| Index: third_party/tlslite/patches/extended_master_secret.patch
|
| diff --git a/third_party/tlslite/patches/extended_master_secret.patch b/third_party/tlslite/patches/extended_master_secret.patch
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..a166c0bbd13eebdc79589ed598d01aedb4951d0b
|
| --- /dev/null
|
| +++ b/third_party/tlslite/patches/extended_master_secret.patch
|
| @@ -0,0 +1,222 @@
|
| +diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
|
| +index 6d78a20..97508d5 100644
|
| +--- a/third_party/tlslite/tlslite/constants.py
|
| ++++ b/third_party/tlslite/tlslite/constants.py
|
| +@@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366
|
| + srp = 12 # RFC 5054
|
| + cert_type = 9 # RFC 6091
|
| + signed_cert_timestamps = 18 # RFC 6962
|
| ++ extended_master_secret = 23 # RFC-ietf-tls-session-hash-06
|
| + tack = 0xF300
|
| + supports_npn = 13172
|
| + channel_id = 30032
|
| +diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslite/mathtls.py
|
| +index 60a331a..ba8cd5f 100644
|
| +--- a/third_party/tlslite/tlslite/mathtls.py
|
| ++++ b/third_party/tlslite/tlslite/mathtls.py
|
| +@@ -10,6 +10,7 @@
|
| + from .utils.compat import *
|
| + from .utils.cryptomath import *
|
| +
|
| ++import hashlib
|
| + import hmac
|
| +
|
| + #1024, 1536, 2048, 3072, 4096, 6144, and 8192 bit groups]
|
| +@@ -67,16 +68,31 @@ def PRF_SSL(secret, seed, length):
|
| + index += 1
|
| + return bytes
|
| +
|
| +-def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):
|
| ++def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom,
|
| ++ handshakeMessages, useExtendedMasterSecret):
|
| ++ label = b"master secret"
|
| ++ seed = clientRandom + serverRandom
|
| ++ if useExtendedMasterSecret:
|
| ++ label = b"extended master secret"
|
| ++
|
| + if version == (3,0):
|
| +- masterSecret = PRF_SSL(premasterSecret,
|
| +- clientRandom + serverRandom, 48)
|
| ++ masterSecret = PRF_SSL(premasterSecret, seed, 48)
|
| + elif version in ((3,1), (3,2)):
|
| +- masterSecret = PRF(premasterSecret, b"master secret",
|
| +- clientRandom + serverRandom, 48)
|
| ++ if useExtendedMasterSecret:
|
| ++ seed_md5 = hashlib.md5()
|
| ++ seed_sha1 = hashlib.sha1()
|
| ++ for msg in handshakeMessages:
|
| ++ seed_md5.update(msg)
|
| ++ seed_sha1.update(msg)
|
| ++ seed = seed_md5.digest() + seed_sha1.digest()
|
| ++ masterSecret = PRF(premasterSecret, label, seed, 48)
|
| + elif version == (3,3):
|
| +- masterSecret = PRF_1_2(premasterSecret, b"master secret",
|
| +- clientRandom + serverRandom, 48)
|
| ++ if useExtendedMasterSecret:
|
| ++ seed_sha256 = hashlib.sha256()
|
| ++ for msg in handshakeMessages:
|
| ++ seed_sha256.update(msg)
|
| ++ seed = seed_sha256.digest()
|
| ++ masterSecret = PRF_1_2(premasterSecret, label, seed, 48)
|
| + else:
|
| + raise AssertionError()
|
| + return masterSecret
|
| +diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
|
| +index 9aeff6d..0bdaf96 100644
|
| +--- a/third_party/tlslite/tlslite/messages.py
|
| ++++ b/third_party/tlslite/tlslite/messages.py
|
| +@@ -92,12 +92,14 @@ class HandshakeMsg(object):
|
| + def __init__(self, handshakeType):
|
| + self.contentType = ContentType.handshake
|
| + self.handshakeType = handshakeType
|
| ++ self.rawMessage = bytearray(0)
|
| +
|
| + def postWrite(self, w):
|
| + headerWriter = Writer()
|
| + headerWriter.add(self.handshakeType, 1)
|
| + headerWriter.add(len(w.bytes), 3)
|
| +- return headerWriter.bytes + w.bytes
|
| ++ self.rawMessage = headerWriter.bytes + w.bytes
|
| ++ return self.rawMessage
|
| +
|
| + class ClientHello(HandshakeMsg):
|
| + def __init__(self, ssl2=False):
|
| +@@ -114,6 +116,7 @@ class ClientHello(HandshakeMsg):
|
| + self.supports_npn = False
|
| + self.server_name = bytearray(0)
|
| + self.channel_id = False
|
| ++ self.extended_master_secret = False
|
| + self.support_signed_cert_timestamps = False
|
| + self.status_request = False
|
| +
|
| +@@ -185,6 +188,8 @@ class ClientHello(HandshakeMsg):
|
| + break
|
| + elif extType == ExtensionType.channel_id:
|
| + self.channel_id = True
|
| ++ elif extType == ExtensionType.extended_master_secret:
|
| ++ self.extended_master_secret = True
|
| + elif extType == ExtensionType.signed_cert_timestamps:
|
| + if extLength:
|
| + raise SyntaxError()
|
| +@@ -267,6 +272,7 @@ class ServerHello(HandshakeMsg):
|
| + self.next_protos_advertised = None
|
| + self.next_protos = None
|
| + self.channel_id = False
|
| ++ self.extended_master_secret = False
|
| + self.signed_cert_timestamps = None
|
| + self.status_request = False
|
| +
|
| +@@ -358,6 +364,9 @@ class ServerHello(HandshakeMsg):
|
| + if self.channel_id:
|
| + w2.add(ExtensionType.channel_id, 2)
|
| + w2.add(0, 2)
|
| ++ if self.extended_master_secret:
|
| ++ w2.add(ExtensionType.extended_master_secret, 2)
|
| ++ w2.add(0, 2)
|
| + if self.signed_cert_timestamps:
|
| + w2.add(ExtensionType.signed_cert_timestamps, 2)
|
| + w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)
|
| +diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
|
| +index dfac274..9e02671 100644
|
| +--- a/third_party/tlslite/tlslite/tlsconnection.py
|
| ++++ b/third_party/tlslite/tlslite/tlsconnection.py
|
| +@@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer):
|
| + masterSecret = calcMasterSecret(self.version,
|
| + premasterSecret,
|
| + clientRandom,
|
| +- serverRandom)
|
| ++ serverRandom,
|
| ++ [], False)
|
| + verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
|
| + elif self.version in ((3,1), (3,2)):
|
| + verifyBytes = self._handshake_md5.digest() + \
|
| +@@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer):
|
| + cipherSuite, cipherImplementations, nextProto):
|
| +
|
| + masterSecret = calcMasterSecret(self.version, premasterSecret,
|
| +- clientRandom, serverRandom)
|
| ++ clientRandom, serverRandom, [], False)
|
| + self._calcPendingStates(cipherSuite, masterSecret,
|
| + clientRandom, serverRandom,
|
| + cipherImplementations)
|
| +@@ -1326,6 +1327,7 @@ class TLSConnection(TLSRecordLayer):
|
| + cipherSuite, CertificateType.x509, tackExt,
|
| + nextProtos)
|
| + serverHello.channel_id = clientHello.channel_id
|
| ++ serverHello.extended_master_secret = clientHello.extended_master_secret
|
| + if clientHello.support_signed_cert_timestamps:
|
| + serverHello.signed_cert_timestamps = signedCertTimestamps
|
| + if clientHello.status_request:
|
| +@@ -1383,7 +1385,8 @@ class TLSConnection(TLSRecordLayer):
|
| + for result in self._serverFinished(premasterSecret,
|
| + clientHello.random, serverHello.random,
|
| + cipherSuite, settings.cipherImplementations,
|
| +- nextProtos, clientHello.channel_id):
|
| ++ nextProtos, clientHello.channel_id,
|
| ++ clientHello.extended_master_secret):
|
| + if result in (0,1): yield result
|
| + else: break
|
| + masterSecret = result
|
| +@@ -1523,6 +1526,8 @@ class TLSConnection(TLSRecordLayer):
|
| + serverHello.create(self.version, getRandomBytes(32),
|
| + session.sessionID, session.cipherSuite,
|
| + CertificateType.x509, None, None)
|
| ++ serverHello.extended_master_secret = \
|
| ++ clientHello.extended_master_secret
|
| + for result in self._sendMsg(serverHello):
|
| + yield result
|
| +
|
| +@@ -1743,7 +1748,8 @@ class TLSConnection(TLSRecordLayer):
|
| + if clientCertChain:
|
| + if self.version == (3,0):
|
| + masterSecret = calcMasterSecret(self.version, premasterSecret,
|
| +- clientHello.random, serverHello.random)
|
| ++ clientHello.random, serverHello.random,
|
| ++ [], False)
|
| + verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
|
| + elif self.version in ((3,1), (3,2)):
|
| + verifyBytes = self._handshake_md5.digest() + \
|
| +@@ -1827,9 +1833,11 @@ class TLSConnection(TLSRecordLayer):
|
| +
|
| + def _serverFinished(self, premasterSecret, clientRandom, serverRandom,
|
| + cipherSuite, cipherImplementations, nextProtos,
|
| +- doingChannelID):
|
| ++ doingChannelID, useExtendedMasterSecret):
|
| + masterSecret = calcMasterSecret(self.version, premasterSecret,
|
| +- clientRandom, serverRandom)
|
| ++ clientRandom, serverRandom,
|
| ++ self.handshakeMessages,
|
| ++ useExtendedMasterSecret)
|
| +
|
| + #Calculate pending connection states
|
| + self._calcPendingStates(cipherSuite, masterSecret,
|
| +diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
|
| +index c3bcd8c..8faea59 100644
|
| +--- a/third_party/tlslite/tlslite/tlsrecordlayer.py
|
| ++++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
|
| +@@ -115,6 +115,9 @@ class TLSRecordLayer(object):
|
| + self.clearReadBuffer()
|
| + self.clearWriteBuffer()
|
| +
|
| ++ #All handshake messages, for use in extended master secret
|
| ++ self.handshakeMessages = []
|
| ++
|
| + #Handshake digests
|
| + self._handshake_md5 = hashlib.md5()
|
| + self._handshake_sha = hashlib.sha1()
|
| +@@ -558,6 +561,7 @@ class TLSRecordLayer(object):
|
| + yield result
|
| +
|
| + b = msg.write()
|
| ++ self.handshakeMessages.append(b)
|
| +
|
| + # If a 1-byte message was passed in, and we "split" the
|
| + # first(only) byte off above, we may have a 0-length msg:
|
| +@@ -814,6 +818,7 @@ class TLSRecordLayer(object):
|
| + self._handshake_md5.update(compat26Str(p.bytes))
|
| + self._handshake_sha.update(compat26Str(p.bytes))
|
| + self._handshake_sha256.update(compat26Str(p.bytes))
|
| ++ self.handshakeMessages.append(p.bytes)
|
| +
|
| + #Parse based on handshake type
|
| + if subType == HandshakeType.client_hello:
|
|
|
Chromium Code Reviews
Issue 1283373002:
Implement extended master secret in tlslite (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master