| OLD | NEW |
|---|
| 1 # Authors: | 1 # Authors: |
| 2 # Trevor Perrin | 2 # Trevor Perrin |
| 3 # Google - handling CertificateRequest.certificate_types | 3 # Google - handling CertificateRequest.certificate_types |
| 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
| 5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
| 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
| 6 # | 7 # |
| 7 # See the LICENSE file for legal information regarding use of this file. | 8 # See the LICENSE file for legal information regarding use of this file. |
| 8 | 9 |
| 9 """Classes representing TLS messages.""" | 10 """Classes representing TLS messages.""" |
| 10 | 11 |
| 11 from .utils.compat import * | 12 from .utils.compat import * |
| 12 from .utils.cryptomath import * | 13 from .utils.cryptomath import * |
| 13 from .errors import * | 14 from .errors import * |
| 14 from .utils.codec import * | 15 from .utils.codec import * |
| 15 from .constants import * | 16 from .constants import * |
| (...skipping 429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 445 p.stopLengthCheck() | 446 p.stopLengthCheck() |
| 446 return self | 447 return self |
| 447 | 448 |
| 448 def write(self): | 449 def write(self): |
| 449 w = Writer() | 450 w = Writer() |
| 450 w.add(CertificateStatusType.ocsp, 1) | 451 w.add(CertificateStatusType.ocsp, 1) |
| 451 w.addVarSeq(bytearray(self.ocsp_response), 1, 3) | 452 w.addVarSeq(bytearray(self.ocsp_response), 1, 3) |
| 452 return self.postWrite(w) | 453 return self.postWrite(w) |
| 453 | 454 |
| 454 class CertificateRequest(HandshakeMsg): | 455 class CertificateRequest(HandshakeMsg): |
| 455 def __init__(self): | 456 def __init__(self, version): |
| 456 HandshakeMsg.__init__(self, HandshakeType.certificate_request) | 457 HandshakeMsg.__init__(self, HandshakeType.certificate_request) |
| 457 self.certificate_types = [] | 458 self.certificate_types = [] |
| 458 self.certificate_authorities = [] | 459 self.certificate_authorities = [] |
| 460 self.version = version |
| 461 self.supported_signature_algs = [] |
| 459 | 462 |
| 460 def create(self, certificate_types, certificate_authorities): | 463 def create(self, certificate_types, certificate_authorities, sig_algs): |
| 461 self.certificate_types = certificate_types | 464 self.certificate_types = certificate_types |
| 462 self.certificate_authorities = certificate_authorities | 465 self.certificate_authorities = certificate_authorities |
| 466 self.supported_signature_algs = sig_algs |
| 463 return self | 467 return self |
| 464 | 468 |
| 465 def parse(self, p): | 469 def parse(self, p): |
| 466 p.startLengthCheck(3) | 470 p.startLengthCheck(3) |
| 467 self.certificate_types = p.getVarList(1, 1) | 471 self.certificate_types = p.getVarList(1, 1) |
| 472 if self.version >= (3,3): |
| 473 self.supported_signature_algs = \ |
| 474 [(b >> 8, b & 0xff) for b in p.getVarList(2, 2)] |
| 468 ca_list_length = p.get(2) | 475 ca_list_length = p.get(2) |
| 469 index = 0 | 476 index = 0 |
| 470 self.certificate_authorities = [] | 477 self.certificate_authorities = [] |
| 471 while index != ca_list_length: | 478 while index != ca_list_length: |
| 472 ca_bytes = p.getVarBytes(2) | 479 ca_bytes = p.getVarBytes(2) |
| 473 self.certificate_authorities.append(ca_bytes) | 480 self.certificate_authorities.append(ca_bytes) |
| 474 index += len(ca_bytes)+2 | 481 index += len(ca_bytes)+2 |
| 475 p.stopLengthCheck() | 482 p.stopLengthCheck() |
| 476 return self | 483 return self |
| 477 | 484 |
| 478 def write(self): | 485 def write(self): |
| 479 w = Writer() | 486 w = Writer() |
| 480 w.addVarSeq(self.certificate_types, 1, 1) | 487 w.addVarSeq(self.certificate_types, 1, 1) |
| 488 if self.version >= (3,3): |
| 489 w.add(2 * len(self.supported_signature_algs), 2) |
| 490 for (hash, signature) in self.supported_signature_algs: |
| 491 w.add(hash, 1) |
| 492 w.add(signature, 1) |
| 481 caLength = 0 | 493 caLength = 0 |
| 482 #determine length | 494 #determine length |
| 483 for ca_dn in self.certificate_authorities: | 495 for ca_dn in self.certificate_authorities: |
| 484 caLength += len(ca_dn)+2 | 496 caLength += len(ca_dn)+2 |
| 485 w.add(caLength, 2) | 497 w.add(caLength, 2) |
| 486 #add bytes | 498 #add bytes |
| 487 for ca_dn in self.certificate_authorities: | 499 for ca_dn in self.certificate_authorities: |
| 488 w.addVarSeq(ca_dn, 1, 2) | 500 w.addVarSeq(ca_dn, 1, 2) |
| 489 return self.postWrite(w) | 501 return self.postWrite(w) |
| 490 | 502 |
| 491 class ServerKeyExchange(HandshakeMsg): | 503 class ServerKeyExchange(HandshakeMsg): |
| 492 def __init__(self, cipherSuite): | 504 def __init__(self, cipherSuite, version): |
| 493 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) | 505 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) |
| 494 self.cipherSuite = cipherSuite | 506 self.cipherSuite = cipherSuite |
| 507 self.version = version |
| 495 self.srp_N = 0 | 508 self.srp_N = 0 |
| 496 self.srp_g = 0 | 509 self.srp_g = 0 |
| 497 self.srp_s = bytearray(0) | 510 self.srp_s = bytearray(0) |
| 498 self.srp_B = 0 | 511 self.srp_B = 0 |
| 499 # Anon DH params: | 512 # Anon DH params: |
| 500 self.dh_p = 0 | 513 self.dh_p = 0 |
| 501 self.dh_g = 0 | 514 self.dh_g = 0 |
| 502 self.dh_Ys = 0 | 515 self.dh_Ys = 0 |
| 503 self.signature = bytearray(0) | 516 self.signature = bytearray(0) |
| 504 | 517 |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 543 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) | 556 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2) |
| 544 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) | 557 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2) |
| 545 else: | 558 else: |
| 546 assert(False) | 559 assert(False) |
| 547 return w.bytes | 560 return w.bytes |
| 548 | 561 |
| 549 def write(self): | 562 def write(self): |
| 550 w = Writer() | 563 w = Writer() |
| 551 w.bytes += self.write_params() | 564 w.bytes += self.write_params() |
| 552 if self.cipherSuite in CipherSuite.certAllSuites: | 565 if self.cipherSuite in CipherSuite.certAllSuites: |
| 566 if self.version >= (3,3): |
| 567 # TODO: Signature algorithm negotiation not supported. |
| 568 w.add(HashAlgorithm.sha1, 1) |
| 569 w.add(SignatureAlgorithm.rsa, 1) |
| 553 w.addVarSeq(self.signature, 1, 2) | 570 w.addVarSeq(self.signature, 1, 2) |
| 554 return self.postWrite(w) | 571 return self.postWrite(w) |
| 555 | 572 |
| 556 def hash(self, clientRandom, serverRandom): | 573 def hash(self, clientRandom, serverRandom): |
| 557 bytes = clientRandom + serverRandom + self.write_params() | 574 bytes = clientRandom + serverRandom + self.write_params() |
| 575 if self.version >= (3,3): |
| 576 # TODO: Signature algorithm negotiation not supported. |
| 577 return SHA1(bytes) |
| 558 return MD5(bytes) + SHA1(bytes) | 578 return MD5(bytes) + SHA1(bytes) |
| 559 | 579 |
| 560 class ServerHelloDone(HandshakeMsg): | 580 class ServerHelloDone(HandshakeMsg): |
| 561 def __init__(self): | 581 def __init__(self): |
| 562 HandshakeMsg.__init__(self, HandshakeType.server_hello_done) | 582 HandshakeMsg.__init__(self, HandshakeType.server_hello_done) |
| 563 | 583 |
| 564 def create(self): | 584 def create(self): |
| 565 return self | 585 return self |
| 566 | 586 |
| 567 def parse(self, p): | 587 def parse(self, p): |
| (...skipping 23 matching lines...) Expand all Loading... |
| 591 | 611 |
| 592 def createDH(self, dh_Yc): | 612 def createDH(self, dh_Yc): |
| 593 self.dh_Yc = dh_Yc | 613 self.dh_Yc = dh_Yc |
| 594 return self | 614 return self |
| 595 | 615 |
| 596 def parse(self, p): | 616 def parse(self, p): |
| 597 p.startLengthCheck(3) | 617 p.startLengthCheck(3) |
| 598 if self.cipherSuite in CipherSuite.srpAllSuites: | 618 if self.cipherSuite in CipherSuite.srpAllSuites: |
| 599 self.srp_A = bytesToNumber(p.getVarBytes(2)) | 619 self.srp_A = bytesToNumber(p.getVarBytes(2)) |
| 600 elif self.cipherSuite in CipherSuite.certSuites: | 620 elif self.cipherSuite in CipherSuite.certSuites: |
| 601 if self.version in ((3,1), (3,2)): | 621 if self.version in ((3,1), (3,2), (3,3)): |
| 602 self.encryptedPreMasterSecret = p.getVarBytes(2) | 622 self.encryptedPreMasterSecret = p.getVarBytes(2) |
| 603 elif self.version == (3,0): | 623 elif self.version == (3,0): |
| 604 self.encryptedPreMasterSecret = \ | 624 self.encryptedPreMasterSecret = \ |
| 605 p.getFixBytes(len(p.bytes)-p.index) | 625 p.getFixBytes(len(p.bytes)-p.index) |
| 606 else: | 626 else: |
| 607 raise AssertionError() | 627 raise AssertionError() |
| 608 elif self.cipherSuite in CipherSuite.dhAllSuites: | 628 elif self.cipherSuite in CipherSuite.dhAllSuites: |
| 609 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) | 629 self.dh_Yc = bytesToNumber(p.getVarBytes(2)) |
| 610 else: | 630 else: |
| 611 raise AssertionError() | 631 raise AssertionError() |
| 612 p.stopLengthCheck() | 632 p.stopLengthCheck() |
| 613 return self | 633 return self |
| 614 | 634 |
| 615 def write(self): | 635 def write(self): |
| 616 w = Writer() | 636 w = Writer() |
| 617 if self.cipherSuite in CipherSuite.srpAllSuites: | 637 if self.cipherSuite in CipherSuite.srpAllSuites: |
| 618 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) | 638 w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) |
| 619 elif self.cipherSuite in CipherSuite.certSuites: | 639 elif self.cipherSuite in CipherSuite.certSuites: |
| 620 if self.version in ((3,1), (3,2)): | 640 if self.version in ((3,1), (3,2), (3,3)): |
| 621 w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) | 641 w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) |
| 622 elif self.version == (3,0): | 642 elif self.version == (3,0): |
| 623 w.addFixSeq(self.encryptedPreMasterSecret, 1) | 643 w.addFixSeq(self.encryptedPreMasterSecret, 1) |
| 624 else: | 644 else: |
| 625 raise AssertionError() | 645 raise AssertionError() |
| 626 elif self.cipherSuite in CipherSuite.anonSuites: | 646 elif self.cipherSuite in CipherSuite.anonSuites: |
| 627 w.addVarSeq(numberToByteArray(self.dh_Yc), 1, 2) | 647 w.addVarSeq(numberToByteArray(self.dh_Yc), 1, 2) |
| 628 else: | 648 else: |
| 629 raise AssertionError() | 649 raise AssertionError() |
| 630 return self.postWrite(w) | 650 return self.postWrite(w) |
| 631 | 651 |
| 632 class CertificateVerify(HandshakeMsg): | 652 class CertificateVerify(HandshakeMsg): |
| 633 def __init__(self): | 653 def __init__(self, version): |
| 634 HandshakeMsg.__init__(self, HandshakeType.certificate_verify) | 654 HandshakeMsg.__init__(self, HandshakeType.certificate_verify) |
| 655 self.version = version |
| 656 self.signature_algorithm = None |
| 635 self.signature = bytearray(0) | 657 self.signature = bytearray(0) |
| 636 | 658 |
| 637 def create(self, signature): | 659 def create(self, signature_algorithm, signature): |
| 660 self.signature_algorithm = signature_algorithm |
| 638 self.signature = signature | 661 self.signature = signature |
| 639 return self | 662 return self |
| 640 | 663 |
| 641 def parse(self, p): | 664 def parse(self, p): |
| 642 p.startLengthCheck(3) | 665 p.startLengthCheck(3) |
| 666 if self.version >= (3,3): |
| 667 self.signature_algorithm = (p.get(1), p.get(1)) |
| 643 self.signature = p.getVarBytes(2) | 668 self.signature = p.getVarBytes(2) |
| 644 p.stopLengthCheck() | 669 p.stopLengthCheck() |
| 645 return self | 670 return self |
| 646 | 671 |
| 647 def write(self): | 672 def write(self): |
| 648 w = Writer() | 673 w = Writer() |
| 674 if self.version >= (3,3): |
| 675 w.add(self.signature_algorithm[0], 1) |
| 676 w.add(self.signature_algorithm[1], 1) |
| 649 w.addVarSeq(self.signature, 1, 2) | 677 w.addVarSeq(self.signature, 1, 2) |
| 650 return self.postWrite(w) | 678 return self.postWrite(w) |
| 651 | 679 |
| 652 class ChangeCipherSpec(object): | 680 class ChangeCipherSpec(object): |
| 653 def __init__(self): | 681 def __init__(self): |
| 654 self.contentType = ContentType.change_cipher_spec | 682 self.contentType = ContentType.change_cipher_spec |
| 655 self.type = 1 | 683 self.type = 1 |
| 656 | 684 |
| 657 def create(self): | 685 def create(self): |
| 658 self.type = 1 | 686 self.type = 1 |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 700 self.verify_data = bytearray(0) | 728 self.verify_data = bytearray(0) |
| 701 | 729 |
| 702 def create(self, verify_data): | 730 def create(self, verify_data): |
| 703 self.verify_data = verify_data | 731 self.verify_data = verify_data |
| 704 return self | 732 return self |
| 705 | 733 |
| 706 def parse(self, p): | 734 def parse(self, p): |
| 707 p.startLengthCheck(3) | 735 p.startLengthCheck(3) |
| 708 if self.version == (3,0): | 736 if self.version == (3,0): |
| 709 self.verify_data = p.getFixBytes(36) | 737 self.verify_data = p.getFixBytes(36) |
| 710 elif self.version in ((3,1), (3,2)): | 738 elif self.version in ((3,1), (3,2), (3,3)): |
| 711 self.verify_data = p.getFixBytes(12) | 739 self.verify_data = p.getFixBytes(12) |
| 712 else: | 740 else: |
| 713 raise AssertionError() | 741 raise AssertionError() |
| 714 p.stopLengthCheck() | 742 p.stopLengthCheck() |
| 715 return self | 743 return self |
| 716 | 744 |
| 717 def write(self): | 745 def write(self): |
| 718 w = Writer() | 746 w = Writer() |
| 719 w.addFixSeq(self.verify_data, 1) | 747 w.addFixSeq(self.verify_data, 1) |
| 720 return self.postWrite(w) | 748 return self.postWrite(w) |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 754 newMsg = ApplicationData().create(self.bytes[:1]) | 782 newMsg = ApplicationData().create(self.bytes[:1]) |
| 755 self.bytes = self.bytes[1:] | 783 self.bytes = self.bytes[1:] |
| 756 return newMsg | 784 return newMsg |
| 757 | 785 |
| 758 def parse(self, p): | 786 def parse(self, p): |
| 759 self.bytes = p.bytes | 787 self.bytes = p.bytes |
| 760 return self | 788 return self |
| 761 | 789 |
| 762 def write(self): | 790 def write(self): |
| 763 return self.bytes | 791 return self.bytes |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 858373002:
Update third_party/tlslite to 0.4.8. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master