OLD | NEW |
(Empty) | |
| 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
| 2 index 6d78a20..f9c8676 100644 |
| 3 --- a/third_party/tlslite/tlslite/constants.py |
| 4 +++ b/third_party/tlslite/tlslite/constants.py |
| 5 @@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366 |
| 6 srp = 12 # RFC 5054 |
| 7 cert_type = 9 # RFC 6091 |
| 8 signed_cert_timestamps = 18 # RFC 6962 |
| 9 + extended_master_secret = 23 # draft-ietf-tls-session-hash-06 |
| 10 tack = 0xF300 |
| 11 supports_npn = 13172 |
| 12 channel_id = 30032 |
| 13 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlsl
ite/tlslite/handshakesettings.py |
| 14 index 605ed42..7679823 100644 |
| 15 --- a/third_party/tlslite/tlslite/handshakesettings.py |
| 16 +++ b/third_party/tlslite/tlslite/handshakesettings.py |
| 17 @@ -111,6 +111,10 @@ class HandshakeSettings(object): |
| 18 @type alertAfterHandshake: bool |
| 19 @ivar alertAfterHandshake: If true, the server will send a fatal |
| 20 alert immediately after the handshake completes. |
| 21 + |
| 22 + @type enableExtendedMasterSecret: bool |
| 23 + @ivar enableExtendedMasterSecret: If true, the server supports the extended |
| 24 + master secret TLS extension and will negotiated it with supporting clients. |
| 25 |
| 26 Note that TACK support is not standardized by IETF and uses a temporary |
| 27 TLS Extension number, so should NOT be used in production software. |
| 28 @@ -129,6 +133,7 @@ class HandshakeSettings(object): |
| 29 self.tlsIntoleranceType = 'alert' |
| 30 self.useExperimentalTackExtension = False |
| 31 self.alertAfterHandshake = False |
| 32 + self.enableExtendedMasterSecret = True |
| 33 |
| 34 # Validates the min/max fields, and certificateTypes |
| 35 # Filters out unsupported cipherNames and cipherImplementations |
| 36 diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslit
e/mathtls.py |
| 37 index 60a331a..0a23fe1 100644 |
| 38 --- a/third_party/tlslite/tlslite/mathtls.py |
| 39 +++ b/third_party/tlslite/tlslite/mathtls.py |
| 40 @@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length): |
| 41 index += 1 |
| 42 return bytes |
| 43 |
| 44 -def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom): |
| 45 +def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom, |
| 46 + handshakeHash, useExtendedMasterSecret): |
| 47 + label = b"master secret" |
| 48 + seed = clientRandom + serverRandom |
| 49 + if useExtendedMasterSecret: |
| 50 + label = b"extended master secret" |
| 51 + seed = handshakeHash |
| 52 + |
| 53 if version == (3,0): |
| 54 - masterSecret = PRF_SSL(premasterSecret, |
| 55 - clientRandom + serverRandom, 48) |
| 56 + masterSecret = PRF_SSL(premasterSecret, seed, 48) |
| 57 elif version in ((3,1), (3,2)): |
| 58 - masterSecret = PRF(premasterSecret, b"master secret", |
| 59 - clientRandom + serverRandom, 48) |
| 60 + masterSecret = PRF(premasterSecret, label, seed, 48) |
| 61 elif version == (3,3): |
| 62 - masterSecret = PRF_1_2(premasterSecret, b"master secret", |
| 63 - clientRandom + serverRandom, 48) |
| 64 + masterSecret = PRF_1_2(premasterSecret, label, seed, 48) |
| 65 else: |
| 66 raise AssertionError() |
| 67 return masterSecret |
| 68 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli
te/messages.py |
| 69 index 9aeff6d..9b553ce 100644 |
| 70 --- a/third_party/tlslite/tlslite/messages.py |
| 71 +++ b/third_party/tlslite/tlslite/messages.py |
| 72 @@ -114,6 +114,7 @@ class ClientHello(HandshakeMsg): |
| 73 self.supports_npn = False |
| 74 self.server_name = bytearray(0) |
| 75 self.channel_id = False |
| 76 + self.extended_master_secret = False |
| 77 self.support_signed_cert_timestamps = False |
| 78 self.status_request = False |
| 79 |
| 80 @@ -185,6 +186,8 @@ class ClientHello(HandshakeMsg): |
| 81 break |
| 82 elif extType == ExtensionType.channel_id: |
| 83 self.channel_id = True |
| 84 + elif extType == ExtensionType.extended_master_secret: |
| 85 + self.extended_master_secret = True |
| 86 elif extType == ExtensionType.signed_cert_timestamps: |
| 87 if extLength: |
| 88 raise SyntaxError() |
| 89 @@ -267,6 +270,7 @@ class ServerHello(HandshakeMsg): |
| 90 self.next_protos_advertised = None |
| 91 self.next_protos = None |
| 92 self.channel_id = False |
| 93 + self.extended_master_secret = False |
| 94 self.signed_cert_timestamps = None |
| 95 self.status_request = False |
| 96 |
| 97 @@ -358,6 +362,9 @@ class ServerHello(HandshakeMsg): |
| 98 if self.channel_id: |
| 99 w2.add(ExtensionType.channel_id, 2) |
| 100 w2.add(0, 2) |
| 101 + if self.extended_master_secret: |
| 102 + w2.add(ExtensionType.extended_master_secret, 2) |
| 103 + w2.add(0, 2) |
| 104 if self.signed_cert_timestamps: |
| 105 w2.add(ExtensionType.signed_cert_timestamps, 2) |
| 106 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) |
| 107 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
| 108 index dfac274..04161513 100644 |
| 109 --- a/third_party/tlslite/tlslite/tlsconnection.py |
| 110 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| 111 @@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer): |
| 112 masterSecret = calcMasterSecret(self.version, |
| 113 premasterSecret, |
| 114 clientRandom, |
| 115 - serverRandom) |
| 116 + serverRandom, |
| 117 + b"", False) |
| 118 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
| 119 elif self.version in ((3,1), (3,2)): |
| 120 verifyBytes = self._handshake_md5.digest() + \ |
| 121 @@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer): |
| 122 cipherSuite, cipherImplementations, nextProto): |
| 123 |
| 124 masterSecret = calcMasterSecret(self.version, premasterSecret, |
| 125 - clientRandom, serverRandom) |
| 126 + clientRandom, serverRandom, b"", False) |
| 127 self._calcPendingStates(cipherSuite, masterSecret, |
| 128 clientRandom, serverRandom, |
| 129 cipherImplementations) |
| 130 @@ -1326,6 +1327,9 @@ class TLSConnection(TLSRecordLayer): |
| 131 cipherSuite, CertificateType.x509, tackExt, |
| 132 nextProtos) |
| 133 serverHello.channel_id = clientHello.channel_id |
| 134 + serverHello.extended_master_secret = \ |
| 135 + clientHello.extended_master_secret and \ |
| 136 + settings.enableExtendedMasterSecret |
| 137 if clientHello.support_signed_cert_timestamps: |
| 138 serverHello.signed_cert_timestamps = signedCertTimestamps |
| 139 if clientHello.status_request: |
| 140 @@ -1383,7 +1387,8 @@ class TLSConnection(TLSRecordLayer): |
| 141 for result in self._serverFinished(premasterSecret, |
| 142 clientHello.random, serverHello.random, |
| 143 cipherSuite, settings.cipherImplementations, |
| 144 - nextProtos, clientHello.channel_id): |
| 145 + nextProtos, clientHello.channel_id, |
| 146 + serverHello.extended_master_secret): |
| 147 if result in (0,1): yield result |
| 148 else: break |
| 149 masterSecret = result |
| 150 @@ -1523,6 +1528,9 @@ class TLSConnection(TLSRecordLayer): |
| 151 serverHello.create(self.version, getRandomBytes(32), |
| 152 session.sessionID, session.cipherSuite, |
| 153 CertificateType.x509, None, None) |
| 154 + serverHello.extended_master_secret = \ |
| 155 + clientHello.extended_master_secret and \ |
| 156 + settings.enableExtendedMasterSecret |
| 157 for result in self._sendMsg(serverHello): |
| 158 yield result |
| 159 |
| 160 @@ -1743,7 +1751,8 @@ class TLSConnection(TLSRecordLayer): |
| 161 if clientCertChain: |
| 162 if self.version == (3,0): |
| 163 masterSecret = calcMasterSecret(self.version, premasterSecret, |
| 164 - clientHello.random, serverHello.random
) |
| 165 + clientHello.random, serverHello.random
, |
| 166 + b"", False) |
| 167 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
| 168 elif self.version in ((3,1), (3,2)): |
| 169 verifyBytes = self._handshake_md5.digest() + \ |
| 170 @@ -1827,9 +1836,11 @@ class TLSConnection(TLSRecordLayer): |
| 171 |
| 172 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, |
| 173 cipherSuite, cipherImplementations, nextProtos, |
| 174 - doingChannelID): |
| 175 + doingChannelID, useExtendedMasterSecret): |
| 176 masterSecret = calcMasterSecret(self.version, premasterSecret, |
| 177 - clientRandom, serverRandom) |
| 178 + clientRandom, serverRandom, |
| 179 + self._ems_handshake_hash, |
| 180 + useExtendedMasterSecret) |
| 181 |
| 182 #Calculate pending connection states |
| 183 self._calcPendingStates(cipherSuite, masterSecret, |
| 184 diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite
/tlslite/tlsrecordlayer.py |
| 185 index c3bcd8c..d2320b8 100644 |
| 186 --- a/third_party/tlslite/tlslite/tlsrecordlayer.py |
| 187 +++ b/third_party/tlslite/tlslite/tlsrecordlayer.py |
| 188 @@ -119,6 +119,7 @@ class TLSRecordLayer(object): |
| 189 self._handshake_md5 = hashlib.md5() |
| 190 self._handshake_sha = hashlib.sha1() |
| 191 self._handshake_sha256 = hashlib.sha256() |
| 192 + self._ems_handshake_hash = b"" |
| 193 |
| 194 #TLS Protocol Version |
| 195 self.version = (0,0) #read-only |
| 196 @@ -814,6 +815,8 @@ class TLSRecordLayer(object): |
| 197 self._handshake_md5.update(compat26Str(p.bytes)) |
| 198 self._handshake_sha.update(compat26Str(p.bytes)) |
| 199 self._handshake_sha256.update(compat26Str(p.bytes)) |
| 200 + if subType == HandshakeType.client_key_exchange: |
| 201 + self._ems_handshake_hash = self._getHandshakeHash() |
| 202 |
| 203 #Parse based on handshake type |
| 204 if subType == HandshakeType.client_hello: |
| 205 @@ -1112,6 +1115,7 @@ class TLSRecordLayer(object): |
| 206 self._handshake_md5 = hashlib.md5() |
| 207 self._handshake_sha = hashlib.sha1() |
| 208 self._handshake_sha256 = hashlib.sha256() |
| 209 + self._ems_handshake_hash = b"" |
| 210 self._handshakeBuffer = [] |
| 211 self.allegedSrpUsername = None |
| 212 self._refCount = 1 |
| 213 @@ -1256,3 +1260,9 @@ class TLSRecordLayer(object): |
| 214 |
| 215 return md5Bytes + shaBytes |
| 216 |
| 217 + def _getHandshakeHash(self): |
| 218 + if self.version in ((3,1), (3,2)): |
| 219 + return self._handshake_md5.digest() + \ |
| 220 + self._handshake_sha.digest() |
| 221 + elif self.version == (3,3): |
| 222 + return self._handshake_sha256.digest() |
OLD | NEW |