def test_process_with_not_matching_signature_algorithms(self): exp = ExpectServerKeyExchange( valid_sig_algs=[(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) state = ConnectionState() state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) server_hello.random = bytearray(32) state.server_random = server_hello.random # server hello is not necessary for the test to work #state.handshake_messages.append(server_hello) state.handshake_messages.append(cert) srv_key_exchange = DHE_RSAKeyExchange(\ CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, client_hello, server_hello, private_key) msg = srv_key_exchange.makeServerKeyExchange('sha1') with self.assertRaises(TLSIllegalParameterException): exp.process(state, msg)
def test_process_with_rcf7919_groups_required_not_provided(self): exp = ExpectServerKeyExchange(valid_groups=[256]) state = ConnectionState() state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) client_hello.extensions = [SupportedGroupsExtension().create([256])] state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) server_hello.random = bytearray(32) state.server_random = server_hello.random # server hello is not necessary for the test to work #state.handshake_messages.append(server_hello) state.handshake_messages.append(cert) srv_key_exchange = DHE_RSAKeyExchange(\ CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, client_hello, server_hello, private_key, dhGroups=None) msg = srv_key_exchange.makeServerKeyExchange('sha1') with self.assertRaises(AssertionError): exp.process(state, msg)
def test_process_with_not_matching_signature_algorithms(self): exp = ExpectServerKeyExchange(valid_sig_algs=[(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) state = ConnectionState() state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) server_hello.random = bytearray(32) state.server_random = server_hello.random # server hello is not necessary for the test to work #state.handshake_messages.append(server_hello) state.handshake_messages.append(cert) srv_key_exchange = DHE_RSAKeyExchange(\ CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, client_hello, server_hello, private_key) msg = srv_key_exchange.makeServerKeyExchange('sha1') with self.assertRaises(TLSIllegalParameterException): exp.process(state, msg)
def test_DHE_RSA_key_exchange_with_small_prime(self): client_keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None) srv_key_ex = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) srv_key_ex.createDH(2**768, 2, 2**512-1) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, srv_key_ex)
def test_DHE_RSA_key_exchange_with_client(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') client_keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None) client_premaster = client_keyExchange.processServerKeyExchange(\ None, srv_key_ex) clientKeyExchange = client_keyExchange.makeClientKeyExchange() server_premaster = self.keyExchange.processClientKeyExchange(\ clientKeyExchange) self.assertEqual(client_premaster, server_premaster)
def setUp(self): self.srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = srv_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA self.client_hello = ClientHello().create((3, 3), bytearray(32), bytearray(0), []) self.server_hello = ServerHello().create((3, 3), bytearray(32), bytearray(0), self.cipher_suite) self.keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, self.srv_private_key)
def process(self, state, msg): """Process the Server Key Exchange message""" assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == HandshakeType.server_key_exchange if self.version is None: self.version = state.version if self.cipher_suite is None: self.cipher_suite = state.cipher valid_sig_algs = self.valid_sig_algs server_key_exchange = ServerKeyExchange(self.cipher_suite, self.version) server_key_exchange.parse(parser) client_random = state.client_random server_random = state.server_random public_key = state.get_server_public_key() server_hello = state.get_last_message_of_type(ServerHello) if server_hello is None: server_hello = ServerHello server_hello.server_version = state.version if valid_sig_algs is None: # if the value was unset in script, get the advertised value from # Client Hello client_hello = state.get_last_message_of_type(ClientHello) if client_hello is not None: sig_algs_ext = client_hello.getExtension(ExtensionType. signature_algorithms) if sig_algs_ext is not None: valid_sig_algs = sig_algs_ext.sigalgs if valid_sig_algs is None: # no advertised means support for sha1 only valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)] KeyExchange.verifyServerKeyExchange(server_key_exchange, public_key, client_random, server_random, valid_sig_algs) state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite, clientHello=None, serverHello=server_hello, privateKey=None) state.premaster_secret = state.key_exchange.\ processServerKeyExchange(public_key, server_key_exchange) state.handshake_messages.append(server_key_exchange) state.handshake_hashes.update(msg.write())
def process(self, state, msg): """Process the Server Key Exchange message""" assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == HandshakeType.server_key_exchange if self.version is None: self.version = state.version if self.cipher_suite is None: self.cipher_suite = state.cipher valid_sig_algs = self.valid_sig_algs valid_groups = self.valid_groups server_key_exchange = ServerKeyExchange(self.cipher_suite, self.version) server_key_exchange.parse(parser) client_random = state.client_random server_random = state.server_random public_key = state.get_server_public_key() server_hello = state.get_last_message_of_type(ServerHello) if server_hello is None: server_hello = ServerHello server_hello.server_version = state.version if valid_sig_algs is None: # if the value was unset in script, get the advertised value from # Client Hello client_hello = state.get_last_message_of_type(ClientHello) if client_hello is not None: sig_algs_ext = client_hello.getExtension( ExtensionType.signature_algorithms) if sig_algs_ext is not None: valid_sig_algs = sig_algs_ext.sigalgs if valid_sig_algs is None: # no advertised means support for sha1 only valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)] KeyExchange.verifyServerKeyExchange(server_key_exchange, public_key, client_random, server_random, valid_sig_algs) if self.cipher_suite in CipherSuite.dhAllSuites: if valid_groups and any(i in range(256, 512) for i in valid_groups): self._checkParams(server_key_exchange) state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite, clientHello=None, serverHello=server_hello, privateKey=None) elif self.cipher_suite in CipherSuite.ecdhAllSuites: # extract valid groups from Client Hello if valid_groups is None: client_hello = state.get_last_message_of_type(ClientHello) if client_hello is not None: groups_ext = client_hello.getExtension( ExtensionType.supported_groups) if groups_ext is not None: valid_groups = groups_ext.groups if valid_groups is None: # no advertised means support for all valid_groups = GroupName.allEC state.key_exchange = \ ECDHE_RSAKeyExchange(self.cipher_suite, clientHello=None, serverHello=server_hello, privateKey=None, acceptedCurves=valid_groups) else: raise AssertionError("Unsupported cipher selected") state.premaster_secret = state.key_exchange.\ processServerKeyExchange(public_key, server_key_exchange) state.handshake_messages.append(server_key_exchange) state.handshake_hashes.update(msg.write())
class TestDHE_RSAKeyExchange(unittest.TestCase): def setUp(self): self.srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = srv_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA self.client_hello = ClientHello().create((3, 3), bytearray(32), bytearray(0), []) self.server_hello = ServerHello().create((3, 3), bytearray(32), bytearray(0), self.cipher_suite) self.keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, self.srv_private_key) def test_DHE_RSA_key_exchange(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') cln_X = bytesToNumber(getRandomBytes(32)) cln_Yc = powMod(srv_key_ex.dh_g, cln_X, srv_key_ex.dh_p) cln_secret = numberToByteArray(powMod(srv_key_ex.dh_Ys, cln_X, srv_key_ex.dh_p)) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)) cln_key_ex.createDH(cln_Yc) srv_secret = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_secret, srv_secret) def test_DHE_RSA_key_exchange_with_client(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') client_keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None) client_premaster = client_keyExchange.processServerKeyExchange(\ None, srv_key_ex) clientKeyExchange = client_keyExchange.makeClientKeyExchange() server_premaster = self.keyExchange.processClientKeyExchange(\ clientKeyExchange) self.assertEqual(client_premaster, server_premaster) def test_DHE_RSA_key_exchange_with_invalid_client_key_share(self): clientKeyExchange = ClientKeyExchange(self.cipher_suite, (3, 3)) clientKeyExchange.createDH(2**16000-1) with self.assertRaises(TLSIllegalParameterException): self.keyExchange.processClientKeyExchange(clientKeyExchange) def test_DHE_RSA_key_exchange_with_small_prime(self): client_keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None) srv_key_ex = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) srv_key_ex.createDH(2**768, 2, 2**512-1) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, srv_key_ex) def test_DHE_RSA_key_exchange_empty_signature(self): self.keyExchange.privateKey.sign = mock.Mock(return_value=bytearray(0)) with self.assertRaises(TLSInternalError): self.keyExchange.makeServerKeyExchange('sha1') def test_DHE_RSA_key_exchange_wrong_signature(self): self.keyExchange.privateKey.sign = mock.Mock(return_value=bytearray(20)) with self.assertRaises(TLSInternalError): self.keyExchange.makeServerKeyExchange('sha1')
class TestDHE_RSAKeyExchange(unittest.TestCase): def setUp(self): self.srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = srv_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA self.client_hello = ClientHello().create((3, 3), bytearray(32), bytearray(0), []) self.server_hello = ServerHello().create((3, 3), bytearray(32), bytearray(0), self.cipher_suite) self.keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, self.srv_private_key) def test_DHE_RSA_key_exchange(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') cln_X = bytesToNumber(getRandomBytes(32)) cln_Yc = powMod(srv_key_ex.dh_g, cln_X, srv_key_ex.dh_p) cln_secret = numberToByteArray(powMod(srv_key_ex.dh_Ys, cln_X, srv_key_ex.dh_p)) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)) cln_key_ex.createDH(cln_Yc) srv_secret = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_secret, srv_secret) def test_DHE_RSA_key_exchange_with_client(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') client_keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None) client_premaster = client_keyExchange.processServerKeyExchange(\ None, srv_key_ex) clientKeyExchange = client_keyExchange.makeClientKeyExchange() server_premaster = self.keyExchange.processClientKeyExchange(\ clientKeyExchange) self.assertEqual(client_premaster, server_premaster) def test_DHE_RSA_key_exchange_with_small_prime(self): client_keyExchange = DHE_RSAKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None) srv_key_ex = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) srv_key_ex.createDH(2**768, 2, 2**512-1) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, srv_key_ex)