Implement extended master secret in tlslite

third_party/tlslite/patches/extended_master_secret.patch

Index: third_party/tlslite/patches/extended_master_secret.patch
diff --git a/third_party/tlslite/patches/extended_master_secret.patch b/third_party/tlslite/patches/extended_master_secret.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2e84774c466e366138330f9a6f47065655585a3c
--- /dev/null
+++ b/third_party/tlslite/patches/extended_master_secret.patch
@@ -0,0 +1,187 @@
+diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py

[davidben, 2015/08/17 17:10:21]

[I'm assuming this patch is accurate.]

[nharper, 2015/08/18 00:03:31]

I've been updating it with git diff after each patchset.

+index 6d78a20..f9c8676 100644
+--- a/third_party/tlslite/tlslite/constants.py
++++ b/third_party/tlslite/tlslite/constants.py
+@@ -55,6 +55,7 @@ class ExtensionType:    # RFC 6066 / 4366
+     srp = 12            # RFC 5054  
+     cert_type = 9       # RFC 6091
+     signed_cert_timestamps = 18  # RFC 6962
++    extended_master_secret = 23  # draft-ietf-tls-session-hash-06
+     tack = 0xF300
+     supports_npn = 13172
+     channel_id = 30032
+diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslite/mathtls.py
+index 60a331a..0a23fe1 100644
+--- a/third_party/tlslite/tlslite/mathtls.py
++++ b/third_party/tlslite/tlslite/mathtls.py
+@@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length):
+             index += 1
+     return bytes
+ 
+-def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):
++def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom,
++                     handshakeHash, useExtendedMasterSecret):
++    label = b"master secret"
++    seed = clientRandom + serverRandom
++    if useExtendedMasterSecret:
++        label = b"extended master secret"
++        seed = handshakeHash
++
+     if version == (3,0):
+-        masterSecret = PRF_SSL(premasterSecret,
+-                            clientRandom + serverRandom, 48)
++        masterSecret = PRF_SSL(premasterSecret, seed, 48)
+     elif version in ((3,1), (3,2)):
+-        masterSecret = PRF(premasterSecret, b"master secret",
+-                            clientRandom + serverRandom, 48)
++        masterSecret = PRF(premasterSecret, label, seed, 48)
+     elif version == (3,3):
+-        masterSecret = PRF_1_2(premasterSecret, b"master secret",
+-                            clientRandom + serverRandom, 48)
++        masterSecret = PRF_1_2(premasterSecret, label, seed, 48)
+     else:
+         raise AssertionError()
+     return masterSecret
+diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
+index 9aeff6d..0bdaf96 100644
+--- a/third_party/tlslite/tlslite/messages.py
++++ b/third_party/tlslite/tlslite/messages.py
+@@ -92,12 +92,14 @@ class HandshakeMsg(object):
+     def __init__(self, handshakeType):
+         self.contentType = ContentType.handshake
+         self.handshakeType = handshakeType
++        self.rawMessage = bytearray(0)
+     
+     def postWrite(self, w):
+         headerWriter = Writer()
+         headerWriter.add(self.handshakeType, 1)
+         headerWriter.add(len(w.bytes), 3)
+-        return headerWriter.bytes + w.bytes
++        self.rawMessage = headerWriter.bytes + w.bytes
++        return self.rawMessage
+ 
+ class ClientHello(HandshakeMsg):
+     def __init__(self, ssl2=False):
+@@ -114,6 +116,7 @@ class ClientHello(HandshakeMsg):
+         self.supports_npn = False
+         self.server_name = bytearray(0)
+         self.channel_id = False
++        self.extended_master_secret = False
+         self.support_signed_cert_timestamps = False
+         self.status_request = False
+ 
+@@ -185,6 +188,8 @@ class ClientHello(HandshakeMsg):
+                                 break
+                     elif extType == ExtensionType.channel_id:
+                         self.channel_id = True
++                    elif extType == ExtensionType.extended_master_secret:
++                        self.extended_master_secret = True
+                     elif extType == ExtensionType.signed_cert_timestamps:
+                         if extLength:
+                             raise SyntaxError()
+@@ -267,6 +272,7 @@ class ServerHello(HandshakeMsg):
+         self.next_protos_advertised = None
+         self.next_protos = None
+         self.channel_id = False
++        self.extended_master_secret = False
+         self.signed_cert_timestamps = None
+         self.status_request = False
+ 
+@@ -358,6 +364,9 @@ class ServerHello(HandshakeMsg):
+         if self.channel_id:
+             w2.add(ExtensionType.channel_id, 2)
+             w2.add(0, 2)
++        if self.extended_master_secret:
++            w2.add(ExtensionType.extended_master_secret, 2)
++            w2.add(0, 2)
+         if self.signed_cert_timestamps:
+             w2.add(ExtensionType.signed_cert_timestamps, 2)
+             w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
+index dfac274..11094fc 100644
+--- a/third_party/tlslite/tlslite/tlsconnection.py
++++ b/third_party/tlslite/tlslite/tlsconnection.py
+@@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer):
+                 masterSecret = calcMasterSecret(self.version,
+                                          premasterSecret,
+                                          clientRandom,
+-                                         serverRandom)
++                                         serverRandom,
++                                         b"", False)
+                 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
+             elif self.version in ((3,1), (3,2)):
+                 verifyBytes = self._handshake_md5.digest() + \
+@@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer):
+                         cipherSuite, cipherImplementations, nextProto):
+ 
+         masterSecret = calcMasterSecret(self.version, premasterSecret,
+-                            clientRandom, serverRandom)
++                            clientRandom, serverRandom, b"", False)
+         self._calcPendingStates(cipherSuite, masterSecret, 
+                                 clientRandom, serverRandom, 
+                                 cipherImplementations)
+@@ -1326,6 +1327,7 @@ class TLSConnection(TLSRecordLayer):
+                             cipherSuite, CertificateType.x509, tackExt,
+                             nextProtos)
+         serverHello.channel_id = clientHello.channel_id
++        serverHello.extended_master_secret = clientHello.extended_master_secret
+         if clientHello.support_signed_cert_timestamps:
+             serverHello.signed_cert_timestamps = signedCertTimestamps
+         if clientHello.status_request:
+@@ -1383,7 +1385,8 @@ class TLSConnection(TLSRecordLayer):
+         for result in self._serverFinished(premasterSecret, 
+                                 clientHello.random, serverHello.random,
+                                 cipherSuite, settings.cipherImplementations,
+-                                nextProtos, clientHello.channel_id):
++                                nextProtos, clientHello.channel_id,
++                                clientHello.extended_master_secret):
+                 if result in (0,1): yield result
+                 else: break
+         masterSecret = result
+@@ -1523,6 +1526,8 @@ class TLSConnection(TLSRecordLayer):
+                 serverHello.create(self.version, getRandomBytes(32),
+                                    session.sessionID, session.cipherSuite,
+                                    CertificateType.x509, None, None)
++                serverHello.extended_master_secret = \
++                    clientHello.extended_master_secret
+                 for result in self._sendMsg(serverHello):
+                     yield result
+ 
+@@ -1743,7 +1748,8 @@ class TLSConnection(TLSRecordLayer):
+         if clientCertChain:
+             if self.version == (3,0):
+                 masterSecret = calcMasterSecret(self.version, premasterSecret,
+-                                         clientHello.random, serverHello.random)
++                                         clientHello.random, serverHello.random,
++                                         b"", False)
+                 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
+             elif self.version in ((3,1), (3,2)):
+                 verifyBytes = self._handshake_md5.digest() + \
+@@ -1827,9 +1833,11 @@ class TLSConnection(TLSRecordLayer):
+ 
+     def _serverFinished(self,  premasterSecret, clientRandom, serverRandom,
+                         cipherSuite, cipherImplementations, nextProtos,
+-                        doingChannelID):
++                        doingChannelID, useExtendedMasterSecret):
+         masterSecret = calcMasterSecret(self.version, premasterSecret,
+-                                      clientRandom, serverRandom)
++                                      clientRandom, serverRandom,
++                                      self._getHandshakeHash(),
++                                      useExtendedMasterSecret)
+         
+         #Calculate pending connection states
+         self._calcPendingStates(cipherSuite, masterSecret, 
+diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
+index c3bcd8c..b7d68a7a 100644
+--- a/third_party/tlslite/tlslite/tlsrecordlayer.py
++++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
+@@ -1256,3 +1256,9 @@ class TLSRecordLayer(object):
+ 
+         return md5Bytes + shaBytes
+ 
++    def _getHandshakeHash(self):
++        if self.version in ((3,1), (3,2)):
++            return self._handshake_md5.digest() + \
++                self._handshake_sha.digest()
++        elif self.version == (3,3):
++            return self._handshake_sha256.digest()