Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(122)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/tlslite/patches/exported_keying_material.patch

Issue 1378613004: Set Token-Binding HTTP header (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@tb-tls-ext-new
Patch Set: Add UMA logging of Token Binding support and NetLog event for Token Binding key lookup Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/ssl/token_binding_openssl.cc ('K') | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/patches/token_binding_resumption.patch » ('j') | third_party/tlslite/tlslite/session.py » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/tlslite/patches/exported_keying_material.patch
diff --git a/third_party/tlslite/patches/exported_keying_material.patch b/third_party/tlslite/patches/exported_keying_material.patch
new file mode 100644
index 0000000000000000000000000000000000000000..dce27dcbb352cdee4b91be64f3dfcb13bfde8a88
--- /dev/null
+++ b/third_party/tlslite/patches/exported_keying_material.patch
@@ -0,0 +1,88 @@
+diff --git a/third_party/tlslite/tlslite/session.py b/third_party/tlslite/tlslite/session.py
+index 6aadf58..82f0910 100644
+--- a/third_party/tlslite/tlslite/session.py
++++ b/third_party/tlslite/tlslite/session.py
+@@ -51,20 +51,24 @@ class Session(object):
+ self.srpUsername = ""
+ self.clientCertChain = None
+ self.serverCertChain = None
++ self.clientRandom = b""
++ self.serverRandom = b""
+ self.tackExt = None
+ self.tackInHelloExt = False
+ self.serverName = ""
+ self.resumable = False
+
+ def create(self, masterSecret, sessionID, cipherSuite,
+- srpUsername, clientCertChain, serverCertChain,
+- tackExt, tackInHelloExt, serverName, resumable=True):
++ srpUsername, clientCertChain, serverCertChain, clientRandom,
++ serverRandom, tackExt, tackInHelloExt, serverName, resumable=True):
+ self.masterSecret = masterSecret
+ self.sessionID = sessionID
+ self.cipherSuite = cipherSuite
+ self.srpUsername = srpUsername
+ self.clientCertChain = clientCertChain
+ self.serverCertChain = serverCertChain
++ self.clientRandom = clientRandom
++ self.serverRandom = serverRandom
+ self.tackExt = tackExt
+ self.tackInHelloExt = tackInHelloExt
+ self.serverName = serverName
+@@ -78,6 +82,8 @@ class Session(object):
+ other.srpUsername = self.srpUsername
+ other.clientCertChain = self.clientCertChain
+ other.serverCertChain = self.serverCertChain
++ other.clientRandom = self.clientRandom
++ other.serverRandom = self.serverRandom
+ other.tackExt = self.tackExt
+ other.tackInHelloExt = self.tackInHelloExt
+ other.serverName = self.serverName
+@@ -124,3 +130,21 @@ class Session(object):
+ @return: The name of the HMAC hash algo used with this connection.
+ """
+ return CipherSuite.canonicalMacName(self.cipherSuite)
++
++ def exportKeyingMaterial(self, version, label, context, use_context, length):
++ """Returns the exported keying material as defined in RFC 5705."""
++
++ seed = self.clientRandom + self.serverRandom
++ if use_context:
++ if len(context) > 65535:
++ raise ValueError("Context is too long")
++ seed += bytearray(2)
++ seed[len(seed) - 2] = len(context) >> 8
++ seed[len(seed) - 1] = len(context) & 0xFF
++ seed += context
++ if version in ((3,1), (3,2)):
++ return PRF(self.masterSecret, label, seed, length)
++ elif version == (3,3):
++ return PRF_1_2(self.masterSecret, label, seed, length)
++ else:
++ raise AssertionError()
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
+index 7363a30..6a53282 100644
+--- a/third_party/tlslite/tlslite/tlsconnection.py
++++ b/third_party/tlslite/tlslite/tlsconnection.py
+@@ -609,8 +609,8 @@ class TLSConnection(TLSRecordLayer):
+ # Create the session object which is used for resumptions
+ self.session = Session()
+ self.session.create(masterSecret, serverHello.session_id, cipherSuite,
+- srpUsername, clientCertChain, serverCertChain,
+- tackExt, serverHello.tackExt!=None, serverName)
++ srpUsername, clientCertChain, serverCertChain, clientHello.random,
++ serverHello.random, tackExt, serverHello.tackExt!=None, serverName)
+ self._handshakeDone(resumed=False)
+
+
+@@ -1411,8 +1411,8 @@ class TLSConnection(TLSRecordLayer):
+ if clientHello.server_name:
+ serverName = clientHello.server_name.decode("utf-8")
+ self.session.create(masterSecret, serverHello.session_id, cipherSuite,
+- srpUsername, clientCertChain, serverCertChain,
+- tackExt, serverHello.tackExt!=None, serverName)
++ srpUsername, clientCertChain, serverCertChain, clientHello.random,
++ serverHello.random, tackExt, serverHello.tackExt!=None, serverName)
+
+ #Add the session object to the session cache
+ if sessionCache and sessionID:
« net/ssl/token_binding_openssl.cc ('K') | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/patches/token_binding_resumption.patch » ('j') | third_party/tlslite/tlslite/session.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698