1
2
3
4
5
6
7
8
9 """Miscellaneous helper functions."""
10
11 from .utils.compat import *
12 from .utils.cryptomath import *
13 from .constants import CipherSuite
14
15 import hmac
16
17
18 goodGroupParameters = [(2,0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3),\
19 (2,0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB),\
20 (2,0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73),\
21 (2,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF),\
22 (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF),\
23 (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF),\
24 (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF)]
25
26 -def P_hash(macFunc, secret, seed, length):
27 bytes = bytearray(length)
28 A = seed
29 index = 0
30 while 1:
31 A = macFunc(secret, A)
32 output = macFunc(secret, A + seed)
33 for c in output:
34 if index >= length:
35 return bytes
36 bytes[index] = c
37 index += 1
38 return bytes
39
40 -def PRF(secret, label, seed, length):
41
42
43 S1 = secret[ : int(math.ceil(len(secret)/2.0))]
44 S2 = secret[ int(math.floor(len(secret)/2.0)) : ]
45
46
47 p_md5 = P_hash(HMAC_MD5, S1, label + seed, length)
48 p_sha1 = P_hash(HMAC_SHA1, S2, label + seed, length)
49
50
51 for x in range(length):
52 p_md5[x] ^= p_sha1[x]
53 return p_md5
54
55 -def PRF_1_2(secret, label, seed, length):
56 """Pseudo Random Function for TLS1.2 ciphers that use SHA256"""
57 return P_hash(HMAC_SHA256, secret, label + seed, length)
58
60 """Pseudo Random Function for TLS1.2 ciphers that use SHA384"""
61 return P_hash(HMAC_SHA384, secret, label + seed, length)
62
64 bytes = bytearray(length)
65 index = 0
66 for x in range(26):
67 A = bytearray([ord('A')+x] * (x+1))
68 input = secret + SHA1(A + secret + seed)
69 output = MD5(input)
70 for c in output:
71 if index >= length:
72 return bytes
73 bytes[index] = c
74 index += 1
75 return bytes
76
77 -def calcMasterSecret(version, cipherSuite, premasterSecret, clientRandom,
78 serverRandom):
79 """Derive Master Secret from premaster secret and random values"""
80 if version == (3,0):
81 masterSecret = PRF_SSL(premasterSecret,
82 clientRandom + serverRandom, 48)
83 elif version in ((3,1), (3,2)):
84 masterSecret = PRF(premasterSecret, b"master secret",
85 clientRandom + serverRandom, 48)
86 elif version == (3,3):
87 if cipherSuite in CipherSuite.sha384PrfSuites:
88 masterSecret = PRF_1_2_SHA384(premasterSecret,
89 b"master secret",
90 clientRandom + serverRandom,
91 48)
92 else:
93 masterSecret = PRF_1_2(premasterSecret,
94 b"master secret",
95 clientRandom + serverRandom,
96 48)
97 else:
98 raise AssertionError()
99 return masterSecret
100
101 -def calcFinished(version, masterSecret, cipherSuite, handshakeHashes,
102 isClient):
103 """Calculate the Handshake protocol Finished value
104
105 @param version: TLS protocol version tuple
106 @param masterSecret: negotiated master secret of the connection
107 @param cipherSuite: negotiated cipher suite of the connection,
108 @param handshakeHashes: running hash of the handshake messages
109 @param isClient: whether the calculation should be performed for message
110 sent by client (True) or by server (False) side of connection
111 """
112 assert version in ((3, 0), (3, 1), (3, 2), (3, 3))
113 if version == (3,0):
114 if isClient:
115 senderStr = b"\x43\x4C\x4E\x54"
116 else:
117 senderStr = b"\x53\x52\x56\x52"
118
119 verifyData = handshakeHashes.digestSSL(masterSecret, senderStr)
120 else:
121 if isClient:
122 label = b"client finished"
123 else:
124 label = b"server finished"
125
126 if version in ((3,1), (3,2)):
127 handshakeHash = handshakeHashes.digest()
128 verifyData = PRF(masterSecret, label, handshakeHash, 12)
129 else:
130 if cipherSuite in CipherSuite.sha384PrfSuites:
131 handshakeHash = handshakeHashes.digest('sha384')
132 verifyData = PRF_1_2_SHA384(masterSecret, label,
133 handshakeHash, 12)
134 else:
135 handshakeHash = handshakeHashes.digest('sha256')
136 verifyData = PRF_1_2(masterSecret, label, handshakeHash, 12)
137
138 return verifyData
139
140 -def makeX(salt, username, password):
141 if len(username)>=256:
142 raise ValueError("username too long")
143 if len(salt)>=256:
144 raise ValueError("salt too long")
145 innerHashResult = SHA1(username + bytearray(b":") + password)
146 outerHashResult = SHA1(salt + innerHashResult)
147 return bytesToNumber(outerHashResult)
148
149
151 bitsIndex = {1024:0, 1536:1, 2048:2, 3072:3, 4096:4, 6144:5, 8192:6}[bits]
152 g,N = goodGroupParameters[bitsIndex]
153 salt = getRandomBytes(16)
154 x = makeX(salt, username, password)
155 verifier = powMod(g, x, N)
156 return N, g, salt, verifier
157
164
167
170
172 h = hmac.HMAC(k, digestmod=digestmod)
173 h.block_size = digestmod().block_size
174 return h
175
177 mac = MAC_SSL()
178 mac.create(k, digestmod=digestmod)
179 return mac
180
181
183 - def create(self, k, digestmod=None):
184 self.digestmod = digestmod or hashlib.sha1
185 self.block_size = self.digestmod().block_size
186
187 self.digest_size = 16 if (self.digestmod is hashlib.md5) else 20
188 repeat = 40 if self.digest_size == 20 else 48
189 opad = b"\x5C" * repeat
190 ipad = b"\x36" * repeat
191
192 self.ohash = self.digestmod(k + opad)
193 self.ihash = self.digestmod(k + ipad)
194
197
199 new = MAC_SSL()
200 new.ihash = self.ihash.copy()
201 new.ohash = self.ohash.copy()
202 new.digestmod = self.digestmod
203 new.digest_size = self.digest_size
204 new.block_size = self.block_size
205 return new
206
211