Home | Trees | Indices | Help |
---|
|
1 # Authors: 2 # Trevor Perrin 3 # Google - defining ClientCertificateType 4 # 5 # See the LICENSE file for legal information regarding use of this file. 6 7 """Constants used in various places.""" 12 1820 hello_request = 0 21 client_hello = 1 22 server_hello = 2 23 certificate = 11 24 server_key_exchange = 12 25 certificate_request = 13 26 server_hello_done = 14 27 certificate_verify = 15 28 client_key_exchange = 16 29 finished = 203032 change_cipher_spec = 20 33 alert = 21 34 handshake = 22 35 application_data = 23 36 all = (20,21,22,23)37 39 srp = 12 # RFC 5054 40 cert_type = 9 # RFC 6091 41 tack = 0xF300 42 break_sigs = 0xF301 43 4749 """ 50 @cvar bad_record_mac: A TLS record failed to decrypt properly. 51 52 If this occurs during a SRP handshake it most likely 53 indicates a bad password. It may also indicate an implementation 54 error, or some tampering with the data in transit. 55 56 This alert will be signalled by the server if the SRP password is bad. It 57 may also be signalled by the server if the SRP username is unknown to the 58 server, but it doesn't wish to reveal that fact. 59 60 61 @cvar handshake_failure: A problem occurred while handshaking. 62 63 This typically indicates a lack of common ciphersuites between client and 64 server, or some other disagreement (about SRP parameters or key sizes, 65 for example). 66 67 @cvar protocol_version: The other party's SSL/TLS version was unacceptable. 68 69 This indicates that the client and server couldn't agree on which version 70 of SSL or TLS to use. 71 72 @cvar user_canceled: The handshake is being cancelled for some reason. 73 74 """ 75 76 close_notify = 0 77 unexpected_message = 10 78 bad_record_mac = 20 79 decryption_failed = 21 80 record_overflow = 22 81 decompression_failure = 30 82 handshake_failure = 40 83 no_certificate = 41 #SSLv3 84 bad_certificate = 42 85 unsupported_certificate = 43 86 certificate_revoked = 44 87 certificate_expired = 45 88 certificate_unknown = 46 89 illegal_parameter = 47 90 unknown_ca = 48 91 access_denied = 49 92 decode_error = 50 93 decrypt_error = 51 94 export_restriction = 60 95 protocol_version = 70 96 insufficient_security = 71 97 internal_error = 80 98 user_canceled = 90 99 no_renegotiation = 100 100 unknown_psk_identity = 115101104 # Weird pseudo-ciphersuite from RFC 5746 105 # Signals that "secure renegotiation" is supported 106 # We actually don't do any renegotiation, but this 107 # prevents renegotiation attacks 108 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF 109 110 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A 111 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D 112 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 113 114 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B 115 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E 116 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 117 118 119 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A 120 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F 121 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 122 TLS_RSA_WITH_RC4_128_SHA = 0x0005 123 124 srpSuites = [] 125 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 126 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 127 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 128 129 @staticmethod202131 suites = [] 132 for cipher in ciphers: 133 if cipher == "aes128": 134 suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 135 elif cipher == "aes256": 136 suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 137 elif cipher == "3des": 138 suites.append(CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 139 return suites140 141 srpCertSuites = [] 142 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 143 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 144 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 145 srpAllSuites = srpSuites + srpCertSuites 146 147 @staticmethod149 suites = [] 150 for cipher in ciphers: 151 if cipher == "aes128": 152 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 153 elif cipher == "aes256": 154 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 155 elif cipher == "3des": 156 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 157 return suites158 159 @staticmethod 163 164 certSuites = [] 165 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 166 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 167 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 168 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) 169 certAllSuites = srpCertSuites + certSuites 170 171 @staticmethod173 suites = [] 174 for cipher in ciphers: 175 if cipher == "aes128": 176 suites.append(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA) 177 elif cipher == "aes256": 178 suites.append(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA) 179 elif cipher == "rc4": 180 suites.append(CipherSuite.TLS_RSA_WITH_RC4_128_SHA) 181 elif cipher == "3des": 182 suites.append(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA) 183 return suites184 185 tripleDESSuites = [] 186 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 187 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 188 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 189 190 aes128Suites = [] 191 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 192 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 193 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 194 195 aes256Suites = [] 196 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 197 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 198 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 199 200 rc4Suites = [] 201 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA)203 204 # The following faults are induced as part of testing. The faultAlerts 205 # dictionary describes the allowed alerts that may be triggered by these 206 # faults. 207 -class Fault:208 badUsername = 101 209 badPassword = 102 210 badA = 103 211 clientSrpFaults = range(101,104) 212 213 badVerifyMessage = 601 214 clientCertFaults = range(601,602) 215 216 badPremasterPadding = 501 217 shortPremasterSecret = 502 218 clientNoAuthFaults = range(501,503) 219 220 badB = 201 221 serverFaults = range(201,202) 222 223 badFinished = 300 224 badMAC = 301 225 badPadding = 302 226 genericFaults = range(300,303) 227 228 faultAlerts = {\ 229 badUsername: (AlertDescription.unknown_psk_identity, \ 230 AlertDescription.bad_record_mac),\ 231 badPassword: (AlertDescription.bad_record_mac,),\ 232 badA: (AlertDescription.illegal_parameter,),\ 233 badPremasterPadding: (AlertDescription.bad_record_mac,),\ 234 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ 235 badVerifyMessage: (AlertDescription.decrypt_error,),\ 236 badFinished: (AlertDescription.decrypt_error,),\ 237 badMAC: (AlertDescription.bad_record_mac,),\ 238 badPadding: (AlertDescription.bad_record_mac,) 239 } 240 241 faultNames = {\ 242 badUsername: "bad username",\ 243 badPassword: "bad password",\ 244 badA: "bad A",\ 245 badPremasterPadding: "bad premaster padding",\ 246 shortPremasterSecret: "short premaster secret",\ 247 badVerifyMessage: "bad verify message",\ 248 badFinished: "bad finished message",\ 249 badMAC: "bad MAC",\ 250 badPadding: "bad padding" 251 }252
Home | Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Sat Feb 11 12:21:58 2012 | http://epydoc.sourceforge.net |