Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(386)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/patches/exported_keying_material.patch

Issue 1378613004: Set Token-Binding HTTP header (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@tb-tls-ext-new
Patch Set: Add UMA logging of Token Binding support and NetLog event for Token Binding key lookup Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/ssl/token_binding_openssl.cc ('K') | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/patches/token_binding_resumption.patch » ('j') | third_party/tlslite/tlslite/session.py » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff --git a/third_party/tlslite/tlslite/session.py b/third_party/tlslite/tlslit e/session.py
2 index 6aadf58..82f0910 100644
3 --- a/third_party/tlslite/tlslite/session.py
4 +++ b/third_party/tlslite/tlslite/session.py
5 @@ -51,20 +51,24 @@ class Session(object):
6 self.srpUsername = ""
7 self.clientCertChain = None
8 self.serverCertChain = None
9 + self.clientRandom = b""
10 + self.serverRandom = b""
11 self.tackExt = None
12 self.tackInHelloExt = False
13 self.serverName = ""
14 self.resumable = False
15
16 def create(self, masterSecret, sessionID, cipherSuite,
17 - srpUsername, clientCertChain, serverCertChain,
18 - tackExt, tackInHelloExt, serverName, resumable=True):
19 + srpUsername, clientCertChain, serverCertChain, clientRandom,
20 + serverRandom, tackExt, tackInHelloExt, serverName, resumable=True):
21 self.masterSecret = masterSecret
22 self.sessionID = sessionID
23 self.cipherSuite = cipherSuite
24 self.srpUsername = srpUsername
25 self.clientCertChain = clientCertChain
26 self.serverCertChain = serverCertChain
27 + self.clientRandom = clientRandom
28 + self.serverRandom = serverRandom
29 self.tackExt = tackExt
30 self.tackInHelloExt = tackInHelloExt
31 self.serverName = serverName
32 @@ -78,6 +82,8 @@ class Session(object):
33 other.srpUsername = self.srpUsername
34 other.clientCertChain = self.clientCertChain
35 other.serverCertChain = self.serverCertChain
36 + other.clientRandom = self.clientRandom
37 + other.serverRandom = self.serverRandom
38 other.tackExt = self.tackExt
39 other.tackInHelloExt = self.tackInHelloExt
40 other.serverName = self.serverName
41 @@ -124,3 +130,21 @@ class Session(object):
42 @return: The name of the HMAC hash algo used with this connection.
43 """
44 return CipherSuite.canonicalMacName(self.cipherSuite)
45 +
46 + def exportKeyingMaterial(self, version, label, context, use_context, length ):
47 + """Returns the exported keying material as defined in RFC 5705."""
48 +
49 + seed = self.clientRandom + self.serverRandom
50 + if use_context:
51 + if len(context) > 65535:
52 + raise ValueError("Context is too long")
53 + seed += bytearray(2)
54 + seed[len(seed) - 2] = len(context) >> 8
55 + seed[len(seed) - 1] = len(context) & 0xFF
56 + seed += context
57 + if version in ((3,1), (3,2)):
58 + return PRF(self.masterSecret, label, seed, length)
59 + elif version == (3,3):
60 + return PRF_1_2(self.masterSecret, label, seed, length)
61 + else:
62 + raise AssertionError()
63 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py
64 index 7363a30..6a53282 100644
65 --- a/third_party/tlslite/tlslite/tlsconnection.py
66 +++ b/third_party/tlslite/tlslite/tlsconnection.py
67 @@ -609,8 +609,8 @@ class TLSConnection(TLSRecordLayer):
68 # Create the session object which is used for resumptions
69 self.session = Session()
70 self.session.create(masterSecret, serverHello.session_id, cipherSuite,
71 - srpUsername, clientCertChain, serverCertChain,
72 - tackExt, serverHello.tackExt!=None, serverName)
73 + srpUsername, clientCertChain, serverCertChain, clientHello.random,
74 + serverHello.random, tackExt, serverHello.tackExt!=None, serverName)
75 self._handshakeDone(resumed=False)
76
77
78 @@ -1411,8 +1411,8 @@ class TLSConnection(TLSRecordLayer):
79 if clientHello.server_name:
80 serverName = clientHello.server_name.decode("utf-8")
81 self.session.create(masterSecret, serverHello.session_id, cipherSuite,
82 - srpUsername, clientCertChain, serverCertChain,
83 - tackExt, serverHello.tackExt!=None, serverName)
84 + srpUsername, clientCertChain, serverCertChain, clientHello.random,
85 + serverHello.random, tackExt, serverHello.tackExt!=None, serverName)
86
87 #Add the session object to the session cache
88 if sessionCache and sessionID:
OLDNEW
« net/ssl/token_binding_openssl.cc ('K') | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/patches/token_binding_resumption.patch » ('j') | third_party/tlslite/tlslite/session.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698