Add support for fetching Certificate Transparency SCTs over a TLS extension

third_party/tlslite/tlslite/messages.py

 """Classes representing TLS messages."""
 
 from utils.compat import *
 from utils.cryptomath import *
 from errors import *
 from utils.codec import *
 from constants import *
 from X509 import X509
 from X509CertChain import X509CertChain
 
@@ skipping 113 matching lines @@
         self.contentType = ContentType.handshake
         self.ssl2 = ssl2
         self.client_version = (0,0)
         self.random = createByteArrayZeros(32)
         self.session_id = createByteArraySequence([])
         self.cipher_suites = []         # a list of 16-bit values
         self.certificate_types = [CertificateType.x509]
         self.compression_methods = []   # a list of 8-bit values
         self.srp_username = None        # a string
         self.channel_id = False
+        self.signed_cert_timestamps = False
 
     def create(self, version, random, session_id, cipher_suites,
                certificate_types=None, srp_username=None):
         self.client_version = version
         self.random = random
         self.session_id = session_id
         self.cipher_suites = cipher_suites
         self.certificate_types = certificate_types
         self.compression_methods = [0]
         self.srp_username = srp_username
@@ skipping 22 matching lines @@
             self.cipher_suites = p.getVarList(2, 2)
             self.compression_methods = p.getVarList(1, 1)
             if not p.atLengthCheck():
                 totalExtLength = p.get(2)
                 soFar = 0
                 while soFar != totalExtLength:
                     extType = p.get(2)
                     extLength = p.get(2)
                     if extType == 6:
                         self.srp_username = bytesToString(p.getVarBytes(1))
                     elif extType == 7:

[wtc, 2013/11/26 17:32:55]

Unrelated problem: this is strange. Extension number 6 is user_mapping and 7 is
client_authz. I don't know why tlslite maps them to srp_username and
certificate_types.

[ekasper, 2013/11/26 19:33:54]

Hmm. It's probably experimental code that was simply grabbing the next
"available" slot.

This patch doesn't seem the right place to go fixing it but I've added a note.

                         self.certificate_types = p.getVarList(1, 1)
                     elif extType == ExtensionType.channel_id:
                         self.channel_id = True
+                    elif extType == ExtensionType.signed_cert_timestamps:
+                        self.signed_cert_timestamps = True

[wtc, 2013/11/26 17:32:55]

Should we verify that extension_data is empty? The RFC does not require the
server to check this.

[ekasper, 2013/11/26 19:33:54]

Good point. In a correct implementation, all extensions should at least verify
they consume extLength bytes. I've added an explicit check for our case just to
set an example.

(None of this is particularly robust: if you look at the codec you'll find that
e.g. getFixBytes silently returns a truncated slice if there are not enough
bytes left...)

                     else:
                         p.getFixBytes(extLength)
                     soFar += 4 + extLength
             p.stopLengthCheck()
         return self
 
     def write(self, trial=False):
         w = HandshakeMsg.preWrite(self, HandshakeType.client_hello, trial)
         w.add(self.client_version[0], 1)
         w.add(self.client_version[1], 1)
@@ skipping 27 matching lines @@
 class ServerHello(HandshakeMsg):
     def __init__(self):
         self.contentType = ContentType.handshake
         self.server_version = (0,0)
         self.random = createByteArrayZeros(32)
         self.session_id = createByteArraySequence([])
         self.cipher_suite = 0
         self.certificate_type = CertificateType.x509
         self.compression_method = 0
         self.channel_id = False
+        self.signed_cert_timestamps = None

[wtc, 2013/11/26 17:32:55]

Nit: it is a little confusing that signed_cert_timestamps is a boolean in
ClientHello but is a string in ServerHello. No need to change this.

[ekasper, 2013/11/26 19:33:54]

I've changed it anyway, to support_signed_cert_timestamps in the ClientHello.

 
     def create(self, version, random, session_id, cipher_suite,
                certificate_type):
         self.server_version = version
         self.random = random
         self.session_id = session_id
         self.cipher_suite = cipher_suite
         self.certificate_type = certificate_type
         self.compression_method = 0
         return self
@@ skipping 29 matching lines @@
         w.add(self.compression_method, 1)
 
         extLength = 0
         if self.certificate_type and self.certificate_type != \
                 CertificateType.x509:
             extLength += 5
 
         if self.channel_id:
             extLength += 4
 
+        if self.signed_cert_timestamps:
+            extLength += 4 + len(self.signed_cert_timestamps)
+
         if extLength != 0:
             w.add(extLength, 2)
 
         if self.certificate_type and self.certificate_type != \
                 CertificateType.x509:
             w.add(7, 2)
             w.add(1, 2)
             w.add(self.certificate_type, 1)
 
         if self.channel_id:
             w.add(ExtensionType.channel_id, 2)
             w.add(0, 2)
 
+        if self.signed_cert_timestamps:
+            w.add(ExtensionType.signed_cert_timestamps, 2)
+            w.addVarSeq(stringToBytes(self.signed_cert_timestamps), 1, 2)

[wtc, 2013/11/26 17:32:55]

I am not familiar with the stringToBytes function, but I noticed that it is used
here, but not used on line 281 when we calculate the length of extension_data.
Is this OK?

[ekasper, 2013/11/26 19:33:54]

Yeah, this is python strings for you: stringToBytes simply converts a python
8-bit string to an array of bytes. The length doesn't change.

+
         return HandshakeMsg.postWrite(self, w, trial)
 
 class Certificate(HandshakeMsg):
     def __init__(self, certificateType):
         self.certificateType = certificateType
         self.contentType = ContentType.handshake
         self.certChain = None
 
     def create(self, certChain):
         self.certChain = certChain
@@ skipping 309 matching lines @@
     def create(self, bytes):
         self.bytes = bytes
         return self
 
     def parse(self, p):
         self.bytes = p.bytes
         return self
 
     def write(self):
         return self.bytes