diff options
| author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-10-13 13:24:50 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-10-14 10:57:25 +0000 |
| commit | af3d4809763ef308f08ced947a73b624729ac7ea (patch) | |
| tree | 4402b911e30383f6c6dace1e8cf3b8e85355db3a /chromium/third_party/tlslite | |
| parent | 0e8ff63a407fe323e215bb1a2c423c09a4747c8a (diff) | |
| download | qtwebengine-chromium-af3d4809763ef308f08ced947a73b624729ac7ea.tar.gz | |
BASELINE: Update Chromium to 47.0.2526.14
Also adding in sources needed for spellchecking.
Change-Id: Idd44170fa1616f26315188970a8d5ba7d472b18a
Reviewed-by: Michael BrĂ¼ning <michael.bruning@theqtcompany.com>
Diffstat (limited to 'chromium/third_party/tlslite')
11 files changed, 512 insertions, 15 deletions
diff --git a/chromium/third_party/tlslite/BUILD.gn b/chromium/third_party/tlslite/BUILD.gn new file mode 100644 index 00000000000..959b0b27145 --- /dev/null +++ b/chromium/third_party/tlslite/BUILD.gn @@ -0,0 +1,12 @@ +# Copyright 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Tlslite is a Python program. Depend on this to get the data deps necessary +# to run tlslite in the test environment. +group("tlslite") { + # For now, depend on the entire directory. + data = [ + "//third_party/tlslite/", + ] +} diff --git a/chromium/third_party/tlslite/README.chromium b/chromium/third_party/tlslite/README.chromium index 4468a08aebb..e995e95b40e 100644 --- a/chromium/third_party/tlslite/README.chromium +++ b/chromium/third_party/tlslite/README.chromium @@ -38,4 +38,10 @@ Local Modifications: unless >= TLS 1.2 is negotiated. - patches/alert_after_handshake.patch: Add an option to send a fatal alert immediately after the handshake completes. -- patches/ecdhe_rsa.patch: Implement ECDHE_RSA-based ciper suites on the server.
\ No newline at end of file +- patches/ecdhe_rsa.patch: Implement ECDHE_RSA-based ciper suites on the server. +- patches/extended_master_secret.patch: Add server support for extended + master secret. +- patches/token_binding_negotiation.patch: Add server support for token + binding negotiation TLS extension (draft-ietf-tokbind-negotiation-00) +- patches/disable_channel_id.patch: Add flag to HandshakeSettings to allow + for disabling channel id. diff --git a/chromium/third_party/tlslite/patches/disable_channel_id.patch b/chromium/third_party/tlslite/patches/disable_channel_id.patch new file mode 100644 index 00000000000..339cdd907fe --- /dev/null +++ b/chromium/third_party/tlslite/patches/disable_channel_id.patch @@ -0,0 +1,53 @@ +diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py +index 8f25f62..d7be5b3 100644 +--- a/third_party/tlslite/tlslite/handshakesettings.py ++++ b/third_party/tlslite/tlslite/handshakesettings.py +@@ -112,6 +112,9 @@ class HandshakeSettings(object): + @ivar alertAfterHandshake: If true, the server will send a fatal + alert immediately after the handshake completes. + ++ @type enableChannelID: bool ++ @ivar enableChannelID: If true, the server supports channel ID. ++ + @type enableExtendedMasterSecret: bool + @ivar enableExtendedMasterSecret: If true, the server supports the extended + master secret TLS extension and will negotiated it with supporting clients. +@@ -140,6 +143,7 @@ class HandshakeSettings(object): + self.tlsIntoleranceType = 'alert' + self.useExperimentalTackExtension = False + self.alertAfterHandshake = False ++ self.enableChannelID = True + self.enableExtendedMasterSecret = True + self.supportedTokenBindingParams = [] + +@@ -159,6 +163,7 @@ class HandshakeSettings(object): + other.tlsIntolerant = self.tlsIntolerant + other.tlsIntoleranceType = self.tlsIntoleranceType + other.alertAfterHandshake = self.alertAfterHandshake ++ other.enableChannelID = self.enableChannelID + other.enableExtendedMasterSecret = self.enableExtendedMasterSecret + other.supportedTokenBindingParams = self.supportedTokenBindingParams + +diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py +index 06404fe..7363a30 100644 +--- a/third_party/tlslite/tlslite/tlsconnection.py ++++ b/third_party/tlslite/tlslite/tlsconnection.py +@@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer): + serverHello.create(self.version, getRandomBytes(32), sessionID, \ + cipherSuite, CertificateType.x509, tackExt, + nextProtos) +- serverHello.channel_id = clientHello.channel_id ++ serverHello.channel_id = \ ++ clientHello.channel_id and settings.enableChannelID + serverHello.extended_master_secret = \ + clientHello.extended_master_secret and \ + settings.enableExtendedMasterSecret +@@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer): + for result in self._serverFinished(premasterSecret, + clientHello.random, serverHello.random, + cipherSuite, settings.cipherImplementations, +- nextProtos, clientHello.channel_id, ++ nextProtos, serverHello.channel_id, + serverHello.extended_master_secret): + if result in (0,1): yield result + else: break diff --git a/chromium/third_party/tlslite/patches/extended_master_secret.patch b/chromium/third_party/tlslite/patches/extended_master_secret.patch new file mode 100644 index 00000000000..b6ad58ddfd5 --- /dev/null +++ b/chromium/third_party/tlslite/patches/extended_master_secret.patch @@ -0,0 +1,230 @@ +diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py +index 6d78a20..f9c8676 100644 +--- a/third_party/tlslite/tlslite/constants.py ++++ b/third_party/tlslite/tlslite/constants.py +@@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366 + srp = 12 # RFC 5054 + cert_type = 9 # RFC 6091 + signed_cert_timestamps = 18 # RFC 6962 ++ extended_master_secret = 23 # draft-ietf-tls-session-hash-06 + tack = 0xF300 + supports_npn = 13172 + channel_id = 30032 +diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py +index 605ed42..a7b6ab9 100644 +--- a/third_party/tlslite/tlslite/handshakesettings.py ++++ b/third_party/tlslite/tlslite/handshakesettings.py +@@ -111,6 +111,10 @@ class HandshakeSettings(object): + @type alertAfterHandshake: bool + @ivar alertAfterHandshake: If true, the server will send a fatal + alert immediately after the handshake completes. ++ ++ @type enableExtendedMasterSecret: bool ++ @ivar enableExtendedMasterSecret: If true, the server supports the extended ++ master secret TLS extension and will negotiated it with supporting clients. + + Note that TACK support is not standardized by IETF and uses a temporary + TLS Extension number, so should NOT be used in production software. +@@ -129,6 +133,7 @@ class HandshakeSettings(object): + self.tlsIntoleranceType = 'alert' + self.useExperimentalTackExtension = False + self.alertAfterHandshake = False ++ self.enableExtendedMasterSecret = True + + # Validates the min/max fields, and certificateTypes + # Filters out unsupported cipherNames and cipherImplementations +@@ -146,6 +151,7 @@ class HandshakeSettings(object): + other.tlsIntolerant = self.tlsIntolerant + other.tlsIntoleranceType = self.tlsIntoleranceType + other.alertAfterHandshake = self.alertAfterHandshake ++ other.enableExtendedMasterSecret = self.enableExtendedMasterSecret + + if not cipherfactory.tripleDESPresent: + other.cipherNames = [e for e in self.cipherNames if e != "3des"] +diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslite/mathtls.py +index 60a331a..0a23fe1 100644 +--- a/third_party/tlslite/tlslite/mathtls.py ++++ b/third_party/tlslite/tlslite/mathtls.py +@@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length): + index += 1 + return bytes + +-def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom): ++def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom, ++ handshakeHash, useExtendedMasterSecret): ++ label = b"master secret" ++ seed = clientRandom + serverRandom ++ if useExtendedMasterSecret: ++ label = b"extended master secret" ++ seed = handshakeHash ++ + if version == (3,0): +- masterSecret = PRF_SSL(premasterSecret, +- clientRandom + serverRandom, 48) ++ masterSecret = PRF_SSL(premasterSecret, seed, 48) + elif version in ((3,1), (3,2)): +- masterSecret = PRF(premasterSecret, b"master secret", +- clientRandom + serverRandom, 48) ++ masterSecret = PRF(premasterSecret, label, seed, 48) + elif version == (3,3): +- masterSecret = PRF_1_2(premasterSecret, b"master secret", +- clientRandom + serverRandom, 48) ++ masterSecret = PRF_1_2(premasterSecret, label, seed, 48) + else: + raise AssertionError() + return masterSecret +diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py +index 9aeff6d..9b553ce 100644 +--- a/third_party/tlslite/tlslite/messages.py ++++ b/third_party/tlslite/tlslite/messages.py +@@ -114,6 +114,7 @@ class ClientHello(HandshakeMsg): + self.supports_npn = False + self.server_name = bytearray(0) + self.channel_id = False ++ self.extended_master_secret = False + self.support_signed_cert_timestamps = False + self.status_request = False + +@@ -185,6 +186,8 @@ class ClientHello(HandshakeMsg): + break + elif extType == ExtensionType.channel_id: + self.channel_id = True ++ elif extType == ExtensionType.extended_master_secret: ++ self.extended_master_secret = True + elif extType == ExtensionType.signed_cert_timestamps: + if extLength: + raise SyntaxError() +@@ -267,6 +270,7 @@ class ServerHello(HandshakeMsg): + self.next_protos_advertised = None + self.next_protos = None + self.channel_id = False ++ self.extended_master_secret = False + self.signed_cert_timestamps = None + self.status_request = False + +@@ -358,6 +362,9 @@ class ServerHello(HandshakeMsg): + if self.channel_id: + w2.add(ExtensionType.channel_id, 2) + w2.add(0, 2) ++ if self.extended_master_secret: ++ w2.add(ExtensionType.extended_master_secret, 2) ++ w2.add(0, 2) + if self.signed_cert_timestamps: + w2.add(ExtensionType.signed_cert_timestamps, 2) + w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) +diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py +index dfac274..04161513 100644 +--- a/third_party/tlslite/tlslite/tlsconnection.py ++++ b/third_party/tlslite/tlslite/tlsconnection.py +@@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer): + masterSecret = calcMasterSecret(self.version, + premasterSecret, + clientRandom, +- serverRandom) ++ serverRandom, ++ b"", False) + verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") + elif self.version in ((3,1), (3,2)): + verifyBytes = self._handshake_md5.digest() + \ +@@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer): + cipherSuite, cipherImplementations, nextProto): + + masterSecret = calcMasterSecret(self.version, premasterSecret, +- clientRandom, serverRandom) ++ clientRandom, serverRandom, b"", False) + self._calcPendingStates(cipherSuite, masterSecret, + clientRandom, serverRandom, + cipherImplementations) +@@ -1326,6 +1327,9 @@ class TLSConnection(TLSRecordLayer): + cipherSuite, CertificateType.x509, tackExt, + nextProtos) + serverHello.channel_id = clientHello.channel_id ++ serverHello.extended_master_secret = \ ++ clientHello.extended_master_secret and \ ++ settings.enableExtendedMasterSecret + if clientHello.support_signed_cert_timestamps: + serverHello.signed_cert_timestamps = signedCertTimestamps + if clientHello.status_request: +@@ -1383,7 +1387,8 @@ class TLSConnection(TLSRecordLayer): + for result in self._serverFinished(premasterSecret, + clientHello.random, serverHello.random, + cipherSuite, settings.cipherImplementations, +- nextProtos, clientHello.channel_id): ++ nextProtos, clientHello.channel_id, ++ serverHello.extended_master_secret): + if result in (0,1): yield result + else: break + masterSecret = result +@@ -1523,6 +1528,9 @@ class TLSConnection(TLSRecordLayer): + serverHello.create(self.version, getRandomBytes(32), + session.sessionID, session.cipherSuite, + CertificateType.x509, None, None) ++ serverHello.extended_master_secret = \ ++ clientHello.extended_master_secret and \ ++ settings.enableExtendedMasterSecret + for result in self._sendMsg(serverHello): + yield result + +@@ -1743,7 +1751,8 @@ class TLSConnection(TLSRecordLayer): + if clientCertChain: + if self.version == (3,0): + masterSecret = calcMasterSecret(self.version, premasterSecret, +- clientHello.random, serverHello.random) ++ clientHello.random, serverHello.random, ++ b"", False) + verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") + elif self.version in ((3,1), (3,2)): + verifyBytes = self._handshake_md5.digest() + \ +@@ -1827,9 +1836,11 @@ class TLSConnection(TLSRecordLayer): + + def _serverFinished(self, premasterSecret, clientRandom, serverRandom, + cipherSuite, cipherImplementations, nextProtos, +- doingChannelID): ++ doingChannelID, useExtendedMasterSecret): + masterSecret = calcMasterSecret(self.version, premasterSecret, +- clientRandom, serverRandom) ++ clientRandom, serverRandom, ++ self._ems_handshake_hash, ++ useExtendedMasterSecret) + + #Calculate pending connection states + self._calcPendingStates(cipherSuite, masterSecret, +diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py +index c3bcd8c..d2320b8 100644 +--- a/third_party/tlslite/tlslite/tlsrecordlayer.py ++++ b/third_party/tlslite/tlslite/tlsrecordlayer.py +@@ -119,6 +119,7 @@ class TLSRecordLayer(object): + self._handshake_md5 = hashlib.md5() + self._handshake_sha = hashlib.sha1() + self._handshake_sha256 = hashlib.sha256() ++ self._ems_handshake_hash = b"" + + #TLS Protocol Version + self.version = (0,0) #read-only +@@ -814,6 +815,8 @@ class TLSRecordLayer(object): + self._handshake_md5.update(compat26Str(p.bytes)) + self._handshake_sha.update(compat26Str(p.bytes)) + self._handshake_sha256.update(compat26Str(p.bytes)) ++ if subType == HandshakeType.client_key_exchange: ++ self._ems_handshake_hash = self._getHandshakeHash() + + #Parse based on handshake type + if subType == HandshakeType.client_hello: +@@ -1112,6 +1115,7 @@ class TLSRecordLayer(object): + self._handshake_md5 = hashlib.md5() + self._handshake_sha = hashlib.sha1() + self._handshake_sha256 = hashlib.sha256() ++ self._ems_handshake_hash = b"" + self._handshakeBuffer = [] + self.allegedSrpUsername = None + self._refCount = 1 +@@ -1256,3 +1260,9 @@ class TLSRecordLayer(object): + + return md5Bytes + shaBytes + ++ def _getHandshakeHash(self): ++ if self.version in ((3,1), (3,2)): ++ return self._handshake_md5.digest() + \ ++ self._handshake_sha.digest() ++ elif self.version == (3,3): ++ return self._handshake_sha256.digest() diff --git a/chromium/third_party/tlslite/patches/token_binding_negotiation.patch b/chromium/third_party/tlslite/patches/token_binding_negotiation.patch new file mode 100644 index 00000000000..336c11d0b6e --- /dev/null +++ b/chromium/third_party/tlslite/patches/token_binding_negotiation.patch @@ -0,0 +1,115 @@ +diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py +index f9c8676..84bb703 100644 +--- a/third_party/tlslite/tlslite/constants.py ++++ b/third_party/tlslite/tlslite/constants.py +@@ -59,6 +59,7 @@ class ExtensionType: # RFC 6066 / 4366 + tack = 0xF300 + supports_npn = 13172 + channel_id = 30032 ++ token_binding = 30033 + + class HashAlgorithm: + none = 0 +diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py +index a7b6ab9..8f25f62 100644 +--- a/third_party/tlslite/tlslite/handshakesettings.py ++++ b/third_party/tlslite/tlslite/handshakesettings.py +@@ -115,6 +115,13 @@ class HandshakeSettings(object): + @type enableExtendedMasterSecret: bool + @ivar enableExtendedMasterSecret: If true, the server supports the extended + master secret TLS extension and will negotiated it with supporting clients. ++ ++ @type supportedTokenBindingParams: list ++ @ivar supportedTokenBindingParams: A list of token binding parameters that ++ the server supports when negotiating token binding. List values are integers ++ corresponding to the TokenBindingKeyParameters enum in the Token Binding ++ Negotiation spec (draft-ietf-tokbind-negotiation-00). Values are in server's ++ preference order, with most preferred params first. + + Note that TACK support is not standardized by IETF and uses a temporary + TLS Extension number, so should NOT be used in production software. +@@ -134,6 +141,7 @@ class HandshakeSettings(object): + self.useExperimentalTackExtension = False + self.alertAfterHandshake = False + self.enableExtendedMasterSecret = True ++ self.supportedTokenBindingParams = [] + + # Validates the min/max fields, and certificateTypes + # Filters out unsupported cipherNames and cipherImplementations +@@ -152,6 +160,7 @@ class HandshakeSettings(object): + other.tlsIntoleranceType = self.tlsIntoleranceType + other.alertAfterHandshake = self.alertAfterHandshake + other.enableExtendedMasterSecret = self.enableExtendedMasterSecret ++ other.supportedTokenBindingParams = self.supportedTokenBindingParams + + if not cipherfactory.tripleDESPresent: + other.cipherNames = [e for e in self.cipherNames if e != "3des"] +diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py +index 9b553ce..ab2be57 100644 +--- a/third_party/tlslite/tlslite/messages.py ++++ b/third_party/tlslite/tlslite/messages.py +@@ -115,6 +115,7 @@ class ClientHello(HandshakeMsg): + self.server_name = bytearray(0) + self.channel_id = False + self.extended_master_secret = False ++ self.tb_client_params = [] + self.support_signed_cert_timestamps = False + self.status_request = False + +@@ -188,6 +189,15 @@ class ClientHello(HandshakeMsg): + self.channel_id = True + elif extType == ExtensionType.extended_master_secret: + self.extended_master_secret = True ++ elif extType == ExtensionType.token_binding: ++ tokenBindingBytes = p.getFixBytes(extLength) ++ p2 = Parser(tokenBindingBytes) ++ ver_minor = p2.get(1) ++ ver_major = p2.get(1) ++ if (ver_major, ver_minor) >= (0, 2): ++ p2.startLengthCheck(1) ++ while not p2.atLengthCheck(): ++ self.tb_client_params.append(p2.get(1)) + elif extType == ExtensionType.signed_cert_timestamps: + if extLength: + raise SyntaxError() +@@ -271,6 +281,7 @@ class ServerHello(HandshakeMsg): + self.next_protos = None + self.channel_id = False + self.extended_master_secret = False ++ self.tb_params = None + self.signed_cert_timestamps = None + self.status_request = False + +@@ -365,6 +376,17 @@ class ServerHello(HandshakeMsg): + if self.extended_master_secret: + w2.add(ExtensionType.extended_master_secret, 2) + w2.add(0, 2) ++ if self.tb_params: ++ w2.add(ExtensionType.token_binding, 2) ++ # length of extension ++ w2.add(4, 2) ++ # version ++ w2.add(0, 1) ++ w2.add(2, 1) ++ # length of params (defined as variable length <1..2^8-1>, but in ++ # this context the server can only send a single value. ++ w2.add(1, 1) ++ w2.add(self.tb_params, 1) + if self.signed_cert_timestamps: + w2.add(ExtensionType.signed_cert_timestamps, 2) + w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) +diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py +index 04161513..06404fe 100644 +--- a/third_party/tlslite/tlslite/tlsconnection.py ++++ b/third_party/tlslite/tlslite/tlsconnection.py +@@ -1330,6 +1330,10 @@ class TLSConnection(TLSRecordLayer): + serverHello.extended_master_secret = \ + clientHello.extended_master_secret and \ + settings.enableExtendedMasterSecret ++ for param in clientHello.tb_client_params: ++ if param in settings.supportedTokenBindingParams: ++ serverHello.tb_params = param ++ break + if clientHello.support_signed_cert_timestamps: + serverHello.signed_cert_timestamps = signedCertTimestamps + if clientHello.status_request: diff --git a/chromium/third_party/tlslite/tlslite/constants.py b/chromium/third_party/tlslite/tlslite/constants.py index 6d78a207271..84bb70314ef 100644 --- a/chromium/third_party/tlslite/tlslite/constants.py +++ b/chromium/third_party/tlslite/tlslite/constants.py @@ -55,9 +55,11 @@ class ExtensionType: # RFC 6066 / 4366 srp = 12 # RFC 5054 cert_type = 9 # RFC 6091 signed_cert_timestamps = 18 # RFC 6962 + extended_master_secret = 23 # draft-ietf-tls-session-hash-06 tack = 0xF300 supports_npn = 13172 channel_id = 30032 + token_binding = 30033 class HashAlgorithm: none = 0 diff --git a/chromium/third_party/tlslite/tlslite/handshakesettings.py b/chromium/third_party/tlslite/tlslite/handshakesettings.py index 605ed420619..d7be5b3c16e 100644 --- a/chromium/third_party/tlslite/tlslite/handshakesettings.py +++ b/chromium/third_party/tlslite/tlslite/handshakesettings.py @@ -111,6 +111,20 @@ class HandshakeSettings(object): @type alertAfterHandshake: bool @ivar alertAfterHandshake: If true, the server will send a fatal alert immediately after the handshake completes. + + @type enableChannelID: bool + @ivar enableChannelID: If true, the server supports channel ID. + + @type enableExtendedMasterSecret: bool + @ivar enableExtendedMasterSecret: If true, the server supports the extended + master secret TLS extension and will negotiated it with supporting clients. + + @type supportedTokenBindingParams: list + @ivar supportedTokenBindingParams: A list of token binding parameters that + the server supports when negotiating token binding. List values are integers + corresponding to the TokenBindingKeyParameters enum in the Token Binding + Negotiation spec (draft-ietf-tokbind-negotiation-00). Values are in server's + preference order, with most preferred params first. Note that TACK support is not standardized by IETF and uses a temporary TLS Extension number, so should NOT be used in production software. @@ -129,6 +143,9 @@ class HandshakeSettings(object): self.tlsIntoleranceType = 'alert' self.useExperimentalTackExtension = False self.alertAfterHandshake = False + self.enableChannelID = True + self.enableExtendedMasterSecret = True + self.supportedTokenBindingParams = [] # Validates the min/max fields, and certificateTypes # Filters out unsupported cipherNames and cipherImplementations @@ -146,6 +163,9 @@ class HandshakeSettings(object): other.tlsIntolerant = self.tlsIntolerant other.tlsIntoleranceType = self.tlsIntoleranceType other.alertAfterHandshake = self.alertAfterHandshake + other.enableChannelID = self.enableChannelID + other.enableExtendedMasterSecret = self.enableExtendedMasterSecret + other.supportedTokenBindingParams = self.supportedTokenBindingParams if not cipherfactory.tripleDESPresent: other.cipherNames = [e for e in self.cipherNames if e != "3des"] diff --git a/chromium/third_party/tlslite/tlslite/mathtls.py b/chromium/third_party/tlslite/tlslite/mathtls.py index 60a331ab90f..0a23fe192fa 100644 --- a/chromium/third_party/tlslite/tlslite/mathtls.py +++ b/chromium/third_party/tlslite/tlslite/mathtls.py @@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length): index += 1 return bytes -def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom): +def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom, + handshakeHash, useExtendedMasterSecret): + label = b"master secret" + seed = clientRandom + serverRandom + if useExtendedMasterSecret: + label = b"extended master secret" + seed = handshakeHash + if version == (3,0): - masterSecret = PRF_SSL(premasterSecret, - clientRandom + serverRandom, 48) + masterSecret = PRF_SSL(premasterSecret, seed, 48) elif version in ((3,1), (3,2)): - masterSecret = PRF(premasterSecret, b"master secret", - clientRandom + serverRandom, 48) + masterSecret = PRF(premasterSecret, label, seed, 48) elif version == (3,3): - masterSecret = PRF_1_2(premasterSecret, b"master secret", - clientRandom + serverRandom, 48) + masterSecret = PRF_1_2(premasterSecret, label, seed, 48) else: raise AssertionError() return masterSecret diff --git a/chromium/third_party/tlslite/tlslite/messages.py b/chromium/third_party/tlslite/tlslite/messages.py index 9aeff6d010c..ab2be57ac4c 100644 --- a/chromium/third_party/tlslite/tlslite/messages.py +++ b/chromium/third_party/tlslite/tlslite/messages.py @@ -114,6 +114,8 @@ class ClientHello(HandshakeMsg): self.supports_npn = False self.server_name = bytearray(0) self.channel_id = False + self.extended_master_secret = False + self.tb_client_params = [] self.support_signed_cert_timestamps = False self.status_request = False @@ -185,6 +187,17 @@ class ClientHello(HandshakeMsg): break elif extType == ExtensionType.channel_id: self.channel_id = True + elif extType == ExtensionType.extended_master_secret: + self.extended_master_secret = True + elif extType == ExtensionType.token_binding: + tokenBindingBytes = p.getFixBytes(extLength) + p2 = Parser(tokenBindingBytes) + ver_minor = p2.get(1) + ver_major = p2.get(1) + if (ver_major, ver_minor) >= (0, 2): + p2.startLengthCheck(1) + while not p2.atLengthCheck(): + self.tb_client_params.append(p2.get(1)) elif extType == ExtensionType.signed_cert_timestamps: if extLength: raise SyntaxError() @@ -267,6 +280,8 @@ class ServerHello(HandshakeMsg): self.next_protos_advertised = None self.next_protos = None self.channel_id = False + self.extended_master_secret = False + self.tb_params = None self.signed_cert_timestamps = None self.status_request = False @@ -358,6 +373,20 @@ class ServerHello(HandshakeMsg): if self.channel_id: w2.add(ExtensionType.channel_id, 2) w2.add(0, 2) + if self.extended_master_secret: + w2.add(ExtensionType.extended_master_secret, 2) + w2.add(0, 2) + if self.tb_params: + w2.add(ExtensionType.token_binding, 2) + # length of extension + w2.add(4, 2) + # version + w2.add(0, 1) + w2.add(2, 1) + # length of params (defined as variable length <1..2^8-1>, but in + # this context the server can only send a single value. + w2.add(1, 1) + w2.add(self.tb_params, 1) if self.signed_cert_timestamps: w2.add(ExtensionType.signed_cert_timestamps, 2) w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) diff --git a/chromium/third_party/tlslite/tlslite/tlsconnection.py b/chromium/third_party/tlslite/tlslite/tlsconnection.py index dfac274b6e9..7363a309d24 100644 --- a/chromium/third_party/tlslite/tlslite/tlsconnection.py +++ b/chromium/third_party/tlslite/tlslite/tlsconnection.py @@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer): masterSecret = calcMasterSecret(self.version, premasterSecret, clientRandom, - serverRandom) + serverRandom, + b"", False) verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") elif self.version in ((3,1), (3,2)): verifyBytes = self._handshake_md5.digest() + \ @@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer): cipherSuite, cipherImplementations, nextProto): masterSecret = calcMasterSecret(self.version, premasterSecret, - clientRandom, serverRandom) + clientRandom, serverRandom, b"", False) self._calcPendingStates(cipherSuite, masterSecret, clientRandom, serverRandom, cipherImplementations) @@ -1325,7 +1326,15 @@ class TLSConnection(TLSRecordLayer): serverHello.create(self.version, getRandomBytes(32), sessionID, \ cipherSuite, CertificateType.x509, tackExt, nextProtos) - serverHello.channel_id = clientHello.channel_id + serverHello.channel_id = \ + clientHello.channel_id and settings.enableChannelID + serverHello.extended_master_secret = \ + clientHello.extended_master_secret and \ + settings.enableExtendedMasterSecret + for param in clientHello.tb_client_params: + if param in settings.supportedTokenBindingParams: + serverHello.tb_params = param + break if clientHello.support_signed_cert_timestamps: serverHello.signed_cert_timestamps = signedCertTimestamps if clientHello.status_request: @@ -1383,7 +1392,8 @@ class TLSConnection(TLSRecordLayer): for result in self._serverFinished(premasterSecret, clientHello.random, serverHello.random, cipherSuite, settings.cipherImplementations, - nextProtos, clientHello.channel_id): + nextProtos, serverHello.channel_id, + serverHello.extended_master_secret): if result in (0,1): yield result else: break masterSecret = result @@ -1523,6 +1533,9 @@ class TLSConnection(TLSRecordLayer): serverHello.create(self.version, getRandomBytes(32), session.sessionID, session.cipherSuite, CertificateType.x509, None, None) + serverHello.extended_master_secret = \ + clientHello.extended_master_secret and \ + settings.enableExtendedMasterSecret for result in self._sendMsg(serverHello): yield result @@ -1743,7 +1756,8 @@ class TLSConnection(TLSRecordLayer): if clientCertChain: if self.version == (3,0): masterSecret = calcMasterSecret(self.version, premasterSecret, - clientHello.random, serverHello.random) + clientHello.random, serverHello.random, + b"", False) verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") elif self.version in ((3,1), (3,2)): verifyBytes = self._handshake_md5.digest() + \ @@ -1827,9 +1841,11 @@ class TLSConnection(TLSRecordLayer): def _serverFinished(self, premasterSecret, clientRandom, serverRandom, cipherSuite, cipherImplementations, nextProtos, - doingChannelID): + doingChannelID, useExtendedMasterSecret): masterSecret = calcMasterSecret(self.version, premasterSecret, - clientRandom, serverRandom) + clientRandom, serverRandom, + self._ems_handshake_hash, + useExtendedMasterSecret) #Calculate pending connection states self._calcPendingStates(cipherSuite, masterSecret, diff --git a/chromium/third_party/tlslite/tlslite/tlsrecordlayer.py b/chromium/third_party/tlslite/tlslite/tlsrecordlayer.py index c3bcd8c40ca..d2320b8cd13 100644 --- a/chromium/third_party/tlslite/tlslite/tlsrecordlayer.py +++ b/chromium/third_party/tlslite/tlslite/tlsrecordlayer.py @@ -119,6 +119,7 @@ class TLSRecordLayer(object): self._handshake_md5 = hashlib.md5() self._handshake_sha = hashlib.sha1() self._handshake_sha256 = hashlib.sha256() + self._ems_handshake_hash = b"" #TLS Protocol Version self.version = (0,0) #read-only @@ -814,6 +815,8 @@ class TLSRecordLayer(object): self._handshake_md5.update(compat26Str(p.bytes)) self._handshake_sha.update(compat26Str(p.bytes)) self._handshake_sha256.update(compat26Str(p.bytes)) + if subType == HandshakeType.client_key_exchange: + self._ems_handshake_hash = self._getHandshakeHash() #Parse based on handshake type if subType == HandshakeType.client_hello: @@ -1112,6 +1115,7 @@ class TLSRecordLayer(object): self._handshake_md5 = hashlib.md5() self._handshake_sha = hashlib.sha1() self._handshake_sha256 = hashlib.sha256() + self._ems_handshake_hash = b"" self._handshakeBuffer = [] self.allegedSrpUsername = None self._refCount = 1 @@ -1256,3 +1260,9 @@ class TLSRecordLayer(object): return md5Bytes + shaBytes + def _getHandshakeHash(self): + if self.version in ((3,1), (3,2)): + return self._handshake_md5.digest() + \ + self._handshake_sha.digest() + elif self.version == (3,3): + return self._handshake_sha256.digest() |