| OLD | NEW |
|---|
| 1 # Authors: | 1 # Authors: |
| 2 # Trevor Perrin | 2 # Trevor Perrin |
| 3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
| 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
| 5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
| 6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
| 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
| 8 # | 8 # |
| 9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
| 10 | 10 |
| (...skipping 1367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1378 | 1378 |
| 1379 #Add the session object to the session cache | 1379 #Add the session object to the session cache |
| 1380 if sessionCache and sessionID: | 1380 if sessionCache and sessionID: |
| 1381 sessionCache[sessionID] = self.session | 1381 sessionCache[sessionID] = self.session |
| 1382 | 1382 |
| 1383 self._handshakeDone(resumed=False) | 1383 self._handshakeDone(resumed=False) |
| 1384 | 1384 |
| 1385 | 1385 |
| 1386 def _serverGetClientHello(self, settings, certChain, verifierDB, | 1386 def _serverGetClientHello(self, settings, certChain, verifierDB, |
| 1387 sessionCache, anon, fallbackSCSV): | 1387 sessionCache, anon, fallbackSCSV): |
| 1388 #Initialize acceptable cipher suites | |
| 1389 cipherSuites = [] | |
| 1390 if verifierDB: | |
| 1391 if certChain: | |
| 1392 cipherSuites += \ | |
| 1393 CipherSuite.getSrpCertSuites(settings) | |
| 1394 cipherSuites += CipherSuite.getSrpSuites(settings) | |
| 1395 elif certChain: | |
| 1396 cipherSuites += CipherSuite.getDheCertSuites(settings) | |
| 1397 cipherSuites += CipherSuite.getCertSuites(settings) | |
| 1398 elif anon: | |
| 1399 cipherSuites += CipherSuite.getAnonSuites(settings) | |
| 1400 else: | |
| 1401 assert(False) | |
| 1402 | |
| 1403 #Tentatively set version to most-desirable version, so if an error | 1388 #Tentatively set version to most-desirable version, so if an error |
| 1404 #occurs parsing the ClientHello, this is what we'll use for the | 1389 #occurs parsing the ClientHello, this is what we'll use for the |
| 1405 #error alert | 1390 #error alert |
| 1406 self.version = settings.maxVersion | 1391 self.version = settings.maxVersion |
| 1407 | 1392 |
| 1408 #Get ClientHello | 1393 #Get ClientHello |
| 1409 for result in self._getMsg(ContentType.handshake, | 1394 for result in self._getMsg(ContentType.handshake, |
| 1410 HandshakeType.client_hello): | 1395 HandshakeType.client_hello): |
| 1411 if result in (0,1): yield result | 1396 if result in (0,1): yield result |
| 1412 else: break | 1397 else: break |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1444 #Detect if the client performed an inappropriate fallback. | 1429 #Detect if the client performed an inappropriate fallback. |
| 1445 elif fallbackSCSV and clientHello.client_version < settings.maxVersion: | 1430 elif fallbackSCSV and clientHello.client_version < settings.maxVersion: |
| 1446 self.version = clientHello.client_version | 1431 self.version = clientHello.client_version |
| 1447 if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: | 1432 if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: |
| 1448 for result in self._sendError(\ | 1433 for result in self._sendError(\ |
| 1449 AlertDescription.inappropriate_fallback): | 1434 AlertDescription.inappropriate_fallback): |
| 1450 yield result | 1435 yield result |
| 1451 | 1436 |
| 1452 else: | 1437 else: |
| 1453 #Set the version to the client's version | 1438 #Set the version to the client's version |
| 1454 self.version = clientHello.client_version | 1439 self.version = clientHello.client_version |
| 1440 |
| 1441 #Initialize acceptable cipher suites |
| 1442 cipherSuites = [] |
| 1443 if verifierDB: |
| 1444 if certChain: |
| 1445 cipherSuites += \ |
| 1446 CipherSuite.getSrpCertSuites(settings, self.version) |
| 1447 cipherSuites += CipherSuite.getSrpSuites(settings, self.version) |
| 1448 elif certChain: |
| 1449 cipherSuites += CipherSuite.getDheCertSuites(settings, self.version) |
| 1450 cipherSuites += CipherSuite.getCertSuites(settings, self.version) |
| 1451 elif anon: |
| 1452 cipherSuites += CipherSuite.getAnonSuites(settings, self.version) |
| 1453 else: |
| 1454 assert(False) |
| 1455 | 1455 |
| 1456 #If resumption was requested and we have a session cache... | 1456 #If resumption was requested and we have a session cache... |
| 1457 if clientHello.session_id and sessionCache: | 1457 if clientHello.session_id and sessionCache: |
| 1458 session = None | 1458 session = None |
| 1459 | 1459 |
| 1460 #Check in the session cache | 1460 #Check in the session cache |
| 1461 if sessionCache and not session: | 1461 if sessionCache and not session: |
| 1462 try: | 1462 try: |
| 1463 session = sessionCache[clientHello.session_id] | 1463 session = sessionCache[clientHello.session_id] |
| 1464 if not session.resumable: | 1464 if not session.resumable: |
| (...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1961 except TLSAlert as alert: | 1961 except TLSAlert as alert: |
| 1962 if not self.fault: | 1962 if not self.fault: |
| 1963 raise | 1963 raise |
| 1964 if alert.description not in Fault.faultAlerts[self.fault]: | 1964 if alert.description not in Fault.faultAlerts[self.fault]: |
| 1965 raise TLSFaultError(str(alert)) | 1965 raise TLSFaultError(str(alert)) |
| 1966 else: | 1966 else: |
| 1967 pass | 1967 pass |
| 1968 except: | 1968 except: |
| 1969 self._shutdown(False) | 1969 self._shutdown(False) |
| 1970 raise | 1970 raise |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 875683002:
Implement AES-GCM in tlslite. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master