Index: third_party/tlslite/tlslite/tlsconnection.py |
diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
index dfac274b6e939f631db5099046c9b8f89838b60a..0a85d3cc98481d3e3f8afd1f8f4186ac5ce25bed 100644 |
--- a/third_party/tlslite/tlslite/tlsconnection.py |
+++ b/third_party/tlslite/tlslite/tlsconnection.py |
@@ -24,7 +24,6 @@ |
from .handshakesettings import HandshakeSettings |
from .utils.tackwrapper import * |
from .utils.rsakey import RSAKey |
-from .utils import p256 |
class KeyExchange(object): |
def __init__(self, cipherSuite, clientHello, serverHello, privateKey): |
@@ -127,25 +126,6 @@ |
S = powMod(dh_Yc, self.dh_Xs, self.dh_p) |
return numberToByteArray(S) |
- |
-class ECDHE_RSAKeyExchange(KeyExchange): |
- def makeServerKeyExchange(self): |
- public, self.private = p256.generatePublicPrivate() |
- |
- version = self.serverHello.server_version |
- serverKeyExchange = ServerKeyExchange(self.cipherSuite, version) |
- serverKeyExchange.createECDH(NamedCurve.secp256r1, bytearray(public)) |
- hashBytes = serverKeyExchange.hash(self.clientHello.random, |
- self.serverHello.random) |
- if version >= (3,3): |
- # TODO: Signature algorithm negotiation not supported. |
- hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes) |
- serverKeyExchange.signature = self.privateKey.sign(hashBytes) |
- return serverKeyExchange |
- |
- def processClientKeyExchange(self, clientKeyExchange): |
- ecdh_Yc = clientKeyExchange.ecdh_Yc |
- return bytearray(p256.generateSharedValue(bytes(ecdh_Yc), self.private)) |
class TLSConnection(TLSRecordLayer): |
""" |
@@ -1341,8 +1321,9 @@ |
else: break |
premasterSecret = result |
- # Perform a certificate-based key exchange |
- elif cipherSuite in CipherSuite.certAllSuites: |
+ # Perform the RSA or DHE_RSA key exchange |
+ elif (cipherSuite in CipherSuite.certSuites or |
+ cipherSuite in CipherSuite.dheCertSuites): |
if cipherSuite in CipherSuite.certSuites: |
keyExchange = RSAKeyExchange(cipherSuite, |
clientHello, |
@@ -1353,11 +1334,6 @@ |
clientHello, |
serverHello, |
privateKey) |
- elif cipherSuite in CipherSuite.ecdheCertSuites: |
- keyExchange = ECDHE_RSAKeyExchange(cipherSuite, |
- clientHello, |
- serverHello, |
- privateKey) |
else: |
assert(False) |
for result in self._serverCertKeyExchange(clientHello, serverHello, |
@@ -1474,7 +1450,6 @@ |
CipherSuite.getSrpCertSuites(settings, self.version) |
cipherSuites += CipherSuite.getSrpSuites(settings, self.version) |
elif certChain: |
- cipherSuites += CipherSuite.getEcdheCertSuites(settings, self.version) |
cipherSuites += CipherSuite.getDheCertSuites(settings, self.version) |
cipherSuites += CipherSuite.getCertSuites(settings, self.version) |
elif anon: |