Home | Trees | Indices | Help |
---|
|
1 # Authors: 2 # Trevor Perrin 3 # Google - defining ClientCertificateType 4 # Google (adapted by Sam Rushing) - NPN support 5 # Dimitris Moraitis - Anon ciphersuites 6 # 7 # See the LICENSE file for legal information regarding use of this file. 8 9 """Constants used in various places.""" 14 2022 hello_request = 0 23 client_hello = 1 24 server_hello = 2 25 certificate = 11 26 server_key_exchange = 12 27 certificate_request = 13 28 server_hello_done = 14 29 certificate_verify = 15 30 client_key_exchange = 16 31 finished = 20 32 next_protocol = 673335 change_cipher_spec = 20 36 alert = 21 37 handshake = 22 38 application_data = 23 39 all = (20,21,22,23)40 42 server_name = 0 # RFC 6066 / 4366 43 srp = 12 # RFC 5054 44 cert_type = 9 # RFC 6091 45 tack = 0xF300 46 supports_npn = 13172 4749 host_name = 050 5456 """ 57 @cvar bad_record_mac: A TLS record failed to decrypt properly. 58 59 If this occurs during a SRP handshake it most likely 60 indicates a bad password. It may also indicate an implementation 61 error, or some tampering with the data in transit. 62 63 This alert will be signalled by the server if the SRP password is bad. It 64 may also be signalled by the server if the SRP username is unknown to the 65 server, but it doesn't wish to reveal that fact. 66 67 68 @cvar handshake_failure: A problem occurred while handshaking. 69 70 This typically indicates a lack of common ciphersuites between client and 71 server, or some other disagreement (about SRP parameters or key sizes, 72 for example). 73 74 @cvar protocol_version: The other party's SSL/TLS version was unacceptable. 75 76 This indicates that the client and server couldn't agree on which version 77 of SSL or TLS to use. 78 79 @cvar user_canceled: The handshake is being cancelled for some reason. 80 81 """ 82 83 close_notify = 0 84 unexpected_message = 10 85 bad_record_mac = 20 86 decryption_failed = 21 87 record_overflow = 22 88 decompression_failure = 30 89 handshake_failure = 40 90 no_certificate = 41 #SSLv3 91 bad_certificate = 42 92 unsupported_certificate = 43 93 certificate_revoked = 44 94 certificate_expired = 45 95 certificate_unknown = 46 96 illegal_parameter = 47 97 unknown_ca = 48 98 access_denied = 49 99 decode_error = 50 100 decrypt_error = 51 101 export_restriction = 60 102 protocol_version = 70 103 insufficient_security = 71 104 internal_error = 80 105 user_canceled = 90 106 no_renegotiation = 100 107 unknown_psk_identity = 115108111 # Weird pseudo-ciphersuite from RFC 5746 112 # Signals that "secure renegotiation" is supported 113 # We actually don't do any renegotiation, but this 114 # prevents renegotiation attacks 115 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF 116 117 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A 118 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D 119 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 120 121 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B 122 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E 123 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 124 125 126 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A 127 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F 128 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 129 TLS_RSA_WITH_RC4_128_SHA = 0x0005 130 131 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 132 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A 133 134 srpSuites = [] 135 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 136 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 137 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 138 139 @staticmethod228141 suites = [] 142 for cipher in ciphers: 143 if cipher == "aes128": 144 suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 145 elif cipher == "aes256": 146 suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 147 elif cipher == "3des": 148 suites.append(CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 149 return suites150 151 srpCertSuites = [] 152 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 153 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 154 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 155 srpAllSuites = srpSuites + srpCertSuites 156 157 @staticmethod159 suites = [] 160 for cipher in ciphers: 161 if cipher == "aes128": 162 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 163 elif cipher == "aes256": 164 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 165 elif cipher == "3des": 166 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 167 return suites168 169 @staticmethod 173 174 certSuites = [] 175 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 176 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 177 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 178 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) 179 certAllSuites = srpCertSuites + certSuites 180 181 @staticmethod183 suites = [] 184 for cipher in ciphers: 185 if cipher == "aes128": 186 suites.append(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA) 187 elif cipher == "aes256": 188 suites.append(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA) 189 elif cipher == "rc4": 190 suites.append(CipherSuite.TLS_RSA_WITH_RC4_128_SHA) 191 elif cipher == "3des": 192 suites.append(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA) 193 return suites194 195 anonSuites = [] 196 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 197 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 198 199 @staticmethod201 suites = [] 202 for cipher in ciphers: 203 if cipher == "aes128": 204 suites.append(CipherSuite.TLS_DH_ANON_WITH_AES_128_CBC_SHA) 205 elif cipher == "aes256": 206 suites.append(CipherSuite.TLS_DH_ANON_WITH_AES_256_CBC_SHA) 207 return suites208 209 tripleDESSuites = [] 210 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 211 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 212 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 213 214 aes128Suites = [] 215 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 216 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 217 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 218 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 219 220 aes256Suites = [] 221 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 222 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 223 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 224 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 225 226 rc4Suites = [] 227 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA)229 230 # The following faults are induced as part of testing. The faultAlerts 231 # dictionary describes the allowed alerts that may be triggered by these 232 # faults. 233 -class Fault:234 badUsername = 101 235 badPassword = 102 236 badA = 103 237 clientSrpFaults = range(101,104) 238 239 badVerifyMessage = 601 240 clientCertFaults = range(601,602) 241 242 badPremasterPadding = 501 243 shortPremasterSecret = 502 244 clientNoAuthFaults = range(501,503) 245 246 badB = 201 247 serverFaults = range(201,202) 248 249 badFinished = 300 250 badMAC = 301 251 badPadding = 302 252 genericFaults = range(300,303) 253 254 faultAlerts = {\ 255 badUsername: (AlertDescription.unknown_psk_identity, \ 256 AlertDescription.bad_record_mac),\ 257 badPassword: (AlertDescription.bad_record_mac,),\ 258 badA: (AlertDescription.illegal_parameter,),\ 259 badPremasterPadding: (AlertDescription.bad_record_mac,),\ 260 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ 261 badVerifyMessage: (AlertDescription.decrypt_error,),\ 262 badFinished: (AlertDescription.decrypt_error,),\ 263 badMAC: (AlertDescription.bad_record_mac,),\ 264 badPadding: (AlertDescription.bad_record_mac,) 265 } 266 267 faultNames = {\ 268 badUsername: "bad username",\ 269 badPassword: "bad password",\ 270 badA: "bad A",\ 271 badPremasterPadding: "bad premaster padding",\ 272 shortPremasterSecret: "short premaster secret",\ 273 badVerifyMessage: "bad verify message",\ 274 badFinished: "bad finished message",\ 275 badMAC: "bad MAC",\ 276 badPadding: "bad padding" 277 }278
Home | Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Thu Sep 27 16:50:14 2012 | http://epydoc.sourceforge.net |