Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(72)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/tlslite/messages.py

Issue 1336143002: Implement Token Binding Negotiation in tlslite (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: check version number Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/tlslite/tlslite/handshakesettings.py ('k') | third_party/tlslite/tlslite/tlsconnection.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Authors: 1 # Authors:
2 # Trevor Perrin 2 # Trevor Perrin
3 # Google - handling CertificateRequest.certificate_types 3 # Google - handling CertificateRequest.certificate_types
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support
5 # Dimitris Moraitis - Anon ciphersuites 5 # Dimitris Moraitis - Anon ciphersuites
6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 6 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
7 # 7 #
8 # See the LICENSE file for legal information regarding use of this file. 8 # See the LICENSE file for legal information regarding use of this file.
9 9
10 """Classes representing TLS messages.""" 10 """Classes representing TLS messages."""
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 self.session_id = bytearray(0) 108 self.session_id = bytearray(0)
109 self.cipher_suites = [] # a list of 16-bit values 109 self.cipher_suites = [] # a list of 16-bit values
110 self.certificate_types = [CertificateType.x509] 110 self.certificate_types = [CertificateType.x509]
111 self.compression_methods = [] # a list of 8-bit values 111 self.compression_methods = [] # a list of 8-bit values
112 self.srp_username = None # a string 112 self.srp_username = None # a string
113 self.tack = False 113 self.tack = False
114 self.supports_npn = False 114 self.supports_npn = False
115 self.server_name = bytearray(0) 115 self.server_name = bytearray(0)
116 self.channel_id = False 116 self.channel_id = False
117 self.extended_master_secret = False 117 self.extended_master_secret = False
118 self.tb_client_params = []
118 self.support_signed_cert_timestamps = False 119 self.support_signed_cert_timestamps = False
119 self.status_request = False 120 self.status_request = False
120 121
121 def create(self, version, random, session_id, cipher_suites, 122 def create(self, version, random, session_id, cipher_suites,
122 certificate_types=None, srpUsername=None, 123 certificate_types=None, srpUsername=None,
123 tack=False, supports_npn=False, serverName=None): 124 tack=False, supports_npn=False, serverName=None):
124 self.client_version = version 125 self.client_version = version
125 self.random = random 126 self.random = random
126 self.session_id = session_id 127 self.session_id = session_id
127 self.cipher_suites = cipher_suites 128 self.cipher_suites = cipher_suites
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
181 break # no host_name, oh well 182 break # no host_name, oh well
182 name_type = p2.get(1) 183 name_type = p2.get(1)
183 hostNameBytes = p2.getVarBytes(2) 184 hostNameBytes = p2.getVarBytes(2)
184 if name_type == NameType.host_name: 185 if name_type == NameType.host_name:
185 self.server_name = hostNameBytes 186 self.server_name = hostNameBytes
186 break 187 break
187 elif extType == ExtensionType.channel_id: 188 elif extType == ExtensionType.channel_id:
188 self.channel_id = True 189 self.channel_id = True
189 elif extType == ExtensionType.extended_master_secret: 190 elif extType == ExtensionType.extended_master_secret:
190 self.extended_master_secret = True 191 self.extended_master_secret = True
192 elif extType == ExtensionType.token_binding:
193 tokenBindingBytes = p.getFixBytes(extLength)
194 p2 = Parser(tokenBindingBytes)
195 ver_minor = p2.get(1)
196 ver_major = p2.get(1)
197 if (ver_major, ver_minor) >= (0, 2):
198 p2.startLengthCheck(1)
199 while not p2.atLengthCheck():
200 self.tb_client_params.append(p2.get(1))
191 elif extType == ExtensionType.signed_cert_timestamps: 201 elif extType == ExtensionType.signed_cert_timestamps:
192 if extLength: 202 if extLength:
193 raise SyntaxError() 203 raise SyntaxError()
194 self.support_signed_cert_timestamps = True 204 self.support_signed_cert_timestamps = True
195 elif extType == ExtensionType.status_request: 205 elif extType == ExtensionType.status_request:
196 # Extension contents are currently ignored. 206 # Extension contents are currently ignored.
197 # According to RFC 6066, this is not strictly forbidden 207 # According to RFC 6066, this is not strictly forbidden
198 # (although it is suboptimal): 208 # (although it is suboptimal):
199 # Servers that receive a client hello containing the 209 # Servers that receive a client hello containing the
200 # "status_request" extension MAY return a suitable 210 # "status_request" extension MAY return a suitable
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
264 self.random = bytearray(32) 274 self.random = bytearray(32)
265 self.session_id = bytearray(0) 275 self.session_id = bytearray(0)
266 self.cipher_suite = 0 276 self.cipher_suite = 0
267 self.certificate_type = CertificateType.x509 277 self.certificate_type = CertificateType.x509
268 self.compression_method = 0 278 self.compression_method = 0
269 self.tackExt = None 279 self.tackExt = None
270 self.next_protos_advertised = None 280 self.next_protos_advertised = None
271 self.next_protos = None 281 self.next_protos = None
272 self.channel_id = False 282 self.channel_id = False
273 self.extended_master_secret = False 283 self.extended_master_secret = False
284 self.tb_params = None
274 self.signed_cert_timestamps = None 285 self.signed_cert_timestamps = None
275 self.status_request = False 286 self.status_request = False
276 287
277 def create(self, version, random, session_id, cipher_suite, 288 def create(self, version, random, session_id, cipher_suite,
278 certificate_type, tackExt, next_protos_advertised): 289 certificate_type, tackExt, next_protos_advertised):
279 self.server_version = version 290 self.server_version = version
280 self.random = random 291 self.random = random
281 self.session_id = session_id 292 self.session_id = session_id
282 self.cipher_suite = cipher_suite 293 self.cipher_suite = cipher_suite
283 self.certificate_type = certificate_type 294 self.certificate_type = certificate_type
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
358 encoded_next_protos_advertised = self.__next_protos_encoded() 369 encoded_next_protos_advertised = self.__next_protos_encoded()
359 w2.add(ExtensionType.supports_npn, 2) 370 w2.add(ExtensionType.supports_npn, 2)
360 w2.add(len(encoded_next_protos_advertised), 2) 371 w2.add(len(encoded_next_protos_advertised), 2)
361 w2.addFixSeq(encoded_next_protos_advertised, 1) 372 w2.addFixSeq(encoded_next_protos_advertised, 1)
362 if self.channel_id: 373 if self.channel_id:
363 w2.add(ExtensionType.channel_id, 2) 374 w2.add(ExtensionType.channel_id, 2)
364 w2.add(0, 2) 375 w2.add(0, 2)
365 if self.extended_master_secret: 376 if self.extended_master_secret:
366 w2.add(ExtensionType.extended_master_secret, 2) 377 w2.add(ExtensionType.extended_master_secret, 2)
367 w2.add(0, 2) 378 w2.add(0, 2)
379 if self.tb_params:
380 w2.add(ExtensionType.token_binding, 2)
381 # length of extension
382 w2.add(4, 2)
383 # version
384 w2.add(0, 1)
385 w2.add(2, 1)
386 # length of params (defined as variable length <1..2^8-1>, but in
387 # this context the server can only send a single value.
388 w2.add(1, 1)
389 w2.add(self.tb_params, 1)
368 if self.signed_cert_timestamps: 390 if self.signed_cert_timestamps:
369 w2.add(ExtensionType.signed_cert_timestamps, 2) 391 w2.add(ExtensionType.signed_cert_timestamps, 2)
370 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) 392 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)
371 if self.status_request: 393 if self.status_request:
372 w2.add(ExtensionType.status_request, 2) 394 w2.add(ExtensionType.status_request, 2)
373 w2.add(0, 2) 395 w2.add(0, 2)
374 if len(w2.bytes): 396 if len(w2.bytes):
375 w.add(len(w2.bytes), 2) 397 w.add(len(w2.bytes), 2)
376 w.bytes += w2.bytes 398 w.bytes += w2.bytes
377 return self.postWrite(w) 399 return self.postWrite(w)
(...skipping 425 matching lines...) Expand 10 before | Expand all | Expand 10 after
803 newMsg = ApplicationData().create(self.bytes[:1]) 825 newMsg = ApplicationData().create(self.bytes[:1])
804 self.bytes = self.bytes[1:] 826 self.bytes = self.bytes[1:]
805 return newMsg 827 return newMsg
806 828
807 def parse(self, p): 829 def parse(self, p):
808 self.bytes = p.bytes 830 self.bytes = p.bytes
809 return self 831 return self
810 832
811 def write(self): 833 def write(self):
812 return self.bytes 834 return self.bytes
OLDNEW
« no previous file with comments | « third_party/tlslite/tlslite/handshakesettings.py ('k') | third_party/tlslite/tlslite/tlsconnection.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698