third_party/tlslite/patches/signed_certificate_timestamps.patch - Issue 210323002: Update tlslite to 0.4.6.

Side by Side Diff: third_party/tlslite/patches/signed_certificate_timestamps.patch

Issue 210323002: Update tlslite to 0.4.6. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Executable bit and --similarity=80 Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/ tlslite/TLSConnection.py	1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py

2 index e882e2c..d2270a9 100644	2 index 79ad145..b3bad2d 100755

3 --- a/third_party/tlslite/tlslite/TLSConnection.py	3 --- a/third_party/tlslite/tlslite/constants.py

4 +++ b/third_party/tlslite/tlslite/TLSConnection.py	4 +++ b/third_party/tlslite/tlslite/constants.py

5 @@ -936,7 +936,8 @@ class TLSConnection(TLSRecordLayer):	5 @@ -44,6 +44,7 @@ class ExtensionType: # RFC 6066 / 4366

6 def handshakeServer(self, sharedKeyDB=None, verifierDB=None,	6 server_name = 0 # RFC 6066 / 4366

7 certChain=None, privateKey=None, reqCert=False,	7 srp = 12 # RFC 5054

8 sessionCache=None, settings=None, checker=None,	8 cert_type = 9 # RFC 6091

9 - reqCAs=None, tlsIntolerant=0):	9 + signed_cert_timestamps = 18 # RFC 6962

10 + reqCAs=None, tlsIntolerant=0,	10 tack = 0xF300

11 + signedCertTimestamps=None):	11 supports_npn = 13172

	12 channel_id = 30031

	13 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli te/messages.py

	14 index 246082e..5a2cd6c 100755

	15 --- a/third_party/tlslite/tlslite/messages.py

	16 +++ b/third_party/tlslite/tlslite/messages.py

	17 @@ -113,6 +113,7 @@ class ClientHello(HandshakeMsg):

	18 self.supports_npn = False

	19 self.server_name = bytearray(0)

	20 self.channel_id = False

	21 + self.support_signed_cert_timestamps = False

	22

	23 def create(self, version, random, session_id, cipher_suites,

	24 certificate_types=None, srpUsername=None,

	25 @@ -182,6 +183,10 @@ class ClientHello(HandshakeMsg):

	26 break

	27 elif extType == ExtensionType.channel_id:

	28 self.channel_id = True

	29 + elif extType == ExtensionType.signed_cert_timestamps:

	30 + if extLength:

	31 + raise SyntaxError()

	32 + self.support_signed_cert_timestamps = True

	33 else:

	34 _ = p.getFixBytes(extLength)

	35 index2 = p.index

	36 @@ -247,6 +252,7 @@ class ServerHello(HandshakeMsg):

	37 self.next_protos_advertised = None

	38 self.next_protos = None

	39 self.channel_id = False

	40 + self.signed_cert_timestamps = None

	41

	42 def create(self, version, random, session_id, cipher_suite,

	43 certificate_type, tackExt, next_protos_advertised):

	44 @@ -336,6 +342,9 @@ class ServerHello(HandshakeMsg):

	45 if self.channel_id:

	46 w2.add(ExtensionType.channel_id, 2)

	47 w2.add(0, 2)

	48 + if self.signed_cert_timestamps:

	49 + w2.add(ExtensionType.signed_cert_timestamps, 2)

	50 + w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)

	51 if len(w2.bytes):

	52 w.add(len(w2.bytes), 2)

	53 w.bytes += w2.bytes

	54 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py

	55 index e7c5140..45b0bbb 100755

	56 --- a/third_party/tlslite/tlslite/tlsconnection.py

	57 +++ b/third_party/tlslite/tlslite/tlsconnection.py

	58 @@ -966,7 +966,7 @@ class TLSConnection(TLSRecordLayer):

	59 reqCAs = None,

	60 tacks=None, activationFlags=0,

	61 nextProtos=None, anon=False,

	62 - tlsIntolerant=None):

	63 + tlsIntolerant=None, signedCertTimestamps=None):

12 """Perform a handshake in the role of server.	64 """Perform a handshake in the role of server.

13	65

14 This function performs an SSL or TLS handshake. Depending on	66 This function performs an SSL or TLS handshake. Depending on

15 @@ -1007,6 +1008,11 @@ class TLSConnection(TLSRecordLayer):	67 @@ -1040,6 +1040,11 @@ class TLSConnection(TLSRecordLayer):

16 will be sent along with a certificate request. This does not affect	68 simulate TLS version intolerance by returning a fatal handshake_failure

17 verification.	69 alert to all TLS versions tlsIntolerant or higher.

18	70

19 + @type signedCertTimestamps: str	71 + @type signedCertTimestamps: str

20 + @param signedCertTimestamps: A SignedCertificateTimestampList (as a	72 + @param signedCertTimestamps: A SignedCertificateTimestampList (as a

21 + binary 8-bit string) that will be sent as a TLS extension whenever	73 + binary 8-bit string) that will be sent as a TLS extension whenever

22 + the client announces support for the extension.	74 + the client announces support for the extension.

23 +	75 +

24 @raise socket.error: If a socket error occurs.	76 @raise socket.error: If a socket error occurs.

25 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed	77 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed

26 without a preceding alert.	78 without a preceding alert.

27 @@ -1016,14 +1022,15 @@ class TLSConnection(TLSRecordLayer):	79 @@ -1051,7 +1056,8 @@ class TLSConnection(TLSRecordLayer):

28 """

29 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,

30 certChain, privateKey, reqCert, sessionCache, settings,	80 certChain, privateKey, reqCert, sessionCache, settings,

31 - checker, reqCAs, tlsIntolerant):	81 checker, reqCAs,

32 + checker, reqCAs, tlsIntolerant, signedCertTimestamps):	82 tacks=tacks, activationFlags=activationFlags,

	83 - nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant):

	84 + nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant,

	85 + signedCertTimestamps=signedCertTimestamps):

33 pass	86 pass

34	87

35	88

36 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None,	89 @@ -1061,7 +1067,8 @@ class TLSConnection(TLSRecordLayer):

37 certChain=None, privateKey=None, reqCert=False,	90 reqCAs=None,

38 sessionCache=None, settings=None, checker=None,	91 tacks=None, activationFlags=0,

39 - reqCAs=None, tlsIntolerant=0):	92 nextProtos=None, anon=False,

40 + reqCAs=None, tlsIntolerant=0,	93 - tlsIntolerant=None

41 + signedCertTimestamps=None):	94 + tlsIntolerant=None,

	95 + signedCertTimestamps=None

	96 ):

42 """Start a server handshake operation on the TLS connection.	97 """Start a server handshake operation on the TLS connection.

43	98

44 This function returns a generator which behaves similarly to	99 @@ -1081,7 +1088,8 @@ class TLSConnection(TLSRecordLayer):

45 @@ -1041,14 +1048,16 @@ class TLSConnection(TLSRecordLayer):	100 reqCAs=reqCAs,

46 privateKey=privateKey, reqCert=reqCert,	101 tacks=tacks, activationFlags=activationFlags,

47 sessionCache=sessionCache, settings=settings,	102 nextProtos=nextProtos, anon=anon,

48 reqCAs=reqCAs,

49 - tlsIntolerant=tlsIntolerant)	103 - tlsIntolerant=tlsIntolerant)

50 + tlsIntolerant=tlsIntolerant,	104 + tlsIntolerant=tlsIntolerant,

51 + signedCertTimestamps=signedCertTimestamps)	105 + signedCertTimestamps=signedCertTimestamps)

52 for result in self._handshakeWrapperAsync(handshaker, checker):	106 for result in self._handshakeWrapperAsync(handshaker, checker):

53 yield result	107 yield result

54	108

55	109 @@ -1091,7 +1099,7 @@ class TLSConnection(TLSRecordLayer):

56 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB,	110 settings, reqCAs,

57 - certChain, privateKey, reqCert, sessionCache,	111 tacks, activationFlags,

58 - settings, reqCAs, tlsIntolerant):	112 nextProtos, anon,

59 + certChain, privateKey, reqCert,	113 - tlsIntolerant):

60 + sessionCache, settings, reqCAs,	114 + tlsIntolerant, signedCertTimestamps):

61 + tlsIntolerant, signedCertTimestamps):

62	115

63 self._handshakeStart(client=False)	116 self._handshakeStart(client=False)

64	117

65 @@ -1060,6 +1069,9 @@ class TLSConnection(TLSRecordLayer):	118 @@ -1112,6 +1120,9 @@ class TLSConnection(TLSRecordLayer):

66 raise ValueError("Caller passed a privateKey but no certChain")	119 raise ValueError("tackpy is not loaded")

67 if reqCAs and not reqCert:	120 if not settings or not settings.useExperimentalTackExtension:

68 raise ValueError("Caller passed reqCAs but not reqCert")	121 raise ValueError("useExperimentalTackExtension not enabled")

69 + if signedCertTimestamps and not certChain:	122 + if signedCertTimestamps and not certChain:

70 + raise ValueError("Caller passed signedCertTimestamps but no "	123 + raise ValueError("Caller passed signedCertTimestamps but no "

71 + "certChain")	124 + "certChain")

72	125

73 if not settings:	126 if not settings:

74 settings = HandshakeSettings()	127 settings = HandshakeSettings()

75 @@ -1415,6 +1427,8 @@ class TLSConnection(TLSRecordLayer):	128 @@ -1156,6 +1167,8 @@ class TLSConnection(TLSRecordLayer):

76 self.version, serverRandom,	129 cipherSuite, CertificateType.x509, tackExt,

77 sessionID, cipherSuite, certificateType)	130 nextProtos)

78 serverHello.channel_id = clientHello.channel_id	131 serverHello.channel_id = clientHello.channel_id

79 + if clientHello.support_signed_cert_timestamps:	132 + if clientHello.support_signed_cert_timestamps:

80 + serverHello.signed_cert_timestamps = signedCertTimestamps	133 + serverHello.signed_cert_timestamps = signedCertTimestamps

81 doingChannelID = clientHello.channel_id

82 msgs.append(serverHello)

83 msgs.append(Certificate(certificateType).create(serverCertChain))

84 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py

85 index e357dd0..b5a345a 100644

86 --- a/third_party/tlslite/tlslite/constants.py

87 +++ b/third_party/tlslite/tlslite/constants.py

88 @@ -32,6 +32,7 @@ class ContentType:

89 all = (20,21,22,23)

90	134

91 class ExtensionType:	135 # Perform the SRP key exchange

92 + signed_cert_timestamps = 18 # signed_certificate_timestamp in RFC 6962	136 clientCertChain = None

93 channel_id = 30031

94

95 class AlertLevel:

96 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli te/messages.py

97 index fa4d817..296f422 100644

98 --- a/third_party/tlslite/tlslite/messages.py

99 +++ b/third_party/tlslite/tlslite/messages.py

100 @@ -131,6 +131,7 @@ class ClientHello(HandshakeMsg):

101 self.compression_methods = [] # a list of 8-bit values

102 self.srp_username = None # a string

103 self.channel_id = False

104 + self.support_signed_cert_timestamps = False

105

106 def create(self, version, random, session_id, cipher_suites,

107 certificate_types=None, srp_username=None):

108 @@ -177,6 +178,10 @@ class ClientHello(HandshakeMsg):

109 self.certificate_types = p.getVarList(1, 1)

110 elif extType == ExtensionType.channel_id:

111 self.channel_id = True

112 + elif extType == ExtensionType.signed_cert_timestamps:

113 + if extLength:

114 + raise SyntaxError()

115 + self.support_signed_cert_timestamps = True

116 else:

117 p.getFixBytes(extLength)

118 soFar += 4 + extLength

119 @@ -224,6 +229,7 @@ class ServerHello(HandshakeMsg):

120 self.certificate_type = CertificateType.x509

121 self.compression_method = 0

122 self.channel_id = False

123 + self.signed_cert_timestamps = None

124

125 def create(self, version, random, session_id, cipher_suite,

126 certificate_type):

127 @@ -273,6 +279,9 @@ class ServerHello(HandshakeMsg):

128 if self.channel_id:

129 extLength += 4

130

131 + if self.signed_cert_timestamps:

132 + extLength += 4 + len(self.signed_cert_timestamps)

133 +

134 if extLength != 0:

135 w.add(extLength, 2)

136

137 @@ -286,6 +295,10 @@ class ServerHello(HandshakeMsg):

138 w.add(ExtensionType.channel_id, 2)

139 w.add(0, 2)

140

141 + if self.signed_cert_timestamps:

142 + w.add(ExtensionType.signed_cert_timestamps, 2)

143 + w.addVarSeq(stringToBytes(self.signed_cert_timestamps), 1, 2)

144 +

145 return HandshakeMsg.postWrite(self, w, trial)

146

147 class Certificate(HandshakeMsg):

OLD	NEW

« no previous file with comments | « third_party/tlslite/patches/send_certificate_types.patch ('k') | third_party/tlslite/patches/srp_cert.patch » ('j') | no next file with comments »