search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / third_party / tlslite / patches / extended_master_secret.patch
blobb6ad58ddfd5e17cc98ed4c75786fc4128d41946a
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
2 index 6d78a20..f9c8676 100644
3 --- a/third_party/tlslite/tlslite/constants.py
4 +++ b/third_party/tlslite/tlslite/constants.py
5 @@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366
6 srp = 12 # RFC 5054
7 cert_type = 9 # RFC 6091
8 signed_cert_timestamps = 18 # RFC 6962
9 + extended_master_secret = 23 # draft-ietf-tls-session-hash-06
10 tack = 0xF300
11 supports_npn = 13172
12 channel_id = 30032
13 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
14 index 605ed42..a7b6ab9 100644
15 --- a/third_party/tlslite/tlslite/handshakesettings.py
16 +++ b/third_party/tlslite/tlslite/handshakesettings.py
17 @@ -111,6 +111,10 @@ class HandshakeSettings(object):
18 @type alertAfterHandshake: bool
19 @ivar alertAfterHandshake: If true, the server will send a fatal
20 alert immediately after the handshake completes.
21 +
22 + @type enableExtendedMasterSecret: bool
23 + @ivar enableExtendedMasterSecret: If true, the server supports the extended
24 + master secret TLS extension and will negotiated it with supporting clients.
25
26 Note that TACK support is not standardized by IETF and uses a temporary
27 TLS Extension number, so should NOT be used in production software.
28 @@ -129,6 +133,7 @@ class HandshakeSettings(object):
29 self.tlsIntoleranceType = 'alert'
30 self.useExperimentalTackExtension = False
31 self.alertAfterHandshake = False
32 + self.enableExtendedMasterSecret = True
33
34 # Validates the min/max fields, and certificateTypes
35 # Filters out unsupported cipherNames and cipherImplementations
36 @@ -146,6 +151,7 @@ class HandshakeSettings(object):
37 other.tlsIntolerant = self.tlsIntolerant
38 other.tlsIntoleranceType = self.tlsIntoleranceType
39 other.alertAfterHandshake = self.alertAfterHandshake
40 + other.enableExtendedMasterSecret = self.enableExtendedMasterSecret
41
42 if not cipherfactory.tripleDESPresent:
43 other.cipherNames = [e for e in self.cipherNames if e != "3des"]
44 diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslite/mathtls.py
45 index 60a331a..0a23fe1 100644
46 --- a/third_party/tlslite/tlslite/mathtls.py
47 +++ b/third_party/tlslite/tlslite/mathtls.py
48 @@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length):
49 index += 1
50 return bytes
51
52 -def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):
53 +def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom,
54 + handshakeHash, useExtendedMasterSecret):
55 + label = b"master secret"
56 + seed = clientRandom + serverRandom
57 + if useExtendedMasterSecret:
58 + label = b"extended master secret"
59 + seed = handshakeHash
60 +
61 if version == (3,0):
62 - masterSecret = PRF_SSL(premasterSecret,
63 - clientRandom + serverRandom, 48)
64 + masterSecret = PRF_SSL(premasterSecret, seed, 48)
65 elif version in ((3,1), (3,2)):
66 - masterSecret = PRF(premasterSecret, b"master secret",
67 - clientRandom + serverRandom, 48)
68 + masterSecret = PRF(premasterSecret, label, seed, 48)
69 elif version == (3,3):
70 - masterSecret = PRF_1_2(premasterSecret, b"master secret",
71 - clientRandom + serverRandom, 48)
72 + masterSecret = PRF_1_2(premasterSecret, label, seed, 48)
73 else:
74 raise AssertionError()
75 return masterSecret
76 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
77 index 9aeff6d..9b553ce 100644
78 --- a/third_party/tlslite/tlslite/messages.py
79 +++ b/third_party/tlslite/tlslite/messages.py
80 @@ -114,6 +114,7 @@ class ClientHello(HandshakeMsg):
81 self.supports_npn = False
82 self.server_name = bytearray(0)
83 self.channel_id = False
84 + self.extended_master_secret = False
85 self.support_signed_cert_timestamps = False
86 self.status_request = False
87
88 @@ -185,6 +186,8 @@ class ClientHello(HandshakeMsg):
89 break
90 elif extType == ExtensionType.channel_id:
91 self.channel_id = True
92 + elif extType == ExtensionType.extended_master_secret:
93 + self.extended_master_secret = True
94 elif extType == ExtensionType.signed_cert_timestamps:
95 if extLength:
96 raise SyntaxError()
97 @@ -267,6 +270,7 @@ class ServerHello(HandshakeMsg):
98 self.next_protos_advertised = None
99 self.next_protos = None
100 self.channel_id = False
101 + self.extended_master_secret = False
102 self.signed_cert_timestamps = None
103 self.status_request = False
104
105 @@ -358,6 +362,9 @@ class ServerHello(HandshakeMsg):
106 if self.channel_id:
107 w2.add(ExtensionType.channel_id, 2)
108 w2.add(0, 2)
109 + if self.extended_master_secret:
110 + w2.add(ExtensionType.extended_master_secret, 2)
111 + w2.add(0, 2)
112 if self.signed_cert_timestamps:
113 w2.add(ExtensionType.signed_cert_timestamps, 2)
114 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)
115 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
116 index dfac274..04161513 100644
117 --- a/third_party/tlslite/tlslite/tlsconnection.py
118 +++ b/third_party/tlslite/tlslite/tlsconnection.py
119 @@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer):
120 masterSecret = calcMasterSecret(self.version,
121 premasterSecret,
122 clientRandom,
123 - serverRandom)
124 + serverRandom,
125 + b"", False)
126 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
127 elif self.version in ((3,1), (3,2)):
128 verifyBytes = self._handshake_md5.digest() + \
129 @@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer):
130 cipherSuite, cipherImplementations, nextProto):
131
132 masterSecret = calcMasterSecret(self.version, premasterSecret,
133 - clientRandom, serverRandom)
134 + clientRandom, serverRandom, b"", False)
135 self._calcPendingStates(cipherSuite, masterSecret,
136 clientRandom, serverRandom,
137 cipherImplementations)
138 @@ -1326,6 +1327,9 @@ class TLSConnection(TLSRecordLayer):
139 cipherSuite, CertificateType.x509, tackExt,
140 nextProtos)
141 serverHello.channel_id = clientHello.channel_id
142 + serverHello.extended_master_secret = \
143 + clientHello.extended_master_secret and \
144 + settings.enableExtendedMasterSecret
145 if clientHello.support_signed_cert_timestamps:
146 serverHello.signed_cert_timestamps = signedCertTimestamps
147 if clientHello.status_request:
148 @@ -1383,7 +1387,8 @@ class TLSConnection(TLSRecordLayer):
149 for result in self._serverFinished(premasterSecret,
150 clientHello.random, serverHello.random,
151 cipherSuite, settings.cipherImplementations,
152 - nextProtos, clientHello.channel_id):
153 + nextProtos, clientHello.channel_id,
154 + serverHello.extended_master_secret):
155 if result in (0,1): yield result
156 else: break
157 masterSecret = result
158 @@ -1523,6 +1528,9 @@ class TLSConnection(TLSRecordLayer):
159 serverHello.create(self.version, getRandomBytes(32),
160 session.sessionID, session.cipherSuite,
161 CertificateType.x509, None, None)
162 + serverHello.extended_master_secret = \
163 + clientHello.extended_master_secret and \
164 + settings.enableExtendedMasterSecret
165 for result in self._sendMsg(serverHello):
166 yield result
167
168 @@ -1743,7 +1751,8 @@ class TLSConnection(TLSRecordLayer):
169 if clientCertChain:
170 if self.version == (3,0):
171 masterSecret = calcMasterSecret(self.version, premasterSecret,
172 - clientHello.random, serverHello.random)
173 + clientHello.random, serverHello.random,
174 + b"", False)
175 verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
176 elif self.version in ((3,1), (3,2)):
177 verifyBytes = self._handshake_md5.digest() + \
178 @@ -1827,9 +1836,11 @@ class TLSConnection(TLSRecordLayer):
179
180 def _serverFinished(self, premasterSecret, clientRandom, serverRandom,
181 cipherSuite, cipherImplementations, nextProtos,
182 - doingChannelID):
183 + doingChannelID, useExtendedMasterSecret):
184 masterSecret = calcMasterSecret(self.version, premasterSecret,
185 - clientRandom, serverRandom)
186 + clientRandom, serverRandom,
187 + self._ems_handshake_hash,
188 + useExtendedMasterSecret)
189
190 #Calculate pending connection states
191 self._calcPendingStates(cipherSuite, masterSecret,
192 diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
193 index c3bcd8c..d2320b8 100644
194 --- a/third_party/tlslite/tlslite/tlsrecordlayer.py
195 +++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
196 @@ -119,6 +119,7 @@ class TLSRecordLayer(object):
197 self._handshake_md5 = hashlib.md5()
198 self._handshake_sha = hashlib.sha1()
199 self._handshake_sha256 = hashlib.sha256()
200 + self._ems_handshake_hash = b""
201
202 #TLS Protocol Version
203 self.version = (0,0) #read-only
204 @@ -814,6 +815,8 @@ class TLSRecordLayer(object):
205 self._handshake_md5.update(compat26Str(p.bytes))
206 self._handshake_sha.update(compat26Str(p.bytes))
207 self._handshake_sha256.update(compat26Str(p.bytes))
208 + if subType == HandshakeType.client_key_exchange:
209 + self._ems_handshake_hash = self._getHandshakeHash()
210
211 #Parse based on handshake type
212 if subType == HandshakeType.client_hello:
213 @@ -1112,6 +1115,7 @@ class TLSRecordLayer(object):
214 self._handshake_md5 = hashlib.md5()
215 self._handshake_sha = hashlib.sha1()
216 self._handshake_sha256 = hashlib.sha256()
217 + self._ems_handshake_hash = b""
218 self._handshakeBuffer = []
219 self.allegedSrpUsername = None
220 self._refCount = 1
221 @@ -1256,3 +1260,9 @@ class TLSRecordLayer(object):
222
223 return md5Bytes + shaBytes
224
225 + def _getHandshakeHash(self):
226 + if self.version in ((3,1), (3,2)):
227 + return self._handshake_md5.digest() + \
228 + self._handshake_sha.digest()
229 + elif self.version == (3,3):
230 + return self._handshake_sha256.digest()