Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(44)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/tlslite/tlsrecordlayer.py

Issue 1306553002: Implement extended master secret in tlslite (again) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/tlslite/tlslite/tlsconnection.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Authors: 1 # Authors:
2 # Trevor Perrin 2 # Trevor Perrin
3 # Google (adapted by Sam Rushing) - NPN support 3 # Google (adapted by Sam Rushing) - NPN support
4 # Martin von Loewis - python 3 port 4 # Martin von Loewis - python 3 port
5 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 5 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
6 # 6 #
7 # See the LICENSE file for legal information regarding use of this file. 7 # See the LICENSE file for legal information regarding use of this file.
8 8
9 """Helper class for TLSConnection.""" 9 """Helper class for TLSConnection."""
10 from __future__ import generators 10 from __future__ import generators
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after
112 112
113 #Buffers for processing messages 113 #Buffers for processing messages
114 self._handshakeBuffer = [] 114 self._handshakeBuffer = []
115 self.clearReadBuffer() 115 self.clearReadBuffer()
116 self.clearWriteBuffer() 116 self.clearWriteBuffer()
117 117
118 #Handshake digests 118 #Handshake digests
119 self._handshake_md5 = hashlib.md5() 119 self._handshake_md5 = hashlib.md5()
120 self._handshake_sha = hashlib.sha1() 120 self._handshake_sha = hashlib.sha1()
121 self._handshake_sha256 = hashlib.sha256() 121 self._handshake_sha256 = hashlib.sha256()
122 self._ems_handshake_hash = b""
122 123
123 #TLS Protocol Version 124 #TLS Protocol Version
124 self.version = (0,0) #read-only 125 self.version = (0,0) #read-only
125 self._versionCheck = False #Once we choose a version, this is True 126 self._versionCheck = False #Once we choose a version, this is True
126 127
127 #Current and Pending connection states 128 #Current and Pending connection states
128 self._writeState = _ConnectionState() 129 self._writeState = _ConnectionState()
129 self._readState = _ConnectionState() 130 self._readState = _ConnectionState()
130 self._pendingWriteState = _ConnectionState() 131 self._pendingWriteState = _ConnectionState()
131 self._pendingReadState = _ConnectionState() 132 self._pendingReadState = _ConnectionState()
(...skipping 675 matching lines...) Expand 10 before | Expand all | Expand 10 after
807 if subType not in secondaryType: 808 if subType not in secondaryType:
808 for result in self._sendError(\ 809 for result in self._sendError(\
809 AlertDescription.unexpected_message, 810 AlertDescription.unexpected_message,
810 "Expecting %s, got %s" % (str(secondaryType), su bType)): 811 "Expecting %s, got %s" % (str(secondaryType), su bType)):
811 yield result 812 yield result
812 813
813 #Update handshake hashes 814 #Update handshake hashes
814 self._handshake_md5.update(compat26Str(p.bytes)) 815 self._handshake_md5.update(compat26Str(p.bytes))
815 self._handshake_sha.update(compat26Str(p.bytes)) 816 self._handshake_sha.update(compat26Str(p.bytes))
816 self._handshake_sha256.update(compat26Str(p.bytes)) 817 self._handshake_sha256.update(compat26Str(p.bytes))
818 if subType == HandshakeType.client_key_exchange:
819 self._ems_handshake_hash = self._getHandshakeHash()
davidben 2015/08/20 15:31:46 Oh. That was the problem. Right. The dumb thing wh
817 820
818 #Parse based on handshake type 821 #Parse based on handshake type
819 if subType == HandshakeType.client_hello: 822 if subType == HandshakeType.client_hello:
820 yield ClientHello(recordHeader.ssl2).parse(p) 823 yield ClientHello(recordHeader.ssl2).parse(p)
821 elif subType == HandshakeType.server_hello: 824 elif subType == HandshakeType.server_hello:
822 yield ServerHello().parse(p) 825 yield ServerHello().parse(p)
823 elif subType == HandshakeType.certificate: 826 elif subType == HandshakeType.certificate:
824 yield Certificate(constructorType).parse(p) 827 yield Certificate(constructorType).parse(p)
825 elif subType == HandshakeType.certificate_request: 828 elif subType == HandshakeType.certificate_request:
826 yield CertificateRequest(self.version).parse(p) 829 yield CertificateRequest(self.version).parse(p)
(...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after
1105 1108
1106 yield b 1109 yield b
1107 1110
1108 def _handshakeStart(self, client): 1111 def _handshakeStart(self, client):
1109 if not self.closed: 1112 if not self.closed:
1110 raise ValueError("Renegotiation disallowed for security reasons") 1113 raise ValueError("Renegotiation disallowed for security reasons")
1111 self._client = client 1114 self._client = client
1112 self._handshake_md5 = hashlib.md5() 1115 self._handshake_md5 = hashlib.md5()
1113 self._handshake_sha = hashlib.sha1() 1116 self._handshake_sha = hashlib.sha1()
1114 self._handshake_sha256 = hashlib.sha256() 1117 self._handshake_sha256 = hashlib.sha256()
1118 self._ems_handshake_hash = b""
1115 self._handshakeBuffer = [] 1119 self._handshakeBuffer = []
1116 self.allegedSrpUsername = None 1120 self.allegedSrpUsername = None
1117 self._refCount = 1 1121 self._refCount = 1
1118 1122
1119 def _handshakeDone(self, resumed): 1123 def _handshakeDone(self, resumed):
1120 self.resumed = resumed 1124 self.resumed = resumed
1121 self.closed = False 1125 self.closed = False
1122 1126
1123 def _calcPendingStates(self, cipherSuite, masterSecret, 1127 def _calcPendingStates(self, cipherSuite, masterSecret,
1124 clientRandom, serverRandom, implementations): 1128 clientRandom, serverRandom, implementations):
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
1249 imac_md5.update(compatHMAC(label + masterSecret + bytearray([0x36]*48))) 1253 imac_md5.update(compatHMAC(label + masterSecret + bytearray([0x36]*48)))
1250 imac_sha.update(compatHMAC(label + masterSecret + bytearray([0x36]*40))) 1254 imac_sha.update(compatHMAC(label + masterSecret + bytearray([0x36]*40)))
1251 1255
1252 md5Bytes = MD5(masterSecret + bytearray([0x5c]*48) + \ 1256 md5Bytes = MD5(masterSecret + bytearray([0x5c]*48) + \
1253 bytearray(imac_md5.digest())) 1257 bytearray(imac_md5.digest()))
1254 shaBytes = SHA1(masterSecret + bytearray([0x5c]*40) + \ 1258 shaBytes = SHA1(masterSecret + bytearray([0x5c]*40) + \
1255 bytearray(imac_sha.digest())) 1259 bytearray(imac_sha.digest()))
1256 1260
1257 return md5Bytes + shaBytes 1261 return md5Bytes + shaBytes
1258 1262
1263 def _getHandshakeHash(self):
1264 if self.version in ((3,1), (3,2)):
1265 return self._handshake_md5.digest() + \
1266 self._handshake_sha.digest()
1267 elif self.version == (3,3):
1268 return self._handshake_sha256.digest()
OLDNEW
« no previous file with comments | « third_party/tlslite/tlslite/tlsconnection.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698