/gdata/tlslite/constants.py

http://radioappz.googlecode.com/ · Python · 225 lines · 153 code · 11 blank · 61 comment · 7 complexity · fa4fe78b4a02da37a20f6e180cfb987b MD5 · raw file

  1. """Constants used in various places."""
  2. class CertificateType:
  3. x509 = 0
  4. openpgp = 1
  5. cryptoID = 2
  6. class HandshakeType:
  7. hello_request = 0
  8. client_hello = 1
  9. server_hello = 2
  10. certificate = 11
  11. server_key_exchange = 12
  12. certificate_request = 13
  13. server_hello_done = 14
  14. certificate_verify = 15
  15. client_key_exchange = 16
  16. finished = 20
  17. class ContentType:
  18. change_cipher_spec = 20
  19. alert = 21
  20. handshake = 22
  21. application_data = 23
  22. all = (20,21,22,23)
  23. class AlertLevel:
  24. warning = 1
  25. fatal = 2
  26. class AlertDescription:
  27. """
  28. @cvar bad_record_mac: A TLS record failed to decrypt properly.
  29. If this occurs during a shared-key or SRP handshake it most likely
  30. indicates a bad password. It may also indicate an implementation
  31. error, or some tampering with the data in transit.
  32. This alert will be signalled by the server if the SRP password is bad. It
  33. may also be signalled by the server if the SRP username is unknown to the
  34. server, but it doesn't wish to reveal that fact.
  35. This alert will be signalled by the client if the shared-key username is
  36. bad.
  37. @cvar handshake_failure: A problem occurred while handshaking.
  38. This typically indicates a lack of common ciphersuites between client and
  39. server, or some other disagreement (about SRP parameters or key sizes,
  40. for example).
  41. @cvar protocol_version: The other party's SSL/TLS version was unacceptable.
  42. This indicates that the client and server couldn't agree on which version
  43. of SSL or TLS to use.
  44. @cvar user_canceled: The handshake is being cancelled for some reason.
  45. """
  46. close_notify = 0
  47. unexpected_message = 10
  48. bad_record_mac = 20
  49. decryption_failed = 21
  50. record_overflow = 22
  51. decompression_failure = 30
  52. handshake_failure = 40
  53. no_certificate = 41 #SSLv3
  54. bad_certificate = 42
  55. unsupported_certificate = 43
  56. certificate_revoked = 44
  57. certificate_expired = 45
  58. certificate_unknown = 46
  59. illegal_parameter = 47
  60. unknown_ca = 48
  61. access_denied = 49
  62. decode_error = 50
  63. decrypt_error = 51
  64. export_restriction = 60
  65. protocol_version = 70
  66. insufficient_security = 71
  67. internal_error = 80
  68. user_canceled = 90
  69. no_renegotiation = 100
  70. unknown_srp_username = 120
  71. missing_srp_username = 121
  72. untrusted_srp_parameters = 122
  73. class CipherSuite:
  74. TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0x0050
  75. TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0053
  76. TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0056
  77. TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0051
  78. TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0054
  79. TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0057
  80. TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A
  81. TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F
  82. TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035
  83. TLS_RSA_WITH_RC4_128_SHA = 0x0005
  84. srpSuites = []
  85. srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
  86. srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
  87. srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
  88. def getSrpSuites(ciphers):
  89. suites = []
  90. for cipher in ciphers:
  91. if cipher == "aes128":
  92. suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
  93. elif cipher == "aes256":
  94. suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
  95. elif cipher == "3des":
  96. suites.append(CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
  97. return suites
  98. getSrpSuites = staticmethod(getSrpSuites)
  99. srpRsaSuites = []
  100. srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
  101. srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
  102. srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
  103. def getSrpRsaSuites(ciphers):
  104. suites = []
  105. for cipher in ciphers:
  106. if cipher == "aes128":
  107. suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
  108. elif cipher == "aes256":
  109. suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
  110. elif cipher == "3des":
  111. suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
  112. return suites
  113. getSrpRsaSuites = staticmethod(getSrpRsaSuites)
  114. rsaSuites = []
  115. rsaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
  116. rsaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
  117. rsaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
  118. rsaSuites.append(TLS_RSA_WITH_RC4_128_SHA)
  119. def getRsaSuites(ciphers):
  120. suites = []
  121. for cipher in ciphers:
  122. if cipher == "aes128":
  123. suites.append(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA)
  124. elif cipher == "aes256":
  125. suites.append(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
  126. elif cipher == "rc4":
  127. suites.append(CipherSuite.TLS_RSA_WITH_RC4_128_SHA)
  128. elif cipher == "3des":
  129. suites.append(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA)
  130. return suites
  131. getRsaSuites = staticmethod(getRsaSuites)
  132. tripleDESSuites = []
  133. tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
  134. tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
  135. tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
  136. aes128Suites = []
  137. aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
  138. aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
  139. aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
  140. aes256Suites = []
  141. aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
  142. aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
  143. aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
  144. rc4Suites = []
  145. rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA)
  146. class Fault:
  147. badUsername = 101
  148. badPassword = 102
  149. badA = 103
  150. clientSrpFaults = range(101,104)
  151. badVerifyMessage = 601
  152. clientCertFaults = range(601,602)
  153. badPremasterPadding = 501
  154. shortPremasterSecret = 502
  155. clientNoAuthFaults = range(501,503)
  156. badIdentifier = 401
  157. badSharedKey = 402
  158. clientSharedKeyFaults = range(401,403)
  159. badB = 201
  160. serverFaults = range(201,202)
  161. badFinished = 300
  162. badMAC = 301
  163. badPadding = 302
  164. genericFaults = range(300,303)
  165. faultAlerts = {\
  166. badUsername: (AlertDescription.unknown_srp_username, \
  167. AlertDescription.bad_record_mac),\
  168. badPassword: (AlertDescription.bad_record_mac,),\
  169. badA: (AlertDescription.illegal_parameter,),\
  170. badIdentifier: (AlertDescription.handshake_failure,),\
  171. badSharedKey: (AlertDescription.bad_record_mac,),\
  172. badPremasterPadding: (AlertDescription.bad_record_mac,),\
  173. shortPremasterSecret: (AlertDescription.bad_record_mac,),\
  174. badVerifyMessage: (AlertDescription.decrypt_error,),\
  175. badFinished: (AlertDescription.decrypt_error,),\
  176. badMAC: (AlertDescription.bad_record_mac,),\
  177. badPadding: (AlertDescription.bad_record_mac,)
  178. }
  179. faultNames = {\
  180. badUsername: "bad username",\
  181. badPassword: "bad password",\
  182. badA: "bad A",\
  183. badIdentifier: "bad identifier",\
  184. badSharedKey: "bad sharedkey",\
  185. badPremasterPadding: "bad premaster padding",\
  186. shortPremasterSecret: "short premaster secret",\
  187. badVerifyMessage: "bad verify message",\
  188. badFinished: "bad finished message",\
  189. badMAC: "bad MAC",\
  190. badPadding: "bad padding"
  191. }