Home | Trees | Indices | Help |
---|
|
1 # Authors: 2 # Trevor Perrin 3 # Google - defining ClientCertificateType 4 # Google (adapted by Sam Rushing) - NPN support 5 # Dimitris Moraitis - Anon ciphersuites 6 # Dave Baggett (Arcode Corporation) - canonicalCipherName 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 8 # 9 # See the LICENSE file for legal information regarding use of this file. 10 11 """Constants used in various places."""14 """Base class for different enums of TLS IDs""" 15 16 @classmethod49 54 6118 """Call vars recursively on base classes""" 19 fields = dict() 20 for basecls in klass.__bases__: 21 fields.update(cls._recursiveVars(basecls)) 22 fields.update(dict(vars(klass))) 23 return fields24 25 @classmethod27 """ 28 Convert numeric type to string representation 29 30 name if found, None otherwise 31 """ 32 fields = cls._recursiveVars(cls) 33 if blacklist is None: 34 blacklist = [] 35 return next((key for key, val in fields.items() \ 36 if key not in ('__weakref__', '__dict__', '__doc__', 37 '__module__') and \ 38 key not in blacklist and \ 39 val == value), None)40 41 @classmethod43 """Convert numeric type to human-readable string if possible""" 44 ret = cls.toRepr(value, blacklist) 45 if ret is not None: 46 return ret 47 else: 48 return '{0}'.format(value)64 """SSL2 Handshake Protocol message types.""" 65 66 error = 0 67 client_hello = 1 68 client_master_key = 2 69 client_finished = 3 70 server_hello = 4 71 server_verify = 5 72 server_finished = 6 73 request_certificate = 7 74 client_certificate = 87578 """SSL2 Handshake protocol error message descriptions""" 79 80 no_cipher = 0x0001 81 no_certificate = 0x0002 82 bad_certificate = 0x0004 83 unsupported_certificate_type = 0x00068487 """Message types in TLS Handshake protocol""" 88 89 hello_request = 0 90 client_hello = 1 91 server_hello = 2 92 certificate = 11 93 server_key_exchange = 12 94 certificate_request = 13 95 server_hello_done = 14 96 certificate_verify = 15 97 client_key_exchange = 16 98 finished = 20 99 certificate_status = 22 100 next_protocol = 67101104 """TLS record layer content types of payloads""" 105 106 change_cipher_spec = 20 107 alert = 21 108 handshake = 22 109 application_data = 23 110 all = (20, 21, 22, 23) 111 112 @classmethod119114 """Convert numeric type to name representation""" 115 if blacklist is None: 116 blacklist = [] 117 blacklist.append('all') 118 return super(ContentType, cls).toRepr(value, blacklist)122 """TLS Extension Type registry values""" 123 124 server_name = 0 # RFC 6066 / 4366 125 status_request = 5 # RFC 6066 / 4366 126 cert_type = 9 # RFC 6091 127 supported_groups = 10 # RFC 4492, RFC-ietf-tls-negotiated-ff-dhe-10 128 ec_point_formats = 11 # RFC 4492 129 srp = 12 # RFC 5054 130 signature_algorithms = 13 # RFC 5246 131 alpn = 16 # RFC 7301 132 client_hello_padding = 21 # RFC 7685 133 encrypt_then_mac = 22 # RFC 7366 134 extended_master_secret = 23 # RFC 7627 135 supports_npn = 13172 136 tack = 0xF300 137 renegotiation_info = 0xff01 # RFC 5746138141 """Hash algorithm IDs used in TLSv1.2""" 142 143 none = 0 144 md5 = 1 145 sha1 = 2 146 sha224 = 3 147 sha256 = 4 148 sha384 = 5 149 sha512 = 6150153 """Signing algorithms used in TLSv1.2""" 154 155 anonymous = 0 156 rsa = 1 157 dsa = 2 158 ecdsa = 3159162 """ 163 Signature scheme used for signalling supported signature algorithms. 164 165 This is the replacement for the HashAlgorithm and SignatureAlgorithm 166 lists. Introduced with TLSv1.3. 167 """ 168 169 rsa_pkcs1_sha1 = (2, 1) 170 rsa_pkcs1_sha256 = (4, 1) 171 rsa_pkcs1_sha384 = (5, 1) 172 rsa_pkcs1_sha512 = (6, 1) 173 rsa_pss_sha256 = (8, 4) 174 rsa_pss_sha384 = (8, 5) 175 rsa_pss_sha512 = (8, 6) 176 177 @classmethod220179 """Convert numeric type to name representation""" 180 if blacklist is None: 181 blacklist = [] 182 blacklist += ['getKeyType', 'getPadding', 'getHash'] 183 return super(SignatureScheme, cls).toRepr(value, blacklist)184 185 @staticmethod187 """ 188 Return the name of the signature algorithm used in scheme. 189 190 E.g. for "rsa_pkcs1_sha1" it returns "rsa" 191 """ 192 try: 193 getattr(SignatureScheme, scheme) 194 except AttributeError: 195 raise ValueError("\"{0}\" scheme is unknown".format(scheme)) 196 kType, _, _ = scheme.split('_') 197 return kType198 199 @staticmethod201 """Return the name of padding scheme used in signature scheme.""" 202 try: 203 getattr(SignatureScheme, scheme) 204 except AttributeError: 205 raise ValueError("\"{0}\" scheme is unknown".format(scheme)) 206 kType, padding, _ = scheme.split('_') 207 assert kType == 'rsa' 208 return padding209 210 @staticmethod212 """Return the name of hash used in signature scheme.""" 213 try: 214 getattr(SignatureScheme, scheme) 215 except AttributeError: 216 raise ValueError("\"{0}\" scheme is unknown".format(scheme)) 217 kType, _, hName = scheme.split('_') 218 assert kType == 'rsa' 219 return hName223 """Name of groups supported for (EC)DH key exchange""" 224 225 # RFC4492 226 sect163k1 = 1 227 sect163r1 = 2 228 sect163r2 = 3 229 sect193r1 = 4 230 sect193r2 = 5 231 sect233k1 = 6 232 sect233r1 = 7 233 sect239k1 = 8 234 sect283k1 = 9 235 sect283r1 = 10 236 sect409k1 = 11 237 sect409r1 = 12 238 sect571k1 = 13 239 sect571r1 = 14 240 secp160k1 = 15 241 secp160r1 = 16 242 secp160r2 = 17 243 secp192k1 = 18 244 secp192r1 = 19 245 secp224k1 = 20 246 secp224r1 = 21 247 secp256k1 = 22 248 secp256r1 = 23 249 secp384r1 = 24 250 secp521r1 = 25 251 allEC = list(range(1, 26)) 252 253 # RFC7027 254 brainpoolP256r1 = 26 255 brainpoolP384r1 = 27 256 brainpoolP512r1 = 28 257 allEC.extend(list(range(26, 29))) 258 259 # RFC7919 260 ffdhe2048 = 256 261 ffdhe3072 = 257 262 ffdhe4096 = 258 263 ffdhe6144 = 259 264 ffdhe8192 = 260 265 allFF = list(range(256, 261)) 266 267 all = allEC + allFF 268 269 @classmethod276279 """Names and ID's of supported EC point formats.""" 280 281 uncompressed = 0 282 ansiX962_compressed_prime = 1 283 ansiX962_compressed_char2 = 2 284 285 all = [uncompressed, 286 ansiX962_compressed_prime, 287 ansiX962_compressed_char2] 288 289 @classmethod296291 """Convert numeric type to name representation.""" 292 if blacklist is None: 293 blacklist = [] 294 blacklist.append('all') 295 return super(ECPointFormat, cls).toRepr(value, blacklist)299 """Types of ECC curves supported in TLS from RFC4492""" 300 301 explicit_prime = 1 302 explicit_char2 = 2 303 named_curve = 3304 310 316 323326 """ 327 @cvar bad_record_mac: A TLS record failed to decrypt properly. 328 329 If this occurs during a SRP handshake it most likely 330 indicates a bad password. It may also indicate an implementation 331 error, or some tampering with the data in transit. 332 333 This alert will be signalled by the server if the SRP password is bad. It 334 may also be signalled by the server if the SRP username is unknown to the 335 server, but it doesn't wish to reveal that fact. 336 337 338 @cvar handshake_failure: A problem occurred while handshaking. 339 340 This typically indicates a lack of common ciphersuites between client and 341 server, or some other disagreement (about SRP parameters or key sizes, 342 for example). 343 344 @cvar protocol_version: The other party's SSL/TLS version was unacceptable. 345 346 This indicates that the client and server couldn't agree on which version 347 of SSL or TLS to use. 348 349 @cvar user_canceled: The handshake is being cancelled for some reason. 350 351 """ 352 353 close_notify = 0 354 unexpected_message = 10 355 bad_record_mac = 20 356 decryption_failed = 21 357 record_overflow = 22 358 decompression_failure = 30 359 handshake_failure = 40 360 no_certificate = 41 #SSLv3 361 bad_certificate = 42 362 unsupported_certificate = 43 363 certificate_revoked = 44 364 certificate_expired = 45 365 certificate_unknown = 46 366 illegal_parameter = 47 367 unknown_ca = 48 368 access_denied = 49 369 decode_error = 50 370 decrypt_error = 51 371 export_restriction = 60 372 protocol_version = 70 373 insufficient_security = 71 374 internal_error = 80 375 inappropriate_fallback = 86 376 user_canceled = 90 377 no_renegotiation = 100 378 unsupported_extension = 110 # RFC 5246 379 certificate_unobtainable = 111 # RFC 6066 380 unrecognized_name = 112 # RFC 6066 381 bad_certificate_status_response = 113 # RFC 6066 382 bad_certificate_hash_value = 114 # RFC 6066 383 unknown_psk_identity = 115 384 no_application_protocol = 120 # RFC 7301385388 389 """ 390 Numeric values of ciphersuites and ciphersuite types 391 392 @cvar tripleDESSuites: ciphersuties which use 3DES symmetric cipher in CBC 393 mode 394 @cvar aes128Suites: ciphersuites which use AES symmetric cipher in CBC mode 395 with 128 bit key 396 @cvar aes256Suites: ciphersuites which use AES symmetric cipher in CBC mode 397 with 128 bit key 398 @cvar rc4Suites: ciphersuites which use RC4 symmetric cipher with 128 bit 399 key 400 @cvar shaSuites: ciphersuites which use SHA-1 HMAC integrity mechanism 401 and protocol default Pseudo Random Function 402 @cvar sha256Suites: ciphersuites which use SHA-256 HMAC integrity mechanism 403 and SHA-256 Pseudo Random Function 404 @cvar md5Suites: ciphersuites which use MD-5 HMAC integrity mechanism and 405 protocol default Pseudo Random Function 406 @cvar srpSuites: ciphersuites which use Secure Remote Password (SRP) key 407 exchange protocol 408 @cvar srpCertSuites: ciphersuites which use Secure Remote Password (SRP) 409 key exchange protocol with RSA server authentication 410 @cvar srpAllSuites: all SRP ciphersuites, pure SRP and with RSA based 411 server authentication 412 @cvar certSuites: ciphersuites which use RSA key exchange with RSA server 413 authentication 414 @cvar certAllSuites: ciphersuites which use RSA server authentication 415 @cvar anonSuites: ciphersuites which use anonymous Finite Field 416 Diffie-Hellman key exchange 417 @cvar ietfNames: dictionary with string names of the ciphersuites 418 """ 419 420 ietfNames = {} 421 422 # the ciphesuite names come from IETF, we want to keep them 423 #pylint: disable = invalid-name 424 425 # SSLv2 from draft-hickman-netscape-ssl-00.txt 426 SSL_CK_RC4_128_WITH_MD5 = 0x010080 427 ietfNames[0x010080] = 'SSL_CK_RC4_128_WITH_MD5' 428 SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080 429 ietfNames[0x020080] = 'SSL_CK_RC4_128_EXPORT40_WITH_MD5' 430 SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080 431 ietfNames[0x030080] = 'SSL_CK_RC2_128_CBC_WITH_MD5' 432 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080 433 ietfNames[0x040080] = 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5' 434 SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080 435 ietfNames[0x050080] = 'SSL_CK_IDEA_128_CBC_WITH_MD5' 436 SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040 437 ietfNames[0x060040] = 'SSL_CK_DES_64_CBC_WITH_MD5' 438 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0 439 ietfNames[0x0700C0] = 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5' 440 441 # SSL2 ciphersuites which use RC4 symmetric cipher 442 ssl2rc4 = [] 443 ssl2rc4.append(SSL_CK_RC4_128_WITH_MD5) 444 ssl2rc4.append(SSL_CK_RC4_128_EXPORT40_WITH_MD5) 445 446 # SSL2 ciphersuites which use RC2 symmetric cipher 447 ssl2rc2 = [] 448 ssl2rc2.append(SSL_CK_RC2_128_CBC_WITH_MD5) 449 ssl2rc2.append(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5) 450 451 # SSL2 ciphersuites which use IDEA symmetric cipher 452 ssl2idea = [SSL_CK_IDEA_128_CBC_WITH_MD5] 453 454 # SSL2 ciphersuites which use (single) DES symmetric cipher 455 ssl2des = [SSL_CK_DES_64_CBC_WITH_MD5] 456 457 # SSL2 ciphersuites which use 3DES symmetric cipher 458 ssl2_3des = [SSL_CK_DES_192_EDE3_CBC_WITH_MD5] 459 460 # SSL2 ciphersuites which encrypt only part (40 bits) of the key 461 ssl2export = [] 462 ssl2export.append(SSL_CK_RC4_128_EXPORT40_WITH_MD5) 463 ssl2export.append(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5) 464 465 # SSL2 ciphersuties which use 128 bit key 466 ssl2_128Key = [] 467 ssl2_128Key.append(SSL_CK_RC4_128_WITH_MD5) 468 ssl2_128Key.append(SSL_CK_RC4_128_EXPORT40_WITH_MD5) 469 ssl2_128Key.append(SSL_CK_RC2_128_CBC_WITH_MD5) 470 ssl2_128Key.append(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5) 471 ssl2_128Key.append(SSL_CK_IDEA_128_CBC_WITH_MD5) 472 473 # SSL2 ciphersuites which use 64 bit key 474 ssl2_64Key = [SSL_CK_DES_64_CBC_WITH_MD5] 475 476 # SSL2 ciphersuites which use 192 bit key 477 ssl2_192Key = [SSL_CK_DES_192_EDE3_CBC_WITH_MD5] 478 479 # Weird pseudo-ciphersuite from RFC 5746 480 # Signals that "secure renegotiation" is supported 481 # We actually don't do any renegotiation, but this 482 # prevents renegotiation attacks 483 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF 484 ietfNames[0x00FF] = 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV' 485 486 # RFC 7507 - Fallback Signaling Cipher Suite Value for Preventing Protocol 487 # Downgrade Attacks 488 TLS_FALLBACK_SCSV = 0x5600 489 ietfNames[0x5600] = 'TLS_FALLBACK_SCSV' 490 491 # RFC 5054 - Secure Remote Password (SRP) Protocol for TLS Authentication 492 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A 493 ietfNames[0xC01A] = 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA' 494 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D 495 ietfNames[0xC01D] = 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA' 496 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 497 ietfNames[0xC020] = 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA' 498 499 # RFC 5054 - Secure Remote Password (SRP) Protocol for TLS Authentication 500 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B 501 ietfNames[0xC01B] = 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA' 502 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E 503 ietfNames[0xC01E] = 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA' 504 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 505 ietfNames[0xC021] = 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA' 506 507 # RFC 5246 - TLS v1.2 Protocol 508 TLS_RSA_WITH_NULL_MD5 = 0x0001 509 ietfNames[0x0001] = 'TLS_RSA_WITH_NULL_MD5' 510 TLS_RSA_WITH_NULL_SHA = 0x0002 511 ietfNames[0x0002] = 'TLS_RSA_WITH_NULL_SHA' 512 TLS_RSA_WITH_NULL_SHA256 = 0x003B 513 ietfNames[0x003B] = 'TLS_RSA_WITH_NULL_SHA256' 514 515 # RFC 5246 - TLS v1.2 Protocol 516 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A 517 ietfNames[0x000A] = 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' 518 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F 519 ietfNames[0x002F] = 'TLS_RSA_WITH_AES_128_CBC_SHA' 520 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 521 ietfNames[0x0035] = 'TLS_RSA_WITH_AES_256_CBC_SHA' 522 TLS_RSA_WITH_RC4_128_SHA = 0x0005 523 ietfNames[0x0005] = 'TLS_RSA_WITH_RC4_128_SHA' 524 525 # RFC 5246 - TLS v1.2 Protocol 526 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 527 ietfNames[0x0004] = 'TLS_RSA_WITH_RC4_128_MD5' 528 529 # RFC 5246 - TLS v1.2 Protocol 530 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 531 ietfNames[0x0016] = 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA' 532 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 533 ietfNames[0x0033] = 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA' 534 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 535 ietfNames[0x0039] = 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA' 536 537 # RFC 5246 - TLS v1.2 Protocol 538 TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018 539 ietfNames[0x0018] = 'TLS_DH_ANON_WITH_RC4_128_MD5' 540 TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B 541 ietfNames[0x001B] = 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA' 542 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 543 ietfNames[0x0034] = 'TLS_DH_ANON_WITH_AES_128_CBC_SHA' 544 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A 545 ietfNames[0x003A] = 'TLS_DH_ANON_WITH_AES_256_CBC_SHA' 546 TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C 547 ietfNames[0x006C] = 'TLS_DH_ANON_WITH_AES_128_CBC_SHA256' 548 TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D 549 ietfNames[0x006D] = 'TLS_DH_ANON_WITH_AES_256_CBC_SHA256' 550 TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6 551 ietfNames[0x00A6] = 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256' 552 TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7 553 ietfNames[0x00A7] = 'TLS_DH_ANON_WITH_AES_256_GCM_SHA384' 554 555 # RFC 5246 - TLS v1.2 Protocol 556 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C 557 ietfNames[0x003C] = 'TLS_RSA_WITH_AES_128_CBC_SHA256' 558 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D 559 ietfNames[0x003D] = 'TLS_RSA_WITH_AES_256_CBC_SHA256' 560 561 # RFC 5246 - TLS v1.2 562 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 563 ietfNames[0x0067] = 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256' 564 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B 565 ietfNames[0x006B] = 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256' 566 567 # RFC 5288 - AES-GCM ciphers for TLSv1.2 568 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C 569 ietfNames[0x009C] = 'TLS_RSA_WITH_AES_128_GCM_SHA256' 570 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E 571 ietfNames[0x009E] = 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256' 572 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D 573 ietfNames[0x009D] = 'TLS_RSA_WITH_AES_256_GCM_SHA384' 574 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F 575 ietfNames[0x009F] = 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384' 576 577 # RFC 4492 - ECC Cipher Suites for TLS 578 TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010 579 ietfNames[0xC010] = 'TLS_ECDHE_RSA_WITH_NULL_SHA' 580 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013 581 ietfNames[0xC013] = 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' 582 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014 583 ietfNames[0xC014] = 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' 584 TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015 585 ietfNames[0xC015] = 'TLS_ECDH_ANON_WITH_NULL_SHA' 586 TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016 587 ietfNames[0xC016] = 'TLS_ECDH_ANON_WITH_RC4_128_SHA' 588 TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017 589 ietfNames[0xC017] = 'TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA' 590 TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018 591 ietfNames[0xC018] = 'TLS_ECDH_ANON_WITH_AES_128_CBC_SHA' 592 TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019 593 ietfNames[0xC019] = 'TLS_ECDH_ANON_WITH_AES_256_CBC_SHA' 594 595 # draft-ietf-tls-chacha20-poly1305-00 596 # ChaCha20/Poly1305 based Cipher Suites for TLS1.2 597 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 0xcca1 598 ietfNames[0xcca1] = 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00' 599 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 0xcca3 600 ietfNames[0xcca3] = 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00' 601 602 # RFC 7905 - ChaCha20-Poly1305 Cipher Suites for TLS 603 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xcca8 604 ietfNames[0xcca8] = 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256' 605 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xccaa 606 ietfNames[0xccaa] = 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256' 607 608 # RFC 5289 - ECC Ciphers with SHA-256/SHA284 HMAC and AES-GCM 609 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027 610 ietfNames[0xC027] = 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' 611 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028 612 ietfNames[0xC028] = 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' 613 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F 614 ietfNames[0xC02F] = 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' 615 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030 616 ietfNames[0xC030] = 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' 617 618 #pylint: enable = invalid-name 619 # 620 # Define cipher suite families below 621 # 622 623 # 3DES CBC ciphers 624 tripleDESSuites = [] 625 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 626 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 627 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 628 tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 629 tripleDESSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA) 630 tripleDESSuites.append(TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA) 631 632 # AES-128 CBC ciphers 633 aes128Suites = [] 634 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 635 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 636 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 637 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 638 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 639 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) 640 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) 641 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA256) 642 aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) 643 aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) 644 aes128Suites.append(TLS_ECDH_ANON_WITH_AES_128_CBC_SHA) 645 646 # AES-256 CBC ciphers 647 aes256Suites = [] 648 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 649 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 650 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 651 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 652 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 653 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) 654 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) 655 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA256) 656 aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) 657 aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) 658 aes256Suites.append(TLS_ECDH_ANON_WITH_AES_256_CBC_SHA) 659 660 # AES-128 GCM ciphers 661 aes128GcmSuites = [] 662 aes128GcmSuites.append(TLS_RSA_WITH_AES_128_GCM_SHA256) 663 aes128GcmSuites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) 664 aes128GcmSuites.append(TLS_DH_ANON_WITH_AES_128_GCM_SHA256) 665 aes128GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) 666 667 # AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites) 668 aes256GcmSuites = [] 669 aes256GcmSuites.append(TLS_RSA_WITH_AES_256_GCM_SHA384) 670 aes256GcmSuites.append(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) 671 aes256GcmSuites.append(TLS_DH_ANON_WITH_AES_256_GCM_SHA384) 672 aes256GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 673 674 # CHACHA20 cipher, 00'th IETF draft (implicit POLY1305 authenticator) 675 chacha20draft00Suites = [] 676 chacha20draft00Suites.append(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00) 677 chacha20draft00Suites.append(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00) 678 679 # CHACHA20 cipher (implicit POLY1305 authenticator, SHA256 PRF) 680 chacha20Suites = [] 681 chacha20Suites.append(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) 682 chacha20Suites.append(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) 683 684 # RC4 128 stream cipher 685 rc4Suites = [] 686 rc4Suites.append(TLS_DH_ANON_WITH_RC4_128_MD5) 687 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) 688 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) 689 rc4Suites.append(TLS_ECDH_ANON_WITH_RC4_128_SHA) 690 691 # no encryption 692 nullSuites = [] 693 nullSuites.append(TLS_RSA_WITH_NULL_MD5) 694 nullSuites.append(TLS_RSA_WITH_NULL_SHA) 695 nullSuites.append(TLS_RSA_WITH_NULL_SHA256) 696 nullSuites.append(TLS_ECDHE_RSA_WITH_NULL_SHA) 697 nullSuites.append(TLS_ECDH_ANON_WITH_NULL_SHA) 698 699 # SHA-1 HMAC, protocol default PRF 700 shaSuites = [] 701 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 702 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 703 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 704 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 705 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 706 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 707 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 708 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 709 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 710 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) 711 shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 712 shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 713 shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 714 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 715 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 716 shaSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA) 717 shaSuites.append(TLS_RSA_WITH_NULL_SHA) 718 shaSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) 719 shaSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) 720 shaSuites.append(TLS_ECDHE_RSA_WITH_NULL_SHA) 721 shaSuites.append(TLS_ECDH_ANON_WITH_AES_256_CBC_SHA) 722 shaSuites.append(TLS_ECDH_ANON_WITH_AES_128_CBC_SHA) 723 shaSuites.append(TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA) 724 shaSuites.append(TLS_ECDH_ANON_WITH_RC4_128_SHA) 725 shaSuites.append(TLS_ECDH_ANON_WITH_NULL_SHA) 726 727 # SHA-256 HMAC, SHA-256 PRF 728 sha256Suites = [] 729 sha256Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) 730 sha256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) 731 sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) 732 sha256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) 733 sha256Suites.append(TLS_RSA_WITH_NULL_SHA256) 734 sha256Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA256) 735 sha256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA256) 736 sha256Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) 737 738 # SHA-384 HMAC, SHA-384 PRF 739 sha384Suites = [] 740 sha384Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) 741 742 # stream cipher construction 743 streamSuites = [] 744 streamSuites.extend(rc4Suites) 745 streamSuites.extend(nullSuites) 746 747 # AEAD integrity, any PRF 748 aeadSuites = [] 749 aeadSuites.extend(aes128GcmSuites) 750 aeadSuites.extend(aes256GcmSuites) 751 aeadSuites.extend(chacha20Suites) 752 aeadSuites.extend(chacha20draft00Suites) 753 754 # TLS1.2 with SHA384 PRF 755 sha384PrfSuites = [] 756 sha384PrfSuites.extend(sha384Suites) 757 sha384PrfSuites.extend(aes256GcmSuites) 758 759 # MD-5 HMAC, protocol default PRF 760 md5Suites = [] 761 md5Suites.append(TLS_DH_ANON_WITH_RC4_128_MD5) 762 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) 763 md5Suites.append(TLS_RSA_WITH_NULL_MD5) 764 765 # SSL3, TLS1.0, TLS1.1 and TLS1.2 compatible ciphers 766 ssl3Suites = [] 767 ssl3Suites.extend(shaSuites) 768 ssl3Suites.extend(md5Suites) 769 770 # TLS1.2 specific ciphersuites 771 tls12Suites = [] 772 tls12Suites.extend(sha256Suites) 773 tls12Suites.extend(sha384Suites) 774 tls12Suites.extend(aeadSuites) 775 776 @staticmethod1000778 """Return a copy of suites without ciphers incompatible with version""" 779 includeSuites = set([]) 780 if (3, 0) <= minVersion <= (3, 3): 781 includeSuites.update(CipherSuite.ssl3Suites) 782 if maxVersion == (3, 3): 783 includeSuites.update(CipherSuite.tls12Suites) 784 return [s for s in suites if s in includeSuites]785 786 @staticmethod788 if version is None: 789 version = settings.maxVersion 790 macNames = settings.macNames 791 cipherNames = settings.cipherNames 792 keyExchangeNames = settings.keyExchangeNames 793 macSuites = [] 794 if "sha" in macNames: 795 macSuites += CipherSuite.shaSuites 796 if "sha256" in macNames and version >= (3, 3): 797 macSuites += CipherSuite.sha256Suites 798 if "sha384" in macNames and version >= (3, 3): 799 macSuites += CipherSuite.sha384Suites 800 if "md5" in macNames: 801 macSuites += CipherSuite.md5Suites 802 if "aead" in macNames and version >= (3, 3): 803 macSuites += CipherSuite.aeadSuites 804 805 cipherSuites = [] 806 if "chacha20-poly1305" in cipherNames and version >= (3, 3): 807 cipherSuites += CipherSuite.chacha20Suites 808 if "chacha20-poly1305_draft00" in cipherNames and version >= (3, 3): 809 cipherSuites += CipherSuite.chacha20draft00Suites 810 if "aes128gcm" in cipherNames and version >= (3, 3): 811 cipherSuites += CipherSuite.aes128GcmSuites 812 if "aes256gcm" in cipherNames and version >= (3, 3): 813 cipherSuites += CipherSuite.aes256GcmSuites 814 if "aes128" in cipherNames: 815 cipherSuites += CipherSuite.aes128Suites 816 if "aes256" in cipherNames: 817 cipherSuites += CipherSuite.aes256Suites 818 if "3des" in cipherNames: 819 cipherSuites += CipherSuite.tripleDESSuites 820 if "rc4" in cipherNames: 821 cipherSuites += CipherSuite.rc4Suites 822 if "null" in cipherNames: 823 cipherSuites += CipherSuite.nullSuites 824 825 keyExchangeSuites = [] 826 if "rsa" in keyExchangeNames: 827 keyExchangeSuites += CipherSuite.certSuites 828 if "dhe_rsa" in keyExchangeNames: 829 keyExchangeSuites += CipherSuite.dheCertSuites 830 if "ecdhe_rsa" in keyExchangeNames: 831 keyExchangeSuites += CipherSuite.ecdheCertSuites 832 if "srp_sha" in keyExchangeNames: 833 keyExchangeSuites += CipherSuite.srpSuites 834 if "srp_sha_rsa" in keyExchangeNames: 835 keyExchangeSuites += CipherSuite.srpCertSuites 836 if "dh_anon" in keyExchangeNames: 837 keyExchangeSuites += CipherSuite.anonSuites 838 if "ecdh_anon" in keyExchangeNames: 839 keyExchangeSuites += CipherSuite.ecdhAnonSuites 840 841 return [s for s in suites if s in macSuites and 842 s in cipherSuites and s in keyExchangeSuites]843 844 # SRP key exchange 845 srpSuites = [] 846 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 847 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 848 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 849 850 @classmethod852 """Return SRP cipher suites matching settings""" 853 return cls._filterSuites(CipherSuite.srpSuites, settings, version)854 855 # SRP key exchange, RSA authentication 856 srpCertSuites = [] 857 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 858 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 859 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 860 861 @classmethod863 """Return SRP cipher suites that use server certificates""" 864 return cls._filterSuites(CipherSuite.srpCertSuites, settings, version)865 866 srpAllSuites = srpSuites + srpCertSuites 867 868 @classmethod870 """Return all SRP cipher suites matching settings""" 871 return cls._filterSuites(CipherSuite.srpAllSuites, settings, version)872 873 # RSA key exchange, RSA authentication 874 certSuites = [] 875 certSuites.append(TLS_RSA_WITH_AES_256_GCM_SHA384) 876 certSuites.append(TLS_RSA_WITH_AES_128_GCM_SHA256) 877 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) 878 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) 879 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 880 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 881 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 882 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) 883 certSuites.append(TLS_RSA_WITH_RC4_128_MD5) 884 certSuites.append(TLS_RSA_WITH_NULL_MD5) 885 certSuites.append(TLS_RSA_WITH_NULL_SHA) 886 certSuites.append(TLS_RSA_WITH_NULL_SHA256) 887 888 @classmethod890 """Return ciphers with RSA authentication matching settings""" 891 return cls._filterSuites(CipherSuite.certSuites, settings, version)892 893 # FFDHE key exchange, RSA authentication 894 dheCertSuites = [] 895 dheCertSuites.append(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) 896 dheCertSuites.append(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00) 897 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) 898 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) 899 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) 900 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) 901 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 902 dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 903 dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 904 905 @classmethod907 """Provide authenticated DHE ciphersuites matching settings""" 908 return cls._filterSuites(CipherSuite.dheCertSuites, settings, version)909 910 # ECDHE key exchange, RSA authentication 911 ecdheCertSuites = [] 912 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) 913 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00) 914 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 915 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) 916 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) 917 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) 918 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) 919 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) 920 ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_NULL_SHA) 921 922 @classmethod924 """Provide authenticated ECDHE ciphersuites matching settings""" 925 return cls._filterSuites(CipherSuite.ecdheCertSuites, settings, version)926 927 # RSA authentication 928 certAllSuites = srpCertSuites + certSuites + dheCertSuites + ecdheCertSuites 929 930 # anon FFDHE key exchange 931 anonSuites = [] 932 anonSuites.append(TLS_DH_ANON_WITH_AES_256_GCM_SHA384) 933 anonSuites.append(TLS_DH_ANON_WITH_AES_128_GCM_SHA256) 934 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA256) 935 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 936 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA256) 937 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 938 anonSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA) 939 anonSuites.append(TLS_DH_ANON_WITH_RC4_128_MD5) 940 941 @classmethod943 """Provide anonymous DH ciphersuites matching settings""" 944 return cls._filterSuites(CipherSuite.anonSuites, settings, version)945 946 dhAllSuites = dheCertSuites + anonSuites 947 948 # anon ECDHE key exchange 949 ecdhAnonSuites = [] 950 ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_AES_256_CBC_SHA) 951 ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_AES_128_CBC_SHA) 952 ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA) 953 ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_RC4_128_SHA) 954 ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_NULL_SHA) 955 956 @classmethod958 """Provide anonymous ECDH ciphersuites matching settings""" 959 return cls._filterSuites(CipherSuite.ecdhAnonSuites, settings, version)960 961 ecdhAllSuites = ecdheCertSuites + ecdhAnonSuites 962 963 @staticmethod965 """Return the canonical name of the cipher whose number is provided.""" 966 if ciphersuite in CipherSuite.aes128GcmSuites: 967 return "aes128gcm" 968 elif ciphersuite in CipherSuite.aes256GcmSuites: 969 return "aes256gcm" 970 elif ciphersuite in CipherSuite.aes128Suites: 971 return "aes128" 972 elif ciphersuite in CipherSuite.aes256Suites: 973 return "aes256" 974 elif ciphersuite in CipherSuite.rc4Suites: 975 return "rc4" 976 elif ciphersuite in CipherSuite.tripleDESSuites: 977 return "3des" 978 elif ciphersuite in CipherSuite.nullSuites: 979 return "null" 980 elif ciphersuite in CipherSuite.chacha20draft00Suites: 981 return "chacha20-poly1305_draft00" 982 elif ciphersuite in CipherSuite.chacha20Suites: 983 return "chacha20-poly1305" 984 else: 985 return None986 987 @staticmethod989 """Return the canonical name of the MAC whose number is provided.""" 990 if ciphersuite in CipherSuite.sha384Suites: 991 return "sha384" 992 elif ciphersuite in CipherSuite.sha256Suites: 993 return "sha256" 994 elif ciphersuite in CipherSuite.shaSuites: 995 return "sha" 996 elif ciphersuite in CipherSuite.md5Suites: 997 return "md5" 998 else: 999 return None1001 1002 # The following faults are induced as part of testing. The faultAlerts 1003 # dictionary describes the allowed alerts that may be triggered by these 1004 # faults. 1005 -class Fault:1006 badUsername = 101 1007 badPassword = 102 1008 badA = 103 1009 clientSrpFaults = list(range(101,104)) 1010 1011 badVerifyMessage = 601 1012 clientCertFaults = list(range(601,602)) 1013 1014 badPremasterPadding = 501 1015 shortPremasterSecret = 502 1016 clientNoAuthFaults = list(range(501,503)) 1017 1018 badB = 201 1019 serverFaults = list(range(201,202)) 1020 1021 badFinished = 300 1022 badMAC = 301 1023 badPadding = 302 1024 genericFaults = list(range(300,303)) 1025 1026 faultAlerts = {\ 1027 badUsername: (AlertDescription.unknown_psk_identity, \ 1028 AlertDescription.bad_record_mac),\ 1029 badPassword: (AlertDescription.bad_record_mac,),\ 1030 badA: (AlertDescription.illegal_parameter,),\ 1031 badPremasterPadding: (AlertDescription.bad_record_mac,),\ 1032 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ 1033 badVerifyMessage: (AlertDescription.decrypt_error,),\ 1034 badFinished: (AlertDescription.decrypt_error,),\ 1035 badMAC: (AlertDescription.bad_record_mac,),\ 1036 badPadding: (AlertDescription.bad_record_mac,) 1037 } 1038 1039 faultNames = {\ 1040 badUsername: "bad username",\ 1041 badPassword: "bad password",\ 1042 badA: "bad A",\ 1043 badPremasterPadding: "bad premaster padding",\ 1044 shortPremasterSecret: "short premaster secret",\ 1045 badVerifyMessage: "bad verify message",\ 1046 badFinished: "bad finished message",\ 1047 badMAC: "bad MAC",\ 1048 badPadding: "bad padding" 1049 }1050
Home | Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 | http://epydoc.sourceforge.net |