Add TLS-SRP (RFC 5054) support

third_party/tlslite/tlslite/constants.py

Index: third_party/tlslite/tlslite/constants.py
diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
index 04302c09e0010bc3007203460f0be7e68a3b7c82..7ed76344ed4bdc0182b3790e64ebd385eca4fa1a 100644
--- a/third_party/tlslite/tlslite/constants.py
+++ b/third_party/tlslite/tlslite/constants.py
@@ -30,6 +30,9 @@ class ContentType:
     application_data = 23
     all = (20,21,22,23)
 
+class ClientHelloExtension:
+    srp = 12
+
 class AlertLevel:
     warning = 1
     fatal = 2
@@ -88,18 +91,19 @@ class AlertDescription:
     internal_error = 80
     user_canceled = 90
     no_renegotiation = 100
-    unknown_srp_username = 120
-    missing_srp_username = 121
-    untrusted_srp_parameters = 122
+    unknown_psk_identity = 115
+    untrusted_srp_parameters = 122 # TODO(sqs): probably outdated wrt RFC 5054
 
 class CipherSuite:
-    TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA  = 0x0050
-    TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0053
-    TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0056
+    TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA  = 0xC01A
+    TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D
+    TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020
+
+    TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B
+    TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E
+    TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021
 
-    TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0051
-    TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0054
-    TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0057
+    # TODO(sqs): No SRP DSS cipher suites
 
     TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A
     TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F
@@ -202,8 +206,9 @@ class Fault:
     genericFaults = range(300,303)
 
     faultAlerts = {\
-        badUsername: (AlertDescription.unknown_srp_username, \
-                      AlertDescription.bad_record_mac),\
+        badUsername: (AlertDescription.unknown_psk_identity, \
+                      AlertDescription.bad_record_mac, \
+                      AlertDescription.user_canceled),\
         badPassword: (AlertDescription.bad_record_mac,),\
         badA: (AlertDescription.illegal_parameter,),\
         badIdentifier: (AlertDescription.handshake_failure,),\