Package tlslite :: Module handshakehashes
[hide private]
[frames] | no frames]

Source Code for Module tlslite.handshakehashes

  1  # Copyright (c) 2015, Hubert Kario 
  2  # 
  3  # See the LICENSE file for legal information regarding use of this file. 
  4  """Handling cryptographic hashes for handshake protocol""" 
  5   
  6  from .utils.compat import compat26Str, compatHMAC 
  7  from .utils.cryptomath import MD5, SHA1 
  8  import hashlib 
  9   
10 -class HandshakeHashes(object):
11 12 """ 13 Store and calculate necessary hashes for handshake protocol 14 15 Calculates message digests of messages exchanged in handshake protocol 16 of SSLv3 and TLS. 17 """ 18
19 - def __init__(self):
20 """Create instance""" 21 self._handshakeMD5 = hashlib.md5() 22 self._handshakeSHA = hashlib.sha1() 23 self._handshakeSHA256 = hashlib.sha256() 24 self._handshakeSHA384 = hashlib.sha384()
25
26 - def update(self, data):
27 """ 28 Add L{data} to hash input. 29 30 @type data: bytearray 31 @param data: serialized TLS handshake message 32 """ 33 text = compat26Str(data) 34 self._handshakeMD5.update(text) 35 self._handshakeSHA.update(text) 36 self._handshakeSHA256.update(text) 37 self._handshakeSHA384.update(text)
38
39 - def digest(self, digest=None):
40 """ 41 Calculate and return digest for the already consumed data. 42 43 Used for Finished and CertificateVerify messages. 44 45 @type digest: str 46 @param digest: name of digest to return 47 """ 48 if digest is None: 49 return self._handshakeMD5.digest() + self._handshakeSHA.digest() 50 elif digest == 'md5': 51 return self._handshakeMD5.digest() 52 elif digest == 'sha1': 53 return self._handshakeSHA.digest() 54 elif digest == 'sha256': 55 return self._handshakeSHA256.digest() 56 elif digest == 'sha384': 57 return self._handshakeSHA384.digest() 58 else: 59 raise ValueError("Unknown digest name")
60
61 - def digestSSL(self, masterSecret, label):
62 """ 63 Calculate and return digest for already consumed data (SSLv3 version) 64 65 Used for Finished and CertificateVerify messages. 66 67 @type masterSecret: bytearray 68 @param masterSecret: value of the master secret 69 @type label: bytearray 70 @param label: label to include in the calculation 71 """ 72 #pylint: disable=maybe-no-member 73 imacMD5 = self._handshakeMD5.copy() 74 imacSHA = self._handshakeSHA.copy() 75 #pylint: enable=maybe-no-member 76 77 # the below difference in input for MD5 and SHA-1 is why we can't reuse 78 # digest() method 79 imacMD5.update(compatHMAC(label + masterSecret + bytearray([0x36]*48))) 80 imacSHA.update(compatHMAC(label + masterSecret + bytearray([0x36]*40))) 81 82 md5Bytes = MD5(masterSecret + bytearray([0x5c]*48) + \ 83 bytearray(imacMD5.digest())) 84 shaBytes = SHA1(masterSecret + bytearray([0x5c]*40) + \ 85 bytearray(imacSHA.digest())) 86 87 return md5Bytes + shaBytes
88 89 #pylint: disable=protected-access, maybe-no-member
90 - def copy(self):
91 """ 92 Copy object 93 94 Return a copy of the object with all the hashes in the same state 95 as the source object. 96 97 @rtype: HandshakeHashes 98 """ 99 other = HandshakeHashes() 100 other._handshakeMD5 = self._handshakeMD5.copy() 101 other._handshakeSHA = self._handshakeSHA.copy() 102 other._handshakeSHA256 = self._handshakeSHA256.copy() 103 other._handshakeSHA384 = self._handshakeSHA384.copy() 104 return other
105