Package tlslite :: Module mathtls
[hide private]
[frames] | no frames]

Source Code for Module tlslite.mathtls

  1  # Authors:  
  2  #   Trevor Perrin 
  3  #   Dave Baggett (Arcode Corporation) - MD5 support for MAC_SSL 
  4  #   Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 
  5  #   Hubert Kario - SHA384 PRF 
  6  # 
  7  # See the LICENSE file for legal information regarding use of this file. 
  8   
  9  """Miscellaneous helper functions.""" 
 10   
 11  from .utils.compat import * 
 12  from .utils.cryptomath import * 
 13  from .constants import CipherSuite 
 14  from .utils import tlshashlib as hashlib 
 15   
 16  import hmac 
 17   
 18  # 1024, 1536, 2048, 3072, 4096, 6144, and 8192 bit groups 
 19  # Formatted to match lines in RFC 
 20                         # RFC 5054, 1, 1024-bit Group 
 21  goodGroupParameters = [(2, int("EEAF0AB9ADB38DD69C33F80AFA8FC5E860726187" 
 22                                 "75FF3C0B9EA2314C" 
 23                                 "9C256576D674DF7496EA81D3383B4813D692C6E0" 
 24                                 "E0D5D8E250B98BE4" 
 25                                 "8E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD" 
 26                                 "69B15D4982559B29" 
 27                                 "7BCF1885C529F566660E57EC68EDBC3C05726CC0" 
 28                                 "2FD4CBF4976EAA9A" 
 29                                 "FD5138FE8376435B9FC61D2FC0EB06E3", 16)), 
 30                         # RFC 5054, 2, 1536-bit Group 
 31                         (2, int("9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF4" 
 32                                 "99AC4C80BEEEA961" 
 33                                 "4B19CC4D5F4F5F556E27CBDE51C6A94BE4607A29" 
 34                                 "1558903BA0D0F843" 
 35                                 "80B655BB9A22E8DCDF028A7CEC67F0D08134B1C8" 
 36                                 "B97989149B609E0B" 
 37                                 "E3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1" 
 38                                 "158BFD3E2B9C8CF5" 
 39                                 "6EDF019539349627DB2FD53D24B7C48665772E43" 
 40                                 "7D6C7F8CE442734A" 
 41                                 "F7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E" 
 42                                 "5A021FFF5E91479E" 
 43                                 "8CE7A28C2442C6F315180F93499A234DCF76E3FE" 
 44                                 "D135F9BB", 16)), 
 45                         # RFC 5054, 3, 2048-bit Group 
 46                         (2, int("AC6BDB41324A9A9BF166DE5E1389582FAF72B665" 
 47                                 "1987EE07FC319294" 
 48                                 "3DB56050A37329CBB4A099ED8193E0757767A13D" 
 49                                 "D52312AB4B03310D" 
 50                                 "CD7F48A9DA04FD50E8083969EDB767B0CF609517" 
 51                                 "9A163AB3661A05FB" 
 52                                 "D5FAAAE82918A9962F0B93B855F97993EC975EEA" 
 53                                 "A80D740ADBF4FF74" 
 54                                 "7359D041D5C33EA71D281E446B14773BCA97B43A" 
 55                                 "23FB801676BD207A" 
 56                                 "436C6481F1D2B9078717461A5B9D32E688F87748" 
 57                                 "544523B524B0D57D" 
 58                                 "5EA77A2775D2ECFA032CFBDBF52FB37861602790" 
 59                                 "04E57AE6AF874E73" 
 60                                 "03CE53299CCC041C7BC308D82A5698F3A8D0C382" 
 61                                 "71AE35F8E9DBFBB6" 
 62                                 "94B5C803D89F7AE435DE236D525F54759B65E372" 
 63                                 "FCD68EF20FA7111F" 
 64                                 "9E4AFF73", 16)), 
 65                         # RFC 5054, 4, 3072-bit Group 
 66                         (5, int("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B" 
 67                                 "80DC1CD129024E08" 
 68                                 "8A67CC74020BBEA63B139B22514A08798E3404DD" 
 69                                 "EF9519B3CD3A431B" 
 70                                 "302B0A6DF25F14374FE1356D6D51C245E485B576" 
 71                                 "625E7EC6F44C42E9" 
 72                                 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5" 
 73                                 "AE9F24117C4B1FE6" 
 74                                 "49286651ECE45B3DC2007CB8A163BF0598DA4836" 
 75                                 "1C55D39A69163FA8" 
 76                                 "FD24CF5F83655D23DCA3AD961C62F356208552BB" 
 77                                 "9ED529077096966D" 
 78                                 "670C354E4ABC9804F1746C08CA18217C32905E46" 
 79                                 "2E36CE3BE39E772C" 
 80                                 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 
 81                                 "DE2BCBF695581718" 
 82                                 "3995497CEA956AE515D2261898FA051015728E5A" 
 83                                 "8AAAC42DAD33170D" 
 84                                 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A" 
 85                                 "8AEA71575D060C7D" 
 86                                 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E0" 
 87                                 "4A25619DCEE3D226" 
 88                                 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64" 
 89                                 "521F2B18177B200C" 
 90                                 "BBE117577A615D6C770988C0BAD946E208E24FA0" 
 91                                 "74E5AB3143DB5BFC" 
 92                                 "E0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF", 
 93                                 16)), 
 94                         # RFC 5054, 5, 4096-bit Group 
 95                         (5, int("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B" 
 96                                 "80DC1CD129024E08" 
 97                                 "8A67CC74020BBEA63B139B22514A08798E3404DD" 
 98                                 "EF9519B3CD3A431B" 
 99                                 "302B0A6DF25F14374FE1356D6D51C245E485B576" 
100                                 "625E7EC6F44C42E9" 
101                                 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5" 
102                                 "AE9F24117C4B1FE6" 
103                                 "49286651ECE45B3DC2007CB8A163BF0598DA4836" 
104                                 "1C55D39A69163FA8" 
105                                 "FD24CF5F83655D23DCA3AD961C62F356208552BB" 
106                                 "9ED529077096966D" 
107                                 "670C354E4ABC9804F1746C08CA18217C32905E46" 
108                                 "2E36CE3BE39E772C" 
109                                 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 
110                                 "DE2BCBF695581718" 
111                                 "3995497CEA956AE515D2261898FA051015728E5A" 
112                                 "8AAAC42DAD33170D" 
113                                 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A" 
114                                 "8AEA71575D060C7D" 
115                                 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E0" 
116                                 "4A25619DCEE3D226" 
117                                 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64" 
118                                 "521F2B18177B200C" 
119                                 "BBE117577A615D6C770988C0BAD946E208E24FA0" 
120                                 "74E5AB3143DB5BFC" 
121                                 "E0FD108E4B82D120A92108011A723C12A787E6D7" 
122                                 "88719A10BDBA5B26" 
123                                 "99C327186AF4E23C1A946834B6150BDA2583E9CA" 
124                                 "2AD44CE8DBBBC2DB" 
125                                 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D" 
126                                 "99B2964FA090C3A2" 
127                                 "233BA186515BE7ED1F612970CEE2D7AFB81BDD76" 
128                                 "2170481CD0069127" 
129                                 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F" 
130                                 "4DF435C934063199" 
131                                 "FFFFFFFFFFFFFFFF", 16)), 
132                         # RFC 5054, 6, 6144-bit Group 
133                         (5, int("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B" 
134                                 "80DC1CD129024E08" 
135                                 "8A67CC74020BBEA63B139B22514A08798E3404DD" 
136                                 "EF9519B3CD3A431B" 
137                                 "302B0A6DF25F14374FE1356D6D51C245E485B576" 
138                                 "625E7EC6F44C42E9" 
139                                 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5" 
140                                 "AE9F24117C4B1FE6" 
141                                 "49286651ECE45B3DC2007CB8A163BF0598DA4836" 
142                                 "1C55D39A69163FA8" 
143                                 "FD24CF5F83655D23DCA3AD961C62F356208552BB" 
144                                 "9ED529077096966D" 
145                                 "670C354E4ABC9804F1746C08CA18217C32905E46" 
146                                 "2E36CE3BE39E772C" 
147                                 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 
148                                 "DE2BCBF695581718" 
149                                 "3995497CEA956AE515D2261898FA051015728E5A" 
150                                 "8AAAC42DAD33170D" 
151                                 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A" 
152                                 "8AEA71575D060C7D" 
153                                 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E0" 
154                                 "4A25619DCEE3D226" 
155                                 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64" 
156                                 "521F2B18177B200C" 
157                                 "BBE117577A615D6C770988C0BAD946E208E24FA0" 
158                                 "74E5AB3143DB5BFC" 
159                                 "E0FD108E4B82D120A92108011A723C12A787E6D7" 
160                                 "88719A10BDBA5B26" 
161                                 "99C327186AF4E23C1A946834B6150BDA2583E9CA" 
162                                 "2AD44CE8DBBBC2DB" 
163                                 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D" 
164                                 "99B2964FA090C3A2" 
165                                 "233BA186515BE7ED1F612970CEE2D7AFB81BDD76" 
166                                 "2170481CD0069127" 
167                                 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F" 
168                                 "4DF435C934028492" 
169                                 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E76" 
170                                 "3DBA37BDF8FF9406" 
171                                 "AD9E530EE5DB382F413001AEB06A53ED9027D831" 
172                                 "179727B0865A8918" 
173                                 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447" 
174                                 "E6CC254B33205151" 
175                                 "2BD7AF426FB8F401378CD2BF5983CA01C64B92EC" 
176                                 "F032EA15D1721D03" 
177                                 "F482D7CE6E74FEF6D55E702F46980C82B5A84031" 
178                                 "900B1C9E59E7C97F" 
179                                 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC5" 
180                                 "4BD407B22B4154AA" 
181                                 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EE" 
182                                 "F29BE32806A1D58B" 
183                                 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" 
184                                 "DA56C9EC2EF29632" 
185                                 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B" 
186                                 "0B7474D6E694F91E" 
187                                 "6DCC4024FFFFFFFFFFFFFFFF", 16)), 
188                         # RFC 5054, 7, 8192-bit Group 
189                         (5, int("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B" 
190                                 "80DC1CD129024E08" 
191                                 "8A67CC74020BBEA63B139B22514A08798E3404DD" 
192                                 "EF9519B3CD3A431B" 
193                                 "302B0A6DF25F14374FE1356D6D51C245E485B576" 
194                                 "625E7EC6F44C42E9" 
195                                 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5" 
196                                 "AE9F24117C4B1FE6" 
197                                 "49286651ECE45B3DC2007CB8A163BF0598DA4836" 
198                                 "1C55D39A69163FA8" 
199                                 "FD24CF5F83655D23DCA3AD961C62F356208552BB" 
200                                 "9ED529077096966D" 
201                                 "670C354E4ABC9804F1746C08CA18217C32905E46" 
202                                 "2E36CE3BE39E772C" 
203                                 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 
204                                 "DE2BCBF695581718" 
205                                 "3995497CEA956AE515D2261898FA051015728E5A" 
206                                 "8AAAC42DAD33170D" 
207                                 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A" 
208                                 "8AEA71575D060C7D" 
209                                 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E0" 
210                                 "4A25619DCEE3D226" 
211                                 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64" 
212                                 "521F2B18177B200C" 
213                                 "BBE117577A615D6C770988C0BAD946E208E24FA0" 
214                                 "74E5AB3143DB5BFC" 
215                                 "E0FD108E4B82D120A92108011A723C12A787E6D7" 
216                                 "88719A10BDBA5B26" 
217                                 "99C327186AF4E23C1A946834B6150BDA2583E9CA" 
218                                 "2AD44CE8DBBBC2DB" 
219                                 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D" 
220                                 "99B2964FA090C3A2" 
221                                 "233BA186515BE7ED1F612970CEE2D7AFB81BDD76" 
222                                 "2170481CD0069127" 
223                                 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F" 
224                                 "4DF435C934028492" 
225                                 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E76" 
226                                 "3DBA37BDF8FF9406" 
227                                 "AD9E530EE5DB382F413001AEB06A53ED9027D831" 
228                                 "179727B0865A8918" 
229                                 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447" 
230                                 "E6CC254B33205151" 
231                                 "2BD7AF426FB8F401378CD2BF5983CA01C64B92EC" 
232                                 "F032EA15D1721D03" 
233                                 "F482D7CE6E74FEF6D55E702F46980C82B5A84031" 
234                                 "900B1C9E59E7C97F" 
235                                 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC5" 
236                                 "4BD407B22B4154AA" 
237                                 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EE" 
238                                 "F29BE32806A1D58B" 
239                                 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" 
240                                 "DA56C9EC2EF29632" 
241                                 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B" 
242                                 "0B7474D6E694F91E" 
243                                 "6DBE115974A3926F12FEE5E438777CB6A932DF8C" 
244                                 "D8BEC4D073B931BA" 
245                                 "3BC832B68D9DD300741FA7BF8AFC47ED2576F693" 
246                                 "6BA424663AAB639C" 
247                                 "5AE4F5683423B4742BF1C978238F16CBE39D652D" 
248                                 "E3FDB8BEFC848AD9" 
249                                 "22222E04A4037C0713EB57A81A23F0C73473FC64" 
250                                 "6CEA306B4BCBC886" 
251                                 "2F8385DDFA9D4B7FA2C087E879683303ED5BDD3A" 
252                                 "062B3CF5B3A278A6" 
253                                 "6D2A13F83F44F82DDF310EE074AB6A364597E899" 
254                                 "A0255DC164F31CC5" 
255                                 "0846851DF9AB48195DED7EA1B1D510BD7EE74D73" 
256                                 "FAF36BC31ECFA268" 
257                                 "359046F4EB879F924009438B481C6CD7889A002E" 
258                                 "D5EE382BC9190DA6" 
259                                 "FC026E479558E4475677E9AA9E3050E2765694DF" 
260                                 "C81F56E880B96E71" 
261                                 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF", 16))] 
262   
263  # old versions of tlslite had an incorrect generator for 3072 bit group 
264  # from RFC 5054. Since the group is a safe prime, the generator of "2" is 
265  # cryptographically safe, so we don't have reason to reject connections 
266  # from old tlslite, so add the old invalid value to the "known good" list 
267  goodGroupParameters.append((2, goodGroupParameters[3][1])) 
268   
269  RFC7919_GROUPS = [] 
270   
271  # RFC 7919 ffdhe2048 bit group 
272  FFDHE2048 = (2, 
273               int("FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" 
274                   "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" 
275                   "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" 
276                   "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" 
277                   "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" 
278                   "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" 
279                   "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" 
280                   "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" 
281                   "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" 
282                   "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" 
283                   "886B423861285C97FFFFFFFFFFFFFFFF", 16)) 
284  goodGroupParameters.append(FFDHE2048) 
285  RFC7919_GROUPS.append(FFDHE2048) 
286   
287  # RFC 7919 ffdhe3072 bit group 
288  FFDHE3072 = (2, 
289               int("FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" 
290                   "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" 
291                   "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" 
292                   "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" 
293                   "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" 
294                   "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" 
295                   "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" 
296                   "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" 
297                   "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" 
298                   "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" 
299                   "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" 
300                   "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" 
301                   "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" 
302                   "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" 
303                   "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" 
304                   "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF", 16)) 
305  goodGroupParameters.append(FFDHE3072) 
306  RFC7919_GROUPS.append(FFDHE3072) 
307   
308  # RFC 7919 ffdhe4096 bit group 
309  FFDHE4096 = (2, 
310               int("FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" 
311                   "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" 
312                   "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" 
313                   "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" 
314                   "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" 
315                   "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" 
316                   "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" 
317                   "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" 
318                   "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" 
319                   "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" 
320                   "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" 
321                   "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" 
322                   "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" 
323                   "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" 
324                   "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" 
325                   "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" 
326                   "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" 
327                   "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" 
328                   "A907600A918130C46DC778F971AD0038092999A333CB8B7A" 
329                   "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" 
330                   "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A" 
331                   "FFFFFFFFFFFFFFFF", 16)) 
332  goodGroupParameters.append(FFDHE4096) 
333  RFC7919_GROUPS.append(FFDHE4096) 
334   
335  # RFC 7919 ffdhe6144 bit group 
336  FFDHE6144 = (2, 
337               int("FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" 
338                   "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" 
339                   "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" 
340                   "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" 
341                   "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" 
342                   "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" 
343                   "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" 
344                   "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" 
345                   "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" 
346                   "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" 
347                   "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" 
348                   "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" 
349                   "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" 
350                   "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" 
351                   "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" 
352                   "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" 
353                   "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" 
354                   "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" 
355                   "A907600A918130C46DC778F971AD0038092999A333CB8B7A" 
356                   "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" 
357                   "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" 
358                   "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" 
359                   "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" 
360                   "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" 
361                   "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" 
362                   "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" 
363                   "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" 
364                   "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" 
365                   "D72B03746AE77F5E62292C311562A846505DC82DB854338A" 
366                   "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" 
367                   "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" 
368                   "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF", 16)) 
369  goodGroupParameters.append(FFDHE6144) 
370  RFC7919_GROUPS.append(FFDHE6144) 
371   
372  # RFC 7919 ffdhe8192 bit group 
373  FFDHE8192 = (2, 
374               int("FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" 
375                   "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" 
376                   "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" 
377                   "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" 
378                   "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" 
379                   "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" 
380                   "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" 
381                   "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" 
382                   "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" 
383                   "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" 
384                   "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" 
385                   "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" 
386                   "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" 
387                   "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" 
388                   "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" 
389                   "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" 
390                   "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" 
391                   "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" 
392                   "A907600A918130C46DC778F971AD0038092999A333CB8B7A" 
393                   "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" 
394                   "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" 
395                   "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" 
396                   "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" 
397                   "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" 
398                   "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" 
399                   "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" 
400                   "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" 
401                   "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" 
402                   "D72B03746AE77F5E62292C311562A846505DC82DB854338A" 
403                   "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" 
404                   "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" 
405                   "A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C838" 
406                   "1E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E" 
407                   "0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665" 
408                   "CB2C0F1CC01BD70229388839D2AF05E454504AC78B758282" 
409                   "2846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022" 
410                   "BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C" 
411                   "51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9" 
412                   "D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA457" 
413                   "1EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30" 
414                   "FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D" 
415                   "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C" 
416                   "D68C8BB7C5C6424CFFFFFFFFFFFFFFFF", 16)) 
417  goodGroupParameters.append(FFDHE8192) 
418  RFC7919_GROUPS.append(FFDHE8192) 
419   
420   
421 -def paramStrength(param):
422 """ 423 Return level of security for DH, DSA and RSA parameters. 424 425 Provide the approximate level of security for algorithms based on finite 426 field (DSA, DH) or integer factorisation cryptography (RSA) when provided 427 with the prime defining the field or the modulus of the public key. 428 429 @param param: prime or modulus 430 @type param: int 431 """ 432 size = numBits(param) 433 if size < 512: 434 return 48 435 elif size < 768: 436 return 56 437 elif size < 816: 438 return 64 439 elif size < 1023: 440 return 72 441 elif size < 1535: 442 return 80 # NIST SP 800-57 443 elif size < 2047: 444 return 88 # rounded RFC 3526 445 elif size < 3071: 446 return 112 # NIST SP 800-57 447 elif size < 4095: 448 return 128 # NIST SP 800-57 449 elif size < 6144: 450 return 152 # rounded RFC 3526 451 elif size < 7679: 452 return 168 # rounded RFC 3526 453 elif size < 15359: 454 return 192 # NIST SP 800-57 455 else: 456 return 256 # NIST SP 800-57
457 458
459 -def P_hash(macFunc, secret, seed, length):
460 bytes = bytearray(length) 461 A = seed 462 index = 0 463 while 1: 464 A = macFunc(secret, A) 465 output = macFunc(secret, A + seed) 466 for c in output: 467 if index >= length: 468 return bytes 469 bytes[index] = c 470 index += 1 471 return bytes
472
473 -def PRF(secret, label, seed, length):
474 #Split the secret into left and right halves 475 # which may share a byte if len is odd 476 S1 = secret[ : int(math.ceil(len(secret)/2.0))] 477 S2 = secret[ int(math.floor(len(secret)/2.0)) : ] 478 479 #Run the left half through P_MD5 and the right half through P_SHA1 480 p_md5 = P_hash(HMAC_MD5, S1, label + seed, length) 481 p_sha1 = P_hash(HMAC_SHA1, S2, label + seed, length) 482 483 #XOR the output values and return the result 484 for x in range(length): 485 p_md5[x] ^= p_sha1[x] 486 return p_md5
487
488 -def PRF_1_2(secret, label, seed, length):
489 """Pseudo Random Function for TLS1.2 ciphers that use SHA256""" 490 return P_hash(HMAC_SHA256, secret, label + seed, length)
491
492 -def PRF_1_2_SHA384(secret, label, seed, length):
493 """Pseudo Random Function for TLS1.2 ciphers that use SHA384""" 494 return P_hash(HMAC_SHA384, secret, label + seed, length)
495
496 -def PRF_SSL(secret, seed, length):
497 bytes = bytearray(length) 498 index = 0 499 for x in range(26): 500 A = bytearray([ord('A')+x] * (x+1)) # 'A', 'BB', 'CCC', etc.. 501 input = secret + SHA1(A + secret + seed) 502 output = MD5(input) 503 for c in output: 504 if index >= length: 505 return bytes 506 bytes[index] = c 507 index += 1 508 return bytes
509
510 -def calcExtendedMasterSecret(version, cipherSuite, premasterSecret, 511 handshakeHashes):
512 """Derive Extended Master Secret from premaster and handshake msgs""" 513 assert version in ((3, 1), (3, 2), (3, 3)) 514 if version in ((3, 1), (3, 2)): 515 masterSecret = PRF(premasterSecret, b"extended master secret", 516 handshakeHashes.digest('md5') + 517 handshakeHashes.digest('sha1'), 518 48) 519 else: 520 if cipherSuite in CipherSuite.sha384PrfSuites: 521 masterSecret = PRF_1_2_SHA384(premasterSecret, 522 b"extended master secret", 523 handshakeHashes.digest('sha384'), 524 48) 525 else: 526 masterSecret = PRF_1_2(premasterSecret, 527 b"extended master secret", 528 handshakeHashes.digest('sha256'), 529 48) 530 return masterSecret
531 532
533 -def calcMasterSecret(version, cipherSuite, premasterSecret, clientRandom, 534 serverRandom):
535 """Derive Master Secret from premaster secret and random values""" 536 if version == (3,0): 537 masterSecret = PRF_SSL(premasterSecret, 538 clientRandom + serverRandom, 48) 539 elif version in ((3,1), (3,2)): 540 masterSecret = PRF(premasterSecret, b"master secret", 541 clientRandom + serverRandom, 48) 542 elif version == (3,3): 543 if cipherSuite in CipherSuite.sha384PrfSuites: 544 masterSecret = PRF_1_2_SHA384(premasterSecret, 545 b"master secret", 546 clientRandom + serverRandom, 547 48) 548 else: 549 masterSecret = PRF_1_2(premasterSecret, 550 b"master secret", 551 clientRandom + serverRandom, 552 48) 553 else: 554 raise AssertionError() 555 return masterSecret
556
557 -def calcFinished(version, masterSecret, cipherSuite, handshakeHashes, 558 isClient):
559 """Calculate the Handshake protocol Finished value 560 561 @param version: TLS protocol version tuple 562 @param masterSecret: negotiated master secret of the connection 563 @param cipherSuite: negotiated cipher suite of the connection, 564 @param handshakeHashes: running hash of the handshake messages 565 @param isClient: whether the calculation should be performed for message 566 sent by client (True) or by server (False) side of connection 567 """ 568 assert version in ((3, 0), (3, 1), (3, 2), (3, 3)) 569 if version == (3,0): 570 if isClient: 571 senderStr = b"\x43\x4C\x4E\x54" 572 else: 573 senderStr = b"\x53\x52\x56\x52" 574 575 verifyData = handshakeHashes.digestSSL(masterSecret, senderStr) 576 else: 577 if isClient: 578 label = b"client finished" 579 else: 580 label = b"server finished" 581 582 if version in ((3,1), (3,2)): 583 handshakeHash = handshakeHashes.digest() 584 verifyData = PRF(masterSecret, label, handshakeHash, 12) 585 else: # version == (3,3): 586 if cipherSuite in CipherSuite.sha384PrfSuites: 587 handshakeHash = handshakeHashes.digest('sha384') 588 verifyData = PRF_1_2_SHA384(masterSecret, label, 589 handshakeHash, 12) 590 else: 591 handshakeHash = handshakeHashes.digest('sha256') 592 verifyData = PRF_1_2(masterSecret, label, handshakeHash, 12) 593 594 return verifyData
595
596 -def makeX(salt, username, password):
597 if len(username)>=256: 598 raise ValueError("username too long") 599 if len(salt)>=256: 600 raise ValueError("salt too long") 601 innerHashResult = SHA1(username + bytearray(b":") + password) 602 outerHashResult = SHA1(salt + innerHashResult) 603 return bytesToNumber(outerHashResult)
604 605 #This function is used by VerifierDB.makeVerifier
606 -def makeVerifier(username, password, bits):
607 bitsIndex = {1024:0, 1536:1, 2048:2, 3072:3, 4096:4, 6144:5, 8192:6}[bits] 608 g,N = goodGroupParameters[bitsIndex] 609 salt = getRandomBytes(16) 610 x = makeX(salt, username, password) 611 verifier = powMod(g, x, N) 612 return N, g, salt, verifier
613
614 -def PAD(n, x):
615 nLength = len(numberToByteArray(n)) 616 b = numberToByteArray(x) 617 if len(b) < nLength: 618 b = (b"\0" * (nLength-len(b))) + b 619 return b
620
621 -def makeU(N, A, B):
622 return bytesToNumber(SHA1(PAD(N, A) + PAD(N, B)))
623
624 -def makeK(N, g):
625 return bytesToNumber(SHA1(numberToByteArray(N) + PAD(N, g)))
626
627 -def createHMAC(k, digestmod=hashlib.sha1):
628 h = hmac.HMAC(k, digestmod=digestmod) 629 h.block_size = digestmod().block_size 630 return h
631
632 -def createMAC_SSL(k, digestmod=None):
633 mac = MAC_SSL() 634 mac.create(k, digestmod=digestmod) 635 return mac
636 637
638 -class MAC_SSL(object):
639 - def create(self, k, digestmod=None):
640 self.digestmod = digestmod or hashlib.sha1 641 self.block_size = self.digestmod().block_size 642 # Repeat pad bytes 48 times for MD5; 40 times for other hash functions. 643 self.digest_size = 16 if (self.digestmod is hashlib.md5) else 20 644 repeat = 40 if self.digest_size == 20 else 48 645 opad = b"\x5C" * repeat 646 ipad = b"\x36" * repeat 647 648 self.ohash = self.digestmod(k + opad) 649 self.ihash = self.digestmod(k + ipad)
650
651 - def update(self, m):
652 self.ihash.update(m)
653
654 - def copy(self):
655 new = MAC_SSL() 656 new.ihash = self.ihash.copy() 657 new.ohash = self.ohash.copy() 658 new.digestmod = self.digestmod 659 new.digest_size = self.digest_size 660 new.block_size = self.block_size 661 return new
662
663 - def digest(self):
664 ohash2 = self.ohash.copy() 665 ohash2.update(self.ihash.digest()) 666 return bytearray(ohash2.digest())
667