Package tlslite :: Module mathtls
[hide private]
[frames] | no frames]

Source Code for Module tlslite.mathtls

  1  # Authors:  
  2  #   Trevor Perrin 
  3  #   Dave Baggett (Arcode Corporation) - MD5 support for MAC_SSL 
  4  #   Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 
  5  #   Hubert Kario - SHA384 PRF 
  6  # 
  7  # See the LICENSE file for legal information regarding use of this file. 
  8   
  9  """Miscellaneous helper functions.""" 
 10   
 11  from .utils.compat import * 
 12  from .utils.cryptomath import * 
 13  from .constants import CipherSuite 
 14   
 15  import hmac 
 16   
 17  #1024, 1536, 2048, 3072, 4096, 6144, and 8192 bit groups] 
 18  goodGroupParameters = [(2,0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3),\ 
 19                         (2,0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB),\ 
 20                         (2,0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73),\ 
 21                         (2,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF),\ 
 22                         (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF),\ 
 23                         (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF),\ 
 24                         (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF)] 
 25   
26 -def P_hash(macFunc, secret, seed, length):
27 bytes = bytearray(length) 28 A = seed 29 index = 0 30 while 1: 31 A = macFunc(secret, A) 32 output = macFunc(secret, A + seed) 33 for c in output: 34 if index >= length: 35 return bytes 36 bytes[index] = c 37 index += 1 38 return bytes
39
40 -def PRF(secret, label, seed, length):
41 #Split the secret into left and right halves 42 # which may share a byte if len is odd 43 S1 = secret[ : int(math.ceil(len(secret)/2.0))] 44 S2 = secret[ int(math.floor(len(secret)/2.0)) : ] 45 46 #Run the left half through P_MD5 and the right half through P_SHA1 47 p_md5 = P_hash(HMAC_MD5, S1, label + seed, length) 48 p_sha1 = P_hash(HMAC_SHA1, S2, label + seed, length) 49 50 #XOR the output values and return the result 51 for x in range(length): 52 p_md5[x] ^= p_sha1[x] 53 return p_md5
54
55 -def PRF_1_2(secret, label, seed, length):
56 """Pseudo Random Function for TLS1.2 ciphers that use SHA256""" 57 return P_hash(HMAC_SHA256, secret, label + seed, length)
58
59 -def PRF_1_2_SHA384(secret, label, seed, length):
60 """Pseudo Random Function for TLS1.2 ciphers that use SHA384""" 61 return P_hash(HMAC_SHA384, secret, label + seed, length)
62
63 -def PRF_SSL(secret, seed, length):
64 bytes = bytearray(length) 65 index = 0 66 for x in range(26): 67 A = bytearray([ord('A')+x] * (x+1)) # 'A', 'BB', 'CCC', etc.. 68 input = secret + SHA1(A + secret + seed) 69 output = MD5(input) 70 for c in output: 71 if index >= length: 72 return bytes 73 bytes[index] = c 74 index += 1 75 return bytes
76
77 -def calcMasterSecret(version, cipherSuite, premasterSecret, clientRandom, 78 serverRandom):
79 """Derive Master Secret from premaster secret and random values""" 80 if version == (3,0): 81 masterSecret = PRF_SSL(premasterSecret, 82 clientRandom + serverRandom, 48) 83 elif version in ((3,1), (3,2)): 84 masterSecret = PRF(premasterSecret, b"master secret", 85 clientRandom + serverRandom, 48) 86 elif version == (3,3): 87 if cipherSuite in CipherSuite.sha384PrfSuites: 88 masterSecret = PRF_1_2_SHA384(premasterSecret, 89 b"master secret", 90 clientRandom + serverRandom, 91 48) 92 else: 93 masterSecret = PRF_1_2(premasterSecret, 94 b"master secret", 95 clientRandom + serverRandom, 96 48) 97 else: 98 raise AssertionError() 99 return masterSecret
100
101 -def calcFinished(version, masterSecret, cipherSuite, handshakeHashes, 102 isClient):
103 """Calculate the Handshake protocol Finished value 104 105 @param version: TLS protocol version tuple 106 @param masterSecret: negotiated master secret of the connection 107 @param cipherSuite: negotiated cipher suite of the connection, 108 @param handshakeHashes: running hash of the handshake messages 109 @param isClient: whether the calculation should be performed for message 110 sent by client (True) or by server (False) side of connection 111 """ 112 assert version in ((3, 0), (3, 1), (3, 2), (3, 3)) 113 if version == (3,0): 114 if isClient: 115 senderStr = b"\x43\x4C\x4E\x54" 116 else: 117 senderStr = b"\x53\x52\x56\x52" 118 119 verifyData = handshakeHashes.digestSSL(masterSecret, senderStr) 120 else: 121 if isClient: 122 label = b"client finished" 123 else: 124 label = b"server finished" 125 126 if version in ((3,1), (3,2)): 127 handshakeHash = handshakeHashes.digest() 128 verifyData = PRF(masterSecret, label, handshakeHash, 12) 129 else: # version == (3,3): 130 if cipherSuite in CipherSuite.sha384PrfSuites: 131 handshakeHash = handshakeHashes.digest('sha384') 132 verifyData = PRF_1_2_SHA384(masterSecret, label, 133 handshakeHash, 12) 134 else: 135 handshakeHash = handshakeHashes.digest('sha256') 136 verifyData = PRF_1_2(masterSecret, label, handshakeHash, 12) 137 138 return verifyData
139
140 -def makeX(salt, username, password):
141 if len(username)>=256: 142 raise ValueError("username too long") 143 if len(salt)>=256: 144 raise ValueError("salt too long") 145 innerHashResult = SHA1(username + bytearray(b":") + password) 146 outerHashResult = SHA1(salt + innerHashResult) 147 return bytesToNumber(outerHashResult)
148 149 #This function is used by VerifierDB.makeVerifier
150 -def makeVerifier(username, password, bits):
151 bitsIndex = {1024:0, 1536:1, 2048:2, 3072:3, 4096:4, 6144:5, 8192:6}[bits] 152 g,N = goodGroupParameters[bitsIndex] 153 salt = getRandomBytes(16) 154 x = makeX(salt, username, password) 155 verifier = powMod(g, x, N) 156 return N, g, salt, verifier
157
158 -def PAD(n, x):
159 nLength = len(numberToByteArray(n)) 160 b = numberToByteArray(x) 161 if len(b) < nLength: 162 b = (b"\0" * (nLength-len(b))) + b 163 return b
164
165 -def makeU(N, A, B):
166 return bytesToNumber(SHA1(PAD(N, A) + PAD(N, B)))
167
168 -def makeK(N, g):
169 return bytesToNumber(SHA1(numberToByteArray(N) + PAD(N, g)))
170
171 -def createHMAC(k, digestmod=hashlib.sha1):
172 h = hmac.HMAC(k, digestmod=digestmod) 173 h.block_size = digestmod().block_size 174 return h
175
176 -def createMAC_SSL(k, digestmod=None):
177 mac = MAC_SSL() 178 mac.create(k, digestmod=digestmod) 179 return mac
180 181
182 -class MAC_SSL(object):
183 - def create(self, k, digestmod=None):
184 self.digestmod = digestmod or hashlib.sha1 185 self.block_size = self.digestmod().block_size 186 # Repeat pad bytes 48 times for MD5; 40 times for other hash functions. 187 self.digest_size = 16 if (self.digestmod is hashlib.md5) else 20 188 repeat = 40 if self.digest_size == 20 else 48 189 opad = b"\x5C" * repeat 190 ipad = b"\x36" * repeat 191 192 self.ohash = self.digestmod(k + opad) 193 self.ihash = self.digestmod(k + ipad)
194
195 - def update(self, m):
196 self.ihash.update(m)
197
198 - def copy(self):
199 new = MAC_SSL() 200 new.ihash = self.ihash.copy() 201 new.ohash = self.ohash.copy() 202 new.digestmod = self.digestmod 203 new.digest_size = self.digest_size 204 new.block_size = self.block_size 205 return new
206
207 - def digest(self):
208 ohash2 = self.ohash.copy() 209 ohash2.update(self.ihash.digest()) 210 return bytearray(ohash2.digest())
211