Implement extended master secret in tlslite

third_party/tlslite/tlslite/messages.py

 # Authors: 
 #   Trevor Perrin
 #   Google - handling CertificateRequest.certificate_types
 #   Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support
 #   Dimitris Moraitis - Anon ciphersuites
 #   Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
 #
 # See the LICENSE file for legal information regarding use of this file.
 
 """Classes representing TLS messages."""
@@ skipping 74 matching lines @@
         w = Writer()
         w.add(self.level, 1)
         w.add(self.description, 1)
         return w.bytes
 
 
 class HandshakeMsg(object):
     def __init__(self, handshakeType):
         self.contentType = ContentType.handshake
         self.handshakeType = handshakeType
+        self.rawMessage = bytearray(0)

[davidben, 2015/08/17 17:10:22]

This and the bit below look like they're not needed.

[nharper, 2015/08/18 00:03:31]

Done.

     
     def postWrite(self, w):
         headerWriter = Writer()
         headerWriter.add(self.handshakeType, 1)
         headerWriter.add(len(w.bytes), 3)
-        return headerWriter.bytes + w.bytes
+        self.rawMessage = headerWriter.bytes + w.bytes
+        return self.rawMessage
 
 class ClientHello(HandshakeMsg):
     def __init__(self, ssl2=False):
         HandshakeMsg.__init__(self, HandshakeType.client_hello)
         self.ssl2 = ssl2
         self.client_version = (0,0)
         self.random = bytearray(32)
         self.session_id = bytearray(0)
         self.cipher_suites = []         # a list of 16-bit values
         self.certificate_types = [CertificateType.x509]
         self.compression_methods = []   # a list of 8-bit values
         self.srp_username = None        # a string
         self.tack = False
         self.supports_npn = False
         self.server_name = bytearray(0)
         self.channel_id = False
+        self.extended_master_secret = False
         self.support_signed_cert_timestamps = False
         self.status_request = False
 
     def create(self, version, random, session_id, cipher_suites,
                certificate_types=None, srpUsername=None,
                tack=False, supports_npn=False, serverName=None):
         self.client_version = version
         self.random = random
         self.session_id = session_id
         self.cipher_suites = cipher_suites
@@ skipping 51 matching lines @@
                         while 1:
                             if p2.atLengthCheck():
                                 break # no host_name, oh well
                             name_type = p2.get(1)
                             hostNameBytes = p2.getVarBytes(2)
                             if name_type == NameType.host_name:
                                 self.server_name = hostNameBytes
                                 break
                     elif extType == ExtensionType.channel_id:
                         self.channel_id = True
+                    elif extType == ExtensionType.extended_master_secret:
+                        self.extended_master_secret = True
                     elif extType == ExtensionType.signed_cert_timestamps:
                         if extLength:
                             raise SyntaxError()
                         self.support_signed_cert_timestamps = True
                     elif extType == ExtensionType.status_request:
                         # Extension contents are currently ignored.
                         # According to RFC 6066, this is not strictly forbidden
                         # (although it is suboptimal):
                         # Servers that receive a client hello containing the
                         # "status_request" extension MAY return a suitable
@@ skipping 62 matching lines @@
         self.server_version = (0,0)
         self.random = bytearray(32)
         self.session_id = bytearray(0)
         self.cipher_suite = 0
         self.certificate_type = CertificateType.x509
         self.compression_method = 0
         self.tackExt = None
         self.next_protos_advertised = None
         self.next_protos = None
         self.channel_id = False
+        self.extended_master_secret = False
         self.signed_cert_timestamps = None
         self.status_request = False
 
     def create(self, version, random, session_id, cipher_suite,
                certificate_type, tackExt, next_protos_advertised):
         self.server_version = version
         self.random = random
         self.session_id = session_id
         self.cipher_suite = cipher_suite
         self.certificate_type = certificate_type
@@ skipping 71 matching lines @@
             w2.add(len(b), 2)
             w2.bytes += b
         if self.next_protos_advertised is not None:
             encoded_next_protos_advertised = self.__next_protos_encoded()
             w2.add(ExtensionType.supports_npn, 2)
             w2.add(len(encoded_next_protos_advertised), 2)
             w2.addFixSeq(encoded_next_protos_advertised, 1)
         if self.channel_id:
             w2.add(ExtensionType.channel_id, 2)
             w2.add(0, 2)
+        if self.extended_master_secret:
+            w2.add(ExtensionType.extended_master_secret, 2)
+            w2.add(0, 2)
         if self.signed_cert_timestamps:
             w2.add(ExtensionType.signed_cert_timestamps, 2)
             w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)
         if self.status_request:
             w2.add(ExtensionType.status_request, 2)
             w2.add(0, 2)
         if len(w2.bytes):
             w.add(len(w2.bytes), 2)
             w.bytes += w2.bytes        
         return self.postWrite(w)
@@ skipping 425 matching lines @@
         newMsg = ApplicationData().create(self.bytes[:1])
         self.bytes = self.bytes[1:]
         return newMsg
 
     def parse(self, p):
         self.bytes = p.bytes
         return self
 
     def write(self):
         return self.bytes