def post_send(self, status):
cipher_suite = status.cipher
if self.extended_master_secret is None:
self.extended_master_secret = status.extended_master_secret
if not status.resuming:
if self.extended_master_secret:
master_secret = \
calcExtendedMasterSecret(status.version,
cipher_suite,
status.premaster_secret,
status.handshake_hashes)
else:
master_secret = calcMasterSecret(status.version, cipher_suite,
status.premaster_secret,
status.client_random,
status.server_random)
status.master_secret = master_secret
# in case of resumption, the pending states are generated
# during receive of server sent CCS
calc_pending_states(status)
status.msg_sock.changeWriteState()
def post_send(self, status):
"""Generate new encryption keys for connection."""
cipher_suite = status.cipher
status.msg_sock.encryptThenMAC = status.encrypt_then_mac
if self.extended_master_secret is None:
self.extended_master_secret = status.extended_master_secret
if not status.resuming:
if self.extended_master_secret:
# in case client certificates are used, we need to omit
# certificate verify message
hh = status.certificate_verify_handshake_hashes
if not hh:
hh = status.handshake_hashes
master_secret = \
calcExtendedMasterSecret(status.version,
cipher_suite,
status.premaster_secret,
hh)
else:
master_secret = calcMasterSecret(status.version,
cipher_suite,
status.premaster_secret,
status.client_random,
status.server_random)
status.master_secret = master_secret
# in case of resumption, the pending states are generated
# during receive of server sent CCS
calc_pending_states(status)
status.msg_sock.changeWriteState()
def test_with_TLS_1_2(self):
ret = calcExtendedMasterSecret((3, 3), 0, bytearray(48),
self.handshakeHashes)
self.assertEqual(
ret,
bytearray(
b'\x03\xc93Yx\xcbjSEmz*\x0b\xc3\xc04G\xf3\xe3{\xee\x13\x8b\xac'
b'\xd7\xb7\xe6\xbaY\x86\xd5\xf2o?\x8f\xc6\xf2\x19\x1d\x06\xe0N'
b'\xb5\xcaJX\xe8\x1d'))
def test_with_TLS_1_0(self):
ret = calcExtendedMasterSecret((3, 1), 0, bytearray(48),
self.handshakeHashes)
self.assertEqual(
ret,
bytearray(
b'/\xe9\x86\xda\xda\xa9)\x1eyJ\xc9\x13E\xe4\xfc\xe7\x842m7(\xb4'
b'\x98\xb7\xbc\xa5\xda\x1d\xf3\x15\xea\xdf:i\xeb\x9bA\x8f\xe7'
b'\xd4<\xe0\xe8\x1d\xa0\xf0\x10\x83'))
def test_with_TLS_1_2(self):
ret = calcExtendedMasterSecret((3, 3),
0,
bytearray(48),
self.handshakeHashes)
self.assertEqual(ret, bytearray(
b'\x03\xc93Yx\xcbjSEmz*\x0b\xc3\xc04G\xf3\xe3{\xee\x13\x8b\xac'
b'\xd7\xb7\xe6\xbaY\x86\xd5\xf2o?\x8f\xc6\xf2\x19\x1d\x06\xe0N'
b'\xb5\xcaJX\xe8\x1d'
))
def test_with_TLS_1_0(self):
ret = calcExtendedMasterSecret((3, 1),
0,
bytearray(48),
self.handshakeHashes)
self.assertEqual(ret, bytearray(
b'/\xe9\x86\xda\xda\xa9)\x1eyJ\xc9\x13E\xe4\xfc\xe7\x842m7(\xb4'
b'\x98\xb7\xbc\xa5\xda\x1d\xf3\x15\xea\xdf:i\xeb\x9bA\x8f\xe7'
b'\xd4<\xe0\xe8\x1d\xa0\xf0\x10\x83'
))
def test_with_TLS_1_2_and_SHA384_PRF(self):
ret = calcExtendedMasterSecret(
(3, 3), CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, bytearray(48),
self.handshakeHashes)
self.assertEqual(
ret,
bytearray(
b"\xd6\xed}K\xfbo\xb2\xdb\xa4\xee\xa1\x0f\x8f\x07*\x84w/\xbf_"
b"\xbd\xc1U^\x93\xcf\xe8\xca\x82\xb7_B\xa3O\xd9V\x86\x12\xfd\x08"
b"$\x92\'L\xae\xc0@\x01"))
def test_with_TLS_1_2_and_SHA384_PRF(self):
ret = calcExtendedMasterSecret((3, 3),
CipherSuite.
TLS_RSA_WITH_AES_256_GCM_SHA384,
bytearray(48),
self.handshakeHashes)
self.assertEqual(ret, bytearray(
b"\xd6\xed}K\xfbo\xb2\xdb\xa4\xee\xa1\x0f\x8f\x07*\x84w/\xbf_"
b"\xbd\xc1U^\x93\xcf\xe8\xca\x82\xb7_B\xa3O\xd9V\x86\x12\xfd\x08"
b"$\x92\'L\xae\xc0@\x01"
))
