Skip to content

Commit

Permalink
Merge b4f059a into 4521c5c
Browse files Browse the repository at this point in the history
  • Loading branch information
@FrantisekKrenzelok
FrantisekKrenzelok committed Jul 20, 2020
2 parents 4521c5c + b4f059a commit eb83377
Show file tree
Hide file tree
Showing 4 changed files with 314 additions and 45 deletions.
8 changes: 4 additions & 4 deletions tests/tlstest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,8 +297,8 @@ def connect():
try:
connection.handshakeClientCert(settings=settings)
assert False
except TLSLocalAlert as e:
assert "certificate with curve" in str(e)
except TLSRemoteAlert as e:
assert "handshake_failure" in str(e)
connection.close()

test_no += 1
Expand Down Expand Up @@ -1665,8 +1665,8 @@ def connect():
connection.handshakeServer(certChain=x509ecdsaChain,
privateKey=x509ecdsaKey, settings=settings)
assert False
except TLSRemoteAlert as e:
assert "handshake_failure" in str(e)
except TLSLocalAlert as e:
assert "curve in the public key is not supported by the client" in str(e)
connection.close()

test_no += 1
Expand Down
106 changes: 106 additions & 0 deletions tlslite/constants.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,50 @@ class SignatureAlgorithm(TLSEnum):
ed448 = 8 # RFC 8422


class AlgorithmOID(TLSEnum):
"""
Algorithm OIDs as defined in rfc5758(ecdsa),
rfc5754(rsa, sha), rfc3447(rss-pss).
The key is the DER encoded OID as a int and
the value is the algorithm id.
"""
oid = {}

#ecdsa_sha1
oid[111196837196800525313] = (2, 3)
#ecdsa_sha224
oid[28484837066454644032257] = (3, 3)
#ecdsa_sha256
oid[28484837066454644032258] = (4, 3)
#ecdsa_sha384
oid[28484837066454644032259] = (5, 3)
#ecdsa_sha512
oid[28484837066454644032260] = (6, 3)

#rsa_sha1
oid[7296840655416892695052549] = (2, 1)
#rsa_sha224
oid[7296840655416892695052558] = (3, 1)
#rsa_sha256
oid[7296840655416892695052555] = (4, 1)
#rsa_sha384
oid[7296840655416892695052556] = (5, 1)
#rsa_sha512
oid[7296840655416892695052557] = (6, 1)

#rsa_pss
oid[7296840655416892695052554] = 8

#sha224
oid[3806363433629502450256813752836] = 3
#sha256
oid[3806363433629502450256813752833] = 4
#sha384
oid[3806363433629502450256813752834] = 5
#sha512
oid[3806363433629502450256813752835] = 6


class SignatureScheme(TLSEnum):
"""
Signature scheme used for signalling supported signature algorithms.
Expand Down Expand Up @@ -613,6 +657,10 @@ class CipherSuite:
ietfNames[0x0005] = 'TLS_RSA_WITH_RC4_128_SHA'
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A
ietfNames[0x000A] = 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D
ietfNames[0x000D] = 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA'
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013
ietfNames[0x0013] = 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016
ietfNames[0x0016] = 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA'
TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018
Expand All @@ -621,12 +669,20 @@ class CipherSuite:
ietfNames[0x001B] = 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA'
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F
ietfNames[0x002F] = 'TLS_RSA_WITH_AES_128_CBC_SHA'
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030
ietfNames[0x0030] = 'TLS_DH_DSS_WITH_AES_128_CBC_SHA'
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032
ietfNames[0x0032] = 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033
ietfNames[0x0033] = 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034
ietfNames[0x0034] = 'TLS_DH_ANON_WITH_AES_128_CBC_SHA'
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035
ietfNames[0x0035] = 'TLS_RSA_WITH_AES_256_CBC_SHA'
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036
ietfNames[0x0036] = 'TLS_DH_DSS_WITH_AES_256_CBC_SHA'
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038
ietfNames[0x0038] = 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039
ietfNames[0x0039] = 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A
Expand All @@ -637,8 +693,16 @@ class CipherSuite:
ietfNames[0x003C] = 'TLS_RSA_WITH_AES_128_CBC_SHA256'
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D
ietfNames[0x003D] = 'TLS_RSA_WITH_AES_256_CBC_SHA256'
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E
ietfNames[0x003E] = 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256'
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040
ietfNames[0x0040] = 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067
ietfNames[0x0067] = 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256'
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068
ietfNames[0x0068] = 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256'
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A
ietfNames[0x006A] = 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B
ietfNames[0x006B] = 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256'
TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C
Expand All @@ -655,6 +719,14 @@ class CipherSuite:
ietfNames[0x009E] = 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F
ietfNames[0x009F] = 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2
ietfNames[0x00A2] = 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256'
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3
ietfNames[0x00A3] = 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384'
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4
ietfNames[0x00A4] = 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256'
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5
ietfNames[0x00A5] = 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384'
TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6
ietfNames[0x00A6] = 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256'
TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7
Expand Down Expand Up @@ -763,14 +835,20 @@ class CipherSuite:
ietfNames[0xC01A] = 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA'
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B
ietfNames[0xC01B] = 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA'
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C
ietfNames[0xC01C] = 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA'
TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D
ietfNames[0xC01D] = 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA'
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E
ietfNames[0xC01E] = 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA'
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F
ietfNames[0xC01F] = 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA'
TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020
ietfNames[0xC020] = 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA'
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021
ietfNames[0xC021] = 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA'
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022
ietfNames[0xC022] = 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA'

# RFC 5289 - ECC Ciphers with SHA-256/SHA-384 HMAC and AES-GCM
# unsupported! - no support for ECDSA certificates
Expand Down Expand Up @@ -861,6 +939,9 @@ class CipherSuite:
tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
tripleDESSuites.append(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
tripleDESSuites.append(TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA) # unsupp

#: AES-128 CBC ciphers
aes128Suites = []
Expand All @@ -881,6 +962,11 @@ class CipherSuite:
aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
aes128Suites.append(TLS_ECDH_ANON_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA) # unsupported
aes128Suites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA) # unsupported
aes128Suites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA256) # unsupported
aes128Suites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256) # unsupported
aes128Suites.append(TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA) # unsupported

#: AES-256 CBC ciphers
aes256Suites = []
Expand All @@ -901,6 +987,11 @@ class CipherSuite:
aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
aes256Suites.append(TLS_ECDH_ANON_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA) # unsupported
aes256Suites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA) # unsupported
aes256Suites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA256) # unsupported
aes256Suites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256) # unsupported
aes256Suites.append(TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA) # unsupported

#: AES-128 GCM ciphers
aes128GcmSuites = []
Expand All @@ -912,6 +1003,8 @@ class CipherSuite:
aes128GcmSuites.append(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256) # unsupp
aes128GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
aes128GcmSuites.append(TLS_AES_128_GCM_SHA256)
aes128GcmSuites.append(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256) # unsupported
aes128GcmSuites.append(TLS_DH_DSS_WITH_AES_128_GCM_SHA256) # unsupported

#: AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites)
aes256GcmSuites = []
Expand All @@ -923,6 +1016,8 @@ class CipherSuite:
aes256GcmSuites.append(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384) # unsupported
aes256GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
aes256GcmSuites.append(TLS_AES_256_GCM_SHA384)
aes256GcmSuites.append(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384) # unsupported
aes256GcmSuites.append(TLS_DH_DSS_WITH_AES_256_GCM_SHA384) # unsupported

#: AES-128 CCM_8 ciphers
aes128Ccm_8Suites = []
Expand Down Expand Up @@ -994,16 +1089,25 @@ class CipherSuite:
shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
shaSuites.append(TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA) # unsupported
shaSuites.append(TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA) # unsupported
shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_RSA_WITH_RC4_128_SHA)
shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
shaSuites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA) # unsupported
shaSuites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA) # unsupported
shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
shaSuites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA) # unsupported
shaSuites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA) # unsupported
shaSuites.append(TLS_RSA_WITH_NULL_SHA)
shaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
Expand Down Expand Up @@ -1051,6 +1155,8 @@ class CipherSuite:
sha384Suites.append(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384) # unsupported
sha384Suites.append(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384) # unsupported
sha384Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
sha384Suites.append(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384) # unsupported
sha384Suites.append(TLS_DH_DSS_WITH_AES_256_GCM_SHA384) # unsupported

#: stream cipher construction
streamSuites = []
Expand Down

0 comments on commit eb83377

Please sign in to comment.