Implement extended master secret in tlslite

third_party/tlslite/tlslite/tlsconnection.py

Index: third_party/tlslite/tlslite/tlsconnection.py
diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
index dfac274b6e939f631db5099046c9b8f89838b60a..11094fc71595da9e4b77f74a6f8ba0161faea5db 100644
--- a/third_party/tlslite/tlslite/tlsconnection.py
+++ b/third_party/tlslite/tlslite/tlsconnection.py
@@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer):
                 masterSecret = calcMasterSecret(self.version,
                                          premasterSecret,
                                          clientRandom,
-                                         serverRandom)
+                                         serverRandom,
+                                         b"", False)
                 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
             elif self.version in ((3,1), (3,2)):
                 verifyBytes = self._handshake_md5.digest() + \
@@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer):
                         cipherSuite, cipherImplementations, nextProto):
 
         masterSecret = calcMasterSecret(self.version, premasterSecret,
-                            clientRandom, serverRandom)
+                            clientRandom, serverRandom, b"", False)
         self._calcPendingStates(cipherSuite, masterSecret, 
                                 clientRandom, serverRandom, 
                                 cipherImplementations)
@@ -1326,6 +1327,7 @@ class TLSConnection(TLSRecordLayer):
                             cipherSuite, CertificateType.x509, tackExt,
                             nextProtos)
         serverHello.channel_id = clientHello.channel_id
+        serverHello.extended_master_secret = clientHello.extended_master_secret
         if clientHello.support_signed_cert_timestamps:
             serverHello.signed_cert_timestamps = signedCertTimestamps
         if clientHello.status_request:
@@ -1383,7 +1385,8 @@ class TLSConnection(TLSRecordLayer):
         for result in self._serverFinished(premasterSecret, 
                                 clientHello.random, serverHello.random,
                                 cipherSuite, settings.cipherImplementations,
-                                nextProtos, clientHello.channel_id):
+                                nextProtos, clientHello.channel_id,
+                                clientHello.extended_master_secret):
                 if result in (0,1): yield result
                 else: break
         masterSecret = result
@@ -1523,6 +1526,8 @@ class TLSConnection(TLSRecordLayer):
                 serverHello.create(self.version, getRandomBytes(32),
                                    session.sessionID, session.cipherSuite,
                                    CertificateType.x509, None, None)
+                serverHello.extended_master_secret = \
+                    clientHello.extended_master_secret

[davidben, 2015/08/17 17:10:22]

To confirm, this will make every connection we make negotiate EMS. Is this fine?
I don't know what kind of tests you wish to write. Do you want to be able to
test against EMS-less servers?

(If so, putting it in HandshakeSettings is probably the simplest. Otherwise you
need to add a parameter everywhere. A lot of our stuff should have been added
there.)

[nharper, 2015/08/18 00:03:31]

I added a setting to HandshakeSettings, since I'll probably want to test that
the client site token binding code behaves correctly when a server is bad and
supports token binding without extended master secret.

                 for result in self._sendMsg(serverHello):
                     yield result
 
@@ -1743,7 +1748,8 @@ class TLSConnection(TLSRecordLayer):
         if clientCertChain:
             if self.version == (3,0):
                 masterSecret = calcMasterSecret(self.version, premasterSecret,
-                                         clientHello.random, serverHello.random)
+                                         clientHello.random, serverHello.random,
+                                         b"", False)
                 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
             elif self.version in ((3,1), (3,2)):
                 verifyBytes = self._handshake_md5.digest() + \
@@ -1827,9 +1833,11 @@ class TLSConnection(TLSRecordLayer):
 
     def _serverFinished(self,  premasterSecret, clientRandom, serverRandom,
                         cipherSuite, cipherImplementations, nextProtos,
-                        doingChannelID):
+                        doingChannelID, useExtendedMasterSecret):
         masterSecret = calcMasterSecret(self.version, premasterSecret,
-                                      clientRandom, serverRandom)
+                                      clientRandom, serverRandom,
+                                      self._getHandshakeHash(),
+                                      useExtendedMasterSecret)
         
         #Calculate pending connection states
         self._calcPendingStates(cipherSuite, masterSecret,