/gdata/tlslite/constants.py
Python | 225 lines | 153 code | 11 blank | 61 comment | 7 complexity | fa4fe78b4a02da37a20f6e180cfb987b MD5 | raw file
1"""Constants used in various places.""" 2 3class CertificateType: 4 x509 = 0 5 openpgp = 1 6 cryptoID = 2 7 8class HandshakeType: 9 hello_request = 0 10 client_hello = 1 11 server_hello = 2 12 certificate = 11 13 server_key_exchange = 12 14 certificate_request = 13 15 server_hello_done = 14 16 certificate_verify = 15 17 client_key_exchange = 16 18 finished = 20 19 20class ContentType: 21 change_cipher_spec = 20 22 alert = 21 23 handshake = 22 24 application_data = 23 25 all = (20,21,22,23) 26 27class AlertLevel: 28 warning = 1 29 fatal = 2 30 31class AlertDescription: 32 """ 33 @cvar bad_record_mac: A TLS record failed to decrypt properly. 34 35 If this occurs during a shared-key or SRP handshake it most likely 36 indicates a bad password. It may also indicate an implementation 37 error, or some tampering with the data in transit. 38 39 This alert will be signalled by the server if the SRP password is bad. It 40 may also be signalled by the server if the SRP username is unknown to the 41 server, but it doesn't wish to reveal that fact. 42 43 This alert will be signalled by the client if the shared-key username is 44 bad. 45 46 @cvar handshake_failure: A problem occurred while handshaking. 47 48 This typically indicates a lack of common ciphersuites between client and 49 server, or some other disagreement (about SRP parameters or key sizes, 50 for example). 51 52 @cvar protocol_version: The other party's SSL/TLS version was unacceptable. 53 54 This indicates that the client and server couldn't agree on which version 55 of SSL or TLS to use. 56 57 @cvar user_canceled: The handshake is being cancelled for some reason. 58 59 """ 60 61 close_notify = 0 62 unexpected_message = 10 63 bad_record_mac = 20 64 decryption_failed = 21 65 record_overflow = 22 66 decompression_failure = 30 67 handshake_failure = 40 68 no_certificate = 41 #SSLv3 69 bad_certificate = 42 70 unsupported_certificate = 43 71 certificate_revoked = 44 72 certificate_expired = 45 73 certificate_unknown = 46 74 illegal_parameter = 47 75 unknown_ca = 48 76 access_denied = 49 77 decode_error = 50 78 decrypt_error = 51 79 export_restriction = 60 80 protocol_version = 70 81 insufficient_security = 71 82 internal_error = 80 83 user_canceled = 90 84 no_renegotiation = 100 85 unknown_srp_username = 120 86 missing_srp_username = 121 87 untrusted_srp_parameters = 122 88 89class CipherSuite: 90 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0x0050 91 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0053 92 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0056 93 94 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0051 95 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0054 96 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0057 97 98 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A 99 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F 100 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 101 TLS_RSA_WITH_RC4_128_SHA = 0x0005 102 103 srpSuites = [] 104 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 105 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 106 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 107 def getSrpSuites(ciphers): 108 suites = [] 109 for cipher in ciphers: 110 if cipher == "aes128": 111 suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 112 elif cipher == "aes256": 113 suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 114 elif cipher == "3des": 115 suites.append(CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 116 return suites 117 getSrpSuites = staticmethod(getSrpSuites) 118 119 srpRsaSuites = [] 120 srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 121 srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 122 srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 123 def getSrpRsaSuites(ciphers): 124 suites = [] 125 for cipher in ciphers: 126 if cipher == "aes128": 127 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 128 elif cipher == "aes256": 129 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 130 elif cipher == "3des": 131 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 132 return suites 133 getSrpRsaSuites = staticmethod(getSrpRsaSuites) 134 135 rsaSuites = [] 136 rsaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 137 rsaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 138 rsaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 139 rsaSuites.append(TLS_RSA_WITH_RC4_128_SHA) 140 def getRsaSuites(ciphers): 141 suites = [] 142 for cipher in ciphers: 143 if cipher == "aes128": 144 suites.append(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA) 145 elif cipher == "aes256": 146 suites.append(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA) 147 elif cipher == "rc4": 148 suites.append(CipherSuite.TLS_RSA_WITH_RC4_128_SHA) 149 elif cipher == "3des": 150 suites.append(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA) 151 return suites 152 getRsaSuites = staticmethod(getRsaSuites) 153 154 tripleDESSuites = [] 155 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) 156 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) 157 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) 158 159 aes128Suites = [] 160 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) 161 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) 162 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) 163 164 aes256Suites = [] 165 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) 166 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) 167 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) 168 169 rc4Suites = [] 170 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) 171 172 173class Fault: 174 badUsername = 101 175 badPassword = 102 176 badA = 103 177 clientSrpFaults = range(101,104) 178 179 badVerifyMessage = 601 180 clientCertFaults = range(601,602) 181 182 badPremasterPadding = 501 183 shortPremasterSecret = 502 184 clientNoAuthFaults = range(501,503) 185 186 badIdentifier = 401 187 badSharedKey = 402 188 clientSharedKeyFaults = range(401,403) 189 190 badB = 201 191 serverFaults = range(201,202) 192 193 badFinished = 300 194 badMAC = 301 195 badPadding = 302 196 genericFaults = range(300,303) 197 198 faultAlerts = {\ 199 badUsername: (AlertDescription.unknown_srp_username, \ 200 AlertDescription.bad_record_mac),\ 201 badPassword: (AlertDescription.bad_record_mac,),\ 202 badA: (AlertDescription.illegal_parameter,),\ 203 badIdentifier: (AlertDescription.handshake_failure,),\ 204 badSharedKey: (AlertDescription.bad_record_mac,),\ 205 badPremasterPadding: (AlertDescription.bad_record_mac,),\ 206 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ 207 badVerifyMessage: (AlertDescription.decrypt_error,),\ 208 badFinished: (AlertDescription.decrypt_error,),\ 209 badMAC: (AlertDescription.bad_record_mac,),\ 210 badPadding: (AlertDescription.bad_record_mac,) 211 } 212 213 faultNames = {\ 214 badUsername: "bad username",\ 215 badPassword: "bad password",\ 216 badA: "bad A",\ 217 badIdentifier: "bad identifier",\ 218 badSharedKey: "bad sharedkey",\ 219 badPremasterPadding: "bad premaster padding",\ 220 shortPremasterSecret: "short premaster secret",\ 221 badVerifyMessage: "bad verify message",\ 222 badFinished: "bad finished message",\ 223 badMAC: "bad MAC",\ 224 badPadding: "bad padding" 225 }