Index: third_party/tlslite/tlslite/tlsconnection.py |
diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
index 06aa0c9022d5fb51ee38cb1b2ab0c41ce8a767a0..65f8d67593dfd90db576722577104ebcf99d2435 100644 |
--- a/third_party/tlslite/tlslite/tlsconnection.py |
+++ b/third_party/tlslite/tlslite/tlsconnection.py |
@@ -4,6 +4,7 @@ |
# Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
# Dimitris Moraitis - Anon ciphersuites |
# Martin von Loewis - python 3 port |
+# Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
# |
# See the LICENSE file for legal information regarding use of this file. |
@@ -22,6 +23,7 @@ from .messages import * |
from .mathtls import * |
from .handshakesettings import HandshakeSettings |
from .utils.tackwrapper import * |
+from .utils.rsakey import RSAKey |
class KeyExchange(object): |
def __init__(self, cipherSuite, clientHello, serverHello, privateKey): |
@@ -102,11 +104,15 @@ DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 |
self.dh_Xs = bytesToNumber(getRandomBytes(self.strength * 2 / 8)) |
dh_Ys = powMod(self.dh_g, self.dh_Xs, self.dh_p) |
- serverKeyExchange = ServerKeyExchange(self.cipherSuite) |
+ version = self.serverHello.server_version |
+ serverKeyExchange = ServerKeyExchange(self.cipherSuite, version) |
serverKeyExchange.createDH(self.dh_p, self.dh_g, dh_Ys) |
- serverKeyExchange.signature = self.privateKey.sign( |
- serverKeyExchange.hash(self.clientHello.random, |
- self.serverHello.random)) |
+ hashBytes = serverKeyExchange.hash(self.clientHello.random, |
+ self.serverHello.random) |
+ if version >= (3,3): |
+ # TODO: Signature algorithm negotiation not supported. |
+ hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes) |
+ serverKeyExchange.signature = self.privateKey.sign(hashBytes) |
return serverKeyExchange |
def processClientKeyExchange(self, clientKeyExchange): |
@@ -596,9 +602,9 @@ class TLSConnection(TLSRecordLayer): |
if srpParams: |
cipherSuites += CipherSuite.getSrpAllSuites(settings) |
elif certParams: |
- cipherSuites += CipherSuite.getCertSuites(settings) |
# TODO: Client DHE_RSA not supported. |
# cipherSuites += CipherSuite.getDheCertSuites(settings) |
+ cipherSuites += CipherSuite.getCertSuites(settings) |
elif anonParams: |
cipherSuites += CipherSuite.getAnonSuites(settings) |
else: |
@@ -959,6 +965,9 @@ class TLSConnection(TLSRecordLayer): |
elif self.version in ((3,1), (3,2)): |
verifyBytes = self._handshake_md5.digest() + \ |
self._handshake_sha.digest() |
+ elif self.version == (3,3): |
+ # TODO: This does not handle the PKCS#1 prefix in TLS 1.2. |
+ verifyBytes = self._handshake_sha256.digest() |
davidben
2015/01/21 23:44:11
This completely broken for TLS 1.2. It is likewise
davidben
2015/01/22 00:18:35
Actually... we do have some tests in SSLClientSock
davidben
2015/01/22 00:56:46
Done.
|
if self.fault == Fault.badVerifyMessage: |
verifyBytes[0] = ((verifyBytes[0]+1) % 256) |
signedBytes = privateKey.sign(verifyBytes) |
@@ -1381,8 +1390,8 @@ class TLSConnection(TLSRecordLayer): |
CipherSuite.getSrpCertSuites(settings) |
cipherSuites += CipherSuite.getSrpSuites(settings) |
elif certChain: |
- cipherSuites += CipherSuite.getCertSuites(settings) |
cipherSuites += CipherSuite.getDheCertSuites(settings) |
+ cipherSuites += CipherSuite.getCertSuites(settings) |
elif anon: |
cipherSuites += CipherSuite.getAnonSuites(settings) |
else: |
@@ -1512,9 +1521,10 @@ class TLSConnection(TLSRecordLayer): |
#the only time we won't use it is if we're resuming a |
#session, in which case we use the ciphersuite from the session. |
# |
- #Use the client's preferences for now. |
- for cipherSuite in clientHello.cipher_suites: |
- if cipherSuite in cipherSuites: |
+ #Given the current ciphersuite ordering, this means we prefer SRP |
+ #over non-SRP. |
+ for cipherSuite in cipherSuites: |
+ if cipherSuite in clientHello.cipher_suites: |
break |
else: |
for result in self._sendError(\ |
@@ -1561,7 +1571,7 @@ class TLSConnection(TLSRecordLayer): |
B = (powMod(g, b, N) + (k*v)) % N |
#Create ServerKeyExchange, signing it if necessary |
- serverKeyExchange = ServerKeyExchange(cipherSuite) |
+ serverKeyExchange = ServerKeyExchange(cipherSuite, self.version) |
serverKeyExchange.createSRP(N, g, s, B) |
if cipherSuite in CipherSuite.srpCertSuites: |
hashBytes = serverKeyExchange.hash(clientHello.random, |
@@ -1631,7 +1641,8 @@ class TLSConnection(TLSRecordLayer): |
#Apple's Secure Transport library rejects empty certificate_types, |
#so default to rsa_sign. |
reqCertTypes = reqCertTypes or [ClientCertificateType.rsa_sign] |
- msgs.append(CertificateRequest().create(reqCertTypes, reqCAs)) |
+ msgs.append(CertificateRequest(self.version).create(reqCertTypes, |
+ reqCAs)) |
msgs.append(ServerHelloDone()) |
for result in self._sendMsgs(msgs): |
yield result |
@@ -1664,7 +1675,7 @@ class TLSConnection(TLSRecordLayer): |
clientCertChain = clientCertificate.certChain |
else: |
raise AssertionError() |
- elif self.version in ((3,1), (3,2)): |
+ elif self.version in ((3,1), (3,2), (3,3)): |
for result in self._getMsg(ContentType.handshake, |
HandshakeType.certificate, |
CertificateType.x509): |
@@ -1702,6 +1713,8 @@ class TLSConnection(TLSRecordLayer): |
elif self.version in ((3,1), (3,2)): |
verifyBytes = self._handshake_md5.digest() + \ |
self._handshake_sha.digest() |
+ elif self.version == (3,3): |
+ verifyBytes = self._handshake_sha256.digest() |
for result in self._getMsg(ContentType.handshake, |
HandshakeType.certificate_verify): |
if result in (0,1): yield result |
@@ -1737,7 +1750,7 @@ class TLSConnection(TLSRecordLayer): |
dh_Ys = powMod(dh_g, dh_Xs, dh_p) |
#Create ServerKeyExchange |
- serverKeyExchange = ServerKeyExchange(cipherSuite) |
+ serverKeyExchange = ServerKeyExchange(cipherSuite, self.version) |
serverKeyExchange.createDH(dh_p, dh_g, dh_Ys) |
#Send ServerHello[, Certificate], ServerKeyExchange, |
@@ -1909,6 +1922,15 @@ class TLSConnection(TLSRecordLayer): |
self._handshake_sha.digest() |
verifyData = PRF(masterSecret, label, handshakeHashes, 12) |
return verifyData |
+ elif self.version == (3,3): |
+ if (self._client and send) or (not self._client and not send): |
+ label = b"client finished" |
+ else: |
+ label = b"server finished" |
+ |
+ handshakeHashes = self._handshake_sha256.digest() |
+ verifyData = PRF_1_2(masterSecret, label, handshakeHashes, 12) |
+ return verifyData |
else: |
raise AssertionError() |