replace old functions with the new calc_key one

Author: Ivan Nikolchev

tlslite/keyexchange.py

@@ -6,7 +6,7 @@
 
 import ecdsa
 from .mathtls import goodGroupParameters, makeK, makeU, makeX, \
-        calcMasterSecret, paramStrength, RFC7919_GROUPS
+        paramStrength, RFC7919_GROUPS, calc_key
 from .errors import TLSInsufficientSecurity, TLSUnknownPSKIdentity, \
         TLSIllegalParameterException, TLSDecryptionFailed, TLSInternalError, \
         TLSDecodeError
@@ -260,11 +260,11 @@ def calcVerifyBytes(version, handshakeHashes, signatureAlg,
                         prf_name = None, peer_tag=b'client', key_type="rsa"):
         """Calculate signed bytes for Certificate Verify"""
         if version == (3, 0):
-            masterSecret = calcMasterSecret(version,
-                                            0,
-                                            premasterSecret,
-                                            clientRandom,
-                                            serverRandom)
+            masterSecret = calc_key(version, premasterSecret,
+                                    0, b"master secret",
+                                    client_random=clientRandom,
+                                    server_random=serverRandom,
+                                    output_length=48)
             verifyBytes = handshakeHashes.digestSSL(masterSecret, b"")
         elif version in ((3, 1), (3, 2)):
             if key_type != "ecdsa":

tlslite/recordlayer.py

@@ -30,8 +30,7 @@
 from .errors import TLSRecordOverflow, TLSIllegalParameterException,\
         TLSAbruptCloseError, TLSDecryptionFailed, TLSBadRecordMAC, \
         TLSUnexpectedMessage
-from .mathtls import createMAC_SSL, createHMAC, PRF_SSL, PRF, PRF_1_2, \
-        PRF_1_2_SHA384
+from .mathtls import createMAC_SSL, createHMAC, calc_key
 
 class RecordSocket(object):
     """
@@ -1097,34 +1096,6 @@ def _getHMACMethod(version):
 
         return createMACFunc
 
-    def _calcKeyBlock(self, cipherSuite, masterSecret, clientRandom,
-                      serverRandom, outputLength):
-        """Calculate the overall key to slice up"""
-        if self.version == (3, 0):
-            keyBlock = PRF_SSL(masterSecret,
-                               serverRandom + clientRandom,
-                               outputLength)
-        elif self.version in ((3, 1), (3, 2)):
-            keyBlock = PRF(masterSecret,
-                           b"key expansion",
-                           serverRandom + clientRandom,
-                           outputLength)
-        elif self.version == (3, 3):
-            if cipherSuite in CipherSuite.sha384PrfSuites:
-                keyBlock = PRF_1_2_SHA384(masterSecret,
-                                          b"key expansion",
-                                          serverRandom + clientRandom,
-                                          outputLength)
-            else:
-                keyBlock = PRF_1_2(masterSecret,
-                                   b"key expansion",
-                                   serverRandom + clientRandom,
-                                   outputLength)
-        else:
-            raise AssertionError()
-
-        return keyBlock
-
     def calcSSL2PendingStates(self, cipherSuite, masterSecret, clientRandom,
                               serverRandom, implementations):
         """
@@ -1215,8 +1186,10 @@ def calcPendingStates(self, cipherSuite, masterSecret, clientRandom,
         outputLength = (macLength*2) + (keyLength*2) + (ivLength*2)
 
         #Calculate Keying Material from Master Secret
-        keyBlock = self._calcKeyBlock(cipherSuite, masterSecret, clientRandom,
-                                      serverRandom, outputLength)
+        keyBlock = calc_key(self.version, masterSecret, cipherSuite,
+                            b"key expansion", client_random=clientRandom,
+                            server_random=serverRandom,
+                            output_length=outputLength)
 
         #Slice up Keying Material
         clientPendingState = ConnectionState()

tlslite/tlsconnection.py

@@ -1788,16 +1788,16 @@ def _clientFinished(self, premasterSecret, clientRandom, serverRandom,
             # use the certificate authentication, the hashes are the same
             if not cvhh:
                 cvhh = self._handshake_hash
-            masterSecret = calcExtendedMasterSecret(self.version,
-                                                    cipherSuite,
-                                                    premasterSecret,
-                                                    cvhh)
+            masterSecret = calc_key(self.version, premasterSecret,
+                                    cipherSuite, b"extended master secret",
+                                    handshake_hashes=cvhh,
+                                    output_length=48)
         else:
-            masterSecret = calcMasterSecret(self.version,
-                                            cipherSuite,
-                                            premasterSecret,
-                                            clientRandom,
-                                            serverRandom)
+            masterSecret = calc_key(self.version, premasterSecret,
+                                    cipherSuite, b"master secret",
+                                    client_random=clientRandom,
+                                    server_random=serverRandom,
+                                    output_length=48)
         self._calcPendingStates(cipherSuite, masterSecret, 
                                 clientRandom, serverRandom, 
                                 cipherImplementations)
@@ -4069,16 +4069,16 @@ def _serverFinished(self,  premasterSecret, clientRandom, serverRandom,
             # to regular handshake hash
             if not cvhh:
                 cvhh = self._handshake_hash
-            masterSecret = calcExtendedMasterSecret(self.version,
-                                                    cipherSuite,
-                                                    premasterSecret,
-                                                    cvhh)
+            masterSecret = calc_key(self.version, premasterSecret,
+                                    cipherSuite, b"extended master secret",
+                                    handshake_hashes=cvhh,
+                                    output_length=48)
         else:
-            masterSecret = calcMasterSecret(self.version,
-                                            cipherSuite,
-                                            premasterSecret,
-                                            clientRandom,
-                                            serverRandom)
+            masterSecret = calc_key(self.version, premasterSecret,
+                                    cipherSuite, b"master secret",
+                                    client_random=clientRandom,
+                                    server_random=serverRandom,
+                                    output_length=48)
 
         #Calculate pending connection states
         self._calcPendingStates(cipherSuite, masterSecret, 
@@ -4125,12 +4125,16 @@ def _sendFinished(self, masterSecret, cipherSuite=None, nextProto=None,
             for result in self._sendMsg(nextProtoMsg):
                 yield result
 
+        #Figure out the correct label to use
+        if self._client:
+            label = b"client finished"
+        else:
+            label = b"server finished"
         #Calculate verification data
-        verifyData = calcFinished(self.version,
-                                  masterSecret,
-                                  cipherSuite,
-                                  self._handshake_hash,
-                                  self._client)
+        verifyData = calc_key(self.version, masterSecret,
+                              cipherSuite, label,
+                              handshake_hashes=self._handshake_hash,
+                              output_length=12)
         if self.fault == Fault.badFinished:
             verifyData[0] = (verifyData[0]+1)%256
 
@@ -4175,12 +4179,17 @@ def _getFinished(self, masterSecret, cipherSuite=None,
         if nextProto:
             self.next_proto = nextProto
 
+        #Figure out which label to use.
+        if self._client:
+            label = b"server finished"
+        else:
+            label = b"client finished"
+
         #Calculate verification data
-        verifyData = calcFinished(self.version,
-                                  masterSecret,
-                                  cipherSuite,
-                                  self._handshake_hash,
-                                  not self._client)
+        verifyData = calc_key(self.version, masterSecret,
+                              cipherSuite, label,
+                              handshake_hashes=self._handshake_hash,
+                              output_length=12)
 
         #Get and check Finished message under new state
         for result in self._getMsg(ContentType.handshake,