Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / third_party / tlslite / patches / dhe_rsa.patch
blob40218a412a561013f79e4fd70d06f5eb20b3cba3
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
2 index 1a1ace9..d2d50c5 100644
3 --- a/third_party/tlslite/tlslite/constants.py
4 +++ b/third_party/tlslite/tlslite/constants.py
5 @@ -54,6 +54,20 @@ class ExtensionType: # RFC 6066 / 4366
6 tack = 0xF300
7 supports_npn = 13172
8 channel_id = 30032
10 +class HashAlgorithm:
11 + none = 0
12 + md5 = 1
13 + sha1 = 2
14 + sha224 = 3
15 + sha256 = 4
16 + sha384 = 5
18 +class SignatureAlgorithm:
19 + anonymous = 0
20 + rsa = 1
21 + dsa = 2
22 + ecdsa = 3
24 class NameType:
25 host_name = 0
26 @@ -144,30 +158,42 @@ class CipherSuite:
28 TLS_RSA_WITH_RC4_128_MD5 = 0x0004
30 + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016
31 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033
32 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039
34 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034
35 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A
37 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C
38 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D
40 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067
41 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B
43 tripleDESSuites = []
44 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
45 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
46 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
47 + tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
49 aes128Suites = []
50 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
51 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
52 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
53 + aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
54 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
55 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256)
56 + aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
58 aes256Suites = []
59 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
60 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
61 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
62 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
63 + aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
64 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256)
65 + aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
67 rc4Suites = []
68 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA)
69 @@ -184,12 +210,18 @@ class CipherSuite:
70 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
71 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
72 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA)
73 + shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
74 + shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
75 + shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
76 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
77 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
79 sha256Suites = []
80 sha256Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256)
81 sha256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256)
82 + sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
83 + sha256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
86 md5Suites = []
87 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5)
88 @@ -198,6 +230,7 @@ class CipherSuite:
89 def _filterSuites(suites, settings):
90 macNames = settings.macNames
91 cipherNames = settings.cipherNames
92 + keyExchangeNames = settings.keyExchangeNames
93 macSuites = []
94 if "sha" in macNames:
95 macSuites += CipherSuite.shaSuites
96 @@ -216,7 +249,20 @@ class CipherSuite:
97 if "rc4" in cipherNames:
98 cipherSuites += CipherSuite.rc4Suites
100 - return [s for s in suites if s in macSuites and s in cipherSuites]
101 + keyExchangeSuites = []
102 + if "rsa" in keyExchangeNames:
103 + keyExchangeSuites += CipherSuite.certSuites
104 + if "dhe_rsa" in keyExchangeNames:
105 + keyExchangeSuites += CipherSuite.dheCertSuites
106 + if "srp_sha" in keyExchangeNames:
107 + keyExchangeSuites += CipherSuite.srpSuites
108 + if "srp_sha_rsa" in keyExchangeNames:
109 + keyExchangeSuites += CipherSuite.srpCertSuites
110 + if "dh_anon" in keyExchangeNames:
111 + keyExchangeSuites += CipherSuite.anonSuites
113 + return [s for s in suites if s in macSuites and
114 + s in cipherSuites and s in keyExchangeSuites]
116 srpSuites = []
117 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
118 @@ -250,12 +296,24 @@ class CipherSuite:
119 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
120 certSuites.append(TLS_RSA_WITH_RC4_128_SHA)
121 certSuites.append(TLS_RSA_WITH_RC4_128_MD5)
122 - certAllSuites = srpCertSuites + certSuites
124 @staticmethod
125 def getCertSuites(settings):
126 return CipherSuite._filterSuites(CipherSuite.certSuites, settings)
128 + dheCertSuites = []
129 + dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
130 + dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
131 + dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
132 + dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
133 + dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
135 + @staticmethod
136 + def getDheCertSuites(settings):
137 + return CipherSuite._filterSuites(CipherSuite.dheCertSuites, settings)
139 + certAllSuites = srpCertSuites + certSuites + dheCertSuites
141 anonSuites = []
142 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
143 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
144 @@ -264,6 +322,8 @@ class CipherSuite:
145 def getAnonSuites(settings):
146 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings)
148 + dhAllSuites = dheCertSuites + anonSuites
150 @staticmethod
151 def canonicalCipherName(ciphersuite):
152 "Return the canonical name of the cipher whose number is provided."
153 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
154 index ee37c30..7998e2e 100644
155 --- a/third_party/tlslite/tlslite/handshakesettings.py
156 +++ b/third_party/tlslite/tlslite/handshakesettings.py
157 @@ -14,7 +14,9 @@ from .utils import cipherfactory
158 # RC4 is preferred as faster in Python, works in SSL3, and immune to CBC
159 # issues such as timing attacks
160 CIPHER_NAMES = ["rc4", "aes256", "aes128", "3des"]
161 -MAC_NAMES = ["sha", "sha256"] # "md5" is allowed
162 +MAC_NAMES = ["sha", "sha256"] # Don't allow "md5" by default.
163 +ALL_MAC_NAMES = ["sha", "sha256", "md5"]
164 +KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"]
165 CIPHER_IMPLEMENTATIONS = ["openssl", "pycrypto", "python"]
166 CERTIFICATE_TYPES = ["x509"]
168 @@ -101,6 +103,7 @@ class HandshakeSettings(object):
169 self.maxKeySize = 8193
170 self.cipherNames = CIPHER_NAMES
171 self.macNames = MAC_NAMES
172 + self.keyExchangeNames = KEY_EXCHANGE_NAMES
173 self.cipherImplementations = CIPHER_IMPLEMENTATIONS
174 self.certificateTypes = CERTIFICATE_TYPES
175 self.minVersion = (3,1)
176 @@ -115,6 +118,7 @@ class HandshakeSettings(object):
177 other.maxKeySize = self.maxKeySize
178 other.cipherNames = self.cipherNames
179 other.macNames = self.macNames
180 + other.keyExchangeNames = self.keyExchangeNames
181 other.cipherImplementations = self.cipherImplementations
182 other.certificateTypes = self.certificateTypes
183 other.minVersion = self.minVersion
184 @@ -147,6 +151,12 @@ class HandshakeSettings(object):
185 for s in other.cipherNames:
186 if s not in CIPHER_NAMES:
187 raise ValueError("Unknown cipher name: '%s'" % s)
188 + for s in other.macNames:
189 + if s not in ALL_MAC_NAMES:
190 + raise ValueError("Unknown MAC name: '%s'" % s)
191 + for s in other.keyExchangeNames:
192 + if s not in KEY_EXCHANGE_NAMES:
193 + raise ValueError("Unknown key exchange name: '%s'" % s)
194 for s in other.cipherImplementations:
195 if s not in CIPHER_IMPLEMENTATIONS:
196 raise ValueError("Unknown cipher implementation: '%s'" % s)
197 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
198 index 9a8e5f6..8b77ee6 100644
199 --- a/third_party/tlslite/tlslite/messages.py
200 +++ b/third_party/tlslite/tlslite/messages.py
201 @@ -500,9 +500,10 @@ class CertificateRequest(HandshakeMsg):
202 return self.postWrite(w)
204 class ServerKeyExchange(HandshakeMsg):
205 - def __init__(self, cipherSuite):
206 + def __init__(self, cipherSuite, version):
207 HandshakeMsg.__init__(self, HandshakeType.server_key_exchange)
208 self.cipherSuite = cipherSuite
209 + self.version = version
210 self.srp_N = 0
211 self.srp_g = 0
212 self.srp_s = bytearray(0)
213 @@ -542,31 +543,38 @@ class ServerKeyExchange(HandshakeMsg):
214 p.stopLengthCheck()
215 return self
217 - def write(self):
218 + def write_params(self):
219 w = Writer()
220 if self.cipherSuite in CipherSuite.srpAllSuites:
221 w.addVarSeq(numberToByteArray(self.srp_N), 1, 2)
222 w.addVarSeq(numberToByteArray(self.srp_g), 1, 2)
223 w.addVarSeq(self.srp_s, 1, 1)
224 w.addVarSeq(numberToByteArray(self.srp_B), 1, 2)
225 - if self.cipherSuite in CipherSuite.srpCertSuites:
226 - w.addVarSeq(self.signature, 1, 2)
227 - elif self.cipherSuite in CipherSuite.anonSuites:
228 + elif self.cipherSuite in CipherSuite.dhAllSuites:
229 w.addVarSeq(numberToByteArray(self.dh_p), 1, 2)
230 w.addVarSeq(numberToByteArray(self.dh_g), 1, 2)
231 w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2)
232 - if self.cipherSuite in []: # TODO support for signed_params
233 - w.addVarSeq(self.signature, 1, 2)
234 + else:
235 + assert(False)
236 + return w.bytes
238 + def write(self):
239 + w = Writer()
240 + w.bytes += self.write_params()
241 + if self.cipherSuite in CipherSuite.certAllSuites:
242 + if self.version >= (3,3):
243 + # TODO: Signature algorithm negotiation not supported.
244 + w.add(HashAlgorithm.sha1, 1)
245 + w.add(SignatureAlgorithm.rsa, 1)
246 + w.addVarSeq(self.signature, 1, 2)
247 return self.postWrite(w)
249 def hash(self, clientRandom, serverRandom):
250 - oldCipherSuite = self.cipherSuite
251 - self.cipherSuite = None
252 - try:
253 - bytes = clientRandom + serverRandom + self.write()[4:]
254 - return MD5(bytes) + SHA1(bytes)
255 - finally:
256 - self.cipherSuite = oldCipherSuite
257 + bytes = clientRandom + serverRandom + self.write_params()
258 + if self.version >= (3,3):
259 + # TODO: Signature algorithm negotiation not supported.
260 + return SHA1(bytes)
261 + return MD5(bytes) + SHA1(bytes)
263 class ServerHelloDone(HandshakeMsg):
264 def __init__(self):
265 @@ -616,7 +624,7 @@ class ClientKeyExchange(HandshakeMsg):
266 p.getFixBytes(len(p.bytes)-p.index)
267 else:
268 raise AssertionError()
269 - elif self.cipherSuite in CipherSuite.anonSuites:
270 + elif self.cipherSuite in CipherSuite.dhAllSuites:
271 self.dh_Yc = bytesToNumber(p.getVarBytes(2))
272 else:
273 raise AssertionError()
274 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
275 index 5d508ed..f6d13d4 100644
276 --- a/third_party/tlslite/tlslite/tlsconnection.py
277 +++ b/third_party/tlslite/tlslite/tlsconnection.py
278 @@ -23,7 +23,109 @@ from .messages import *
279 from .mathtls import *
280 from .handshakesettings import HandshakeSettings
281 from .utils.tackwrapper import *
282 +from .utils.rsakey import RSAKey
284 +class KeyExchange(object):
285 + def __init__(self, cipherSuite, clientHello, serverHello, privateKey):
286 + """
287 + Initializes the KeyExchange. privateKey is the signing private key.
288 + """
289 + self.cipherSuite = cipherSuite
290 + self.clientHello = clientHello
291 + self.serverHello = serverHello
292 + self.privateKey = privateKey
294 + def makeServerKeyExchange():
295 + """
296 + Returns a ServerKeyExchange object for the server's initial leg in the
297 + handshake. If the key exchange method does not send ServerKeyExchange
298 + (e.g. RSA), it returns None.
299 + """
300 + raise NotImplementedError()
302 + def processClientKeyExchange(clientKeyExchange):
303 + """
304 + Processes the client's ClientKeyExchange message and returns the
305 + premaster secret. Raises TLSLocalAlert on error.
306 + """
307 + raise NotImplementedError()
309 +class RSAKeyExchange(KeyExchange):
310 + def makeServerKeyExchange(self):
311 + return None
313 + def processClientKeyExchange(self, clientKeyExchange):
314 + premasterSecret = self.privateKey.decrypt(\
315 + clientKeyExchange.encryptedPreMasterSecret)
317 + # On decryption failure randomize premaster secret to avoid
318 + # Bleichenbacher's "million message" attack
319 + randomPreMasterSecret = getRandomBytes(48)
320 + if not premasterSecret:
321 + premasterSecret = randomPreMasterSecret
322 + elif len(premasterSecret)!=48:
323 + premasterSecret = randomPreMasterSecret
324 + else:
325 + versionCheck = (premasterSecret[0], premasterSecret[1])
326 + if versionCheck != self.clientHello.client_version:
327 + #Tolerate buggy IE clients
328 + if versionCheck != self.serverHello.server_version:
329 + premasterSecret = randomPreMasterSecret
330 + return premasterSecret
332 +def _hexStringToNumber(s):
333 + s = s.replace(" ", "").replace("\n", "")
334 + if len(s) % 2 != 0:
335 + raise ValueError("Length is not even")
336 + return bytesToNumber(bytearray(s.decode("hex")))
338 +class DHE_RSAKeyExchange(KeyExchange):
339 + # 2048-bit MODP Group (RFC 3526, Section 3)
340 + dh_p = _hexStringToNumber("""
341 +FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
342 +29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
343 +EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
344 +E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
345 +EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D
346 +C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F
347 +83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
348 +670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B
349 +E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9
350 +DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
351 +15728E5A 8AACAA68 FFFFFFFF FFFFFFFF""")
352 + dh_g = 2
354 + # RFC 3526, Section 8.
355 + strength = 160
357 + def makeServerKeyExchange(self):
358 + # Per RFC 3526, Section 1, the exponent should have double the entropy
359 + # of the strength of the curve.
360 + self.dh_Xs = bytesToNumber(getRandomBytes(self.strength * 2 / 8))
361 + dh_Ys = powMod(self.dh_g, self.dh_Xs, self.dh_p)
363 + version = self.serverHello.server_version
364 + serverKeyExchange = ServerKeyExchange(self.cipherSuite, version)
365 + serverKeyExchange.createDH(self.dh_p, self.dh_g, dh_Ys)
366 + hashBytes = serverKeyExchange.hash(self.clientHello.random,
367 + self.serverHello.random)
368 + if version >= (3,3):
369 + # TODO: Signature algorithm negotiation not supported.
370 + hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes)
371 + serverKeyExchange.signature = self.privateKey.sign(hashBytes)
372 + return serverKeyExchange
374 + def processClientKeyExchange(self, clientKeyExchange):
375 + dh_Yc = clientKeyExchange.dh_Yc
377 + # First half of RFC 2631, Section 2.1.5. Validate the client's public
378 + # key.
379 + if not 2 <= dh_Yc <= self.dh_p - 1:
380 + raise TLSLocalAlert(AlertDescription.illegal_parameter,
381 + "Invalid dh_Yc value")
383 + S = powMod(dh_Yc, self.dh_Xs, self.dh_p)
384 + return numberToByteArray(S)
386 class TLSConnection(TLSRecordLayer):
388 @@ -500,6 +602,8 @@ class TLSConnection(TLSRecordLayer):
389 if srpParams:
390 cipherSuites += CipherSuite.getSrpAllSuites(settings)
391 elif certParams:
392 + # TODO: Client DHE_RSA not supported.
393 + # cipherSuites += CipherSuite.getDheCertSuites(settings)
394 cipherSuites += CipherSuite.getCertSuites(settings)
395 elif anonParams:
396 cipherSuites += CipherSuite.getAnonSuites(settings)
397 @@ -1207,10 +1311,23 @@ class TLSConnection(TLSRecordLayer):
398 else: break
399 premasterSecret = result
401 - # Perform the RSA key exchange
402 - elif cipherSuite in CipherSuite.certSuites:
403 + # Perform the RSA or DHE_RSA key exchange
404 + elif (cipherSuite in CipherSuite.certSuites or
405 + cipherSuite in CipherSuite.dheCertSuites):
406 + if cipherSuite in CipherSuite.certSuites:
407 + keyExchange = RSAKeyExchange(cipherSuite,
408 + clientHello,
409 + serverHello,
410 + privateKey)
411 + elif cipherSuite in CipherSuite.dheCertSuites:
412 + keyExchange = DHE_RSAKeyExchange(cipherSuite,
413 + clientHello,
414 + serverHello,
415 + privateKey)
416 + else:
417 + assert(False)
418 for result in self._serverCertKeyExchange(clientHello, serverHello,
419 - certChain, privateKey,
420 + certChain, keyExchange,
421 reqCert, reqCAs, cipherSuite,
422 settings, ocspResponse):
423 if result in (0,1): yield result
424 @@ -1270,6 +1387,7 @@ class TLSConnection(TLSRecordLayer):
425 CipherSuite.getSrpCertSuites(settings)
426 cipherSuites += CipherSuite.getSrpSuites(settings)
427 elif certChain:
428 + cipherSuites += CipherSuite.getDheCertSuites(settings)
429 cipherSuites += CipherSuite.getCertSuites(settings)
430 elif anon:
431 cipherSuites += CipherSuite.getAnonSuites(settings)
432 @@ -1440,7 +1558,7 @@ class TLSConnection(TLSRecordLayer):
433 B = (powMod(g, b, N) + (k*v)) % N
435 #Create ServerKeyExchange, signing it if necessary
436 - serverKeyExchange = ServerKeyExchange(cipherSuite)
437 + serverKeyExchange = ServerKeyExchange(cipherSuite, self.version)
438 serverKeyExchange.createSRP(N, g, s, B)
439 if cipherSuite in CipherSuite.srpCertSuites:
440 hashBytes = serverKeyExchange.hash(clientHello.random,
441 @@ -1488,11 +1606,11 @@ class TLSConnection(TLSRecordLayer):
444 def _serverCertKeyExchange(self, clientHello, serverHello,
445 - serverCertChain, privateKey,
446 + serverCertChain, keyExchange,
447 reqCert, reqCAs, cipherSuite,
448 settings, ocspResponse):
449 - #Send ServerHello, Certificate[, CertificateRequest],
450 - #ServerHelloDone
451 + #Send ServerHello, Certificate[, ServerKeyExchange]
452 + #[, CertificateRequest], ServerHelloDone
453 msgs = []
455 # If we verify a client cert chain, return it
456 @@ -1502,6 +1620,9 @@ class TLSConnection(TLSRecordLayer):
457 msgs.append(Certificate(CertificateType.x509).create(serverCertChain))
458 if serverHello.status_request:
459 msgs.append(CertificateStatus().create(ocspResponse))
460 + serverKeyExchange = keyExchange.makeServerKeyExchange()
461 + if serverKeyExchange is not None:
462 + msgs.append(serverKeyExchange)
463 if reqCert and reqCAs:
464 msgs.append(CertificateRequest().create(\
465 [ClientCertificateType.rsa_sign], reqCAs))
466 @@ -1560,21 +1681,13 @@ class TLSConnection(TLSRecordLayer):
467 else: break
468 clientKeyExchange = result
470 - #Decrypt ClientKeyExchange
471 - premasterSecret = privateKey.decrypt(\
472 - clientKeyExchange.encryptedPreMasterSecret)
474 - # On decryption failure randomize premaster secret to avoid
475 - # Bleichenbacher's "million message" attack
476 - randomPreMasterSecret = getRandomBytes(48)
477 - versionCheck = (premasterSecret[0], premasterSecret[1])
478 - if not premasterSecret:
479 - premasterSecret = randomPreMasterSecret
480 - elif len(premasterSecret)!=48:
481 - premasterSecret = randomPreMasterSecret
482 - elif versionCheck != clientHello.client_version:
483 - if versionCheck != self.version: #Tolerate buggy IE clients
484 - premasterSecret = randomPreMasterSecret
485 + #Process ClientKeyExchange
486 + try:
487 + premasterSecret = \
488 + keyExchange.processClientKeyExchange(clientKeyExchange)
489 + except TLSLocalAlert, alert:
490 + for result in self._sendError(alert.description, alert.message):
491 + yield result
493 #Get and check CertificateVerify, if relevant
494 if clientCertChain:
495 @@ -1622,7 +1735,7 @@ class TLSConnection(TLSRecordLayer):
496 dh_Ys = powMod(dh_g, dh_Xs, dh_p)
498 #Create ServerKeyExchange
499 - serverKeyExchange = ServerKeyExchange(cipherSuite)
500 + serverKeyExchange = ServerKeyExchange(cipherSuite, self.version)
501 serverKeyExchange.createDH(dh_p, dh_g, dh_Ys)
503 #Send ServerHello[, Certificate], ServerKeyExchange,
504 diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
505 index 01ff3e9..6ef3895 100644
506 --- a/third_party/tlslite/tlslite/tlsrecordlayer.py
507 +++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
508 @@ -796,7 +796,8 @@ class TLSRecordLayer(object):
509 elif subType == HandshakeType.certificate_verify:
510 yield CertificateVerify().parse(p)
511 elif subType == HandshakeType.server_key_exchange:
512 - yield ServerKeyExchange(constructorType).parse(p)
513 + yield ServerKeyExchange(constructorType,
514 + self.version).parse(p)
515 elif subType == HandshakeType.server_hello_done:
516 yield ServerHelloDone().parse(p)
517 elif subType == HandshakeType.client_key_exchange:
518 diff --git a/third_party/tlslite/tlslite/utils/rsakey.py b/third_party/tlslite/tlslite/utils/rsakey.py
519 index 3f2100e..fb022cc 100644
520 --- a/third_party/tlslite/tlslite/utils/rsakey.py
521 +++ b/third_party/tlslite/tlslite/utils/rsakey.py
522 @@ -60,7 +60,7 @@ class RSAKey(object):
523 @return: A PKCS1-SHA1 signature on the passed-in data.
525 hashBytes = SHA1(bytearray(bytes))
526 - prefixedHashBytes = self._addPKCS1SHA1Prefix(hashBytes)
527 + prefixedHashBytes = self.addPKCS1SHA1Prefix(hashBytes)
528 sigBytes = self.sign(prefixedHashBytes)
529 return sigBytes
531 @@ -81,8 +81,8 @@ class RSAKey(object):
532 hashBytes = SHA1(bytearray(bytes))
534 # Try it with/without the embedded NULL
535 - prefixedHashBytes1 = self._addPKCS1SHA1Prefix(hashBytes, False)
536 - prefixedHashBytes2 = self._addPKCS1SHA1Prefix(hashBytes, True)
537 + prefixedHashBytes1 = self.addPKCS1SHA1Prefix(hashBytes, False)
538 + prefixedHashBytes2 = self.addPKCS1SHA1Prefix(hashBytes, True)
539 result1 = self.verify(sigBytes, prefixedHashBytes1)
540 result2 = self.verify(sigBytes, prefixedHashBytes2)
541 return (result1 or result2)
542 @@ -221,7 +221,8 @@ class RSAKey(object):
543 # Helper Functions for RSA Keys
544 # **************************************************************************
546 - def _addPKCS1SHA1Prefix(self, bytes, withNULL=True):
547 + @staticmethod
548 + def addPKCS1SHA1Prefix(bytes, withNULL=True):
549 # There is a long history of confusion over whether the SHA1
550 # algorithmIdentifier should be encoded with a NULL parameter or
551 # with the parameter omitted. While the original intention was
552 @@ -229,8 +230,7 @@ class RSAKey(object):
553 # specifies the NULL should be included, and this behavior is also
554 # mandated in recent versions of PKCS #1, and is what tlslite has
555 # always implemented. Anyways, verification code should probably
556 - # accept both. However, nothing uses this code yet, so this is
557 - # all fairly moot.
558 + # accept both.
559 if not withNULL:
560 prefixBytes = bytearray(\
561 [0x30,0x1f,0x30,0x07,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x04,0x14])