Package tlslite :: Module mathtls
[hide private]
[frames] | no frames]

Source Code for Module tlslite.mathtls

  1  # Authors:  
  2  #   Trevor Perrin 
  3  #   Dave Baggett (Arcode Corporation) - MD5 support for MAC_SSL 
  4  #   Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 
  5  #   Hubert Kario - SHA384 PRF 
  6  # 
  7  # See the LICENSE file for legal information regarding use of this file. 
  8   
  9  """Miscellaneous helper functions.""" 
 10   
 11  from .utils.compat import * 
 12  from .utils.cryptomath import * 
 13  from .constants import CipherSuite 
 14   
 15  import hmac 
 16   
 17  #1024, 1536, 2048, 3072, 4096, 6144, and 8192 bit groups] 
 18  goodGroupParameters = [(2,0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3),\ 
 19                         (2,0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB),\ 
 20                         (2,0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73),\ 
 21                         (2,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF),\ 
 22                         (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF),\ 
 23                         (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF),\ 
 24                         (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF)] 
 25   
26 -def P_hash(macFunc, secret, seed, length):
27 bytes = bytearray(length) 28 A = seed 29 index = 0 30 while 1: 31 A = macFunc(secret, A) 32 output = macFunc(secret, A + seed) 33 for c in output: 34 if index >= length: 35 return bytes 36 bytes[index] = c 37 index += 1 38 return bytes
39
40 -def PRF(secret, label, seed, length):
41 #Split the secret into left and right halves 42 # which may share a byte if len is odd 43 S1 = secret[ : int(math.ceil(len(secret)/2.0))] 44 S2 = secret[ int(math.floor(len(secret)/2.0)) : ] 45 46 #Run the left half through P_MD5 and the right half through P_SHA1 47 p_md5 = P_hash(HMAC_MD5, S1, label + seed, length) 48 p_sha1 = P_hash(HMAC_SHA1, S2, label + seed, length) 49 50 #XOR the output values and return the result 51 for x in range(length): 52 p_md5[x] ^= p_sha1[x] 53 return p_md5
54
55 -def PRF_1_2(secret, label, seed, length):
56 """Pseudo Random Function for TLS1.2 ciphers that use SHA256""" 57 return P_hash(HMAC_SHA256, secret, label + seed, length)
58
59 -def PRF_1_2_SHA384(secret, label, seed, length):
60 """Pseudo Random Function for TLS1.2 ciphers that use SHA384""" 61 return P_hash(HMAC_SHA384, secret, label + seed, length)
62
63 -def PRF_SSL(secret, seed, length):
64 bytes = bytearray(length) 65 index = 0 66 for x in range(26): 67 A = bytearray([ord('A')+x] * (x+1)) # 'A', 'BB', 'CCC', etc.. 68 input = secret + SHA1(A + secret + seed) 69 output = MD5(input) 70 for c in output: 71 if index >= length: 72 return bytes 73 bytes[index] = c 74 index += 1 75 return bytes
76
77 -def calcMasterSecret(version, cipherSuite, premasterSecret, clientRandom, 78 serverRandom):
79 """Derive Master Secret from premaster secret and random values""" 80 if version == (3,0): 81 masterSecret = PRF_SSL(premasterSecret, 82 clientRandom + serverRandom, 48) 83 elif version in ((3,1), (3,2)): 84 masterSecret = PRF(premasterSecret, b"master secret", 85 clientRandom + serverRandom, 48) 86 elif version == (3,3): 87 if cipherSuite in CipherSuite.sha384PrfSuites: 88 masterSecret = PRF_1_2_SHA384(premasterSecret, 89 b"master secret", 90 clientRandom + serverRandom, 91 48) 92 else: 93 masterSecret = PRF_1_2(premasterSecret, 94 b"master secret", 95 clientRandom + serverRandom, 96 48) 97 else: 98 raise AssertionError() 99 return masterSecret
100 101
102 -def makeX(salt, username, password):
103 if len(username)>=256: 104 raise ValueError("username too long") 105 if len(salt)>=256: 106 raise ValueError("salt too long") 107 innerHashResult = SHA1(username + bytearray(b":") + password) 108 outerHashResult = SHA1(salt + innerHashResult) 109 return bytesToNumber(outerHashResult)
110 111 #This function is used by VerifierDB.makeVerifier
112 -def makeVerifier(username, password, bits):
113 bitsIndex = {1024:0, 1536:1, 2048:2, 3072:3, 4096:4, 6144:5, 8192:6}[bits] 114 g,N = goodGroupParameters[bitsIndex] 115 salt = getRandomBytes(16) 116 x = makeX(salt, username, password) 117 verifier = powMod(g, x, N) 118 return N, g, salt, verifier
119
120 -def PAD(n, x):
121 nLength = len(numberToByteArray(n)) 122 b = numberToByteArray(x) 123 if len(b) < nLength: 124 b = (b"\0" * (nLength-len(b))) + b 125 return b
126
127 -def makeU(N, A, B):
128 return bytesToNumber(SHA1(PAD(N, A) + PAD(N, B)))
129
130 -def makeK(N, g):
131 return bytesToNumber(SHA1(numberToByteArray(N) + PAD(N, g)))
132
133 -def createHMAC(k, digestmod=hashlib.sha1):
134 h = hmac.HMAC(k, digestmod=digestmod) 135 h.block_size = digestmod().block_size 136 return h
137
138 -def createMAC_SSL(k, digestmod=None):
139 mac = MAC_SSL() 140 mac.create(k, digestmod=digestmod) 141 return mac
142 143
144 -class MAC_SSL(object):
145 - def create(self, k, digestmod=None):
146 self.digestmod = digestmod or hashlib.sha1 147 self.block_size = self.digestmod().block_size 148 # Repeat pad bytes 48 times for MD5; 40 times for other hash functions. 149 self.digest_size = 16 if (self.digestmod is hashlib.md5) else 20 150 repeat = 40 if self.digest_size == 20 else 48 151 opad = b"\x5C" * repeat 152 ipad = b"\x36" * repeat 153 154 self.ohash = self.digestmod(k + opad) 155 self.ihash = self.digestmod(k + ipad)
156
157 - def update(self, m):
158 self.ihash.update(m)
159
160 - def copy(self):
161 new = MAC_SSL() 162 new.ihash = self.ihash.copy() 163 new.ohash = self.ohash.copy() 164 new.digestmod = self.digestmod 165 new.digest_size = self.digest_size 166 new.block_size = self.block_size 167 return new
168
169 - def digest(self):
170 ohash2 = self.ohash.copy() 171 ohash2.update(self.ihash.digest()) 172 return bytearray(ohash2.digest())
173