Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/patches/ecdhe_rsa.patch

Issue 1055683005: Revert of Require ECDHE for False Start. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/tlslite/constants.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py
2 index e5b88af..6d78a20 100644
3 --- a/third_party/tlslite/tlslite/constants.py
4 +++ b/third_party/tlslite/tlslite/constants.py
5 @@ -76,6 +76,14 @@ class SignatureAlgorithm:
6 class NameType:
7 host_name = 0
8
9 +class ECCurveType:
10 + explicit_prime = 1
11 + explicit_char2 = 2
12 + named_curve = 3
13 +
14 +class NamedCurve:
15 + secp256r1 = 23
16 +
17 class AlertLevel:
18 warning = 1
19 fatal = 2
20 @@ -178,11 +186,19 @@ class CipherSuite:
21 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C
22 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E
23
24 + TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xc011
25 + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xc012
26 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xc013
27 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xc014
28 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xc027
29 + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xc02f
30 +
31 tripleDESSuites = []
32 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
33 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
34 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
35 tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
36 + tripleDESSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
37
38 aes128Suites = []
39 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
40 @@ -192,6 +208,8 @@ class CipherSuite:
41 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
42 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256)
43 aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
44 + aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
45 + aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
46
47 aes256Suites = []
48 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
49 @@ -201,14 +219,17 @@ class CipherSuite:
50 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
51 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256)
52 aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
53 + aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
54
55 aes128GcmSuites = []
56 aes128GcmSuites.append(TLS_RSA_WITH_AES_128_GCM_SHA256)
57 aes128GcmSuites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
58 + aes128GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
59
60 rc4Suites = []
61 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA)
62 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5)
63 + rc4Suites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
64
65 shaSuites = []
66 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
67 @@ -226,6 +247,10 @@ class CipherSuite:
68 shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
69 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
70 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
71 + shaSuites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
72 + shaSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
73 + shaSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
74 + shaSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
75
76 sha256Suites = []
77 sha256Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256)
78 @@ -234,6 +259,9 @@ class CipherSuite:
79 sha256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
80 sha256Suites.append(TLS_RSA_WITH_AES_128_GCM_SHA256)
81 sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
82 + sha256Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
83 + sha256Suites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
84 +
85
86 aeadSuites = aes128GcmSuites
87
88 @@ -275,6 +303,8 @@ class CipherSuite:
89 keyExchangeSuites += CipherSuite.certSuites
90 if "dhe_rsa" in keyExchangeNames:
91 keyExchangeSuites += CipherSuite.dheCertSuites
92 + if "ecdhe_rsa" in keyExchangeNames:
93 + keyExchangeSuites += CipherSuite.ecdheCertSuites
94 if "srp_sha" in keyExchangeNames:
95 keyExchangeSuites += CipherSuite.srpSuites
96 if "srp_sha_rsa" in keyExchangeNames:
97 @@ -335,7 +365,19 @@ class CipherSuite:
98 def getDheCertSuites(settings, version=None):
99 return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings, v ersion)
100
101 - certAllSuites = srpCertSuites + certSuites + dheCertSuites
102 + ecdheCertSuites = []
103 + ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
104 + ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
105 + ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
106 + ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
107 + ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
108 + ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
109 +
110 + @staticmethod
111 + def getEcdheCertSuites(settings, version=None):
112 + return CipherSuite._filterSuites(CipherSuite.ecdheCertSuites, settings, version)
113 +
114 + certAllSuites = srpCertSuites + certSuites + dheCertSuites + ecdheCertSuite s
115
116 anonSuites = []
117 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
118 @@ -346,6 +388,7 @@ class CipherSuite:
119 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings, vers ion)
120
121 dhAllSuites = dheCertSuites + anonSuites
122 + ecdhAllSuites = ecdheCertSuites
123
124 @staticmethod
125 def canonicalCipherName(ciphersuite):
126 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlsl ite/tlslite/handshakesettings.py
127 index e752834..605ed42 100644
128 --- a/third_party/tlslite/tlslite/handshakesettings.py
129 +++ b/third_party/tlslite/tlslite/handshakesettings.py
130 @@ -14,7 +14,7 @@ from .utils import cipherfactory
131 CIPHER_NAMES = ["aes128gcm", "rc4", "aes256", "aes128", "3des"]
132 MAC_NAMES = ["sha", "sha256", "aead"] # Don't allow "md5" by default.
133 ALL_MAC_NAMES = MAC_NAMES + ["md5"]
134 -KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"]
135 +KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "ecdhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"]
136 CIPHER_IMPLEMENTATIONS = ["openssl", "pycrypto", "python"]
137 CERTIFICATE_TYPES = ["x509"]
138 TLS_INTOLERANCE_TYPES = ["alert", "close", "reset"]
139 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli te/messages.py
140 index f2e2cfc..9aeff6d 100644
141 --- a/third_party/tlslite/tlslite/messages.py
142 +++ b/third_party/tlslite/tlslite/messages.py
143 @@ -509,10 +509,13 @@ class ServerKeyExchange(HandshakeMsg):
144 self.srp_g = 0
145 self.srp_s = bytearray(0)
146 self.srp_B = 0
147 - # Anon DH params:
148 + # DH params:
149 self.dh_p = 0
150 self.dh_g = 0
151 self.dh_Ys = 0
152 + # ECDH params:
153 + self.ecdhCurve = 0
154 + self.ecdhPublic = bytearray(0)
155 self.signature = bytearray(0)
156
157 def createSRP(self, srp_N, srp_g, srp_s, srp_B):
158 @@ -528,6 +531,11 @@ class ServerKeyExchange(HandshakeMsg):
159 self.dh_Ys = dh_Ys
160 return self
161
162 + def createECDH(self, ecdhCurve, ecdhPublic):
163 + self.ecdhCurve = ecdhCurve
164 + self.ecdhPublic = ecdhPublic
165 + return self
166 +
167 def parse(self, p):
168 p.startLengthCheck(3)
169 if self.cipherSuite in CipherSuite.srpAllSuites:
170 @@ -555,6 +563,10 @@ class ServerKeyExchange(HandshakeMsg):
171 w.addVarSeq(numberToByteArray(self.dh_p), 1, 2)
172 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2)
173 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2)
174 + elif self.cipherSuite in CipherSuite.ecdhAllSuites:
175 + w.add(ECCurveType.named_curve, 1)
176 + w.add(self.ecdhCurve, 2)
177 + w.addVarSeq(self.ecdhPublic, 1, 1)
178 else:
179 assert(False)
180 return w.bytes
181 @@ -626,7 +638,9 @@ class ClientKeyExchange(HandshakeMsg):
182 else:
183 raise AssertionError()
184 elif self.cipherSuite in CipherSuite.dhAllSuites:
185 - self.dh_Yc = bytesToNumber(p.getVarBytes(2))
186 + self.dh_Yc = bytesToNumber(p.getVarBytes(2))
187 + elif self.cipherSuite in CipherSuite.ecdhAllSuites:
188 + self.ecdh_Yc = p.getVarBytes(1)
189 else:
190 raise AssertionError()
191 p.stopLengthCheck()
192 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py
193 index 0a85d3c..dfac274 100644
194 --- a/third_party/tlslite/tlslite/tlsconnection.py
195 +++ b/third_party/tlslite/tlslite/tlsconnection.py
196 @@ -24,6 +24,7 @@ from .mathtls import *
197 from .handshakesettings import HandshakeSettings
198 from .utils.tackwrapper import *
199 from .utils.rsakey import RSAKey
200 +from .utils import p256
201
202 class KeyExchange(object):
203 def __init__(self, cipherSuite, clientHello, serverHello, privateKey):
204 @@ -127,6 +128,25 @@ DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
205 S = powMod(dh_Yc, self.dh_Xs, self.dh_p)
206 return numberToByteArray(S)
207
208 +class ECDHE_RSAKeyExchange(KeyExchange):
209 + def makeServerKeyExchange(self):
210 + public, self.private = p256.generatePublicPrivate()
211 +
212 + version = self.serverHello.server_version
213 + serverKeyExchange = ServerKeyExchange(self.cipherSuite, version)
214 + serverKeyExchange.createECDH(NamedCurve.secp256r1, bytearray(public))
215 + hashBytes = serverKeyExchange.hash(self.clientHello.random,
216 + self.serverHello.random)
217 + if version >= (3,3):
218 + # TODO: Signature algorithm negotiation not supported.
219 + hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes)
220 + serverKeyExchange.signature = self.privateKey.sign(hashBytes)
221 + return serverKeyExchange
222 +
223 + def processClientKeyExchange(self, clientKeyExchange):
224 + ecdh_Yc = clientKeyExchange.ecdh_Yc
225 + return bytearray(p256.generateSharedValue(bytes(ecdh_Yc), self.private) )
226 +
227 class TLSConnection(TLSRecordLayer):
228 """
229 This class wraps a socket and provides TLS handshaking and data
230 @@ -1321,9 +1341,8 @@ class TLSConnection(TLSRecordLayer):
231 else: break
232 premasterSecret = result
233
234 - # Perform the RSA or DHE_RSA key exchange
235 - elif (cipherSuite in CipherSuite.certSuites or
236 - cipherSuite in CipherSuite.dheCertSuites):
237 + # Perform a certificate-based key exchange
238 + elif cipherSuite in CipherSuite.certAllSuites:
239 if cipherSuite in CipherSuite.certSuites:
240 keyExchange = RSAKeyExchange(cipherSuite,
241 clientHello,
242 @@ -1334,6 +1353,11 @@ class TLSConnection(TLSRecordLayer):
243 clientHello,
244 serverHello,
245 privateKey)
246 + elif cipherSuite in CipherSuite.ecdheCertSuites:
247 + keyExchange = ECDHE_RSAKeyExchange(cipherSuite,
248 + clientHello,
249 + serverHello,
250 + privateKey)
251 else:
252 assert(False)
253 for result in self._serverCertKeyExchange(clientHello, serverHello,
254 @@ -1450,6 +1474,7 @@ class TLSConnection(TLSRecordLayer):
255 CipherSuite.getSrpCertSuites(settings, self.version)
256 cipherSuites += CipherSuite.getSrpSuites(settings, self.version)
257 elif certChain:
258 + cipherSuites += CipherSuite.getEcdheCertSuites(settings, self.versi on)
259 cipherSuites += CipherSuite.getDheCertSuites(settings, self.version )
260 cipherSuites += CipherSuite.getCertSuites(settings, self.version)
261 elif anon:
262 diff --git a/third_party/tlslite/tlslite/utils/p256.py b/third_party/tlslite/tls lite/utils/p256.py
263 index e69de29..6eb9a77 100644
264 --- a/third_party/tlslite/tlslite/utils/p256.py
265 +++ b/third_party/tlslite/tlslite/utils/p256.py
266 @@ -0,0 +1,162 @@
267 +# Author: Google
268 +# See the LICENSE file for legal information regarding use of this file.
269 +
270 +import os
271 +
272 +p = (
273 + 115792089210356248762697446949407573530086143415290314195533631308867097853 951)
274 +order = (
275 + 115792089210356248762697446949407573529996955224135760342422259061068512044 369)
276 +p256B = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b
277 +
278 +baseX = 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296
279 +baseY = 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5
280 +basePoint = (baseX, baseY)
281 +
282 +
283 +def _pointAdd(a, b):
284 + Z1Z1 = (a[2] * a[2]) % p
285 + Z2Z2 = (b[2] * b[2]) % p
286 + U1 = (a[0] * Z2Z2) % p
287 + U2 = (b[0] * Z1Z1) % p
288 + S1 = (a[1] * b[2] * Z2Z2) % p
289 + S2 = (b[1] * a[2] * Z1Z1) % p
290 + if U1 == U2 and S1 == S2:
291 + return pointDouble(a)
292 + H = (U2 - U1) % p
293 + I = (4 * H * H) % p
294 + J = (H * I) % p
295 + r = (2 * (S2 - S1)) % p
296 + V = (U1 * I) % p
297 + X3 = (r * r - J - 2 * V) % p
298 + Y3 = (r * (V - X3) - 2 * S1 * J) % p
299 + Z3 = (((a[2] + b[2]) * (a[2] + b[2]) - Z1Z1 - Z2Z2) * H) % p
300 +
301 + return (X3, Y3, Z3)
302 +
303 +
304 +def _pointDouble(a):
305 + delta = (a[2] * a[2]) % p
306 + gamma = (a[1] * a[1]) % p
307 + beta = (a[0] * gamma) % p
308 + alpha = (3 * (a[0] - delta) * (a[0] + delta)) % p
309 + X3 = (alpha * alpha - 8 * beta) % p
310 + Z3 = ((a[1] + a[2]) * (a[1] + a[2]) - gamma - delta) % p
311 + Y3 = (alpha * (4 * beta - X3) - 8 * gamma * gamma) % p
312 +
313 + return (X3, Y3, Z3)
314 +
315 +
316 +def _square(n):
317 + return (n * n)
318 +
319 +
320 +def _modpow(a, n, p):
321 + if n == 0:
322 + return 1
323 + if n == 1:
324 + return a
325 + r = _square(_modpow(a, n >> 1, p)) % p
326 + if n & 1 == 1:
327 + r = (r * a) % p
328 + return r
329 +
330 +
331 +def _scalarMult(k, point):
332 + accum = (0, 0, 0)
333 + accumIsInfinity = True
334 + jacobianPoint = (point[0], point[1], 1)
335 +
336 + for bit in range(255, -1, -1):
337 + if not accumIsInfinity:
338 + accum = _pointDouble(accum)
339 +
340 + if (k >> bit) & 1 == 1:
341 + if accumIsInfinity:
342 + accum = jacobianPoint
343 + accumIsInfinity = False
344 + else:
345 + accum = _pointAdd(accum, jacobianPoint)
346 +
347 + if accumIsInfinity:
348 + return (0, 0)
349 +
350 + zInv = _modpow(accum[2], p - 2, p)
351 + return ((accum[0] * zInv * zInv) % p, (accum[1] * zInv * zInv * zInv) % p)
352 +
353 +
354 +def _scalarBaseMult(k):
355 + return _scalarMult(k, basePoint)
356 +
357 +
358 +def _decodeBigEndian(b):
359 + return sum([ord(b[len(b) - i - 1]) << 8 * i for i in range(len(b))])
360 +
361 +
362 +def _encodeBigEndian(n):
363 + b = []
364 + while n != 0:
365 + b.append(chr(n & 0xff))
366 + n >>= 8
367 +
368 + if len(b) == 0:
369 + b.append(0)
370 + b.reverse()
371 +
372 + return "".join(b)
373 +
374 +
375 +def _zeroPad(b, length):
376 + if len(b) < length:
377 + return ("\x00" * (length - len(b))) + b
378 + return b
379 +
380 +
381 +def _encodePoint(point):
382 + x = point[0]
383 + y = point[1]
384 + if (y * y) % p != (x * x * x - 3 * x + p256B) % p:
385 + raise "point not on curve"
386 + return "\x04" + _zeroPad(_encodeBigEndian(point[0]), 32) + _zeroPad(
387 + _encodeBigEndian(point[1]), 32)
388 +
389 +
390 +def _decodePoint(b):
391 + if len(b) != 1 + 32 + 32 or ord(b[0]) != 4:
392 + raise "invalid encoded ec point"
393 + x = _decodeBigEndian(b[1:33])
394 + y = _decodeBigEndian(b[33:65])
395 + if (y * y) % p != (x * x * x - 3 * x + p256B) % p:
396 + raise "point not on curve"
397 + return (x, y)
398 +
399 +
400 +def generatePublicPrivate():
401 + """generatePublicPrivate returns a tuple of (X9.62 encoded public point,
402 + private value), where the private value is generated from os.urandom."""
403 + private = _decodeBigEndian(os.urandom(40)) % order
404 + return _encodePoint(_scalarBaseMult(private)), private
405 +
406 +
407 +def generateSharedValue(theirPublic, private):
408 + """generateSharedValue returns the encoded x-coordinate of the
409 + multiplication of a peer's X9.62 encoded point and a private value."""
410 + return _zeroPad(
411 + _encodeBigEndian(_scalarMult(private, _decodePoint(theirPublic))[0]),
412 + 32)
413 +
414 +if __name__ == "__main__":
415 + alice, alicePrivate = generatePublicPrivate()
416 + bob, bobPrivate = generatePublicPrivate()
417 +
418 + if generateSharedValue(alice, bobPrivate) != generateSharedValue(
419 + bob, alicePrivate):
420 + raise "simple DH test failed"
421 +
422 + (x, _) = _scalarBaseMult(1)
423 +
424 + for i in range(1000):
425 + (x, _) = _scalarBaseMult(x)
426 +
427 + if x != 2428281965257598569040586318034812501729437946720808289049534492833 635302706:
428 + raise "loop test failed"
OLDNEW
« no previous file with comments | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/tlslite/constants.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698