CryptoDataHub 0.12.6__py3-none-any.whl

cryptodatahub/tls/algorithm.py

@@ -0,0 +1,324 @@
+# -*- coding: utf-8 -*-
+
+import abc
+import collections
+import six
+
+import attr
+
+from cryptodatahub.common.algorithm import (
+    Authentication,
+    BlockCipher,
+    BlockCipherMode,
+    Hash,
+    KeyExchange,
+    MAC,
+    NamedGroup,
+)
+from cryptodatahub.common.grade import GradeableComplex
+from cryptodatahub.common.types import (
+    CryptoDataEnumCodedBase,
+    CryptoDataParamsEnumNumeric,
+    CryptoDataParamsEnumString,
+    CryptoDataParamsNamed,
+    convert_enum,
+)
+
+from cryptodatahub.tls.version import TlsVersion
+
+
+@attr.s(frozen=True)
+class CompressionMethodParams(CryptoDataParamsNamed, CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 1
+
+
+TlsCompressionMethod = CryptoDataEnumCodedBase(
+    'TlsCompressionMethod', CryptoDataEnumCodedBase.get_json_records(CompressionMethodParams)
+)
+
+
+@attr.s(frozen=True)
+class NamedCurveParams(CryptoDataParamsEnumNumeric, GradeableComplex):
+    named_group = attr.ib(
+        converter=convert_enum(NamedGroup),
+        validator=attr.validators.optional(attr.validators.instance_of(NamedGroup)),
+    )
+
+    def __attrs_post_init__(self):
+        if self.named_group is not None:
+            object.__setattr__(self, 'gradeables', [self.named_group.value])
+
+        attr.validate(self)
+
+    def __str__(self):
+        return str(self.named_group.value)
+
+    @classmethod
+    def get_code_size(cls):
+        return 2
+
+
+TlsNamedCurve = CryptoDataEnumCodedBase('TlsNamedCurve', CryptoDataEnumCodedBase.get_json_records(NamedCurveParams))
+
+
+@attr.s(frozen=True)
+class HashAndSignatureAlgorithmParams(CryptoDataParamsEnumNumeric, GradeableComplex):
+    hash_algorithm = attr.ib(
+        converter=convert_enum(Hash),
+        validator=attr.validators.optional(attr.validators.instance_of(Hash)),
+    )
+    signature_algorithm = attr.ib(
+        converter=convert_enum(Authentication),
+        validator=attr.validators.optional(attr.validators.instance_of(Authentication)),
+    )
+
+    def __attrs_post_init__(self):
+        vulnerabilities = []
+        if self.hash_algorithm is not None:
+            vulnerabilities.append(self.hash_algorithm.value)
+
+        object.__setattr__(self, 'gradeables', vulnerabilities)
+
+        attr.validate(self)
+
+    def __str__(self):
+        if self.hash_algorithm:
+            hash_algorithm = self.hash_algorithm.value
+        else:
+            hash_algorithm = 'none'
+
+        if self.signature_algorithm == Authentication.ANONYMOUS:
+            signature_algorithm = 'no'
+        else:
+            signature_algorithm = self.signature_algorithm.value
+
+        return '{} with {} encryption'.format(hash_algorithm, signature_algorithm)
+
+    @classmethod
+    def get_code_size(cls):
+        return 2
+
+
+TlsSignatureAndHashAlgorithm = CryptoDataEnumCodedBase(
+    'TlsSignatureAndHashAlgorithm', CryptoDataEnumCodedBase.get_json_records(HashAndSignatureAlgorithmParams)
+)
+
+
+@attr.s(frozen=True)
+class EcPointFormatParams(CryptoDataParamsNamed, CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 1
+
+
+TlsECPointFormat = CryptoDataEnumCodedBase(
+    'TlsECPointFormat', CryptoDataEnumCodedBase.get_json_records(EcPointFormatParams)
+)
+
+
+@attr.s(frozen=True)
+class ProtocolNameParams(CryptoDataParamsEnumString):
+    pass
+
+
+TlsProtocolName = CryptoDataEnumCodedBase(
+    'TlsProtocolName', CryptoDataEnumCodedBase.get_json_records(ProtocolNameParams)
+)
+
+
+@attr.s(frozen=True)
+class NextProtocolNameParams(CryptoDataParamsEnumString):
+    pass
+
+
+TlsNextProtocolName = CryptoDataEnumCodedBase(
+    'TlsNextProtocolName', CryptoDataEnumCodedBase.get_json_records(NextProtocolNameParams)
+)
+
+
+@attr.s(frozen=True)
+class ExtensionTypeParams(CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 2
+
+
+TlsExtensionType = CryptoDataEnumCodedBase(
+    'ExtensionType', CryptoDataEnumCodedBase.get_json_records(ExtensionTypeParams)
+)
+
+
+@attr.s(frozen=True)
+class TokenBindingParamaterParams(CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 1
+
+
+TlsTokenBindingParamater = CryptoDataEnumCodedBase(
+    'TlsTokenBindingParamater', CryptoDataEnumCodedBase.get_json_records(TokenBindingParamaterParams)
+)
+
+
+@attr.s(frozen=True)
+class PskKeyExchangeModeParams(CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 1
+
+
+TlsPskKeyExchangeMode = CryptoDataEnumCodedBase(
+    'TlsPskKeyExchangeMode', CryptoDataEnumCodedBase.get_json_records(PskKeyExchangeModeParams)
+)
+
+
+@attr.s(frozen=True)
+class CertificateCompressionAlgorithmParams(CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 2
+
+
+TlsCertificateCompressionAlgorithm = CryptoDataEnumCodedBase(
+    'TlsCertificateCompressionAlgorithm',
+    CryptoDataEnumCodedBase.get_json_records(CertificateCompressionAlgorithmParams)
+)
+
+
+@attr.s(frozen=True)
+class CipherParamsBase(CryptoDataParamsEnumNumeric, GradeableComplex):  # pylint: disable=too-many-instance-attributes
+    iana_name = attr.ib(validator=attr.validators.optional(attr.validators.instance_of(six.string_types)))
+    iana_name = attr.ib(validator=attr.validators.optional(attr.validators.instance_of(six.string_types)))
+    openssl_name = attr.ib(validator=attr.validators.optional(attr.validators.instance_of(six.string_types)))
+    key_exchange = attr.ib(
+        converter=convert_enum(KeyExchange),
+        validator=attr.validators.optional(attr.validators.instance_of(KeyExchange)),
+    )
+    authentication = attr.ib(
+        converter=convert_enum(Authentication),
+        validator=attr.validators.optional(attr.validators.instance_of(Authentication)),
+    )
+    bulk_cipher = attr.ib(
+        converter=convert_enum(BlockCipher),
+        validator=attr.validators.optional(attr.validators.instance_of(BlockCipher)),
+    )
+    block_cipher_mode = attr.ib(
+        converter=convert_enum(BlockCipherMode),
+        validator=attr.validators.optional(attr.validators.instance_of(BlockCipherMode)),
+    )
+    mac = attr.ib(
+        converter=convert_enum(MAC),
+        validator=attr.validators.optional(attr.validators.instance_of(MAC)),
+    )
+    authenticated_encryption = attr.ib(validator=attr.validators.instance_of(bool))
+    initial_version = attr.ib(
+        converter=convert_enum(TlsVersion),
+        validator=attr.validators.instance_of(TlsVersion),
+    )
+    last_version = attr.ib(init=False, validator=attr.validators.instance_of(TlsVersion))
+    export_grade = attr.ib(init=False, validator=attr.validators.instance_of(bool))
+
+    @classmethod
+    @abc.abstractmethod
+    def get_code_size(cls):
+        raise NotImplementedError()
+
+    def __attrs_post_init__(self):
+        if self.initial_version == TlsVersion.SSL2:
+            object.__setattr__(self, 'last_version', TlsVersion.SSL2)
+        else:
+            if self.code & 0xff00 in [0x1300, 0x7e00, 0x7f00]:
+                object.__setattr__(self, 'last_version', TlsVersion.TLS1_3)
+            else:
+                object.__setattr__(self, 'last_version', TlsVersion.TLS1_2)
+
+        object.__setattr__(self, 'export_grade', self.iana_name is not None and '_EXPORT' in self.iana_name)
+
+        vulnerability_parts = collections.OrderedDict([
+            (KeyExchange, self.key_exchange),
+            (Authentication, self.authentication),
+            (BlockCipher, self.bulk_cipher),
+            (BlockCipherMode, self.block_cipher_mode),
+            (MAC, self.mac),
+        ])
+
+        gradeables = []
+        for algorithm in vulnerability_parts.values():
+            if algorithm is None:
+                continue
+
+            gradeables.append(algorithm.value)
+
+        object.__setattr__(self, 'gradeables', gradeables)
+
+        attr.validate(self)
+
+    def __str__(self):
+        if self.iana_name is None:
+            result = six.next(
+                cipher_suite
+                for cipher_suite in TlsCipherSuite
+                if cipher_suite.value.code == self.code
+            ).name
+        else:
+            result = self.iana_name
+
+        if self.openssl_name:
+            result += ' (' + self.openssl_name + ')'
+
+        return result
+
+
+@attr.s(frozen=True)
+class CipherSuiteParams(CipherParamsBase):
+    @classmethod
+    def get_code_size(cls):
+        return 2
+
+
+TlsCipherSuite = CryptoDataEnumCodedBase('TlsCipherSuite', CryptoDataEnumCodedBase.get_json_records(CipherSuiteParams))
+
+
+@attr.s(frozen=True)
+class CipherKindParams(CipherParamsBase):
+    @classmethod
+    def get_code_size(cls):
+        return 3
+
+
+SslCipherKind = CryptoDataEnumCodedBase('SslCipherKind', CryptoDataEnumCodedBase.get_json_records(CipherKindParams))
+
+
+class CipherSuiteExtensionParams(CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 2
+
+
+TlsCipherSuiteExtension = CryptoDataEnumCodedBase(
+    'TlsCipherSuiteExtension', CryptoDataEnumCodedBase.get_json_records(CipherSuiteExtensionParams)
+)
+
+
+class GreaseOneByteParams(CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 1
+
+
+TlsGreaseOneByte = CryptoDataEnumCodedBase(
+    'TlsGreaseOneByte', CryptoDataEnumCodedBase.get_json_records(GreaseOneByteParams)
+)
+
+
+class GreaseTwoByteParams(CryptoDataParamsEnumNumeric):
+    @classmethod
+    def get_code_size(cls):
+        return 2
+
+
+TlsGreaseTwoByte = CryptoDataEnumCodedBase(
+    'TlsGreaseTwoByte', CryptoDataEnumCodedBase.get_json_records(GreaseTwoByteParams)
+)

cryptodatahub/tls/certificate-compression-algorithm.json

@@ -0,0 +1,14 @@
+{
+    "ZLIB": {
+        "code": 1,
+        "_code_in_hex": "0x0001"
+    },
+    "BROTLI": {
+        "code": 2,
+        "_code_in_hex": "0x0002"
+    },
+    "ZSTD": {
+        "code": 3,
+        "_code_in_hex": "0x0003"
+    }
+}

cryptodatahub/tls/cipher-kind.json

@@ -0,0 +1,171 @@
+{
+    "SSL_CK_NULL_WITH_MD5": {
+        "_code_in_hex": "0x000000",
+        "code": 0,
+        "iana_name": "SSL_CK_NULL_WITH_MD5",
+        "openssl_name": "NULL-MD5",
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": null,
+        "block_cipher_mode": null,
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_RC4_128_WITH_MD5": {
+        "_code_in_hex": "0x010080",
+        "code": 65664,
+        "iana_name": "SSL_CK_RC4_128_WITH_MD5",
+        "openssl_name": "RC4-MD5",
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "RC4_128",
+        "block_cipher_mode": null,
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_RC4_128_EXPORT40_WITH_MD5": {
+        "_code_in_hex": "0x020080",
+        "code": 131200,
+        "iana_name": "SSL_CK_RC4_128_EXPORT40_WITH_MD5",
+        "openssl_name": "EXP-RC4-MD5",
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "RC4_128",
+        "block_cipher_mode": "CBC",
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_RC2_128_CBC_WITH_MD5": {
+        "_code_in_hex": "0x030080",
+        "code": 196736,
+        "iana_name": "SSL_CK_RC2_128_CBC_WITH_MD5",
+        "openssl_name": "RC2-CBC-MD5",
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "RC2_128",
+        "block_cipher_mode": "CBC",
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5": {
+        "_code_in_hex": "0x040080",
+        "code": 262272,
+        "iana_name": "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5",
+        "openssl_name": "EXP-RC2-CBC-MD5",
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "RC2_128",
+        "block_cipher_mode": "CBC",
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_IDEA_128_CBC_WITH_MD5": {
+        "_code_in_hex": "0x050080",
+        "code": 327808,
+        "iana_name": "SSL_CK_IDEA_128_CBC_WITH_MD5",
+        "openssl_name": "IDEA-CBC-MD5",
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "IDEA_128",
+        "block_cipher_mode": "CBC",
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_DES_64_CBC_WITH_MD5": {
+        "_code_in_hex": "0x060040",
+        "code": 393280,
+        "iana_name": "SSL_CK_DES_64_CBC_WITH_MD5",
+        "openssl_name": "DES-CBC-MD5",
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "DES",
+        "block_cipher_mode": "CBC",
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_DES_64_CBC_WITH_SHA": {
+        "_code_in_hex": "0x060140",
+        "code": 393536,
+        "iana_name": "SSL_CK_DES_64_CBC_WITH_SHA",
+        "openssl_name": null,
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "DES",
+        "block_cipher_mode": "CBC",
+        "mac": "SHA1",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_DES_192_EDE3_CBC_WITH_MD5": {
+        "_code_in_hex": "0x0700c0",
+        "code": 458944,
+        "iana_name": "SSL_CK_DES_192_EDE3_CBC_WITH_MD5",
+        "openssl_name": null,
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "TRIPLE_DES_EDE",
+        "block_cipher_mode": "CBC",
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_DES_192_EDE3_CBC_WITH_SHA": {
+        "_code_in_hex": "0x0701c0",
+        "code": 459200,
+        "iana_name": "SSL_CK_DES_192_EDE3_CBC_WITH_SHA",
+        "openssl_name": null,
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "TRIPLE_DES",
+        "block_cipher_mode": "CBC",
+        "mac": "SHA1",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_RC4_64_WITH_MD5": {
+        "_code_in_hex": "0x080080",
+        "code": 524416,
+        "iana_name": "SSL_CK_RC4_64_WITH_MD5",
+        "openssl_name": "RC4-64-MD5",
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "RC4_64",
+        "block_cipher_mode": null,
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_DES_64_CFB64_WITH_MD5_1": {
+        "_code_in_hex": "0xff8000",
+        "code": 16744448,
+        "iana_name": "SSL_CK_DES_64_CFB64_WITH_MD5_1",
+        "openssl_name": null,
+        "key_exchange": "RSA",
+        "authentication": "RSA",
+        "bulk_cipher": "DES",
+        "block_cipher_mode": "CFB",
+        "mac": "MD5",
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    },
+    "SSL_CK_NULL": {
+        "_code_in_hex": "0xff8010",
+        "code": 16744464,
+        "iana_name": "SSL_CK_NULL",
+        "openssl_name": null,
+        "key_exchange": "NULL",
+        "authentication": null,
+        "bulk_cipher": null,
+        "block_cipher_mode": null,
+        "mac": null,
+        "authenticated_encryption": false,
+        "initial_version": "SSL2"
+    }
+}

cryptodatahub/tls/cipher-suite-extension.json

@@ -0,0 +1,10 @@
+{
+    "FALLBACK_SCSV": {
+        "_code_in_hex": "0x5600",
+        "code": 22016
+    },
+    "EMPTY_RENEGOTIATION_INFO_SCSV": {
+        "_code_in_hex": "0x00ff",
+        "code": 255
+    }
+}