Revert of Implement extended master secret in tlslite (patchset #3 id:40001 of https://codereview.chromium.org/1283373002/ )
Reason for revert:
Broke SSLClientSocketOpenSSLClientAuthTest.SendGoodCert on Android Tests and Android Tests (dbg):
http://build.chromium.org/p/chromium.linux/builders/Android%20Tests/builds/21769
http://build.chromium.org/p/chromium.linux/builders/Android%20Tests%20%28dbg%29/builds/29668
Original issue's description:
> Implement extended master secret in tlslite
>
> BUG=467312
>
> Committed: https://crrev.com/8a61fc9eaf016b964a6adc42dd2288f9193f70cd
> Cr-Commit-Position: refs/heads/master@{#344031}
TBR=davidben@chromium.org,nharper@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=467312
Review URL: https://codereview.chromium.org/1299153002
Cr-Original-Commit-Position: refs/heads/master@{#344147}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 8688bb977f9d4a6c9fbccfbac86ad578a4de8e72
diff --git a/README.chromium b/README.chromium
index d058fe1..4468a08 100644
--- a/README.chromium
+++ b/README.chromium
@@ -38,6 +38,4 @@
unless >= TLS 1.2 is negotiated.
- patches/alert_after_handshake.patch: Add an option to send a fatal alert
immediately after the handshake completes.
-- patches/ecdhe_rsa.patch: Implement ECDHE_RSA-based ciper suites on the server.
-- patches/extended_master_secret.patch: Add server support for extended
- master secret.
+- patches/ecdhe_rsa.patch: Implement ECDHE_RSA-based ciper suites on the server.
\ No newline at end of file
diff --git a/patches/extended_master_secret.patch b/patches/extended_master_secret.patch
deleted file mode 100644
index df60b4b..0000000
--- a/patches/extended_master_secret.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
-index 6d78a20..f9c8676 100644
---- a/third_party/tlslite/tlslite/constants.py
-+++ b/third_party/tlslite/tlslite/constants.py
-@@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366
- srp = 12 # RFC 5054
- cert_type = 9 # RFC 6091
- signed_cert_timestamps = 18 # RFC 6962
-+ extended_master_secret = 23 # draft-ietf-tls-session-hash-06
- tack = 0xF300
- supports_npn = 13172
- channel_id = 30032
-diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
-index 605ed42..7679823 100644
---- a/third_party/tlslite/tlslite/handshakesettings.py
-+++ b/third_party/tlslite/tlslite/handshakesettings.py
-@@ -111,6 +111,10 @@ class HandshakeSettings(object):
- @type alertAfterHandshake: bool
- @ivar alertAfterHandshake: If true, the server will send a fatal
- alert immediately after the handshake completes.
-+
-+ @type enableExtendedMasterSecret: bool
-+ @ivar enableExtendedMasterSecret: If true, the server supports the extended
-+ master secret TLS extension and will negotiated it with supporting clients.
-
- Note that TACK support is not standardized by IETF and uses a temporary
- TLS Extension number, so should NOT be used in production software.
-@@ -129,6 +133,7 @@ class HandshakeSettings(object):
- self.tlsIntoleranceType = 'alert'
- self.useExperimentalTackExtension = False
- self.alertAfterHandshake = False
-+ self.enableExtendedMasterSecret = True
-
- # Validates the min/max fields, and certificateTypes
- # Filters out unsupported cipherNames and cipherImplementations
-diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslite/mathtls.py
-index 60a331a..0a23fe1 100644
---- a/third_party/tlslite/tlslite/mathtls.py
-+++ b/third_party/tlslite/tlslite/mathtls.py
-@@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length):
- index += 1
- return bytes
-
--def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):
-+def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom,
-+ handshakeHash, useExtendedMasterSecret):
-+ label = b"master secret"
-+ seed = clientRandom + serverRandom
-+ if useExtendedMasterSecret:
-+ label = b"extended master secret"
-+ seed = handshakeHash
-+
- if version == (3,0):
-- masterSecret = PRF_SSL(premasterSecret,
-- clientRandom + serverRandom, 48)
-+ masterSecret = PRF_SSL(premasterSecret, seed, 48)
- elif version in ((3,1), (3,2)):
-- masterSecret = PRF(premasterSecret, b"master secret",
-- clientRandom + serverRandom, 48)
-+ masterSecret = PRF(premasterSecret, label, seed, 48)
- elif version == (3,3):
-- masterSecret = PRF_1_2(premasterSecret, b"master secret",
-- clientRandom + serverRandom, 48)
-+ masterSecret = PRF_1_2(premasterSecret, label, seed, 48)
- else:
- raise AssertionError()
- return masterSecret
-diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
-index 9aeff6d..9b553ce 100644
---- a/third_party/tlslite/tlslite/messages.py
-+++ b/third_party/tlslite/tlslite/messages.py
-@@ -114,6 +114,7 @@ class ClientHello(HandshakeMsg):
- self.supports_npn = False
- self.server_name = bytearray(0)
- self.channel_id = False
-+ self.extended_master_secret = False
- self.support_signed_cert_timestamps = False
- self.status_request = False
-
-@@ -185,6 +186,8 @@ class ClientHello(HandshakeMsg):
- break
- elif extType == ExtensionType.channel_id:
- self.channel_id = True
-+ elif extType == ExtensionType.extended_master_secret:
-+ self.extended_master_secret = True
- elif extType == ExtensionType.signed_cert_timestamps:
- if extLength:
- raise SyntaxError()
-@@ -267,6 +270,7 @@ class ServerHello(HandshakeMsg):
- self.next_protos_advertised = None
- self.next_protos = None
- self.channel_id = False
-+ self.extended_master_secret = False
- self.signed_cert_timestamps = None
- self.status_request = False
-
-@@ -358,6 +362,9 @@ class ServerHello(HandshakeMsg):
- if self.channel_id:
- w2.add(ExtensionType.channel_id, 2)
- w2.add(0, 2)
-+ if self.extended_master_secret:
-+ w2.add(ExtensionType.extended_master_secret, 2)
-+ w2.add(0, 2)
- if self.signed_cert_timestamps:
- w2.add(ExtensionType.signed_cert_timestamps, 2)
- w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)
-diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
-index dfac274..231ba15 100644
---- a/third_party/tlslite/tlslite/tlsconnection.py
-+++ b/third_party/tlslite/tlslite/tlsconnection.py
-@@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer):
- masterSecret = calcMasterSecret(self.version,
- premasterSecret,
- clientRandom,
-- serverRandom)
-+ serverRandom,
-+ b"", False)
- verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
- elif self.version in ((3,1), (3,2)):
- verifyBytes = self._handshake_md5.digest() + \
-@@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer):
- cipherSuite, cipherImplementations, nextProto):
-
- masterSecret = calcMasterSecret(self.version, premasterSecret,
-- clientRandom, serverRandom)
-+ clientRandom, serverRandom, b"", False)
- self._calcPendingStates(cipherSuite, masterSecret,
- clientRandom, serverRandom,
- cipherImplementations)
-@@ -1326,6 +1327,9 @@ class TLSConnection(TLSRecordLayer):
- cipherSuite, CertificateType.x509, tackExt,
- nextProtos)
- serverHello.channel_id = clientHello.channel_id
-+ serverHello.extended_master_secret = \
-+ clientHello.extended_master_secret and \
-+ settings.enableExtendedMasterSecret
- if clientHello.support_signed_cert_timestamps:
- serverHello.signed_cert_timestamps = signedCertTimestamps
- if clientHello.status_request:
-@@ -1383,7 +1387,8 @@ class TLSConnection(TLSRecordLayer):
- for result in self._serverFinished(premasterSecret,
- clientHello.random, serverHello.random,
- cipherSuite, settings.cipherImplementations,
-- nextProtos, clientHello.channel_id):
-+ nextProtos, clientHello.channel_id,
-+ serverHello.extended_master_secret):
- if result in (0,1): yield result
- else: break
- masterSecret = result
-@@ -1523,6 +1528,9 @@ class TLSConnection(TLSRecordLayer):
- serverHello.create(self.version, getRandomBytes(32),
- session.sessionID, session.cipherSuite,
- CertificateType.x509, None, None)
-+ serverHello.extended_master_secret = \
-+ clientHello.extended_master_secret and \
-+ settings.enableExtendedMasterSecret
- for result in self._sendMsg(serverHello):
- yield result
-
-@@ -1743,7 +1751,8 @@ class TLSConnection(TLSRecordLayer):
- if clientCertChain:
- if self.version == (3,0):
- masterSecret = calcMasterSecret(self.version, premasterSecret,
-- clientHello.random, serverHello.random)
-+ clientHello.random, serverHello.random,
-+ b"", False)
- verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
- elif self.version in ((3,1), (3,2)):
- verifyBytes = self._handshake_md5.digest() + \
-@@ -1827,9 +1836,11 @@ class TLSConnection(TLSRecordLayer):
-
- def _serverFinished(self, premasterSecret, clientRandom, serverRandom,
- cipherSuite, cipherImplementations, nextProtos,
-- doingChannelID):
-+ doingChannelID, useExtendedMasterSecret):
- masterSecret = calcMasterSecret(self.version, premasterSecret,
-- clientRandom, serverRandom)
-+ clientRandom, serverRandom,
-+ self._getHandshakeHash(),
-+ useExtendedMasterSecret)
-
- #Calculate pending connection states
- self._calcPendingStates(cipherSuite, masterSecret,
-diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
-index c3bcd8c..b7d68a7a 100644
---- a/third_party/tlslite/tlslite/tlsrecordlayer.py
-+++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
-@@ -1256,3 +1256,9 @@ class TLSRecordLayer(object):
-
- return md5Bytes + shaBytes
-
-+ def _getHandshakeHash(self):
-+ if self.version in ((3,1), (3,2)):
-+ return self._handshake_md5.digest() + \
-+ self._handshake_sha.digest()
-+ elif self.version == (3,3):
-+ return self._handshake_sha256.digest()
diff --git a/tlslite/constants.py b/tlslite/constants.py
index f9c8676..6d78a20 100644
--- a/tlslite/constants.py
+++ b/tlslite/constants.py
@@ -55,7 +55,6 @@
srp = 12 # RFC 5054
cert_type = 9 # RFC 6091
signed_cert_timestamps = 18 # RFC 6962
- extended_master_secret = 23 # draft-ietf-tls-session-hash-06
tack = 0xF300
supports_npn = 13172
channel_id = 30032
diff --git a/tlslite/handshakesettings.py b/tlslite/handshakesettings.py
index 7679823..605ed42 100644
--- a/tlslite/handshakesettings.py
+++ b/tlslite/handshakesettings.py
@@ -111,10 +111,6 @@
@type alertAfterHandshake: bool
@ivar alertAfterHandshake: If true, the server will send a fatal
alert immediately after the handshake completes.
-
- @type enableExtendedMasterSecret: bool
- @ivar enableExtendedMasterSecret: If true, the server supports the extended
- master secret TLS extension and will negotiated it with supporting clients.
Note that TACK support is not standardized by IETF and uses a temporary
TLS Extension number, so should NOT be used in production software.
@@ -133,7 +129,6 @@
self.tlsIntoleranceType = 'alert'
self.useExperimentalTackExtension = False
self.alertAfterHandshake = False
- self.enableExtendedMasterSecret = True
# Validates the min/max fields, and certificateTypes
# Filters out unsupported cipherNames and cipherImplementations
diff --git a/tlslite/mathtls.py b/tlslite/mathtls.py
index 0a23fe1..60a331a 100644
--- a/tlslite/mathtls.py
+++ b/tlslite/mathtls.py
@@ -67,20 +67,16 @@
index += 1
return bytes
-def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom,
- handshakeHash, useExtendedMasterSecret):
- label = b"master secret"
- seed = clientRandom + serverRandom
- if useExtendedMasterSecret:
- label = b"extended master secret"
- seed = handshakeHash
-
+def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):
if version == (3,0):
- masterSecret = PRF_SSL(premasterSecret, seed, 48)
+ masterSecret = PRF_SSL(premasterSecret,
+ clientRandom + serverRandom, 48)
elif version in ((3,1), (3,2)):
- masterSecret = PRF(premasterSecret, label, seed, 48)
+ masterSecret = PRF(premasterSecret, b"master secret",
+ clientRandom + serverRandom, 48)
elif version == (3,3):
- masterSecret = PRF_1_2(premasterSecret, label, seed, 48)
+ masterSecret = PRF_1_2(premasterSecret, b"master secret",
+ clientRandom + serverRandom, 48)
else:
raise AssertionError()
return masterSecret
diff --git a/tlslite/messages.py b/tlslite/messages.py
index 9b553ce..9aeff6d 100644
--- a/tlslite/messages.py
+++ b/tlslite/messages.py
@@ -114,7 +114,6 @@
self.supports_npn = False
self.server_name = bytearray(0)
self.channel_id = False
- self.extended_master_secret = False
self.support_signed_cert_timestamps = False
self.status_request = False
@@ -186,8 +185,6 @@
break
elif extType == ExtensionType.channel_id:
self.channel_id = True
- elif extType == ExtensionType.extended_master_secret:
- self.extended_master_secret = True
elif extType == ExtensionType.signed_cert_timestamps:
if extLength:
raise SyntaxError()
@@ -270,7 +267,6 @@
self.next_protos_advertised = None
self.next_protos = None
self.channel_id = False
- self.extended_master_secret = False
self.signed_cert_timestamps = None
self.status_request = False
@@ -362,9 +358,6 @@
if self.channel_id:
w2.add(ExtensionType.channel_id, 2)
w2.add(0, 2)
- if self.extended_master_secret:
- w2.add(ExtensionType.extended_master_secret, 2)
- w2.add(0, 2)
if self.signed_cert_timestamps:
w2.add(ExtensionType.signed_cert_timestamps, 2)
w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
index 231ba15..dfac274 100644
--- a/tlslite/tlsconnection.py
+++ b/tlslite/tlsconnection.py
@@ -981,8 +981,7 @@
masterSecret = calcMasterSecret(self.version,
premasterSecret,
clientRandom,
- serverRandom,
- b"", False)
+ serverRandom)
verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
elif self.version in ((3,1), (3,2)):
verifyBytes = self._handshake_md5.digest() + \
@@ -1037,7 +1036,7 @@
cipherSuite, cipherImplementations, nextProto):
masterSecret = calcMasterSecret(self.version, premasterSecret,
- clientRandom, serverRandom, b"", False)
+ clientRandom, serverRandom)
self._calcPendingStates(cipherSuite, masterSecret,
clientRandom, serverRandom,
cipherImplementations)
@@ -1327,9 +1326,6 @@
cipherSuite, CertificateType.x509, tackExt,
nextProtos)
serverHello.channel_id = clientHello.channel_id
- serverHello.extended_master_secret = \
- clientHello.extended_master_secret and \
- settings.enableExtendedMasterSecret
if clientHello.support_signed_cert_timestamps:
serverHello.signed_cert_timestamps = signedCertTimestamps
if clientHello.status_request:
@@ -1387,8 +1383,7 @@
for result in self._serverFinished(premasterSecret,
clientHello.random, serverHello.random,
cipherSuite, settings.cipherImplementations,
- nextProtos, clientHello.channel_id,
- serverHello.extended_master_secret):
+ nextProtos, clientHello.channel_id):
if result in (0,1): yield result
else: break
masterSecret = result
@@ -1528,9 +1523,6 @@
serverHello.create(self.version, getRandomBytes(32),
session.sessionID, session.cipherSuite,
CertificateType.x509, None, None)
- serverHello.extended_master_secret = \
- clientHello.extended_master_secret and \
- settings.enableExtendedMasterSecret
for result in self._sendMsg(serverHello):
yield result
@@ -1751,8 +1743,7 @@
if clientCertChain:
if self.version == (3,0):
masterSecret = calcMasterSecret(self.version, premasterSecret,
- clientHello.random, serverHello.random,
- b"", False)
+ clientHello.random, serverHello.random)
verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
elif self.version in ((3,1), (3,2)):
verifyBytes = self._handshake_md5.digest() + \
@@ -1836,11 +1827,9 @@
def _serverFinished(self, premasterSecret, clientRandom, serverRandom,
cipherSuite, cipherImplementations, nextProtos,
- doingChannelID, useExtendedMasterSecret):
+ doingChannelID):
masterSecret = calcMasterSecret(self.version, premasterSecret,
- clientRandom, serverRandom,
- self._getHandshakeHash(),
- useExtendedMasterSecret)
+ clientRandom, serverRandom)
#Calculate pending connection states
self._calcPendingStates(cipherSuite, masterSecret,
diff --git a/tlslite/tlsrecordlayer.py b/tlslite/tlsrecordlayer.py
index b7d68a7..c3bcd8c 100644
--- a/tlslite/tlsrecordlayer.py
+++ b/tlslite/tlsrecordlayer.py
@@ -1256,9 +1256,3 @@
return md5Bytes + shaBytes
- def _getHandshakeHash(self):
- if self.version in ((3,1), (3,2)):
- return self._handshake_md5.digest() + \
- self._handshake_sha.digest()
- elif self.version == (3,3):
- return self._handshake_sha256.digest()