Home | History | Annotate | Download | only in patches
      1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
      2 index d52e596..79ad145 100755
      3 --- a/third_party/tlslite/tlslite/constants.py
      4 +++ b/third_party/tlslite/tlslite/constants.py
      5 @@ -31,6 +31,7 @@ class HandshakeType:
      6      client_key_exchange = 16
      7      finished = 20
      8      next_protocol = 67
      9 +    encrypted_extensions = 203
     10  
     11  class ContentType:
     12      change_cipher_spec = 20
     13 @@ -45,6 +46,7 @@ class ExtensionType:    # RFC 6066 / 4366
     14      cert_type = 9       # RFC 6091
     15      tack = 0xF300
     16      supports_npn = 13172
     17 +    channel_id = 30032
     18      
     19  class NameType:
     20      host_name = 0
     21 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
     22 index 7ef4e3f..246082e 100755
     23 --- a/third_party/tlslite/tlslite/messages.py
     24 +++ b/third_party/tlslite/tlslite/messages.py
     25 @@ -112,6 +112,7 @@ class ClientHello(HandshakeMsg):
     26          self.tack = False
     27          self.supports_npn = False
     28          self.server_name = bytearray(0)
     29 +        self.channel_id = False
     30  
     31      def create(self, version, random, session_id, cipher_suites,
     32                 certificate_types=None, srpUsername=None,
     33 @@ -179,6 +180,8 @@ class ClientHello(HandshakeMsg):
     34                              if name_type == NameType.host_name:
     35                                  self.server_name = hostNameBytes
     36                                  break
     37 +                    elif extType == ExtensionType.channel_id:
     38 +                        self.channel_id = True
     39                      else:
     40                          _ = p.getFixBytes(extLength)
     41                      index2 = p.index
     42 @@ -243,6 +246,7 @@ class ServerHello(HandshakeMsg):
     43          self.tackExt = None
     44          self.next_protos_advertised = None
     45          self.next_protos = None
     46 +        self.channel_id = False
     47  
     48      def create(self, version, random, session_id, cipher_suite,
     49                 certificate_type, tackExt, next_protos_advertised):
     50 @@ -329,6 +333,9 @@ class ServerHello(HandshakeMsg):
     51              w2.add(ExtensionType.supports_npn, 2)
     52              w2.add(len(encoded_next_protos_advertised), 2)
     53              w2.addFixSeq(encoded_next_protos_advertised, 1)
     54 +        if self.channel_id:
     55 +            w2.add(ExtensionType.channel_id, 2)
     56 +            w2.add(0, 2)
     57          if len(w2.bytes):
     58              w.add(len(w2.bytes), 2)
     59              w.bytes += w2.bytes        
     60 @@ -656,6 +663,28 @@ class Finished(HandshakeMsg):
     61          w.addFixSeq(self.verify_data, 1)
     62          return self.postWrite(w)
     63  
     64 +class EncryptedExtensions(HandshakeMsg):
     65 +    def __init__(self):
     66 +        self.channel_id_key = None
     67 +        self.channel_id_proof = None
     68 +
     69 +    def parse(self, p):
     70 +        p.startLengthCheck(3)
     71 +        soFar = 0
     72 +        while soFar != p.lengthCheck:
     73 +            extType = p.get(2)
     74 +            extLength = p.get(2)
     75 +            if extType == ExtensionType.channel_id:
     76 +                if extLength != 32*4:
     77 +                    raise SyntaxError()
     78 +                self.channel_id_key = p.getFixBytes(64)
     79 +                self.channel_id_proof = p.getFixBytes(64)
     80 +            else:
     81 +                p.getFixBytes(extLength)
     82 +            soFar += 4 + extLength
     83 +        p.stopLengthCheck()
     84 +        return self
     85 +
     86  class ApplicationData(object):
     87      def __init__(self):
     88          self.contentType = ContentType.application_data
     89 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
     90 index 8415592..e7c5140 100755
     91 --- a/third_party/tlslite/tlslite/tlsconnection.py
     92 +++ b/third_party/tlslite/tlslite/tlsconnection.py
     93 @@ -1155,6 +1155,7 @@ class TLSConnection(TLSRecordLayer):
     94          serverHello.create(self.version, getRandomBytes(32), sessionID, \
     95                              cipherSuite, CertificateType.x509, tackExt,
     96                              nextProtos)
     97 +        serverHello.channel_id = clientHello.channel_id
     98  
     99          # Perform the SRP key exchange
    100          clientCertChain = None
    101 @@ -1191,7 +1192,7 @@ class TLSConnection(TLSRecordLayer):
    102          for result in self._serverFinished(premasterSecret, 
    103                                  clientHello.random, serverHello.random,
    104                                  cipherSuite, settings.cipherImplementations,
    105 -                                nextProtos):
    106 +                                nextProtos, clientHello.channel_id):
    107                  if result in (0,1): yield result
    108                  else: break
    109          masterSecret = result
    110 @@ -1609,7 +1610,8 @@ class TLSConnection(TLSRecordLayer):
    111  
    112  
    113      def _serverFinished(self,  premasterSecret, clientRandom, serverRandom,
    114 -                        cipherSuite, cipherImplementations, nextProtos):
    115 +                        cipherSuite, cipherImplementations, nextProtos,
    116 +                        doingChannelID):
    117          masterSecret = calcMasterSecret(self.version, premasterSecret,
    118                                        clientRandom, serverRandom)
    119          
    120 @@ -1620,7 +1622,8 @@ class TLSConnection(TLSRecordLayer):
    121  
    122          #Exchange ChangeCipherSpec and Finished messages
    123          for result in self._getFinished(masterSecret, 
    124 -                        expect_next_protocol=nextProtos is not None):
    125 +                        expect_next_protocol=nextProtos is not None,
    126 +                        expect_channel_id=doingChannelID):
    127              yield result
    128  
    129          for result in self._sendFinished(masterSecret):
    130 @@ -1657,7 +1660,8 @@ class TLSConnection(TLSRecordLayer):
    131          for result in self._sendMsg(finished):
    132              yield result
    133  
    134 -    def _getFinished(self, masterSecret, expect_next_protocol=False, nextProto=None):
    135 +    def _getFinished(self, masterSecret, expect_next_protocol=False, nextProto=None,
    136 +                     expect_channel_id=False):
    137          #Get and check ChangeCipherSpec
    138          for result in self._getMsg(ContentType.change_cipher_spec):
    139              if result in (0,1):
    140 @@ -1690,6 +1694,20 @@ class TLSConnection(TLSRecordLayer):
    141          if nextProto:
    142              self.next_proto = nextProto
    143  
    144 +        #Server Finish - Are we waiting for a EncryptedExtensions?
    145 +        if expect_channel_id:
    146 +            for result in self._getMsg(ContentType.handshake, HandshakeType.encrypted_extensions):
    147 +                if result in (0,1):
    148 +                    yield result
    149 +            if result is None:
    150 +                for result in self._sendError(AlertDescription.unexpected_message,
    151 +                                             "Didn't get EncryptedExtensions message"):
    152 +                    yield result
    153 +            encrypted_extensions = result
    154 +            self.channel_id = result.channel_id_key
    155 +        else:
    156 +            self.channel_id = None
    157 +
    158          #Calculate verification data
    159          verifyData = self._calcFinished(masterSecret, False)
    160  
    161 diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
    162 index b0833fe..ff08cbf 100755
    163 --- a/third_party/tlslite/tlslite/tlsrecordlayer.py
    164 +++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
    165 @@ -800,6 +800,8 @@ class TLSRecordLayer(object):
    166                      yield Finished(self.version).parse(p)
    167                  elif subType == HandshakeType.next_protocol:
    168                      yield NextProtocol().parse(p)
    169 +                elif subType == HandshakeType.encrypted_extensions:
    170 +                    yield EncryptedExtensions().parse(p)
    171                  else:
    172                      raise AssertionError()
    173  
    174