├── .checkignore
├── .codeclimate.yml
├── .github
└── workflows
│ └── ci.yml
├── .gitignore
├── .landscape.yaml
├── .pep257
├── .readthedocs.yaml
├── .travis.yml
├── CONTRIBUTING.md
├── LICENSE
├── MANIFEST.in
├── Makefile
├── README
├── README.md
├── SECURITY.md
├── build-requirements-2.6.txt
├── build-requirements-2.7.txt
├── build-requirements-3.3.txt
├── build-requirements-3.4.txt
├── build-requirements.txt
├── docs
├── Makefile
├── conf.py
├── index.rst
├── make.bat
├── modules.rst
├── requirements.txt
├── tlslite.api.rst
├── tlslite.basedb.rst
├── tlslite.bufferedsocket.rst
├── tlslite.checker.rst
├── tlslite.constants.rst
├── tlslite.defragmenter.rst
├── tlslite.dh.rst
├── tlslite.errors.rst
├── tlslite.extensions.rst
├── tlslite.handshakehashes.rst
├── tlslite.handshakehelpers.rst
├── tlslite.handshakesettings.rst
├── tlslite.integration.asyncstatemachine.rst
├── tlslite.integration.clienthelper.rst
├── tlslite.integration.httptlsconnection.rst
├── tlslite.integration.imap4_tls.rst
├── tlslite.integration.pop3_tls.rst
├── tlslite.integration.rst
├── tlslite.integration.smtp_tls.rst
├── tlslite.integration.tlsasyncdispatchermixin.rst
├── tlslite.integration.tlsasynciodispatchermixin
├── tlslite.integration.tlssocketservermixin.rst
├── tlslite.integration.xmlrpcserver.rst
├── tlslite.integration.xmlrpctransport.rst
├── tlslite.keyexchange.rst
├── tlslite.mathtls.rst
├── tlslite.messages.rst
├── tlslite.messagesocket.rst
├── tlslite.recordlayer.rst
├── tlslite.rst
├── tlslite.session.rst
├── tlslite.sessioncache.rst
├── tlslite.tlsconnection.rst
├── tlslite.tlsrecordlayer.rst
├── tlslite.utils.aes.rst
├── tlslite.utils.aesgcm.rst
├── tlslite.utils.asn1parser.rst
├── tlslite.utils.chacha.rst
├── tlslite.utils.chacha20_poly1305.rst
├── tlslite.utils.cipherfactory.rst
├── tlslite.utils.codec.rst
├── tlslite.utils.compat.rst
├── tlslite.utils.constanttime.rst
├── tlslite.utils.cryptomath.rst
├── tlslite.utils.datefuncs.rst
├── tlslite.utils.deprecations.rst
├── tlslite.utils.dns_utils.rst
├── tlslite.utils.ecc.rst
├── tlslite.utils.ecdsakey.rst
├── tlslite.utils.keyfactory.rst
├── tlslite.utils.lists.rst
├── tlslite.utils.openssl_aes.rst
├── tlslite.utils.openssl_rc4.rst
├── tlslite.utils.openssl_rsakey.rst
├── tlslite.utils.openssl_tripledes.rst
├── tlslite.utils.pem.rst
├── tlslite.utils.poly1305.rst
├── tlslite.utils.pycrypto_aes.rst
├── tlslite.utils.pycrypto_aesgcm.rst
├── tlslite.utils.pycrypto_rc4.rst
├── tlslite.utils.pycrypto_rsakey.rst
├── tlslite.utils.pycrypto_tripledes.rst
├── tlslite.utils.python_aes.rst
├── tlslite.utils.python_aesgcm.rst
├── tlslite.utils.python_chacha20_poly1305.rst
├── tlslite.utils.python_rc4.rst
├── tlslite.utils.python_rsakey.rst
├── tlslite.utils.rc4.rst
├── tlslite.utils.rijndael.rst
├── tlslite.utils.rsakey.rst
├── tlslite.utils.rst
├── tlslite.utils.tackwrapper.rst
├── tlslite.utils.tlshashlib.rst
├── tlslite.utils.tripledes.rst
├── tlslite.utils.x25519.rst
├── tlslite.verifierdb.rst
├── tlslite.x509.rst
└── tlslite.x509certchain.rst
├── pylintrc
├── requirements.txt
├── scripts
├── speed.py
├── tls.py
└── tlsdb.py
├── setup.py
├── tests
├── TACK1.pem
├── TACK2.pem
├── TACK_Key1.pem
├── TACK_Key2.pem
├── TACKs.pem
├── TACKunrelated.pem
├── clientDSACert.pem
├── clientDSAKey.pem
├── clientECCert.pem
├── clientECKey.pem
├── clientEd25519Cert.pem
├── clientEd25519Key.pem
├── clientX509Cert.pem
├── clientX509Key.pem
├── httpsclient.py
├── httpsserver.sh
├── index.html
├── serverBrainpoolP256r1ECCert.pem
├── serverBrainpoolP256r1ECKey.pem
├── serverBrainpoolP384r1ECCert.pem
├── serverBrainpoolP384r1ECKey.pem
├── serverBrainpoolP512r1ECCert.pem
├── serverBrainpoolP512r1ECKey.pem
├── serverDSACert.pem
├── serverDSAKey.pem
├── serverECCert.pem
├── serverECDSANonCACert.pem
├── serverECDSANonCAKey.pem
├── serverECKey.pem
├── serverEd25519Cert.pem
├── serverEd25519Key.pem
├── serverEd448Cert.pem
├── serverEd448Key.pem
├── serverP384ECCert.pem
├── serverP384ECKey.pem
├── serverP521ECCert.pem
├── serverP521ECKey.pem
├── serverRSANonCACert.pem
├── serverRSANonCAKey.pem
├── serverRSAPSSCert.pem
├── serverRSAPSSKey.pem
├── serverRSAPSSSigCert.pem
├── serverRSAPSSSigKey.pem
├── serverX509Cert.pem
├── serverX509Key.pem
├── tlstest.py
└── verifierDB
├── tlslite
├── __init__.py
├── api.py
├── basedb.py
├── bufferedsocket.py
├── checker.py
├── constants.py
├── defragmenter.py
├── dh.py
├── errors.py
├── extensions.py
├── handshakehashes.py
├── handshakehelpers.py
├── handshakesettings.py
├── integration
│ ├── __init__.py
│ ├── asyncstatemachine.py
│ ├── clienthelper.py
│ ├── httptlsconnection.py
│ ├── imap4_tls.py
│ ├── pop3_tls.py
│ ├── smtp_tls.py
│ ├── tlsasyncdispatchermixin.py
│ ├── tlsasynciodispatchermixin.py
│ ├── tlssocketservermixin.py
│ ├── xmlrpcserver.py
│ └── xmlrpctransport.py
├── keyexchange.py
├── mathtls.py
├── messages.py
├── messagesocket.py
├── ocsp.py
├── recordlayer.py
├── session.py
├── sessioncache.py
├── signed.py
├── tlsconnection.py
├── tlsrecordlayer.py
├── utils
│ ├── __init__.py
│ ├── aes.py
│ ├── aesccm.py
│ ├── aesgcm.py
│ ├── asn1parser.py
│ ├── brotlidecpy
│ │ ├── LICENCE
│ │ ├── __init__.py
│ │ ├── bit_reader.py
│ │ ├── brotli-dict
│ │ ├── context.py
│ │ ├── decode.py
│ │ ├── dictionary.py
│ │ ├── huffman.py
│ │ ├── prefix.py
│ │ └── transform.py
│ ├── chacha.py
│ ├── chacha20_poly1305.py
│ ├── cipherfactory.py
│ ├── codec.py
│ ├── compat.py
│ ├── compression.py
│ ├── constanttime.py
│ ├── cryptomath.py
│ ├── datefuncs.py
│ ├── deprecations.py
│ ├── dns_utils.py
│ ├── dsakey.py
│ ├── ecc.py
│ ├── ecdsakey.py
│ ├── eddsakey.py
│ ├── format_output.py
│ ├── keyfactory.py
│ ├── lists.py
│ ├── openssl_aes.py
│ ├── openssl_aesccm.py
│ ├── openssl_aesgcm.py
│ ├── openssl_rc4.py
│ ├── openssl_rsakey.py
│ ├── openssl_tripledes.py
│ ├── pem.py
│ ├── poly1305.py
│ ├── pycrypto_aes.py
│ ├── pycrypto_aesgcm.py
│ ├── pycrypto_rc4.py
│ ├── pycrypto_rsakey.py
│ ├── pycrypto_tripledes.py
│ ├── python_aes.py
│ ├── python_aesccm.py
│ ├── python_aesgcm.py
│ ├── python_chacha20_poly1305.py
│ ├── python_dsakey.py
│ ├── python_ecdsakey.py
│ ├── python_eddsakey.py
│ ├── python_key.py
│ ├── python_rc4.py
│ ├── python_rsakey.py
│ ├── python_tripledes.py
│ ├── rc4.py
│ ├── rijndael.py
│ ├── rsakey.py
│ ├── tackwrapper.py
│ ├── tlshashlib.py
│ ├── tlshmac.py
│ ├── tripledes.py
│ └── x25519.py
├── verifierdb.py
├── x509.py
└── x509certchain.py
└── unit_tests
├── __init__.py
├── mocksock.py
├── test_tls1_3_vectors.py
├── test_tlslite_bufferedsocket.py
├── test_tlslite_constants.py
├── test_tlslite_defragmenter.py
├── test_tlslite_dh.py
├── test_tlslite_extensions.py
├── test_tlslite_handshakehashes.py
├── test_tlslite_handshakehelpers.py
├── test_tlslite_handshakesettings.py
├── test_tlslite_integration_tlsasynciodispatchermixin.py
├── test_tlslite_keyexchange.py
├── test_tlslite_mathtls.py
├── test_tlslite_messages.py
├── test_tlslite_messagesocket.py
├── test_tlslite_ocsp.py
├── test_tlslite_recordlayer.py
├── test_tlslite_session.py
├── test_tlslite_sessioncache.py
├── test_tlslite_signed.py
├── test_tlslite_tlsconnection.py
├── test_tlslite_tlsrecordlayer.py
├── test_tlslite_utils_aes_split.py
├── test_tlslite_utils_aescbc.py
├── test_tlslite_utils_aesccm.py
├── test_tlslite_utils_aesctr.py
├── test_tlslite_utils_aesgcm.py
├── test_tlslite_utils_asn1.py
├── test_tlslite_utils_chacha.py
├── test_tlslite_utils_chacha20_poly1305.py
├── test_tlslite_utils_codec.py
├── test_tlslite_utils_compat.py
├── test_tlslite_utils_compression.py
├── test_tlslite_utils_constanttime.py
├── test_tlslite_utils_cryptomath.py
├── test_tlslite_utils_cryptomath_m2crypto.py
├── test_tlslite_utils_deprecations.py
├── test_tlslite_utils_dns_utils.py
├── test_tlslite_utils_ecc.py
├── test_tlslite_utils_ecdsakey.py
├── test_tlslite_utils_keyfactory.py
├── test_tlslite_utils_lists.py
├── test_tlslite_utils_poly1305.py
├── test_tlslite_utils_python_dsakey.py
├── test_tlslite_utils_python_ecdsakey.py
├── test_tlslite_utils_python_key.py
├── test_tlslite_utils_rijndael.py
├── test_tlslite_utils_rsakey.py
├── test_tlslite_utils_tlshashlib.py
├── test_tlslite_utils_tripledes.py
├── test_tlslite_utils_tripledes_split.py
├── test_tlslite_utils_x25519.py
└── test_tlslite_x509.py
/.checkignore:
--------------------------------------------------------------------------------
1 | scripts/**
2 | tests/**
3 | unit_tests/**
4 |
--------------------------------------------------------------------------------
/.codeclimate.yml:
--------------------------------------------------------------------------------
1 | engines:
2 | radon:
3 | enabled: true
4 | config:
5 | threshold: "C"
6 | pep8:
7 | enabled: true
8 | duplication:
9 | enabled: true
10 | exclude_fingerprints:
11 | # duplication in tlslite/utils/codec.py Writer.addTwo() .addFour()
12 | - 2e783666ce368f4223c1e7f5b162e2d9
13 | - 2c398389f33ea2572edefc5370ed49c0
14 | config:
15 | languages:
16 | python:
17 | python_version: 3
18 | mass_threshold: 35
19 | fixme:
20 | enabled: true
21 | config:
22 | strings:
23 | - TODO
24 | - FIXME
25 | - HACK
26 | - BUG
27 | checks:
28 | bug:
29 | enabled: true
30 | markdownlint:
31 | enabled: true
32 | ratings:
33 | paths:
34 | - "tlslite/**"
35 | - "**.py"
36 | exclude_paths:
37 | - "tests/**/*"
38 | - "scripts/**/*"
39 | - "unit_tests/**/*"
40 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *venv*
2 | *.pyc
3 | .project
4 | .pydevproject
5 | .settings
6 | .coverage
7 | .hypothesis
8 | coverage.xml
9 | pylint_report.txt
10 | build/
11 | docs/_build/
12 | htmlcov/
--------------------------------------------------------------------------------
/.landscape.yaml:
--------------------------------------------------------------------------------
1 | doc-warnings: true
2 |
3 | test-warnings: false
4 |
5 | strictness: medium
6 |
7 | max-line-length: 80
8 |
9 | ignore-paths:
10 | - tests
11 | - unit_tests
12 | - scripts
13 |
14 | pep257:
15 | disable:
16 | - D203
17 |
--------------------------------------------------------------------------------
/.pep257:
--------------------------------------------------------------------------------
1 | [pep257]
2 |
3 | add-ignore = D203
4 |
--------------------------------------------------------------------------------
/.readthedocs.yaml:
--------------------------------------------------------------------------------
1 | # .readthedocs.yaml
2 | # Read the Docs configuration file
3 | # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
4 |
5 | # Required
6 | version: 2
7 |
8 | # Set the version of Python and other tools you might need
9 | build:
10 | os: ubuntu-22.04
11 | tools:
12 | python: "3.11"
13 |
14 | # Build documentation in the docs/ directory with Sphinx
15 | sphinx:
16 | configuration: docs/conf.py
17 |
18 | # We recommend specifying your dependencies to enable reproducible builds:
19 | # https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html
20 | python:
21 | install:
22 | - requirements: requirements.txt
23 | - requirements: docs/requirements.txt
24 |
--------------------------------------------------------------------------------
/MANIFEST.in:
--------------------------------------------------------------------------------
1 | recursive-include tests *
2 | recursive-include docs/_build/html *
3 | include LICENSE
4 | include README
5 | include Makefile
6 | include MANIFEST.in
7 |
--------------------------------------------------------------------------------
/README:
--------------------------------------------------------------------------------
1 | tlslite-ng is a pure python implementation of SSLv3.0, TLS 1.0, TLS 1.1,
2 | TLS 1.2 and TLS 1.3 protocols.
3 |
4 | It can use pycrypto, m2crypto and gmp for acceleration of cryptographic
5 | operations but is not dependant upon them.
6 |
7 | Functionality implemented include:
8 | - all above mentioned protocols, including support for client certificates
9 | (RFC 6101, RFC 2246, RFC 4346, RFC 5246, RFC 8446 - not complete)
10 | - RSA, RSA-PSS, DSA, and ECDSA certificates
11 | - RC4, 3DES-CBC, AES-CBC, AES-GCM, AES-CCM, AES-CCM_8 and ChaCha20 ciphers
12 | (RFC 5246, RFC 6347, RFC 4492, RFC 5288, RFC 5289, RFC 7539, RFC 7905,
13 | RFC 6655, RFC 7251)
14 | - MD5, SHA1, SHA256 and SHA384 HMACs as well as AEAD mode of operation with
15 | GCM or Poly1305 authenticator
16 | - RSA, DHE_RSA, DHE_DSS, ECDHE_RSA, ECDHE_ECDSA key exchange
17 | - full set of signature hashes (md5, sha1, sha224, sha256, sha384, sha512,
18 | rsa_pss_rsae_sha256, rsa_pss_rsae_sha384 and rsa_pss_rsae_sha512) for
19 | ServerKeyExchange and CertfificateVerify
20 | - secp256r1, secp384r1, secp521r1, secp256k1, secp224r1 and secp192r1 curves
21 | for ECDHE key exchange (support for last two depends on the version of ecdsa
22 | library used)
23 | - x25519 and x448 curves for ECDHE key exchage (RFC 7748. RFC 4492bis)
24 | - anonymous DHE key exchange
25 | - anonymous ECDH key exchange
26 | - PSK and PSK-DH key exchange in TLS 1.3
27 | - session ticket based resumption (RFC 5077) and in TLS 1.3
28 | - post-handshake client authentication in TLS 1.3
29 | - NULL encryption ciphersuites
30 | - FALLBACK_SCSV (RFC 7507)
31 | - encrypt-then-MAC mode of operation for CBC ciphersuites (RFC 7366)
32 | - TACK certificate pinning
33 | - SRP_SHA_RSA and SRP_SHA ciphersuites (RFC 5054)
34 | - Extended Master Secret calculation for TLS connections (RFC 7627)
35 | - padding extension (RFC 7685)
36 | - Keying material exporter (RFC 5705)
37 | - Next Protocol Negotiation
38 | - Application-Layer Protocol Negotiation Extension (RFC 7301)
39 | - FFDHE prime/group negotiation (RFC 7919)
40 | - Heartbeat Extension (RFC 6520)
41 | - Record Size Limit (RFC 8449)
42 | - TLS Certificate Compression (RFC 8879)
43 | - Hybrid ML-KEM key exchage groups (draft-kwiatkowski-tls-ecdhe-mlkem-02)
44 | - support for Brainpool curves in TLS 1.2 and TLS 1.3
45 |
46 |
47 | tlslite-ng aims to be a drop-in replacement for tlslite while providing more
48 | comprehensive set of features and more secure defaults.
49 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Security Policy
2 |
3 | tlslite-ng received little-to-none 3rd party security review.
4 |
5 | tlslite-ng **CANNOT** verify certificates – users of the library must use
6 | external means to check if certificate of the peer is the expected one.
7 |
8 | Because python execution environment uses hash tables to store variables (that
9 | includes functions, objects and classes) it's very hard to create
10 | implementations that are timing attack resistant. Additionally, all integers
11 | use arbitrary precision arithmentic, so binary operations are data dependant
12 | (see Hubert Kario
13 | [blog post](https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/)
14 | on this topic). This means that CBC MAC-then-encrypt de-padding leaks timing
15 | information and all pure python cipher implementations will leak timing
16 | information. None of the included cipher implementations are written in a way
17 | that even tries to hide the data dependance.
18 |
19 | In other words, pure-python (tlslite-ng internal) implementations of all
20 | ciphers, as well as all CBC mode ciphers working in MAC-then-encrypt mode are
21 | **NOT** secure. Don't use them. In addition to that, use AEAD ciphersuites
22 | (AES-GCM) or encrypt-then-MAC mode for CBC ciphers.
23 |
24 | (Note: PyCrypto aes-gcm cipher is also not secure as it uses Python to
25 | calculate GCM tag, see issue
26 | [#301](https://github.com/tlsfuzzer/tlslite-ng/issues/301))
27 |
28 | ## Supported Versions
29 |
30 | Only the current stable release is considered supported (will have fixes to
31 | security issues backported and new patches will trigger a new release).
32 |
33 | | Version | Supported |
34 | | ------- | ------------------ |
35 | | 0.8.0-alpha | :x: |
36 | | 0.7.x | :white_check_mark: |
37 | | < 0.7 | :x: |
38 |
39 | ## Reporting a Vulnerability
40 |
41 | Security issues can be reported by sending an email to hkario@redhat.com.
42 | Answer to the initial email can be expected in 2 work-days.
43 |
44 | If an issue is recognised as a vulnerability, fixes for it will be developed
45 | on a good faith basis.
46 |
47 | Unless otherwise agreed to, we'd like to request the reporter to keep the
48 | vulnerability confidential for the industry-accepted period for responsible
49 | disclosure of 90 days. The period will be cut short if the fix is released
50 | earlier.
51 |
--------------------------------------------------------------------------------
/build-requirements-2.6.txt:
--------------------------------------------------------------------------------
1 | isort<4.3
2 | inflect<0.3.1
3 | pyopenssl<18
4 | cffi<1.14
5 | unittest2
6 | coverage
7 | hypothesis<3
8 | git+https://github.com/tomato42/coveralls-python.git@add-py26#egg=coveralls
9 | pylint
10 | diff_cover
11 | pycparser<2.19
12 | idna<2.8
13 | mock==2.0.0
14 |
--------------------------------------------------------------------------------
/build-requirements-2.7.txt:
--------------------------------------------------------------------------------
1 | unittest2
2 | coverage
3 | hypothesis
4 | git+https://github.com/tomato42/coveralls-python.git@add-py26#egg=coveralls
5 | pylint
6 | mock
7 | diff_cover<2.5.0
8 | pytest>=4.6.5
9 |
--------------------------------------------------------------------------------
/build-requirements-3.3.txt:
--------------------------------------------------------------------------------
1 | six>=1.10.0
2 | enum34
3 | coverage<5.0
4 | hypothesis<3.44
5 | git+https://github.com/tomato42/coveralls-python.git@add-py26#egg=coveralls
6 | wrapt<1.13.0
7 | pylint<2.12.2
8 | diff_cover<2.5.0
9 | typed-ast<1.3.0
10 | inflect<4.0.0
11 | typing<3.7.4
12 | isort==4.2.5
13 |
--------------------------------------------------------------------------------
/build-requirements-3.4.txt:
--------------------------------------------------------------------------------
1 | coverage
2 | hypothesis
3 | git+https://github.com/tomato42/coveralls-python.git@add-py26#egg=coveralls
4 | pylint
5 | diff_cover
6 | pytest>=4.6.5
7 | pluggy>=0.7
8 |
--------------------------------------------------------------------------------
/build-requirements.txt:
--------------------------------------------------------------------------------
1 | coverage
2 | hypothesis
3 | coveralls
4 | pylint<2.10
5 | diff_cover
6 | pytest>=4.6.5
7 | pluggy>=0.7
8 |
--------------------------------------------------------------------------------
/docs/index.rst:
--------------------------------------------------------------------------------
1 | .. tlslite-ng documentation master file, created by
2 | sphinx-quickstart on Thu Jul 20 13:51:42 2017.
3 | You can adapt this file completely to your liking, but it should at least
4 | contain the root `toctree` directive.
5 |
6 | Welcome to tlslite-ng's documentation!
7 | ======================================
8 |
9 | Contents:
10 |
11 | .. toctree::
12 | :maxdepth: 2
13 |
14 | modules
15 |
16 | Indices and tables
17 | ==================
18 |
19 | * :ref:`genindex`
20 | * :ref:`modindex`
21 | * :ref:`search`
22 |
23 |
--------------------------------------------------------------------------------
/docs/modules.rst:
--------------------------------------------------------------------------------
1 | tlslite
2 | =======
3 |
4 | .. toctree::
5 | :maxdepth: 4
6 |
7 | tlslite
8 |
--------------------------------------------------------------------------------
/docs/requirements.txt:
--------------------------------------------------------------------------------
1 | sphinx-rtd-theme
2 |
--------------------------------------------------------------------------------
/docs/tlslite.api.rst:
--------------------------------------------------------------------------------
1 | tlslite.api module
2 | ==================
3 |
4 | .. automodule:: tlslite.api
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.basedb.rst:
--------------------------------------------------------------------------------
1 | tlslite.basedb module
2 | =====================
3 |
4 | .. automodule:: tlslite.basedb
5 | :members:
6 | :special-members: __contains__, __delitem__, __getitem__, __init__,
7 | __setitem__
8 | :undoc-members:
9 | :show-inheritance:
10 |
--------------------------------------------------------------------------------
/docs/tlslite.bufferedsocket.rst:
--------------------------------------------------------------------------------
1 | tlslite.bufferedsocket module
2 | =============================
3 |
4 | .. automodule:: tlslite.bufferedsocket
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.checker.rst:
--------------------------------------------------------------------------------
1 | tlslite.checker module
2 | ======================
3 |
4 | .. automodule:: tlslite.checker
5 | :members:
6 | :special-members: __init__, __call__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.constants.rst:
--------------------------------------------------------------------------------
1 | tlslite.constants module
2 | ========================
3 |
4 | .. automodule:: tlslite.constants
5 | :members:
6 | :undoc-members:
7 | :show-inheritance:
8 |
--------------------------------------------------------------------------------
/docs/tlslite.defragmenter.rst:
--------------------------------------------------------------------------------
1 | tlslite.defragmenter module
2 | ===========================
3 |
4 | .. automodule:: tlslite.defragmenter
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.dh.rst:
--------------------------------------------------------------------------------
1 | tlslite.dh module
2 | =================
3 |
4 | .. automodule:: tlslite.dh
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.errors.rst:
--------------------------------------------------------------------------------
1 | tlslite.errors module
2 | =====================
3 |
4 | .. automodule:: tlslite.errors
5 | :members:
6 | :special-members: __init__, __str__, __repr__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.extensions.rst:
--------------------------------------------------------------------------------
1 | tlslite.extensions module
2 | =========================
3 |
4 | .. automodule:: tlslite.extensions
5 | :members:
6 | :special-members: __init__, __repr__, __str__, __eq__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.handshakehashes.rst:
--------------------------------------------------------------------------------
1 | tlslite.handshakehashes module
2 | ==============================
3 |
4 | .. automodule:: tlslite.handshakehashes
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.handshakehelpers.rst:
--------------------------------------------------------------------------------
1 | tlslite.handshakehelpers module
2 | ===============================
3 |
4 | .. automodule:: tlslite.handshakehelpers
5 | :members:
6 | :undoc-members:
7 | :show-inheritance:
8 |
--------------------------------------------------------------------------------
/docs/tlslite.handshakesettings.rst:
--------------------------------------------------------------------------------
1 | tlslite.handshakesettings module
2 | ================================
3 |
4 | .. automodule:: tlslite.handshakesettings
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.asyncstatemachine.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.asyncstatemachine module
2 | ============================================
3 |
4 | .. automodule:: tlslite.integration.asyncstatemachine
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.clienthelper.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.clienthelper module
2 | =======================================
3 |
4 | .. automodule:: tlslite.integration.clienthelper
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.httptlsconnection.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.httptlsconnection module
2 | ============================================
3 |
4 | .. automodule:: tlslite.integration.httptlsconnection
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.imap4_tls.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.imap4_tls module
2 | ====================================
3 |
4 | .. automodule:: tlslite.integration.imap4_tls
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.pop3_tls.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.pop3_tls module
2 | ===================================
3 |
4 | .. automodule:: tlslite.integration.pop3_tls
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration package
2 | ===========================
3 |
4 | .. automodule:: tlslite.integration
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
10 | Submodules
11 | ----------
12 |
13 | .. toctree::
14 |
15 | tlslite.integration.asyncstatemachine
16 | tlslite.integration.clienthelper
17 | tlslite.integration.httptlsconnection
18 | tlslite.integration.imap4_tls
19 | tlslite.integration.pop3_tls
20 | tlslite.integration.smtp_tls
21 | tlslite.integration.tlsasyncdispatchermixin
22 | tlslite.integration.tlssocketservermixin
23 | tlslite.integration.xmlrpcserver
24 | tlslite.integration.xmlrpctransport
25 |
26 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.smtp_tls.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.smtp_tls module
2 | ===================================
3 |
4 | .. automodule:: tlslite.integration.smtp_tls
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.tlsasyncdispatchermixin.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.tlsasyncdispatchermixin module
2 | ==================================================
3 |
4 | .. automodule:: tlslite.integration.tlsasyncdispatchermixin
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.tlsasynciodispatchermixin:
--------------------------------------------------------------------------------
1 | tlslite.integration.tlsasynciodispatchermixin module
2 | ==================================================
3 |
4 | .. automodule:: tlslite.integration.tlsasynciodispatchermixin
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.tlssocketservermixin.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.tlssocketservermixin module
2 | ===============================================
3 |
4 | .. automodule:: tlslite.integration.tlssocketservermixin
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.xmlrpcserver.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.xmlrpcserver module
2 | =======================================
3 |
4 | .. automodule:: tlslite.integration.xmlrpcserver
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.integration.xmlrpctransport.rst:
--------------------------------------------------------------------------------
1 | tlslite.integration.xmlrpctransport module
2 | ==========================================
3 |
4 | .. automodule:: tlslite.integration.xmlrpctransport
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.keyexchange.rst:
--------------------------------------------------------------------------------
1 | tlslite.keyexchange module
2 | ==========================
3 |
4 | .. automodule:: tlslite.keyexchange
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.mathtls.rst:
--------------------------------------------------------------------------------
1 | tlslite.mathtls module
2 | ======================
3 |
4 | .. automodule:: tlslite.mathtls
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.messages.rst:
--------------------------------------------------------------------------------
1 | tlslite.messages module
2 | =======================
3 |
4 | .. automodule:: tlslite.messages
5 | :members:
6 | :special-members: __init__, __repr__, __str__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.messagesocket.rst:
--------------------------------------------------------------------------------
1 | tlslite.messagesocket module
2 | ============================
3 |
4 | .. automodule:: tlslite.messagesocket
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.recordlayer.rst:
--------------------------------------------------------------------------------
1 | tlslite.recordlayer module
2 | ==========================
3 |
4 | .. automodule:: tlslite.recordlayer
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.rst:
--------------------------------------------------------------------------------
1 | tlslite package
2 | ===============
3 |
4 | .. automodule:: tlslite
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
10 | Subpackages
11 | -----------
12 |
13 | .. toctree::
14 |
15 | tlslite.integration
16 | tlslite.utils
17 |
18 | Submodules
19 | ----------
20 |
21 | .. toctree::
22 |
23 | tlslite.api
24 | tlslite.basedb
25 | tlslite.bufferedsocket
26 | tlslite.checker
27 | tlslite.constants
28 | tlslite.defragmenter
29 | tlslite.dh
30 | tlslite.errors
31 | tlslite.extensions
32 | tlslite.handshakehashes
33 | tlslite.handshakehelpers
34 | tlslite.handshakesettings
35 | tlslite.keyexchange
36 | tlslite.mathtls
37 | tlslite.messages
38 | tlslite.messagesocket
39 | tlslite.recordlayer
40 | tlslite.session
41 | tlslite.sessioncache
42 | tlslite.tlsconnection
43 | tlslite.tlsrecordlayer
44 | tlslite.verifierdb
45 | tlslite.x509
46 | tlslite.x509certchain
47 |
48 |
--------------------------------------------------------------------------------
/docs/tlslite.session.rst:
--------------------------------------------------------------------------------
1 | tlslite.session module
2 | ======================
3 |
4 | .. automodule:: tlslite.session
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.sessioncache.rst:
--------------------------------------------------------------------------------
1 | tlslite.sessioncache module
2 | ===========================
3 |
4 | .. automodule:: tlslite.sessioncache
5 | :members:
6 | :special-members: __init__, __getitem__, __setitem__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.tlsconnection.rst:
--------------------------------------------------------------------------------
1 | tlslite.tlsconnection module
2 | ============================
3 |
4 | .. automodule:: tlslite.tlsconnection
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.tlsrecordlayer.rst:
--------------------------------------------------------------------------------
1 | tlslite.tlsrecordlayer module
2 | =============================
3 |
4 | .. automodule:: tlslite.tlsrecordlayer
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.aes.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.aes module
2 | ========================
3 |
4 | .. automodule:: tlslite.utils.aes
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.aesgcm.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.aesgcm module
2 | ===========================
3 |
4 | .. automodule:: tlslite.utils.aesgcm
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.asn1parser.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.asn1parser module
2 | ===============================
3 |
4 | .. automodule:: tlslite.utils.asn1parser
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.chacha.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.chacha module
2 | ===========================
3 |
4 | .. automodule:: tlslite.utils.chacha
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.chacha20_poly1305.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.chacha20_poly1305 module
2 | ======================================
3 |
4 | .. automodule:: tlslite.utils.chacha20_poly1305
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.cipherfactory.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.cipherfactory module
2 | ==================================
3 |
4 | .. automodule:: tlslite.utils.cipherfactory
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.codec.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.codec module
2 | ==========================
3 |
4 | .. automodule:: tlslite.utils.codec
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.compat.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.compat module
2 | ===========================
3 |
4 | .. automodule:: tlslite.utils.compat
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.constanttime.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.constanttime module
2 | =================================
3 |
4 | .. automodule:: tlslite.utils.constanttime
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.cryptomath.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.cryptomath module
2 | ===============================
3 |
4 | .. automodule:: tlslite.utils.cryptomath
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.datefuncs.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.datefuncs module
2 | ==============================
3 |
4 | .. automodule:: tlslite.utils.datefuncs
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.deprecations.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.deprecations module
2 | =================================
3 |
4 | .. automodule:: tlslite.utils.deprecations
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.dns_utils.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.dns_utils module
2 | ==============================
3 |
4 | .. automodule:: tlslite.utils.dns_utils
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.ecc.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.ecc module
2 | ========================
3 |
4 | .. automodule:: tlslite.utils.ecc
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.ecdsakey.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.ecdsakey module
2 | =============================
3 |
4 | .. automodule:: tlslite.utils.ecdsakey
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.keyfactory.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.keyfactory module
2 | ===============================
3 |
4 | .. automodule:: tlslite.utils.keyfactory
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.lists.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.lists module
2 | ==========================
3 |
4 | .. automodule:: tlslite.utils.lists
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.openssl_aes.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.openssl_aes module
2 | ================================
3 |
4 | .. automodule:: tlslite.utils.openssl_aes
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.openssl_rc4.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.openssl_rc4 module
2 | ================================
3 |
4 | .. automodule:: tlslite.utils.openssl_rc4
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.openssl_rsakey.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.openssl_rsakey module
2 | ===================================
3 |
4 | .. automodule:: tlslite.utils.openssl_rsakey
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.openssl_tripledes.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.openssl_tripledes module
2 | ======================================
3 |
4 | .. automodule:: tlslite.utils.openssl_tripledes
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.pem.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.pem module
2 | ========================
3 |
4 | .. automodule:: tlslite.utils.pem
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.poly1305.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.poly1305 module
2 | =============================
3 |
4 | .. automodule:: tlslite.utils.poly1305
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.pycrypto_aes.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.pycrypto_aes module
2 | =================================
3 |
4 | .. automodule:: tlslite.utils.pycrypto_aes
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.pycrypto_aesgcm.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.pycrypto_aesgcm module
2 | ====================================
3 |
4 | .. automodule:: tlslite.utils.pycrypto_aesgcm
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.pycrypto_rc4.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.pycrypto_rc4 module
2 | =================================
3 |
4 | .. automodule:: tlslite.utils.pycrypto_rc4
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.pycrypto_rsakey.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.pycrypto_rsakey module
2 | ====================================
3 |
4 | .. automodule:: tlslite.utils.pycrypto_rsakey
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.pycrypto_tripledes.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.pycrypto_tripledes module
2 | =======================================
3 |
4 | .. automodule:: tlslite.utils.pycrypto_tripledes
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.python_aes.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.python_aes module
2 | ===============================
3 |
4 | .. automodule:: tlslite.utils.python_aes
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.python_aesgcm.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.python_aesgcm module
2 | ==================================
3 |
4 | .. automodule:: tlslite.utils.python_aesgcm
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.python_chacha20_poly1305.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.python_chacha20_poly1305 module
2 | =============================================
3 |
4 | .. automodule:: tlslite.utils.python_chacha20_poly1305
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.python_rc4.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.python_rc4 module
2 | ===============================
3 |
4 | .. automodule:: tlslite.utils.python_rc4
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.python_rsakey.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.python_rsakey module
2 | ==================================
3 |
4 | .. automodule:: tlslite.utils.python_rsakey
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.rc4.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.rc4 module
2 | ========================
3 |
4 | .. automodule:: tlslite.utils.rc4
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.rijndael.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.rijndael module
2 | =============================
3 |
4 | .. automodule:: tlslite.utils.rijndael
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.rsakey.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.rsakey module
2 | ===========================
3 |
4 | .. automodule:: tlslite.utils.rsakey
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils package
2 | =====================
3 |
4 | .. automodule:: tlslite.utils
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
10 | Submodules
11 | ----------
12 |
13 | .. toctree::
14 |
15 | tlslite.utils.aes
16 | tlslite.utils.aesgcm
17 | tlslite.utils.asn1parser
18 | tlslite.utils.chacha
19 | tlslite.utils.chacha20_poly1305
20 | tlslite.utils.cipherfactory
21 | tlslite.utils.codec
22 | tlslite.utils.compat
23 | tlslite.utils.constanttime
24 | tlslite.utils.cryptomath
25 | tlslite.utils.datefuncs
26 | tlslite.utils.deprecations
27 | tlslite.utils.dns_utils
28 | tlslite.utils.ecc
29 | tlslite.utils.ecdsakey
30 | tlslite.utils.keyfactory
31 | tlslite.utils.lists
32 | tlslite.utils.openssl_aes
33 | tlslite.utils.openssl_rc4
34 | tlslite.utils.openssl_rsakey
35 | tlslite.utils.openssl_tripledes
36 | tlslite.utils.pem
37 | tlslite.utils.poly1305
38 | tlslite.utils.pycrypto_aes
39 | tlslite.utils.pycrypto_aesgcm
40 | tlslite.utils.pycrypto_rc4
41 | tlslite.utils.pycrypto_rsakey
42 | tlslite.utils.pycrypto_tripledes
43 | tlslite.utils.python_aes
44 | tlslite.utils.python_aesgcm
45 | tlslite.utils.python_chacha20_poly1305
46 | tlslite.utils.python_rc4
47 | tlslite.utils.python_rsakey
48 | tlslite.utils.rc4
49 | tlslite.utils.rijndael
50 | tlslite.utils.rsakey
51 | tlslite.utils.tackwrapper
52 | tlslite.utils.tlshashlib
53 | tlslite.utils.tripledes
54 | tlslite.utils.x25519
55 |
56 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.tackwrapper.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.tackwrapper module
2 | ================================
3 |
4 | .. automodule:: tlslite.utils.tackwrapper
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.tlshashlib.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.tlshashlib module
2 | ===============================
3 |
4 | .. automodule:: tlslite.utils.tlshashlib
5 | :members:
6 | :special-members:
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.tripledes.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.tripledes module
2 | ==============================
3 |
4 | .. automodule:: tlslite.utils.tripledes
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.utils.x25519.rst:
--------------------------------------------------------------------------------
1 | tlslite.utils.x25519 module
2 | ===========================
3 |
4 | .. automodule:: tlslite.utils.x25519
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.verifierdb.rst:
--------------------------------------------------------------------------------
1 | tlslite.verifierdb module
2 | =========================
3 |
4 | .. automodule:: tlslite.verifierdb
5 | :members:
6 | :special-members: __init__, __setitem__, __getitem__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.x509.rst:
--------------------------------------------------------------------------------
1 | tlslite.x509 module
2 | ===================
3 |
4 | .. automodule:: tlslite.x509
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/docs/tlslite.x509certchain.rst:
--------------------------------------------------------------------------------
1 | tlslite.x509certchain module
2 | ============================
3 |
4 | .. automodule:: tlslite.x509certchain
5 | :members:
6 | :special-members: __init__
7 | :undoc-members:
8 | :show-inheritance:
9 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | ecdsa>=0.18.0b1
2 |
--------------------------------------------------------------------------------
/scripts/speed.py:
--------------------------------------------------------------------------------
1 | import timeit
2 |
3 | from tlslite.utils.cryptomath import gmpyLoaded, GMPY2_LOADED
4 |
5 | print("Acceleration backends loaded:")
6 | print("gmpy: {0}".format(gmpyLoaded))
7 | print("gmpy2: {0}".format(GMPY2_LOADED))
8 | print("")
9 |
10 | def do(setup_statements, statement):
11 | # extracted from timeit.py
12 | t = timeit.Timer(stmt=statement, setup="\n".join(setup_statements))
13 | # determine number so that 0.2 <= total time < 2.0
14 | for i in range(1, 10):
15 | number = 10 ** i
16 | x = t.timeit(number)
17 | if x >= 0.2:
18 | break
19 | return x / number
20 |
21 |
22 | prnt_form = (
23 | "{name:>16}{sep:1} {keygen:>9{form}}{unit:1} "
24 | "{keygen_inv:>9{form_inv}} {sign:>9{form}}{unit:1} "
25 | "{sign_inv:>9{form_inv}} {verify:>9{form}}{unit:1} "
26 | "{verify_inv:>9{form_inv}}"
27 | )
28 |
29 | print(
30 | prnt_form.format(
31 | keygen="keygen",
32 | keygen_inv="keygen/s",
33 | sign="sign",
34 | sign_inv="sign/s",
35 | verify="verify",
36 | verify_inv="verify/s",
37 | name="",
38 | sep="",
39 | unit="",
40 | form="",
41 | form_inv="",
42 | )
43 | )
44 |
45 | for size in [1024, 2048, 3072, 4096]:
46 | S1 = "from tlslite.utils.python_rsakey import Python_RSAKey"
47 | S2 = "from tlslite.utils.cryptomath import secureHash"
48 | S3 = "key = Python_RSAKey.generate(%s)" % size
49 | S4 = "msg = b'msg'"
50 | S5 = "msg_hash = secureHash(msg, 'sha1')"
51 | S6 = "sig = key.sign(msg_hash)"
52 | S7 = "key.verify(sig, msg_hash)"
53 | keygen = do([S1, S2], S3)
54 | sign = do([S1, S2, S3, S4, S5], S6)
55 | verf = do([S1, S2, S3, S4, S5, S6], S7)
56 |
57 | print(
58 | prnt_form.format(
59 | name="RSA {0} bits".format(size),
60 | sep=":",
61 | unit="s",
62 | keygen=keygen,
63 | keygen_inv=1.0 / keygen,
64 | sign=sign,
65 | sign_inv=1.0 / sign,
66 | verify=verf,
67 | verify_inv=1.0 / verf,
68 | form=".5f",
69 | form_inv=".2f",
70 | )
71 | )
72 |
73 | print("")
74 |
75 |
--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | # Author: Trevor Perrin
4 | # See the LICENSE file for legal information regarding use of this file.
5 |
6 | from distutils.core import setup
7 | import os
8 |
9 | here = os.path.abspath(os.path.dirname(__file__))
10 | with open(os.path.join(here, "README")) as f:
11 | README = f.read()
12 |
13 | setup(name="tlslite-ng",
14 | version="0.8.2",
15 | author="Alicja Kario",
16 | author_email="hkario@redhat.com",
17 | url="https://github.com/tlsfuzzer/tlslite-ng",
18 | description="Pure python implementation of SSL and TLS.",
19 | long_description=README,
20 | license="LGPLv2",
21 | scripts=["scripts/tls.py", "scripts/tlsdb.py"],
22 | packages=["tlslite", "tlslite.utils", "tlslite.integration"],
23 | package_data={
24 | 'package1': ['LICENSE', 'README.md']},
25 | install_requires=['ecdsa>=0.18.0b1'],
26 | obsoletes=["tlslite"],
27 | python_requires=">=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*",
28 | classifiers=[
29 | 'Development Status :: 5 - Production/Stable',
30 | 'Intended Audience :: Developers',
31 | 'License :: OSI Approved :: GNU Lesser General Public License v2 (LGPLv2)',
32 | 'Operating System :: OS Independent',
33 | 'Programming Language :: Python',
34 | 'Programming Language :: Python :: 2',
35 | 'Programming Language :: Python :: 2.6',
36 | 'Programming Language :: Python :: 2.7',
37 | 'Programming Language :: Python :: 3',
38 | 'Programming Language :: Python :: 3.7',
39 | 'Programming Language :: Python :: 3.8',
40 | 'Programming Language :: Python :: 3.9',
41 | 'Programming Language :: Python :: 3.10',
42 | 'Programming Language :: Python :: 3.11',
43 | 'Programming Language :: Python :: 3.12',
44 | 'Topic :: Security :: Cryptography',
45 | 'Topic :: Software Development :: Libraries :: Python Modules',
46 | 'Topic :: System :: Networking'
47 | ],
48 | keywords="ssl, tls, pure-python"
49 | )
50 |
--------------------------------------------------------------------------------
/tests/TACK1.pem:
--------------------------------------------------------------------------------
1 | Created by tack.py 0.9.9
2 | Created at 2015-03-03T21:10:40Z
3 | -----BEGIN TACK-----
4 | QjeXykNtxc22jUSQHO32Uq0HVfg9jKEUHNlqfxtpPAaiJ3mA1O+lI2ZDs8uS+Zdb
5 | /uxswqubymN2Fg5ujrQr2QAAAbtbWsbjtgd+sy84p8w/aiD1a08WGz1A6IsN36Hs
6 | Z5wb70F54Y8N6jZxJp9PZcT4MnFiv58MxrmJAQnIlqx6y8TEzHMS7zj2uu6d+m1N
7 | HhZK/UtLpncs2wwqw8PI5Ea9kcYQXw==
8 | -----END TACK-----
9 |
--------------------------------------------------------------------------------
/tests/TACK2.pem:
--------------------------------------------------------------------------------
1 | Created by tack.py 0.9.9
2 | Created at 2015-03-03T21:10:41Z
3 | -----BEGIN TACK-----
4 | 9C+V4IbqF3l/GsK4y1X2wWhis+f2Jw4pX2bCpB22NFDdUV+QiI5Ztpvd1jQFtIH+
5 | ayr7ycK52KsU7/rRYjX7JwAAAbtbWsbjtgd+sy84p8w/aiD1a08WGz1A6IsN36Hs
6 | Z5wb70F5bmWSnoZ8rqEHkLbqmqjiM+XCDZW+57MUqzT5sid4mkS00g7hMZCFw1q+
7 | pmv6B7SqyKd5IumU/bdmqt3g/g6xzw==
8 | -----END TACK-----
9 |
--------------------------------------------------------------------------------
/tests/TACK_Key1.pem:
--------------------------------------------------------------------------------
1 | Created by tack.py 0.9.9
2 | Created at 2015-03-03T21:09:21Z
3 | -----BEGIN TACK PRIVATE KEY-----
4 | AQAAIABwzwuq6r+poACwbpVJ/DI9GWMdPNh2r5C+khOxccgvTtnb36Rz+YRvdWM5
5 | uFwZKh5CN5fKQ23FzbaNRJAc7fZSrQdV+D2MoRQc2Wp/G2k8BqIneYDU76UjZkOz
6 | y5L5l1v+7GzCq5vKY3YWDm6OtCvZCEvqRIl7bOvhNKa608Xj+49YlJeVzFxlX8Sb
7 | HN1BlEU=
8 | -----END TACK PRIVATE KEY-----
9 |
--------------------------------------------------------------------------------
/tests/TACK_Key2.pem:
--------------------------------------------------------------------------------
1 | Created by tack.py 0.9.9
2 | Created at 2015-03-03T21:09:21Z
3 | -----BEGIN TACK PRIVATE KEY-----
4 | AQAAIABrNu+M/CwjNVTJe4gD7vow75Bws7ggXZNKl33QAAh81VS+tKgOiCPuLwYS
5 | ft6djk70L5XghuoXeX8awrjLVfbBaGKz5/YnDilfZsKkHbY0UN1RX5CIjlm2m93W
6 | NAW0gf5rKvvJwrnYqxTv+tFiNfsnllxaTH/Pi0hoCjdGNxqFnTGu53H6TYzpU7aK
7 | 3U4t/nA=
8 | -----END TACK PRIVATE KEY-----
9 |
--------------------------------------------------------------------------------
/tests/TACKs.pem:
--------------------------------------------------------------------------------
1 | Created by TACK.py 0.9.6
2 | Created at 2012-05-08T15:53:56Z
3 | -----BEGIN TACK-----
4 | lJ7JcxIC9y6i/jTkTh+MXf0aO23J58PjUQCAI4vCMINlcMGSC8Vyq9On51hk5zAz
5 | DlIdXzC7zcUC7AN7/alXYwAAAkJ0Bb8+RaM9YEywaJEGViKJJmpYG/gJHgfGaefI
6 | 9kKbXSDmXHI2tbZPnCxzR4ZXz21HxFm1SPYijTKm4zm5dAzXzvneOTRf/SFbY0dZ
7 | s7UpHKK4yOhREoGH8z8kxxD5/BXb5A==
8 | -----END TACK-----
9 | Created by tack.py 0.9.7
10 | Created at 2012-08-31T19:15:38Z
11 | -----BEGIN TACK-----
12 | x7MspJSqsflA4qZ6qG8r8Hd5AB0+BB09n96vuF5Z1ayBeGzrny90WeCu3E3G2d8Y
13 | 620TVYfnALIaMg//MZ8ovQAAAkMcxb8+RaM9YEywaJEGViKJJmpYG/gJHgfGaefI
14 | 9kKbXSDmq3tmkncGftPeMAUh3T2vcXNiRnRqyFArnCKr2gCSj2vsCiS3F+qVhaUv
15 | OyxAcIhminamGruajdPSXMtlCCwWag==
16 | -----END TACK-----
17 |
--------------------------------------------------------------------------------
/tests/TACKunrelated.pem:
--------------------------------------------------------------------------------
1 | Created by TACK.py 0.9.6
2 | Created at 2012-05-08T17:12:57Z
3 | -----BEGIN TACK-----
4 | lJ7JcxIC9y6i/jTkTh+MXf0aO23J58PjUQCAI4vCMINlcMGSC8Vyq9On51hk5zAz
5 | DlIdXzC7zcUC7AN7/alXYwMFAchwkzK2S2ZyeiBj5AZvO5WMsKruV2pezv2VM5m7
6 | iHRzHZWHnUVusrs/d04QnVS2Btmt5hECAKdcWK0qZHnMxhZhom9DExiqLQW0A05E
7 | xHvWKhN8y6J9UATLvGjjm3U7oyNxzQ==
8 | -----END TACK-----
9 |
--------------------------------------------------------------------------------
/tests/clientDSACert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEYzCCBBGgAwIBAgIUeLiaH57flwaXt7G1ae3irblrBR0wCwYJYIZIAWUDBAMC
3 | MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0yMzA4MDQxNjQ5MzhaGA8yMTIzMDcx
4 | MTE2NDkzOFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIDQjCCAjUGByqGSM44BAEw
5 | ggIoAoIBAQCKiKCtENzZfSCSfewPFVgV0vmOVw8WqO4uhiN/nSddlrxNOS58f5fk
6 | whAmtKxH7mQqlFPADuscHy5NQl9GsKZPi5ogVtxImJwP7enyf056tcOCtCUWnMIQ
7 | eEossgWdYE51KQeX+Hmr3XHqJwpsAW9yNkDS46SXut+uAAXLoQ2w+a71BJavCCuZ
8 | P5CqOjMbKVDBMIGPwDUKaL1prq2VBVSZ8WTiAtqqgaQUZQuV88G5R46teyNdOHt8
9 | zonXF8/6PUuDbI3KXvQZitLo6dhXGrAg99Pwg9k9ztzUJOeZ7kU6DZFaawRT+/9J
10 | f6iG0Le20jVc9aw9SbWNfJBY7szeaq11Ah0A/Rgp6nI7FlqEUqL9GaNBm+2B/E1D
11 | P3Z5n3prNQKCAQBV7L0KOF5OnXYMNUrVSZ7qP9hMP4dnhVPvqVa0LJhXbmYx8CO+
12 | kdPGbX2t8skg5yM1vK+AZ/nM5tlbA2R/F6Nol3X9lwUwQT0RRlhsHoT7kTVMU+Ip
13 | lv1C3X+H3GthGAnMmGutGsK+48sHl6QAPmy8f6uVHWzh6WQe7pROZPD410U8t2GM
14 | wRUjlo8n5NdQx/Qw7bvT88HX3FpybNQQJvsefeX5gEpK8JQSLhOEEjAqafrJHtBM
15 | FBDsdpn5/5/H9gTBXqjq6zJRxQP+xggmLj2Eo9B249ANmi57pixM2m9NFXVneJJN
16 | zlIZ2DIEzOX8TVjDFyGLmldXIz2/BqG6dmYDA4IBBQACggEAQDA5L5QJubxun5sH
17 | w31gN/oXWyxF9qXoaUyLpUpt2V2lebNCJ6bdR+wstA7ddyAb/pM6kjnjEv+UxD3c
18 | SjzMtW+Eehn8kXv4gdYyJeJjFcziV5sFvjW6RGAQX0+YO1gAv8BxjGzySNoc7bpp
19 | Ta5YywN0sRPG3U0KsVGyBXakYNoS3Hq7n1JnrSuGBKVje1fQyesRtpkWBfD6Dlog
20 | iciOy/iQnTsMCFrlrETJPfOAJ12Gzsr+lL9TLVsIP9tAk++Arp1H/rICf2QpIjsZ
21 | uEehHgg3oA62RecmMBf+7HX2+bZeoRyYYCe6DMyDS7HLzKA/y31iw7E9VLNyKU4q
22 | i6VPLqNTMFEwHQYDVR0OBBYEFBFcfDeT5cNGJwP89U5VkvxojDuzMB8GA1UdIwQY
23 | MBaAFBFcfDeT5cNGJwP89U5VkvxojDuzMA8GA1UdEwEB/wQFMAMBAf8wCwYJYIZI
24 | AWUDBAMCAz8AMDwCHGaJRUSP9RhmtFPC7UZQ3KjyELgZ/vUcfoJa3ysCHEUavN6C
25 | jExdFwdKI/98/jX7Qz7IlKnDbww8K9c=
26 | -----END CERTIFICATE-----
27 |
--------------------------------------------------------------------------------
/tests/clientDSAKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIICXAIBADCCAjUGByqGSM44BAEwggIoAoIBAQCKiKCtENzZfSCSfewPFVgV0vmO
3 | Vw8WqO4uhiN/nSddlrxNOS58f5fkwhAmtKxH7mQqlFPADuscHy5NQl9GsKZPi5og
4 | VtxImJwP7enyf056tcOCtCUWnMIQeEossgWdYE51KQeX+Hmr3XHqJwpsAW9yNkDS
5 | 46SXut+uAAXLoQ2w+a71BJavCCuZP5CqOjMbKVDBMIGPwDUKaL1prq2VBVSZ8WTi
6 | AtqqgaQUZQuV88G5R46teyNdOHt8zonXF8/6PUuDbI3KXvQZitLo6dhXGrAg99Pw
7 | g9k9ztzUJOeZ7kU6DZFaawRT+/9Jf6iG0Le20jVc9aw9SbWNfJBY7szeaq11Ah0A
8 | /Rgp6nI7FlqEUqL9GaNBm+2B/E1DP3Z5n3prNQKCAQBV7L0KOF5OnXYMNUrVSZ7q
9 | P9hMP4dnhVPvqVa0LJhXbmYx8CO+kdPGbX2t8skg5yM1vK+AZ/nM5tlbA2R/F6No
10 | l3X9lwUwQT0RRlhsHoT7kTVMU+Iplv1C3X+H3GthGAnMmGutGsK+48sHl6QAPmy8
11 | f6uVHWzh6WQe7pROZPD410U8t2GMwRUjlo8n5NdQx/Qw7bvT88HX3FpybNQQJvse
12 | feX5gEpK8JQSLhOEEjAqafrJHtBMFBDsdpn5/5/H9gTBXqjq6zJRxQP+xggmLj2E
13 | o9B249ANmi57pixM2m9NFXVneJJNzlIZ2DIEzOX8TVjDFyGLmldXIz2/BqG6dmYD
14 | BB4CHCEci705ssiT3yVp22s8gZEDANgtPXZaMjAFEMw=
15 | -----END PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/tests/clientECCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIBfjCCASOgAwIBAgIUTxkWwfl73xnqhoJqWZ+R4RPCX54wCgYIKoZIzj0EAwIw
3 | FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDkyNTE2NDgzMloXDTI5MDkyMjE2
4 | NDgzMlowFDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
5 | AQcDQgAEQNSgjtKQ2KEyIjcamNSSH83huV2aYpJMCRYAXvEBUNygmCwxCod2j97J
6 | Z4rnBmd9ySlceT65nXFuDuKlftIlLaNTMFEwHQYDVR0OBBYEFM9448HkxS8PnjT2
7 | CRzwBP3SWGK1MB8GA1UdIwQYMBaAFM9448HkxS8PnjT2CRzwBP3SWGK1MA8GA1Ud
8 | EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKCSuUb8eWvb3WCQcA8Wj2av
9 | V8UXsXPk5N2HyDojhklvAiEA97Z8QDFxMg20hm8cPGMlQT1r3PtPwF0eRsL2rPu0
10 | nxY=
11 | -----END CERTIFICATE-----
12 |
--------------------------------------------------------------------------------
/tests/clientECKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgjIlFWfrrN8Rsn7RU
3 | 9mZsG6hTDEa/1pXw8oNBML7UjeihRANCAARA1KCO0pDYoTIiNxqY1JIfzeG5XZpi
4 | kkwJFgBe8QFQ3KCYLDEKh3aP3slniucGZ33JKVx5PrmdcW4O4qV+0iUt
5 | -----END PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/tests/clientEd25519Cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIBOjCB7aADAgECAhQ15c2VkK6IVUB62L0UG1houuxlozAFBgMrZXAwEzERMA8G
3 | A1UEAwwISm9obiBEb2UwHhcNMjEwNzI3MTgxMjA2WhcNMjEwODI2MTgxMjA2WjAT
4 | MREwDwYDVQQDDAhKb2huIERvZTAqMAUGAytlcAMhADjqYm4QU+seahrT1xHlASeM
5 | ZTe63eoQ95oBAeZRL8Ofo1MwUTAdBgNVHQ4EFgQUWW+x7NNy1nmJwl/gr6AoPGrC
6 | 0GgwHwYDVR0jBBgwFoAUWW+x7NNy1nmJwl/gr6AoPGrC0GgwDwYDVR0TAQH/BAUw
7 | AwEB/zAFBgMrZXADQQDQxNKFkySCfap/8yEtD8aJFDpDQLF/QL1rKIo/198n/18X
8 | D5K63FFkmQOS5dv2h/QiSHWkNpBklqe0bRfW0nEB
9 | -----END CERTIFICATE-----
10 |
--------------------------------------------------------------------------------
/tests/clientEd25519Key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MC4CAQAwBQYDK2VwBCIEIOm5ZND3cKuM23aTESsnqkkunnQNuhksWOosOHf06vw6
3 | -----END PRIVATE KEY-----
4 |
--------------------------------------------------------------------------------
/tests/clientX509Cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICfjCCAecCCQDgdeCLz7d92jANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMC
3 | VVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdPYWtsYW5kMQ8wDQYDVQQKEwZUcmV2
4 | Q28xCzAJBgNVBAsTAkNBMRIwEAYDVQQDEwlUcmV2Q28gQ0ExIDAeBgkqhkiG9w0B
5 | CQEWEXRsc2xpdGVAdHJldnAubmV0MB4XDTEyMDIwNjAxMDMxMVoXDTQyMDEyOTAx
6 | MDMxMVowgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHT2Fr
7 | bGFuZDEPMA0GA1UEChMGVHJldkNvMQwwCgYDVQQLFANSJkQxFjAUBgNVBAMTDVRy
8 | ZXZvciBQZXJyaW4xIDAeBgkqhkiG9w0BCQEWEXRsc2xpdGVAdHJldnAubmV0MIGf
9 | MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrncYzz0HWlT3ELBTZ1Jt/ZDFWlHW9
10 | SrhlwR5Pd8bEonXCxhomAssz4SkJMaByGFyAUAT4bqf41PV50y5lkYVfgUIy8qQS
11 | Gd/qJrNuFa6odWt3MExQdVCXKTOdjYQmhwvXo6zlf7u/Sj5NICAWmXRHZFBljqG8
12 | QasxPrLSbWUtWQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJRqUTQ6pZ71rm46+qXo
13 | Sqc5tnj42uIn1eIfnm5pbPxXFvuP3RbuHVO140+LQL844c2JCOKeu9dQPKxoRNU7
14 | sQLdo8+o+KboiYif6m9Ial4ss0I5MhPPVi9heguRbcFHx+87q8xdN7vd6Wn2gw/l
15 | IV+b9EUQMWYFBCokR8o7o+IV
16 | -----END CERTIFICATE-----
17 |
--------------------------------------------------------------------------------
/tests/clientX509Key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXwIBAAKBgQCrncYzz0HWlT3ELBTZ1Jt/ZDFWlHW9SrhlwR5Pd8bEonXCxhom
3 | Assz4SkJMaByGFyAUAT4bqf41PV50y5lkYVfgUIy8qQSGd/qJrNuFa6odWt3MExQ
4 | dVCXKTOdjYQmhwvXo6zlf7u/Sj5NICAWmXRHZFBljqG8QasxPrLSbWUtWQIDAQAB
5 | AoGBAIo99cMWWTq5zZ+QwtsV4Iyl8PiFbrKk1hVhk0EAgyUymRnk6ntkFLwdzCiT
6 | yWMfLKRP0TEuMjDHm1YfP2ih6ITMh83SLF4og0dDzU+tn3PX/XWaoYZr8HsFTDMi
7 | FhrWXXBX8ST3F2aEyOxXZj8SGFu5YIJ8iemztANzZVSvYkWBAkEA2EbI6rnpXc5t
8 | fKhdkXa0c8l+Uyn/8JadHJ8sobzNhZ/CeC0a9PwhZLQvsRgNXXjYUFJ7N2igoIrk
9 | y0e8f+iD/QJBAMsjFrsrhmXcksf4RX6ZAg1rcJS115JjH2EnbbWd2nBLHUBwywGh
10 | VJhNyQRWBNlVGMrYWCQwHcZNOdUsvmLX140CQQC5v2GDpxQ0irwh2gAylH67CwzB
11 | pEq6eMCK+nI8nojtAJ7m0+ZZDcooUVC8imnAI6+0nIJSvjtmZqPFquDMAgiJAkEA
12 | ox/mXR+yqZHbfSHuDJ+qekRQ/9qW5kMbK9WR0EqW454uO1VYcFKxsCymxAiflDc1
13 | 1Y6uGUFaZ6gUTQ/FQ3K48QJBAIlPKkD8VfNg/3B6wq7gmqRIy9MblLLZo2Qh4nZA
14 | 4icCv/vpHH+o6Ccxad03LQKsTNJl3z52G4sKgASudWiBbLs=
15 | -----END RSA PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/tests/httpsclient.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | from __future__ import print_function
3 | from tlslite import HTTPTLSConnection, HandshakeSettings
4 |
5 | settings = HandshakeSettings()
6 | settings.useExperimentalTackExtension = True
7 |
8 | h = HTTPTLSConnection("localhost", 4443, settings=settings)
9 | h.request("GET", "/index.html")
10 | r = h.getresponse()
11 | print(r.read())
12 |
--------------------------------------------------------------------------------
/tests/httpsserver.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | python ../scripts/tls.py server -k serverX509Key.pem -c serverX509Cert.pem -t TACK1.pem localhost:4443
3 |
--------------------------------------------------------------------------------
/tests/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 | TLS Lite test server
4 |
5 |
6 | TLS Lite test server
7 | I am a TLS Lite HTTPS test server
8 |
9 |
10 |
--------------------------------------------------------------------------------
/tests/serverBrainpoolP256r1ECCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIBfTCCASSgAwIBAgIUdcPtlDRLVcVmWcQ3V31oeAXDS1UwCgYIKoZIzj0EAwIw
3 | FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIwMTAyMjE5NTQzNloXDTMwMTAyMDE5
4 | NTQzNlowFDESMBAGA1UEAwwJbG9jYWxob3N0MFowFAYHKoZIzj0CAQYJKyQDAwII
5 | AQEHA0IABAJ7rqWzCX/dPvyygGHSay+KSoyatGdA4/mciwqar+GdmwSWTzB9l0R3
6 | I4/rpCZ+Ri7CemspDWiZSYmZSMn3HESjUzBRMB0GA1UdDgQWBBT7XD/anl1lj1RP
7 | LVFQlaeWiC2nvjAfBgNVHSMEGDAWgBT7XD/anl1lj1RPLVFQlaeWiC2nvjAPBgNV
8 | HRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIAj6K/bwKOM26tKSNcLHPIr+
9 | XWZmSjaBCcaHeLuZcX8RAiBb6QIWftn0txlVwcNEay8d69XFJD1obZmKO4gxGe4K
10 | gQ==
11 | -----END CERTIFICATE-----
12 |
--------------------------------------------------------------------------------
/tests/serverBrainpoolP256r1ECKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MHgCAQEEIH0gSdkrNpsObfPorvjAmllMjBXy9x9pnJ8vwmY7s9n/oAsGCSskAwMC
3 | CAEBB6FEA0IABAJ7rqWzCX/dPvyygGHSay+KSoyatGdA4/mciwqar+GdmwSWTzB9
4 | l0R3I4/rpCZ+Ri7CemspDWiZSYmZSMn3HEQ=
5 | -----END EC PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/tests/serverBrainpoolP384r1ECCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIBvTCCAUSgAwIBAgIUPG1vSTSQmFemI8UU7EhB6tLSDmUwCgYIKoZIzj0EAwIw
3 | FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIwMTAyMjIxMTAyOFoXDTMwMTAyMDIx
4 | MTAyOFowFDESMBAGA1UEAwwJbG9jYWxob3N0MHowFAYHKoZIzj0CAQYJKyQDAwII
5 | AQELA2IABECMinC3tQTHVKMyUu5CPqDeq3VS9EuGuiP+5U6rzDto/eW/av1PGa0i
6 | hThpbl3YUIQB/670LMBj9LIZE45py5nbGdSTl593j8f8BvMzK0h9gPlqjp+rx297
7 | u8+C+qZoH6NTMFEwHQYDVR0OBBYEFGrfLfFHE9VToCpWErYcETRg7D8kMB8GA1Ud
8 | IwQYMBaAFGrfLfFHE9VToCpWErYcETRg7D8kMA8GA1UdEwEB/wQFMAMBAf8wCgYI
9 | KoZIzj0EAwIDZwAwZAIwNmu55BssK8gA093oUmKl9md2mc90RpEr5jWdxNj7gQJU
10 | QVumzJ9wVcJKmMah6hTRAjAC3mRQ7/gIdetJDMHRWECKhRhv9x42KdkCZFYR/o03
11 | q7CXY9Zb0VRk5fn2Prfb2MU=
12 | -----END CERTIFICATE-----
13 |
--------------------------------------------------------------------------------
/tests/serverBrainpoolP384r1ECKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MIGoAgEBBDAYnSS9f9KTYKoFQoxWmVdmAwUOTlK6hcj73SrBeLHq/AtaAMAklNGv
3 | M/Lf0iTbm8+gCwYJKyQDAwIIAQELoWQDYgAEQIyKcLe1BMdUozJS7kI+oN6rdVL0
4 | S4a6I/7lTqvMO2j95b9q/U8ZrSKFOGluXdhQhAH/rvQswGP0shkTjmnLmdsZ1JOX
5 | n3ePx/wG8zMrSH2A+WqOn6vHb3u7z4L6pmgf
6 | -----END EC PRIVATE KEY-----
7 |
--------------------------------------------------------------------------------
/tests/serverBrainpoolP512r1ECCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICAjCCAWagAwIBAgIUFgWkgS+N65P1N20PV1aABz2g62cwCgYIKoZIzj0EAwIw
3 | FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIwMTAyMjIxMTA1OFoXDTMwMTAyMDIx
4 | MTA1OFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIGbMBQGByqGSM49AgEGCSskAwMC
5 | CAEBDQOBggAEeB8B7ZJPBeo2Dn1J5u3IZ6r4SX7256TZRGCdbakwqq/CM8bCRxL2
6 | aR1lg1CKnV/MzpVkwdRyOw7ArLyDv38PaiU2vLxmpLqftcUPfhQqnDabfB+TLaoJ
7 | Mzaphp4Ry9sPl6Rne0d+TKYAAIJm2VovcpL8THgeJX4SkXVxUTuU+FGjUzBRMB0G
8 | A1UdDgQWBBSY5cFYRVDd4uI47QW9EGcztkFgjzAfBgNVHSMEGDAWgBSY5cFYRVDd
9 | 4uI47QW9EGcztkFgjzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GJADCB
10 | hQJAN7IS6Gff8Sc+tBz5U3EmKmM/epQX8SHiah2qkza+Qli5MblOY9JP7qaDBEiR
11 | FCxzOXgW+PyyN6nXBNpcCGTNtwJBAKrF0UXRpb7ayHkWZ0DNRYEhGxYtbc/nhwHv
12 | ODc6CjTi4qDrSoZZNWGU/JADelB48b9E6gW54vcpUFT1WgLbgyo=
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/tests/serverBrainpoolP512r1ECKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MIHaAgEBBEAcA+aaUOXU1dX/R0BnzGkLs88hB507uszFBmWussX7HylhsbNTToxW
3 | F8H5HC5dZEnIKFLQStSpI3z7pcVyaGb4oAsGCSskAwMCCAEBDaGBhQOBggAEeB8B
4 | 7ZJPBeo2Dn1J5u3IZ6r4SX7256TZRGCdbakwqq/CM8bCRxL2aR1lg1CKnV/MzpVk
5 | wdRyOw7ArLyDv38PaiU2vLxmpLqftcUPfhQqnDabfB+TLaoJMzaphp4Ry9sPl6Rn
6 | e0d+TKYAAIJm2VovcpL8THgeJX4SkXVxUTuU+FE=
7 | -----END EC PRIVATE KEY-----
8 |
--------------------------------------------------------------------------------
/tests/serverDSAKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN DSA PRIVATE KEY-----
2 | MIIDVQIBAAKCAQEAlcUuqjbXLSkgKSalFxsfw54JjX/xelfgOl7aC/a5FF4qe22q
3 | b+Zu62wP8lytDs7Vrmqyob8YoJbYsLAAyeWXgbZBr+BvzxjPkTo73gQg9TacVVJy
4 | Bst3RZ2DZPXcoxc9aVEoKtFHimqz0nKKK9i1NvtP56schcOmpEaaMxn2KsOv51BE
5 | /7gGRs7C9ZQJvcMKMY4yi6Q/ggzfCvWpiip6XnXxo/x9XW4KLhiKO0+Qj8k2Y0LR
6 | Pm4ZzSJ2CeRJVz9RlfebS98yJsC6uNrq4p2yEauh/qTfynOMHn0ujuOKymq/RUcN
7 | DYIc0FFY1CXcPfpc5u8nhrACjzBRQXj7J5uvMwIhAJoTReuU81i3gns7ZxZNA1T4
8 | qqqNccqDPHritS5dvPLhAoIBACCtfsGb5Lp9yntbzdaXSOi/a6PqvKvBBXqPexHd
9 | nafyXQhe/bGtoNboh1h1v1v3OnBFpJWjAAQrwXPd9ftnAUuBZ2FHJQtv6i0lomZT
10 | Gy8uVIvEbAvazfZYAjcC7/lC2JdVoBO6JRmqXlBTAKIOrGRiEgHFegIn3j3e3IUS
11 | u48Eb8K5kkC4kg031ZC1IpFjfseND81n/oUltjteFMR/iwkh1rHa+19r9yN2IpMK
12 | 70WkAC9M+s657mZPkp/n7l8JZ1lcYheSFij8fY6LYcfT1amYmn2/Pnwe2MDKqUb+
13 | tHjLsxHOI8iWMlX4RvHqan5Kj/CIfGd9uzsdbK+BVJ51CXMCggEAWH2NkWtpRtZO
14 | Ai/kxcXaYhsPxpa65my6xdkgtJxO6ZdTRAVQAdGk1a0ugBR3BWWizovHrqRARQ9O
15 | JNnJ5z4fiht9kCQ48v6gFggqqrW9ebsfBOLxvuYBGIsn1bSeloF635lOTColxhXv
16 | Mwn3srK7hEK0I3j6UnZhErYJBuCE41VY35eDd75vWrSWd5b5UP4eeGj8j2k3hAtq
17 | ntReE/Xy/EyJZkQkRn9c08FIhGNaHScmHNwk/cBDGFFrG+dycyndmdT2OJDVm7KG
18 | vGc1Oic161aXmOkmeIbjovfxw8+Id5L+Tc9Enytn940cmTffifn73p4cpsHWzxMW
19 | ks+vAGA84QIgDR0eOWXgG++QAwl7Lsm1QDQEAL2XvHMGL978OfObntM=
20 | -----END DSA PRIVATE KEY-----
21 |
--------------------------------------------------------------------------------
/tests/serverECCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIBbTCCARSgAwIBAgIJAPM58cskyK+yMAkGByqGSM49BAEwFDESMBAGA1UEAwwJ
3 | bG9jYWxob3N0MB4XDTE3MTAyMzExNDI0MVoXDTE3MTEyMjExNDI0MVowFDESMBAG
4 | A1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyDRjEAJe
5 | 3F5T62MyZbhjoJnPLGL2nrTthLFymBupZ2IbnWYnqVWDkT/L6i8sQhf2zCLrlSjj
6 | 1kn7ERqPx/KZyqNQME4wHQYDVR0OBBYEFPfFTUg9o3t6ehLsschSnC8Te8oaMB8G
7 | A1UdIwQYMBaAFPfFTUg9o3t6ehLsschSnC8Te8oaMAwGA1UdEwQFMAMBAf8wCQYH
8 | KoZIzj0EAQNIADBFAiA6p0YM5ZzfW+klHPRU2r13/IfKgeRfDR3dtBngmPvxUgIh
9 | APTeSDeJvYWVBLzyrKTeSerNDKKHU2Rt7sufipv76+7s
10 | -----END CERTIFICATE-----
11 |
--------------------------------------------------------------------------------
/tests/serverECDSANonCACert.pem:
--------------------------------------------------------------------------------
1 | Certificate:
2 | Data:
3 | Version: 3 (0x2)
4 | Serial Number: 2 (0x2)
5 | Signature Algorithm: ecdsa-with-SHA256
6 | Issuer: O=Example CA
7 | Validity
8 | Not Before: Aug 13 13:02:25 2020 GMT
9 | Not After : Aug 13 13:02:25 2025 GMT
10 | Subject: CN=localhost
11 | Subject Public Key Info:
12 | Public Key Algorithm: id-ecPublicKey
13 | Public-Key: (256 bit)
14 | pub:
15 | 04:1b:30:00:c2:ff:cd:d5:37:13:24:50:ba:58:8f:
16 | b7:cc:ec:b8:da:92:f4:d1:a7:4f:e6:1d:f0:94:d3:
17 | 68:50:26:c8:e7:10:58:3c:7e:74:78:fa:02:f6:e1:
18 | 22:64:da:37:29:e0:82:9a:29:05:a8:64:25:26:23:
19 | 26:4b:fe:ec:ea
20 | ASN1 OID: prime256v1
21 | NIST CURVE: P-256
22 | X509v3 extensions:
23 | X509v3 Key Usage: critical
24 | Digital Signature, Key Encipherment, Key Agreement
25 | X509v3 Extended Key Usage:
26 | TLS Web Server Authentication
27 | X509v3 Subject Key Identifier:
28 | BD:1A:70:34:7D:A1:15:6C:B8:FC:B0:56:6D:AD:4D:0A:B2:E5:C7:82
29 | X509v3 Authority Key Identifier:
30 | keyid:65:70:FA:10:EB:62:97:BD:85:FF:6C:04:F0:68:5D:22:F1:E9:83:67
31 | DirName:/O=Example CA
32 | serial:01
33 |
34 | Signature Algorithm: ecdsa-with-SHA256
35 | 30:45:02:20:64:8a:57:52:cc:8d:db:8c:a2:26:fc:68:42:e1:
36 | e6:76:9c:68:04:23:3a:ba:84:4f:8f:d2:74:17:ee:82:bb:ba:
37 | 02:21:00:b8:56:9b:fd:ec:2f:65:b4:94:a1:a7:64:b0:90:39:
38 | 4c:2f:37:df:b0:9c:f9:1e:5e:71:1d:d2:89:1c:41:8f:fb
39 | -----BEGIN CERTIFICATE-----
40 | MIIBnzCCAUWgAwIBAgIBAjAKBggqhkjOPQQDAjAVMRMwEQYDVQQKDApFeGFtcGxl
41 | IENBMB4XDTIwMDgxMzEzMDIyNVoXDTI1MDgxMzEzMDIyNVowFDESMBAGA1UEAwwJ
42 | bG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGzAAwv/N1TcTJFC6
43 | WI+3zOy42pL00adP5h3wlNNoUCbI5xBYPH50ePoC9uEiZNo3KeCCmikFqGQlJiMm
44 | S/7s6qOBhjCBgzAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
45 | HQYDVR0OBBYEFL0acDR9oRVsuPywVm2tTQqy5ceCMD0GA1UdIwQ2MDSAFGVw+hDr
46 | Ype9hf9sBPBoXSLx6YNnoRmkFzAVMRMwEQYDVQQKDApFeGFtcGxlIENBggEBMAoG
47 | CCqGSM49BAMCA0gAMEUCIGSKV1LMjduMoib8aELh5nacaAQjOrqET4/SdBfugru6
48 | AiEAuFab/ewvZbSUoadksJA5TC8337Cc+R5ecR3SiRxBj/s=
49 | -----END CERTIFICATE-----
50 |
--------------------------------------------------------------------------------
/tests/serverECDSANonCAKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PARAMETERS-----
2 | BggqhkjOPQMBBw==
3 | -----END EC PARAMETERS-----
4 | -----BEGIN EC PRIVATE KEY-----
5 | MHcCAQEEIMiNFWNbmRjxDs7ea0aJkXyu4neI952tFSF3NJLIKawgoAoGCCqGSM49
6 | AwEHoUQDQgAEGzAAwv/N1TcTJFC6WI+3zOy42pL00adP5h3wlNNoUCbI5xBYPH50
7 | ePoC9uEiZNo3KeCCmikFqGQlJiMmS/7s6g==
8 | -----END EC PRIVATE KEY-----
9 |
--------------------------------------------------------------------------------
/tests/serverECKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgCOZr0Ovs0eCmh+XM
3 | QWDYVpsQ+sJdjiq/itp/kYnWNSahRANCAATINGMQAl7cXlPrYzJluGOgmc8sYvae
4 | tO2EsXKYG6lnYhudZiepVYORP8vqLyxCF/bMIuuVKOPWSfsRGo/H8pnK
5 | -----END PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/tests/serverEd25519Cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIBPDCB76ADAgECAhQkqENccCvOQyI4iKFuuOKwl860bTAFBgMrZXAwFDESMBAG
3 | A1UEAwwJbG9jYWxob3N0MB4XDTIxMDcyNjE0MjcwN1oXDTIxMDgyNTE0MjcwN1ow
4 | FDESMBAGA1UEAwwJbG9jYWxob3N0MCowBQYDK2VwAyEA1KMGmAZealfgakBuCx/E
5 | n69fo072qm90eM40ulGex0ajUzBRMB0GA1UdDgQWBBTHKWv5l/SxnkkYJhh5r3Pv
6 | ESAh1DAfBgNVHSMEGDAWgBTHKWv5l/SxnkkYJhh5r3PvESAh1DAPBgNVHRMBAf8E
7 | BTADAQH/MAUGAytlcANBAF/vSBfOHAdRl29sWDTkuqy1dCuSf7j7jKE/Be8Fk7xs
8 | WteXJmIa0HlRAZjxNfWbsSGLnTYbsGTbxKx3QU9H9g0=
9 | -----END CERTIFICATE-----
10 |
--------------------------------------------------------------------------------
/tests/serverEd25519Key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MC4CAQAwBQYDK2VwBCIEIAjtEwCECqbot5RZxSmiNDWcPp+Xc9Y9WJcUhti3JgSP
3 | -----END PRIVATE KEY-----
4 |
--------------------------------------------------------------------------------
/tests/serverEd448Cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIBiDCCAQigAwIBAgIUZoaDDgE5Cy2GuAMtk4lnsmrPF04wBQYDK2VxMBQxEjAQ
3 | BgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjYxODAzMzhaFw0yMTA4MjUxODAzMzha
4 | MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDBDMAUGAytlcQM6AKxTNGJ39O4kUx7BopPK
5 | prb1Jkoo0csq0Cmpa+VhpDlbR9/gVsb3pchexzjxXyRkNv71naHmOkQvAKNTMFEw
6 | HQYDVR0OBBYEFBb153yRh5IZOfBxoakGVuviFKujMB8GA1UdIwQYMBaAFBb153yR
7 | h5IZOfBxoakGVuviFKujMA8GA1UdEwEB/wQFMAMBAf8wBQYDK2VxA3MAiXEqTPRb
8 | u+56ebfiGjdE++H+YvHVxxxycqKAIAikfsLFfw2LUGQVBMhl+nzS4zRDOKa34uGz
9 | DwEApFuOWurH/y8zqM5NFyXfwbHRlhG4xwUet52CbrtC7Dy1HYnvWdEjbKDSJXpJ
10 | MmNSiO0oBtQ62CsA
11 | -----END CERTIFICATE-----
12 |
--------------------------------------------------------------------------------
/tests/serverEd448Key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MEcCAQAwBQYDK2VxBDsEOWC42wrEHt4sse84L8oi/2LfqtYvT+Xwd5USLJuAUi6h
3 | Ht8RBuFGD/DoZIfwfBgBfemM56jAnbQIug==
4 | -----END PRIVATE KEY-----
5 |
--------------------------------------------------------------------------------
/tests/serverP384ECCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIBuzCCAUCgAwIBAgIUXnRpq5i0cyDQ1bvx/9HNCvPNS0kwCgYIKoZIzj0EAwIw
3 | FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDkyNDE5MDU0NVoXDTI5MDkyMTE5
4 | MDU0NVowFDESMBAGA1UEAwwJbG9jYWxob3N0MHYwEAYHKoZIzj0CAQYFK4EEACID
5 | YgAEvQl5Mg1IjTzndntcgmWDA5/SCte+uW6haKTNIIldP1N0sLUA5mTxyi5n07h/
6 | 6zNuvzhE/+42ucKiVjRB1TiJGTUiUyRvBfV8qflE4GsQDbtv/u8JKYAKc1tJD7AB
7 | pYRPo1MwUTAdBgNVHQ4EFgQUmnujKF6/C4TUMpZwyRcPV4ZclfswHwYDVR0jBBgw
8 | FoAUmnujKF6/C4TUMpZwyRcPV4ZclfswDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO
9 | PQQDAgNpADBmAjEA/LzKS2HOxLQuuEskHesrxDA6hKkpL+8Ggyllgbe3ZCWJ7Dq+
10 | 6bsTM7syHtVwi/YQAjEAnQgnzp2OBU7K6adVjPu4Rvj8z1JY6/ZEjOIvhUHDL7ND
11 | nabWoF+fEWrn6/oiTYkh
12 | -----END CERTIFICATE-----
13 |
--------------------------------------------------------------------------------
/tests/serverP384ECKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB2WUH+vRvXn6h0A/U9
3 | i0BO7rMIXa5OW8rt7EM8BXAfhnUqDmWmFrI0nECbjNAU7myhZANiAAS9CXkyDUiN
4 | POd2e1yCZYMDn9IK1765bqFopM0giV0/U3SwtQDmZPHKLmfTuH/rM26/OET/7ja5
5 | wqJWNEHVOIkZNSJTJG8F9Xyp+UTgaxANu2/+7wkpgApzW0kPsAGlhE8=
6 | -----END PRIVATE KEY-----
7 |
--------------------------------------------------------------------------------
/tests/serverP521ECCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICBTCCAWagAwIBAgIUIM4xqMpH6t3WLCOX8zuGyt0YAOMwCgYIKoZIzj0EAwIw
3 | FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDkyNDE5MDUyNVoXDTI5MDkyMTE5
4 | MDUyNVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIGbMBAGByqGSM49AgEGBSuBBAAj
5 | A4GGAAQBKGIswuKzpL+YTufrWM4IA+eHH6AS/KuJJfwCeNESe+kMPRzkq51wNtWq
6 | nbNDYFpZPfYejCvvWTm+syWZ9qd8mKAB1e9l0TQdorsVXxTtdiF5bqitThrEovCS
7 | 7uiOn0lKU3A70l06xNF6JLu1EC5b5fZ1BI0vlHGlBDxwOnZcftLy9+6jUzBRMB0G
8 | A1UdDgQWBBSQ/uAxW+uiIo8BkoXxCXsZLCYORjAfBgNVHSMEGDAWgBSQ/uAxW+ui
9 | Io8BkoXxCXsZLCYORjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GMADCB
10 | iAJCAeyvcn/1xWhpe/W46I2GMARgY/wE6K+0Xo9o3jsgyTMcVrjl9irotxUgW7kY
11 | wqR+J2E8AiPpnvQ37SkaLQC289dlAkIAsh5cybNKIeEVdSPNY3dLA3HT5F2acm2S
12 | gq99uAqJ6kmE+eFL0G/UWMbgvZ12fzbm9YjoIeKopgq12NhUURQtj1c=
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/tests/serverP521ECKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBERKX+ubIlLMTQGG8
3 | cJgErwtph4DtG72I8ZX86vHQcWIMZnfUlBQJqDqRKgYAooYS9QycyLim94kDo7CX
4 | opJXPvuhgYkDgYYABAEoYizC4rOkv5hO5+tYzggD54cfoBL8q4kl/AJ40RJ76Qw9
5 | HOSrnXA21aqds0NgWlk99h6MK+9ZOb6zJZn2p3yYoAHV72XRNB2iuxVfFO12IXlu
6 | qK1OGsSi8JLu6I6fSUpTcDvSXTrE0Xoku7UQLlvl9nUEjS+UcaUEPHA6dlx+0vL3
7 | 7g==
8 | -----END PRIVATE KEY-----
9 |
--------------------------------------------------------------------------------
/tests/serverRSANonCAKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEowIBAAKCAQEAwRUKSMW5+ZyibeMoyg7PXEAB4S4difCqJ/lb3WtELicJd9OV
3 | Pf2vXyWtU51nGYTcnaXrVVPjM2ccXsPIV2abktGmVhwO2fQiE4/lO6a332gW6tbm
4 | +2z0uIAn4+U12/d8WG9UYXbD6wm1190SqIsfom1nfGnB99yiQgHdlRjNv4vETHWY
5 | +SjfnmvVg+fciZmeZ9QMlEm0w9/qu+mazjcnbdQDnC5IJufE7mhWc6OEFtke/hlP
6 | bKa3MswozZncSxMHLPNehTai8f/XkV+tiNc2lT0kueuUx/v5FeaZofb2lvaemqQ3
7 | kOOTsGbErIymx0WQfOfarUJ4wcDSKfd5KHF++QIDAQABAoIBAHf88kotDhivnUU6
8 | sIN41qYWZNSiCttJAwUacltUKKehvMGJbCp89zniuSbIH2T9avhRPsDlA8FS54+A
9 | jYS7EB0aSgsjHpuVmoObnbIHNicQkYVZDWvb1uy9P4zhSSosT0rJzJ9Q5gmvHCFM
10 | kibJZlxTLsdjFZZJt0/bxu673kiUp37dgQ7TMgAuFARYseXoJRIsci5ALvt4D68x
11 | uGu5IolXsYCpiUvb/4tC0Wh+MBgAaK4lR5QWLUi+K1FJ+bs9qS6UkzfQlYErHwgP
12 | 1EHMMAUfF5hZA8S7GaTd0z4t7lX76D3qYXTQ5DX/RreeZavj4Y+gJL4qB1vMOpYu
13 | HdLi4vECgYEA44TQga5HwQCBCD0Fbq83LvHL1XZPo5nsuZTB6ivJeKhHGJysFOeE
14 | f8i9px5JYeaxqpRQ0VgGpCbLwir7/UGsofONQYwkRhnlqjNPaMAZVgEBAU1w/YCP
15 | haoPa+/uH9q5F5LS41g/EW4UFG6RdR7TXNKdM1mFETZWXuHEkjQ0J/UCgYEA2UCm
16 | 6HYnvCEYGiFSlzJtyATinjL5qc2WN+oxd3zmJCyNv6fSccUAky1IZYfHaf02EJkj
17 | 66oFOPNTvk5asfqjeLCPOsVxF+J54gTYKpMr9F72YX4pxJg4uRfAxn7xW7ehoHBN
18 | Sb3d9eFGLnxkS9lTs1Ni+Iy6W99/JzcsLsM0zHUCgYAvqIKEp50gMJrWvvGEXe+R
19 | RdUMwdusyXFs7lwwUTvCqn06CpeBSX3XxpTzjMSSXWCZ+rdzIp1BhV7pLVfblQY0
20 | ZnAQauquRH53SIg5yQOFoHA1daNVdriZpyXT1k5rHcXnyjmipbmQTR6nqQGPJwXf
21 | S77iIr5c/KTa+y/R8F18gQKBgQDXExopqE9N/7VMqRCKfnIQQkXXN7/SSqUcVc0C
22 | 7bMovLLXudyspMsc6Qdy/Ch+1R5g8DqPY5In/zw4enlvGSIcqS4ikLSVYLApAYK/
23 | I1OwaRKhEbVn2wrMsqc12xY2JmTr4EGjb0P91zcTbjIcpNon/bVNOoSDz46h1Az5
24 | fmcWwQKBgHm7fnlHd9VVknIr2ZtvoD7m7jOoa0lKRrlhIsaMefayly7+JY1VJo2y
25 | GhsiReMlC+YQ8hX5QuR3XH8sHydI1U2ke0hWq8mNfHjqhlobTxM8QCJuch6oJ9xP
26 | 6mX7L+HUwW1K/bNOpipgi+AkUwtrauoCWo4ON96LNN/+LU9OGpgA
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/tests/serverRSAPSSCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDWzCCAhKgAwIBAgIJAM94DjB2Qf+GMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
3 | AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAUMRIwEAYD
4 | VQQDDAlsb2NhbGhvc3QwHhcNMTcwMzA4MTMzMzU4WhcNMTcwNDA3MTMzMzU4WjAU
5 | MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKC
6 | AQEApq5FnZRNmtJy+WjNRB8w0ol2+IEcATrUkZpz7HNqq8+EL/GN21m35luz5fcA
7 | 8ifkm4pKxfwtxY7u912tAfsEavUr/UoyLScXQevhr6SLXR8UO3XE6ne1F88eZNpg
8 | KVpocDVKRLjIqKHSSbBNkG76mGKFYyNZXm3qRxaUSHVLnN/opOGfgVK8Vbj0v2EH
9 | 5L5dGLQLV2ZfQ75I4OGrg8wse5fhgt2oczhhe72sEuMDc08WHGRp9744mMQvVYrt
10 | pWUHkP5tdD4i7/zYf3nig21/G56JY20JpW+1J5fEn+PEqiJsv5prNJuPp/zdjD3u
11 | ImqfXZzXUeRIQr9l1qXI6JPInwIDAQABo1AwTjAdBgNVHQ4EFgQUcTYhLu7pODIv
12 | B6KhR6eyFBB5wacwHwYDVR0jBBgwFoAUcTYhLu7pODIvB6KhR6eyFBB5wacwDAYD
13 | VR0TBAUwAwEB/zA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
14 | SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAKMgweHM6WTwlWEQHLG5K+7B
15 | hrAUEAsuK8F7sKGKzLEFzYdzZpkJw8LahE4dFayjx/7MD4rZ5IiHQhJcGCdHIVVv
16 | ocunlEUTgiKkMxTw4JxqSq0snvNBie04vnn+zUjD7FrctTUutzlH1yKftwbJpGk6
17 | CrTW6ctFTAIDwZHd+WX4RPewGY0LTfC+RjcMwWZBmbfVLxuJs0sidSUoNW6GgGE1
18 | DIDVeW2yKGeNhjK/3aDzfQWbz1J64aRfccVzXYMPsoABnNJnJgRETh1/Ci0sQ9Vd
19 | 1OR6iS4hl88/1d7utc00MyFVk1sUIGf54EeCvrNB4bhKtawEJk8Q8AGIRhs93sk=
20 | -----END CERTIFICATE-----
21 |
--------------------------------------------------------------------------------
/tests/serverRSAPSSKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEugIBADALBgkqhkiG9w0BAQoEggSmMIIEogIBAAKCAQEApq5FnZRNmtJy+WjN
3 | RB8w0ol2+IEcATrUkZpz7HNqq8+EL/GN21m35luz5fcA8ifkm4pKxfwtxY7u912t
4 | AfsEavUr/UoyLScXQevhr6SLXR8UO3XE6ne1F88eZNpgKVpocDVKRLjIqKHSSbBN
5 | kG76mGKFYyNZXm3qRxaUSHVLnN/opOGfgVK8Vbj0v2EH5L5dGLQLV2ZfQ75I4OGr
6 | g8wse5fhgt2oczhhe72sEuMDc08WHGRp9744mMQvVYrtpWUHkP5tdD4i7/zYf3ni
7 | g21/G56JY20JpW+1J5fEn+PEqiJsv5prNJuPp/zdjD3uImqfXZzXUeRIQr9l1qXI
8 | 6JPInwIDAQABAoIBAA0BqFkFi5C7P1GLBgl8zZiANZJqsL6/0nqSLN2UnAxQIyaC
9 | mOk29Qy6ty0Iu0AqMMKaZf9REFlMMAWJf8iZx9x4yTf4pDW1yTDRsUi9dEqN9Ew3
10 | gmgxcyYqeVqxV7OiZGftIKCAMthF2Fz7rvHIVzGw7muwBHdD6HYnouaMkJvrFLkW
11 | a41VKi2oJJA4ZXrxHORm9lfAfnvoJVIRvG9z9NDMvi+PBx/wSdFwlVXhSjVnYuTH
12 | laaYBUaH7D9BL8O1aVIRLCDw3Q/4ciTHGByI+6Iremk9nRZEO5igYlK427eKIRGW
13 | lvvy+/+EXPiVwWX9V11CDWm2hOTWYs8wNE7fsSECgYEA2h+gK81yGTpR3/SXxW3i
14 | ojRXXLVxZpi94ZUAvBmOgb+wZQeHWDO0dN37MwAhimHrWsaBEezVKVj6ntBU3Je2
15 | oC+MjLxDaTDvTsvuKvh4zhuiUGcY+XfP9yv9HX3U8Ys3GISJ4HdOBLsISA8zJs+D
16 | vNC6Be/ez9uORb9jfDBG9BcCgYEAw5/UZGWmZLFcwhO5QX8JytXAj9xiMANGBhJb
17 | wQBMEgRpSgHvKI2i32oUOuCQz7wcIgwtgmIhCBz8ld4ky6CYOfQXj+sW9V/drRTl
18 | 4M9H+wdwOsB0/ELIZYlFZ82zMgMYJrEFGZR05DSFbeUHEzm8RG9hbsdxkRBtHQIv
19 | AJOoPLkCgYAJZUlZ+ayLh6aVNgz/lR8pC4Yj2TD8UWIEgI2ajKNF1YL8pxleZEPG
20 | sPUsGjpXoqYnr9tJcWExOcL56lFtex+DwOiV+1oQAuqcA07MDQ3vGuOgAQDjZhTQ
21 | OdXaWlw811lVNghWYe07aO8PY5A5gMDU9ky9CrsXSwbS3E6lv9KemwKBgBhjEm05
22 | ptairbecEdoyZhwdLZZBmRP3NIGJRFr5GIKefim1uATMM2O6q67zU9oxzygHcJzy
23 | cr+6LVrZiKjB6ng/D7jnS8NnIhFzq3ytGoIW2UzZtTvFb4oI5Ngd8prne9lG9CXO
24 | NgxE5+VdSdaBuhCl+fV/c47sB044eXeO8MgxAoGAQUL40ZtfXrbPHBjHwsEHf8hS
25 | XUPtd3cVyPZigz+6P3Cr54GvicRaoaYeUt2zrbjqgiX/bAW/Xq6Pu+UpDyCQ6Er5
26 | OvDrbz1v5sfhn3Eubh2a4LZy7EiKveTtOpmqFs6XZ1FYoMSdeMr44Mql8G2MGa2d
27 | n15sR5bRKF3dVy2qO0A=
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/tests/serverRSAPSSSigCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDXTCCAhSgAwIBAgIJAIcG1jfQrLgJMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
3 | AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAUMRIwEAYD
4 | VQQDDAlsb2NhbGhvc3QwHhcNMTcwMzA4MTI0NTMxWhcNMTcwNDA3MTI0NTMxWjAU
5 | MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
6 | AoIBAQClk5dNlSUuwv7om2xygvniaOeMyg3tDIPe1x7jzsLAcMtKZ3Kt/X6Thiri
7 | nWFRuG+5nasjaeEWMjpxJaOtuZbo7GkhpF8DnUL6Gjoxiy5W8y/FM4I10/okiPjE
8 | 1waOuWGt44/ew3Nma1KBJKlw3R8ZjZUKseh55hNqYrbHSBJdhSP+YtC4d5iZh9Yn
9 | GlGjoYuJOqTPjIdmKORms1JovAST87zFlRIYpqU+XzTQmSNPzjPmOVjcg3qNlAgw
10 | xlXWUkic3MQofZF9WD6xv59X27lzE8Ovc5knMffNWEE14vJPViWQnWuYGL/Q1hRX
11 | Yd6xWVH2jWOTGE8yd1FITbQdeg1bAgMBAAGjUDBOMB0GA1UdDgQWBBR8vDdFwaUI
12 | Nbq8unRxsmEDhu5+wDAfBgNVHSMEGDAWgBR8vDdFwaUINbq8unRxsmEDhu5+wDAM
13 | BgNVHRMEBTADAQH/MD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUDBAIBoRowGAYJ
14 | KoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3gOCAQEAXRhB2MLbQuIzbUUmFQR/
15 | WTxmjpNPdS35/zjcbxoJrJMUY6+sUSB5/Oce4EhaLgcZvRdNE5/PGQUYy/duvRwu
16 | vAXclBpwyP57nIm+1fwACSXp633WMj3Z0cT1veP07k1EUOBIBSt0OefGhC3DTSbu
17 | rEZJ/KuTXQ71XqIeyKN9z0U8B6R0Qhbd3UmZaj/Cs343UaFck6M6K5tR2qfUhp4T
18 | vEvd+qfcL1Ziw7c4rhS/wKLJ31eOUDNpq+QMlTaIVFLUplGwis/XI8RA7hGtcmzH
19 | oELfAkAhSV3vy/K6i5wV1SEI4c69gFjZA+pmOqebcw8q2IG/KUqBbKvRBC6KGrGs
20 | Vg==
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/tests/serverRSAPSSSigKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClk5dNlSUuwv7o
3 | m2xygvniaOeMyg3tDIPe1x7jzsLAcMtKZ3Kt/X6ThirinWFRuG+5nasjaeEWMjpx
4 | JaOtuZbo7GkhpF8DnUL6Gjoxiy5W8y/FM4I10/okiPjE1waOuWGt44/ew3Nma1KB
5 | JKlw3R8ZjZUKseh55hNqYrbHSBJdhSP+YtC4d5iZh9YnGlGjoYuJOqTPjIdmKORm
6 | s1JovAST87zFlRIYpqU+XzTQmSNPzjPmOVjcg3qNlAgwxlXWUkic3MQofZF9WD6x
7 | v59X27lzE8Ovc5knMffNWEE14vJPViWQnWuYGL/Q1hRXYd6xWVH2jWOTGE8yd1FI
8 | TbQdeg1bAgMBAAECggEBAJdaQa1uj02ee6sfH9PRPCClajv9Gxu8G/MgS6FMCCQn
9 | Nv0tcNvw47pwo1UBLcuov6A5qw21JEbI5Tk2gdc01ejW6gcRnLTOFUJPpTBSnKpo
10 | pBssSXNw8LBi8JvmPp1KgiqU4JdtrFhL9GAOpkCAMISIMlxTYkHDea3+zDt/+yG2
11 | MRTHaY7uX+iaC++8EUwW06IkjnyOrDzTopyrWvpAzhNtdtgnUSpzk4g6US1Smt27
12 | n3lWwwgriqdSo+QtRWk4LYRHkf6Ei5z8Sa/Hb7FSclar/Z+F/331Z6trEj+Kxp8Q
13 | 2AdQmTQhtlS2GVOlMkM7UQq5wr25RUsFfEL3yyIeCdECgYEA1dTu/WPgZEMaPOt6
14 | SI592pRegaYWKp+oBXX2FALbmRfNCDK7+ncGy5N4KUZso82noU6GDp3kx0ECRxfz
15 | bS1bAgUhdna/1jZd0TwqJsjAOhR3S9VUzNGT/P6u/+xq/pxem6UUK5Gp24MNwh0q
16 | 03oVAvFXcdZfsRIOINb4X91Lk7MCgYEAxjqLIoaeS2V5fSQn/XVj9nQAlxDgn3dt
17 | PMwxtroYd4je1xyrY1rjxjdmgLXroPQ5XIS+Nxm+Ra99kPwaNd878/MYH1mfo3OO
18 | wCfeibRZOgbBVjxzSQvcTY9vRa1kC9gG9wVQcFKwvcHHdTSTiQlsvcrbAs16B++x
19 | KtWPD5Id67kCgYEAiMPpm94OvnIAzSgbjV699ljhXXEaSmbVc7CwFLqDNBb6B51T
20 | h+4rRXfr6hJmGBrIda6gpaatlhfpWglio9jXlaIsdfWb22nodZRSrX3HHR7L8o/e
21 | 7iW5zp4i1gOjp3fiNxDNptRC3OikmxxGsP4rhDdSo7fmen2+1ZhJQh9rYGsCgYAu
22 | 6a//7cgMo+lKmoH0VBHiQ7XYCqB+XO83UkP5sLUVpQjH8/sDuoDpajcSAvvOzb29
23 | jZTOyYLkTxHyfBdf5IL1yvRMhxNmxXRlOYpLIKl1OCANXqUSBoKOwIFfBhgFTYzo
24 | bROKYad+YRvpOxYnelmH2ThXw3U755gQQRZoYvY90QKBgHZZxTcELBjcM6K+uytC
25 | sR3ZswdFJr/A5hWTYRs6YKYWUo/Cc9AHrVMhAQ7vzUwJcTB7Yb0tlb5B6Fz4q3JE
26 | Mc2bsYkcfC7Aj9+HA+jqb8RbI0GoSlHMgwrJrIDWO/5b0DyV7+zHhArMkYngXU3R
27 | +/Ng3WRLkgTFi5L4mj+Fba1K
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/tests/serverX509Cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDWzCCAkOgAwIBAgIUIEXohYvsQhVNx0vVf+AidDV9yaswDQYJKoZIhvcNAQEL
3 | BQAwVjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
4 | CgwTRGVmYXVsdCBDb21wYW55IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1
5 | MDQwMzEyMzU0NVoXDTM1MDQwMTEyMzU0NVowVjELMAkGA1UEBhMCWFgxFTATBgNV
6 | BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDES
7 | MBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
8 | AQEA5jP7Zqv9vzdGMqgW9gbtl9/s3QFPupZ1LM/qTTevZzNtGjT4vUB+HpMsbP8f
9 | ro9+2ZcNoQ8AOaYnwOOJBbTl5MNXseJUtccbVgrhrtWF0w4MUtSNXXDWuKnWL8JY
10 | ARssdk9BnSA3ht7FjVjsdjlwXlusJtEUcalIciPUl2jfMkFrAmmoz2ccPPTidV2k
11 | koVq3w9sausZkGFemD+inCDkZUBttWugbw23sBN4jNjhgJpRL/2uzsnSpXq1q3N6
12 | BQQaDpoJ2y7gWsZAUDb9FEK0QXwfkDqA93BN7HgI5H5FVdtpZSeXDJ9NGMBUXbEW
13 | JYDRZKEt5NuWLEzG/japRmJ0dQIDAQABoyEwHzAdBgNVHQ4EFgQUWkJPANiYxy7O
14 | j5/EVFklMgKFweowDQYJKoZIhvcNAQELBQADggEBAKiKShGy/3t52UIFIWr2kaii
15 | T+FD40qE+fvHBI7AlWNElkOf6fiEw0SO3gV9Quws2ZWvrAe7/MoAYKQ7rHU77i8+
16 | XNzbh5pGI9/y+NTGDRQewt9Ei9IVSUFH4KCMVLaLeEb5iiqP5lfLGN5TqW6z04Se
17 | fqnp5w4daZsbMMA6v5/mGTWo333ykkKwezufOZ3edbHStD4x0MSXjG1JYMF8KFss
18 | FQlApaK6bQvdHWQmrVXsZZnItNj8/g/8Jj9OiSJ8Y2QNggUAmydKHUuZcB1fISa/
19 | NQMp0MiGBvChEG377F8ceo3+WuTIDxGlWoC1tH9vEAU39LxIfzhWE6eXiTUpnDQ=
20 | -----END CERTIFICATE-----
21 |
--------------------------------------------------------------------------------
/tests/serverX509Key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDmM/tmq/2/N0Yy
3 | qBb2Bu2X3+zdAU+6lnUsz+pNN69nM20aNPi9QH4ekyxs/x+uj37Zlw2hDwA5pifA
4 | 44kFtOXkw1ex4lS1xxtWCuGu1YXTDgxS1I1dcNa4qdYvwlgBGyx2T0GdIDeG3sWN
5 | WOx2OXBeW6wm0RRxqUhyI9SXaN8yQWsCaajPZxw89OJ1XaSShWrfD2xq6xmQYV6Y
6 | P6KcIORlQG21a6BvDbewE3iM2OGAmlEv/a7OydKlerWrc3oFBBoOmgnbLuBaxkBQ
7 | Nv0UQrRBfB+QOoD3cE3seAjkfkVV22llJ5cMn00YwFRdsRYlgNFkoS3k25YsTMb+
8 | NqlGYnR1AgMBAAECggEAUCu6Wj9716RAZlPz6yrug/4QV8elJK5RkJG4X7wM8jwO
9 | uxnHpuFXCv7mce9H8Vs4Kj9ZF8ZJpcof/iVACyS9C7acS+8u4T++XXDcuC7UtHQo
10 | BpDPysMJhLZhSbC9RWVZTrq7dyVJMUdUNa3KbEIEyFfU1I/sNsll2Zpw52o2kSFe
11 | Ip1TGcnVmFu0uKxPrlNLSSNOVQqz2fOYWBJLk98gk54HAkHpFk92FVorn17seAfS
12 | ksF70B9X6MBUa6PDSgQfKCwGd27KBpTivx6d8QVtMNqrFq/cqZ7TwWDIq1atZ0aF
13 | 3mYXfXR0toRyYZEXaa14Ao7iCUt5D8d2IG9u3q88AQKBgQD5x6kiqO+ApY7V0S0g
14 | SyaIdTBjYc9Rbb0qvgy0Mhq68Ekc2fBIdTLc+G9ajkVFIe5blZc0nvwgSLdRfWrJ
15 | bFpX8SS9Aelgp0mcfXgfIpJmLrPijtgEipTCh/73GTJM3ZnHI1z6xrRP0hi1ww2Q
16 | Z8oqF34H6glXfYHfMqy9VaGQ4QKBgQDr74T4BxiXK4dIQ0T4oRE/881dScrVz9Ok
17 | 3wPINa5bIvfqHPl3eAJgRYBkxjKRyxt29wvGtWBQvCTHvFgF9F+3v3mfXJPRHaZZ
18 | e1VJn9Eqjz1KuArIOwSrmnCFrd9jim10Qo36AFU0myridllN/NQn4l7yYgnw2a1/
19 | WbLYq2nSFQKBgAkJWyog2IFb+/3qUmqfrWY0byq5SCnXAYgBVi5SvbrTpKGBlPra
20 | Gpv59PVevkzQ/HGdyNmjgtWcK92r3ugonmAeHkkkP5A6nSQnOehOdONzfxiMOG55
21 | oQYkq2m/JJ25Sq30rpF4DN/yZuh0hRIbXyoErY+VvP7IUKGFkNBMv8qhAoGBANDV
22 | pLPJzClanRcIfA86ukMKMPfm7kQM/gAMapOXeGow7JHr7aCiuC+wtTH+ARrtVbUa
23 | fPD48HTl5ARroNo8cVD6idPWJPzPKsQ/l8FgVcs/GHh/qQOMwdiHDhw1R+sax0FF
24 | +9eS3dh/lBj5uph+NufKxlHzF2t5sclsgxKnvzX1AoGAZlNZt2xn3q/kusUXLovS
25 | WN8C3ty06qLbD99kiWqEC2gSXc94rk7K7R/1XgfxXV8uOA9eUPDBpchd9PUnhwBE
26 | tnkuQZ0fZ1P6EpNTumeL/UvIaA2UFtqrzxxJPJQExPRqX5foT6FhXVtGrNGKw78C
27 | Ft7IqSkjX742rx0ephmvZgE=
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/tests/verifierDB:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tlsfuzzer/tlslite-ng/6805bcb8e6afb0d22b2f5b24e97ba21c525d4d69/tests/verifierDB
--------------------------------------------------------------------------------
/tlslite/__init__.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """TLS Lite is a free python library that implements SSL and TLS. TLS Lite
5 | supports RSA and SRP ciphersuites. TLS Lite is pure python, however it can use
6 | other libraries for faster crypto operations. TLS Lite integrates with several
7 | stdlib neworking libraries.
8 |
9 | API documentation is available in the 'docs' directory.
10 |
11 | If you have questions or feedback, feel free to contact me.
12 |
13 | To use, do::
14 |
15 | from tlslite import TLSConnection, ...
16 |
17 | If you want to import the most useful objects, the cleanest way is::
18 |
19 | from tlslite.api import *
20 |
21 | Then use the :py:class:`TLSConnection` class with a socket.
22 | (Or, use one of the integration classes in :py:mod:`tlslite.integration`).
23 | """
24 |
25 | from tlslite.api import *
26 | from tlslite.api import __version__ # Unsure why this is needed, but it is
27 |
--------------------------------------------------------------------------------
/tlslite/api.py:
--------------------------------------------------------------------------------
1 | # Authors:
2 | # Trevor Perrin
3 | # Esteban Sanchez (FosanzDev) - python 3.12 port
4 | #
5 | # See the LICENSE file for legal information regarding use of this file.
6 |
7 | __version__ = "0.8.2"
8 | # the whole module is about importing most commonly used methods, for use
9 | # by other applications
10 | # pylint: disable=unused-import
11 | from .constants import AlertLevel, AlertDescription, Fault
12 | from .errors import *
13 | from .checker import Checker
14 | from .handshakesettings import HandshakeSettings
15 | from .session import Session
16 | from .sessioncache import SessionCache
17 | from .tlsconnection import TLSConnection
18 | from .verifierdb import VerifierDB
19 | from .x509 import X509
20 | from .x509certchain import X509CertChain
21 |
22 | from .integration.httptlsconnection import HTTPTLSConnection
23 | from .integration.tlssocketservermixin import TLSSocketServerMixIn
24 |
25 | try:
26 | from .integration.tlsasynciodispatchermixin \
27 | import TLSAsyncioDispatcherMixIn
28 |
29 | except ImportError:
30 | # NOTE: asyncio is not available in base python 2, so this try-except
31 | # block is necessary to avoid breaking the import of the
32 | # rest of the module.
33 | pass
34 |
35 | try:
36 | from .integration.tlsasyncdispatchermixin import TLSAsyncDispatcherMixIn
37 | except ImportError:
38 | # NOTE: Left this try-except block as is, due to the possibility to use
39 | # both asyncore and asyncio in the same project no matter the python
40 | # version (if the asyncore module is available).
41 | pass
42 |
43 | from .integration.pop3_tls import POP3_TLS
44 | from .integration.imap4_tls import IMAP4_TLS
45 | from .integration.smtp_tls import SMTP_TLS
46 | from .integration.xmlrpctransport import XMLRPCTransport
47 | from .integration.xmlrpcserver import TLSXMLRPCRequestHandler, \
48 | TLSXMLRPCServer, \
49 | MultiPathTLSXMLRPCServer
50 |
51 | from .utils.cryptomath import m2cryptoLoaded, gmpyLoaded, \
52 | pycryptoLoaded, prngName, GMPY2_LOADED
53 | from .utils.keyfactory import generateRSAKey, parsePEMKey, \
54 | parseAsPublicKey, parsePrivateKey
55 | from .utils.tackwrapper import tackpyLoaded
56 | from .dh import parse as parseDH
57 |
--------------------------------------------------------------------------------
/tlslite/bufferedsocket.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2016, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | """Wrapper around the socket.socket interface that provides buffering"""
6 |
7 | from collections import deque
8 |
9 |
10 | class BufferedSocket(object):
11 | """
12 | Socket that will buffer reads and writes to a real socket object
13 |
14 | When buffer_writes is enabled, writes won't be passed to the real socket
15 | until flush() is called.
16 |
17 | Not multithread safe.
18 |
19 | :vartype buffer_writes: boolean
20 | :ivar buffer_writes: whether to buffer data writes, False by default
21 | """
22 |
23 | def __init__(self, socket):
24 | """Associate socket with the object"""
25 | self.socket = socket
26 | self._write_queue = deque()
27 | self.buffer_writes = False
28 | self._read_buffer = bytearray()
29 |
30 | def send(self, data):
31 | """Send data to the socket"""
32 | if self.buffer_writes:
33 | self._write_queue.append(data)
34 | return len(data)
35 | return self.socket.send(data)
36 |
37 | def sendall(self, data):
38 | """Send data to the socket"""
39 | if self.buffer_writes:
40 | self._write_queue.append(data)
41 | return None
42 | return self.socket.sendall(data)
43 |
44 | def flush(self):
45 | """Send all buffered data"""
46 | buf = bytearray()
47 | for i in self._write_queue:
48 | buf += i
49 | self._write_queue.clear()
50 | if buf:
51 | self.socket.sendall(buf)
52 |
53 | def recv(self, bufsize):
54 | """Receive data from socket (socket emulation)"""
55 | if not self._read_buffer:
56 | self._read_buffer += self.socket.recv(max(4096, bufsize))
57 | ret = self._read_buffer[:bufsize]
58 | del self._read_buffer[:bufsize]
59 | return ret
60 |
61 | def getsockname(self):
62 | """Return the socket's own address (socket emulation)."""
63 | return self.socket.getsockname()
64 |
65 | def getpeername(self):
66 | """
67 | Return the remote address to which the socket is connected
68 |
69 | (socket emulation)
70 | """
71 | return self.socket.getpeername()
72 |
73 | def settimeout(self, value):
74 | """Set a timeout on blocking socket operations (socket emulation)."""
75 | return self.socket.settimeout(value)
76 |
77 | def gettimeout(self):
78 | """
79 | Return the timeout associated with socket operations
80 |
81 | (socket emulation)
82 | """
83 | return self.socket.gettimeout()
84 |
85 | def setsockopt(self, level, optname, value):
86 | """Set the value of the given socket option (socket emulation)."""
87 | return self.socket.setsockopt(level, optname, value)
88 |
89 | def shutdown(self, how):
90 | """Shutdown the underlying socket."""
91 | self.flush()
92 | return self.socket.shutdown(how)
93 |
94 | def close(self):
95 | """Close the underlying socket."""
96 | self.flush()
97 | return self.socket.close()
98 |
--------------------------------------------------------------------------------
/tlslite/checker.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Class for post-handshake certificate checking."""
5 |
6 | from .x509 import X509
7 | from .x509certchain import X509CertChain
8 | from .errors import *
9 |
10 |
11 | class Checker(object):
12 | """
13 | This class is passed to a handshake function to check the other
14 | party's certificate chain.
15 |
16 | If a handshake function completes successfully, but the Checker
17 | judges the other party's certificate chain to be missing or
18 | inadequate, a subclass of
19 | :py:class:`tlslite.errors.TLSAuthenticationError`
20 | will be raised.
21 |
22 | Currently, the Checker can check an X.509 chain.
23 | """
24 |
25 | def __init__(self,
26 | x509Fingerprint=None,
27 | checkResumedSession=False):
28 | """
29 | Create a new Checker instance.
30 |
31 | You must pass in one of these argument combinations:
32 | - x509Fingerprint
33 |
34 | :param str x509Fingerprint: A hex-encoded X.509 end-entity
35 | fingerprint which the other party's end-entity certificate must
36 | match.
37 |
38 | :param bool checkResumedSession: If resumed sessions should be
39 | checked. This defaults to False, on the theory that if the
40 | session was checked once, we don't need to bother
41 | re-checking it.
42 | """
43 |
44 | self.x509Fingerprint = x509Fingerprint
45 | self.checkResumedSession = checkResumedSession
46 |
47 | def __call__(self, connection):
48 | """Check a TLSConnection.
49 |
50 | When a Checker is passed to a handshake function, this will
51 | be called at the end of the function.
52 |
53 | :param tlslite.tlsconnection.TLSConnection connection: The
54 | TLSConnection to examine.
55 |
56 | :raises tlslite.errors.TLSAuthenticationError: If the other
57 | party's certificate chain is missing or bad.
58 | """
59 | if not self.checkResumedSession and connection.resumed:
60 | return
61 |
62 | if self.x509Fingerprint:
63 | if connection._client:
64 | chain = connection.session.serverCertChain
65 | else:
66 | chain = connection.session.clientCertChain
67 |
68 | if self.x509Fingerprint:
69 | if isinstance(chain, X509CertChain):
70 | if self.x509Fingerprint:
71 | if chain.getFingerprint() != self.x509Fingerprint:
72 | raise TLSFingerprintError(\
73 | "X.509 fingerprint mismatch: %s, %s" % \
74 | (chain.getFingerprint(), self.x509Fingerprint))
75 | elif chain:
76 | raise TLSAuthenticationTypeError()
77 | else:
78 | raise TLSNoAuthenticationError()
79 |
--------------------------------------------------------------------------------
/tlslite/dh.py:
--------------------------------------------------------------------------------
1 | # Author:
2 | # Hubert Kario
3 |
4 | """Handling of Diffie-Hellman parameter files."""
5 |
6 | from .utils.asn1parser import ASN1Parser
7 | from .utils.pem import dePem
8 | from .utils.cryptomath import bytesToNumber
9 |
10 |
11 | def parseBinary(data):
12 | """
13 | Parse DH parameters from ASN.1 DER encoded binary string.
14 |
15 | :param bytes data: DH parameters
16 | :rtype: tuple of int
17 | """
18 | parser = ASN1Parser(data)
19 |
20 | prime = parser.getChild(0)
21 | gen = parser.getChild(1)
22 |
23 | return (bytesToNumber(gen.value), bytesToNumber(prime.value))
24 |
25 |
26 | def parse(data):
27 | """
28 | Parses DH parameters from a binary string.
29 |
30 | The string can either by PEM or DER encoded
31 |
32 | :param bytes data: DH parameters
33 | :rtype: tuple of int
34 | :returns: generator and prime
35 | """
36 | try:
37 | return parseBinary(data)
38 | except (SyntaxError, TypeError):
39 | pass
40 |
41 | binData = dePem(data, "DH PARAMETERS")
42 | return parseBinary(binData)
43 |
--------------------------------------------------------------------------------
/tlslite/integration/__init__.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Classes for integrating TLS Lite with other packages."""
5 |
6 | __all__ = ["asyncstatemachine",
7 | "httptlsconnection",
8 | "pop3_tls",
9 | "imap4_tls",
10 | "smtp_tls",
11 | "xmlrpctransport",
12 | "tlssocketservermixin",
13 | "tlsasyncdispatchermixin",
14 | "tlsasynciodispatchermixin"]
15 |
--------------------------------------------------------------------------------
/tlslite/integration/pop3_tls.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """TLS Lite + poplib."""
5 |
6 | import socket
7 | from poplib import POP3, POP3_SSL_PORT
8 | from tlslite.tlsconnection import TLSConnection
9 | from tlslite.integration.clienthelper import ClientHelper
10 |
11 | class POP3_TLS(POP3, ClientHelper):
12 | """This class extends :py:class:`poplib.POP3` with TLS support."""
13 |
14 | def __init__(self, host, port = POP3_SSL_PORT,
15 | timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
16 | username=None, password=None,
17 | certChain=None, privateKey=None,
18 | checker=None,
19 | settings=None):
20 | """Create a new POP3_TLS.
21 |
22 | For client authentication, use one of these argument
23 | combinations:
24 |
25 | - username, password (SRP)
26 | - certChain, privateKey (certificate)
27 |
28 | For server authentication, you can either rely on the
29 | implicit mutual authentication performed by SRP or
30 | you can do certificate-based server
31 | authentication with one of these argument combinations:
32 |
33 | - x509Fingerprint
34 |
35 | Certificate-based server authentication is compatible with
36 | SRP or certificate-based client authentication.
37 |
38 | The caller should be prepared to handle TLS-specific
39 | exceptions. See the client handshake functions in
40 | :py:class:`~tlslite.tlsconnection.TLSConnection`
41 | for details on which
42 | exceptions might be raised.
43 |
44 | :type host: str
45 | :param host: Server to connect to.
46 |
47 | :type port: int
48 | :param port: Port to connect to.
49 |
50 | :type username: str
51 | :param username: SRP username.
52 |
53 | :type password: str
54 | :param password: SRP password for mutual authentication.
55 | Requires the 'username' argument.
56 |
57 | :type certChain: ~tlslite.x509certchain.X509CertChain
58 | :param certChain: Certificate chain for client authentication.
59 | Requires the 'privateKey' argument. Excludes the SRP argument.
60 |
61 | :type privateKey: ~tlslite.utils.rsakey.RSAKey
62 | :param privateKey: Private key for client authentication.
63 | Requires the 'certChain' argument. Excludes the SRP argument.
64 |
65 | :type checker: ~tlslite.checker.Checker
66 | :param checker: Callable object called after handshaking to
67 | evaluate the connection and raise an Exception if necessary.
68 |
69 | :type settings: ~tlslite.handshakesettings.HandshakeSettings
70 | :param settings: Various settings which can be used to control
71 | the ciphersuites, certificate types, and SSL/TLS versions
72 | offered by the client.
73 | """
74 | self.host = host
75 | self.port = port
76 | sock = socket.create_connection((host, port), timeout)
77 | ClientHelper.__init__(self,
78 | username, password,
79 | certChain, privateKey,
80 | checker,
81 | settings)
82 | connection = TLSConnection(sock)
83 | ClientHelper._handshake(self, connection)
84 | self.sock = connection
85 | self.file = self.sock.makefile('rb')
86 | self._debugging = 0
87 | self.welcome = self._getresp()
88 |
--------------------------------------------------------------------------------
/tlslite/integration/smtp_tls.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """TLS Lite + smtplib."""
5 |
6 | from smtplib import SMTP
7 | from tlslite.tlsconnection import TLSConnection
8 | from tlslite.integration.clienthelper import ClientHelper
9 |
10 | class SMTP_TLS(SMTP):
11 | """This class extends :py:class:`smtplib.SMTP` with TLS support."""
12 |
13 | def starttls(self,
14 | username=None, password=None,
15 | certChain=None, privateKey=None,
16 | checker=None,
17 | settings=None):
18 | """Puts the connection to the SMTP server into TLS mode.
19 |
20 | If the server supports TLS, this will encrypt the rest of the SMTP
21 | session.
22 |
23 | For client authentication, use one of these argument
24 | combinations:
25 |
26 | - username, password (SRP)
27 | - certChain, privateKey (certificate)
28 |
29 | For server authentication, you can either rely on the
30 | implicit mutual authentication performed by SRP or
31 | you can do certificate-based server
32 | authentication with one of these argument combinations:
33 |
34 | - x509Fingerprint
35 |
36 | Certificate-based server authentication is compatible with
37 | SRP or certificate-based client authentication.
38 |
39 | The caller should be prepared to handle TLS-specific
40 | exceptions. See the client handshake functions in
41 | :py:class:`~tlslite.tlsconnection.TLSConnection` for details on which
42 | exceptions might be raised.
43 |
44 | :type username: str
45 | :param username: SRP username. Requires the
46 | 'password' argument.
47 |
48 | :type password: str
49 | :param password: SRP password for mutual authentication.
50 | Requires the 'username' argument.
51 |
52 | :type certChain: ~tlslite.x509certchain.X509CertChain
53 | :param certChain: Certificate chain for client authentication.
54 | Requires the 'privateKey' argument. Excludes the SRP arguments.
55 |
56 | :type privateKey: ~tlslite.utils.rsakey.RSAKey
57 | :param privateKey: Private key for client authentication.
58 | Requires the 'certChain' argument. Excludes the SRP arguments.
59 |
60 | :type checker: ~tlslite.checker.Checker
61 | :param checker: Callable object called after handshaking to
62 | evaluate the connection and raise an Exception if necessary.
63 |
64 | :type settings: ~tlslite.handshakesettings.HandshakeSettings
65 | :param settings: Various settings which can be used to control
66 | the ciphersuites, certificate types, and SSL/TLS versions
67 | offered by the client.
68 | """
69 | (resp, reply) = self.docmd("STARTTLS")
70 | if resp == 220:
71 | helper = ClientHelper(
72 | username, password,
73 | certChain, privateKey,
74 | checker,
75 | settings)
76 | conn = TLSConnection(self.sock)
77 | helper._handshake(conn)
78 | self.sock = conn
79 | self.file = conn.makefile('rb')
80 | return (resp, reply)
81 |
--------------------------------------------------------------------------------
/tlslite/integration/tlssocketservermixin.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """TLS Lite + SocketServer."""
5 |
6 | from tlslite.tlsconnection import TLSConnection
7 |
8 | class TLSSocketServerMixIn:
9 | """
10 | This class can be mixed in with any :py:class:`SocketServer.TCPServer` to
11 | add TLS support.
12 |
13 | To use this class, define a new class that inherits from it and
14 | some :py:class:`SocketServer.TCPServer` (with the mix-in first). Then
15 | implement the :py:meth:`handshake` method, doing some sort of server
16 | handshake on the connection argument. If the handshake method
17 | returns True, the RequestHandler will be triggered. Below is a
18 | complete example of a threaded HTTPS server::
19 |
20 | from SocketServer import *
21 | from BaseHTTPServer import *
22 | from SimpleHTTPServer import *
23 | from tlslite import *
24 |
25 | s = open("./serverX509Cert.pem").read()
26 | x509 = X509()
27 | x509.parse(s)
28 | cert_chain = X509CertChain([x509])
29 |
30 | s = open("./serverX509Key.pem").read()
31 | privateKey = parsePEMKey(s, private=True)
32 |
33 | sessionCache = SessionCache()
34 |
35 | class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn,
36 | HTTPServer):
37 | def handshake(self, tlsConnection):
38 | try:
39 | tlsConnection.handshakeServer(certChain=cert_chain,
40 | privateKey=privateKey,
41 | sessionCache=sessionCache)
42 | tlsConnection.ignoreAbruptClose = True
43 | return True
44 | except TLSError, error:
45 | print "Handshake failure:", str(error)
46 | return False
47 |
48 | httpd = MyHTTPServer(('localhost', 443), SimpleHTTPRequestHandler)
49 | httpd.serve_forever()
50 | """
51 |
52 |
53 | def finish_request(self, sock, client_address):
54 | tlsConnection = TLSConnection(sock)
55 | if self.handshake(tlsConnection) == True:
56 | self.RequestHandlerClass(tlsConnection, client_address, self)
57 | tlsConnection.close()
58 |
59 | #Implement this method to do some form of handshaking. Return True
60 | #if the handshake finishes properly and the request is authorized.
61 | def handshake(self, tlsConnection):
62 | raise NotImplementedError()
63 |
--------------------------------------------------------------------------------
/tlslite/integration/xmlrpcserver.py:
--------------------------------------------------------------------------------
1 | # Authors:
2 | # Kees Bos
3 | # Martin von Loewis - python 3 port
4 | #
5 | # See the LICENSE file for legal information regarding use of this file.
6 |
7 | """xmlrpcserver.py - simple XML RPC server supporting TLS."""
8 |
9 | try:
10 | from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
11 | except ImportError:
12 | # Python 3
13 | from xmlrpc.server import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
14 | from .tlssocketservermixin import TLSSocketServerMixIn
15 |
16 |
17 | class TLSXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
18 | """XMLRPCRequestHandler using TLS."""
19 |
20 | # Redefine the setup method (see SocketServer.StreamRequestHandler)
21 | def setup(self):
22 | """Setup the connection for TLS."""
23 | self.connection = self.request
24 | if getattr(self, 'timeout', None) is not None:
25 | # Python 2.7
26 | self.connection.settimeout(self.timeout)
27 | self.rfile = self.connection.makefile('rb', self.rbufsize)
28 | self.wfile = self.connection.makefile('wb', self.wbufsize)
29 |
30 | def do_POST(self):
31 | """Handle the HTTPS POST request."""
32 | SimpleXMLRPCRequestHandler.do_POST(self)
33 | try:
34 | # shut down the connection
35 | self.connection.shutdown()
36 | except:
37 | pass
38 |
39 |
40 | class TLSXMLRPCServer(TLSSocketServerMixIn,
41 | SimpleXMLRPCServer):
42 | """Simple XML-RPC server using TLS."""
43 |
44 | def __init__(self, addr, *args, **kwargs):
45 | if not args and not 'requestHandler' in kwargs:
46 | kwargs['requestHandler'] = TLSXMLRPCRequestHandler
47 | SimpleXMLRPCServer.__init__(self, addr, *args, **kwargs)
48 |
49 |
50 | class MultiPathTLSXMLRPCServer(TLSXMLRPCServer):
51 | """Multipath XML-RPC Server using TLS."""
52 |
53 | def __init__(self, addr, *args, **kwargs):
54 | TLSXMLRPCServer.__init__(addr, *args, **kwargs)
55 | self.dispatchers = {}
56 | self.allow_none = allow_none
57 | self.encoding = encoding
58 |
--------------------------------------------------------------------------------
/tlslite/sessioncache.py:
--------------------------------------------------------------------------------
1 | # Authors:
2 | # Trevor Perrin
3 | # Martin von Loewis - python 3 port
4 | # Mirko Dziadzka - bugfix
5 | #
6 | # See the LICENSE file for legal information regarding use of this file.
7 |
8 | """Class for caching TLS sessions."""
9 |
10 | import threading
11 | import time
12 |
13 | class SessionCache(object):
14 | """This class is used by the server to cache TLS sessions.
15 |
16 | Caching sessions allows the client to use TLS session resumption
17 | and avoid the expense of a full handshake. To use this class,
18 | simply pass a SessionCache instance into the server handshake
19 | function.
20 |
21 | This class is thread-safe.
22 | """
23 |
24 | #References to these instances
25 | #are also held by the caller, who may change the 'resumable'
26 | #flag, so the SessionCache must return the same instances
27 | #it was passed in.
28 |
29 | def __init__(self, maxEntries=10000, maxAge=14400):
30 | """Create a new SessionCache.
31 |
32 | :type maxEntries: int
33 | :param maxEntries: The maximum size of the cache. When this
34 | limit is reached, the oldest sessions will be deleted as
35 | necessary to make room for new ones. The default is 10000.
36 |
37 | :type maxAge: int
38 | :param maxAge: The number of seconds before a session expires
39 | from the cache. The default is 14400 (i.e. 4 hours)."""
40 |
41 | self.lock = threading.Lock()
42 |
43 | # Maps sessionIDs to sessions
44 | self.entriesDict = {}
45 |
46 | #Circular list of (sessionID, timestamp) pairs
47 | self.entriesList = [(None,None)] * maxEntries
48 |
49 | self.firstIndex = 0
50 | self.lastIndex = 0
51 | self.maxAge = maxAge
52 |
53 | def __getitem__(self, sessionID):
54 | self.lock.acquire()
55 | try:
56 | self._purge() #Delete old items, so we're assured of a new one
57 | session = self.entriesDict[bytes(sessionID)]
58 |
59 | #When we add sessions they're resumable, but it's possible
60 | #for the session to be invalidated later on (if a fatal alert
61 | #is returned), so we have to check for resumability before
62 | #returning the session.
63 |
64 | if session.valid():
65 | return session
66 | else:
67 | raise KeyError()
68 | finally:
69 | self.lock.release()
70 |
71 |
72 | def __setitem__(self, sessionID, session):
73 | self.lock.acquire()
74 | try:
75 | #Add the new element
76 | self.entriesDict[bytes(sessionID)] = session
77 | self.entriesList[self.lastIndex] = (bytes(sessionID), time.time())
78 | self.lastIndex = (self.lastIndex+1) % len(self.entriesList)
79 |
80 | #If the cache is full, we delete the oldest element to make an
81 | #empty space
82 | if self.lastIndex == self.firstIndex:
83 | del(self.entriesDict[self.entriesList[self.firstIndex][0]])
84 | self.firstIndex = (self.firstIndex+1) % len(self.entriesList)
85 | finally:
86 | self.lock.release()
87 |
88 | #Delete expired items
89 | def _purge(self):
90 | currentTime = time.time()
91 |
92 | #Search through the circular list, deleting expired elements until
93 | #we reach a non-expired element. Since elements in list are
94 | #ordered in time, we can break once we reach the first non-expired
95 | #element
96 | index = self.firstIndex
97 | while index != self.lastIndex:
98 | if currentTime - self.entriesList[index][1] > self.maxAge:
99 | del(self.entriesDict[self.entriesList[index][0]])
100 | index = (index+1) % len(self.entriesList)
101 | else:
102 | break
103 | self.firstIndex = index
104 |
--------------------------------------------------------------------------------
/tlslite/signed.py:
--------------------------------------------------------------------------------
1 | """Base class that represents any signed object"""
2 |
3 | from .utils.cryptomath import numBytes
4 |
5 | RSA_SIGNATURE_HASHES = ["sha512", "sha384", "sha256", "sha224", "sha1"]
6 | ALL_RSA_SIGNATURE_HASHES = RSA_SIGNATURE_HASHES + ["md5"]
7 | RSA_SCHEMES = ["pss", "pkcs1"]
8 |
9 |
10 | class SignatureSettings(object):
11 | def __init__(self, min_key_size=None, max_key_size=None,
12 | rsa_sig_hashes=None, rsa_schemes=None):
13 | """Create default variables for key-related settings."""
14 | self.min_key_size = min_key_size or 1023
15 | self.max_key_size = max_key_size or 8193
16 | self.rsa_sig_hashes = rsa_sig_hashes or list(RSA_SIGNATURE_HASHES)
17 | self.rsa_schemes = rsa_schemes or list(RSA_SCHEMES)
18 |
19 | def _copy_settings(self, other):
20 | other.min_key_size = self.min_key_size
21 | other.max_key_size = self.max_key_size
22 | other.rsa_sig_hashes = self.rsa_sig_hashes
23 | other.rsa_schemes = self.rsa_schemes
24 |
25 | @staticmethod
26 | def _sanityCheckKeySizes(other):
27 | if other.min_key_size < 512:
28 | raise ValueError("min_key_size too small")
29 | if other.min_key_size > 16384:
30 | raise ValueError("min_key_size too large")
31 | if other.max_key_size < 512:
32 | raise ValueError("max_key_size too small")
33 | if other.max_key_size > 16384:
34 | raise ValueError("max_key_size too large")
35 | if other.max_key_size < other.min_key_size:
36 | raise ValueError("max_key_size smaller than min_key_size")
37 |
38 | @staticmethod
39 | def _sanityCheckSignatureAlgs(other):
40 | not_allowed = [alg for alg in other.rsa_sig_hashes
41 | if alg not in ALL_RSA_SIGNATURE_HASHES]
42 | if len(not_allowed) > 0:
43 | raise ValueError("Following signature algorithms are not allowed: "
44 | "{0}".format(", ".join(not_allowed)))
45 |
46 | def validate(self):
47 | other = SignatureSettings()
48 | self._copy_settings(other)
49 | self._sanityCheckKeySizes(other)
50 | self._sanityCheckSignatureAlgs(other)
51 | return other
52 |
53 |
54 | class SignedObject(object):
55 | def __init__(self):
56 | self.tbs_data = None
57 | self.signature = None
58 | self.signature_alg = None
59 |
60 | _hash_algs_OIDs = {
61 | tuple([0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x4]): 'md5',
62 | tuple([0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x5]): 'sha1',
63 | tuple([0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xe]): 'sha224',
64 | tuple([0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xc]): 'sha384',
65 | tuple([0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xb]): 'sha256',
66 | tuple([0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xd]): 'sha512'
67 | }
68 |
69 | def verify_signature(self, publicKey, settings=None):
70 | """ Verify signature in a reponse"""
71 | offset = 0
72 | settings = settings or SignatureSettings()
73 |
74 | # workaround as some signature encodings could be zero left-padded
75 | if (self.signature[0] == 0 and
76 | numBytes(publicKey.n) + 1 == len(self.signature)):
77 | offset = 1
78 |
79 | alg = self._hash_algs_OIDs[tuple(self.signature_alg)]
80 | if alg not in settings.rsa_sig_hashes:
81 | raise ValueError("Invalid signature algorithm: {0}".format(alg))
82 | verified = publicKey.hashAndVerify(self.signature[offset:],
83 | self.tbs_data, hAlg=alg)
84 | if not verified:
85 | raise ValueError("Signature could not be verified for {0}"
86 | .format(alg))
87 | return True
88 |
--------------------------------------------------------------------------------
/tlslite/utils/__init__.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Toolkit for crypto and other stuff."""
5 |
6 | __all__ = ["aes",
7 | "asn1parser",
8 | "cipherfactory",
9 | "codec",
10 | "cryptomath",
11 | "datefuncs",
12 | "compat",
13 | "keyfactory",
14 | "openssl_aes",
15 | "openssl_rc4",
16 | "openssl_rsakey",
17 | "openssl_tripledes",
18 | "pycrypto_aes",
19 | "pycrypto_rc4",
20 | "pycrypto_rsakey",
21 | "pycrypto_tripledes",
22 | "python_aes",
23 | "python_rc4",
24 | "python_rsakey",
25 | "python_ecdsakey",
26 | "python_eddsakey",
27 | "python_dsakey",
28 | "rc4",
29 | "rijndael",
30 | "rsakey",
31 | "tackpywrapper",
32 | "tripledes"]
33 |
--------------------------------------------------------------------------------
/tlslite/utils/aes.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Abstract class for AES."""
5 |
6 | class AES(object):
7 | def __init__(self, key, mode, IV, implementation):
8 | if len(key) not in (16, 24, 32):
9 | raise AssertionError()
10 | if mode not in [2, 6]:
11 | raise AssertionError()
12 | if mode == 2:
13 | if len(IV) != 16:
14 | raise AssertionError()
15 | if mode == 6:
16 | if len(IV) > 16:
17 | raise AssertionError()
18 | self.isBlockCipher = True
19 | self.isAEAD = False
20 | self.block_size = 16
21 | self.implementation = implementation
22 | if len(key)==16:
23 | self.name = "aes128"
24 | elif len(key)==24:
25 | self.name = "aes192"
26 | elif len(key)==32:
27 | self.name = "aes256"
28 | else:
29 | raise AssertionError()
30 |
31 | #CBC-Mode encryption, returns ciphertext
32 | #WARNING: *MAY* modify the input as well
33 | def encrypt(self, plaintext):
34 | assert(len(plaintext) % 16 == 0)
35 |
36 | #CBC-Mode decryption, returns plaintext
37 | #WARNING: *MAY* modify the input as well
38 | def decrypt(self, ciphertext):
39 | assert(len(ciphertext) % 16 == 0)
40 |
--------------------------------------------------------------------------------
/tlslite/utils/brotlidecpy/LICENCE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2021 by Sidney Markowitz.
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
--------------------------------------------------------------------------------
/tlslite/utils/brotlidecpy/__init__.py:
--------------------------------------------------------------------------------
1 | '''
2 | This module it pure python brotli decompress.
3 | Copied from https://github.com/sidney/brotlidecpy
4 | '''
5 |
6 | from __future__ import absolute_import
7 |
8 | __version__ = "1.0.3"
9 |
10 | # noinspection PyUnresolvedReferences
11 | from .decode import brotli_decompress_buffer as decompress
12 |
--------------------------------------------------------------------------------
/tlslite/utils/brotlidecpy/bit_reader.py:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Sidney Markowitz All Rights Reserved.
2 | # Distributed under MIT license.
3 | # See file LICENSE for detail or copy at https://opensource.org/licenses/MIT
4 |
5 |
6 | class BrotliBitReader:
7 | """
8 | Wrap a bytes buffer to enable reading 0 < n <=24 bits at a time, or
9 | transfer of arbitrary number of bytes
10 | """
11 |
12 | kBitMask = [
13 | 0x000000, 0x000001, 0x000003, 0x000007, 0x00000f, 0x00001f, 0x00003f,
14 | 0x00007f, 0x0000ff, 0x0001ff, 0x0003ff, 0x0007ff, 0x000fff, 0x001fff,
15 | 0x003fff, 0x007fff, 0x00ffff, 0x01ffff, 0x03ffff, 0x07ffff, 0x0fffff,
16 | 0x1fffff, 0x3fffff, 0x7fffff, 0xffffff
17 | ]
18 |
19 | def __init__(self, input_buffer):
20 | self.buf_ = bytearray(input_buffer)
21 | self.buf_len_ = len(input_buffer)
22 | self.pos_ = 0 # byte position in stream
23 | # current bit-reading position in current byte (number bits already
24 | # read from byte, 0-7)
25 | self.bit_pos_ = 0
26 |
27 | def reset(self):
28 | """Reset an initialized BrotliBitReader to start of input buffer"""
29 | self.pos_ = 0
30 | self.bit_pos_ = 0
31 |
32 | def read_bits(self, n_bits, bits_to_skip=None):
33 | """
34 | Get n_bits unsigned integer treating input as little-endian byte
35 | stream, maybe advancing input buffer pointer
36 |
37 | n_bits: is number of bits to read from input buffer. Set to None or 0
38 | to seek ahead ignoring the value
39 | bits_to_skip: number of bits to advance in input_buffer, defaults to
40 | n_bits if it is None pass in 0 to peek at the next n_bits of value
41 | without advancing
42 |
43 | It is ok to have n_bits and bits_to_skip be different non-zero values
44 | if that is what is wanted
45 |
46 | Returns: the next n_bits from the buffer as a little-endian integer,
47 | 0 if n_bits is None or 0
48 | """
49 | val = 0
50 | if bits_to_skip is None:
51 | bits_to_skip = n_bits
52 | if n_bits:
53 | bytes_shift = 0
54 | buf_pos = self.pos_
55 | bit_pos_when_done = n_bits + self.bit_pos_
56 | while bytes_shift < bit_pos_when_done:
57 | if buf_pos >= self.buf_len_:
58 | # if hit end of buffer, this simulates zero padding after
59 | # end, which is correct
60 | break
61 | val |= self.buf_[buf_pos] << bytes_shift
62 | bytes_shift += 8
63 | buf_pos += 1
64 | val = (val >> self.bit_pos_) & self.kBitMask[n_bits]
65 | if bits_to_skip:
66 | next_in_bits = self.bit_pos_ + bits_to_skip
67 | self.bit_pos_ = next_in_bits & 7
68 | self.pos_ += next_in_bits >> 3
69 | return val
70 |
71 | def copy_bytes(self, dest_buffer, dest_pos, n_bytes):
72 | """
73 | Copy bytes from input buffer. This will first skip to next byte
74 | boundary if not already on one
75 | """
76 | if self.bit_pos_ != 0:
77 | self.bit_pos_ = 0
78 | self.pos_ += 1
79 | # call with n_bytes == 0 to just skip to next byte boundary
80 | if n_bytes > 0:
81 | new_pos = self.pos_ + n_bytes
82 | memoryview(dest_buffer)[dest_pos:dest_pos+n_bytes] = \
83 | self.buf_[self.pos_:new_pos]
84 | self.pos_ = new_pos
85 |
--------------------------------------------------------------------------------
/tlslite/utils/brotlidecpy/brotli-dict:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tlsfuzzer/tlslite-ng/6805bcb8e6afb0d22b2f5b24e97ba21c525d4d69/tlslite/utils/brotlidecpy/brotli-dict
--------------------------------------------------------------------------------
/tlslite/utils/brotlidecpy/dictionary.py:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Sidney Markowitz All Rights Reserved.
2 | # Distributed under MIT license.
3 | # See file LICENSE for detail or copy at https://opensource.org/licenses/MIT
4 |
5 | import pkgutil
6 |
7 |
8 | class BrotliDictionary:
9 | def __init__(self):
10 | pass
11 |
12 | offsetsByLength = [
13 | 0, 0, 0, 0, 0, 4096, 9216, 21504, 35840, 44032,
14 | 53248, 63488, 74752, 87040, 93696, 100864, 104704, 106752, 108928,
15 | 113536, 115968, 118528, 119872, 121280, 122016
16 | ]
17 |
18 | sizeBitsByLength = bytearray([
19 | 0, 0, 0, 0, 10, 10, 11, 11, 10, 10,
20 | 10, 10, 10, 9, 9, 8, 7, 7, 8, 7,
21 | 7, 6, 6, 5, 5
22 | ])
23 |
24 | minDictionaryWordLength = 4
25 | maxDictionaryWordLength = 24
26 |
27 | dictionary = pkgutil.get_data('brotlidecpy', 'brotli-dict')
28 |
--------------------------------------------------------------------------------
/tlslite/utils/brotlidecpy/prefix.py:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Sidney Markowitz All Rights Reserved.
2 | # Distributed under MIT license.
3 | # See file LICENSE for detail or copy at https://opensource.org/licenses/MIT
4 |
5 | class Prefix:
6 | """
7 | Represents the range of values belonging to a prefix code:
8 | [offset, offset + 2^nbits)
9 | """
10 | def __init__(self, offset, nbits):
11 | self.offset = offset
12 | self.nbits = nbits
13 |
14 | kInsertRangeLut = [0, 0, 8, 8, 0, 16, 8, 16, 16]
15 |
16 | kCopyRangeLut = [0, 8, 0, 8, 16, 0, 16, 8, 16]
17 |
18 |
19 | kBlockLengthPrefixCode = [
20 | Prefix(1, 2), Prefix(5, 2), Prefix(9, 2), Prefix(13, 2),
21 | Prefix(17, 3), Prefix(25, 3), Prefix(33, 3), Prefix(41, 3),
22 | Prefix(49, 4), Prefix(65, 4), Prefix(81, 4), Prefix(97, 4),
23 | Prefix(113, 5), Prefix(145, 5), Prefix(177, 5), Prefix(209, 5),
24 | Prefix(241, 6), Prefix(305, 6), Prefix(369, 7), Prefix(497, 8),
25 | Prefix(753, 9), Prefix(1265, 10), Prefix(2289, 11), Prefix(4337, 12),
26 | Prefix(8433, 13), Prefix(16625, 24)]
27 |
28 | kInsertLengthPrefixCode = [
29 | Prefix(0, 0), Prefix(1, 0), Prefix(2, 0), Prefix(3, 0),
30 | Prefix(4, 0), Prefix(5, 0), Prefix(6, 1), Prefix(8, 1),
31 | Prefix(10, 2), Prefix(14, 2), Prefix(18, 3), Prefix(26, 3),
32 | Prefix(34, 4), Prefix(50, 4), Prefix(66, 5), Prefix(98, 5),
33 | Prefix(130, 6), Prefix(194, 7), Prefix(322, 8), Prefix(578, 9),
34 | Prefix(1090, 10), Prefix(2114, 12), Prefix(6210, 14), Prefix(22594, 24)]
35 |
36 | kCopyLengthPrefixCode = [
37 | Prefix(2, 0), Prefix(3, 0), Prefix(4, 0), Prefix(5, 0),
38 | Prefix(6, 0), Prefix(7, 0), Prefix(8, 0), Prefix(9, 0),
39 | Prefix(10, 1), Prefix(12, 1), Prefix(14, 2), Prefix(18, 2),
40 | Prefix(22, 3), Prefix(30, 3), Prefix(38, 4), Prefix(54, 4),
41 | Prefix(70, 5), Prefix(102, 5), Prefix(134, 6), Prefix(198, 7),
42 | Prefix(326, 8), Prefix(582, 9), Prefix(1094, 10), Prefix(2118, 24)]
43 |
--------------------------------------------------------------------------------
/tlslite/utils/chacha20_poly1305.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2015, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 | """Pure Python implementation of ChaCha20/Poly1305 AEAD cipher
5 |
6 | Implementation that follows RFC 7539 and draft-ietf-tls-chacha20-poly1305-00
7 | """
8 |
9 | from __future__ import division
10 | from .constanttime import ct_compare_digest
11 | from .chacha import ChaCha
12 | from .poly1305 import Poly1305
13 | import struct
14 |
15 | class CHACHA20_POLY1305(object):
16 |
17 | """Pure python implementation of ChaCha20/Poly1305 AEAD cipher"""
18 |
19 | def __init__(self, key, implementation):
20 | """Set the initial state for the ChaCha20 AEAD"""
21 | if len(key) != 32:
22 | raise ValueError("Key must be 256 bit long")
23 | if implementation != "python":
24 | raise ValueError("Implementations other then python unsupported")
25 |
26 | self.isBlockCipher = False
27 | self.isAEAD = True
28 | self.nonceLength = 12
29 | self.tagLength = 16
30 | self.implementation = implementation
31 | self.name = "chacha20-poly1305"
32 | self.key = key
33 |
34 | @staticmethod
35 | def poly1305_key_gen(key, nonce):
36 | """Generate the key for the Poly1305 authenticator"""
37 | poly = ChaCha(key, nonce)
38 | return poly.encrypt(bytearray(32))
39 |
40 | @staticmethod
41 | def pad16(data):
42 | """Return padding for the Associated Authenticated Data"""
43 | if len(data) % 16 == 0:
44 | return bytearray(0)
45 | else:
46 | return bytearray(16-(len(data)%16))
47 |
48 | def seal(self, nonce, plaintext, data):
49 | """
50 | Encrypts and authenticates plaintext using nonce and data. Returns the
51 | ciphertext, consisting of the encrypted plaintext and tag concatenated.
52 | """
53 | if len(nonce) != 12:
54 | raise ValueError("Nonce must be 96 bit large")
55 |
56 | otk = self.poly1305_key_gen(self.key, nonce)
57 |
58 | ciphertext = ChaCha(self.key, nonce, counter=1).encrypt(plaintext)
59 |
60 | mac_data = data + self.pad16(data)
61 | mac_data += ciphertext + self.pad16(ciphertext)
62 | mac_data += struct.pack(' 253:
35 | return False
36 |
37 | # must not be all-numeric, so that it can't be confused with an ip-address
38 | if re.match(r"[\d.]+$", hostname):
39 | return False
40 |
41 | allowed = re.compile(r"(?!-)[A-Z\d-]{1,63}(?>= 8
30 | return bytearray(ret)
31 |
32 | def __init__(self, key):
33 | """Set the authenticator key"""
34 | if len(key) != 32:
35 | raise ValueError("Key must be 256 bit long")
36 | self.acc = 0
37 | self.r = self.le_bytes_to_num(key[0:16])
38 | self.r &= 0x0ffffffc0ffffffc0ffffffc0fffffff
39 | self.s = self.le_bytes_to_num(key[16:32])
40 |
41 | def create_tag(self, data):
42 | """Calculate authentication tag for data"""
43 | for i in range(0, divceil(len(data), 16)):
44 | n = self.le_bytes_to_num(data[i*16:(i+1)*16] + b'\x01')
45 | self.acc += n
46 | self.acc = (self.r * self.acc) % self.P
47 | self.acc += self.s
48 | return self.num_to_16_le_bytes(self.acc)
49 |
50 |
--------------------------------------------------------------------------------
/tlslite/utils/pycrypto_aes.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """PyCrypto AES implementation."""
5 |
6 | from .cryptomath import *
7 | from .aes import *
8 |
9 | if pycryptoLoaded:
10 | import Crypto.Cipher.AES
11 |
12 | def new(key, mode, IV):
13 | return PyCrypto_AES(key, mode, IV)
14 |
15 | class PyCrypto_AES(AES):
16 |
17 | def __init__(self, key, mode, IV):
18 | AES.__init__(self, key, mode, IV, "pycrypto")
19 | key = bytes(key)
20 | IV = bytes(IV)
21 | self.context = Crypto.Cipher.AES.new(key, mode, IV)
22 |
23 | def encrypt(self, plaintext):
24 | plaintext = bytes(plaintext)
25 | return bytearray(self.context.encrypt(plaintext))
26 |
27 | def decrypt(self, ciphertext):
28 | ciphertext = bytes(ciphertext)
29 | return bytearray(self.context.decrypt(ciphertext))
30 |
--------------------------------------------------------------------------------
/tlslite/utils/pycrypto_aesgcm.py:
--------------------------------------------------------------------------------
1 | # Author: Google
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """PyCrypto AES-GCM implementation."""
5 |
6 | from .cryptomath import *
7 | from .aesgcm import AESGCM
8 |
9 | if pycryptoLoaded:
10 | import Crypto.Cipher.AES
11 |
12 | def new(key):
13 | cipher = Crypto.Cipher.AES.new(bytes(key))
14 | def encrypt(plaintext):
15 | return bytearray(cipher.encrypt(bytes(plaintext)))
16 | return AESGCM(key, "pycrypto", encrypt)
17 |
--------------------------------------------------------------------------------
/tlslite/utils/pycrypto_rc4.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """PyCrypto RC4 implementation."""
5 |
6 | from .cryptomath import *
7 | from .rc4 import *
8 |
9 | if pycryptoLoaded:
10 | import Crypto.Cipher.ARC4
11 |
12 | def new(key):
13 | return PyCrypto_RC4(key)
14 |
15 | class PyCrypto_RC4(RC4):
16 |
17 | def __init__(self, key):
18 | RC4.__init__(self, key, "pycrypto")
19 | key = bytes(key)
20 | self.context = Crypto.Cipher.ARC4.new(key)
21 |
22 | def encrypt(self, plaintext):
23 | plaintext = bytes(plaintext)
24 | return bytearray(self.context.encrypt(plaintext))
25 |
26 | def decrypt(self, ciphertext):
27 | ciphertext = bytes(ciphertext)
28 | return bytearray(self.context.decrypt(ciphertext))
--------------------------------------------------------------------------------
/tlslite/utils/pycrypto_rsakey.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """PyCrypto RSA implementation."""
5 |
6 | from __future__ import print_function
7 | import sys
8 |
9 | from .cryptomath import *
10 |
11 | from .rsakey import *
12 | from .python_rsakey import Python_RSAKey
13 | from .compat import compatLong
14 |
15 | if pycryptoLoaded:
16 |
17 | from Crypto.PublicKey import RSA
18 |
19 | class PyCrypto_RSAKey(RSAKey):
20 | def __init__(self, n=0, e=0, d=0, p=0, q=0, dP=0, dQ=0, qInv=0,
21 | key_type="rsa"):
22 | del dP, dQ, qInv # pycrypto calculates them by its own
23 | if not d:
24 | self.rsa = RSA.construct((compatLong(n), compatLong(e)))
25 | else:
26 | self.rsa = RSA.construct((compatLong(n), compatLong(e),
27 | compatLong(d), compatLong(p),
28 | compatLong(q)))
29 | self.key_type = key_type
30 |
31 | def __getattr__(self, name):
32 | return getattr(self.rsa, name)
33 |
34 | def hasPrivateKey(self):
35 | return self.rsa.has_private()
36 |
37 | def _rawPrivateKeyOp(self, message):
38 | try:
39 | return self.rsa.decrypt((compatLong(message),))
40 | except ValueError as e:
41 | print("rsa: {0!r}".format(self.rsa), file=sys.stderr)
42 | values = []
43 | for name in ["n", "e", "d", "p", "q", "dP", "dQ", "qInv"]:
44 | values.append("{0}: {1}".format(name,
45 | getattr(self, name, None)))
46 | print(", ".join(values), file=sys.stderr)
47 | print("message: {0}".format(message), file=sys.stderr)
48 | raise
49 |
50 |
51 | def _rawPublicKeyOp(self, ciphertext):
52 | try:
53 | return self.rsa.encrypt(compatLong(ciphertext), None)[0]
54 | except ValueError as e:
55 | print("rsa: {0!r}".format(self.rsa), file=sys.stderr)
56 | values = []
57 | for name in ["n", "e", "d", "p", "q", "dP", "dQ", "qInv"]:
58 | values.append("{0}: {1}".format(name,
59 | getattr(self, name, None)))
60 | print(", ".join(values), file=sys.stderr)
61 | print("ciphertext: {0}".format(ciphertext), file=sys.stderr)
62 | raise
63 |
64 | @staticmethod
65 | def generate(bits, key_type="rsa"):
66 | key = PyCrypto_RSAKey()
67 | def f(numBytes):
68 | return bytes(getRandomBytes(numBytes))
69 | key.rsa = RSA.generate(bits, f)
70 | key.key_type = key_type
71 | return key
72 |
--------------------------------------------------------------------------------
/tlslite/utils/pycrypto_tripledes.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """PyCrypto 3DES implementation."""
5 |
6 | from .cryptomath import *
7 | from .tripledes import *
8 |
9 | if pycryptoLoaded:
10 | import Crypto.Cipher.DES3
11 |
12 | def new(key, mode, IV):
13 | return PyCrypto_TripleDES(key, mode, IV)
14 |
15 | class PyCrypto_TripleDES(TripleDES):
16 |
17 | def __init__(self, key, mode, IV):
18 | TripleDES.__init__(self, key, mode, IV, "pycrypto")
19 | key = bytes(key)
20 | IV = bytes(IV)
21 | self.context = Crypto.Cipher.DES3.new(key, mode, IV)
22 |
23 | def encrypt(self, plaintext):
24 | plaintext = bytes(plaintext)
25 | return bytearray(self.context.encrypt(plaintext))
26 |
27 | def decrypt(self, ciphertext):
28 | ciphertext = bytes(ciphertext)
29 | return bytearray(self.context.decrypt(ciphertext))
--------------------------------------------------------------------------------
/tlslite/utils/python_aesccm.py:
--------------------------------------------------------------------------------
1 | # Author: Ivan Nikolchev
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """ Pure Python AES-CCM implementation."""
5 |
6 | from tlslite.utils.aesccm import AESCCM
7 |
8 | def new(key, tagLength=16):
9 | return AESCCM(key, "python", bytearray(16), tagLength)
10 |
--------------------------------------------------------------------------------
/tlslite/utils/python_aesgcm.py:
--------------------------------------------------------------------------------
1 | # Author: Google
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Pure-Python AES-GCM implementation."""
5 |
6 | from .aesgcm import AESGCM
7 | from .rijndael import Rijndael
8 |
9 |
10 | def new(key):
11 | return AESGCM(key, "python", Rijndael(key, 16).encrypt)
12 |
--------------------------------------------------------------------------------
/tlslite/utils/python_chacha20_poly1305.py:
--------------------------------------------------------------------------------
1 | # Author: Hubert Kario (c) 2015
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | """Pure-Python ChaCha20/Poly1305 implementation."""
6 |
7 | from .chacha20_poly1305 import CHACHA20_POLY1305
8 |
9 | def new(key):
10 | """Return an AEAD cipher implementation"""
11 | return CHACHA20_POLY1305(key, "python")
12 |
--------------------------------------------------------------------------------
/tlslite/utils/python_ecdsakey.py:
--------------------------------------------------------------------------------
1 | # Author Hubert Kario, copyright 2019
2 |
3 | from .ecdsakey import ECDSAKey
4 | from ecdsa.curves import curves
5 | from ecdsa.util import sigencode_der, sigdecode_der
6 | from ecdsa.keys import VerifyingKey, SigningKey, BadSignatureError
7 | from ecdsa.ellipticcurve import Point
8 | from ecdsa.der import UnexpectedDER
9 | from . import tlshashlib
10 | from .cryptomath import numBits
11 | from .compat import compatHMAC
12 |
13 | class Python_ECDSAKey(ECDSAKey):
14 | """
15 | Concrete implementation of ECDSA object backed by python-ecdsa.
16 |
17 | Object that uses the common, abstract API of asymmetric keys
18 | that uses the python-ecdsa library for the cryptographic operations.
19 |
20 | :vartype public_key: VerifyingKey
21 | :ivar public_key: python-ecdsa object for veryfying ECDSA signatures, if
22 | `private_key` is set, it should match it (should be able to verify
23 | signatures created by it)
24 |
25 | :vartype private_key: SigningKey
26 | :ivar private_key: python-ecdsa object for creating ECDSA signatures
27 |
28 | :vartype key_type: str
29 | :ivar key_type: type of assymetric algorithm used by the keys - for this
30 | objects it is always 'ecdsa'
31 | """
32 |
33 | def __init__(self, x, y, curve_name, secret_multiplier=None):
34 | if not curve_name:
35 | raise ValueError("curve_name must be specified")
36 | self.curve_name = curve_name
37 |
38 | for c in curves:
39 | if c.name == curve_name or c.openssl_name == curve_name:
40 | curve = c
41 | break
42 | else:
43 | raise ValueError("Curve '{0}' not supported by python-ecdsa"
44 | .format(curve_name))
45 |
46 | self.private_key = None
47 | self.public_key = None
48 | self.key_type = "ecdsa"
49 |
50 | if secret_multiplier:
51 | self.private_key = SigningKey.from_secret_exponent(
52 | secret_multiplier, curve)
53 |
54 | if x and y:
55 | point = Point(curve.curve, x, y)
56 | self.public_key = VerifyingKey.from_public_point(point, curve)
57 |
58 | if not self.public_key:
59 | self.public_key = self.private_key.get_verifying_key()
60 |
61 | def __len__(self):
62 | return numBits(self.public_key.curve.order)
63 |
64 | def hasPrivateKey(self):
65 | return bool(self.private_key)
66 |
67 | def acceptsPassword(self):
68 | return False
69 |
70 | @staticmethod
71 | def generate(bits):
72 | raise NotImplementedError()
73 |
74 | def _sign(self, data, hAlg):
75 | func = getattr(tlshashlib, hAlg)
76 |
77 | return self.private_key.\
78 | sign_digest_deterministic(compatHMAC(data),
79 | hashfunc=func,
80 | sigencode=sigencode_der)
81 |
82 | def _hashAndSign(self, data, hAlg):
83 | return self.private_key.sign_deterministic(compatHMAC(data),
84 | hash=getattr(tlshashlib,
85 | hAlg),
86 | sigencode=sigencode_der)
87 |
88 | def _verify(self, signature, hash_bytes):
89 | try:
90 | return self.public_key.verify_digest(compatHMAC(signature),
91 | compatHMAC(hash_bytes),
92 | sigdecode_der)
93 | # https://github.com/warner/python-ecdsa/issues/114
94 | except (BadSignatureError, UnexpectedDER, IndexError, AssertionError):
95 | return False
96 |
--------------------------------------------------------------------------------
/tlslite/utils/python_eddsakey.py:
--------------------------------------------------------------------------------
1 | # Author Hubert Kario, copyright 2021
2 |
3 | from .eddsakey import EdDSAKey
4 | from ecdsa.keys import BadSignatureError
5 | from ecdsa.der import UnexpectedDER
6 | from .cryptomath import numBits
7 | from .compat import compatHMAC
8 |
9 |
10 | class Python_EdDSAKey(EdDSAKey):
11 | """
12 | Concrete implementation of EdDSA object backed by python-ecdsa.
13 |
14 | Object that uses the common, abstract API of asymmetric keys
15 | that uses the python-ecdsa library for the cryptographic operations.
16 |
17 | :vartype public_key: VerifyingKey
18 | :ivar public_key: python-ecdsa object for veryfying EdDSA signatures, if
19 | `private_key` is set, it should match it (should be able to verify
20 | signatures created by it)
21 |
22 | :vartype private_key: SigningKey
23 | :ivar private_key: python-ecdsa object for creating EdDSA signatures
24 |
25 | :vartype key_type: str
26 | :ivar key_type: type of assymetric algorithm used by the keys - for this
27 | objects it is either "Ed25519" or "Ed448"
28 | """
29 |
30 | def __init__(self, public_key, private_key=None):
31 | if not public_key and not private_key:
32 | raise ValueError("at least one key must be provided")
33 | if not public_key:
34 | public_key = private_key.verifying_key
35 |
36 | self.curve_name = public_key.curve.name
37 |
38 | self.private_key = private_key
39 | self.public_key = public_key
40 | self.key_type = self.curve_name
41 |
42 | def __len__(self):
43 | return numBits(self.public_key.curve.order)
44 |
45 | def hasPrivateKey(self):
46 | return bool(self.private_key)
47 |
48 | def acceptsPassword(self):
49 | return False
50 |
51 | @staticmethod
52 | def generate(bits):
53 | raise NotImplementedError()
54 |
55 | def _hashAndSign(self, data):
56 | return self.private_key.sign_deterministic(compatHMAC(data))
57 |
58 | def _hashAndVerify(self, signature, data):
59 | try:
60 | return self.public_key.verify(compatHMAC(signature),
61 | compatHMAC(data))
62 | # https://github.com/warner/python-ecdsa/issues/114
63 | except (BadSignatureError, UnexpectedDER, IndexError, AssertionError):
64 | return False
65 |
--------------------------------------------------------------------------------
/tlslite/utils/python_rc4.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Pure-Python RC4 implementation."""
5 |
6 | from .rc4 import RC4
7 | from .cryptomath import *
8 |
9 | def new(key):
10 | return Python_RC4(key)
11 |
12 | class Python_RC4(RC4):
13 | def __init__(self, keyBytes):
14 | RC4.__init__(self, keyBytes, "python")
15 | S = [i for i in range(256)]
16 | j = 0
17 | for i in range(256):
18 | j = (j + S[i] + keyBytes[i % len(keyBytes)]) % 256
19 | S[i], S[j] = S[j], S[i]
20 |
21 | self.S = S
22 | self.i = 0
23 | self.j = 0
24 |
25 | def encrypt(self, plaintextBytes):
26 | ciphertextBytes = plaintextBytes[:]
27 | S = self.S
28 | i = self.i
29 | j = self.j
30 | for x in range(len(ciphertextBytes)):
31 | i = (i + 1) % 256
32 | j = (j + S[i]) % 256
33 | S[i], S[j] = S[j], S[i]
34 | t = (S[i] + S[j]) % 256
35 | ciphertextBytes[x] ^= S[t]
36 | self.i = i
37 | self.j = j
38 | return ciphertextBytes
39 |
40 | def decrypt(self, ciphertext):
41 | return self.encrypt(ciphertext)
42 |
--------------------------------------------------------------------------------
/tlslite/utils/rc4.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Abstract class for RC4."""
5 |
6 |
7 | class RC4(object):
8 | def __init__(self, keyBytes, implementation):
9 | if len(keyBytes) < 16 or len(keyBytes) > 256:
10 | raise ValueError()
11 | self.isBlockCipher = False
12 | self.isAEAD = False
13 | self.name = "rc4"
14 | self.implementation = implementation
15 |
16 | def encrypt(self, plaintext):
17 | raise NotImplementedError()
18 |
19 | def decrypt(self, ciphertext):
20 | raise NotImplementedError()
21 |
--------------------------------------------------------------------------------
/tlslite/utils/tackwrapper.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | try:
5 | from tack.structures.Tack import Tack
6 | from tack.structures.TackExtension import TackExtension
7 | from tack.tls.TlsCertificate import TlsCertificate
8 |
9 | tackpyLoaded = True
10 | except ImportError:
11 | tackpyLoaded = False
12 |
--------------------------------------------------------------------------------
/tlslite/utils/tlshashlib.py:
--------------------------------------------------------------------------------
1 | # Author: Hubert Kario (c) 2015
2 | # see LICENCE file for legal information regarding use of this file
3 |
4 | """hashlib that handles FIPS mode."""
5 |
6 | # Because we are extending the hashlib module, we need to import all its
7 | # fields to suppport the same uses
8 | # pylint: disable=unused-wildcard-import, wildcard-import
9 | from hashlib import *
10 | # pylint: enable=unused-wildcard-import, wildcard-import
11 | import hashlib
12 |
13 |
14 | def _fipsFunction(func, *args, **kwargs):
15 | """Make hash function support FIPS mode."""
16 | try:
17 | return func(*args, **kwargs)
18 | except ValueError:
19 | return func(*args, usedforsecurity=False, **kwargs)
20 |
21 |
22 | # redefining the function is exactly what we intend to do
23 | # pylint: disable=function-redefined
24 | def md5(*args, **kwargs):
25 | """MD5 constructor that works in FIPS mode."""
26 | return _fipsFunction(hashlib.md5, *args, **kwargs)
27 |
28 |
29 | def new(*args, **kwargs):
30 | """General constructor that works in FIPS mode."""
31 | return _fipsFunction(hashlib.new, *args, **kwargs)
32 | # pylint: enable=function-redefined
33 |
--------------------------------------------------------------------------------
/tlslite/utils/tlshmac.py:
--------------------------------------------------------------------------------
1 | # Author: Hubert Kario (c) 2019
2 | # see LICENCE file for legal information regarding use of this file
3 |
4 | """
5 | HMAC module that works in FIPS mode.
6 |
7 | Note that this makes this code FIPS non-compliant!
8 | """
9 |
10 | # Because we are extending the hashlib module, we need to import all its
11 | # fields to suppport the same uses
12 | from . import tlshashlib
13 | from .compat import compatHMAC
14 | try:
15 | from hmac import compare_digest
16 | __all__ = ["new", "compare_digest", "HMAC"]
17 | except ImportError:
18 | __all__ = ["new", "HMAC"]
19 |
20 | try:
21 | from hmac import HMAC, new
22 | # if we can calculate HMAC on MD5, then use the built-in HMAC
23 | # implementation
24 | _val = HMAC(b'some key', b'msg', 'md5')
25 | _val.digest()
26 | del _val
27 | except Exception:
28 | # fallback only when MD5 doesn't work
29 | class HMAC(object):
30 | """Hacked version of HMAC that works in FIPS mode even with MD5."""
31 |
32 | def __init__(self, key, msg=None, digestmod=None):
33 | """
34 | Initialise the HMAC and hash first portion of data.
35 |
36 | msg: data to hash
37 | digestmod: name of hash or object that be used as a hash and be cloned
38 | """
39 | self.key = key
40 | if digestmod is None:
41 | digestmod = 'md5'
42 | if callable(digestmod):
43 | digestmod = digestmod()
44 | if not hasattr(digestmod, 'digest_size'):
45 | digestmod = tlshashlib.new(digestmod)
46 | self.block_size = digestmod.block_size
47 | self.digest_size = digestmod.digest_size
48 | self.digestmod = digestmod
49 | if len(key) > self.block_size:
50 | k_hash = digestmod.copy()
51 | k_hash.update(compatHMAC(key))
52 | key = k_hash.digest()
53 | if len(key) < self.block_size:
54 | key = key + b'\x00' * (self.block_size - len(key))
55 | key = bytearray(key)
56 | ipad = bytearray(b'\x36' * self.block_size)
57 | opad = bytearray(b'\x5c' * self.block_size)
58 | i_key = bytearray(i ^ j for i, j in zip(key, ipad))
59 | self._o_key = bytearray(i ^ j for i, j in zip(key, opad))
60 | self._context = digestmod.copy()
61 | self._context.update(compatHMAC(i_key))
62 | if msg:
63 | self._context.update(compatHMAC(msg))
64 |
65 | def update(self, msg):
66 | self._context.update(compatHMAC(msg))
67 |
68 | def digest(self):
69 | i_digest = self._context.digest()
70 | o_hash = self.digestmod.copy()
71 | o_hash.update(compatHMAC(self._o_key))
72 | o_hash.update(compatHMAC(i_digest))
73 | return o_hash.digest()
74 |
75 | def copy(self):
76 | new = HMAC.__new__(HMAC)
77 | new.key = self.key
78 | new.digestmod = self.digestmod
79 | new.block_size = self.block_size
80 | new.digest_size = self.digest_size
81 | new._o_key = self._o_key
82 | new._context = self._context.copy()
83 | return new
84 |
85 |
86 | def new(*args, **kwargs):
87 | """General constructor that works in FIPS mode."""
88 | return HMAC(*args, **kwargs)
89 |
--------------------------------------------------------------------------------
/tlslite/utils/tripledes.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Abstract class for 3DES."""
5 |
6 | class TripleDES(object):
7 | def __init__(self, key, mode, IV, implementation):
8 | if len(key) != 24:
9 | raise ValueError()
10 | if mode != 2:
11 | raise ValueError()
12 | if len(IV) != 8:
13 | raise ValueError()
14 | self.isBlockCipher = True
15 | self.isAEAD = False
16 | self.block_size = 8
17 | self.implementation = implementation
18 | self.name = "3des"
19 |
20 | #CBC-Mode encryption, returns ciphertext
21 | #WARNING: *MAY* modify the input as well
22 | def encrypt(self, plaintext):
23 | assert(len(plaintext) % 8 == 0)
24 |
25 | #CBC-Mode decryption, returns plaintext
26 | #WARNING: *MAY* modify the input as well
27 | def decrypt(self, ciphertext):
28 | assert(len(ciphertext) % 8 == 0)
29 |
--------------------------------------------------------------------------------
/tlslite/utils/x25519.py:
--------------------------------------------------------------------------------
1 | # Authors:
2 | # Hubert Kario (2017)
3 | #
4 | # See the LICENSE file for legal information regarding use of this file.
5 |
6 | """Handling X25519 and X448 curve based key agreement protocol."""
7 |
8 | from .cryptomath import bytesToNumber, numberToByteArray, divceil
9 | # the names of the variables come directly from RFC 7748 so changing them
10 | # would make the code harder to audit/compare
11 | # pylint: disable=invalid-name
12 |
13 |
14 | def decodeUCoordinate(u, bits):
15 | """Function to decode the public U coordinate of X25519-family curves."""
16 | if bits not in (255, 448):
17 | raise ValueError("Invalid number of expected bits")
18 | if bits % 8:
19 | u[-1] &= (1 << (bits % 8)) - 1
20 | return bytesToNumber(u, endian="little")
21 |
22 |
23 | def decodeScalar22519(k):
24 | """Function to decode the private K parameter of the x25519 function."""
25 | k[0] &= 248
26 | k[31] &= 127
27 | k[31] |= 64
28 | return bytesToNumber(k, endian="little")
29 |
30 |
31 | def decodeScalar448(k):
32 | """Function to decode the private K parameter of the X448 function."""
33 | k[0] &= 252
34 | k[55] |= 128
35 | return bytesToNumber(k, endian="little")
36 |
37 |
38 | def cswap(swap, x_2, x_3):
39 | """Conditional swap function."""
40 | if swap:
41 | return x_3, x_2
42 | else:
43 | return x_2, x_3
44 |
45 |
46 | X25519_G = numberToByteArray(9, 32, endian="little")
47 |
48 |
49 | X25519_ORDER_SIZE = 32
50 |
51 |
52 | def x25519(k, u):
53 | """
54 | Perform point multiplication on X25519 curve.
55 |
56 | :type k: bytearray
57 | :param k: random secret value (multiplier), should be 32 byte long
58 |
59 | :type u: bytearray
60 | :param u: curve generator or the other party key share
61 |
62 | :rtype: bytearray
63 | """
64 | bits = 255
65 | k = decodeScalar22519(k)
66 | u = decodeUCoordinate(u, bits)
67 |
68 | a24 = 121665
69 | p = 2**255 - 19
70 |
71 | return _x25519_generic(k, u, bits, a24, p)
72 |
73 |
74 | X448_G = numberToByteArray(5, 56, endian="little")
75 |
76 |
77 | X448_ORDER_SIZE = 56
78 |
79 |
80 | def x448(k, u):
81 | """
82 | Perform point multiplication on X448 curve.
83 |
84 | :type k: bytearray
85 | :param k: random secret value (multiplier), should be 56 bytes long
86 |
87 | :type u: bytearray
88 | :param u: curve generator or the other party key share
89 |
90 | :rtype: bytearray
91 | """
92 | bits = 448
93 | k = decodeScalar448(k)
94 | u = decodeUCoordinate(u, bits)
95 |
96 | a24 = 39081
97 | p = 2**448 - 2**224 - 1
98 |
99 | return _x25519_generic(k, u, bits, a24, p)
100 |
101 |
102 | def _x25519_generic(k, u, bits, a24, p):
103 | """Generic Montgomery ladder implementation of the x25519 algorithm."""
104 | x_1 = u
105 | x_2 = 1
106 | z_2 = 0
107 | x_3 = u
108 | z_3 = 1
109 | swap = 0
110 |
111 | for t in range(bits-1, -1, -1):
112 | k_t = (k >> t) & 1
113 | swap ^= k_t
114 | x_2, x_3 = cswap(swap, x_2, x_3)
115 | z_2, z_3 = cswap(swap, z_2, z_3)
116 | swap = k_t
117 |
118 | A = (x_2 + z_2) % p
119 | AA = pow(A, 2, p)
120 | B = (x_2 - z_2) % p
121 | BB = pow(B, 2, p)
122 | E = (AA - BB) % p
123 | C = (x_3 + z_3) % p
124 | D = (x_3 - z_3) % p
125 | DA = (D * A) % p
126 | CB = (C * B) % p
127 | x_3 = pow(DA + CB, 2, p)
128 | z_3 = (x_1 * pow(DA - CB, 2, p)) % p
129 | x_2 = (AA * BB) % p
130 | z_2 = (E * (AA + a24 * E)) % p
131 |
132 | x_2, x_3 = cswap(swap, x_2, x_3)
133 | z_2, z_3 = cswap(swap, z_2, z_3)
134 | ret = (x_2 * pow(z_2, p - 2, p)) % p
135 | return numberToByteArray(ret, divceil(bits, 8), endian="little")
136 | # pylint: enable=invalid-name
137 |
--------------------------------------------------------------------------------
/tlslite/x509certchain.py:
--------------------------------------------------------------------------------
1 | # Author: Trevor Perrin
2 | # See the LICENSE file for legal information regarding use of this file.
3 |
4 | """Class representing an X.509 certificate chain."""
5 |
6 | from .utils import cryptomath
7 | from .utils.tackwrapper import *
8 | from .utils.pem import *
9 | from .x509 import X509
10 |
11 | class X509CertChain(object):
12 | """This class represents a chain of X.509 certificates.
13 |
14 | :vartype x509List: list
15 | :ivar x509List: A list of :py:class:`tlslite.x509.X509` instances,
16 | starting with the end-entity certificate and with every
17 | subsequent certificate certifying the previous.
18 | """
19 |
20 | def __init__(self, x509List=None):
21 | """Create a new X509CertChain.
22 |
23 | :type x509List: list
24 | :param x509List: A list of :py:class:`tlslite.x509.X509` instances,
25 | starting with the end-entity certificate and with every
26 | subsequent certificate certifying the previous.
27 | """
28 | if x509List:
29 | self.x509List = x509List
30 | else:
31 | self.x509List = []
32 |
33 | def __hash__(self):
34 | """Return hash of the object."""
35 | return hash(tuple(self.x509List))
36 |
37 | def __eq__(self, other):
38 | """Compare objects with each-other."""
39 | if not hasattr(other, "x509List"):
40 | return NotImplemented
41 | return self.x509List == other.x509List
42 |
43 | def __ne__(self, other):
44 | """Compare object for inequality."""
45 | if not hasattr(other, "x509List"):
46 | return NotImplemented
47 | return self.x509List != other.x509List
48 |
49 | def parsePemList(self, s):
50 | """Parse a string containing a sequence of PEM certs.
51 |
52 | Raise a SyntaxError if input is malformed.
53 | """
54 | x509List = []
55 | bList = dePemList(s, "CERTIFICATE")
56 | for b in bList:
57 | x509 = X509()
58 | x509.parseBinary(b)
59 | x509List.append(x509)
60 | self.x509List = x509List
61 |
62 | def getNumCerts(self):
63 | """Get the number of certificates in this chain.
64 |
65 | :rtype: int
66 | """
67 | return len(self.x509List)
68 |
69 | def getEndEntityPublicKey(self):
70 | """Get the public key from the end-entity certificate.
71 |
72 | :rtype: ~tlslite.utils.rsakey.RSAKey`
73 | """
74 | if self.getNumCerts() == 0:
75 | raise AssertionError()
76 | return self.x509List[0].publicKey
77 |
78 | def getFingerprint(self):
79 | """Get the hex-encoded fingerprint of the end-entity certificate.
80 |
81 | :rtype: str
82 | :returns: A hex-encoded fingerprint.
83 | """
84 | if self.getNumCerts() == 0:
85 | raise AssertionError()
86 | return self.x509List[0].getFingerprint()
87 |
88 | def checkTack(self, tack):
89 | if self.x509List:
90 | tlsCert = TlsCertificate(self.x509List[0].bytes)
91 | if tlsCert.matches(tack):
92 | return True
93 | return False
94 |
95 | def getTackExt(self):
96 | """Get the TACK and/or Break Sigs from a TACK Cert in the chain."""
97 | tackExt = None
98 | # Search list in backwards order
99 | for x509 in self.x509List[::-1]:
100 | tlsCert = TlsCertificate(x509.bytes)
101 | if tlsCert.tackExt:
102 | if tackExt:
103 | raise SyntaxError("Multiple TACK Extensions")
104 | else:
105 | tackExt = tlsCert.tackExt
106 | return tackExt
107 |
108 |
--------------------------------------------------------------------------------
/unit_tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tlsfuzzer/tlslite-ng/6805bcb8e6afb0d22b2f5b24e97ba21c525d4d69/unit_tests/__init__.py
--------------------------------------------------------------------------------
/unit_tests/mocksock.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2015, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | import socket
6 | import errno
7 | class MockSocket(socket.socket):
8 | def __init__(self, buf, maxRet=None, maxWrite=None, blockEveryOther=False):
9 | # current position in read buffer (buf)
10 | self.index = 0
11 | # read buffer
12 | self.buf = buf
13 | # write buffer (data sent from application, to be asserted by test)
14 | self.sent = []
15 | self.closed = False
16 | # maximum number of bytes that socket will read/return at a time
17 | self.maxRet = maxRet
18 | # maximum number of bytes that socket will write at a time
19 | self.maxWrite = maxWrite
20 | # make socket rise errno.EWOULDBLOCK every other read or write
21 | self.blockEveryOther = blockEveryOther
22 | # if next read will be blocked
23 | self.blockRead = False
24 | # if next write will be blocked
25 | self.blockWrite = False
26 |
27 | def __repr__(self):
28 | return "MockSocket(index={0}, buf={1!r}, sent={2!r})".format(
29 | self.index, self.buf, self.sent)
30 |
31 | def recv(self, size):
32 | if self.closed:
33 | raise ValueError("Read from closed socket")
34 |
35 | # simulate a socket with full buffers, make it rise "Would block"
36 | # every other call
37 | if self.blockEveryOther:
38 | if self.blockRead:
39 | self.blockRead = False
40 | raise socket.error(errno.EWOULDBLOCK)
41 | else:
42 | self.blockRead = True
43 |
44 | # return empty array if the caller asked for no data
45 | if size == 0:
46 | return bytearray(0)
47 |
48 | # limit returned data (if set)
49 | # this will cause the socket to return just maxRet bytes, even if it
50 | # has more in buf or was asked to return more in this call
51 | if self.maxRet is not None and self.maxRet < size:
52 | size = self.maxRet
53 |
54 | # don't allow reading past array end
55 | if len(self.buf[self.index:]) == 0:
56 | raise socket.error(errno.EWOULDBLOCK)
57 | # if asked for more than we have prepared, return just as much as we
58 | # have
59 | elif len(self.buf[self.index:]) < size:
60 | ret = self.buf[self.index:]
61 | self.index = len(self.buf)
62 | return ret
63 | # regular call, return as much as was asked for
64 | else:
65 | ret = self.buf[self.index:self.index+size]
66 | self.index+=size
67 | return ret
68 |
69 | def send(self, data):
70 | if self.closed:
71 | raise ValueError("Write to closed socket")
72 |
73 | # simulate a socket with full buffer, raise "Would Block" every other
74 | # call
75 | if self.blockEveryOther:
76 | if self.blockWrite:
77 | self.blockWrite = False
78 | raise socket.error(errno.EWOULDBLOCK)
79 | else:
80 | self.blockWrite = True
81 |
82 | # regular write, just append to list of performed writes
83 | if self.maxWrite is None or len(data) < self.maxWrite:
84 | self.sent.append(data)
85 | return len(data)
86 |
87 | # simulate a socket that won't write more data that it can
88 | # (e.g. because the simulated buffers are mostly full)
89 | self.sent.append(data[:self.maxWrite])
90 | return self.maxWrite
91 |
92 | def close(self):
93 | self.closed = True
94 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_dh.py:
--------------------------------------------------------------------------------
1 |
2 | try:
3 | import unittest2 as unittest
4 | except ImportError:
5 | import unittest
6 |
7 | try:
8 | import mock
9 | from mock import call
10 | except ImportError:
11 | import unittest.mock as mock
12 | from unittest.mock import call
13 |
14 | from tlslite.dh import parse, parseBinary
15 |
16 |
17 | class TestParse(unittest.TestCase):
18 | def test_pem(self):
19 | data = (
20 | "-----BEGIN DH PARAMETERS-----\n"
21 | "MIGHAoGBAIj4luOWCbrxyrPJOAhn4tG6jO8F1AaiiBBm1eAEEdQTKuhdV1uBBQDL\n"
22 | "ve3O/ZrR9x+ILs9PIUgZMSFP8X5ldBAFjEIoTmfneSB4TcKN27gpiRFZK0eFTi9F\n"
23 | "mofd/BgLWrNAHAOhBG7V6Gz7lZaFOxhxGTH+Lx6HxiTM7+RsLMSLAgEC\n"
24 | "-----END DH PARAMETERS-----\n")
25 |
26 | g, p = parse(data)
27 |
28 | self.assertEqual(p, int("88F896E39609BAF1CAB3C9380867E2D1BA8CEF05D406"
29 | "A2881066D5E00411D4132AE85D575B810500CBBDEDCEFD9AD1F71F882ECF4F21"
30 | "481931214FF17E657410058C42284E67E77920784DC28DDBB8298911592B4785"
31 | "4E2F459A87DDFC180B5AB3401C03A1046ED5E86CFB9596853B18711931FE2F1E"
32 | "87C624CCEFE46C2CC48B", 16))
33 | self.assertEqual(g, 2)
34 |
35 | def test_der(self):
36 | data = bytearray(
37 | b"\x30\x81\x87\x02\x81\x81\x00\x88\xf8\x96\xe3\x96\x09\xba\xf1\xca"
38 | b"\xb3\xc9\x38\x08\x67\xe2\xd1\xba\x8c\xef\x05\xd4\x06\xa2\x88\x10"
39 | b"\x66\xd5\xe0\x04\x11\xd4\x13\x2a\xe8\x5d\x57\x5b\x81\x05\x00\xcb"
40 | b"\xbd\xed\xce\xfd\x9a\xd1\xf7\x1f\x88\x2e\xcf\x4f\x21\x48\x19\x31"
41 | b"\x21\x4f\xf1\x7e\x65\x74\x10\x05\x8c\x42\x28\x4e\x67\xe7\x79\x20"
42 | b"\x78\x4d\xc2\x8d\xdb\xb8\x29\x89\x11\x59\x2b\x47\x85\x4e\x2f\x45"
43 | b"\x9a\x87\xdd\xfc\x18\x0b\x5a\xb3\x40\x1c\x03\xa1\x04\x6e\xd5\xe8"
44 | b"\x6c\xfb\x95\x96\x85\x3b\x18\x71\x19\x31\xfe\x2f\x1e\x87\xc6\x24"
45 | b"\xcc\xef\xe4\x6c\x2c\xc4\x8b\x02\x01\x02")
46 |
47 | g, p = parse(data)
48 |
49 | self.assertEqual(p, int("88F896E39609BAF1CAB3C9380867E2D1BA8CEF05D406"
50 | "A2881066D5E00411D4132AE85D575B810500CBBDEDCEFD9AD1F71F882ECF4F21"
51 | "481931214FF17E657410058C42284E67E77920784DC28DDBB8298911592B4785"
52 | "4E2F459A87DDFC180B5AB3401C03A1046ED5E86CFB9596853B18711931FE2F1E"
53 | "87C624CCEFE46C2CC48B", 16))
54 | self.assertEqual(g, 2)
55 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_handshakehashes.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2014, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 |
12 | from tlslite.handshakehashes import HandshakeHashes
13 |
14 | class TestHandshakeHashes(unittest.TestCase):
15 | def test___init__(self):
16 | hh = HandshakeHashes()
17 |
18 | self.assertIsNotNone(hh)
19 |
20 | def test_update(self):
21 | hh = HandshakeHashes()
22 | hh.update(bytearray(10))
23 |
24 | def test_update_with_str(self):
25 | hh = HandshakeHashes()
26 | hh.update(b'text')
27 |
28 | def test_digest_SSL3(self):
29 | hh = HandshakeHashes()
30 |
31 | self.assertEqual(bytearray(
32 | b'\xb5Q\x15\xa4\xcd\xff\xfdF\xa6\x9c\xe2\x0f\x83~\x948\xc3\xb5'\
33 | b'\xc1\x8d\xb6|\x10n@a\x97\xccG\xfeI\xa8s T\\'),
34 | hh.digestSSL(bytearray(48), b''))
35 |
36 | def test_digest_TLS1_0(self):
37 | hh = HandshakeHashes()
38 |
39 | self.assertEqual(
40 | b'\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\t\x98\xec\xf8B~\xda'\
41 | b'9\xa3\xee^kK\r2U\xbf\xef\x95`\x18\x90\xaf\xd8\x07\t',
42 | hh.digest())
43 |
44 | def test_copy(self):
45 | hh = HandshakeHashes()
46 | hh.update(b'text')
47 |
48 | hh2 = hh.copy()
49 |
50 | self.assertEqual(hh2.digest(), hh.digest())
51 |
52 | def test_digest_md5(self):
53 | hh = HandshakeHashes()
54 |
55 | self.assertEqual(
56 | b"\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\t\x98\xec\xf8B~",
57 | hh.digest('md5'))
58 |
59 | def test_digest_sha1(self):
60 | hh = HandshakeHashes()
61 |
62 | self.assertEqual(
63 | b"\xda9\xa3\xee^kK\r2U\xbf\xef\x95`\x18\x90\xaf\xd8\x07\t",
64 | hh.digest('sha1'))
65 |
66 | def test_digest_sha256(self):
67 | hh = HandshakeHashes()
68 |
69 | self.assertEqual(
70 | b"\xe3\xb0\xc4B\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99o\xb9$'\xae"\
71 | b"A\xe4d\x9b\x93L\xa4\x95\x99\x1bxR\xb8U",
72 | hh.digest('sha256'))
73 |
74 | def test_digest_sha224(self):
75 | hh = HandshakeHashes()
76 |
77 | self.assertEqual((
78 | b'\xd1J\x02\x8c*:+\xc9Ga\x02\xbb(\x824\xc4\x15\xa2\xb0'
79 | b'\x1f\x82\x8e\xa6*\xc5\xb3\xe4/'),
80 | hh.digest('sha224'))
81 |
82 | def test_digest_sha512(self):
83 | hh = HandshakeHashes()
84 |
85 | self.assertEqual((
86 | b'\xcf\x83\xe15~\xef\xb8\xbd\xf1T(P\xd6m\x80\x07\xd6 '
87 | b'\xe4\x05\x0bW\x15\xdc\x83\xf4\xa9!\xd3l\xe9\xceG\xd0'
88 | b'\xd1<]\x85\xf2\xb0\xff\x83\x18\xd2\x87~\xec/c\xb91'
89 | b'\xbdGAz\x81\xa582z\xf9\'\xda>'),
90 | hh.digest('sha512'))
91 |
92 | def test_digest_with_partial_writes(self):
93 | hh = HandshakeHashes()
94 | hh.update(b'text')
95 |
96 | hh2 = HandshakeHashes()
97 | hh2.update(b'te')
98 | hh2.update(b'xt')
99 |
100 | self.assertEqual(hh.digest(), hh2.digest())
101 |
102 | def test_digest_with_invalid_hash(self):
103 | hh = HandshakeHashes()
104 |
105 | with self.assertRaises(ValueError):
106 | hh.digest('md2')
107 |
108 | def test_digest_with_repeated_calls(self):
109 | hh = HandshakeHashes()
110 | hh.update(b'text')
111 |
112 | self.assertEqual(hh.digest(), hh.digest())
113 |
114 | hh.update(b'ext')
115 |
116 | self.assertEqual(hh.digest('sha256'), hh.digest('sha256'))
117 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_session.py:
--------------------------------------------------------------------------------
1 | # compatibility with Python 2.6, for that we need unittest2 package,
2 | # which is not available on 3.3 or 3.4
3 | try:
4 | import unittest2 as unittest
5 | except ImportError:
6 | import unittest
7 |
8 | from tlslite.session import Session
9 |
10 | class TestSession(unittest.TestCase):
11 |
12 | def test___init__(self):
13 | session = Session()
14 |
15 | self.assertIsNotNone(session)
16 | self.assertFalse(session.resumable)
17 | self.assertFalse(session.encryptThenMAC)
18 | self.assertFalse(session.extendedMasterSecret)
19 |
20 | def test_create(self):
21 | session = Session()
22 | session.create(masterSecret=1,
23 | sessionID=2,
24 | cipherSuite=3,
25 | srpUsername=4,
26 | clientCertChain=5,
27 | serverCertChain=6,
28 | tackExt=7,
29 | tackInHelloExt=8,
30 | serverName=9)
31 |
32 | self.assertEqual(session.masterSecret, 1)
33 | self.assertEqual(session.sessionID, 2)
34 | self.assertEqual(session.cipherSuite, 3)
35 | self.assertEqual(session.srpUsername, 4)
36 | self.assertEqual(session.clientCertChain, 5)
37 | self.assertEqual(session.serverCertChain, 6)
38 | self.assertEqual(session.tackExt, 7)
39 | self.assertEqual(session.tackInHelloExt, 8)
40 | self.assertEqual(session.serverName, 9)
41 |
42 | self.assertTrue(session.resumable)
43 | self.assertFalse(session.encryptThenMAC)
44 | self.assertFalse(session.extendedMasterSecret)
45 |
46 | def test_create_with_new_additions(self):
47 | session = Session()
48 | session.create(1, 2, 3, 4, 5, 6, 7, 8, 9,
49 | encryptThenMAC=10,
50 | extendedMasterSecret=11)
51 |
52 | self.assertEqual(session.encryptThenMAC, 10)
53 | self.assertEqual(session.extendedMasterSecret, 11)
54 |
55 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_sessioncache.py:
--------------------------------------------------------------------------------
1 | # compatibility with Python 2.6, for that we need unittest2 package,
2 | # which is not available on 3.3 or 3.4
3 | try:
4 | import unittest2 as unittest
5 | except ImportError:
6 | import unittest
7 |
8 | from tlslite.sessioncache import SessionCache
9 |
10 | class TestGetAttributeAfterPurge(unittest.TestCase):
11 | """
12 | This tests the following scenario
13 |
14 | Add an entry to the session cache
15 | wait until the cache should have expired
16 | fetch the entry for the session cache.
17 |
18 | """
19 |
20 | def setUp(self):
21 | # set maxAge to 0 to have an immediate expire
22 | self.session_cache = SessionCache(maxAge=0)
23 |
24 | def test_fetch_after_expire(self):
25 | key = bytearray(b'hello world')
26 | self.session_cache[key] = "42"
27 | with self.assertRaises(KeyError):
28 | self.session_cache[key]
29 |
30 | class TestFillLinkedList(unittest.TestCase):
31 | """ check what happens if the linked list gets full
32 | """
33 |
34 | def setUp(self):
35 | self.session_cache = SessionCache(maxEntries = 10)
36 |
37 | def test_fill_linked_list(self):
38 | """this test should not throw an exception"""
39 | for i in range(20):
40 | key = bytearray(b'prefill-') + bytearray(str(i), "ascii")
41 | self.session_cache[key] = "forty-two"
42 |
43 |
44 | if __name__ == '__main__':
45 | unittest.main()
46 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_signed.py:
--------------------------------------------------------------------------------
1 | # Author: Anna Khaitovich (c) 2018
2 | # see LICENCE file for legal information regarding use of this file
3 |
4 | # compatibility with Python 2.6, for that we need unittest2 package,
5 | # which is not available on 3.3 or 3.4
6 | try:
7 | import unittest2 as unittest
8 | except ImportError:
9 | import unittest
10 |
11 | from tlslite.signed import SignatureSettings, SignedObject, RSA_SIGNATURE_HASHES, RSA_SCHEMES
12 |
13 |
14 | class TestSignatureSettings(unittest.TestCase):
15 | def test_signature_settings_validate(self):
16 | settings = SignatureSettings()
17 | validated = settings.validate()
18 | self.assertEqual(validated.min_key_size, 1023)
19 | self.assertEqual(validated.max_key_size, 8193)
20 | self.assertEqual(validated.rsa_sig_hashes, RSA_SIGNATURE_HASHES)
21 | self.assertEqual(validated.rsa_schemes, RSA_SCHEMES)
22 |
23 | def test_signature_settings_min_key_size_small(self):
24 | settings = SignatureSettings(min_key_size=256)
25 | with self.assertRaises(ValueError) as ctx:
26 | settings.validate()
27 | self.assertIn("min_key_size too small", str(ctx.exception))
28 |
29 | def test_signature_settings_min_key_size_large(self):
30 | settings = SignatureSettings(min_key_size=17000)
31 | with self.assertRaises(ValueError) as ctx:
32 | settings.validate()
33 | self.assertIn("min_key_size too large", str(ctx.exception))
34 |
35 | def test_signature_settings_max_key_size_small(self):
36 | settings = SignatureSettings(max_key_size=256)
37 | with self.assertRaises(ValueError) as ctx:
38 | settings.validate()
39 | self.assertIn("max_key_size too small", str(ctx.exception))
40 |
41 | def test_signature_settings_max_key_size_large(self):
42 | settings = SignatureSettings(max_key_size=17000)
43 | with self.assertRaises(ValueError) as ctx:
44 | settings.validate()
45 | self.assertIn("max_key_size too large", str(ctx.exception))
46 |
47 | def test_signature_settings_min_key_bigger_max_key(self):
48 | settings = SignatureSettings(min_key_size=2048, max_key_size=1024)
49 | with self.assertRaises(ValueError) as ctx:
50 | settings.validate()
51 | self.assertIn("max_key_size smaller than min_key_size", str(ctx.exception))
52 |
53 | def test_signature_settings_invalid_sig_alg(self):
54 | settings = SignatureSettings(rsa_sig_hashes=list(['sha1', 'sha128', 'sha129']))
55 | with self.assertRaises(ValueError) as ctx:
56 | settings.validate()
57 | self.assertIn("Following signature algorithms are not allowed: sha128, sha129",
58 | str(ctx.exception))
59 | # verify_signature method testing is happening in the test_tlslite_ocsp.py
60 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_aes_split.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2019, Alexander Sosedkin
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 |
12 | import sys
13 |
14 | from hypothesis import given, assume, settings
15 | from hypothesis.strategies import binary, integers, tuples
16 |
17 | from tlslite.utils import cryptomath
18 |
19 | import tlslite.utils.python_aes
20 | py_aes = lambda key, iv: tlslite.utils.python_aes.new(key, 2, iv)
21 |
22 |
23 | HYP_SETTINGS = {'deadline': None} if sys.version_info > (2, 7) else {}
24 |
25 |
26 | class TestAES(unittest.TestCase):
27 | _given = given(binary(min_size=24, max_size=24), # key
28 | binary(min_size=16, max_size=16), # iv
29 | binary(min_size=13*16, max_size=13*16), # plaintext
30 | (tuples(integers(0, 13), integers(0, 13)) # split points
31 | .filter(lambda split_pts: split_pts[0] <= split_pts[1])
32 | .map(lambda lengths: [i * 16 for i in lengths])))
33 |
34 | def split_test(self, key, iv, plaintext, split_points, make_impl=py_aes):
35 | i, j = split_points
36 |
37 | ciphertext = make_impl(key, iv).encrypt(plaintext)
38 | self.assertEqual(make_impl(key, iv).decrypt(ciphertext), plaintext)
39 |
40 | impl = make_impl(key, iv)
41 | pl1, pl2, pl3 = plaintext[:i], plaintext[i:j], plaintext[j:]
42 | ci1, ci2, ci3 = impl.encrypt(pl1), impl.encrypt(pl2), impl.encrypt(pl3)
43 | self.assertEqual(ci1 + ci2 + ci3, ciphertext)
44 |
45 | impl = make_impl(key, iv)
46 | pl1, pl2, pl3 = impl.decrypt(ci1), impl.decrypt(ci2), impl.decrypt(ci3)
47 | self.assertEqual(pl1 + pl2 + pl3, plaintext)
48 |
49 | return ciphertext
50 |
51 | @_given
52 | @settings(**HYP_SETTINGS)
53 | def test_python(self, key, iv, plaintext, split_points):
54 | self.split_test(key, iv, plaintext, split_points)
55 |
56 | @unittest.skipIf(not cryptomath.m2cryptoLoaded, "requires M2Crypto")
57 | @_given
58 | @settings(**HYP_SETTINGS)
59 | def test_python_vs_mcrypto(self, key, iv, plaintext, split_points):
60 | import tlslite.utils.openssl_aes
61 | m2_aes = lambda k, iv: tlslite.utils.openssl_aes.new(k, 2, iv)
62 |
63 | py_res = self.split_test(key, iv, plaintext, split_points, py_aes)
64 | m2_res = self.split_test(key, iv, plaintext, split_points, m2_aes)
65 | self.assertEqual(py_res, m2_res)
66 |
67 | @unittest.skipIf(not cryptomath.pycryptoLoaded, "requires pycrypto")
68 | @_given
69 | @settings(**HYP_SETTINGS)
70 | def test_python_vs_pycrypto(self, key, iv, plaintext, split_points):
71 | import tlslite.utils.pycrypto_aes
72 | pc_aes = lambda k, iv: tlslite.utils.pycrypto_aes.new(k, 2, iv)
73 |
74 | py_res = self.split_test(key, iv, plaintext, split_points, py_aes)
75 | pc_res = self.split_test(key, iv, plaintext, split_points, pc_aes)
76 | self.assertEqual(py_res, pc_res)
77 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_asn1.py:
--------------------------------------------------------------------------------
1 | # Author: Anna Khaitovich (c) 2017
2 | # see LICENCE file for legal information regarding use of this file
3 |
4 | # compatibility with Python 2.6, for that we need unittest2 package,
5 | # which is not available on 3.3 or 3.4
6 | try:
7 | import unittest2 as unittest
8 | except ImportError:
9 | import unittest
10 |
11 | from tlslite.utils.compat import a2b_base64
12 | from tlslite.utils.asn1parser import ASN1Type, ASN1Parser
13 |
14 | class TestASN1Parser(unittest.TestCase):
15 | def test_integer(self):
16 | # universal, primitive, integer
17 | p = ASN1Parser(a2b_base64('AgEB'))
18 | self.assertEqual(0, p.type.tag_class)
19 | self.assertEqual(0, p.type.is_primitive)
20 | self.assertEqual(2, p.type.tag_id)
21 | self.assertEqual(bytearray(b'\x01'), p.value)
22 |
23 | def test_bitstring(self):
24 | # universal, primitive, bit string
25 | p = ASN1Parser(a2b_base64('AwUAQUJDRA=='))
26 | self.assertEqual(0, p.type.tag_class)
27 | self.assertEqual(0, p.type.is_primitive)
28 | self.assertEqual(3, p.type.tag_id)
29 | self.assertEqual(bytearray(b'\x00ABCD'), p.value)
30 |
31 | def test_utctime(self):
32 | # universal, primitive, utc time
33 | p = ASN1Parser(a2b_base64('FwsxODEyMzEyMzU5Wg=='))
34 | self.assertEqual(0, p.type.tag_class)
35 | self.assertEqual(0, p.type.is_primitive)
36 | self.assertEqual(23, p.type.tag_id)
37 | self.assertEqual(bytearray(b'1812312359Z'), p.value)
38 |
39 | def test_sequence(self):
40 | # universal, non-primitive, sequence
41 | p = ASN1Parser(a2b_base64('MAMBAf8='))
42 | self.assertEqual(0, p.type.tag_class)
43 | self.assertEqual(1, p.type.is_primitive)
44 | self.assertEqual(16, p.type.tag_id)
45 | self.assertEqual(bytearray(b'\x01\x01\xff'), p.value)
46 |
47 | def test_explicit_string(self):
48 | # context-specific, non-primitive, explicit string
49 | p = ASN1Parser(a2b_base64('v5oFFAwSc29tZSByYW5kb20gc3RyaW5n'))
50 | self.assertEqual(2, p.type.tag_class)
51 | self.assertEqual(1, p.type.is_primitive)
52 | self.assertEqual(3333, p.type.tag_id)
53 | self.assertEqual(bytearray(b'\x0c\x12some random string'), p.value)
54 |
55 | if __name__ == '__main__':
56 | unittest.main()
57 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_compat.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2015, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 |
12 | from tlslite.utils.compat import remove_whitespace
13 |
14 | class TestRemoveWhitespace(unittest.TestCase):
15 | def test_no_remove(self):
16 | text = "somestring"
17 | self.assertEqual(text, remove_whitespace(text))
18 |
19 | def test_newline(self):
20 | text = """some
21 | thing"""
22 | self.assertEqual("something", remove_whitespace(text))
23 |
24 | def test_remove_begginning(self):
25 | text = " some thing "
26 | self.assertEqual("something", remove_whitespace(text))
27 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_compression.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2014, George Pantelakis
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 |
12 | from tlslite.utils.compression import compression_algo_impls, \
13 | choose_compression_send_algo
14 | from tlslite.errors import TLSDecodeError
15 |
16 | class TestCompression(unittest.TestCase):
17 | def setUp(self):
18 | class DummyExtension():
19 | algorithms = None
20 |
21 | def change_algos(self, algos):
22 | self.algorithms = algos
23 |
24 | self.extension = DummyExtension()
25 |
26 | def test_compression_algo_impls(self):
27 | self.assertIsNotNone(compression_algo_impls)
28 | self.assertIn("brotli_compress", compression_algo_impls)
29 | self.assertIn("brotli_decompress", compression_algo_impls)
30 | self.assertIn("brotli_accepts_limit", compression_algo_impls)
31 | self.assertIn("zstd_compress", compression_algo_impls)
32 | self.assertIn("zstd_decompress", compression_algo_impls)
33 | self.assertIn("zstd_accepts_limit", compression_algo_impls)
34 |
35 | def test_choose_compression_send_algo_sanity(self):
36 | self.extension.change_algos([1])
37 | algo = choose_compression_send_algo((3, 4), self.extension, ['zlib'])
38 | self.assertEqual(algo, 1)
39 |
40 | def test_choose_compression_send_algo_previous_tls_version(self):
41 | self.extension.change_algos([1])
42 | algo = choose_compression_send_algo((3, 2), self.extension, ['zlib'])
43 | self.assertIsNone(algo)
44 |
45 | def test_choose_compression_send_algo_no_tls_version(self):
46 | self.extension.change_algos([1])
47 | algo = choose_compression_send_algo(None, self.extension, ['zlib'])
48 | self.assertIsNone(algo)
49 |
50 | def test_choose_compression_send_algo_choose_first_common(self):
51 | self.extension.change_algos([1, 2])
52 | algo = choose_compression_send_algo(
53 | (3, 4), self.extension, ['zlib', 'brotli'])
54 | self.assertEqual(algo, 1)
55 |
56 | def test_choose_compression_send_algo_empty_extension_algos(self):
57 | self.extension.change_algos([])
58 | with self.assertRaises(TLSDecodeError):
59 | choose_compression_send_algo((3, 4), self.extension, ['zlib'])
60 |
61 | def test_choose_compression_send_algo_empty_accepted_algos(self):
62 | self.extension.change_algos([1])
63 | algo = choose_compression_send_algo((3, 4), self.extension, [])
64 | self.assertIsNone(algo)
65 |
66 | def test_choose_compression_send_algo_none_extension_algos(self):
67 | self.extension.change_algos(None)
68 | with self.assertRaises(TLSDecodeError):
69 | choose_compression_send_algo((3, 4), self.extension, ['zlib'])
70 |
71 | def test_choose_compression_send_algo_no_common_algos(self):
72 | self.extension.change_algos([2])
73 | algo = choose_compression_send_algo((3, 4), self.extension, ['zlib'])
74 | self.assertIsNone(algo)
75 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_cryptomath_m2crypto.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2014, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 | try:
12 | import mock
13 | from mock import call
14 | except ImportError:
15 | import unittest.mock as mock
16 | from unittest.mock import call
17 | import sys
18 | try:
19 | # Python 2
20 | reload
21 | except NameError:
22 | try:
23 | # Python >= 3.4
24 | from importlib import reload
25 | except ImportError:
26 | # Python <= 3.3
27 | from imp import reload
28 | try:
29 | import __builtin__ as builtins
30 | except ImportError:
31 | import builtins
32 |
33 | real_open = builtins.open
34 |
35 | class magic_open(object):
36 | def __init__(self, *args, **kwargs):
37 | self.args = args
38 | self.kwargs = kwargs
39 |
40 | def __enter__(self):
41 | if self.args[0] == '/proc/sys/crypto/fips_enabled':
42 | m = mock.MagicMock()
43 | m.read.return_value = '1'
44 | self.f = m
45 | return m
46 | else:
47 | self.f = real_open(*self.args, **self.kwargs)
48 | return self.f
49 |
50 | def __exit__(self, exc_type, exc_value, exc_traceback):
51 | self.f.close()
52 |
53 | class magic_open_error(object):
54 | def __init__(self, *args, **kwargs):
55 | self.args = args
56 | self.kwargs = kwargs
57 |
58 | def __enter__(self):
59 | if self.args[0] == '/proc/sys/crypto/fips_enabled':
60 | m = mock.MagicMock()
61 | self.f = m
62 | raise IOError(12)
63 | else:
64 | self.f = real_open(*self.args, **self.kwargs)
65 | return self.f
66 |
67 | def __exit__(self, exc_type, exc_value, exc_traceback):
68 | self.f.close()
69 |
70 |
71 | class TestM2CryptoLoaded(unittest.TestCase):
72 | def test_import_without_m2crypto(self):
73 | with mock.patch.dict('sys.modules', {'M2Crypto': None}):
74 | import tlslite.utils.cryptomath
75 | reload(tlslite.utils.cryptomath)
76 | from tlslite.utils.cryptomath import m2cryptoLoaded
77 | self.assertFalse(m2cryptoLoaded)
78 |
79 | def test_import_with_m2crypto(self):
80 | fake_m2 = mock.MagicMock()
81 |
82 | with mock.patch.dict('sys.modules', {'M2Crypto': fake_m2}):
83 | import tlslite.utils.cryptomath
84 | reload(tlslite.utils.cryptomath)
85 | from tlslite.utils.cryptomath import m2cryptoLoaded
86 | self.assertTrue(m2cryptoLoaded)
87 |
88 | def test_import_with_m2crypto_in_fips_mode(self):
89 | fake_m2 = mock.MagicMock()
90 |
91 | with mock.patch.dict('sys.modules', {'M2Crypto': fake_m2}):
92 | with mock.patch.object(builtins, 'open', magic_open):
93 | import tlslite.utils.cryptomath
94 | reload(tlslite.utils.cryptomath)
95 | from tlslite.utils.cryptomath import m2cryptoLoaded
96 | self.assertFalse(m2cryptoLoaded)
97 |
98 | def test_import_with_m2crypto_in_container(self):
99 | fake_m2 = mock.MagicMock()
100 |
101 | with mock.patch.dict('sys.modules', {'M2Crypto': fake_m2}):
102 | with mock.patch.object(builtins, 'open', magic_open_error):
103 | import tlslite.utils.cryptomath
104 | reload(tlslite.utils.cryptomath)
105 | from tlslite.utils.cryptomath import m2cryptoLoaded
106 | self.assertTrue(m2cryptoLoaded)
107 |
108 | @classmethod
109 | def tearDownClass(cls):
110 | import tlslite.utils.cryptomath
111 | reload(tlslite.utils.cryptomath)
112 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_dns_utils.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 | from tlslite.utils.dns_utils import is_valid_hostname
12 |
13 | class TestIsValidHostname(unittest.TestCase):
14 | def test_example(self):
15 | self.assertTrue(is_valid_hostname(b'example.com'))
16 |
17 | def test_ip(self):
18 | self.assertFalse(is_valid_hostname(b'192.168.0.1'))
19 |
20 | def test_ip_dot(self):
21 | self.assertFalse(is_valid_hostname(b'192.168.0.1.'))
22 |
23 | def test_ip_lookalike_hostname(self):
24 | self.assertTrue(is_valid_hostname(b'192.168.example.com'))
25 |
26 | def test_with_tld_dot(self):
27 | self.assertTrue(is_valid_hostname(b'example.com.'))
28 |
29 | def test_hostname_alone(self):
30 | self.assertTrue(is_valid_hostname(b'localhost'))
31 |
32 | def test_very_long_hostname(self):
33 | self.assertFalse(is_valid_hostname(b'a' * 250 + b'.example.com'))
34 |
35 | def test_very_long_host(self):
36 | self.assertFalse(is_valid_hostname(b'a' * 70 + b'.example.com'))
37 |
38 | def test_long_hostname(self):
39 | self.assertTrue(is_valid_hostname(b'a' * 60 + b'.example.com'))
40 |
41 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_ecc.py:
--------------------------------------------------------------------------------
1 |
2 | # Copyright (c) 2014, Hubert Kario
3 | #
4 | # See the LICENSE file for legal information regarding use of this file.
5 |
6 | # compatibility with Python 2.6, for that we need unittest2 package,
7 | # which is not available on 3.3 or 3.4
8 | try:
9 | import unittest2 as unittest
10 | except ImportError:
11 | import unittest
12 |
13 | from tlslite.utils.ecc import getCurveByName,getPointByteSize
14 | import ecdsa
15 |
16 | class TestCurveLookup(unittest.TestCase):
17 | def test_with_correct_name(self):
18 | curve = getCurveByName('secp256r1')
19 | self.assertIs(curve, ecdsa.NIST256p)
20 |
21 | def test_with_invalid_name(self):
22 | with self.assertRaises(ValueError):
23 | getCurveByName('NIST256p')
24 |
25 | class TestGetPointByteSize(unittest.TestCase):
26 | def test_with_curve(self):
27 | self.assertEqual(getPointByteSize(ecdsa.NIST256p), 32)
28 |
29 | def test_with_point(self):
30 | self.assertEqual(getPointByteSize(ecdsa.NIST384p.generator * 10), 48)
31 |
32 | def test_with_invalid_argument(self):
33 | with self.assertRaises(ValueError):
34 | getPointByteSize("P-256")
35 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_ecdsakey.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2019, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 |
12 | from tlslite.utils.ecdsakey import ECDSAKey
13 |
14 |
15 | class MockECDSAKey(ECDSAKey):
16 | def __init__(self, public_key, private_key):
17 | pass
18 |
19 |
20 | class TestECDSAKey(unittest.TestCase):
21 |
22 | @classmethod
23 | def setUpClass(cls):
24 | cls.k = MockECDSAKey(None, None)
25 |
26 | def test___init___not_implemented(self):
27 | with self.assertRaises(NotImplementedError):
28 | ECDSAKey(None, None)
29 |
30 | def test___len__(self):
31 | with self.assertRaises(NotImplementedError):
32 | len(self.k)
33 |
34 | def test_hasPrivateKey(self):
35 | with self.assertRaises(NotImplementedError):
36 | self.k.hasPrivateKey()
37 |
38 | def test__sign(self):
39 | with self.assertRaises(NotImplementedError):
40 | self.k._sign(None, None)
41 |
42 | def test__hashAndSign(self):
43 | with self.assertRaises(NotImplementedError):
44 | self.k._hashAndSign(None, None)
45 |
46 | def test__verify(self):
47 | with self.assertRaises(NotImplementedError):
48 | self.k._verify(None, None)
49 |
50 | def test_hashAndSign(self):
51 | with self.assertRaises(NotImplementedError):
52 | self.k.hashAndSign(bytearray(b'text'))
53 |
54 | def test_hashAndVerify(self):
55 | with self.assertRaises(NotImplementedError):
56 | self.k.hashAndVerify(bytearray(b'sig'), bytearray(b'text'))
57 |
58 | def test_sign(self):
59 | with self.assertRaises(NotImplementedError):
60 | self.k.sign(bytearray(b'hash value'))
61 |
62 | def test_verify(self):
63 | with self.assertRaises(NotImplementedError):
64 | self.k.verify(bytearray(b'sig'), bytearray(b'hash value'))
65 |
66 | def test_acceptsPassword(self):
67 | with self.assertRaises(NotImplementedError):
68 | self.k.acceptsPassword()
69 |
70 | def test_write(self):
71 | with self.assertRaises(NotImplementedError):
72 | self.k.write()
73 |
74 | def test_generate(self):
75 | with self.assertRaises(NotImplementedError):
76 | ECDSAKey.generate('NIST256p')
77 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_lists.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2016, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 |
12 | from tlslite.utils.lists import getFirstMatching, to_str_delimiter
13 |
14 | class TestGetFirstMatching(unittest.TestCase):
15 | def test_empty_list(self):
16 | self.assertIsNone(getFirstMatching([], [1, 2, 3]))
17 |
18 | def test_first_matching(self):
19 | self.assertEqual(getFirstMatching([1, 7, 8, 9], [1, 2, 3]), 1)
20 |
21 | def test_last_matching(self):
22 | self.assertEqual(getFirstMatching([7, 8, 9, 1], [1, 2, 3]), 1)
23 |
24 | def test_no_matching(self):
25 | self.assertIsNone(getFirstMatching([7, 8, 9], [1, 2, 3]))
26 |
27 | def test_no_list(self):
28 | self.assertIsNone(getFirstMatching(None, [1, 2, 3]))
29 |
30 | def test_empty_matches(self):
31 | self.assertIsNone(getFirstMatching([1, 2, 3], []))
32 |
33 | def test_no_matches(self):
34 | with self.assertRaises(AssertionError):
35 | getFirstMatching([1, 2, 3], None)
36 |
37 |
38 | class TestToStrDelimiter(unittest.TestCase):
39 | def test_empty_list(self):
40 | self.assertEqual("", to_str_delimiter([]))
41 |
42 | def test_one_element(self):
43 | self.assertEqual("12", to_str_delimiter([12]))
44 |
45 | def test_two_elements(self):
46 | self.assertEqual("12 or 13", to_str_delimiter([12, 13]))
47 |
48 | def test_three_elements(self):
49 | self.assertEqual("12, 13 or 14", to_str_delimiter([12, 13, 14]))
50 |
51 | def test_with_strings(self):
52 | self.assertEqual("abc, def or ghi",
53 | to_str_delimiter(['abc', 'def', 'ghi']))
54 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_tlshashlib.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2014, Hubert Kario
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 | try:
12 | import mock
13 | from mock import call
14 | except ImportError:
15 | import unittest.mock as mock
16 | from unittest.mock import call
17 |
18 | class TestTLSHashlib(unittest.TestCase):
19 |
20 | def test_in_fips_mode(self):
21 | def m(*args, **kwargs):
22 | if 'usedforsecurity' not in kwargs:
23 | raise ValueError("MD5 disabled in FIPS mode")
24 |
25 | with mock.patch('hashlib.md5', m):
26 | from tlslite.utils.tlshashlib import md5
27 | md5()
28 |
--------------------------------------------------------------------------------
/unit_tests/test_tlslite_utils_tripledes_split.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2019, Alexander Sosedkin
2 | #
3 | # See the LICENSE file for legal information regarding use of this file.
4 |
5 | # compatibility with Python 2.6, for that we need unittest2 package,
6 | # which is not available on 3.3 or 3.4
7 | try:
8 | import unittest2 as unittest
9 | except ImportError:
10 | import unittest
11 |
12 | import sys
13 |
14 | from hypothesis import given, assume, settings
15 | from hypothesis.strategies import binary, integers, tuples
16 |
17 | from tlslite.utils import cryptomath
18 |
19 | import tlslite.utils.python_tripledes
20 | py_3des = tlslite.utils.python_tripledes.new
21 |
22 |
23 | HYP_SETTINGS = {'deadline': None} if sys.version_info > (2, 7) else {}
24 |
25 |
26 | class TestTripleDES(unittest.TestCase):
27 | _given = given(binary(min_size=24, max_size=24), # key
28 | binary(min_size=8, max_size=8), # iv
29 | binary(min_size=13*8, max_size=13*8), # plaintext
30 | (tuples(integers(0, 13), integers(0, 13)) # split points
31 | .filter(lambda split_pts: split_pts[0] <= split_pts[1])
32 | .map(lambda lengths: [i * 8 for i in lengths])))
33 |
34 | def split_test(self, key, iv, plaintext, split_points, make_impl=py_3des):
35 | i, j = split_points
36 |
37 | ciphertext = make_impl(key, iv).encrypt(plaintext)
38 | self.assertEqual(make_impl(key, iv).decrypt(ciphertext), plaintext)
39 |
40 | impl = make_impl(key, iv)
41 | pl1, pl2, pl3 = plaintext[:i], plaintext[i:j], plaintext[j:]
42 | ci1, ci2, ci3 = impl.encrypt(pl1), impl.encrypt(pl2), impl.encrypt(pl3)
43 | self.assertEqual(ci1 + ci2 + ci3, ciphertext)
44 |
45 | impl = make_impl(key, iv)
46 | pl1, pl2, pl3 = impl.decrypt(ci1), impl.decrypt(ci2), impl.decrypt(ci3)
47 | self.assertEqual(pl1 + pl2 + pl3, plaintext)
48 |
49 | return ciphertext
50 |
51 | @_given
52 | @settings(**HYP_SETTINGS)
53 | def test_python(self, key, iv, plaintext, split_points):
54 | self.split_test(key, iv, plaintext, split_points)
55 |
56 | @unittest.skipIf(not cryptomath.m2cryptoLoaded, "requires M2Crypto")
57 | @_given
58 | @settings(**HYP_SETTINGS)
59 | def test_python_vs_mcrypto(self, key, iv, plaintext, split_points):
60 | import tlslite.utils.openssl_tripledes
61 | m2_3des = lambda k, iv: tlslite.utils.openssl_tripledes.new(k, 2, iv)
62 |
63 | py_res = self.split_test(key, iv, plaintext, split_points, py_3des)
64 | m2_res = self.split_test(key, iv, plaintext, split_points, m2_3des)
65 | self.assertEqual(py_res, m2_res)
66 |
67 | @unittest.skipIf(not cryptomath.pycryptoLoaded, "requires pycrypto")
68 | @_given
69 | @settings(**HYP_SETTINGS)
70 | def test_python_vs_pycrypto(self, key, iv, plaintext, split_points):
71 | import tlslite.utils.pycrypto_tripledes
72 | pc_3des = lambda k, iv: tlslite.utils.pycrypto_tripledes.new(k, 2, iv)
73 |
74 | try:
75 | py_res = self.split_test(key, iv, plaintext, split_points, py_3des)
76 | pc_res = self.split_test(key, iv, plaintext, split_points, pc_3des)
77 | self.assertEqual(py_res, pc_res)
78 | except ValueError as e:
79 | # pycrypto deliberately rejects weak 3DES keys, skip such keys
80 | assume(e.args != ('Triple DES key degenerates to single DES',))
81 | raise
82 |
--------------------------------------------------------------------------------