1
"""Constants used in various places."""
13
server_key_exchange = 12
14
certificate_request = 13
15
server_hello_done = 14
16
certificate_verify = 15
17
client_key_exchange = 16
21
change_cipher_spec = 20
31
class AlertDescription:
33
@cvar bad_record_mac: A TLS record failed to decrypt properly.
35
If this occurs during a shared-key or SRP handshake it most likely
36
indicates a bad password. It may also indicate an implementation
37
error, or some tampering with the data in transit.
39
This alert will be signalled by the server if the SRP password is bad. It
40
may also be signalled by the server if the SRP username is unknown to the
41
server, but it doesn't wish to reveal that fact.
43
This alert will be signalled by the client if the shared-key username is
46
@cvar handshake_failure: A problem occurred while handshaking.
48
This typically indicates a lack of common ciphersuites between client and
49
server, or some other disagreement (about SRP parameters or key sizes,
52
@cvar protocol_version: The other party's SSL/TLS version was unacceptable.
54
This indicates that the client and server couldn't agree on which version
57
@cvar user_canceled: The handshake is being cancelled for some reason.
62
unexpected_message = 10
64
decryption_failed = 21
66
decompression_failure = 30
67
handshake_failure = 40
68
no_certificate = 41 #SSLv3
70
unsupported_certificate = 43
71
certificate_revoked = 44
72
certificate_expired = 45
73
certificate_unknown = 46
74
illegal_parameter = 47
79
export_restriction = 60
81
insufficient_security = 71
84
no_renegotiation = 100
85
unknown_srp_username = 120
86
missing_srp_username = 121
87
untrusted_srp_parameters = 122
90
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0x0050
91
TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0053
92
TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0056
94
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0051
95
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0054
96
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0057
98
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A
99
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F
100
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035
101
TLS_RSA_WITH_RC4_128_SHA = 0x0005
104
srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
105
srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
106
srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
107
def getSrpSuites(ciphers):
109
for cipher in ciphers:
110
if cipher == "aes128":
111
suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
112
elif cipher == "aes256":
113
suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
114
elif cipher == "3des":
115
suites.append(CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
117
getSrpSuites = staticmethod(getSrpSuites)
120
srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
121
srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
122
srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
123
def getSrpRsaSuites(ciphers):
125
for cipher in ciphers:
126
if cipher == "aes128":
127
suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
128
elif cipher == "aes256":
129
suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
130
elif cipher == "3des":
131
suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
133
getSrpRsaSuites = staticmethod(getSrpRsaSuites)
136
rsaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
137
rsaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
138
rsaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
139
rsaSuites.append(TLS_RSA_WITH_RC4_128_SHA)
140
def getRsaSuites(ciphers):
142
for cipher in ciphers:
143
if cipher == "aes128":
144
suites.append(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA)
145
elif cipher == "aes256":
146
suites.append(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
147
elif cipher == "rc4":
148
suites.append(CipherSuite.TLS_RSA_WITH_RC4_128_SHA)
149
elif cipher == "3des":
150
suites.append(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA)
152
getRsaSuites = staticmethod(getRsaSuites)
155
tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
156
tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
157
tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
160
aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
161
aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
162
aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
165
aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
166
aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
167
aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
170
rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA)
177
clientSrpFaults = range(101,104)
179
badVerifyMessage = 601
180
clientCertFaults = range(601,602)
182
badPremasterPadding = 501
183
shortPremasterSecret = 502
184
clientNoAuthFaults = range(501,503)
188
clientSharedKeyFaults = range(401,403)
191
serverFaults = range(201,202)
196
genericFaults = range(300,303)
199
badUsername: (AlertDescription.unknown_srp_username, \
200
AlertDescription.bad_record_mac),\
201
badPassword: (AlertDescription.bad_record_mac,),\
202
badA: (AlertDescription.illegal_parameter,),\
203
badIdentifier: (AlertDescription.handshake_failure,),\
204
badSharedKey: (AlertDescription.bad_record_mac,),\
205
badPremasterPadding: (AlertDescription.bad_record_mac,),\
206
shortPremasterSecret: (AlertDescription.bad_record_mac,),\
207
badVerifyMessage: (AlertDescription.decrypt_error,),\
208
badFinished: (AlertDescription.decrypt_error,),\
209
badMAC: (AlertDescription.bad_record_mac,),\
210
badPadding: (AlertDescription.bad_record_mac,)
214
badUsername: "bad username",\
215
badPassword: "bad password",\
217
badIdentifier: "bad identifier",\
218
badSharedKey: "bad sharedkey",\
219
badPremasterPadding: "bad premaster padding",\
220
shortPremasterSecret: "short premaster secret",\
221
badVerifyMessage: "bad verify message",\
222
badFinished: "bad finished message",\
224
badPadding: "bad padding"