• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Authors:
2#   Trevor Perrin
3#   Google - defining ClientCertificateType
4#   Google (adapted by Sam Rushing) - NPN support
5#   Dimitris Moraitis - Anon ciphersuites
6#   Dave Baggett (Arcode Corporation) - canonicalCipherName
7#
8# See the LICENSE file for legal information regarding use of this file.
9
10"""Constants used in various places."""
11
12class CertificateType:
13    x509 = 0
14    openpgp = 1
15
16class ClientCertificateType:
17    # http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2
18    rsa_sign = 1
19    dss_sign = 2
20    rsa_fixed_dh = 3
21    dss_fixed_dh = 4
22    ecdsa_sign = 64
23    rsa_fixed_ecdh = 65
24    ecdsa_fixed_ecdh = 66
25
26class HandshakeType:
27    hello_request = 0
28    client_hello = 1
29    server_hello = 2
30    certificate = 11
31    server_key_exchange = 12
32    certificate_request = 13
33    server_hello_done = 14
34    certificate_verify = 15
35    client_key_exchange = 16
36    finished = 20
37    certificate_status = 22
38    next_protocol = 67
39    encrypted_extensions = 203
40
41class ContentType:
42    change_cipher_spec = 20
43    alert = 21
44    handshake = 22
45    application_data = 23
46    all = (20,21,22,23)
47
48class CertificateStatusType:
49    ocsp = 1
50
51class ExtensionType:    # RFC 6066 / 4366
52    server_name = 0     # RFC 6066 / 4366
53    status_request = 5  # RFC 6066 / 4366
54    srp = 12            # RFC 5054
55    cert_type = 9       # RFC 6091
56    signed_cert_timestamps = 18  # RFC 6962
57    tack = 0xF300
58    supports_npn = 13172
59    channel_id = 30032
60
61class NameType:
62    host_name = 0
63
64class AlertLevel:
65    warning = 1
66    fatal = 2
67
68class AlertDescription:
69    """
70    @cvar bad_record_mac: A TLS record failed to decrypt properly.
71
72    If this occurs during a SRP handshake it most likely
73    indicates a bad password.  It may also indicate an implementation
74    error, or some tampering with the data in transit.
75
76    This alert will be signalled by the server if the SRP password is bad.  It
77    may also be signalled by the server if the SRP username is unknown to the
78    server, but it doesn't wish to reveal that fact.
79
80
81    @cvar handshake_failure: A problem occurred while handshaking.
82
83    This typically indicates a lack of common ciphersuites between client and
84    server, or some other disagreement (about SRP parameters or key sizes,
85    for example).
86
87    @cvar protocol_version: The other party's SSL/TLS version was unacceptable.
88
89    This indicates that the client and server couldn't agree on which version
90    of SSL or TLS to use.
91
92    @cvar user_canceled: The handshake is being cancelled for some reason.
93
94    """
95
96    close_notify = 0
97    unexpected_message = 10
98    bad_record_mac = 20
99    decryption_failed = 21
100    record_overflow = 22
101    decompression_failure = 30
102    handshake_failure = 40
103    no_certificate = 41 #SSLv3
104    bad_certificate = 42
105    unsupported_certificate = 43
106    certificate_revoked = 44
107    certificate_expired = 45
108    certificate_unknown = 46
109    illegal_parameter = 47
110    unknown_ca = 48
111    access_denied = 49
112    decode_error = 50
113    decrypt_error = 51
114    export_restriction = 60
115    protocol_version = 70
116    insufficient_security = 71
117    internal_error = 80
118    inappropriate_fallback = 86
119    user_canceled = 90
120    no_renegotiation = 100
121    unknown_psk_identity = 115
122
123
124class CipherSuite:
125    # Weird pseudo-ciphersuite from RFC 5746
126    # Signals that "secure renegotiation" is supported
127    # We actually don't do any renegotiation, but this
128    # prevents renegotiation attacks
129    TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF
130
131    # draft-bmoeller-tls-downgrade-scsv-01
132    TLS_FALLBACK_SCSV = 0x5600
133
134    TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA  = 0xC01A
135    TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D
136    TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020
137
138    TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B
139    TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E
140    TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021
141
142
143    TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A
144    TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F
145    TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035
146    TLS_RSA_WITH_RC4_128_SHA = 0x0005
147
148    TLS_RSA_WITH_RC4_128_MD5 = 0x0004
149
150    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016
151    TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033
152    TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039
153
154    TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034
155    TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A
156
157    tripleDESSuites = []
158    tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
159    tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
160    tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
161    tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
162
163    aes128Suites = []
164    aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
165    aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
166    aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
167    aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
168    aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
169
170    aes256Suites = []
171    aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
172    aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
173    aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
174    aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
175    aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
176
177    rc4Suites = []
178    rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA)
179    rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5)
180
181    shaSuites = []
182    shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
183    shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
184    shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
185    shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
186    shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
187    shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
188    shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
189    shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
190    shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
191    shaSuites.append(TLS_RSA_WITH_RC4_128_SHA)
192    shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
193    shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
194    shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
195    shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
196    shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
197
198    md5Suites = []
199    md5Suites.append(TLS_RSA_WITH_RC4_128_MD5)
200
201    @staticmethod
202    def _filterSuites(suites, settings):
203        macNames = settings.macNames
204        cipherNames = settings.cipherNames
205        keyExchangeNames = settings.keyExchangeNames
206        macSuites = []
207        if "sha" in macNames:
208            macSuites += CipherSuite.shaSuites
209        if "md5" in macNames:
210            macSuites += CipherSuite.md5Suites
211
212        cipherSuites = []
213        if "aes128" in cipherNames:
214            cipherSuites += CipherSuite.aes128Suites
215        if "aes256" in cipherNames:
216            cipherSuites += CipherSuite.aes256Suites
217        if "3des" in cipherNames:
218            cipherSuites += CipherSuite.tripleDESSuites
219        if "rc4" in cipherNames:
220            cipherSuites += CipherSuite.rc4Suites
221
222        keyExchangeSuites = []
223        if "rsa" in keyExchangeNames:
224            keyExchangeSuites += CipherSuite.certSuites
225        if "dhe_rsa" in keyExchangeNames:
226            keyExchangeSuites += CipherSuite.dheCertSuites
227        if "srp_sha" in keyExchangeNames:
228            keyExchangeSuites += CipherSuite.srpSuites
229        if "srp_sha_rsa" in keyExchangeNames:
230            keyExchangeSuites += CipherSuite.srpCertSuites
231        if "dh_anon" in keyExchangeNames:
232            keyExchangeSuites += CipherSuite.anonSuites
233
234        return [s for s in suites if s in macSuites and
235                s in cipherSuites and s in keyExchangeSuites]
236
237    srpSuites = []
238    srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
239    srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
240    srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
241
242    @staticmethod
243    def getSrpSuites(settings):
244        return CipherSuite._filterSuites(CipherSuite.srpSuites, settings)
245
246    srpCertSuites = []
247    srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
248    srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
249    srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
250
251    @staticmethod
252    def getSrpCertSuites(settings):
253        return CipherSuite._filterSuites(CipherSuite.srpCertSuites, settings)
254
255    srpAllSuites = srpCertSuites + srpSuites
256
257    @staticmethod
258    def getSrpAllSuites(settings):
259        return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings)
260
261    certSuites = []
262    certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
263    certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
264    certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
265    certSuites.append(TLS_RSA_WITH_RC4_128_SHA)
266    certSuites.append(TLS_RSA_WITH_RC4_128_MD5)
267
268    @staticmethod
269    def getCertSuites(settings):
270        return CipherSuite._filterSuites(CipherSuite.certSuites, settings)
271
272    dheCertSuites = []
273    dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
274    dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
275    dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
276
277    @staticmethod
278    def getDheCertSuites(settings):
279        return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings)
280
281    certAllSuites = srpCertSuites + certSuites + dheCertSuites
282
283    anonSuites = []
284    anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
285    anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
286
287    @staticmethod
288    def getAnonSuites(settings):
289        return CipherSuite._filterSuites(CipherSuite.anonSuites, settings)
290
291    dhAllSuites = dheCertSuites + anonSuites
292
293    @staticmethod
294    def canonicalCipherName(ciphersuite):
295        "Return the canonical name of the cipher whose number is provided."
296        if ciphersuite in CipherSuite.aes128Suites:
297            return "aes128"
298        elif ciphersuite in CipherSuite.aes256Suites:
299            return "aes256"
300        elif ciphersuite in CipherSuite.rc4Suites:
301            return "rc4"
302        elif ciphersuite in CipherSuite.tripleDESSuites:
303            return "3des"
304        else:
305            return None
306
307    @staticmethod
308    def canonicalMacName(ciphersuite):
309        "Return the canonical name of the MAC whose number is provided."
310        if ciphersuite in CipherSuite.shaSuites:
311            return "sha"
312        elif ciphersuite in CipherSuite.md5Suites:
313            return "md5"
314        else:
315            return None
316
317
318# The following faults are induced as part of testing.  The faultAlerts
319# dictionary describes the allowed alerts that may be triggered by these
320# faults.
321class Fault:
322    badUsername = 101
323    badPassword = 102
324    badA = 103
325    clientSrpFaults = list(range(101,104))
326
327    badVerifyMessage = 601
328    clientCertFaults = list(range(601,602))
329
330    badPremasterPadding = 501
331    shortPremasterSecret = 502
332    clientNoAuthFaults = list(range(501,503))
333
334    badB = 201
335    serverFaults = list(range(201,202))
336
337    badFinished = 300
338    badMAC = 301
339    badPadding = 302
340    genericFaults = list(range(300,303))
341
342    faultAlerts = {\
343        badUsername: (AlertDescription.unknown_psk_identity, \
344                      AlertDescription.bad_record_mac),\
345        badPassword: (AlertDescription.bad_record_mac,),\
346        badA: (AlertDescription.illegal_parameter,),\
347        badPremasterPadding: (AlertDescription.bad_record_mac,),\
348        shortPremasterSecret: (AlertDescription.bad_record_mac,),\
349        badVerifyMessage: (AlertDescription.decrypt_error,),\
350        badFinished: (AlertDescription.decrypt_error,),\
351        badMAC: (AlertDescription.bad_record_mac,),\
352        badPadding: (AlertDescription.bad_record_mac,)
353        }
354
355    faultNames = {\
356        badUsername: "bad username",\
357        badPassword: "bad password",\
358        badA: "bad A",\
359        badPremasterPadding: "bad premaster padding",\
360        shortPremasterSecret: "short premaster secret",\
361        badVerifyMessage: "bad verify message",\
362        badFinished: "bad finished message",\
363        badMAC: "bad MAC",\
364        badPadding: "bad padding"
365        }
366