Chromium Code Reviews Chromium Code Reviews
Issue 875683002:
Implement AES-GCM in tlslite. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 # Authors: | 1 # Authors: |
| 2 # Trevor Perrin | 2 # Trevor Perrin |
| 3 # Dave Baggett (Arcode Corporation) - cleanup handling of constants | 3 # Dave Baggett (Arcode Corporation) - cleanup handling of constants |
| 4 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 4 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
| 5 # | 5 # |
| 6 # See the LICENSE file for legal information regarding use of this file. | 6 # See the LICENSE file for legal information regarding use of this file. |
| 7 | 7 |
| 8 """Class for setting handshake parameters.""" | 8 """Class for setting handshake parameters.""" |
| 9 | 9 |
| 10 from .constants import CertificateType | 10 from .constants import CertificateType |
| 11 from .utils import cryptomath | 11 from .utils import cryptomath |
| 12 from .utils import cipherfactory | 12 from .utils import cipherfactory |
| 13 | 13 |
| 14 # RC4 is preferred as faster in Python, works in SSL3, and immune to CBC | 14 CIPHER_NAMES = ["aes128gcm", "rc4", "aes256", "aes128", "3des"] |
| 15 # issues such as timing attacks | 15 MAC_NAMES = ["sha", "sha256", "aead"] # Don't allow "md5" by default. |
|
davidben
2015/01/25 02:43:41
This and similar comments removed because I'm pret
| |
| 16 CIPHER_NAMES = ["rc4", "aes256", "aes128", "3des"] | 16 ALL_MAC_NAMES = MAC_NAMES + ["md5"] |
| 17 MAC_NAMES = ["sha", "sha256"] # Don't allow "md5" by default. | |
| 18 ALL_MAC_NAMES = ["sha", "sha256", "md5"] | |
| 19 KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"] | 17 KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"] |
| 20 CIPHER_IMPLEMENTATIONS = ["openssl", "pycrypto", "python"] | 18 CIPHER_IMPLEMENTATIONS = ["openssl", "pycrypto", "python"] |
| 21 CERTIFICATE_TYPES = ["x509"] | 19 CERTIFICATE_TYPES = ["x509"] |
| 22 TLS_INTOLERANCE_TYPES = ["alert", "close", "reset"] | 20 TLS_INTOLERANCE_TYPES = ["alert", "close", "reset"] |
| 23 | 21 |
| 24 class HandshakeSettings(object): | 22 class HandshakeSettings(object): |
| 25 """This class encapsulates various parameters that can be used with | 23 """This class encapsulates various parameters that can be used with |
| 26 a TLS handshake. | 24 a TLS handshake. |
| 27 @sort: minKeySize, maxKeySize, cipherNames, macNames, certificateTypes, | 25 @sort: minKeySize, maxKeySize, cipherNames, macNames, certificateTypes, |
| 28 minVersion, maxVersion | 26 minVersion, maxVersion |
| 29 | 27 |
| 30 @type minKeySize: int | 28 @type minKeySize: int |
| 31 @ivar minKeySize: The minimum bit length for asymmetric keys. | 29 @ivar minKeySize: The minimum bit length for asymmetric keys. |
| 32 | 30 |
| 33 If the other party tries to use SRP, RSA, or Diffie-Hellman | 31 If the other party tries to use SRP, RSA, or Diffie-Hellman |
| 34 parameters smaller than this length, an alert will be | 32 parameters smaller than this length, an alert will be |
| 35 signalled. The default is 1023. | 33 signalled. The default is 1023. |
| 36 | 34 |
| 37 @type maxKeySize: int | 35 @type maxKeySize: int |
| 38 @ivar maxKeySize: The maximum bit length for asymmetric keys. | 36 @ivar maxKeySize: The maximum bit length for asymmetric keys. |
| 39 | 37 |
| 40 If the other party tries to use SRP, RSA, or Diffie-Hellman | 38 If the other party tries to use SRP, RSA, or Diffie-Hellman |
| 41 parameters larger than this length, an alert will be signalled. | 39 parameters larger than this length, an alert will be signalled. |
| 42 The default is 8193. | 40 The default is 8193. |
| 43 | 41 |
| 44 @type cipherNames: list | 42 @type cipherNames: list |
| 45 @ivar cipherNames: The allowed ciphers, in order of preference. | 43 @ivar cipherNames: The allowed ciphers. |
| 46 | 44 |
| 47 The allowed values in this list are 'aes256', 'aes128', '3des', and | 45 The allowed values in this list are 'aes256', 'aes128', '3des', and |
| 48 'rc4'. If these settings are used with a client handshake, they | 46 'rc4'. If these settings are used with a client handshake, they |
| 49 determine the order of the ciphersuites offered in the ClientHello | 47 determine the order of the ciphersuites offered in the ClientHello |
| 50 message. | 48 message. |
| 51 | 49 |
| 52 If these settings are used with a server handshake, the server will | 50 If these settings are used with a server handshake, the server will |
| 53 choose whichever ciphersuite matches the earliest entry in this | 51 choose whichever ciphersuite matches the earliest entry in this |
| 54 list. | 52 list. |
| 55 | 53 |
| 56 NOTE: If '3des' is used in this list, but TLS Lite can't find an | 54 NOTE: If '3des' is used in this list, but TLS Lite can't find an |
| 57 add-on library that supports 3DES, then '3des' will be silently | 55 add-on library that supports 3DES, then '3des' will be silently |
| 58 removed. | 56 removed. |
| 59 | 57 |
| 60 The default value is ['rc4', 'aes256', 'aes128', '3des']. | 58 The default value is ['rc4', 'aes256', 'aes128', '3des']. |
| 61 | 59 |
| 62 @type macNames: list | 60 @type macNames: list |
| 63 @ivar macNames: The allowed MAC algorithms. | 61 @ivar macNames: The allowed MAC algorithms. |
| 64 | 62 |
| 65 The allowed values in this list are 'sha' and 'md5'. | 63 The allowed values in this list are 'sha' and 'md5'. |
| 66 | 64 |
| 67 The default value is ['sha']. | 65 The default value is ['sha']. |
| 68 | 66 |
| 69 | 67 |
| 70 @type certificateTypes: list | 68 @type certificateTypes: list |
| 71 @ivar certificateTypes: The allowed certificate types, in order of | 69 @ivar certificateTypes: The allowed certificate types. |
| 72 preference. | |
| 73 | 70 |
| 74 The only allowed certificate type is 'x509'. This list is only used with a | 71 The only allowed certificate type is 'x509'. This list is only used with a |
| 75 client handshake. The client will advertise to the server which certificate | 72 client handshake. The client will advertise to the server which certificate |
| 76 types are supported, and will check that the server uses one of the | 73 types are supported, and will check that the server uses one of the |
| 77 appropriate types. | 74 appropriate types. |
| 78 | 75 |
| 79 | 76 |
| 80 @type minVersion: tuple | 77 @type minVersion: tuple |
| 81 @ivar minVersion: The minimum allowed SSL/TLS version. | 78 @ivar minVersion: The minimum allowed SSL/TLS version. |
| 82 | 79 |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 190 | 187 |
| 191 if other.minVersion > other.maxVersion: | 188 if other.minVersion > other.maxVersion: |
| 192 raise ValueError("Versions set incorrectly") | 189 raise ValueError("Versions set incorrectly") |
| 193 | 190 |
| 194 if not other.minVersion in ((3,0), (3,1), (3,2), (3,3)): | 191 if not other.minVersion in ((3,0), (3,1), (3,2), (3,3)): |
| 195 raise ValueError("minVersion set incorrectly") | 192 raise ValueError("minVersion set incorrectly") |
| 196 | 193 |
| 197 if not other.maxVersion in ((3,0), (3,1), (3,2), (3,3)): | 194 if not other.maxVersion in ((3,0), (3,1), (3,2), (3,3)): |
| 198 raise ValueError("maxVersion set incorrectly") | 195 raise ValueError("maxVersion set incorrectly") |
| 199 | 196 |
| 200 if other.maxVersion < (3,3): | |
| 201 # No sha256 pre TLS 1.2 | |
| 202 other.macNames = [e for e in self.macNames if e != "sha256"] | |
|
davidben
2015/01/25 02:43:41
Moved to constants.py to handle the server end too
| |
| 203 | |
| 204 return other | 197 return other |
| 205 | 198 |
| 206 def _getCertificateTypes(self): | 199 def _getCertificateTypes(self): |
| 207 l = [] | 200 l = [] |
| 208 for ct in self.certificateTypes: | 201 for ct in self.certificateTypes: |
| 209 if ct == "x509": | 202 if ct == "x509": |
| 210 l.append(CertificateType.x509) | 203 l.append(CertificateType.x509) |
| 211 else: | 204 else: |
| 212 raise AssertionError() | 205 raise AssertionError() |
| 213 return l | 206 return l |
| OLD | NEW |
