Add support for fetching Certificate Transparency SCTs over a TLS extension

third_party/tlslite/tlslite/messages.py

Index: third_party/tlslite/tlslite/messages.py
diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
index fa4d8174c1aeb81f0ddd00af614e568dde22b450..3eb2e52f8024911171ea1bbc8bed2d6f43995e7f 100644
--- a/third_party/tlslite/tlslite/messages.py
+++ b/third_party/tlslite/tlslite/messages.py
@@ -131,6 +131,7 @@ class ClientHello(HandshakeMsg):
         self.compression_methods = []   # a list of 8-bit values
         self.srp_username = None        # a string
         self.channel_id = False
+        self.signed_cert_timestamps = False
 
     def create(self, version, random, session_id, cipher_suites,
                certificate_types=None, srp_username=None):
@@ -177,6 +178,8 @@ class ClientHello(HandshakeMsg):
                         self.certificate_types = p.getVarList(1, 1)
                     elif extType == ExtensionType.channel_id:
                         self.channel_id = True
+                    elif extType == ExtensionType.signed_cert_timestamps:
+                        self.signed_cert_timestamps = True

[wtc, 2013/11/26 17:32:55]

Should we verify that extension_data is empty? The RFC does not require the
server to check this.

[ekasper, 2013/11/26 19:33:54]

Good point. In a correct implementation, all extensions should at least verify
they consume extLength bytes. I've added an explicit check for our case just to
set an example.

(None of this is particularly robust: if you look at the codec you'll find that
e.g. getFixBytes silently returns a truncated slice if there are not enough
bytes left...)

                     else:
                         p.getFixBytes(extLength)
                     soFar += 4 + extLength
@@ -224,6 +227,7 @@ class ServerHello(HandshakeMsg):
         self.certificate_type = CertificateType.x509
         self.compression_method = 0
         self.channel_id = False
+        self.signed_cert_timestamps = None

[wtc, 2013/11/26 17:32:55]

Nit: it is a little confusing that signed_cert_timestamps is a boolean in
ClientHello but is a string in ServerHello. No need to change this.

[ekasper, 2013/11/26 19:33:54]

I've changed it anyway, to support_signed_cert_timestamps in the ClientHello.

 
     def create(self, version, random, session_id, cipher_suite,
                certificate_type):
@@ -273,6 +277,9 @@ class ServerHello(HandshakeMsg):
         if self.channel_id:
             extLength += 4
 
+        if self.signed_cert_timestamps:
+            extLength += 4 + len(self.signed_cert_timestamps)
+
         if extLength != 0:
             w.add(extLength, 2)
 
@@ -286,6 +293,10 @@ class ServerHello(HandshakeMsg):
             w.add(ExtensionType.channel_id, 2)
             w.add(0, 2)
 
+        if self.signed_cert_timestamps:
+            w.add(ExtensionType.signed_cert_timestamps, 2)
+            w.addVarSeq(stringToBytes(self.signed_cert_timestamps), 1, 2)

[wtc, 2013/11/26 17:32:55]

I am not familiar with the stringToBytes function, but I noticed that it is used
here, but not used on line 281 when we calculate the length of extension_data.
Is this OK?

[ekasper, 2013/11/26 19:33:54]

Yeah, this is python strings for you: stringToBytes simply converts a python
8-bit string to an array of bytes. The length doesn't change.

+
         return HandshakeMsg.postWrite(self, w, trial)
 
 class Certificate(HandshakeMsg):