Update third_party/tlslite to 0.4.8.

third_party/tlslite/tlslite/tlsrecordlayer.py

 # Authors: 
 #   Trevor Perrin
 #   Google (adapted by Sam Rushing) - NPN support
 #   Martin von Loewis - python 3 port
+#   Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
 #
 # See the LICENSE file for legal information regarding use of this file.
 
 """Helper class for TLSConnection."""
 from __future__ import generators
 
 from .utils.compat import *
 from .utils.cryptomath import *
 from .utils.cipherfactory import createAES, createRC4, createTripleDES
 from .utils.codec import *
@@ skipping 94 matching lines @@
         self._client = None
 
         #Buffers for processing messages
         self._handshakeBuffer = []
         self.clearReadBuffer()
         self.clearWriteBuffer()
 
         #Handshake digests
         self._handshake_md5 = hashlib.md5()
         self._handshake_sha = hashlib.sha1()
+        self._handshake_sha256 = hashlib.sha256()
 
         #TLS Protocol Version
         self.version = (0,0) #read-only
         self._versionCheck = False #Once we choose a version, this is True
 
         #Current and Pending connection states
         self._writeState = _ConnectionState()
         self._readState = _ConnectionState()
         self._pendingWriteState = _ConnectionState()
         self._pendingReadState = _ConnectionState()
@@ skipping 240 matching lines @@
                 raise
             except:
                 self._shutdown(False)
                 raise
 
     def getVersionName(self):
         """Get the name of this TLS version.
 
         @rtype: str
         @return: The name of the TLS version used with this connection.
-        Either None, 'SSL 3.0', 'TLS 1.0', or 'TLS 1.1'.
+        Either None, 'SSL 3.0', 'TLS 1.0', 'TLS 1.1', or 'TLS 1.2'.
         """
         if self.version == (3,0):
             return "SSL 3.0"
         elif self.version == (3,1):
             return "TLS 1.0"
         elif self.version == (3,2):
             return "TLS 1.1"
+        elif self.version == (3,3):
+            return "TLS 1.2"
         else:
             return None
         
     def getCipherName(self):
         """Get the name of the cipher used with this connection.
 
         @rtype: str
         @return: The name of the cipher used with this connection.
         Either 'aes128', 'aes256', 'rc4', or '3des'.
         """
@@ skipping 161 matching lines @@
         # first(only) byte off above, we may have a 0-length msg:
         if len(b) == 0:
             return
             
         contentType = msg.contentType
 
         #Update handshake hashes
         if contentType == ContentType.handshake:
             self._handshake_md5.update(compat26Str(b))
             self._handshake_sha.update(compat26Str(b))
+            self._handshake_sha256.update(compat26Str(b))
 
         #Calculate MAC
         if self._writeState.macContext:
             seqnumBytes = self._writeState.getSeqNumBytes()
             mac = self._writeState.macContext.copy()
             mac.update(compatHMAC(seqnumBytes))
             mac.update(compatHMAC(bytearray([contentType])))
             if self.version == (3,0):
                 mac.update( compatHMAC( bytearray([len(b)//256] )))
                 mac.update( compatHMAC( bytearray([len(b)%256] )))
-            elif self.version in ((3,1), (3,2)):
+            elif self.version in ((3,1), (3,2), (3,3)):
                 mac.update(compatHMAC( bytearray([self.version[0]] )))
                 mac.update(compatHMAC( bytearray([self.version[1]] )))
                 mac.update( compatHMAC( bytearray([len(b)//256] )))
                 mac.update( compatHMAC( bytearray([len(b)%256] )))
             else:
                 raise AssertionError()
             mac.update(compatHMAC(b))
             macBytes = bytearray(mac.digest())
             if self.fault == Fault.badMAC:
                 macBytes[0] = (macBytes[0]+1) % 256
 
         #Encrypt for Block or Stream Cipher
         if self._writeState.encContext:
             #Add padding and encrypt (for Block Cipher):
             if self._writeState.encContext.isBlockCipher:
 
                 #Add TLS 1.1 fixed block
-                if self.version == (3,2):
+                if self.version >= (3,2):
                     b = self.fixedIVBlock + b
 
-                #Add padding: b = b + (macBytes + paddingBytes)
+                #Add padding: b = b+ (macBytes + paddingBytes)
                 currentLength = len(b) + len(macBytes)
                 blockLength = self._writeState.encContext.block_size
                 paddingLength = blockLength - 1 - (currentLength % blockLength)
 
                 paddingBytes = bytearray([paddingLength] * (paddingLength+1))
                 if self.fault == Fault.badPadding:
                     paddingBytes[0] = (paddingBytes[0]+1) % 256
                 endBytes = macBytes + paddingBytes
                 b += endBytes
                 #Encrypt
@@ skipping 170 matching lines @@
                     subType = p.get(1)
                     if subType not in secondaryType:
                         for result in self._sendError(\
                                 AlertDescription.unexpected_message,
                                 "Expecting %s, got %s" % (str(secondaryType), subType)):
                             yield result
 
                 #Update handshake hashes
                 self._handshake_md5.update(compat26Str(p.bytes))
                 self._handshake_sha.update(compat26Str(p.bytes))
+                self._handshake_sha256.update(compat26Str(p.bytes))
 
                 #Parse based on handshake type
                 if subType == HandshakeType.client_hello:
                     yield ClientHello(recordHeader.ssl2).parse(p)
                 elif subType == HandshakeType.server_hello:
                     yield ServerHello().parse(p)
                 elif subType == HandshakeType.certificate:
                     yield Certificate(constructorType).parse(p)
                 elif subType == HandshakeType.certificate_request:
-                    yield CertificateRequest().parse(p)
+                    yield CertificateRequest(self.version).parse(p)
                 elif subType == HandshakeType.certificate_verify:
-                    yield CertificateVerify().parse(p)
+                    yield CertificateVerify(self.version).parse(p)
                 elif subType == HandshakeType.server_key_exchange:
-                    yield ServerKeyExchange(constructorType).parse(p)
+                    yield ServerKeyExchange(constructorType,
+                                            self.version).parse(p)
                 elif subType == HandshakeType.server_hello_done:
                     yield ServerHelloDone().parse(p)
                 elif subType == HandshakeType.client_key_exchange:
                     yield ClientKeyExchange(constructorType, \
                                             self.version).parse(p)
                 elif subType == HandshakeType.finished:
                     yield Finished(self.version).parse(p)
                 elif subType == HandshakeType.next_protocol:
                     yield NextProtocol().parse(p)
                 elif subType == HandshakeType.encrypted_extensions:
@@ skipping 149 matching lines @@
 
             #Decrypt if it's a block cipher
             if self._readState.encContext.isBlockCipher:
                 blockLength = self._readState.encContext.block_size
                 if len(b) % blockLength != 0:
                     for result in self._sendError(\
                             AlertDescription.decryption_failed,
                             "Encrypted data not a multiple of blocksize"):
                         yield result
                 b = self._readState.encContext.decrypt(b)
-                if self.version == (3,2): #For TLS 1.1, remove explicit IV
+                if self.version >= (3,2): #For TLS 1.1, remove explicit IV
                     b = b[self._readState.encContext.block_size : ]
 
                 #Check padding
                 paddingGood = True
                 paddingLength = b[-1]
                 if (paddingLength+1) > len(b):
                     paddingGood=False
                     totalPaddingLength = 0
                 else:
                     if self.version == (3,0):
                         totalPaddingLength = paddingLength+1
-                    elif self.version in ((3,1), (3,2)):
+                    elif self.version in ((3,1), (3,2), (3,3)):
                         totalPaddingLength = paddingLength+1
                         paddingBytes = b[-totalPaddingLength:-1]
                         for byte in paddingBytes:
                             if byte != paddingLength:
                                 paddingGood = False
                                 totalPaddingLength = 0
                     else:
                         raise AssertionError()
 
             #Decrypt if it's a stream cipher
@@ skipping 16 matching lines @@
 
                 #Calculate MAC
                 seqnumBytes = self._readState.getSeqNumBytes()
                 b = b[:-endLength]
                 mac = self._readState.macContext.copy()
                 mac.update(compatHMAC(seqnumBytes))
                 mac.update(compatHMAC(bytearray([recordType])))
                 if self.version == (3,0):
                     mac.update( compatHMAC(bytearray( [len(b)//256] ) ))
                     mac.update( compatHMAC(bytearray( [len(b)%256] ) ))
-                elif self.version in ((3,1), (3,2)):
+                elif self.version in ((3,1), (3,2), (3,3)):
                     mac.update(compatHMAC(bytearray( [self.version[0]] ) ))
                     mac.update(compatHMAC(bytearray( [self.version[1]] ) ))
                     mac.update(compatHMAC(bytearray( [len(b)//256] ) ))
                     mac.update(compatHMAC(bytearray( [len(b)%256] ) ))
                 else:
                     raise AssertionError()
                 mac.update(compatHMAC(b))
                 macBytes = bytearray(mac.digest())
 
                 #Compare MACs
                 if macBytes != checkBytes:
                     macGood = False
 
             if not (paddingGood and macGood):
                 for result in self._sendError(AlertDescription.bad_record_mac,
                                           "MAC failure (or padding failure)"):
                     yield result
 
         yield b
 
     def _handshakeStart(self, client):
         if not self.closed:
             raise ValueError("Renegotiation disallowed for security reasons")
         self._client = client
         self._handshake_md5 = hashlib.md5()
         self._handshake_sha = hashlib.sha1()
+        self._handshake_sha256 = hashlib.sha256()
         self._handshakeBuffer = []
         self.allegedSrpUsername = None
         self._refCount = 1
 
     def _handshakeDone(self, resumed):
         self.resumed = resumed
         self.closed = False
 
     def _calcPendingStates(self, cipherSuite, masterSecret,
             clientRandom, serverRandom, implementations):
@@ skipping 12 matching lines @@
         elif cipherSuite in CipherSuite.tripleDESSuites:
             keyLength = 24
             ivLength = 8
             createCipherFunc = createTripleDES
         else:
             raise AssertionError()
             
         if cipherSuite in CipherSuite.shaSuites:
             macLength = 20
             digestmod = hashlib.sha1        
+        elif cipherSuite in CipherSuite.sha256Suites:
+            macLength = 32
+            digestmod = hashlib.sha256
         elif cipherSuite in CipherSuite.md5Suites:
             macLength = 16
             digestmod = hashlib.md5
 
         if self.version == (3,0):
             createMACFunc = createMAC_SSL
-        elif self.version in ((3,1), (3,2)):
+        elif self.version in ((3,1), (3,2), (3,3)):
             createMACFunc = createHMAC
 
         outputLength = (macLength*2) + (keyLength*2) + (ivLength*2)
 
         #Calculate Keying Material from Master Secret
         if self.version == (3,0):
             keyBlock = PRF_SSL(masterSecret,
                                serverRandom + clientRandom,
                                outputLength)
         elif self.version in ((3,1), (3,2)):
             keyBlock = PRF(masterSecret,
                            b"key expansion",
                            serverRandom + clientRandom,
                            outputLength)
+        elif self.version == (3,3):
+            keyBlock = PRF_1_2(masterSecret,
+                           b"key expansion",
+                           serverRandom + clientRandom,
+                           outputLength)
         else:
             raise AssertionError()
 
         #Slice up Keying Material
         clientPendingState = _ConnectionState()
         serverPendingState = _ConnectionState()
         p = Parser(keyBlock)
         clientMACBlock = p.getFixBytes(macLength)
         serverMACBlock = p.getFixBytes(macLength)
         clientKeyBlock = p.getFixBytes(keyLength)
@@ skipping 12 matching lines @@
                                                          implementations)
 
         #Assign new connection states to pending states
         if self._client:
             self._pendingWriteState = clientPendingState
             self._pendingReadState = serverPendingState
         else:
             self._pendingWriteState = serverPendingState
             self._pendingReadState = clientPendingState
 
-        if self.version == (3,2) and ivLength:
+        if self.version >= (3,2) and ivLength:
             #Choose fixedIVBlock for TLS 1.1 (this is encrypted with the CBC
             #residue to create the IV for each sent block)
             self.fixedIVBlock = getRandomBytes(ivLength)
 
     def _changeWriteState(self):
         self._writeState = self._pendingWriteState
         self._pendingWriteState = _ConnectionState()
 
     def _changeReadState(self):
         self._readState = self._pendingReadState
         self._pendingReadState = _ConnectionState()
 
     #Used for Finished messages and CertificateVerify messages in SSL v3
     def _calcSSLHandshakeHash(self, masterSecret, label):
         imac_md5 = self._handshake_md5.copy()
         imac_sha = self._handshake_sha.copy()
 
         imac_md5.update(compatHMAC(label + masterSecret + bytearray([0x36]*48)))
         imac_sha.update(compatHMAC(label + masterSecret + bytearray([0x36]*40)))
 
         md5Bytes = MD5(masterSecret + bytearray([0x5c]*48) + \
                          bytearray(imac_md5.digest()))
         shaBytes = SHA1(masterSecret + bytearray([0x5c]*40) + \
                          bytearray(imac_sha.digest()))
 
         return md5Bytes + shaBytes