Index: third_party/tlslite/tlslite/messages.py |
diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py |
index c8a913ce2497bd85d2fe64d5186dfc75295fb57d..f2e2cfc2455ec8c3aa2fdb010c397c5748fae0b9 100644 |
--- a/third_party/tlslite/tlslite/messages.py |
+++ b/third_party/tlslite/tlslite/messages.py |
@@ -3,6 +3,7 @@ |
# Google - handling CertificateRequest.certificate_types |
# Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
# Dimitris Moraitis - Anon ciphersuites |
+# Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
# |
# See the LICENSE file for legal information regarding use of this file. |
@@ -452,19 +453,25 @@ class CertificateStatus(HandshakeMsg): |
return self.postWrite(w) |
class CertificateRequest(HandshakeMsg): |
- def __init__(self): |
+ def __init__(self, version): |
HandshakeMsg.__init__(self, HandshakeType.certificate_request) |
self.certificate_types = [] |
self.certificate_authorities = [] |
+ self.version = version |
+ self.supported_signature_algs = [] |
- def create(self, certificate_types, certificate_authorities): |
+ def create(self, certificate_types, certificate_authorities, sig_algs): |
self.certificate_types = certificate_types |
self.certificate_authorities = certificate_authorities |
+ self.supported_signature_algs = sig_algs |
return self |
def parse(self, p): |
p.startLengthCheck(3) |
self.certificate_types = p.getVarList(1, 1) |
+ if self.version >= (3,3): |
+ self.supported_signature_algs = \ |
+ [(b >> 8, b & 0xff) for b in p.getVarList(2, 2)] |
ca_list_length = p.get(2) |
index = 0 |
self.certificate_authorities = [] |
@@ -478,6 +485,11 @@ class CertificateRequest(HandshakeMsg): |
def write(self): |
w = Writer() |
w.addVarSeq(self.certificate_types, 1, 1) |
+ if self.version >= (3,3): |
+ w.add(2 * len(self.supported_signature_algs), 2) |
+ for (hash, signature) in self.supported_signature_algs: |
+ w.add(hash, 1) |
+ w.add(signature, 1) |
caLength = 0 |
#determine length |
for ca_dn in self.certificate_authorities: |
@@ -489,9 +501,10 @@ class CertificateRequest(HandshakeMsg): |
return self.postWrite(w) |
class ServerKeyExchange(HandshakeMsg): |
- def __init__(self, cipherSuite): |
+ def __init__(self, cipherSuite, version): |
HandshakeMsg.__init__(self, HandshakeType.server_key_exchange) |
self.cipherSuite = cipherSuite |
+ self.version = version |
self.srp_N = 0 |
self.srp_g = 0 |
self.srp_s = bytearray(0) |
@@ -550,11 +563,18 @@ class ServerKeyExchange(HandshakeMsg): |
w = Writer() |
w.bytes += self.write_params() |
if self.cipherSuite in CipherSuite.certAllSuites: |
+ if self.version >= (3,3): |
+ # TODO: Signature algorithm negotiation not supported. |
+ w.add(HashAlgorithm.sha1, 1) |
+ w.add(SignatureAlgorithm.rsa, 1) |
w.addVarSeq(self.signature, 1, 2) |
return self.postWrite(w) |
def hash(self, clientRandom, serverRandom): |
bytes = clientRandom + serverRandom + self.write_params() |
+ if self.version >= (3,3): |
+ # TODO: Signature algorithm negotiation not supported. |
+ return SHA1(bytes) |
return MD5(bytes) + SHA1(bytes) |
class ServerHelloDone(HandshakeMsg): |
@@ -598,7 +618,7 @@ class ClientKeyExchange(HandshakeMsg): |
if self.cipherSuite in CipherSuite.srpAllSuites: |
self.srp_A = bytesToNumber(p.getVarBytes(2)) |
elif self.cipherSuite in CipherSuite.certSuites: |
- if self.version in ((3,1), (3,2)): |
+ if self.version in ((3,1), (3,2), (3,3)): |
self.encryptedPreMasterSecret = p.getVarBytes(2) |
elif self.version == (3,0): |
self.encryptedPreMasterSecret = \ |
@@ -617,7 +637,7 @@ class ClientKeyExchange(HandshakeMsg): |
if self.cipherSuite in CipherSuite.srpAllSuites: |
w.addVarSeq(numberToByteArray(self.srp_A), 1, 2) |
elif self.cipherSuite in CipherSuite.certSuites: |
- if self.version in ((3,1), (3,2)): |
+ if self.version in ((3,1), (3,2), (3,3)): |
w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) |
elif self.version == (3,0): |
w.addFixSeq(self.encryptedPreMasterSecret, 1) |
@@ -630,22 +650,30 @@ class ClientKeyExchange(HandshakeMsg): |
return self.postWrite(w) |
class CertificateVerify(HandshakeMsg): |
- def __init__(self): |
+ def __init__(self, version): |
HandshakeMsg.__init__(self, HandshakeType.certificate_verify) |
+ self.version = version |
+ self.signature_algorithm = None |
self.signature = bytearray(0) |
- def create(self, signature): |
+ def create(self, signature_algorithm, signature): |
+ self.signature_algorithm = signature_algorithm |
self.signature = signature |
return self |
def parse(self, p): |
p.startLengthCheck(3) |
+ if self.version >= (3,3): |
+ self.signature_algorithm = (p.get(1), p.get(1)) |
self.signature = p.getVarBytes(2) |
p.stopLengthCheck() |
return self |
def write(self): |
w = Writer() |
+ if self.version >= (3,3): |
+ w.add(self.signature_algorithm[0], 1) |
+ w.add(self.signature_algorithm[1], 1) |
w.addVarSeq(self.signature, 1, 2) |
return self.postWrite(w) |
@@ -707,7 +735,7 @@ class Finished(HandshakeMsg): |
p.startLengthCheck(3) |
if self.version == (3,0): |
self.verify_data = p.getFixBytes(36) |
- elif self.version in ((3,1), (3,2)): |
+ elif self.version in ((3,1), (3,2), (3,3)): |
self.verify_data = p.getFixBytes(12) |
else: |
raise AssertionError() |