Reland 'Require ECDHE for False Start.'

third_party/tlslite/tlslite/messages.py

Index: third_party/tlslite/tlslite/messages.py
diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
index f2e2cfc2455ec8c3aa2fdb010c397c5748fae0b9..9aeff6d010c69a699c148b34ad580609320ac0f1 100644
--- a/third_party/tlslite/tlslite/messages.py
+++ b/third_party/tlslite/tlslite/messages.py
@@ -509,10 +509,13 @@ class ServerKeyExchange(HandshakeMsg):
         self.srp_g = 0
         self.srp_s = bytearray(0)
         self.srp_B = 0
-        # Anon DH params:
+        # DH params:
         self.dh_p = 0
         self.dh_g = 0
         self.dh_Ys = 0
+        # ECDH params:
+        self.ecdhCurve = 0
+        self.ecdhPublic = bytearray(0)
         self.signature = bytearray(0)
 
     def createSRP(self, srp_N, srp_g, srp_s, srp_B):
@@ -528,6 +531,11 @@ class ServerKeyExchange(HandshakeMsg):
         self.dh_Ys = dh_Ys
         return self
 
+    def createECDH(self, ecdhCurve, ecdhPublic):
+        self.ecdhCurve = ecdhCurve
+        self.ecdhPublic = ecdhPublic
+        return self
+
     def parse(self, p):
         p.startLengthCheck(3)
         if self.cipherSuite in CipherSuite.srpAllSuites:
@@ -555,6 +563,10 @@ class ServerKeyExchange(HandshakeMsg):
             w.addVarSeq(numberToByteArray(self.dh_p), 1, 2)
             w.addVarSeq(numberToByteArray(self.dh_g), 1, 2)
             w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2)
+        elif self.cipherSuite in CipherSuite.ecdhAllSuites:
+            w.add(ECCurveType.named_curve, 1)
+            w.add(self.ecdhCurve, 2)
+            w.addVarSeq(self.ecdhPublic, 1, 1)
         else:
             assert(False)
         return w.bytes
@@ -626,7 +638,9 @@ class ClientKeyExchange(HandshakeMsg):
             else:
                 raise AssertionError()
         elif self.cipherSuite in CipherSuite.dhAllSuites:
-            self.dh_Yc = bytesToNumber(p.getVarBytes(2))            
+            self.dh_Yc = bytesToNumber(p.getVarBytes(2))
+        elif self.cipherSuite in CipherSuite.ecdhAllSuites:
+            self.ecdh_Yc = p.getVarBytes(1)
         else:
             raise AssertionError()
         p.stopLengthCheck()