MCPcopy
hub / github.com/XX-net/XX-Net / _handle_pha

Method _handle_pha

code/default/lib/noarch/tlslite/tlsrecordlayer.py:667–753  ·  view source on GitHub ↗
(self, cert_request)

Source from the content-addressed store, hash-verified

665 #*********************************************************
666
667 def _handle_pha(self, cert_request):
668 cert, p_key = self._client_keypair
669
670 handshake_context = self._first_handshake_hashes.copy()
671 handshake_context.update(cert_request.write())
672
673 prf_name = 'sha256'
674 prf_size = 32
675 if self.session.cipherSuite in CipherSuite.sha384PrfSuites:
676 prf_name = 'sha384'
677 prf_size = 48
678
679 msgs = []
680 msgs.append(Certificate(CertificateType.x509, self.version)
681 .create(cert, cert_request.certificate_request_context))
682 handshake_context.update(msgs[0].write())
683 if cert.x509List and p_key:
684 # sign the CertificateVerify only when we have a private key to do
685 # that
686 valid_sig_algs = cert_request.supported_signature_algs
687 if not valid_sig_algs:
688 for result in self._sendError(
689 AlertDescription.missing_extension,
690 "No signature algorithms found in CertificateRequest"):
691 yield result
692 avail_sig_algs = self._sigHashesToList(HandshakeSettings(), p_key,
693 cert, version=(3, 4))
694 sig_scheme = getFirstMatching(avail_sig_algs, valid_sig_algs)
695 scheme = SignatureScheme.toRepr(sig_scheme)
696 sig_scheme = getattr(SignatureScheme, scheme)
697
698 signature_context = \
699 KeyExchange.calcVerifyBytes((3, 4),
700 handshake_context,
701 sig_scheme, None, None, None,
702 prf_name, b'client')
703
704 if sig_scheme in (SignatureScheme.ed25519, SignatureScheme.ed448):
705 pad_type = None
706 hash_name = "intrinsic"
707 salt_len = None
708 sig_func = p_key.hashAndSign
709 ver_func = p_key.hashAndVerify
710 elif sig_scheme[1] == SignatureAlgorithm.ecdsa:
711 pad_type = None
712 hash_name = HashAlgorithm.toRepr(sig_scheme[0])
713 salt_len = None
714 sig_func = p_key.sign
715 ver_func = p_key.verify
716 else:
717 pad_type = SignatureScheme.getPadding(scheme)
718 hash_name = SignatureScheme.getHash(scheme)
719 salt_len = getattr(hashlib, hash_name)().digest_size
720 sig_func = p_key.sign
721 ver_func = p_key.verify
722
723 signature = sig_func(signature_context,
724 pad_type,

Callers 1

readAsyncMethod · 0.95

Calls 15

_sendErrorMethod · 0.95
createMethod · 0.95
writeMethod · 0.95
createMethod · 0.95
_sendMsgsMethod · 0.95
HandshakeSettingsClass · 0.85
getFirstMatchingFunction · 0.85
CertificateVerifyClass · 0.85
HKDF_expand_labelFunction · 0.85
secureHMACFunction · 0.85
FinishedClass · 0.85
_sigHashesToListMethod · 0.80

Tested by

no test coverage detected