1 # Authors: 2 # Trevor Perrin 3 # Google - defining ClientCertificateType 4 # Google (adapted by Sam Rushing) - NPN support 5 # Dimitris Moraitis - Anon ciphersuites 6 # Dave Baggett (Arcode Corporation) - canonicalCipherName 7 # 8 # See the LICENSE file for legal information regarding use of this file. 9 10 """Constants used in various places.""" 11 12 class CertificateType: 13 x509 = 0 14 openpgp = 1 15 16 class ClientCertificateType: 17 # http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 18 rsa_sign = 1 19 dss_sign = 2 20 rsa_fixed_dh = 3 21 dss_fixed_dh = 4 22 ecdsa_sign = 64 23 rsa_fixed_ecdh = 65 24 ecdsa_fixed_ecdh = 66 25 26 class HandshakeType: 27 hello_request = 0 28 client_hello = 1 29 server_hello = 2 30 certificate = 11 31 server_key_exchange = 12 32 certificate_request = 13 33 server_hello_done = 14 34 certificate_verify = 15 35 client_key_exchange = 16 36 finished = 20 37 certificate_status = 22 38 next_protocol = 67 39 encrypted_extensions = 203 40 41 class ContentType: 42 change_cipher_spec = 20 43 alert = 21 44 handshake = 22 45 application_data = 23 46 all = (20,21,22,23) 47 48 class CertificateStatusType: 49 ocsp = 1 50 51 class ExtensionType: # RFC 6066 / 4366 52 server_name = 0 # RFC 6066 / 4366 53 status_request = 5 # RFC 6066 / 4366 54 srp = 12 # RFC 5054 55 cert_type = 9 # RFC 6091 56 signed_cert_timestamps = 18 # RFC 6962 57 tack = 0xF300 58 supports_npn = 13172 59 channel_id = 30032 60 61 class NameType: 62 host_name = 0 63 64 class AlertLevel: 65 warning = 1 66 fatal = 2 67 68 class AlertDescription: 69 """ 70 @cvar bad_record_mac: A TLS record failed to decrypt properly. 71 72 If this occurs during a SRP handshake it most likely 73 indicates a bad password. It may also indicate an implementation 74 error, or some tampering with the data in transit. 75 76 This alert will be signalled by the server if the SRP password is bad. It 77 may also be signalled by the server if the SRP username is unknown to the 78 server, but it doesn't wish to reveal that fact. 79 80 81 @cvar handshake_failure: A problem occurred while handshaking. 82 83 This typically indicates a lack of common ciphersuites between client and 84 server, or some other disagreement (about SRP parameters or key sizes, 85 for example). 86 87 @cvar protocol_version: The other party's SSL/TLS version was unacceptable. 88 89 This indicates that the client and server couldn't agree on which version 90 of SSL or TLS to use. 91 92 @cvar user_canceled: The handshake is being cancelled for some reason. 93 94 """ 95 96 close_notify = 0 97 unexpected_message = 10 98 bad_record_mac = 20 99 decryption_failed = 21 100 record_overflow = 22 101 decompression_failure = 30 102 handshake_failure = 40 103 no_certificate = 41 #SSLv3 104 bad_certificate = 42 105 unsupported_certificate = 43 106 certificate_revoked = 44 107 certificate_expired = 45 108 certificate_unknown = 46 109 illegal_parameter = 47 110 unknown_ca = 48 111 access_denied = 49 112 decode_error = 50 113 decrypt_error = 51 114 export_restriction = 60 115 protocol_version = 70 116 insufficient_security = 71 117 internal_error = 80 118 inappropriate_fallback = 86 119 user_canceled = 90 120 no_renegotiation = 100 121 unknown_psk_identity = 115 122 123 124 class CipherSuite: 125 # Weird pseudo-ciphersuite from RFC 5746 126 # Signals that "secure renegotiation" is supported 127 # We actually don't do any renegotiation, but this 128 # prevents renegotiation attacks 129 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF 130 131 # draft-bmoeller-tls-downgrade-scsv-01 132 TLS_FALLBACK_SCSV = 0x5600 133 134 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A 135 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D 136 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 137 138 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B 139 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E 140 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 141 142 143 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A 144 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F 145 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 146 TLS_RSA_WITH_RC4_128_SHA = 0x0005 147 148 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 149 150 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 151 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 152 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 153 154 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 155 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A 156 157 tripleDESSuites = [] 158 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 159 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 160 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 161 tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 162 163 aes128Suites = [] 164 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 165 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 166 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 167 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 168 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 169 170 aes256Suites = [] 171 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 172 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 173 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 174 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 175 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 176 177 rc4Suites = [] 178 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) 179 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) 180 181 shaSuites = [] 182 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 183 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 184 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 185 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 186 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 187 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 188 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 189 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 190 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 191 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) 192 shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 193 shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 194 shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 195 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 196 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 197 198 md5Suites = [] 199 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) 200 201 @staticmethod 202 def _filterSuites(suites, settings): 203 macNames = settings.macNames 204 cipherNames = settings.cipherNames 205 keyExchangeNames = settings.keyExchangeNames 206 macSuites = [] 207 if "sha" in macNames: 208 macSuites += CipherSuite.shaSuites 209 if "md5" in macNames: 210 macSuites += CipherSuite.md5Suites 211 212 cipherSuites = [] 213 if "aes128" in cipherNames: 214 cipherSuites += CipherSuite.aes128Suites 215 if "aes256" in cipherNames: 216 cipherSuites += CipherSuite.aes256Suites 217 if "3des" in cipherNames: 218 cipherSuites += CipherSuite.tripleDESSuites 219 if "rc4" in cipherNames: 220 cipherSuites += CipherSuite.rc4Suites 221 222 keyExchangeSuites = [] 223 if "rsa" in keyExchangeNames: 224 keyExchangeSuites += CipherSuite.certSuites 225 if "dhe_rsa" in keyExchangeNames: 226 keyExchangeSuites += CipherSuite.dheCertSuites 227 if "srp_sha" in keyExchangeNames: 228 keyExchangeSuites += CipherSuite.srpSuites 229 if "srp_sha_rsa" in keyExchangeNames: 230 keyExchangeSuites += CipherSuite.srpCertSuites 231 if "dh_anon" in keyExchangeNames: 232 keyExchangeSuites += CipherSuite.anonSuites 233 234 return [s for s in suites if s in macSuites and 235 s in cipherSuites and s in keyExchangeSuites] 236 237 srpSuites = [] 238 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 239 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 240 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 241 242 @staticmethod 243 def getSrpSuites(settings): 244 return CipherSuite._filterSuites(CipherSuite.srpSuites, settings) 245 246 srpCertSuites = [] 247 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 248 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 249 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 250 251 @staticmethod 252 def getSrpCertSuites(settings): 253 return CipherSuite._filterSuites(CipherSuite.srpCertSuites, settings) 254 255 srpAllSuites = srpCertSuites + srpSuites 256 257 @staticmethod 258 def getSrpAllSuites(settings): 259 return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings) 260 261 certSuites = [] 262 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 263 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 264 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 265 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) 266 certSuites.append(TLS_RSA_WITH_RC4_128_MD5) 267 268 @staticmethod 269 def getCertSuites(settings): 270 return CipherSuite._filterSuites(CipherSuite.certSuites, settings) 271 272 dheCertSuites = [] 273 dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 274 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 275 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 276 277 @staticmethod 278 def getDheCertSuites(settings): 279 return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings) 280 281 certAllSuites = srpCertSuites + certSuites + dheCertSuites 282 283 anonSuites = [] 284 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 285 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 286 287 @staticmethod 288 def getAnonSuites(settings): 289 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings) 290 291 dhAllSuites = dheCertSuites + anonSuites 292 293 @staticmethod 294 def canonicalCipherName(ciphersuite): 295 "Return the canonical name of the cipher whose number is provided." 296 if ciphersuite in CipherSuite.aes128Suites: 297 return "aes128" 298 elif ciphersuite in CipherSuite.aes256Suites: 299 return "aes256" 300 elif ciphersuite in CipherSuite.rc4Suites: 301 return "rc4" 302 elif ciphersuite in CipherSuite.tripleDESSuites: 303 return "3des" 304 else: 305 return None 306 307 @staticmethod 308 def canonicalMacName(ciphersuite): 309 "Return the canonical name of the MAC whose number is provided." 310 if ciphersuite in CipherSuite.shaSuites: 311 return "sha" 312 elif ciphersuite in CipherSuite.md5Suites: 313 return "md5" 314 else: 315 return None 316 317 318 # The following faults are induced as part of testing. The faultAlerts 319 # dictionary describes the allowed alerts that may be triggered by these 320 # faults. 321 class Fault: 322 badUsername = 101 323 badPassword = 102 324 badA = 103 325 clientSrpFaults = list(range(101,104)) 326 327 badVerifyMessage = 601 328 clientCertFaults = list(range(601,602)) 329 330 badPremasterPadding = 501 331 shortPremasterSecret = 502 332 clientNoAuthFaults = list(range(501,503)) 333 334 badB = 201 335 serverFaults = list(range(201,202)) 336 337 badFinished = 300 338 badMAC = 301 339 badPadding = 302 340 genericFaults = list(range(300,303)) 341 342 faultAlerts = {\ 343 badUsername: (AlertDescription.unknown_psk_identity, \ 344 AlertDescription.bad_record_mac),\ 345 badPassword: (AlertDescription.bad_record_mac,),\ 346 badA: (AlertDescription.illegal_parameter,),\ 347 badPremasterPadding: (AlertDescription.bad_record_mac,),\ 348 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ 349 badVerifyMessage: (AlertDescription.decrypt_error,),\ 350 badFinished: (AlertDescription.decrypt_error,),\ 351 badMAC: (AlertDescription.bad_record_mac,),\ 352 badPadding: (AlertDescription.bad_record_mac,) 353 } 354 355 faultNames = {\ 356 badUsername: "bad username",\ 357 badPassword: "bad password",\ 358 badA: "bad A",\ 359 badPremasterPadding: "bad premaster padding",\ 360 shortPremasterSecret: "short premaster secret",\ 361 badVerifyMessage: "bad verify message",\ 362 badFinished: "bad finished message",\ 363 badMAC: "bad MAC",\ 364 badPadding: "bad padding" 365 } 366
