OLD | NEW |
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py | 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
2 index d52e596..79ad145 100755 | 2 index 4165de0..6429c66 100644 |
3 --- a/third_party/tlslite/tlslite/constants.py | 3 --- a/third_party/tlslite/tlslite/constants.py |
4 +++ b/third_party/tlslite/tlslite/constants.py | 4 +++ b/third_party/tlslite/tlslite/constants.py |
5 @@ -31,6 +31,7 @@ class HandshakeType: | 5 @@ -32,6 +32,7 @@ class HandshakeType: |
6 client_key_exchange = 16 | 6 client_key_exchange = 16 |
7 finished = 20 | 7 finished = 20 |
8 next_protocol = 67 | 8 next_protocol = 67 |
9 + encrypted_extensions = 203 | 9 + encrypted_extensions = 203 |
10 | 10 |
11 class ContentType: | 11 class ContentType: |
12 change_cipher_spec = 20 | 12 change_cipher_spec = 20 |
13 @@ -45,6 +46,7 @@ class ExtensionType: # RFC 6066 / 4366 | 13 @@ -46,6 +47,7 @@ class ExtensionType: # RFC 6066 / 4366 |
14 cert_type = 9 # RFC 6091 | 14 cert_type = 9 # RFC 6091 |
15 tack = 0xF300 | 15 tack = 0xF300 |
16 supports_npn = 13172 | 16 supports_npn = 13172 |
17 + channel_id = 30032 | 17 + channel_id = 30032 |
18 | 18 |
19 class NameType: | 19 class NameType: |
20 host_name = 0 | 20 host_name = 0 |
21 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli
te/messages.py | 21 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli
te/messages.py |
22 index 7ef4e3f..246082e 100755 | 22 index 2b3e518..4fa9d96 100644 |
23 --- a/third_party/tlslite/tlslite/messages.py | 23 --- a/third_party/tlslite/tlslite/messages.py |
24 +++ b/third_party/tlslite/tlslite/messages.py | 24 +++ b/third_party/tlslite/tlslite/messages.py |
25 @@ -112,6 +112,7 @@ class ClientHello(HandshakeMsg): | 25 @@ -113,6 +113,7 @@ class ClientHello(HandshakeMsg): |
26 self.tack = False | 26 self.tack = False |
27 self.supports_npn = False | 27 self.supports_npn = False |
28 self.server_name = bytearray(0) | 28 self.server_name = bytearray(0) |
29 + self.channel_id = False | 29 + self.channel_id = False |
30 | 30 |
31 def create(self, version, random, session_id, cipher_suites, | 31 def create(self, version, random, session_id, cipher_suites, |
32 certificate_types=None, srpUsername=None, | 32 certificate_types=None, srpUsername=None, |
33 @@ -179,6 +180,8 @@ class ClientHello(HandshakeMsg): | 33 @@ -180,6 +181,8 @@ class ClientHello(HandshakeMsg): |
34 if name_type == NameType.host_name: | 34 if name_type == NameType.host_name: |
35 self.server_name = hostNameBytes | 35 self.server_name = hostNameBytes |
36 break | 36 break |
37 + elif extType == ExtensionType.channel_id: | 37 + elif extType == ExtensionType.channel_id: |
38 + self.channel_id = True | 38 + self.channel_id = True |
39 else: | 39 else: |
40 _ = p.getFixBytes(extLength) | 40 _ = p.getFixBytes(extLength) |
41 index2 = p.index | 41 index2 = p.index |
42 @@ -243,6 +246,7 @@ class ServerHello(HandshakeMsg): | 42 @@ -244,6 +247,7 @@ class ServerHello(HandshakeMsg): |
43 self.tackExt = None | 43 self.tackExt = None |
44 self.next_protos_advertised = None | 44 self.next_protos_advertised = None |
45 self.next_protos = None | 45 self.next_protos = None |
46 + self.channel_id = False | 46 + self.channel_id = False |
47 | 47 |
48 def create(self, version, random, session_id, cipher_suite, | 48 def create(self, version, random, session_id, cipher_suite, |
49 certificate_type, tackExt, next_protos_advertised): | 49 certificate_type, tackExt, next_protos_advertised): |
50 @@ -329,6 +333,9 @@ class ServerHello(HandshakeMsg): | 50 @@ -330,6 +334,9 @@ class ServerHello(HandshakeMsg): |
51 w2.add(ExtensionType.supports_npn, 2) | 51 w2.add(ExtensionType.supports_npn, 2) |
52 w2.add(len(encoded_next_protos_advertised), 2) | 52 w2.add(len(encoded_next_protos_advertised), 2) |
53 w2.addFixSeq(encoded_next_protos_advertised, 1) | 53 w2.addFixSeq(encoded_next_protos_advertised, 1) |
54 + if self.channel_id: | 54 + if self.channel_id: |
55 + w2.add(ExtensionType.channel_id, 2) | 55 + w2.add(ExtensionType.channel_id, 2) |
56 + w2.add(0, 2) | 56 + w2.add(0, 2) |
57 if len(w2.bytes): | 57 if len(w2.bytes): |
58 w.add(len(w2.bytes), 2) | 58 w.add(len(w2.bytes), 2) |
59 w.bytes += w2.bytes | 59 w.bytes += w2.bytes |
60 @@ -656,6 +663,28 @@ class Finished(HandshakeMsg): | 60 @@ -665,6 +672,28 @@ class Finished(HandshakeMsg): |
61 w.addFixSeq(self.verify_data, 1) | 61 w.addFixSeq(self.verify_data, 1) |
62 return self.postWrite(w) | 62 return self.postWrite(w) |
63 | 63 |
64 +class EncryptedExtensions(HandshakeMsg): | 64 +class EncryptedExtensions(HandshakeMsg): |
65 + def __init__(self): | 65 + def __init__(self): |
66 + self.channel_id_key = None | 66 + self.channel_id_key = None |
67 + self.channel_id_proof = None | 67 + self.channel_id_proof = None |
68 + | 68 + |
69 + def parse(self, p): | 69 + def parse(self, p): |
70 + p.startLengthCheck(3) | 70 + p.startLengthCheck(3) |
71 + soFar = 0 | 71 + soFar = 0 |
72 + while soFar != p.lengthCheck: | 72 + while soFar != p.lengthCheck: |
73 + extType = p.get(2) | 73 + extType = p.get(2) |
74 + extLength = p.get(2) | 74 + extLength = p.get(2) |
75 + if extType == ExtensionType.channel_id: | 75 + if extType == ExtensionType.channel_id: |
76 + if extLength != 32*4: | 76 + if extLength != 32*4: |
77 + raise SyntaxError() | 77 + raise SyntaxError() |
78 + self.channel_id_key = p.getFixBytes(64) | 78 + self.channel_id_key = p.getFixBytes(64) |
79 + self.channel_id_proof = p.getFixBytes(64) | 79 + self.channel_id_proof = p.getFixBytes(64) |
80 + else: | 80 + else: |
81 + p.getFixBytes(extLength) | 81 + p.getFixBytes(extLength) |
82 + soFar += 4 + extLength | 82 + soFar += 4 + extLength |
83 + p.stopLengthCheck() | 83 + p.stopLengthCheck() |
84 + return self | 84 + return self |
85 + | 85 + |
86 class ApplicationData(object): | 86 class ApplicationData(object): |
87 def __init__(self): | 87 def __init__(self): |
88 self.contentType = ContentType.application_data | 88 self.contentType = ContentType.application_data |
89 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py | 89 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
90 index 8415592..e7c5140 100755 | 90 index 0e78753..b0400f8 100644 |
91 --- a/third_party/tlslite/tlslite/tlsconnection.py | 91 --- a/third_party/tlslite/tlslite/tlsconnection.py |
92 +++ b/third_party/tlslite/tlslite/tlsconnection.py | 92 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
93 @@ -1155,6 +1155,7 @@ class TLSConnection(TLSRecordLayer): | 93 @@ -1158,6 +1158,7 @@ class TLSConnection(TLSRecordLayer): |
94 serverHello.create(self.version, getRandomBytes(32), sessionID, \ | 94 serverHello.create(self.version, getRandomBytes(32), sessionID, \ |
95 cipherSuite, CertificateType.x509, tackExt, | 95 cipherSuite, CertificateType.x509, tackExt, |
96 nextProtos) | 96 nextProtos) |
97 + serverHello.channel_id = clientHello.channel_id | 97 + serverHello.channel_id = clientHello.channel_id |
98 | 98 |
99 # Perform the SRP key exchange | 99 # Perform the SRP key exchange |
100 clientCertChain = None | 100 clientCertChain = None |
101 @@ -1191,7 +1192,7 @@ class TLSConnection(TLSRecordLayer): | 101 @@ -1194,7 +1195,7 @@ class TLSConnection(TLSRecordLayer): |
102 for result in self._serverFinished(premasterSecret, | 102 for result in self._serverFinished(premasterSecret, |
103 clientHello.random, serverHello.random, | 103 clientHello.random, serverHello.random, |
104 cipherSuite, settings.cipherImplementations, | 104 cipherSuite, settings.cipherImplementations, |
105 - nextProtos): | 105 - nextProtos): |
106 + nextProtos, clientHello.channel_id): | 106 + nextProtos, clientHello.channel_id): |
107 if result in (0,1): yield result | 107 if result in (0,1): yield result |
108 else: break | 108 else: break |
109 masterSecret = result | 109 masterSecret = result |
110 @@ -1609,7 +1610,8 @@ class TLSConnection(TLSRecordLayer): | 110 @@ -1614,7 +1615,8 @@ class TLSConnection(TLSRecordLayer): |
111 | 111 |
112 | 112 |
113 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, | 113 def _serverFinished(self, premasterSecret, clientRandom, serverRandom, |
114 - cipherSuite, cipherImplementations, nextProtos): | 114 - cipherSuite, cipherImplementations, nextProtos): |
115 + cipherSuite, cipherImplementations, nextProtos, | 115 + cipherSuite, cipherImplementations, nextProtos, |
116 + doingChannelID): | 116 + doingChannelID): |
117 masterSecret = calcMasterSecret(self.version, premasterSecret, | 117 masterSecret = calcMasterSecret(self.version, premasterSecret, |
118 clientRandom, serverRandom) | 118 clientRandom, serverRandom) |
119 | 119 |
120 @@ -1620,7 +1622,8 @@ class TLSConnection(TLSRecordLayer): | 120 @@ -1625,7 +1627,8 @@ class TLSConnection(TLSRecordLayer): |
121 | 121 |
122 #Exchange ChangeCipherSpec and Finished messages | 122 #Exchange ChangeCipherSpec and Finished messages |
123 for result in self._getFinished(masterSecret, | 123 for result in self._getFinished(masterSecret, |
124 - expect_next_protocol=nextProtos is not None): | 124 - expect_next_protocol=nextProtos is not None): |
125 + expect_next_protocol=nextProtos is not None, | 125 + expect_next_protocol=nextProtos is not None, |
126 + expect_channel_id=doingChannelID): | 126 + expect_channel_id=doingChannelID): |
127 yield result | 127 yield result |
128 | 128 |
129 for result in self._sendFinished(masterSecret): | 129 for result in self._sendFinished(masterSecret): |
130 @@ -1657,7 +1660,8 @@ class TLSConnection(TLSRecordLayer): | 130 @@ -1662,7 +1665,8 @@ class TLSConnection(TLSRecordLayer): |
131 for result in self._sendMsg(finished): | 131 for result in self._sendMsg(finished): |
132 yield result | 132 yield result |
133 | 133 |
134 - def _getFinished(self, masterSecret, expect_next_protocol=False, nextProto=
None): | 134 - def _getFinished(self, masterSecret, expect_next_protocol=False, nextProto=
None): |
135 + def _getFinished(self, masterSecret, expect_next_protocol=False, nextProto=
None, | 135 + def _getFinished(self, masterSecret, expect_next_protocol=False, nextProto=
None, |
136 + expect_channel_id=False): | 136 + expect_channel_id=False): |
137 #Get and check ChangeCipherSpec | 137 #Get and check ChangeCipherSpec |
138 for result in self._getMsg(ContentType.change_cipher_spec): | 138 for result in self._getMsg(ContentType.change_cipher_spec): |
139 if result in (0,1): | 139 if result in (0,1): |
140 @@ -1690,6 +1694,20 @@ class TLSConnection(TLSRecordLayer): | 140 @@ -1695,6 +1699,20 @@ class TLSConnection(TLSRecordLayer): |
141 if nextProto: | 141 if nextProto: |
142 self.next_proto = nextProto | 142 self.next_proto = nextProto |
143 | 143 |
144 + #Server Finish - Are we waiting for a EncryptedExtensions? | 144 + #Server Finish - Are we waiting for a EncryptedExtensions? |
145 + if expect_channel_id: | 145 + if expect_channel_id: |
146 + for result in self._getMsg(ContentType.handshake, HandshakeType.enc
rypted_extensions): | 146 + for result in self._getMsg(ContentType.handshake, HandshakeType.enc
rypted_extensions): |
147 + if result in (0,1): | 147 + if result in (0,1): |
148 + yield result | 148 + yield result |
149 + if result is None: | 149 + if result is None: |
150 + for result in self._sendError(AlertDescription.unexpected_messa
ge, | 150 + for result in self._sendError(AlertDescription.unexpected_messa
ge, |
151 + "Didn't get EncryptedExtensions me
ssage"): | 151 + "Didn't get EncryptedExtensions me
ssage"): |
152 + yield result | 152 + yield result |
153 + encrypted_extensions = result | 153 + encrypted_extensions = result |
154 + self.channel_id = result.channel_id_key | 154 + self.channel_id = result.channel_id_key |
155 + else: | 155 + else: |
156 + self.channel_id = None | 156 + self.channel_id = None |
157 + | 157 + |
158 #Calculate verification data | 158 #Calculate verification data |
159 verifyData = self._calcFinished(masterSecret, False) | 159 verifyData = self._calcFinished(masterSecret, False) |
160 | 160 |
161 diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite
/tlslite/tlsrecordlayer.py | 161 diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite
/tlslite/tlsrecordlayer.py |
162 index b0833fe..ff08cbf 100755 | 162 index 5fe7410..f18fcf5 100644 |
163 --- a/third_party/tlslite/tlslite/tlsrecordlayer.py | 163 --- a/third_party/tlslite/tlslite/tlsrecordlayer.py |
164 +++ b/third_party/tlslite/tlslite/tlsrecordlayer.py | 164 +++ b/third_party/tlslite/tlslite/tlsrecordlayer.py |
165 @@ -800,6 +800,8 @@ class TLSRecordLayer(object): | 165 @@ -806,6 +806,8 @@ class TLSRecordLayer(object): |
166 yield Finished(self.version).parse(p) | 166 yield Finished(self.version).parse(p) |
167 elif subType == HandshakeType.next_protocol: | 167 elif subType == HandshakeType.next_protocol: |
168 yield NextProtocol().parse(p) | 168 yield NextProtocol().parse(p) |
169 + elif subType == HandshakeType.encrypted_extensions: | 169 + elif subType == HandshakeType.encrypted_extensions: |
170 + yield EncryptedExtensions().parse(p) | 170 + yield EncryptedExtensions().parse(p) |
171 else: | 171 else: |
172 raise AssertionError() | 172 raise AssertionError() |
173 | 173 |
OLD | NEW |