Update third_party/tlslite to 0.4.8.

third_party/tlslite/tlslite/tlsconnection.py

Index: third_party/tlslite/tlslite/tlsconnection.py
diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
index 06aa0c9022d5fb51ee38cb1b2ab0c41ce8a767a0..65f8d67593dfd90db576722577104ebcf99d2435 100644
--- a/third_party/tlslite/tlslite/tlsconnection.py
+++ b/third_party/tlslite/tlslite/tlsconnection.py
@@ -4,6 +4,7 @@
 #   Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support
 #   Dimitris Moraitis - Anon ciphersuites
 #   Martin von Loewis - python 3 port
+#   Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
 #
 # See the LICENSE file for legal information regarding use of this file.
 
@@ -22,6 +23,7 @@ from .messages import *
 from .mathtls import *
 from .handshakesettings import HandshakeSettings
 from .utils.tackwrapper import *
+from .utils.rsakey import RSAKey
 
 class KeyExchange(object):
     def __init__(self, cipherSuite, clientHello, serverHello, privateKey):
@@ -102,11 +104,15 @@ DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
         self.dh_Xs = bytesToNumber(getRandomBytes(self.strength * 2 / 8))
         dh_Ys = powMod(self.dh_g, self.dh_Xs, self.dh_p)
 
-        serverKeyExchange = ServerKeyExchange(self.cipherSuite)
+        version = self.serverHello.server_version
+        serverKeyExchange = ServerKeyExchange(self.cipherSuite, version)
         serverKeyExchange.createDH(self.dh_p, self.dh_g, dh_Ys)
-        serverKeyExchange.signature = self.privateKey.sign(
-            serverKeyExchange.hash(self.clientHello.random,
-                                   self.serverHello.random))
+        hashBytes = serverKeyExchange.hash(self.clientHello.random,
+                                           self.serverHello.random)
+        if version >= (3,3):
+            # TODO: Signature algorithm negotiation not supported.
+            hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes)
+        serverKeyExchange.signature = self.privateKey.sign(hashBytes)
         return serverKeyExchange
 
     def processClientKeyExchange(self, clientKeyExchange):
@@ -596,9 +602,9 @@ class TLSConnection(TLSRecordLayer):
         if srpParams:
             cipherSuites += CipherSuite.getSrpAllSuites(settings)
         elif certParams:
-            cipherSuites += CipherSuite.getCertSuites(settings)
             # TODO: Client DHE_RSA not supported.
             # cipherSuites += CipherSuite.getDheCertSuites(settings)
+            cipherSuites += CipherSuite.getCertSuites(settings)
         elif anonParams:
             cipherSuites += CipherSuite.getAnonSuites(settings)
         else:
@@ -959,6 +965,9 @@ class TLSConnection(TLSRecordLayer):
             elif self.version in ((3,1), (3,2)):
                 verifyBytes = self._handshake_md5.digest() + \
                                 self._handshake_sha.digest()
+            elif self.version == (3,3):
+                # TODO: This does not handle the PKCS#1 prefix in TLS 1.2.
+                verifyBytes = self._handshake_sha256.digest()

[davidben, 2015/01/21 23:44:11]

This completely broken for TLS 1.2. It is likewise completely broken upstream.
I've left it alone with a TODO for now, but we'll need to fix it once we can
unit test client auth in Chromium.

[davidben, 2015/01/22 00:18:35]

Actually... we do have some tests in SSLClientSocketOpenSSLClientAuthTest. Try
jobs aren't exploding on Android though. I'll look into that and probably just
fix it.

[davidben, 2015/01/22 00:56:46]

Done.

             if self.fault == Fault.badVerifyMessage:
                 verifyBytes[0] = ((verifyBytes[0]+1) % 256)
             signedBytes = privateKey.sign(verifyBytes)
@@ -1381,8 +1390,8 @@ class TLSConnection(TLSRecordLayer):
                     CipherSuite.getSrpCertSuites(settings)
             cipherSuites += CipherSuite.getSrpSuites(settings)
         elif certChain:
-            cipherSuites += CipherSuite.getCertSuites(settings)
             cipherSuites += CipherSuite.getDheCertSuites(settings)
+            cipherSuites += CipherSuite.getCertSuites(settings)
         elif anon:
             cipherSuites += CipherSuite.getAnonSuites(settings)
         else:
@@ -1512,9 +1521,10 @@ class TLSConnection(TLSRecordLayer):
         #the only time we won't use it is if we're resuming a
         #session, in which case we use the ciphersuite from the session.
         #
-        #Use the client's preferences for now.
-        for cipherSuite in clientHello.cipher_suites:
-            if cipherSuite in cipherSuites:
+        #Given the current ciphersuite ordering, this means we prefer SRP
+        #over non-SRP.
+        for cipherSuite in cipherSuites:
+            if cipherSuite in clientHello.cipher_suites:
                 break
         else:
             for result in self._sendError(\
@@ -1561,7 +1571,7 @@ class TLSConnection(TLSRecordLayer):
         B = (powMod(g, b, N) + (k*v)) % N
 
         #Create ServerKeyExchange, signing it if necessary
-        serverKeyExchange = ServerKeyExchange(cipherSuite)
+        serverKeyExchange = ServerKeyExchange(cipherSuite, self.version)
         serverKeyExchange.createSRP(N, g, s, B)
         if cipherSuite in CipherSuite.srpCertSuites:
             hashBytes = serverKeyExchange.hash(clientHello.random,
@@ -1631,7 +1641,8 @@ class TLSConnection(TLSRecordLayer):
             #Apple's Secure Transport library rejects empty certificate_types,
             #so default to rsa_sign.
             reqCertTypes = reqCertTypes or [ClientCertificateType.rsa_sign]
-            msgs.append(CertificateRequest().create(reqCertTypes, reqCAs))
+            msgs.append(CertificateRequest(self.version).create(reqCertTypes,
+                                                                reqCAs))
         msgs.append(ServerHelloDone())
         for result in self._sendMsgs(msgs):
             yield result
@@ -1664,7 +1675,7 @@ class TLSConnection(TLSRecordLayer):
                         clientCertChain = clientCertificate.certChain
                 else:
                     raise AssertionError()
-            elif self.version in ((3,1), (3,2)):
+            elif self.version in ((3,1), (3,2), (3,3)):
                 for result in self._getMsg(ContentType.handshake,
                                           HandshakeType.certificate,
                                           CertificateType.x509):
@@ -1702,6 +1713,8 @@ class TLSConnection(TLSRecordLayer):
             elif self.version in ((3,1), (3,2)):
                 verifyBytes = self._handshake_md5.digest() + \
                                 self._handshake_sha.digest()
+            elif self.version == (3,3):
+                verifyBytes = self._handshake_sha256.digest()
             for result in self._getMsg(ContentType.handshake,
                                       HandshakeType.certificate_verify):
                 if result in (0,1): yield result
@@ -1737,7 +1750,7 @@ class TLSConnection(TLSRecordLayer):
         dh_Ys = powMod(dh_g, dh_Xs, dh_p)
 
         #Create ServerKeyExchange
-        serverKeyExchange = ServerKeyExchange(cipherSuite)
+        serverKeyExchange = ServerKeyExchange(cipherSuite, self.version)
         serverKeyExchange.createDH(dh_p, dh_g, dh_Ys)
         
         #Send ServerHello[, Certificate], ServerKeyExchange,
@@ -1909,6 +1922,15 @@ class TLSConnection(TLSRecordLayer):
                                 self._handshake_sha.digest()
             verifyData = PRF(masterSecret, label, handshakeHashes, 12)
             return verifyData
+        elif self.version == (3,3):
+            if (self._client and send) or (not self._client and not send):
+                label = b"client finished"
+            else:
+                label = b"server finished"
+
+            handshakeHashes = self._handshake_sha256.digest()
+            verifyData = PRF_1_2(masterSecret, label, handshakeHashes, 12)
+            return verifyData
         else:
             raise AssertionError()