| Index: third_party/tlslite/tlslite/messages.py
|
| diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
|
| index c8a913ce2497bd85d2fe64d5186dfc75295fb57d..f2e2cfc2455ec8c3aa2fdb010c397c5748fae0b9 100644
|
| --- a/third_party/tlslite/tlslite/messages.py
|
| +++ b/third_party/tlslite/tlslite/messages.py
|
| @@ -3,6 +3,7 @@
|
| # Google - handling CertificateRequest.certificate_types
|
| # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support
|
| # Dimitris Moraitis - Anon ciphersuites
|
| +# Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
|
| #
|
| # See the LICENSE file for legal information regarding use of this file.
|
|
|
| @@ -452,19 +453,25 @@ class CertificateStatus(HandshakeMsg):
|
| return self.postWrite(w)
|
|
|
| class CertificateRequest(HandshakeMsg):
|
| - def __init__(self):
|
| + def __init__(self, version):
|
| HandshakeMsg.__init__(self, HandshakeType.certificate_request)
|
| self.certificate_types = []
|
| self.certificate_authorities = []
|
| + self.version = version
|
| + self.supported_signature_algs = []
|
|
|
| - def create(self, certificate_types, certificate_authorities):
|
| + def create(self, certificate_types, certificate_authorities, sig_algs):
|
| self.certificate_types = certificate_types
|
| self.certificate_authorities = certificate_authorities
|
| + self.supported_signature_algs = sig_algs
|
| return self
|
|
|
| def parse(self, p):
|
| p.startLengthCheck(3)
|
| self.certificate_types = p.getVarList(1, 1)
|
| + if self.version >= (3,3):
|
| + self.supported_signature_algs = \
|
| + [(b >> 8, b & 0xff) for b in p.getVarList(2, 2)]
|
| ca_list_length = p.get(2)
|
| index = 0
|
| self.certificate_authorities = []
|
| @@ -478,6 +485,11 @@ class CertificateRequest(HandshakeMsg):
|
| def write(self):
|
| w = Writer()
|
| w.addVarSeq(self.certificate_types, 1, 1)
|
| + if self.version >= (3,3):
|
| + w.add(2 * len(self.supported_signature_algs), 2)
|
| + for (hash, signature) in self.supported_signature_algs:
|
| + w.add(hash, 1)
|
| + w.add(signature, 1)
|
| caLength = 0
|
| #determine length
|
| for ca_dn in self.certificate_authorities:
|
| @@ -489,9 +501,10 @@ class CertificateRequest(HandshakeMsg):
|
| return self.postWrite(w)
|
|
|
| class ServerKeyExchange(HandshakeMsg):
|
| - def __init__(self, cipherSuite):
|
| + def __init__(self, cipherSuite, version):
|
| HandshakeMsg.__init__(self, HandshakeType.server_key_exchange)
|
| self.cipherSuite = cipherSuite
|
| + self.version = version
|
| self.srp_N = 0
|
| self.srp_g = 0
|
| self.srp_s = bytearray(0)
|
| @@ -550,11 +563,18 @@ class ServerKeyExchange(HandshakeMsg):
|
| w = Writer()
|
| w.bytes += self.write_params()
|
| if self.cipherSuite in CipherSuite.certAllSuites:
|
| + if self.version >= (3,3):
|
| + # TODO: Signature algorithm negotiation not supported.
|
| + w.add(HashAlgorithm.sha1, 1)
|
| + w.add(SignatureAlgorithm.rsa, 1)
|
| w.addVarSeq(self.signature, 1, 2)
|
| return self.postWrite(w)
|
|
|
| def hash(self, clientRandom, serverRandom):
|
| bytes = clientRandom + serverRandom + self.write_params()
|
| + if self.version >= (3,3):
|
| + # TODO: Signature algorithm negotiation not supported.
|
| + return SHA1(bytes)
|
| return MD5(bytes) + SHA1(bytes)
|
|
|
| class ServerHelloDone(HandshakeMsg):
|
| @@ -598,7 +618,7 @@ class ClientKeyExchange(HandshakeMsg):
|
| if self.cipherSuite in CipherSuite.srpAllSuites:
|
| self.srp_A = bytesToNumber(p.getVarBytes(2))
|
| elif self.cipherSuite in CipherSuite.certSuites:
|
| - if self.version in ((3,1), (3,2)):
|
| + if self.version in ((3,1), (3,2), (3,3)):
|
| self.encryptedPreMasterSecret = p.getVarBytes(2)
|
| elif self.version == (3,0):
|
| self.encryptedPreMasterSecret = \
|
| @@ -617,7 +637,7 @@ class ClientKeyExchange(HandshakeMsg):
|
| if self.cipherSuite in CipherSuite.srpAllSuites:
|
| w.addVarSeq(numberToByteArray(self.srp_A), 1, 2)
|
| elif self.cipherSuite in CipherSuite.certSuites:
|
| - if self.version in ((3,1), (3,2)):
|
| + if self.version in ((3,1), (3,2), (3,3)):
|
| w.addVarSeq(self.encryptedPreMasterSecret, 1, 2)
|
| elif self.version == (3,0):
|
| w.addFixSeq(self.encryptedPreMasterSecret, 1)
|
| @@ -630,22 +650,30 @@ class ClientKeyExchange(HandshakeMsg):
|
| return self.postWrite(w)
|
|
|
| class CertificateVerify(HandshakeMsg):
|
| - def __init__(self):
|
| + def __init__(self, version):
|
| HandshakeMsg.__init__(self, HandshakeType.certificate_verify)
|
| + self.version = version
|
| + self.signature_algorithm = None
|
| self.signature = bytearray(0)
|
|
|
| - def create(self, signature):
|
| + def create(self, signature_algorithm, signature):
|
| + self.signature_algorithm = signature_algorithm
|
| self.signature = signature
|
| return self
|
|
|
| def parse(self, p):
|
| p.startLengthCheck(3)
|
| + if self.version >= (3,3):
|
| + self.signature_algorithm = (p.get(1), p.get(1))
|
| self.signature = p.getVarBytes(2)
|
| p.stopLengthCheck()
|
| return self
|
|
|
| def write(self):
|
| w = Writer()
|
| + if self.version >= (3,3):
|
| + w.add(self.signature_algorithm[0], 1)
|
| + w.add(self.signature_algorithm[1], 1)
|
| w.addVarSeq(self.signature, 1, 2)
|
| return self.postWrite(w)
|
|
|
| @@ -707,7 +735,7 @@ class Finished(HandshakeMsg):
|
| p.startLengthCheck(3)
|
| if self.version == (3,0):
|
| self.verify_data = p.getFixBytes(36)
|
| - elif self.version in ((3,1), (3,2)):
|
| + elif self.version in ((3,1), (3,2), (3,3)):
|
| self.verify_data = p.getFixBytes(12)
|
| else:
|
| raise AssertionError()
|
|
|
Chromium Code Reviews
Issue 858373002:
Update third_party/tlslite to 0.4.8. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master