| OLD | NEW |
|---|
| 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py | 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
| 2 index f9c8676..84bb703 100644 | 2 index f9c8676..84bb703 100644 |
| 3 --- a/third_party/tlslite/tlslite/constants.py | 3 --- a/third_party/tlslite/tlslite/constants.py |
| 4 +++ b/third_party/tlslite/tlslite/constants.py | 4 +++ b/third_party/tlslite/tlslite/constants.py |
| 5 @@ -59,6 +59,7 @@ class ExtensionType: # RFC 6066 / 4366 | 5 @@ -59,6 +59,7 @@ class ExtensionType: # RFC 6066 / 4366 |
| 6 tack = 0xF300 | 6 tack = 0xF300 |
| 7 supports_npn = 13172 | 7 supports_npn = 13172 |
| 8 channel_id = 30032 | 8 channel_id = 30032 |
| 9 + token_binding = 30033 | 9 + token_binding = 30033 |
| 10 | 10 |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 58 | 58 |
| 59 @@ -188,6 +189,15 @@ class ClientHello(HandshakeMsg): | 59 @@ -188,6 +189,15 @@ class ClientHello(HandshakeMsg): |
| 60 self.channel_id = True | 60 self.channel_id = True |
| 61 elif extType == ExtensionType.extended_master_secret: | 61 elif extType == ExtensionType.extended_master_secret: |
| 62 self.extended_master_secret = True | 62 self.extended_master_secret = True |
| 63 + elif extType == ExtensionType.token_binding: | 63 + elif extType == ExtensionType.token_binding: |
| 64 + tokenBindingBytes = p.getFixBytes(extLength) | 64 + tokenBindingBytes = p.getFixBytes(extLength) |
| 65 + p2 = Parser(tokenBindingBytes) | 65 + p2 = Parser(tokenBindingBytes) |
| 66 + ver_minor = p2.get(1) | 66 + ver_minor = p2.get(1) |
| 67 + ver_major = p2.get(1) | 67 + ver_major = p2.get(1) |
| 68 + if (ver_major, ver_minor) >= (0, 3): | 68 + if (ver_major, ver_minor) >= (0, 6): |
| 69 + p2.startLengthCheck(1) | 69 + p2.startLengthCheck(1) |
| 70 + while not p2.atLengthCheck(): | 70 + while not p2.atLengthCheck(): |
| 71 + self.tb_client_params.append(p2.get(1)) | 71 + self.tb_client_params.append(p2.get(1)) |
| 72 elif extType == ExtensionType.signed_cert_timestamps: | 72 elif extType == ExtensionType.signed_cert_timestamps: |
| 73 if extLength: | 73 if extLength: |
| 74 raise SyntaxError() | 74 raise SyntaxError() |
| 75 @@ -271,6 +281,7 @@ class ServerHello(HandshakeMsg): | 75 @@ -271,6 +281,7 @@ class ServerHello(HandshakeMsg): |
| 76 self.next_protos = None | 76 self.next_protos = None |
| 77 self.channel_id = False | 77 self.channel_id = False |
| 78 self.extended_master_secret = False | 78 self.extended_master_secret = False |
| 79 + self.tb_params = None | 79 + self.tb_params = None |
| 80 self.signed_cert_timestamps = None | 80 self.signed_cert_timestamps = None |
| 81 self.status_request = False | 81 self.status_request = False |
| 82 | 82 |
| 83 @@ -365,6 +376,17 @@ class ServerHello(HandshakeMsg): | 83 @@ -365,6 +376,17 @@ class ServerHello(HandshakeMsg): |
| 84 if self.extended_master_secret: | 84 if self.extended_master_secret: |
| 85 w2.add(ExtensionType.extended_master_secret, 2) | 85 w2.add(ExtensionType.extended_master_secret, 2) |
| 86 w2.add(0, 2) | 86 w2.add(0, 2) |
| 87 + if self.tb_params: | 87 + if self.tb_params: |
| 88 + w2.add(ExtensionType.token_binding, 2) | 88 + w2.add(ExtensionType.token_binding, 2) |
| 89 + # length of extension | 89 + # length of extension |
| 90 + w2.add(4, 2) | 90 + w2.add(4, 2) |
| 91 + # version | 91 + # version |
| 92 + w2.add(0, 1) | 92 + w2.add(0, 1) |
| 93 + w2.add(4, 1) | 93 + w2.add(6, 1) |
| 94 + # length of params (defined as variable length <1..2^8-1>, but in | 94 + # length of params (defined as variable length <1..2^8-1>, but in |
| 95 + # this context the server can only send a single value. | 95 + # this context the server can only send a single value. |
| 96 + w2.add(1, 1) | 96 + w2.add(1, 1) |
| 97 + w2.add(self.tb_params, 1) | 97 + w2.add(self.tb_params, 1) |
| 98 if self.signed_cert_timestamps: | 98 if self.signed_cert_timestamps: |
| 99 w2.add(ExtensionType.signed_cert_timestamps, 2) | 99 w2.add(ExtensionType.signed_cert_timestamps, 2) |
| 100 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) | 100 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) |
| 101 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py | 101 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
| 102 index 04161513..06404fe 100644 | 102 index 04161513..06404fe 100644 |
| 103 --- a/third_party/tlslite/tlslite/tlsconnection.py | 103 --- a/third_party/tlslite/tlslite/tlsconnection.py |
| 104 +++ b/third_party/tlslite/tlslite/tlsconnection.py | 104 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| 105 @@ -1330,6 +1330,10 @@ class TLSConnection(TLSRecordLayer): | 105 @@ -1330,6 +1330,10 @@ class TLSConnection(TLSRecordLayer): |
| 106 serverHello.extended_master_secret = \ | 106 serverHello.extended_master_secret = \ |
| 107 clientHello.extended_master_secret and \ | 107 clientHello.extended_master_secret and \ |
| 108 settings.enableExtendedMasterSecret | 108 settings.enableExtendedMasterSecret |
| 109 + for param in clientHello.tb_client_params: | 109 + for param in clientHello.tb_client_params: |
| 110 + if param in settings.supportedTokenBindingParams: | 110 + if param in settings.supportedTokenBindingParams: |
| 111 + serverHello.tb_params = param | 111 + serverHello.tb_params = param |
| 112 + break | 112 + break |
| 113 if clientHello.support_signed_cert_timestamps: | 113 if clientHello.support_signed_cert_timestamps: |
| 114 serverHello.signed_cert_timestamps = signedCertTimestamps | 114 serverHello.signed_cert_timestamps = signedCertTimestamps |
| 115 if clientHello.status_request: | 115 if clientHello.status_request: |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2013303002:
Update Token Binding code to draft 06 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master