third_party/tlslite/patches/extended_master_secret.patch - Issue 1283373002: Implement extended master secret in tlslite

Side by Side Diff: third_party/tlslite/patches/extended_master_secret.patch

Issue 1283373002: Implement extended master secret in tlslite (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Address davidben's comments Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py
	davidben 2015/08/17 17:10:21 [I'm assuming this patch is accurate.] [I'm assuming this patch is accurate.] nharper 2015/08/18 00:03:31 I've been updating it with git diff after each pat Show quoted text On 2015/08/17 17:10:21, David Benjamin wrote: > [I'm assuming this patch is accurate.] I've been updating it with git diff after each patchset.
	2 index 6d78a20..f9c8676 100644

	3 --- a/third_party/tlslite/tlslite/constants.py

	4 +++ b/third_party/tlslite/tlslite/constants.py

	5 @@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366

	6 srp = 12 # RFC 5054

	7 cert_type = 9 # RFC 6091

	8 signed_cert_timestamps = 18 # RFC 6962

	9 + extended_master_secret = 23 # draft-ietf-tls-session-hash-06

	10 tack = 0xF300

	11 supports_npn = 13172

	12 channel_id = 30032

	13 diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslit e/mathtls.py

	14 index 60a331a..0a23fe1 100644

	15 --- a/third_party/tlslite/tlslite/mathtls.py

	16 +++ b/third_party/tlslite/tlslite/mathtls.py

	17 @@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length):

	18 index += 1

	19 return bytes

	20

	21 -def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):

	22 +def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom,

	23 + handshakeHash, useExtendedMasterSecret):

	24 + label = b"master secret"

	25 + seed = clientRandom + serverRandom

	26 + if useExtendedMasterSecret:

	27 + label = b"extended master secret"

	28 + seed = handshakeHash

	29 +

	30 if version == (3,0):

	31 - masterSecret = PRF_SSL(premasterSecret,

	32 - clientRandom + serverRandom, 48)

	33 + masterSecret = PRF_SSL(premasterSecret, seed, 48)

	34 elif version in ((3,1), (3,2)):

	35 - masterSecret = PRF(premasterSecret, b"master secret",

	36 - clientRandom + serverRandom, 48)

	37 + masterSecret = PRF(premasterSecret, label, seed, 48)

	38 elif version == (3,3):

	39 - masterSecret = PRF_1_2(premasterSecret, b"master secret",

	40 - clientRandom + serverRandom, 48)

	41 + masterSecret = PRF_1_2(premasterSecret, label, seed, 48)

	42 else:

	43 raise AssertionError()

	44 return masterSecret

	45 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli te/messages.py

	46 index 9aeff6d..0bdaf96 100644

	47 --- a/third_party/tlslite/tlslite/messages.py

	48 +++ b/third_party/tlslite/tlslite/messages.py

	49 @@ -92,12 +92,14 @@ class HandshakeMsg(object):

	50 def __init__(self, handshakeType):

	51 self.contentType = ContentType.handshake

	52 self.handshakeType = handshakeType

	53 + self.rawMessage = bytearray(0)

	54

	55 def postWrite(self, w):

	56 headerWriter = Writer()

	57 headerWriter.add(self.handshakeType, 1)

	58 headerWriter.add(len(w.bytes), 3)

	59 - return headerWriter.bytes + w.bytes

	60 + self.rawMessage = headerWriter.bytes + w.bytes

	61 + return self.rawMessage

	62

	63 class ClientHello(HandshakeMsg):

	64 def __init__(self, ssl2=False):

	65 @@ -114,6 +116,7 @@ class ClientHello(HandshakeMsg):

	66 self.supports_npn = False

	67 self.server_name = bytearray(0)

	68 self.channel_id = False

	69 + self.extended_master_secret = False

	70 self.support_signed_cert_timestamps = False

	71 self.status_request = False

	72

	73 @@ -185,6 +188,8 @@ class ClientHello(HandshakeMsg):

	74 break

	75 elif extType == ExtensionType.channel_id:

	76 self.channel_id = True

	77 + elif extType == ExtensionType.extended_master_secret:

	78 + self.extended_master_secret = True

	79 elif extType == ExtensionType.signed_cert_timestamps:

	80 if extLength:

	81 raise SyntaxError()

	82 @@ -267,6 +272,7 @@ class ServerHello(HandshakeMsg):

	83 self.next_protos_advertised = None

	84 self.next_protos = None

	85 self.channel_id = False

	86 + self.extended_master_secret = False

	87 self.signed_cert_timestamps = None

	88 self.status_request = False

	89

	90 @@ -358,6 +364,9 @@ class ServerHello(HandshakeMsg):

	91 if self.channel_id:

	92 w2.add(ExtensionType.channel_id, 2)

	93 w2.add(0, 2)

	94 + if self.extended_master_secret:

	95 + w2.add(ExtensionType.extended_master_secret, 2)

	96 + w2.add(0, 2)

	97 if self.signed_cert_timestamps:

	98 w2.add(ExtensionType.signed_cert_timestamps, 2)

	99 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)

	100 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py

	101 index dfac274..11094fc 100644

	102 --- a/third_party/tlslite/tlslite/tlsconnection.py

	103 +++ b/third_party/tlslite/tlslite/tlsconnection.py

	104 @@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer):

	105 masterSecret = calcMasterSecret(self.version,

	106 premasterSecret,

	107 clientRandom,

	108 - serverRandom)

	109 + serverRandom,

	110 + b"", False)

	111 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")

	112 elif self.version in ((3,1), (3,2)):

	113 verifyBytes = self._handshake_md5.digest() + \

	114 @@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer):

	115 cipherSuite, cipherImplementations, nextProto):

	116

	117 masterSecret = calcMasterSecret(self.version, premasterSecret,

	118 - clientRandom, serverRandom)

	119 + clientRandom, serverRandom, b"", False)

	120 self._calcPendingStates(cipherSuite, masterSecret,

	121 clientRandom, serverRandom,

	122 cipherImplementations)

	123 @@ -1326,6 +1327,7 @@ class TLSConnection(TLSRecordLayer):

	124 cipherSuite, CertificateType.x509, tackExt,

	125 nextProtos)

	126 serverHello.channel_id = clientHello.channel_id

	127 + serverHello.extended_master_secret = clientHello.extended_master_secret

	128 if clientHello.support_signed_cert_timestamps:

	129 serverHello.signed_cert_timestamps = signedCertTimestamps

	130 if clientHello.status_request:

	131 @@ -1383,7 +1385,8 @@ class TLSConnection(TLSRecordLayer):

	132 for result in self._serverFinished(premasterSecret,

	133 clientHello.random, serverHello.random,

	134 cipherSuite, settings.cipherImplementations,

	135 - nextProtos, clientHello.channel_id):

	136 + nextProtos, clientHello.channel_id,

	137 + clientHello.extended_master_secret):

	138 if result in (0,1): yield result

	139 else: break

	140 masterSecret = result

	141 @@ -1523,6 +1526,8 @@ class TLSConnection(TLSRecordLayer):

	142 serverHello.create(self.version, getRandomBytes(32),

	143 session.sessionID, session.cipherSuite,

	144 CertificateType.x509, None, None)

	145 + serverHello.extended_master_secret = \

	146 + clientHello.extended_master_secret

	147 for result in self._sendMsg(serverHello):

	148 yield result

	149

	150 @@ -1743,7 +1748,8 @@ class TLSConnection(TLSRecordLayer):

	151 if clientCertChain:

	152 if self.version == (3,0):

	153 masterSecret = calcMasterSecret(self.version, premasterSecret,

	154 - clientHello.random, serverHello.random )

	155 + clientHello.random, serverHello.random ,

	156 + b"", False)

	157 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")

	158 elif self.version in ((3,1), (3,2)):

	159 verifyBytes = self._handshake_md5.digest() + \

	160 @@ -1827,9 +1833,11 @@ class TLSConnection(TLSRecordLayer):

	161

	162 def _serverFinished(self, premasterSecret, clientRandom, serverRandom,

	163 cipherSuite, cipherImplementations, nextProtos,

	164 - doingChannelID):

	165 + doingChannelID, useExtendedMasterSecret):

	166 masterSecret = calcMasterSecret(self.version, premasterSecret,

	167 - clientRandom, serverRandom)

	168 + clientRandom, serverRandom,

	169 + self._getHandshakeHash(),

	170 + useExtendedMasterSecret)

	171

	172 #Calculate pending connection states

	173 self._calcPendingStates(cipherSuite, masterSecret,

	174 diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite /tlslite/tlsrecordlayer.py

	175 index c3bcd8c..b7d68a7a 100644

	176 --- a/third_party/tlslite/tlslite/tlsrecordlayer.py

	177 +++ b/third_party/tlslite/tlslite/tlsrecordlayer.py

	178 @@ -1256,3 +1256,9 @@ class TLSRecordLayer(object):

	179

	180 return md5Bytes + shaBytes

	181

	182 + def _getHandshakeHash(self):

	183 + if self.version in ((3,1), (3,2)):

	184 + return self._handshake_md5.digest() + \

	185 + self._handshake_sha.digest()

	186 + elif self.version == (3,3):

	187 + return self._handshake_sha256.digest()

OLD	NEW

« no previous file with comments | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/tlslite/constants.py » ('j') | third_party/tlslite/tlslite/messages.py » ('J')