New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fancier ECDHE support #57
Changes from 10 commits
7b8d57a
a683fc0
12dc084
2c04e86
807853c
d5419e2
479878d
32f016f
b4e5c8d
9bca0ed
76a6133
f05a273
4064ea1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
*.py[co] | ||
build | ||
dist | ||
*.egg-info | ||
*.egg-info |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -122,6 +122,161 @@ class _memoryview(object): | |
SSL_CB_HANDSHAKE_DONE = _lib.SSL_CB_HANDSHAKE_DONE | ||
|
||
|
||
NID_X9_62_c2pnb163v1 = _lib.NID_X9_62_c2pnb163v1 | ||
SN_X9_62_c2pnb163v1 = _ffi.string(_lib.SN_X9_62_c2pnb163v1) | ||
NID_X9_62_c2pnb163v2 = _lib.NID_X9_62_c2pnb163v2 | ||
SN_X9_62_c2pnb163v2 = _ffi.string(_lib.SN_X9_62_c2pnb163v2) | ||
NID_X9_62_c2pnb163v3 = _lib.NID_X9_62_c2pnb163v3 | ||
SN_X9_62_c2pnb163v3 = _ffi.string(_lib.SN_X9_62_c2pnb163v3) | ||
NID_X9_62_c2pnb176v1 = _lib.NID_X9_62_c2pnb176v1 | ||
SN_X9_62_c2pnb176v1 = _ffi.string(_lib.SN_X9_62_c2pnb176v1) | ||
NID_X9_62_c2tnb191v1 = _lib.NID_X9_62_c2tnb191v1 | ||
SN_X9_62_c2tnb191v1 = _ffi.string(_lib.SN_X9_62_c2tnb191v1) | ||
NID_X9_62_c2tnb191v2 = _lib.NID_X9_62_c2tnb191v2 | ||
SN_X9_62_c2tnb191v2 = _ffi.string(_lib.SN_X9_62_c2tnb191v2) | ||
NID_X9_62_c2tnb191v3 = _lib.NID_X9_62_c2tnb191v3 | ||
SN_X9_62_c2tnb191v3 = _ffi.string(_lib.SN_X9_62_c2tnb191v3) | ||
NID_X9_62_c2onb191v4 = _lib.NID_X9_62_c2onb191v4 | ||
SN_X9_62_c2onb191v4 = _ffi.string(_lib.SN_X9_62_c2onb191v4) | ||
NID_X9_62_c2onb191v5 = _lib.NID_X9_62_c2onb191v5 | ||
SN_X9_62_c2onb191v5 = _ffi.string(_lib.SN_X9_62_c2onb191v5) | ||
NID_X9_62_c2pnb208w1 = _lib.NID_X9_62_c2pnb208w1 | ||
SN_X9_62_c2pnb208w1 = _ffi.string(_lib.SN_X9_62_c2pnb208w1) | ||
NID_X9_62_c2tnb239v1 = _lib.NID_X9_62_c2tnb239v1 | ||
SN_X9_62_c2tnb239v1 = _ffi.string(_lib.SN_X9_62_c2tnb239v1) | ||
NID_X9_62_c2tnb239v2 = _lib.NID_X9_62_c2tnb239v2 | ||
SN_X9_62_c2tnb239v2 = _ffi.string(_lib.SN_X9_62_c2tnb239v2) | ||
NID_X9_62_c2tnb239v3 = _lib.NID_X9_62_c2tnb239v3 | ||
SN_X9_62_c2tnb239v3 = _ffi.string(_lib.SN_X9_62_c2tnb239v3) | ||
NID_X9_62_c2onb239v4 = _lib.NID_X9_62_c2onb239v4 | ||
SN_X9_62_c2onb239v4 = _ffi.string(_lib.SN_X9_62_c2onb239v4) | ||
NID_X9_62_c2onb239v5 = _lib.NID_X9_62_c2onb239v5 | ||
SN_X9_62_c2onb239v5 = _ffi.string(_lib.SN_X9_62_c2onb239v5) | ||
NID_X9_62_c2pnb272w1 = _lib.NID_X9_62_c2pnb272w1 | ||
SN_X9_62_c2pnb272w1 = _ffi.string(_lib.SN_X9_62_c2pnb272w1) | ||
NID_X9_62_c2pnb304w1 = _lib.NID_X9_62_c2pnb304w1 | ||
SN_X9_62_c2pnb304w1 = _ffi.string(_lib.SN_X9_62_c2pnb304w1) | ||
NID_X9_62_c2tnb359v1 = _lib.NID_X9_62_c2tnb359v1 | ||
SN_X9_62_c2tnb359v1 = _ffi.string(_lib.SN_X9_62_c2tnb359v1) | ||
NID_X9_62_c2pnb368w1 = _lib.NID_X9_62_c2pnb368w1 | ||
SN_X9_62_c2pnb368w1 = _ffi.string(_lib.SN_X9_62_c2pnb368w1) | ||
NID_X9_62_c2tnb431r1 = _lib.NID_X9_62_c2tnb431r1 | ||
SN_X9_62_c2tnb431r1 = _ffi.string(_lib.SN_X9_62_c2tnb431r1) | ||
NID_X9_62_prime192v1 = _lib.NID_X9_62_prime192v1 | ||
SN_X9_62_prime192v1 = _ffi.string(_lib.SN_X9_62_prime192v1) | ||
NID_X9_62_prime192v2 = _lib.NID_X9_62_prime192v2 | ||
SN_X9_62_prime192v2 = _ffi.string(_lib.SN_X9_62_prime192v2) | ||
NID_X9_62_prime192v3 = _lib.NID_X9_62_prime192v3 | ||
SN_X9_62_prime192v3 = _ffi.string(_lib.SN_X9_62_prime192v3) | ||
NID_X9_62_prime239v1 = _lib.NID_X9_62_prime239v1 | ||
SN_X9_62_prime239v1 = _ffi.string(_lib.SN_X9_62_prime239v1) | ||
NID_X9_62_prime239v2 = _lib.NID_X9_62_prime239v2 | ||
SN_X9_62_prime239v2 = _ffi.string(_lib.SN_X9_62_prime239v2) | ||
NID_X9_62_prime239v3 = _lib.NID_X9_62_prime239v3 | ||
SN_X9_62_prime239v3 = _ffi.string(_lib.SN_X9_62_prime239v3) | ||
NID_X9_62_prime256v1 = _lib.NID_X9_62_prime256v1 | ||
SN_X9_62_prime256v1 = _ffi.string(_lib.SN_X9_62_prime256v1) | ||
NID_secp112r1 = _lib.NID_secp112r1 | ||
SN_secp112r1 = _ffi.string(_lib.SN_secp112r1) | ||
NID_secp112r2 = _lib.NID_secp112r2 | ||
SN_secp112r2 = _ffi.string(_lib.SN_secp112r2) | ||
NID_secp128r1 = _lib.NID_secp128r1 | ||
SN_secp128r1 = _ffi.string(_lib.SN_secp128r1) | ||
NID_secp128r2 = _lib.NID_secp128r2 | ||
SN_secp128r2 = _ffi.string(_lib.SN_secp128r2) | ||
NID_secp160k1 = _lib.NID_secp160k1 | ||
SN_secp160k1 = _ffi.string(_lib.SN_secp160k1) | ||
NID_secp160r1 = _lib.NID_secp160r1 | ||
SN_secp160r1 = _ffi.string(_lib.SN_secp160r1) | ||
NID_secp160r2 = _lib.NID_secp160r2 | ||
SN_secp160r2 = _ffi.string(_lib.SN_secp160r2) | ||
NID_sect163k1 = _lib.NID_sect163k1 | ||
SN_sect163k1 = _ffi.string(_lib.SN_sect163k1) | ||
NID_sect163r1 = _lib.NID_sect163r1 | ||
SN_sect163r1 = _ffi.string(_lib.SN_sect163r1) | ||
NID_sect163r2 = _lib.NID_sect163r2 | ||
SN_sect163r2 = _ffi.string(_lib.SN_sect163r2) | ||
NID_secp192k1 = _lib.NID_secp192k1 | ||
SN_secp192k1 = _ffi.string(_lib.SN_secp192k1) | ||
NID_secp224k1 = _lib.NID_secp224k1 | ||
SN_secp224k1 = _ffi.string(_lib.SN_secp224k1) | ||
NID_secp224r1 = _lib.NID_secp224r1 | ||
SN_secp224r1 = _ffi.string(_lib.SN_secp224r1) | ||
NID_secp256k1 = _lib.NID_secp256k1 | ||
SN_secp256k1 = _ffi.string(_lib.SN_secp256k1) | ||
NID_secp384r1 = _lib.NID_secp384r1 | ||
SN_secp384r1 = _ffi.string(_lib.SN_secp384r1) | ||
NID_secp521r1 = _lib.NID_secp521r1 | ||
SN_secp521r1 = _ffi.string(_lib.SN_secp521r1) | ||
NID_sect113r1 = _lib.NID_sect113r1 | ||
SN_sect113r1 = _ffi.string(_lib.SN_sect113r1) | ||
NID_sect113r2 = _lib.NID_sect113r2 | ||
SN_sect113r2 = _ffi.string(_lib.SN_sect113r2) | ||
NID_sect131r1 = _lib.NID_sect131r1 | ||
SN_sect131r1 = _ffi.string(_lib.SN_sect131r1) | ||
NID_sect131r2 = _lib.NID_sect131r2 | ||
SN_sect131r2 = _ffi.string(_lib.SN_sect131r2) | ||
NID_sect193r1 = _lib.NID_sect193r1 | ||
SN_sect193r1 = _ffi.string(_lib.SN_sect193r1) | ||
NID_sect193r2 = _lib.NID_sect193r2 | ||
SN_sect193r2 = _ffi.string(_lib.SN_sect193r2) | ||
NID_sect233k1 = _lib.NID_sect233k1 | ||
SN_sect233k1 = _ffi.string(_lib.SN_sect233k1) | ||
NID_sect233r1 = _lib.NID_sect233r1 | ||
SN_sect233r1 = _ffi.string(_lib.SN_sect233r1) | ||
NID_sect239k1 = _lib.NID_sect239k1 | ||
SN_sect239k1 = _ffi.string(_lib.SN_sect239k1) | ||
NID_sect283k1 = _lib.NID_sect283k1 | ||
SN_sect283k1 = _ffi.string(_lib.SN_sect283k1) | ||
NID_sect283r1 = _lib.NID_sect283r1 | ||
SN_sect283r1 = _ffi.string(_lib.SN_sect283r1) | ||
NID_sect409k1 = _lib.NID_sect409k1 | ||
SN_sect409k1 = _ffi.string(_lib.SN_sect409k1) | ||
NID_sect409r1 = _lib.NID_sect409r1 | ||
SN_sect409r1 = _ffi.string(_lib.SN_sect409r1) | ||
NID_sect571k1 = _lib.NID_sect571k1 | ||
SN_sect571k1 = _ffi.string(_lib.SN_sect571k1) | ||
NID_sect571r1 = _lib.NID_sect571r1 | ||
SN_sect571r1 = _ffi.string(_lib.SN_sect571r1) | ||
NID_wap_wsg_idm_ecid_wtls1 = _lib.NID_wap_wsg_idm_ecid_wtls1 | ||
SN_wap_wsg_idm_ecid_wtls1 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls1) | ||
NID_wap_wsg_idm_ecid_wtls3 = _lib.NID_wap_wsg_idm_ecid_wtls3 | ||
SN_wap_wsg_idm_ecid_wtls3 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls3) | ||
NID_wap_wsg_idm_ecid_wtls4 = _lib.NID_wap_wsg_idm_ecid_wtls4 | ||
SN_wap_wsg_idm_ecid_wtls4 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls4) | ||
NID_wap_wsg_idm_ecid_wtls5 = _lib.NID_wap_wsg_idm_ecid_wtls5 | ||
SN_wap_wsg_idm_ecid_wtls5 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls5) | ||
NID_wap_wsg_idm_ecid_wtls6 = _lib.NID_wap_wsg_idm_ecid_wtls6 | ||
SN_wap_wsg_idm_ecid_wtls6 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls6) | ||
NID_wap_wsg_idm_ecid_wtls7 = _lib.NID_wap_wsg_idm_ecid_wtls7 | ||
SN_wap_wsg_idm_ecid_wtls7 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls7) | ||
NID_wap_wsg_idm_ecid_wtls8 = _lib.NID_wap_wsg_idm_ecid_wtls8 | ||
SN_wap_wsg_idm_ecid_wtls8 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls8) | ||
NID_wap_wsg_idm_ecid_wtls9 = _lib.NID_wap_wsg_idm_ecid_wtls9 | ||
SN_wap_wsg_idm_ecid_wtls9 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls9) | ||
NID_wap_wsg_idm_ecid_wtls10 = _lib.NID_wap_wsg_idm_ecid_wtls10 | ||
SN_wap_wsg_idm_ecid_wtls10 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls10) | ||
NID_wap_wsg_idm_ecid_wtls11 = _lib.NID_wap_wsg_idm_ecid_wtls11 | ||
SN_wap_wsg_idm_ecid_wtls11 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls11) | ||
NID_wap_wsg_idm_ecid_wtls12 = _lib.NID_wap_wsg_idm_ecid_wtls12 | ||
SN_wap_wsg_idm_ecid_wtls12 = _ffi.string(_lib.SN_wap_wsg_idm_ecid_wtls12) | ||
NID_ipsec3 = _lib.NID_ipsec3 | ||
SN_ipsec3 = _ffi.string(_lib.SN_ipsec3) | ||
NID_ipsec4 = _lib.NID_ipsec4 | ||
SN_ipsec4 = _ffi.string(_lib.SN_ipsec4) | ||
|
||
_Cryptography_HAS_EC = _lib.Cryptography_HAS_EC | ||
ELLIPTIC_CURVE_DESCRIPTIONS = {} # In case there's no EC support | ||
if _Cryptography_HAS_EC: | ||
_num_curves = _lib.EC_get_builtin_curves(_ffi.NULL, 0) | ||
_curves = _ffi.new('EC_builtin_curve[]', _num_curves) | ||
if _lib.EC_get_builtin_curves(_curves, _num_curves) == _num_curves: | ||
ELLIPTIC_CURVE_DESCRIPTIONS = {c.nid : _ffi.string(c.comment) | ||
for c in _curves} | ||
del _num_curves | ||
del _curves | ||
|
||
|
||
class Error(Exception): | ||
""" | ||
An error occurred in an `OpenSSL.SSL` API. | ||
|
@@ -594,6 +749,26 @@ def load_tmp_dh(self, dhfile): | |
_lib.SSL_CTX_set_tmp_dh(self._context, dh) | ||
|
||
|
||
def set_tmp_ecdh_by_curve_name(self, curve_name): | ||
""" | ||
Configure this connection to people to use Elliptical Curve | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This neither about connections (it’s a context) nor about people. :) How about just “Configure curve for ECDHE key exchanges.”? |
||
Diffie-Hellman key exchanges. | ||
|
||
:param curve_name: One of the named curve constants. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this needs a |
||
:return: None | ||
""" | ||
if _lib.Cryptography_HAS_EC: | ||
ecdh = _lib.EC_KEY_new_by_curve_name(curve_name) | ||
if ecdh == _ffi.NULL: | ||
raise ValueError( | ||
"OpenSSL could not load the requested elliptic curve" | ||
) | ||
_lib.SSL_CTX_set_tmp_ecdh(self._context, ecdh) | ||
_lib.EC_KEY_free(ecdh) | ||
else: | ||
raise ValueError("OpenSSL is compiled without ECDH support") | ||
|
||
|
||
def set_cipher_list(self, cipher_list): | ||
""" | ||
Change the cipher list | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dict comprehension are Python 2.7+. Try
dict((key, value) for (key, value) in sequence)
instead.