OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
| 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
7 # | 8 # |
8 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
9 | 10 |
10 """ | 11 """ |
11 MAIN CLASS FOR TLS LITE (START HERE!). | 12 MAIN CLASS FOR TLS LITE (START HERE!). |
12 """ | 13 """ |
13 | 14 |
14 import socket | 15 import socket |
15 from .utils.compat import formatExceptionTrace | 16 from .utils.compat import formatExceptionTrace |
16 from .tlsrecordlayer import TLSRecordLayer | 17 from .tlsrecordlayer import TLSRecordLayer |
17 from .session import Session | 18 from .session import Session |
18 from .constants import * | 19 from .constants import * |
19 from .utils.cryptomath import getRandomBytes | 20 from .utils.cryptomath import getRandomBytes |
20 from .errors import * | 21 from .errors import * |
21 from .messages import * | 22 from .messages import * |
22 from .mathtls import * | 23 from .mathtls import * |
23 from .handshakesettings import HandshakeSettings | 24 from .handshakesettings import HandshakeSettings |
24 from .utils.tackwrapper import * | 25 from .utils.tackwrapper import * |
| 26 from .utils.rsakey import RSAKey |
25 | 27 |
26 class KeyExchange(object): | 28 class KeyExchange(object): |
27 def __init__(self, cipherSuite, clientHello, serverHello, privateKey): | 29 def __init__(self, cipherSuite, clientHello, serverHello, privateKey): |
28 """ | 30 """ |
29 Initializes the KeyExchange. privateKey is the signing private key. | 31 Initializes the KeyExchange. privateKey is the signing private key. |
30 """ | 32 """ |
31 self.cipherSuite = cipherSuite | 33 self.cipherSuite = cipherSuite |
32 self.clientHello = clientHello | 34 self.clientHello = clientHello |
33 self.serverHello = serverHello | 35 self.serverHello = serverHello |
34 self.privateKey = privateKey | 36 self.privateKey = privateKey |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
95 | 97 |
96 # RFC 3526, Section 8. | 98 # RFC 3526, Section 8. |
97 strength = 160 | 99 strength = 160 |
98 | 100 |
99 def makeServerKeyExchange(self): | 101 def makeServerKeyExchange(self): |
100 # Per RFC 3526, Section 1, the exponent should have double the entropy | 102 # Per RFC 3526, Section 1, the exponent should have double the entropy |
101 # of the strength of the curve. | 103 # of the strength of the curve. |
102 self.dh_Xs = bytesToNumber(getRandomBytes(self.strength * 2 / 8)) | 104 self.dh_Xs = bytesToNumber(getRandomBytes(self.strength * 2 / 8)) |
103 dh_Ys = powMod(self.dh_g, self.dh_Xs, self.dh_p) | 105 dh_Ys = powMod(self.dh_g, self.dh_Xs, self.dh_p) |
104 | 106 |
105 serverKeyExchange = ServerKeyExchange(self.cipherSuite) | 107 version = self.serverHello.server_version |
| 108 serverKeyExchange = ServerKeyExchange(self.cipherSuite, version) |
106 serverKeyExchange.createDH(self.dh_p, self.dh_g, dh_Ys) | 109 serverKeyExchange.createDH(self.dh_p, self.dh_g, dh_Ys) |
107 serverKeyExchange.signature = self.privateKey.sign( | 110 hashBytes = serverKeyExchange.hash(self.clientHello.random, |
108 serverKeyExchange.hash(self.clientHello.random, | 111 self.serverHello.random) |
109 self.serverHello.random)) | 112 if version >= (3,3): |
| 113 # TODO: Signature algorithm negotiation not supported. |
| 114 hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes) |
| 115 serverKeyExchange.signature = self.privateKey.sign(hashBytes) |
110 return serverKeyExchange | 116 return serverKeyExchange |
111 | 117 |
112 def processClientKeyExchange(self, clientKeyExchange): | 118 def processClientKeyExchange(self, clientKeyExchange): |
113 dh_Yc = clientKeyExchange.dh_Yc | 119 dh_Yc = clientKeyExchange.dh_Yc |
114 | 120 |
115 # First half of RFC 2631, Section 2.1.5. Validate the client's public | 121 # First half of RFC 2631, Section 2.1.5. Validate the client's public |
116 # key. | 122 # key. |
117 if not 2 <= dh_Yc <= self.dh_p - 1: | 123 if not 2 <= dh_Yc <= self.dh_p - 1: |
118 raise TLSLocalAlert(AlertDescription.illegal_parameter, | 124 raise TLSLocalAlert(AlertDescription.illegal_parameter, |
119 "Invalid dh_Yc value") | 125 "Invalid dh_Yc value") |
(...skipping 469 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
589 | 595 |
590 | 596 |
591 def _clientSendClientHello(self, settings, session, srpUsername, | 597 def _clientSendClientHello(self, settings, session, srpUsername, |
592 srpParams, certParams, anonParams, | 598 srpParams, certParams, anonParams, |
593 serverName, nextProtos, reqTack): | 599 serverName, nextProtos, reqTack): |
594 #Initialize acceptable ciphersuites | 600 #Initialize acceptable ciphersuites |
595 cipherSuites = [CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] | 601 cipherSuites = [CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] |
596 if srpParams: | 602 if srpParams: |
597 cipherSuites += CipherSuite.getSrpAllSuites(settings) | 603 cipherSuites += CipherSuite.getSrpAllSuites(settings) |
598 elif certParams: | 604 elif certParams: |
599 cipherSuites += CipherSuite.getCertSuites(settings) | |
600 # TODO: Client DHE_RSA not supported. | 605 # TODO: Client DHE_RSA not supported. |
601 # cipherSuites += CipherSuite.getDheCertSuites(settings) | 606 # cipherSuites += CipherSuite.getDheCertSuites(settings) |
| 607 cipherSuites += CipherSuite.getCertSuites(settings) |
602 elif anonParams: | 608 elif anonParams: |
603 cipherSuites += CipherSuite.getAnonSuites(settings) | 609 cipherSuites += CipherSuite.getAnonSuites(settings) |
604 else: | 610 else: |
605 assert(False) | 611 assert(False) |
606 | 612 |
607 #Initialize acceptable certificate types | 613 #Initialize acceptable certificate types |
608 certificateTypes = settings._getCertificateTypes() | 614 certificateTypes = settings._getCertificateTypes() |
609 | 615 |
610 #Either send ClientHello (with a resumable session)... | 616 #Either send ClientHello (with a resumable session)... |
611 if session and session.sessionID: | 617 if session and session.sessionID: |
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
943 #Send ClientKeyExchange | 949 #Send ClientKeyExchange |
944 clientKeyExchange = ClientKeyExchange(cipherSuite, | 950 clientKeyExchange = ClientKeyExchange(cipherSuite, |
945 self.version) | 951 self.version) |
946 clientKeyExchange.createRSA(encryptedPreMasterSecret) | 952 clientKeyExchange.createRSA(encryptedPreMasterSecret) |
947 for result in self._sendMsg(clientKeyExchange): | 953 for result in self._sendMsg(clientKeyExchange): |
948 yield result | 954 yield result |
949 | 955 |
950 #If client authentication was requested and we have a | 956 #If client authentication was requested and we have a |
951 #private key, send CertificateVerify | 957 #private key, send CertificateVerify |
952 if certificateRequest and privateKey: | 958 if certificateRequest and privateKey: |
| 959 signatureAlgorithm = None |
953 if self.version == (3,0): | 960 if self.version == (3,0): |
954 masterSecret = calcMasterSecret(self.version, | 961 masterSecret = calcMasterSecret(self.version, |
955 premasterSecret, | 962 premasterSecret, |
956 clientRandom, | 963 clientRandom, |
957 serverRandom) | 964 serverRandom) |
958 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") | 965 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
959 elif self.version in ((3,1), (3,2)): | 966 elif self.version in ((3,1), (3,2)): |
960 verifyBytes = self._handshake_md5.digest() + \ | 967 verifyBytes = self._handshake_md5.digest() + \ |
961 self._handshake_sha.digest() | 968 self._handshake_sha.digest() |
| 969 elif self.version == (3,3): |
| 970 # TODO: Signature algorithm negotiation not supported. |
| 971 signatureAlgorithm = (HashAlgorithm.sha1, SignatureAlgorithm.rsa
) |
| 972 verifyBytes = self._handshake_sha.digest() |
| 973 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) |
962 if self.fault == Fault.badVerifyMessage: | 974 if self.fault == Fault.badVerifyMessage: |
963 verifyBytes[0] = ((verifyBytes[0]+1) % 256) | 975 verifyBytes[0] = ((verifyBytes[0]+1) % 256) |
964 signedBytes = privateKey.sign(verifyBytes) | 976 signedBytes = privateKey.sign(verifyBytes) |
965 certificateVerify = CertificateVerify() | 977 certificateVerify = CertificateVerify(self.version) |
966 certificateVerify.create(signedBytes) | 978 certificateVerify.create(signatureAlgorithm, signedBytes) |
967 for result in self._sendMsg(certificateVerify): | 979 for result in self._sendMsg(certificateVerify): |
968 yield result | 980 yield result |
969 yield (premasterSecret, serverCertChain, clientCertChain, tackExt) | 981 yield (premasterSecret, serverCertChain, clientCertChain, tackExt) |
970 | 982 |
971 def _clientAnonKeyExchange(self, settings, cipherSuite, clientRandom, | 983 def _clientAnonKeyExchange(self, settings, cipherSuite, clientRandom, |
972 serverRandom): | 984 serverRandom): |
973 for result in self._getMsg(ContentType.handshake, | 985 for result in self._getMsg(ContentType.handshake, |
974 HandshakeType.server_key_exchange, cipherSuite): | 986 HandshakeType.server_key_exchange, cipherSuite): |
975 if result in (0,1): yield result | 987 if result in (0,1): yield result |
976 else: break | 988 else: break |
(...skipping 397 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1374 def _serverGetClientHello(self, settings, certChain, verifierDB, | 1386 def _serverGetClientHello(self, settings, certChain, verifierDB, |
1375 sessionCache, anon, fallbackSCSV): | 1387 sessionCache, anon, fallbackSCSV): |
1376 #Initialize acceptable cipher suites | 1388 #Initialize acceptable cipher suites |
1377 cipherSuites = [] | 1389 cipherSuites = [] |
1378 if verifierDB: | 1390 if verifierDB: |
1379 if certChain: | 1391 if certChain: |
1380 cipherSuites += \ | 1392 cipherSuites += \ |
1381 CipherSuite.getSrpCertSuites(settings) | 1393 CipherSuite.getSrpCertSuites(settings) |
1382 cipherSuites += CipherSuite.getSrpSuites(settings) | 1394 cipherSuites += CipherSuite.getSrpSuites(settings) |
1383 elif certChain: | 1395 elif certChain: |
| 1396 cipherSuites += CipherSuite.getDheCertSuites(settings) |
1384 cipherSuites += CipherSuite.getCertSuites(settings) | 1397 cipherSuites += CipherSuite.getCertSuites(settings) |
1385 cipherSuites += CipherSuite.getDheCertSuites(settings) | |
1386 elif anon: | 1398 elif anon: |
1387 cipherSuites += CipherSuite.getAnonSuites(settings) | 1399 cipherSuites += CipherSuite.getAnonSuites(settings) |
1388 else: | 1400 else: |
1389 assert(False) | 1401 assert(False) |
1390 | 1402 |
1391 #Tentatively set version to most-desirable version, so if an error | 1403 #Tentatively set version to most-desirable version, so if an error |
1392 #occurs parsing the ClientHello, this is what we'll use for the | 1404 #occurs parsing the ClientHello, this is what we'll use for the |
1393 #error alert | 1405 #error alert |
1394 self.version = settings.maxVersion | 1406 self.version = settings.maxVersion |
1395 | 1407 |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1505 self.session = session | 1517 self.session = session |
1506 | 1518 |
1507 yield None # Handshake done! | 1519 yield None # Handshake done! |
1508 | 1520 |
1509 #Calculate the first cipher suite intersection. | 1521 #Calculate the first cipher suite intersection. |
1510 #This is the 'privileged' ciphersuite. We'll use it if we're | 1522 #This is the 'privileged' ciphersuite. We'll use it if we're |
1511 #doing a new negotiation. In fact, | 1523 #doing a new negotiation. In fact, |
1512 #the only time we won't use it is if we're resuming a | 1524 #the only time we won't use it is if we're resuming a |
1513 #session, in which case we use the ciphersuite from the session. | 1525 #session, in which case we use the ciphersuite from the session. |
1514 # | 1526 # |
1515 #Use the client's preferences for now. | 1527 #Given the current ciphersuite ordering, this means we prefer SRP |
1516 for cipherSuite in clientHello.cipher_suites: | 1528 #over non-SRP. |
1517 if cipherSuite in cipherSuites: | 1529 for cipherSuite in cipherSuites: |
| 1530 if cipherSuite in clientHello.cipher_suites: |
1518 break | 1531 break |
1519 else: | 1532 else: |
1520 for result in self._sendError(\ | 1533 for result in self._sendError(\ |
1521 AlertDescription.handshake_failure, | 1534 AlertDescription.handshake_failure, |
1522 "No mutual ciphersuite"): | 1535 "No mutual ciphersuite"): |
1523 yield result | 1536 yield result |
1524 if cipherSuite in CipherSuite.srpAllSuites and \ | 1537 if cipherSuite in CipherSuite.srpAllSuites and \ |
1525 not clientHello.srp_username: | 1538 not clientHello.srp_username: |
1526 for result in self._sendError(\ | 1539 for result in self._sendError(\ |
1527 AlertDescription.unknown_psk_identity, | 1540 AlertDescription.unknown_psk_identity, |
(...skipping 26 matching lines...) Expand all Loading... |
1554 AlertDescription.unknown_psk_identity): | 1567 AlertDescription.unknown_psk_identity): |
1555 yield result | 1568 yield result |
1556 (N, g, s, v) = entry | 1569 (N, g, s, v) = entry |
1557 | 1570 |
1558 #Calculate server's ephemeral DH values (b, B) | 1571 #Calculate server's ephemeral DH values (b, B) |
1559 b = bytesToNumber(getRandomBytes(32)) | 1572 b = bytesToNumber(getRandomBytes(32)) |
1560 k = makeK(N, g) | 1573 k = makeK(N, g) |
1561 B = (powMod(g, b, N) + (k*v)) % N | 1574 B = (powMod(g, b, N) + (k*v)) % N |
1562 | 1575 |
1563 #Create ServerKeyExchange, signing it if necessary | 1576 #Create ServerKeyExchange, signing it if necessary |
1564 serverKeyExchange = ServerKeyExchange(cipherSuite) | 1577 serverKeyExchange = ServerKeyExchange(cipherSuite, self.version) |
1565 serverKeyExchange.createSRP(N, g, s, B) | 1578 serverKeyExchange.createSRP(N, g, s, B) |
1566 if cipherSuite in CipherSuite.srpCertSuites: | 1579 if cipherSuite in CipherSuite.srpCertSuites: |
1567 hashBytes = serverKeyExchange.hash(clientHello.random, | 1580 hashBytes = serverKeyExchange.hash(clientHello.random, |
1568 serverHello.random) | 1581 serverHello.random) |
1569 serverKeyExchange.signature = privateKey.sign(hashBytes) | 1582 serverKeyExchange.signature = privateKey.sign(hashBytes) |
1570 | 1583 |
1571 #Send ServerHello[, Certificate], ServerKeyExchange, | 1584 #Send ServerHello[, Certificate], ServerKeyExchange, |
1572 #ServerHelloDone | 1585 #ServerHelloDone |
1573 msgs = [] | 1586 msgs = [] |
1574 msgs.append(serverHello) | 1587 msgs.append(serverHello) |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1624 if serverHello.status_request: | 1637 if serverHello.status_request: |
1625 msgs.append(CertificateStatus().create(ocspResponse)) | 1638 msgs.append(CertificateStatus().create(ocspResponse)) |
1626 serverKeyExchange = keyExchange.makeServerKeyExchange() | 1639 serverKeyExchange = keyExchange.makeServerKeyExchange() |
1627 if serverKeyExchange is not None: | 1640 if serverKeyExchange is not None: |
1628 msgs.append(serverKeyExchange) | 1641 msgs.append(serverKeyExchange) |
1629 if reqCert: | 1642 if reqCert: |
1630 reqCAs = reqCAs or [] | 1643 reqCAs = reqCAs or [] |
1631 #Apple's Secure Transport library rejects empty certificate_types, | 1644 #Apple's Secure Transport library rejects empty certificate_types, |
1632 #so default to rsa_sign. | 1645 #so default to rsa_sign. |
1633 reqCertTypes = reqCertTypes or [ClientCertificateType.rsa_sign] | 1646 reqCertTypes = reqCertTypes or [ClientCertificateType.rsa_sign] |
1634 msgs.append(CertificateRequest().create(reqCertTypes, reqCAs)) | 1647 #Only SHA-1 + RSA is supported. |
| 1648 sigAlgs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)] |
| 1649 msgs.append(CertificateRequest(self.version).create(reqCertTypes, |
| 1650 reqCAs, |
| 1651 sigAlgs)) |
1635 msgs.append(ServerHelloDone()) | 1652 msgs.append(ServerHelloDone()) |
1636 for result in self._sendMsgs(msgs): | 1653 for result in self._sendMsgs(msgs): |
1637 yield result | 1654 yield result |
1638 | 1655 |
1639 #From here on, the client's messages must have the right version | 1656 #From here on, the client's messages must have the right version |
1640 self._versionCheck = True | 1657 self._versionCheck = True |
1641 | 1658 |
1642 #Get [Certificate,] (if was requested) | 1659 #Get [Certificate,] (if was requested) |
1643 if reqCert: | 1660 if reqCert: |
1644 if self.version == (3,0): | 1661 if self.version == (3,0): |
(...skipping 12 matching lines...) Expand all Loading... |
1657 AlertDescription.no_certificate: | 1674 AlertDescription.no_certificate: |
1658 self._shutdown(False) | 1675 self._shutdown(False) |
1659 raise TLSRemoteAlert(alert) | 1676 raise TLSRemoteAlert(alert) |
1660 elif isinstance(msg, Certificate): | 1677 elif isinstance(msg, Certificate): |
1661 clientCertificate = msg | 1678 clientCertificate = msg |
1662 if clientCertificate.certChain and \ | 1679 if clientCertificate.certChain and \ |
1663 clientCertificate.certChain.getNumCerts()!=0: | 1680 clientCertificate.certChain.getNumCerts()!=0: |
1664 clientCertChain = clientCertificate.certChain | 1681 clientCertChain = clientCertificate.certChain |
1665 else: | 1682 else: |
1666 raise AssertionError() | 1683 raise AssertionError() |
1667 elif self.version in ((3,1), (3,2)): | 1684 elif self.version in ((3,1), (3,2), (3,3)): |
1668 for result in self._getMsg(ContentType.handshake, | 1685 for result in self._getMsg(ContentType.handshake, |
1669 HandshakeType.certificate, | 1686 HandshakeType.certificate, |
1670 CertificateType.x509): | 1687 CertificateType.x509): |
1671 if result in (0,1): yield result | 1688 if result in (0,1): yield result |
1672 else: break | 1689 else: break |
1673 clientCertificate = result | 1690 clientCertificate = result |
1674 if clientCertificate.certChain and \ | 1691 if clientCertificate.certChain and \ |
1675 clientCertificate.certChain.getNumCerts()!=0: | 1692 clientCertificate.certChain.getNumCerts()!=0: |
1676 clientCertChain = clientCertificate.certChain | 1693 clientCertChain = clientCertificate.certChain |
1677 else: | 1694 else: |
(...skipping 17 matching lines...) Expand all Loading... |
1695 | 1712 |
1696 #Get and check CertificateVerify, if relevant | 1713 #Get and check CertificateVerify, if relevant |
1697 if clientCertChain: | 1714 if clientCertChain: |
1698 if self.version == (3,0): | 1715 if self.version == (3,0): |
1699 masterSecret = calcMasterSecret(self.version, premasterSecret, | 1716 masterSecret = calcMasterSecret(self.version, premasterSecret, |
1700 clientHello.random, serverHello.random) | 1717 clientHello.random, serverHello.random) |
1701 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") | 1718 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
1702 elif self.version in ((3,1), (3,2)): | 1719 elif self.version in ((3,1), (3,2)): |
1703 verifyBytes = self._handshake_md5.digest() + \ | 1720 verifyBytes = self._handshake_md5.digest() + \ |
1704 self._handshake_sha.digest() | 1721 self._handshake_sha.digest() |
| 1722 elif self.version == (3,3): |
| 1723 verifyBytes = self._handshake_sha.digest() |
| 1724 verifyBytes = RSAKey.addPKCS1SHA1Prefix(verifyBytes) |
1705 for result in self._getMsg(ContentType.handshake, | 1725 for result in self._getMsg(ContentType.handshake, |
1706 HandshakeType.certificate_verify): | 1726 HandshakeType.certificate_verify): |
1707 if result in (0,1): yield result | 1727 if result in (0,1): yield result |
1708 else: break | 1728 else: break |
1709 certificateVerify = result | 1729 certificateVerify = result |
1710 publicKey = clientCertChain.getEndEntityPublicKey() | 1730 publicKey = clientCertChain.getEndEntityPublicKey() |
1711 if len(publicKey) < settings.minKeySize: | 1731 if len(publicKey) < settings.minKeySize: |
1712 for result in self._sendError(\ | 1732 for result in self._sendError(\ |
1713 AlertDescription.handshake_failure, | 1733 AlertDescription.handshake_failure, |
1714 "Client's public key too small: %d" % len(publicKey)): | 1734 "Client's public key too small: %d" % len(publicKey)): |
(...skipping 15 matching lines...) Expand all Loading... |
1730 | 1750 |
1731 def _serverAnonKeyExchange(self, clientHello, serverHello, cipherSuite, | 1751 def _serverAnonKeyExchange(self, clientHello, serverHello, cipherSuite, |
1732 settings): | 1752 settings): |
1733 # Calculate DH p, g, Xs, Ys | 1753 # Calculate DH p, g, Xs, Ys |
1734 dh_p = getRandomSafePrime(32, False) | 1754 dh_p = getRandomSafePrime(32, False) |
1735 dh_g = getRandomNumber(2, dh_p) | 1755 dh_g = getRandomNumber(2, dh_p) |
1736 dh_Xs = bytesToNumber(getRandomBytes(32)) | 1756 dh_Xs = bytesToNumber(getRandomBytes(32)) |
1737 dh_Ys = powMod(dh_g, dh_Xs, dh_p) | 1757 dh_Ys = powMod(dh_g, dh_Xs, dh_p) |
1738 | 1758 |
1739 #Create ServerKeyExchange | 1759 #Create ServerKeyExchange |
1740 serverKeyExchange = ServerKeyExchange(cipherSuite) | 1760 serverKeyExchange = ServerKeyExchange(cipherSuite, self.version) |
1741 serverKeyExchange.createDH(dh_p, dh_g, dh_Ys) | 1761 serverKeyExchange.createDH(dh_p, dh_g, dh_Ys) |
1742 | 1762 |
1743 #Send ServerHello[, Certificate], ServerKeyExchange, | 1763 #Send ServerHello[, Certificate], ServerKeyExchange, |
1744 #ServerHelloDone | 1764 #ServerHelloDone |
1745 msgs = [] | 1765 msgs = [] |
1746 msgs.append(serverHello) | 1766 msgs.append(serverHello) |
1747 msgs.append(serverKeyExchange) | 1767 msgs.append(serverKeyExchange) |
1748 msgs.append(ServerHelloDone()) | 1768 msgs.append(ServerHelloDone()) |
1749 for result in self._sendMsgs(msgs): | 1769 for result in self._sendMsgs(msgs): |
1750 yield result | 1770 yield result |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1902 elif self.version in ((3,1), (3,2)): | 1922 elif self.version in ((3,1), (3,2)): |
1903 if (self._client and send) or (not self._client and not send): | 1923 if (self._client and send) or (not self._client and not send): |
1904 label = b"client finished" | 1924 label = b"client finished" |
1905 else: | 1925 else: |
1906 label = b"server finished" | 1926 label = b"server finished" |
1907 | 1927 |
1908 handshakeHashes = self._handshake_md5.digest() + \ | 1928 handshakeHashes = self._handshake_md5.digest() + \ |
1909 self._handshake_sha.digest() | 1929 self._handshake_sha.digest() |
1910 verifyData = PRF(masterSecret, label, handshakeHashes, 12) | 1930 verifyData = PRF(masterSecret, label, handshakeHashes, 12) |
1911 return verifyData | 1931 return verifyData |
| 1932 elif self.version == (3,3): |
| 1933 if (self._client and send) or (not self._client and not send): |
| 1934 label = b"client finished" |
| 1935 else: |
| 1936 label = b"server finished" |
| 1937 |
| 1938 handshakeHashes = self._handshake_sha256.digest() |
| 1939 verifyData = PRF_1_2(masterSecret, label, handshakeHashes, 12) |
| 1940 return verifyData |
1912 else: | 1941 else: |
1913 raise AssertionError() | 1942 raise AssertionError() |
1914 | 1943 |
1915 | 1944 |
1916 def _handshakeWrapperAsync(self, handshaker, checker): | 1945 def _handshakeWrapperAsync(self, handshaker, checker): |
1917 if not self.fault: | 1946 if not self.fault: |
1918 try: | 1947 try: |
1919 for result in handshaker: | 1948 for result in handshaker: |
1920 yield result | 1949 yield result |
1921 if checker: | 1950 if checker: |
(...skipping 10 matching lines...) Expand all Loading... |
1932 except TLSAlert as alert: | 1961 except TLSAlert as alert: |
1933 if not self.fault: | 1962 if not self.fault: |
1934 raise | 1963 raise |
1935 if alert.description not in Fault.faultAlerts[self.fault]: | 1964 if alert.description not in Fault.faultAlerts[self.fault]: |
1936 raise TLSFaultError(str(alert)) | 1965 raise TLSFaultError(str(alert)) |
1937 else: | 1966 else: |
1938 pass | 1967 pass |
1939 except: | 1968 except: |
1940 self._shutdown(False) | 1969 self._shutdown(False) |
1941 raise | 1970 raise |
OLD | NEW |