third_party/tlslite/tlslite/mathtls.py - Issue 1283373002: Implement extended master secret in tlslite

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/tlslite/tlslite/mathtls.py

Issue 1283373002: Implement extended master secret in tlslite (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« third_party/tlslite/tlslite/constants.py ('K') | « third_party/tlslite/tlslite/constants.py ('k') | third_party/tlslite/tlslite/messages.py » ('j') | third_party/tlslite/tlslite/tlsrecordlayer.py » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/tlslite/tlslite/mathtls.py

diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslite/mathtls.py

index 60a331ab90f66ebe26bb2171b6dad697884bdc15..ba8cd5fba7b6bc875a39f0491c8a06bb5b166026 100644

--- a/third_party/tlslite/tlslite/mathtls.py

+++ b/third_party/tlslite/tlslite/mathtls.py

@@ -10,6 +10,7 @@

from .utils.compat import *

from .utils.cryptomath import *

+import hashlib

import hmac

#1024, 1536, 2048, 3072, 4096, 6144, and 8192 bit groups]

@@ -67,16 +68,31 @@ def PRF_SSL(secret, seed, length):

index += 1

return bytes

-def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):

+def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom,

+ handshakeMessages, useExtendedMasterSecret):

+ label = b"master secret"

+ seed = clientRandom + serverRandom

+ if useExtendedMasterSecret:

+ label = b"extended master secret"

if version == (3,0):

- masterSecret = PRF_SSL(premasterSecret,

- clientRandom + serverRandom, 48)

+ masterSecret = PRF_SSL(premasterSecret, seed, 48)

elif version in ((3,1), (3,2)):

- masterSecret = PRF(premasterSecret, b"master secret",

- clientRandom + serverRandom, 48)

+ if useExtendedMasterSecret:

+ seed_md5 = hashlib.md5()

+ seed_sha1 = hashlib.sha1()

+ for msg in handshakeMessages:

+ seed_md5.update(msg)

+ seed_sha1.update(msg)

+ seed = seed_md5.digest() + seed_sha1.digest()

+ masterSecret = PRF(premasterSecret, label, seed, 48)

elif version == (3,3):

- masterSecret = PRF_1_2(premasterSecret, b"master secret",

- clientRandom + serverRandom, 48)

+ if useExtendedMasterSecret:

+ seed_sha256 = hashlib.sha256()

+ for msg in handshakeMessages:

+ seed_sha256.update(msg)

+ seed = seed_sha256.digest()

+ masterSecret = PRF_1_2(premasterSecret, label, seed, 48)

else:

raise AssertionError()

return masterSecret