Skip to content

Commit 1c68f2e

Browse files
FrantisekKrenzelokFrantisekKrenzelok
committed
add DSA/DSS ciphers
add definitions of ciphersuites that use DSA/DSS certificates.
1 parent a8287ba commit 1c68f2e

File tree

1 file changed

+62
-0
lines changed

1 file changed

+62
-0
lines changed

tlslite/constants.py

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -656,6 +656,10 @@ class CipherSuite:
656656
ietfNames[0x0005] = 'TLS_RSA_WITH_RC4_128_SHA'
657657
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A
658658
ietfNames[0x000A] = 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
659+
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D
660+
ietfNames[0x000D] = 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA'
661+
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013
662+
ietfNames[0x0013] = 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
659663
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016
660664
ietfNames[0x0016] = 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA'
661665
TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018
@@ -664,12 +668,20 @@ class CipherSuite:
664668
ietfNames[0x001B] = 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA'
665669
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F
666670
ietfNames[0x002F] = 'TLS_RSA_WITH_AES_128_CBC_SHA'
671+
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030
672+
ietfNames[0x0030] = 'TLS_DH_DSS_WITH_AES_128_CBC_SHA'
673+
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032
674+
ietfNames[0x0032] = 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
667675
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033
668676
ietfNames[0x0033] = 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
669677
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034
670678
ietfNames[0x0034] = 'TLS_DH_ANON_WITH_AES_128_CBC_SHA'
671679
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035
672680
ietfNames[0x0035] = 'TLS_RSA_WITH_AES_256_CBC_SHA'
681+
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036
682+
ietfNames[0x0036] = 'TLS_DH_DSS_WITH_AES_256_CBC_SHA'
683+
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038
684+
ietfNames[0x0038] = 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
673685
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039
674686
ietfNames[0x0039] = 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
675687
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A
@@ -680,8 +692,16 @@ class CipherSuite:
680692
ietfNames[0x003C] = 'TLS_RSA_WITH_AES_128_CBC_SHA256'
681693
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D
682694
ietfNames[0x003D] = 'TLS_RSA_WITH_AES_256_CBC_SHA256'
695+
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E
696+
ietfNames[0x003E] = 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256'
697+
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040
698+
ietfNames[0x0040] = 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
683699
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067
684700
ietfNames[0x0067] = 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256'
701+
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068
702+
ietfNames[0x0068] = 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256'
703+
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A
704+
ietfNames[0x006A] = 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
685705
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B
686706
ietfNames[0x006B] = 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256'
687707
TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C
@@ -698,6 +718,14 @@ class CipherSuite:
698718
ietfNames[0x009E] = 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
699719
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F
700720
ietfNames[0x009F] = 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
721+
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2
722+
ietfNames[0x00A2] = 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256'
723+
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3
724+
ietfNames[0x00A3] = 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384'
725+
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4
726+
ietfNames[0x00A4] = 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256'
727+
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5
728+
ietfNames[0x00A5] = 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384'
701729
TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6
702730
ietfNames[0x00A6] = 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256'
703731
TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7
@@ -806,14 +834,20 @@ class CipherSuite:
806834
ietfNames[0xC01A] = 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA'
807835
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B
808836
ietfNames[0xC01B] = 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA'
837+
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C
838+
ietfNames[0xC01C] = 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA'
809839
TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D
810840
ietfNames[0xC01D] = 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA'
811841
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E
812842
ietfNames[0xC01E] = 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA'
843+
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F
844+
ietfNames[0xC01F] = 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA'
813845
TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020
814846
ietfNames[0xC020] = 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA'
815847
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021
816848
ietfNames[0xC021] = 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA'
849+
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022
850+
ietfNames[0xC022] = 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA'
817851

818852
# RFC 5289 - ECC Ciphers with SHA-256/SHA-384 HMAC and AES-GCM
819853
# unsupported! - no support for ECDSA certificates
@@ -904,6 +938,9 @@ class CipherSuite:
904938
tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
905939
tripleDESSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA)
906940
tripleDESSuites.append(TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA)
941+
tripleDESSuites.append(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
942+
tripleDESSuites.append(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
943+
tripleDESSuites.append(TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA) # unsupp
907944

908945
#: AES-128 CBC ciphers
909946
aes128Suites = []
@@ -924,6 +961,11 @@ class CipherSuite:
924961
aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
925962
aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
926963
aes128Suites.append(TLS_ECDH_ANON_WITH_AES_128_CBC_SHA)
964+
aes128Suites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA) # unsupported
965+
aes128Suites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA) # unsupported
966+
aes128Suites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA256) # unsupported
967+
aes128Suites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256) # unsupported
968+
aes128Suites.append(TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA) # unsupported
927969

928970
#: AES-256 CBC ciphers
929971
aes256Suites = []
@@ -944,6 +986,11 @@ class CipherSuite:
944986
aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
945987
aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
946988
aes256Suites.append(TLS_ECDH_ANON_WITH_AES_256_CBC_SHA)
989+
aes256Suites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA) # unsupported
990+
aes256Suites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA) # unsupported
991+
aes256Suites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA256) # unsupported
992+
aes256Suites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256) # unsupported
993+
aes256Suites.append(TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA) # unsupported
947994

948995
#: AES-128 GCM ciphers
949996
aes128GcmSuites = []
@@ -955,6 +1002,8 @@ class CipherSuite:
9551002
aes128GcmSuites.append(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256) # unsupp
9561003
aes128GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
9571004
aes128GcmSuites.append(TLS_AES_128_GCM_SHA256)
1005+
aes128GcmSuites.append(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256) # unsupported
1006+
aes128GcmSuites.append(TLS_DH_DSS_WITH_AES_128_GCM_SHA256) # unsupported
9581007

9591008
#: AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites)
9601009
aes256GcmSuites = []
@@ -966,6 +1015,8 @@ class CipherSuite:
9661015
aes256GcmSuites.append(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384) # unsupported
9671016
aes256GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
9681017
aes256GcmSuites.append(TLS_AES_256_GCM_SHA384)
1018+
aes256GcmSuites.append(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384) # unsupported
1019+
aes256GcmSuites.append(TLS_DH_DSS_WITH_AES_256_GCM_SHA384) # unsupported
9691020

9701021
#: AES-128 CCM_8 ciphers
9711022
aes128Ccm_8Suites = []
@@ -1037,16 +1088,25 @@ class CipherSuite:
10371088
shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
10381089
shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
10391090
shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
1091+
shaSuites.append(TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
1092+
shaSuites.append(TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA) # unsupported
1093+
shaSuites.append(TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA) # unsupported
10401094
shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
10411095
shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
10421096
shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
10431097
shaSuites.append(TLS_RSA_WITH_RC4_128_SHA)
10441098
shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
10451099
shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
10461100
shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
1101+
shaSuites.append(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
1102+
shaSuites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA) # unsupported
1103+
shaSuites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA) # unsupported
10471104
shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
10481105
shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
10491106
shaSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA)
1107+
shaSuites.append(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
1108+
shaSuites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA) # unsupported
1109+
shaSuites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA) # unsupported
10501110
shaSuites.append(TLS_RSA_WITH_NULL_SHA)
10511111
shaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
10521112
shaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
@@ -1094,6 +1154,8 @@ class CipherSuite:
10941154
sha384Suites.append(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384) # unsupported
10951155
sha384Suites.append(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384) # unsupported
10961156
sha384Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
1157+
sha384Suites.append(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384) # unsupported
1158+
sha384Suites.append(TLS_DH_DSS_WITH_AES_256_GCM_SHA384) # unsupported
10971159

10981160
#: stream cipher construction
10991161
streamSuites = []

0 commit comments

Comments
 (0)