1a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# Authors: 2a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# Trevor Perrin 3a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# Google - defining ClientCertificateType 4a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# Google (adapted by Sam Rushing) - NPN support 5a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# Dimitris Moraitis - Anon ciphersuites 6a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# Dave Baggett (Arcode Corporation) - canonicalCipherName 7a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# 8a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# See the LICENSE file for legal information regarding use of this file. 9a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)"""Constants used in various places.""" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class CertificateType: 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509 = 0 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) openpgp = 1 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class ClientCertificateType: 17cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) # http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rsa_sign = 1 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) dss_sign = 2 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rsa_fixed_dh = 3 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) dss_fixed_dh = 4 22cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) ecdsa_sign = 64 23cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) rsa_fixed_ecdh = 65 24cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) ecdsa_fixed_ecdh = 66 25a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class HandshakeType: 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) hello_request = 0 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_hello = 1 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) server_hello = 2 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) certificate = 11 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) server_key_exchange = 12 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) certificate_request = 13 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) server_hello_done = 14 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) certificate_verify = 15 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_key_exchange = 16 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) finished = 20 375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) certificate_status = 22 38a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch next_protocol = 67 392a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) encrypted_extensions = 203 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class ContentType: 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) change_cipher_spec = 20 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) alert = 21 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) handshake = 22 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) application_data = 23 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) all = (20,21,22,23) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class CertificateStatusType: 495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ocsp = 1 505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 51a02191e04bc25c4935f804f2c080ae28663d096dBen Murdochclass ExtensionType: # RFC 6066 / 4366 52a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch server_name = 0 # RFC 6066 / 4366 53a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch status_request = 5 # RFC 6066 / 4366 54a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srp = 12 # RFC 5054 55a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch cert_type = 9 # RFC 6091 56a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch signed_cert_timestamps = 18 # RFC 6962 57a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch tack = 0xF300 58a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch supports_npn = 13172 59cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) channel_id = 30032 60a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 61a02191e04bc25c4935f804f2c080ae28663d096dBen Murdochclass NameType: 62a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch host_name = 0 632a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class AlertLevel: 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) warning = 1 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) fatal = 2 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class AlertDescription: 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) """ 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) @cvar bad_record_mac: A TLS record failed to decrypt properly. 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 72a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch If this occurs during a SRP handshake it most likely 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) indicates a bad password. It may also indicate an implementation 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) error, or some tampering with the data in transit. 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) This alert will be signalled by the server if the SRP password is bad. It 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) may also be signalled by the server if the SRP username is unknown to the 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) server, but it doesn't wish to reveal that fact. 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) @cvar handshake_failure: A problem occurred while handshaking. 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) This typically indicates a lack of common ciphersuites between client and 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) server, or some other disagreement (about SRP parameters or key sizes, 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for example). 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) @cvar protocol_version: The other party's SSL/TLS version was unacceptable. 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) This indicates that the client and server couldn't agree on which version 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) of SSL or TLS to use. 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) @cvar user_canceled: The handshake is being cancelled for some reason. 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) """ 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) close_notify = 0 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unexpected_message = 10 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bad_record_mac = 20 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) decryption_failed = 21 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) record_overflow = 22 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) decompression_failure = 30 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) handshake_failure = 40 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) no_certificate = 41 #SSLv3 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bad_certificate = 42 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsupported_certificate = 43 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) certificate_revoked = 44 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) certificate_expired = 45 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) certificate_unknown = 46 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) illegal_parameter = 47 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unknown_ca = 48 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) access_denied = 49 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) decode_error = 50 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) decrypt_error = 51 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) export_restriction = 60 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) protocol_version = 70 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) insufficient_security = 71 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) internal_error = 80 1185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) inappropriate_fallback = 86 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_canceled = 90 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) no_renegotiation = 100 121a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch unknown_psk_identity = 115 122a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class CipherSuite: 125a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch # Weird pseudo-ciphersuite from RFC 5746 126a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch # Signals that "secure renegotiation" is supported 127a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch # We actually don't do any renegotiation, but this 128a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch # prevents renegotiation attacks 129a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF 130a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 131a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch # draft-bmoeller-tls-downgrade-scsv-01 132a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_FALLBACK_SCSV = 0x5600 133a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 134a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A 135a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D 136a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 137a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 138a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B 139a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E 140a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TLS_RSA_WITH_RC4_128_SHA = 0x0005 147a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 148a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_RSA_WITH_RC4_128_MD5 = 0x0004 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 150a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 151a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 152a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 153a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 154a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 155a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) tripleDESSuites = [] 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 161a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) aes128Suites = [] 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 167a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 168a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) aes256Suites = [] 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 174a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 175a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rc4Suites = [] 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) 179a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) 180a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 181a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites = [] 182a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 183a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 184a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 185a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 186a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 187a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 188a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 189a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 190a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 191a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) 192a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 193a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 194a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 195a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 196a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 197a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 198a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch md5Suites = [] 199a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) 200a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 201a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 202a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def _filterSuites(suites, settings): 203a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch macNames = settings.macNames 204a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch cipherNames = settings.cipherNames 205a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch keyExchangeNames = settings.keyExchangeNames 206a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch macSuites = [] 207a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "sha" in macNames: 208a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch macSuites += CipherSuite.shaSuites 209a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "md5" in macNames: 210a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch macSuites += CipherSuite.md5Suites 211a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 212a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch cipherSuites = [] 213a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "aes128" in cipherNames: 214a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch cipherSuites += CipherSuite.aes128Suites 215a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "aes256" in cipherNames: 216a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch cipherSuites += CipherSuite.aes256Suites 217a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "3des" in cipherNames: 218a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch cipherSuites += CipherSuite.tripleDESSuites 219a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "rc4" in cipherNames: 220a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch cipherSuites += CipherSuite.rc4Suites 221a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 222a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch keyExchangeSuites = [] 223a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "rsa" in keyExchangeNames: 224a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch keyExchangeSuites += CipherSuite.certSuites 225a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "dhe_rsa" in keyExchangeNames: 226a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch keyExchangeSuites += CipherSuite.dheCertSuites 227a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "srp_sha" in keyExchangeNames: 228a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch keyExchangeSuites += CipherSuite.srpSuites 229a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "srp_sha_rsa" in keyExchangeNames: 230a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch keyExchangeSuites += CipherSuite.srpCertSuites 231a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if "dh_anon" in keyExchangeNames: 232a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch keyExchangeSuites += CipherSuite.anonSuites 233a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 234a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return [s for s in suites if s in macSuites and 235a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch s in cipherSuites and s in keyExchangeSuites] 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 237a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpSuites = [] 238a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 239a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 240a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 241a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 242a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 243a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def getSrpSuites(settings): 244a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return CipherSuite._filterSuites(CipherSuite.srpSuites, settings) 245a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 246a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpCertSuites = [] 247a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 248a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 249a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 250a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 251a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 252a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def getSrpCertSuites(settings): 253a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return CipherSuite._filterSuites(CipherSuite.srpCertSuites, settings) 254a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 255a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch srpAllSuites = srpCertSuites + srpSuites 256a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 257a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 258a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def getSrpAllSuites(settings): 259a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings) 260a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 261a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch certSuites = [] 262a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 263a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 264a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 265a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch certSuites.append(TLS_RSA_WITH_RC4_128_SHA) 266a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch certSuites.append(TLS_RSA_WITH_RC4_128_MD5) 267a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 268a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 269a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def getCertSuites(settings): 270a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return CipherSuite._filterSuites(CipherSuite.certSuites, settings) 271a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 272a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch dheCertSuites = [] 273a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) 274a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) 275a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) 276a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 277a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 278a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def getDheCertSuites(settings): 279a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings) 280a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 281a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch certAllSuites = srpCertSuites + certSuites + dheCertSuites 282a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 283a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch anonSuites = [] 284a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) 285a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) 286a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 287a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 288a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def getAnonSuites(settings): 289a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return CipherSuite._filterSuites(CipherSuite.anonSuites, settings) 290a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 291a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch dhAllSuites = dheCertSuites + anonSuites 292a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 293a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 294a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def canonicalCipherName(ciphersuite): 295a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch "Return the canonical name of the cipher whose number is provided." 296a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if ciphersuite in CipherSuite.aes128Suites: 297a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return "aes128" 298a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch elif ciphersuite in CipherSuite.aes256Suites: 299a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return "aes256" 300a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch elif ciphersuite in CipherSuite.rc4Suites: 301a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return "rc4" 302a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch elif ciphersuite in CipherSuite.tripleDESSuites: 303a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return "3des" 304a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch else: 305a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return None 306a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 307a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch @staticmethod 308a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch def canonicalMacName(ciphersuite): 309a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch "Return the canonical name of the MAC whose number is provided." 310a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch if ciphersuite in CipherSuite.shaSuites: 311a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return "sha" 312a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch elif ciphersuite in CipherSuite.md5Suites: 313a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return "md5" 314a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch else: 315a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch return None 316a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 317a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch 318a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# The following faults are induced as part of testing. The faultAlerts 319a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# dictionary describes the allowed alerts that may be triggered by these 320a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch# faults. 3215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class Fault: 3225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badUsername = 101 3235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPassword = 102 3245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badA = 103 325a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch clientSrpFaults = list(range(101,104)) 3265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badVerifyMessage = 601 328a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch clientCertFaults = list(range(601,602)) 3295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPremasterPadding = 501 3315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) shortPremasterSecret = 502 332a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch clientNoAuthFaults = list(range(501,503)) 3335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badB = 201 335a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch serverFaults = list(range(201,202)) 3365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badFinished = 300 3385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badMAC = 301 3395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPadding = 302 340a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch genericFaults = list(range(300,303)) 3415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) faultAlerts = {\ 343a02191e04bc25c4935f804f2c080ae28663d096dBen Murdoch badUsername: (AlertDescription.unknown_psk_identity, \ 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AlertDescription.bad_record_mac),\ 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPassword: (AlertDescription.bad_record_mac,),\ 3465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badA: (AlertDescription.illegal_parameter,),\ 3475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPremasterPadding: (AlertDescription.bad_record_mac,),\ 3485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) shortPremasterSecret: (AlertDescription.bad_record_mac,),\ 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badVerifyMessage: (AlertDescription.decrypt_error,),\ 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badFinished: (AlertDescription.decrypt_error,),\ 3515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badMAC: (AlertDescription.bad_record_mac,),\ 3525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPadding: (AlertDescription.bad_record_mac,) 3535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) faultNames = {\ 3565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badUsername: "bad username",\ 3575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPassword: "bad password",\ 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badA: "bad A",\ 3595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPremasterPadding: "bad premaster padding",\ 3605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) shortPremasterSecret: "short premaster secret",\ 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badVerifyMessage: "bad verify message",\ 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badFinished: "bad finished message",\ 3635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badMAC: "bad MAC",\ 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) badPadding: "bad padding" 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 366