encryptedPreMasterSecret, 1) | 644 w.addFixSeq(self.encryptedPreMasterSecret, 1) |
624 else: | 645 else: |
625 raise AssertionError() | 646 raise AssertionError() |
626 elif self.cipherSuite in CipherSuite.anonSuites: | 647 elif self.cipherSuite in CipherSuite.anonSuites: |
627 w.addVarSeq(numberToByteArray(self.dh_Yc), 1, 2) | 648 w.addVarSeq(numberToByteArray(self.dh_Yc), 1, 2) |
628 else: | 649 else: |
629 raise AssertionError() | 650 raise AssertionError() |
630 return self.postWrite(w) | 651 return self.postWrite(w) |
631 | 652 |
632 class CertificateVerify(HandshakeMsg): | 653 class CertificateVerify(HandshakeMsg): |
633 def __init__(self): | 654 def __init__(self): |
| 655 # TODO: This does not handle the SignatureAlgorithm in TLS 1.2. |
634 HandshakeMsg.__init__(self, HandshakeType.certificate_verify) | 656 HandshakeMsg.__init__(self, HandshakeType.certificate_verify) |
635 self.signature = bytearray(0) | 657 self.signature = bytearray(0) |
636 | 658 |
637 def create(self, signature): | 659 def create(self, signature): |
638 self.signature = signature | 660 self.signature = signature |
639 return self | 661 return self |
640 | 662 |
641 def parse(self, p): | 663 def parse(self, p): |
642 p.startLengthCheck(3) | 664 p.startLengthCheck(3) |
643 self.signature = p.getVarBytes(2) | 665 self.signature = p.getVarBytes(2) |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
700 self.verify_data = bytearray(0) | 722 self.verify_data = bytearray(0) |
701 | 723 |
702 def create(self, verify_data): | 724 def create(self, verify_data): |
703 self.verify_data = verify_data | 725 self.verify_data = verify_data |
704 return self | 726 return self |
705 | 727 |
706 def parse(self, p): | 728 def parse(self, p): |
707 p.startLengthCheck(3) | 729 p.startLengthCheck(3) |
708 if self.version == (3,0): | 730 if self.version == (3,0): |
709 self.verify_data = p.getFixBytes(36) | 731 self.verify_data = p.getFixBytes(36) |
710 elif self.version in ((3,1), (3,2)): | 732 elif self.version in ((3,1), (3,2), (3,3)): |
711 self.verify_data = p.getFixBytes(12) | 733 self.verify_data = p.getFixBytes(12) |
712 else: | 734 else: |
713 raise AssertionError() | 735 raise AssertionError() |
714 p.stopLengthCheck() | 736 p.stopLengthCheck() |
715 return self | 737 return self |
716 | 738 |
717 def write(self): | 739 def write(self): |
718 w = Writer() | 740 w = Writer() |
719 w.addFixSeq(self.verify_data, 1) | 741 w.addFixSeq(self.verify_data, 1) |
720 return self.postWrite(w) | 742 return self.postWrite(w) |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
754 newMsg = ApplicationData().create(self.bytes[:1]) | 776 newMsg = ApplicationData().create(self.bytes[:1]) |
755 self.bytes = self.bytes[1:] | 777 self.bytes = self.bytes[1:] |
756 return newMsg | 778 return newMsg |
757 | 779 |
758 def parse(self, p): | 780 def parse(self, p): |
759 self.bytes = p.bytes | 781 self.bytes = p.bytes |
760 return self | 782 return self |
761 | 783 |
762 def write(self): | 784 def write(self): |
763 return self.bytes | 785 return self.bytes |
OLD | NEW |