Implement extended master secret in tlslite (again)

third_party/tlslite/tlslite/tlsrecordlayer.py

Index: third_party/tlslite/tlslite/tlsrecordlayer.py
diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
index c3bcd8c40ca64a12e426bc1f23ff3eff3d0305b4..d2320b8cd13f34864061202b0507b83e14dd363d 100644
--- a/third_party/tlslite/tlslite/tlsrecordlayer.py
+++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
@@ -119,6 +119,7 @@ class TLSRecordLayer(object):
         self._handshake_md5 = hashlib.md5()
         self._handshake_sha = hashlib.sha1()
         self._handshake_sha256 = hashlib.sha256()
+        self._ems_handshake_hash = b""
 
         #TLS Protocol Version
         self.version = (0,0) #read-only
@@ -814,6 +815,8 @@ class TLSRecordLayer(object):
                 self._handshake_md5.update(compat26Str(p.bytes))
                 self._handshake_sha.update(compat26Str(p.bytes))
                 self._handshake_sha256.update(compat26Str(p.bytes))
+                if subType == HandshakeType.client_key_exchange:
+                    self._ems_handshake_hash = self._getHandshakeHash()

[davidben, 2015/08/20 15:31:46]

Oh. That was the problem. Right. The dumb thing where the spec is unclear about
when to sample.

I think this would be better if the key exchange code gave you the master
secret, rather than the premaster, and then you don't need to save it. But the
way this code is organized, that would be kind of a mess with all the useless
key exchanges supported, so this is probably the easiest. I'm not going to ask
you to refactor this monster. :-)

Upstream would (rightly) complain, but I've mostly given up on trying to
upstream our patches. The code is too much of a mess and I don't really have the
time to rewrite it. :-)

 
                 #Parse based on handshake type
                 if subType == HandshakeType.client_hello:
@@ -1112,6 +1115,7 @@ class TLSRecordLayer(object):
         self._handshake_md5 = hashlib.md5()
         self._handshake_sha = hashlib.sha1()
         self._handshake_sha256 = hashlib.sha256()
+        self._ems_handshake_hash = b""
         self._handshakeBuffer = []
         self.allegedSrpUsername = None
         self._refCount = 1
@@ -1256,3 +1260,9 @@ class TLSRecordLayer(object):
 
         return md5Bytes + shaBytes
 
+    def _getHandshakeHash(self):
+        if self.version in ((3,1), (3,2)):
+            return self._handshake_md5.digest() + \
+                self._handshake_sha.digest()
+        elif self.version == (3,3):
+            return self._handshake_sha256.digest()