OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
| 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
6 # | 7 # |
7 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
8 | 9 |
9 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
10 | 11 |
11 from .utils.compat import * | 12 from .utils.compat import * |
12 from .utils.cryptomath import * | 13 from .utils.cryptomath import * |
13 from .errors import * | 14 from .errors import * |
14 from .utils.codec import * | 15 from .utils.codec import * |
15 from .constants import * | 16 from .constants import * |
(...skipping 429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
445 p.stopLengthCheck() | 446 p.stopLengthCheck() |
446 return self | 447 return self |
447 | 448 |
448 def write(self): | 449 def write(self): |
449 w = Writer() | 450 w = Writer() |
450 w.add(CertificateStatusType.ocsp, 1) | 451 w.add(CertificateStatusType.ocsp, 1) |
451 w.addVarSeq(bytearray(self.ocsp_response), 1, 3) | 452 w.addVarSeq(bytearray(self.ocsp_response), 1, 3) |
452 return self.postWrite(w) | 453 return self.postWrite(w) |
453 | 454 |
454 class CertificateRequest(HandshakeMsg): | 455 class CertificateRequest(HandshakeMsg): |
455 def __init__(self): | 456 def __init__(self, version): |
456 HandshakeMsg.__init__(self, HandshakeType.certificate_request) | 457 HandshakeMsg.__init__(self, HandshakeType.certificate_request) |
457 self.certificate_types = [] | 458 self.certificate_types = [] |
458 self.certificate_authorities = [] | 459 self.certificate_authorities = [] |
| 460 self.version = version |
| 461 self.supported_signature_algs = [] |
459 | 462 |
460 def create(self, certificate_types, certificate_authorities): | 463 def create(self, certificate_types, certificate_authorities, sig_algs): |
461 self.certificate_types = certificate_types | 464 self.certificate_types = certificate_types |
462 self.certificate_authorities = certificate_authorities | 465 self.certificate_authorities = certificate_authorities |
| 466 self.supported_signature_algs = sig_algs |
463 return self | 467 return self |
464 | 468 |
465 def parse(self, p): | 469 def parse(self, p): |
466 p.startLengthCheck(3) | 470 p.startLengthCheck(3) |
467 self.certificate_types = p.getVarList(1, 1) | 471 self.certificate_types = p.getVarList(1, 1) |
| 472 if self.version >= (3,3): |
| 473 self.supported_signature_algs = \ |
| 474 [(b >> 8, b & 0xff) for b in p.getVarList(2, 2)] |
468 ca_list_length = p.get(2) | 475 ca_list_length = p.get(2) |
469 index = 0 | 476 index = 0 |
470 self.certificate_authorities = [] | 477 self.certificate_authorities = [] |
471 while index != ca_list_length: | 478 while index != ca_list_length: |
472 ca_bytes = p.getVarBytes(2) | 479 ca_bytes = p.getVarBytes(2) |
473 self.certificate_authorities.append(ca_bytes) | 480 self.certificate_authorities.append(ca_bytes) |
474 index += len(ca_bytes)+2 | 481 index += len(ca_bytes)+2 |
475 p.stopLengthCheck() | 482 p.stopLengthCheck() |
476 return self | 483 return self |
477 | 484 |
478 def write(self): | 485 def write(self): |
479 w = Writer() | 486 w = Writer() |
480 w.addVarSeq(self.certificate_types, 1, 1) | 487 w.addVarSeq(self.certificate_types, 1, 1) |
| 488 if self.version >= (3,3): |
| 489 w.add(2 * len(self.supported_signature_algs), 2) |
| 490 for (hash, signature) in self.supported_signature_algs: |
| 491 w.add(hash, 1) |
| 492 w.add(signature, 1) |
481 caLength = 0 | 493 caLength = 0 |
482 #determine length | 494 #determine length |
483 for ca_dn in self.certificate_authorities: | 495 for ca_dn in self.certificate_authorities: |
484 caLength += len(ca_dn)+2 | 496 caLength += len(ca_dn)+2 |
485 w.add(caLength, 2) | 497 w.add(caLength, 2) |
486 #add bytes | 498 #add bytes |
487 for ca_dn in self.certificate_authorities: | 499 for ca_dn in self.certificate_authorities: |
488 w.addVarSeq(ca_dn, 1, 2) | 500 w.addVarSeq(ca_dn, 1, 2) |
489 return self.postWrite(w) | 501 return self.postWrite(w) |
490 | 502 |
491 class ServerKeyExchange(HandshakeMsg): | 503 class ServerKeyExchange(HandshakeMsg): |
492 def __init__(self, cipherSuite): | 504 def __init__(self, cipherSuite, version): |
493 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) | 505 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) |
494 self.cipherSuite = cipherSuite | 506 self.cipherSuite = cipherSuite |
| 507 self.version = version |
495 self.srp_N = 0 | 508 self.srp_N = 0 |
496 self.srp_g = 0 | 509 self.srp_g = 0 |
497 self.srp_s = bytearray(0) | 510 self.srp_s = bytearray(0) |
498 self.srp_B = 0 | 511 self.srp_B = 0 |
499 # Anon DH params: | 512 # Anon DH params: |
500 self.dh_p = 0 | 513 self.dh_p = 0 |
501 self.dh_g = 0 | 514 self.dh_g = 0 |
502 self.dh_Ys = 0 | 515 self.dh_Ys = 0 |
503 self.signature = bytearray(0) | 516 self.signature = bytearray(0) |
504 | 517 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
543 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) | 556 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) |
544 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) | 557 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) |
545 else: | 558 else: |
546 assert(False) | 559 assert(False) |
547 return w.bytes | 560 return w.bytes |
548 | 561 |
549 def write(self): | 562 def write(self): |
550 w = Writer() | 563 w = Writer() |
551 w.bytes += self.write_params() | 564 w.bytes += self.write_params() |
552 if self.cipherSuite in CipherSuite.certAllSuites: | 565 if self.cipherSuite in CipherSuite.certAllSuites: |
| 566 if self.version >= (3,3): |
| 567 # TODO: Signature algorithm negotiation not supported. |
| 568 w.add(HashAlgorithm.sha1, 1) |
| 569 w.add(SignatureAlgorithm.rsa, 1) |
553 w.addVarSeq(self.signature, 1, 2) | 570 w.addVarSeq(self.signature, 1, 2) |
554 return self.postWrite(w) | 571 return self.postWrite(w) |
555 | 572 |
556 def hash(self, clientRandom, serverRandom): | 573 def hash(self, clientRandom, serverRandom): |
557 bytes = clientRandom + serverRandom + self.write_params() | 574 bytes = clientRandom + serverRandom + self.write_params() |
| 575 if self.version >= (3,3): |
| 576 # TODO: Signature algorithm negotiation not supported. |
| 577 return SHA1(bytes) |
558 return MD5(bytes) + SHA1(bytes) | 578 return MD5(bytes) + SHA1(bytes) |
559 | 579 |
560 class ServerHelloDone(HandshakeMsg): | 580 class ServerHelloDone(HandshakeMsg): |
561 def __init__(self): | 581 def __init__(self): |
562 HandshakeMsg.__init__(self, HandshakeType.server_hello_done) | 582 HandshakeMsg.__init__(self, HandshakeType.server_hello_done) |
563 | 583 |
564 def create(self): | 584 def create(self): |
565 return self | 585 return self |
566 | 586 |
567 def parse(self, p): | 587 def parse(self, p): |
(...skipping 23 matching lines...) Expand all Loading... |
591 | 611 |
592 def createDH(self, dh_Yc): | 612 def createDH(self, dh_Yc): |
593 self.dh_Yc = dh_Yc | 613 self.dh_Yc = dh_Yc |
594 return self | 614 return self |
595 | 615 |
596 def parse(self, p): | 616 def parse(self, p): |
597 p.startLengthCheck(3) | 617 p.startLengthCheck(3) |
598 if self.cipherSuite in CipherSuite.srpAllSuites: | 618 if self.cipherSuite in CipherSuite.srpAllSuites: |
599 self.srp_A = bytesToNumber(p.getVarBytes(2)) | 619 self.srp_A = bytesToNumber(p.getVarBytes(2)) |
600 elif self.cipherSuite in CipherSuite.certSuites: | 620 elif self.cipherSuite in CipherSuite.certSuites: |
601 if self.version in ((3,1), (3,2)): | 621 if self.version in ((3,1), (3,2), (3,3)): |
602 self.encryptedPreMasterSecret = p.getVarBytes(2) | 622 self.encryptedPreMasterSecret = p.getVarBytes(2) |
603 elif self.version == (3,0): | 623 elif self.version == (3,0): |
604 self.encryptedPreMasterSecret = \ | 624 self.encryptedPreMasterSecret = \ |
605 p.getFixBytes(len(p.bytes)-p.index) | 625 p.getFixBytes(len(p.bytes)-p.index) |
606 else: | 626 else: |
607 raise AssertionError() | 627 raise AssertionError() |
608 elif self.cipherSuite in CipherSuite.dhAllSuites: | 628 elif self.cipherSuite in CipherSuite.dhAllSuites: |
609 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) | 629 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) |
610 else: | 630 else: |
611 raise AssertionError() | 631 raise AssertionError() |
612 p.stopLengthCheck() | 632 p.stopLengthCheck() |
613 return self | 633 return self |
614 | 634 |
615 def write(self): | 635 def write(self): |
616 w = Writer() | 636 w = Writer() |
617 if self.cipherSuite in CipherSuite.srpAllSuites: | 637 if self.cipherSuite in CipherSuite.srpAllSuites: |
618 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) | 638 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) |
619 elif self.cipherSuite in CipherSuite.certSuites: | 639 elif self.cipherSuite in CipherSuite.certSuites: |
620 if self.version in ((3,1), (3,2)): | 640 if self.version in ((3,1), (3,2), (3,3)): |
621 w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) | 641 w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) |
622 elif self.version == (3,0): | 642 elif self.version == (3,0): |
623 w.addFixSeq(self.encryptedPreMasterSecret, 1) | 643 w.addFixSeq(self.encryptedPreMasterSecret, 1) |
624 else: | 644 else: |
625 raise AssertionError() | 645 raise AssertionError() |
626 elif self.cipherSuite in CipherSuite.anonSuites: | 646 elif self.cipherSuite in CipherSuite.anonSuites: |
627 w.addVarSeq(numberToByteArray(self.dh_Yc), 1, 2) | 647 w.addVarSeq(numberToByteArray(self.dh_Yc), 1, 2) |
628 else: | 648 else: |
629 raise AssertionError() | 649 raise AssertionError() |
630 return self.postWrite(w) | 650 return self.postWrite(w) |
631 | 651 |
632 class CertificateVerify(HandshakeMsg): | 652 class CertificateVerify(HandshakeMsg): |
633 def __init__(self): | 653 def __init__(self, version): |
634 HandshakeMsg.__init__(self, HandshakeType.certificate_verify) | 654 HandshakeMsg.__init__(self, HandshakeType.certificate_verify) |
| 655 self.version = version |
| 656 self.signature_algorithm = None |
635 self.signature = bytearray(0) | 657 self.signature = bytearray(0) |
636 | 658 |
637 def create(self, signature): | 659 def create(self, signature_algorithm, signature): |
| 660 self.signature_algorithm = signature_algorithm |
638 self.signature = signature | 661 self.signature = signature |
639 return self | 662 return self |
640 | 663 |
641 def parse(self, p): | 664 def parse(self, p): |
642 p.startLengthCheck(3) | 665 p.startLengthCheck(3) |
| 666 if self.version >= (3,3): |
| 667 self.signature_algorithm = (p.get(1), p.get(1)) |
643 self.signature = p.getVarBytes(2) | 668 self.signature = p.getVarBytes(2) |
644 p.stopLengthCheck() | 669 p.stopLengthCheck() |
645 return self | 670 return self |
646 | 671 |
647 def write(self): | 672 def write(self): |
648 w = Writer() | 673 w = Writer() |
| 674 if self.version >= (3,3): |
| 675 w.add(self.signature_algorithm[0], 1) |
| 676 w.add(self.signature_algorithm[1], 1) |
649 w.addVarSeq(self.signature, 1, 2) | 677 w.addVarSeq(self.signature, 1, 2) |
650 return self.postWrite(w) | 678 return self.postWrite(w) |
651 | 679 |
652 class ChangeCipherSpec(object): | 680 class ChangeCipherSpec(object): |
653 def __init__(self): | 681 def __init__(self): |
654 self.contentType = ContentType.change_cipher_spec | 682 self.contentType = ContentType.change_cipher_spec |
655 self.type = 1 | 683 self.type = 1 |
656 | 684 |
657 def create(self): | 685 def create(self): |
658 self.type = 1 | 686 self.type = 1 |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
700 self.verify_data = bytearray(0) | 728 self.verify_data = bytearray(0) |
701 | 729 |
702 def create(self, verify_data): | 730 def create(self, verify_data): |
703 self.verify_data = verify_data | 731 self.verify_data = verify_data |
704 return self | 732 return self |
705 | 733 |
706 def parse(self, p): | 734 def parse(self, p): |
707 p.startLengthCheck(3) | 735 p.startLengthCheck(3) |
708 if self.version == (3,0): | 736 if self.version == (3,0): |
709 self.verify_data = p.getFixBytes(36) | 737 self.verify_data = p.getFixBytes(36) |
710 elif self.version in ((3,1), (3,2)): | 738 elif self.version in ((3,1), (3,2), (3,3)): |
711 self.verify_data = p.getFixBytes(12) | 739 self.verify_data = p.getFixBytes(12) |
712 else: | 740 else: |
713 raise AssertionError() | 741 raise AssertionError() |
714 p.stopLengthCheck() | 742 p.stopLengthCheck() |
715 return self | 743 return self |
716 | 744 |
717 def write(self): | 745 def write(self): |
718 w = Writer() | 746 w = Writer() |
719 w.addFixSeq(self.verify_data, 1) | 747 w.addFixSeq(self.verify_data, 1) |
720 return self.postWrite(w) | 748 return self.postWrite(w) |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
754 newMsg = ApplicationData().create(self.bytes[:1]) | 782 newMsg = ApplicationData().create(self.bytes[:1]) |
755 self.bytes = self.bytes[1:] | 783 self.bytes = self.bytes[1:] |
756 return newMsg | 784 return newMsg |
757 | 785 |
758 def parse(self, p): | 786 def parse(self, p): |
759 self.bytes = p.bytes | 787 self.bytes = p.bytes |
760 return self | 788 return self |
761 | 789 |
762 def write(self): | 790 def write(self): |
763 return self.bytes | 791 return self.bytes |
OLD | NEW |