Extract Certificate Transparency SCTs from stapled OCSP responses

third_party/tlslite/patches/status_request.patch

Index: third_party/tlslite/patches/status_request.patch
diff --git a/third_party/tlslite/patches/status_request.patch b/third_party/tlslite/patches/status_request.patch
new file mode 100644
index 0000000000000000000000000000000000000000..15f01d42809edf3fea8347da8d1f225d08798077
--- /dev/null
+++ b/third_party/tlslite/patches/status_request.patch
@@ -0,0 +1,208 @@
+diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py
+index e6ce187..94ee5eb 100644
+--- a/third_party/tlslite/tlslite/TLSConnection.py
++++ b/third_party/tlslite/tlslite/TLSConnection.py
+@@ -937,8 +937,8 @@ class TLSConnection(TLSRecordLayer):
+                         certChain=None, privateKey=None, reqCert=False,
+                         sessionCache=None, settings=None, checker=None,
+                         reqCAs=None, tlsIntolerant=0,
+-                        signedCertTimestamps=None,
+-                        fallbackSCSV=False):
++                        signedCertTimestamps=None, fallbackSCSV=False,
++                        ocspResponse=None):
+         """Perform a handshake in the role of server.
+ 
+         This function performs an SSL or TLS handshake.  Depending on
+@@ -1014,6 +1014,16 @@ class TLSConnection(TLSRecordLayer):
+         binary 8-bit string) that will be sent as a TLS extension whenever
+         the client announces support for the extension.
+ 
++        @type ocspResponse: str
++        @param ocspResponse: An OCSP response (as a binary 8-bit string) that
++        will be sent stapled in the handshake whenever the client announces
++        support for the status_request extension.
++        Note that the response is sent independent of the ClientHello
++        status_request extension contents, and is thus only meant for testing
++        environments. Real OCSP stapling is more complicated as it requires
++        choosing a suitable response based on the ClientHello status_request
++        extension contents.
++
+         @raise socket.error: If a socket error occurs.
+         @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
+         without a preceding alert.
+@@ -1024,7 +1034,7 @@ class TLSConnection(TLSRecordLayer):
+         for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,
+                 certChain, privateKey, reqCert, sessionCache, settings,
+                 checker, reqCAs, tlsIntolerant, signedCertTimestamps,
+-                fallbackSCSV):
++                fallbackSCSV, ocspResponse):
+             pass
+ 
+ 
+@@ -1033,7 +1043,7 @@ class TLSConnection(TLSRecordLayer):
+                              sessionCache=None, settings=None, checker=None,
+                              reqCAs=None, tlsIntolerant=0,
+                              signedCertTimestamps=None,
+-                             fallbackSCSV=False):
++                             fallbackSCSV=False, ocspResponse=None):
+         """Start a server handshake operation on the TLS connection.
+ 
+         This function returns a generator which behaves similarly to
+@@ -1053,7 +1063,8 @@ class TLSConnection(TLSRecordLayer):
+             reqCAs=reqCAs,
+             tlsIntolerant=tlsIntolerant,
+             signedCertTimestamps=signedCertTimestamps,
+-            fallbackSCSV=fallbackSCSV)
++            fallbackSCSV=fallbackSCSV, ocspResponse=ocspResponse)
++
+         for result in self._handshakeWrapperAsync(handshaker, checker):
+             yield result
+ 
+@@ -1062,7 +1073,7 @@ class TLSConnection(TLSRecordLayer):
+                                     certChain, privateKey, reqCert,
+                                     sessionCache, settings, reqCAs,
+                                     tlsIntolerant, signedCertTimestamps,
+-                                    fallbackSCSV):
++                                    fallbackSCSV, ocspResponse):
+ 
+         self._handshakeStart(client=False)
+ 
+@@ -1439,10 +1450,14 @@ class TLSConnection(TLSRecordLayer):
+                     sessionID, cipherSuite, certificateType)
+             serverHello.channel_id = clientHello.channel_id
+             if clientHello.support_signed_cert_timestamps:
+-                serverHello.signed_cert_timestamps = signedCertTimestamps
++              serverHello.signed_cert_timestamps = signedCertTimestamps
++            serverHello.status_request = (clientHello.status_request and
++                                          ocspResponse)
+             doingChannelID = clientHello.channel_id
+             msgs.append(serverHello)
+             msgs.append(Certificate(certificateType).create(serverCertChain))
++            if serverHello.status_request:
++                msgs.append(CertificateStatus().create(ocspResponse))
+             if reqCert and reqCAs:
+                 msgs.append(CertificateRequest().create([], reqCAs))
+             elif reqCert:
+diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
+index 23e3dcb..d027ef5 100644
+--- a/third_party/tlslite/tlslite/constants.py
++++ b/third_party/tlslite/tlslite/constants.py
+@@ -22,6 +22,7 @@ class HandshakeType:
+     certificate_verify = 15
+     client_key_exchange = 16
+     finished = 20
++    certificate_status = 22
+     encrypted_extensions = 203
+ 
+ class ContentType:
+@@ -31,7 +32,11 @@ class ContentType:
+     application_data = 23
+     all = (20,21,22,23)
+ 
++class CertificateStatusType:
++    ocsp = 1
++
+ class ExtensionType:
++    status_request = 5  # OCSP stapling
+     signed_cert_timestamps = 18  # signed_certificate_timestamp in RFC 6962
+     channel_id = 30031
+ 
+diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
+index 296f422..497ef60 100644
+--- a/third_party/tlslite/tlslite/messages.py
++++ b/third_party/tlslite/tlslite/messages.py
+@@ -132,6 +132,7 @@ class ClientHello(HandshakeMsg):
+         self.srp_username = None        # a string
+         self.channel_id = False
+         self.support_signed_cert_timestamps = False
++        self.status_request = False
+ 
+     def create(self, version, random, session_id, cipher_suites,
+                certificate_types=None, srp_username=None):
+@@ -182,6 +183,19 @@ class ClientHello(HandshakeMsg):
+                         if extLength:
+                             raise SyntaxError()
+                         self.support_signed_cert_timestamps = True
++                    elif extType == ExtensionType.status_request:
++                        # Extension contents are currently ignored.
++                        # According to RFC 6066, this is not strictly forbidden
++                        # (although it is suboptimal):
++                        # Servers that receive a client hello containing the
++                        # "status_request" extension MAY return a suitable
++                        # certificate status response to the client along with
++                        # their certificate.  If OCSP is requested, they
++                        # SHOULD use the information contained in the extension
++                        # when selecting an OCSP responder and SHOULD include
++                        # request_extensions in the OCSP request.
++                        p.getFixBytes(extLength)
++                        self.status_request = True
+                     else:
+                         p.getFixBytes(extLength)
+                     soFar += 4 + extLength
+@@ -230,6 +244,7 @@ class ServerHello(HandshakeMsg):
+         self.compression_method = 0
+         self.channel_id = False
+         self.signed_cert_timestamps = None
++        self.status_request = False
+ 
+     def create(self, version, random, session_id, cipher_suite,
+                certificate_type):
+@@ -282,6 +297,9 @@ class ServerHello(HandshakeMsg):
+         if self.signed_cert_timestamps:
+             extLength += 4 + len(self.signed_cert_timestamps)
+ 
++        if self.status_request:
++            extLength += 4
++
+         if extLength != 0:
+             w.add(extLength, 2)
+ 
+@@ -299,6 +317,10 @@ class ServerHello(HandshakeMsg):
+             w.add(ExtensionType.signed_cert_timestamps, 2)
+             w.addVarSeq(stringToBytes(self.signed_cert_timestamps), 1, 2)
+ 
++        if self.status_request:
++            w.add(ExtensionType.status_request, 2)
++            w.add(0, 2)
++
+         return HandshakeMsg.postWrite(self, w, trial)
+ 
+ class Certificate(HandshakeMsg):
+@@ -367,6 +389,37 @@ class Certificate(HandshakeMsg):
+             raise AssertionError()
+         return HandshakeMsg.postWrite(self, w, trial)
+ 
++class CertificateStatus(HandshakeMsg):
++    def __init__(self):
++        self.contentType = ContentType.handshake
++
++    def create(self, ocsp_response):
++        self.ocsp_response = ocsp_response
++        return self
++
++    # Defined for the sake of completeness, even though we currently only
++    # support sending the status message (server-side), not requesting
++    # or receiving it (client-side).
++    def parse(self, p):
++        p.startLengthCheck(3)
++        status_type = p.get(1)
++        # Only one type is specified, so hardwire it.
++        if status_type != CertificateStatusType.ocsp:
++            raise SyntaxError()
++        ocsp_response = p.getVarBytes(3)
++        if not ocsp_response:
++            # Can't be empty
++            raise SyntaxError()
++        self.ocsp_response = ocsp_response
++        return self
++
++    def write(self, trial=False):
++        w = HandshakeMsg.preWrite(self, HandshakeType.certificate_status,
++                                  trial)
++        w.add(CertificateStatusType.ocsp, 1)
++        w.addVarSeq(stringToBytes(self.ocsp_response), 1, 3)
++        return HandshakeMsg.postWrite(self, w, trial)
++
+ class CertificateRequest(HandshakeMsg):
+     def __init__(self):
+         self.contentType = ContentType.handshake