def test_verifyServerKeyExchange(self):
     KeyExchange.verifyServerKeyExchange(self.server_key_exchange,
                                         self.srv_pub_key,
                                         self.client_hello.random,
                                         bytearray(32),
                                         [(HashAlgorithm.sha1,
                                           SignatureAlgorithm.rsa)])
    def test_ECDHE_key_exchange(self):
        srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')

        KeyExchange.verifyServerKeyExchange(srv_key_ex,
                                            self.srv_pub_key,
                                            self.client_hello.random,
                                            self.server_hello.random,
                                            [(HashAlgorithm.sha1,
                                              SignatureAlgorithm.rsa)])

        curveName = GroupName.toStr(srv_key_ex.named_curve)
        curve = getCurveByName(curveName)
        generator = curve.generator
        cln_Xc = ecdsa.util.randrange(generator.order())
        cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve)
        cln_Yc = encodeX962Point(generator * cln_Xc)

        cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3))
        cln_key_ex.createECDH(cln_Yc)

        cln_S = cln_Ys * cln_Xc
        cln_premaster = numberToByteArray(cln_S.x(),
                                          getPointByteSize(cln_S))

        srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)

        self.assertEqual(cln_premaster, srv_premaster)
 def test_verifyServerKeyExchange(self):
     KeyExchange.verifyServerKeyExchange(self.server_key_exchange,
                                         self.srv_pub_key,
                                         self.client_hello.random,
                                         bytearray(32),
                                         [(HashAlgorithm.sha1,
                                           SignatureAlgorithm.rsa)])
    def test_SRP_key_exchange(self):
        srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256')

        KeyExchange.verifyServerKeyExchange(srv_key_ex,
                                            self.srv_pub_key,
                                            self.client_hello.random,
                                            self.server_hello.random,
                                            [(HashAlgorithm.sha256,
                                              SignatureAlgorithm.rsa)])

        a = bytesToNumber(getRandomBytes(32))
        A = powMod(srv_key_ex.srp_g,
                   a,
                   srv_key_ex.srp_N)
        x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
        v = powMod(srv_key_ex.srp_g,
                   x,
                   srv_key_ex.srp_N)
        u = makeU(srv_key_ex.srp_N,
                  A,
                  srv_key_ex.srp_B)

        k = makeK(srv_key_ex.srp_N,
                  srv_key_ex.srp_g)
        S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
                   a+(u*x),
                   srv_key_ex.srp_N)

        cln_premaster = numberToByteArray(S)

        cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)

        srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)

        self.assertEqual(cln_premaster, srv_premaster)
    def test_ECDHE_key_exchange(self):
        srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')

        KeyExchange.verifyServerKeyExchange(srv_key_ex,
                                            self.srv_pub_key,
                                            self.client_hello.random,
                                            self.server_hello.random,
                                            [(HashAlgorithm.sha1,
                                              SignatureAlgorithm.rsa)])

        curveName = GroupName.toStr(srv_key_ex.named_curve)
        curve = getCurveByName(curveName)
        generator = curve.generator
        cln_Xc = ecdsa.util.randrange(generator.order())
        cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve)
        cln_Yc = encodeX962Point(generator * cln_Xc)

        cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3))
        cln_key_ex.createECDH(cln_Yc)

        cln_S = cln_Ys * cln_Xc
        cln_premaster = numberToByteArray(cln_S.x(),
                                          getPointByteSize(cln_S))

        srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)

        self.assertEqual(cln_premaster, srv_premaster)
    def test_SRP_key_exchange(self):
        srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256')

        KeyExchange.verifyServerKeyExchange(srv_key_ex,
                                            self.srv_pub_key,
                                            self.client_hello.random,
                                            self.server_hello.random,
                                            [(HashAlgorithm.sha256,
                                              SignatureAlgorithm.rsa)])

        a = bytesToNumber(getRandomBytes(32))
        A = powMod(srv_key_ex.srp_g,
                   a,
                   srv_key_ex.srp_N)
        x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
        v = powMod(srv_key_ex.srp_g,
                   x,
                   srv_key_ex.srp_N)
        u = makeU(srv_key_ex.srp_N,
                  A,
                  srv_key_ex.srp_B)

        k = makeK(srv_key_ex.srp_N,
                  srv_key_ex.srp_g)
        S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
                   a+(u*x),
                   srv_key_ex.srp_N)

        cln_premaster = numberToByteArray(S)

        cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)

        srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)

        self.assertEqual(cln_premaster, srv_premaster)
    def test_signServerKeyExchange_with_sha1_in_TLS1_2(self):
        def m(leght):
            return bytearray(leght)

        with mock.patch('tlslite.utils.rsakey.getRandomBytes', m):
            srv_private_key = parsePEMKey(srv_raw_key, private=True)
            client_hello = ClientHello()
            cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
            server_hello = ServerHello().create((3, 3),
                                                bytearray(32),
                                                bytearray(0),
                                                cipher_suite)
            keyExchange = KeyExchange(cipher_suite,
                                      client_hello,
                                      server_hello,
                                      srv_private_key)

            server_key_exchange = ServerKeyExchange(cipher_suite, (3, 3)) \
                .createDH(5, 2, 3)

            keyExchange.clientHello.random = bytearray(len(keyExchange.clientHello.random))
            keyExchange.serverHello.random = bytearray(len(keyExchange.clientHello.random))
            getRandomBytes = mock.Mock(
                return_value=bytearray(b'0'))

            keyExchange.signServerKeyExchange(server_key_exchange, 'rsa_pss_sha256')
            print(repr(server_key_exchange.signature))

            self.assertEqual(server_key_exchange.signature,bytearray(b'E\xae\x8e\xbe~RU\n\xab4\x8e\x10y\x94\x01\xdfVr\x8b\x03\xa4\xb7\x9dI\xf1\xb7\x16\xfa\xa0-\x9a\x16^pZ\x979\xc2&\xa5\xfcU\x9a"\xc7~u\x1e_y\xc1w\x91\x98L\x10\xb4\xed\x103\xdf\xac\xba\x19Q\x0e\x8an\x13\x99\x8d1\x17XK\x9a\x00\xcdno\xc7\xae\x92:pU\xf8\xfbl\xeeg\xe0s\x03\xc8\xcb\xe5\xc4\xb9z\xcf\nv\xca\x80`\xbe\xc9\x85\xcfM\x89\xaeE\xf0\xa1\xd8`\x99\x93\xa0Bp\x1cwW\xce\x8e'))
 def test_verifyServerKeyExchange_with_invalid_hash(self):
     with self.assertRaises(TLSIllegalParameterException):
         KeyExchange.verifyServerKeyExchange(self.server_key_exchange,
                                             self.srv_pub_key,
                                             self.client_hello.random,
                                             bytearray(32),
                                             [(HashAlgorithm.sha256,
                                               SignatureAlgorithm.rsa)])
 def test_verifyServerKeyExchange_with_invalid_hash(self):
     with self.assertRaises(TLSIllegalParameterException):
         KeyExchange.verifyServerKeyExchange(self.server_key_exchange,
                                             self.srv_pub_key,
                                             self.client_hello.random,
                                             bytearray(32),
                                             [(HashAlgorithm.sha256,
                                               SignatureAlgorithm.rsa)])
    def test_verifyServerKeyExchange_with_damaged_signature(self):
        self.server_key_exchange.signature[-1] ^= 0x01

        with self.assertRaises(TLSDecryptionFailed):
            KeyExchange.verifyServerKeyExchange(self.server_key_exchange,
                                                self.srv_pub_key,
                                                self.client_hello.random,
                                                bytearray(32),
                                                [(HashAlgorithm.sha1,
                                                  SignatureAlgorithm.rsa)])
    def test_verifyServerKeyExchange_with_damaged_signature(self):
        self.server_key_exchange.signature[-1] ^= 0x01

        with self.assertRaises(TLSDecryptionFailed):
            KeyExchange.verifyServerKeyExchange(self.server_key_exchange,
                                                self.srv_pub_key,
                                                self.client_hello.random,
                                                bytearray(32),
                                                [(HashAlgorithm.sha1,
                                                  SignatureAlgorithm.rsa)])
Example #12
0
    def process(self, state, msg):
        """Process the Server Key Exchange message"""
        assert msg.contentType == ContentType.handshake
        parser = Parser(msg.write())
        hs_type = parser.get(1)
        assert hs_type == HandshakeType.server_key_exchange

        if self.version is None:
            self.version = state.version
        if self.cipher_suite is None:
            self.cipher_suite = state.cipher
        valid_sig_algs = self.valid_sig_algs

        server_key_exchange = ServerKeyExchange(self.cipher_suite,
                                                self.version)
        server_key_exchange.parse(parser)

        client_random = state.client_random
        server_random = state.server_random
        public_key = state.get_server_public_key()
        server_hello = state.get_last_message_of_type(ServerHello)
        if server_hello is None:
            server_hello = ServerHello
            server_hello.server_version = state.version
        if valid_sig_algs is None:
            # if the value was unset in script, get the advertised value from
            # Client Hello
            client_hello = state.get_last_message_of_type(ClientHello)
            if client_hello is not None:
                sig_algs_ext = client_hello.getExtension(ExtensionType.
                                                         signature_algorithms)
                if sig_algs_ext is not None:
                    valid_sig_algs = sig_algs_ext.sigalgs
            if valid_sig_algs is None:
                # no advertised means support for sha1 only
                valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)]

        KeyExchange.verifyServerKeyExchange(server_key_exchange,
                                            public_key,
                                            client_random,
                                            server_random,
                                            valid_sig_algs)

        state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite,
                                                clientHello=None,
                                                serverHello=server_hello,
                                                privateKey=None)
        state.premaster_secret = state.key_exchange.\
                                 processServerKeyExchange(public_key,
                                                          server_key_exchange)

        state.handshake_messages.append(server_key_exchange)
        state.handshake_hashes.update(msg.write())
Example #13
0
    def generate(self, status):
        """Create a CertificateVerify message"""
        if self.version is None:
            self.version = status.version
        if self.sig_type is None and self.version >= (3, 3):
            cert_req = next((msg for msg in status.handshake_messages[::-1]
                             if isinstance(msg, CertificateRequest)), None)
            if cert_req is not None:
                self.sig_type = next((sig for sig in
                                      cert_req.supported_signature_algs
                                      if sig[1] == SignatureAlgorithm.rsa),
                                     None)
            if self.sig_type is None:
                self.sig_type = (HashAlgorithm.sha1,
                                 SignatureAlgorithm.rsa)
        # TODO: generate a random key if none provided
        if self.private_key is None:
            raise ValueError("Can't create a signature without private key!")

        verify_bytes = KeyExchange.calcVerifyBytes(status.version,
                                                   status.handshake_hashes,
                                                   self.sig_type,
                                                   status.premaster_secret,
                                                   status.client_random,
                                                   status.server_random)
        signature = self.private_key.sign(verify_bytes)

        cert_verify = CertificateVerify(status.version)
        cert_verify.create(signature, self.sig_type)

        self.msg = cert_verify
        return cert_verify
    def test_with_TLS1_2_and_no_overlap(self):
        certificate_request = CertificateRequest((3, 3))
        certificate_request.create([CertificateType.x509],
                                   [],
                                   [(HashAlgorithm.sha256,
                                     SignatureAlgorithm.rsa),
                                    (HashAlgorithm.sha224,
                                     SignatureAlgorithm.rsa)])

        certVerify = KeyExchange.makeCertificateVerify((3, 3),
                                                       self.handshake_hashes,
                                                       [(HashAlgorithm.sha1,
                                                         SignatureAlgorithm.rsa),
                                                        (HashAlgorithm.sha512,
                                                         SignatureAlgorithm.rsa)],
                                                       self.clnt_private_key,
                                                       certificate_request,
                                                       None, None, None)

        self.assertIsNotNone(certVerify)
        self.assertEqual(certVerify.version, (3, 3))
        # when there's no overlap, we select the most wanted from our side
        self.assertEqual(certVerify.signatureAlgorithm, (HashAlgorithm.sha1,
                                                         SignatureAlgorithm.rsa))
        self.assertEqual(certVerify.signature, bytearray(
            b'.\x03\xa2\xf0\xa0\xfb\xbeUs\xdb\x9b\xea\xcc(\xa6:l\x84\x8e\x13'
            b'\xa1\xaa\xdb1P\xe9\x06\x876\xbe+\xe92\x89\xaa\xa5EU\x07\x9a\xde'
            b'\xd37\xafGCR\xdam\xa2v\xde\xceeFI\x80:ZtL\x96\xafZ\xe2\xe2\xce/'
            b'\x9f\x82\xfe\xdb*\x94\xa8\xbd\xd9Hl\xdc\xc8\xbf\x9b=o\xda\x06'
            b'\xfa\x9e\xbfB+05\xc6\xda\xdf\x05\xf2m[\x18\x11\xaf\x184\x12\x9d'
            b'\xb4:\x9b\xc1U\x1c\xba\xa3\x05\xceOn\x0fY\xcaK*\x0b\x04\xa5'
            ))
    def test_with_TLS1_2_and_no_overlap(self):
        certificate_request = CertificateRequest((3, 3))
        certificate_request.create([CertificateType.x509],
                                   [],
                                   [(HashAlgorithm.sha256,
                                     SignatureAlgorithm.rsa),
                                    (HashAlgorithm.sha224,
                                     SignatureAlgorithm.rsa)])

        certVerify = KeyExchange.makeCertificateVerify((3, 3),
                                                       self.handshake_hashes,
                                                       [(HashAlgorithm.sha1,
                                                         SignatureAlgorithm.rsa),
                                                        (HashAlgorithm.sha512,
                                                         SignatureAlgorithm.rsa)],
                                                       self.clnt_private_key,
                                                       certificate_request,
                                                       None, None, None)

        self.assertIsNotNone(certVerify)
        self.assertEqual(certVerify.version, (3, 3))
        # when there's no overlap, we select the most wanted from our side
        self.assertEqual(certVerify.signatureAlgorithm, (HashAlgorithm.sha1,
                                                         SignatureAlgorithm.rsa))
        self.assertEqual(certVerify.signature, bytearray(
            b'.\x03\xa2\xf0\xa0\xfb\xbeUs\xdb\x9b\xea\xcc(\xa6:l\x84\x8e\x13'
            b'\xa1\xaa\xdb1P\xe9\x06\x876\xbe+\xe92\x89\xaa\xa5EU\x07\x9a\xde'
            b'\xd37\xafGCR\xdam\xa2v\xde\xceeFI\x80:ZtL\x96\xafZ\xe2\xe2\xce/'
            b'\x9f\x82\xfe\xdb*\x94\xa8\xbd\xd9Hl\xdc\xc8\xbf\x9b=o\xda\x06'
            b'\xfa\x9e\xbfB+05\xc6\xda\xdf\x05\xf2m[\x18\x11\xaf\x184\x12\x9d'
            b'\xb4:\x9b\xc1U\x1c\xba\xa3\x05\xceOn\x0fY\xcaK*\x0b\x04\xa5'
            ))
Example #16
0
    def generate(self, status):
        """Create a CertificateVerify message"""
        if self.msg_version is None:
            self.msg_version = status.version
        if self.sig_version is None:
            self.sig_version = self.msg_version
        if self.msg_alg is None and self.msg_version >= (3, 3):
            cert_req = next((msg for msg in status.handshake_messages[::-1]
                             if isinstance(msg, CertificateRequest)), None)
            if cert_req is not None:
                self.msg_alg = next(
                    (sig for sig in cert_req.supported_signature_algs
                     if sig[1] == SignatureAlgorithm.rsa), None)
            if self.msg_alg is None:
                self.msg_alg = (HashAlgorithm.sha1, SignatureAlgorithm.rsa)
        if self.sig_alg is None:
            self.sig_alg = self.msg_alg
        # TODO: generate a random key if none provided
        if self.private_key is None:
            raise ValueError("Can't create a signature without private key!")

        verify_bytes = KeyExchange.calcVerifyBytes(self.sig_version,
                                                   status.handshake_hashes,
                                                   self.sig_alg,
                                                   status.premaster_secret,
                                                   status.client_random,
                                                   status.server_random)
        signature = self.private_key.sign(verify_bytes)

        cert_verify = CertificateVerify(self.msg_version)
        cert_verify.create(signature, self.msg_alg)

        self.msg = cert_verify
        return cert_verify
    def test_signServerKeyExchange_in_TLS1_1(self):
        srv_private_key = parsePEMKey(srv_raw_key, private=True)
        client_hello = ClientHello()
        cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        server_hello = ServerHello().create((3, 2),
                                            bytearray(32),
                                            bytearray(0),
                                            cipher_suite)
        keyExchange = KeyExchange(cipher_suite,
                                  client_hello,
                                  server_hello,
                                  srv_private_key)
        server_key_exchange = ServerKeyExchange(cipher_suite, (3, 2))\
                              .createDH(5, 2, 3)

        keyExchange.signServerKeyExchange(server_key_exchange)

        self.assertEqual(server_key_exchange.write(), self.expected_tls1_1_SKE)
    def test_signServerKeyExchange_in_TLS1_1(self):
        srv_private_key = parsePEMKey(srv_raw_key, private=True)
        client_hello = ClientHello()
        cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        server_hello = ServerHello().create((3, 2),
                                            bytearray(32),
                                            bytearray(0),
                                            cipher_suite)
        keyExchange = KeyExchange(cipher_suite,
                                  client_hello,
                                  server_hello,
                                  srv_private_key)
        server_key_exchange = ServerKeyExchange(cipher_suite, (3, 2))\
                              .createDH(5, 2, 3)

        keyExchange.signServerKeyExchange(server_key_exchange)

        self.assertEqual(server_key_exchange.write(), self.expected_tls1_1_SKE)
    def test_signServerKeyExchange_in_TLS1_1_signature_invalid(self):
        srv_private_key = parsePEMKey(srv_raw_key, private=True)
        client_hello = ClientHello()
        cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        server_hello = ServerHello().create((3, 2),
                                            bytearray(32),
                                            bytearray(0),
                                            cipher_suite)
        keyExchange = KeyExchange(cipher_suite,
                                  client_hello,
                                  server_hello,
                                  srv_private_key)
        server_key_exchange = ServerKeyExchange(cipher_suite, (3, 2)) \
            .createDH(5, 2, 3)

        with self.assertRaises(TLSInternalError):
            keyExchange.privateKey.sign = mock.Mock(
                return_value=bytearray(b'wrong'))
            keyExchange.signServerKeyExchange(server_key_exchange)
    def test_with_TLS1_1(self):
        vrfy = KeyExchange.calcVerifyBytes((3, 2),
                                           self.handshake_hashes,
                                           None, None, None, None)

        self.assertEqual(vrfy, bytearray(
            # MD5 hash
            b'\xe9\x9f\xb4\xd24\xe9\xf41S\xe6?\xa5\xfe\xad\x16\x14'
            # SHA1 hash
            b'L3\x81\xad\x1b\xc2\x14\xc0\x8e\xba\xe4\xb8\xa2\x9d(6V1\xfb\xb0'
            ))
    def test_with_TLS1_1(self):
        vrfy = KeyExchange.calcVerifyBytes((3, 2),
                                           self.handshake_hashes,
                                           None, None, None, None)

        self.assertEqual(vrfy, bytearray(
            # MD5 hash
            b'\xe9\x9f\xb4\xd24\xe9\xf41S\xe6?\xa5\xfe\xad\x16\x14'
            # SHA1 hash
            b'L3\x81\xad\x1b\xc2\x14\xc0\x8e\xba\xe4\xb8\xa2\x9d(6V1\xfb\xb0'
            ))
    def test_with_SSL3(self):
        vrfy = KeyExchange.calcVerifyBytes((3, 0),
                                           self.handshake_hashes,
                                           None,
                                           bytearray(b'\x04'*48),
                                           bytearray(b'\xaa'*32),
                                           bytearray(b'\xbb'*32))

        self.assertEqual(vrfy, bytearray(
            b'r_\x06\xd2(\\}v\x87\xfc\xf5\xa2h\xd6S\xd8'
            b'\xed=\x9b\xe3\xd9_%qe\xa3k\xf5\x85\x0e?\x9fr\xfaML'
            ))
    def test_with_SSL3(self):
        vrfy = KeyExchange.calcVerifyBytes((3, 0),
                                           self.handshake_hashes,
                                           None,
                                           bytearray(b'\x04'*48),
                                           bytearray(b'\xaa'*32),
                                           bytearray(b'\xbb'*32))

        self.assertEqual(vrfy, bytearray(
            b'r_\x06\xd2(\\}v\x87\xfc\xf5\xa2h\xd6S\xd8'
            b'\xed=\x9b\xe3\xd9_%qe\xa3k\xf5\x85\x0e?\x9fr\xfaML'
            ))
 def test_with_TLS1_2(self):
     vrfy = KeyExchange.calcVerifyBytes((3, 3),
                                        self.handshake_hashes,
                                        (HashAlgorithm.sha1,
                                         SignatureAlgorithm.rsa),
                                        None,
                                        None,
                                        None)
     self.assertEqual(vrfy, bytearray(
         # PKCS#1 prefix
         b'0!0\t\x06\x05+\x0e\x03\x02\x1a\x05\x00\x04\x14'
         # SHA1 hash
         b'L3\x81\xad\x1b\xc2\x14\xc0\x8e\xba\xe4\xb8\xa2\x9d(6V1\xfb\xb0'))
 def test_with_TLS1_2(self):
     vrfy = KeyExchange.calcVerifyBytes((3, 3),
                                        self.handshake_hashes,
                                        (HashAlgorithm.sha1,
                                         SignatureAlgorithm.rsa),
                                        None,
                                        None,
                                        None)
     self.assertEqual(vrfy, bytearray(
         # PKCS#1 prefix
         b'0!0\t\x06\x05+\x0e\x03\x02\x1a\x05\x00\x04\x14'
         # SHA1 hash
         b'L3\x81\xad\x1b\xc2\x14\xc0\x8e\xba\xe4\xb8\xa2\x9d(6V1\xfb\xb0'))
    def test_ECDHE_key_exchange_with_invalid_CKE(self):
        srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')

        KeyExchange.verifyServerKeyExchange(srv_key_ex,
                                            self.srv_pub_key,
                                            self.client_hello.random,
                                            self.server_hello.random,
                                            [(HashAlgorithm.sha1,
                                              SignatureAlgorithm.rsa)])

        curveName = GroupName.toStr(srv_key_ex.named_curve)
        curve = getCurveByName(curveName)
        generator = curve.generator
        cln_Xc = ecdsa.util.randrange(generator.order())
        cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve)
        cln_Yc = encodeX962Point(generator * cln_Xc)

        cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3))
        cln_key_ex.createECDH(cln_Yc)

        cln_key_ex.ecdh_Yc[-1] ^= 0x01

        with self.assertRaises(TLSIllegalParameterException):
            self.keyExchange.processClientKeyExchange(cln_key_ex)
    def test_with_TLS1_1(self):
        certificate_request = CertificateRequest((3, 2))
        certificate_request.create([CertificateType.x509],
                                   [],
                                   None)

        certVerify = KeyExchange.makeCertificateVerify((3, 2),
                                                       self.handshake_hashes,
                                                       None,
                                                       self.clnt_private_key,
                                                       certificate_request,
                                                       None, None, None)

        self.assertIsNotNone(certVerify)
        self.assertEqual(certVerify.version, (3, 2))
        self.assertIsNone(certVerify.signatureAlgorithm)
        self.assertEqual(certVerify.signature, bytearray(
            b'=X\x14\xf3\r6\x0b\x84\xde&J\x15\xa02M\xc8\xf1?\xa0\x10U\x1e\x0b'
            b'\x95^\xa19\x14\xf5\xf1$\xe3U[\xb4/\xe7AY(\xee]\xff\x97H\xb8\xa9'
            b'\x8b\x96n\xa6\xf5\x0f\xffd\r\x08/Hs6`wi8\xc4\x02\xa4}a\xcbS\x99'
            b'\x01;\x0e\x88oj\x9a\x02\x98Y\xb5\x00$f@>\xd8\x0cS\x95\xa8\x9e'
            b'\x14uU\\Z\xd0.\xe7\x01_y\x1d\xea\xad\x1b\xf8c\xa6\xc9@\xc6\x90'
            b'\x19~&\xd9\xaa\xc2\t,s\xde\xb1'
            ))
    def test_with_TLS1_1(self):
        certificate_request = CertificateRequest((3, 2))
        certificate_request.create([CertificateType.x509],
                                   [],
                                   None)

        certVerify = KeyExchange.makeCertificateVerify((3, 2),
                                                       self.handshake_hashes,
                                                       None,
                                                       self.clnt_private_key,
                                                       certificate_request,
                                                       None, None, None)

        self.assertIsNotNone(certVerify)
        self.assertEqual(certVerify.version, (3, 2))
        self.assertIsNone(certVerify.signatureAlgorithm)
        self.assertEqual(certVerify.signature, bytearray(
            b'=X\x14\xf3\r6\x0b\x84\xde&J\x15\xa02M\xc8\xf1?\xa0\x10U\x1e\x0b'
            b'\x95^\xa19\x14\xf5\xf1$\xe3U[\xb4/\xe7AY(\xee]\xff\x97H\xb8\xa9'
            b'\x8b\x96n\xa6\xf5\x0f\xffd\r\x08/Hs6`wi8\xc4\x02\xa4}a\xcbS\x99'
            b'\x01;\x0e\x88oj\x9a\x02\x98Y\xb5\x00$f@>\xd8\x0cS\x95\xa8\x9e'
            b'\x14uU\\Z\xd0.\xe7\x01_y\x1d\xea\xad\x1b\xf8c\xa6\xc9@\xc6\x90'
            b'\x19~&\xd9\xaa\xc2\t,s\xde\xb1'
            ))
    def test___init__(self):
        keyExchange = KeyExchange(0, None, None, None)

        self.assertIsNotNone(keyExchange)
 def test_verifyServerKeyExchange_in_TLS1_1(self):
     KeyExchange.verifyServerKeyExchange(self.ske_tls1_1,
                                         self.srv_pub_key,
                                         self.client_hello.random,
                                         bytearray(32),
                                         None)
 def test_makeServerKeyExchange(self):
     keyExchange = KeyExchange(0, None, None, None)
     with self.assertRaises(NotImplementedError):
         keyExchange.makeServerKeyExchange()
 def test_verifyServerKeyExchange_in_TLS1_1(self):
     KeyExchange.verifyServerKeyExchange(self.ske_tls1_1,
                                         self.srv_pub_key,
                                         self.client_hello.random,
                                         bytearray(32),
                                         None)
Example #33
0
    def generate(self, status):
        """Create a CertificateVerify message."""
        if self.msg_version is None:
            self.msg_version = status.version
        if self.sig_version is None:
            self.sig_version = self.msg_version
        if self.msg_alg is None and self.msg_version >= (3, 3):
            cert_req = next((msg for msg in status.handshake_messages[::-1]
                             if isinstance(msg, CertificateRequest)), None)
            if cert_req is not None:
                self.msg_alg = next(
                    (sig for sig in cert_req.supported_signature_algs
                     if sig[1] == SignatureAlgorithm.rsa
                     or sig[0] == 8 and sig[1] in (4, 5, 6)), None)
            if self.msg_alg is None:
                self.msg_alg = (HashAlgorithm.sha1, SignatureAlgorithm.rsa)
        if self.sig_alg is None:
            self.sig_alg = self.msg_alg

        # we need a copy of the handshake hashes for use in Extended Master
        # Secret calculation
        status.certificate_verify_handshake_hashes = \
            status.handshake_hashes.copy()
        # TODO: generate a random key if none provided
        if self.signature is not None:
            signature = self.signature
        else:
            if self.private_key is None:
                raise ValueError("Can't create a signature without "
                                 "private key!")

            verify_bytes = KeyExchange.calcVerifyBytes(self.sig_version,
                                                       status.handshake_hashes,
                                                       self.sig_alg,
                                                       status.premaster_secret,
                                                       status.client_random,
                                                       status.server_random)

            # we don't have to handle non pkcs1 padding because the
            # calcVerifyBytes does everything
            scheme = SignatureScheme.toRepr(self.sig_alg)
            hashName = None
            saltLen = 0
            if scheme is None:
                padding = "pkcs1"
            else:
                padding = SignatureScheme.getPadding(scheme)
                if padding == 'pss':
                    hashName = SignatureScheme.getHash(scheme)
                    if self.rsa_pss_salt_len is None:
                        self.rsa_pss_salt_len = \
                                getattr(hashlib, hashName)().digest_size

            def _newRawPrivateKeyOp(self,
                                    m,
                                    original_rawPrivateKeyOp,
                                    subs=None,
                                    xors=None):
                signBytes = numberToByteArray(m, numBytes(self.n))
                signBytes = substitute_and_xor(signBytes, subs, xors)
                m = bytesToNumber(signBytes)
                return original_rawPrivateKeyOp(m)

            oldPrivateKeyOp = self.private_key._rawPrivateKeyOp
            self.private_key._rawPrivateKeyOp = \
                partial(_newRawPrivateKeyOp,
                        self.private_key,
                        original_rawPrivateKeyOp=oldPrivateKeyOp,
                        subs=self.padding_subs,
                        xors=self.padding_xors)
            signature = self.private_key.sign(verify_bytes, padding, hashName,
                                              self.rsa_pss_salt_len)
            self.private_key._rawPrivateKeyOp = oldPrivateKeyOp

        cert_verify = CertificateVerify(self.msg_version)
        cert_verify.create(signature, self.msg_alg)

        self.msg = cert_verify
        return cert_verify
Example #34
0
    def generate(self, status):
        """Create a CertificateVerify message."""
        if self.msg_version is None:
            self.msg_version = status.version
        if self.sig_version is None:
            self.sig_version = self.msg_version
        if self.msg_alg is None and self.msg_version >= (3, 3):
            cert_req = next((msg for msg in status.handshake_messages[::-1]
                             if isinstance(msg, CertificateRequest)), None)
            if cert_req is not None:
                self.msg_alg = next((sig for sig in
                                     cert_req.supported_signature_algs
                                     if sig[1] == SignatureAlgorithm.rsa or
                                     sig[0] == 8 and sig[1] in (4, 5, 6)),
                                    None)
            if self.msg_alg is None:
                self.msg_alg = (HashAlgorithm.sha1,
                                SignatureAlgorithm.rsa)
        if self.sig_alg is None:
            self.sig_alg = self.msg_alg

        # TODO: generate a random key if none provided
        if self.signature is not None:
            signature = self.signature
        else:
            if self.private_key is None:
                raise ValueError("Can't create a signature without "
                                 "private key!")

            verify_bytes = KeyExchange.calcVerifyBytes(self.sig_version,
                                                       status.handshake_hashes,
                                                       self.sig_alg,
                                                       status.premaster_secret,
                                                       status.client_random,
                                                       status.server_random)

            # we don't have to handle non pkcs1 padding because the
            # calcVerifyBytes does everything
            scheme = SignatureScheme.toRepr(self.sig_alg)
            hashName = None
            saltLen = 0
            if scheme is None:
                padding = "pkcs1"
            else:
                padding = SignatureScheme.getPadding(scheme)
                if padding == 'pss':
                    hashName = SignatureScheme.getHash(scheme)
                    if self.rsa_pss_salt_len is None:
                        self.rsa_pss_salt_len = \
                                getattr(hashlib, hashName)().digest_size

            def _newRawPrivateKeyOp(self, m, original_rawPrivateKeyOp,
                                    subs=None, xors=None):
                signBytes = numberToByteArray(m, numBytes(self.n))
                signBytes = substitute_and_xor(signBytes, subs, xors)
                m = bytesToNumber(signBytes)
                # RSA operations are defined only on numbers that are smaller
                # than the modulus, so ensure the XORing or substitutions
                # didn't break it (especially necessary for pycrypto as
                # it raises exception in such case)
                if m > self.n:
                    m %= self.n
                return original_rawPrivateKeyOp(m)

            oldPrivateKeyOp = self.private_key._rawPrivateKeyOp
            self.private_key._rawPrivateKeyOp = \
                partial(_newRawPrivateKeyOp,
                        self.private_key,
                        original_rawPrivateKeyOp=oldPrivateKeyOp,
                        subs=self.padding_subs,
                        xors=self.padding_xors)
            try:
                signature = self.private_key.sign(verify_bytes,
                                                  padding,
                                                  hashName,
                                                  self.rsa_pss_salt_len)
            finally:
                # make sure the changes are undone even if the signing fails
                self.private_key._rawPrivateKeyOp = oldPrivateKeyOp

        cert_verify = CertificateVerify(self.msg_version)
        cert_verify.create(signature, self.msg_alg)

        self.msg = cert_verify
        return cert_verify
 def test_processClientKeyExchange(self):
     keyExchange = KeyExchange(0, None, None, None)
     with self.assertRaises(NotImplementedError):
         keyExchange.processClientKeyExchange(None)
Example #36
0
    def process(self, state, msg):
        """Process the Server Key Exchange message"""
        assert msg.contentType == ContentType.handshake
        parser = Parser(msg.write())
        hs_type = parser.get(1)
        assert hs_type == HandshakeType.server_key_exchange

        if self.version is None:
            self.version = state.version
        if self.cipher_suite is None:
            self.cipher_suite = state.cipher
        valid_sig_algs = self.valid_sig_algs
        valid_groups = self.valid_groups

        server_key_exchange = ServerKeyExchange(self.cipher_suite,
                                                self.version)
        server_key_exchange.parse(parser)

        client_random = state.client_random
        server_random = state.server_random
        public_key = state.get_server_public_key()
        server_hello = state.get_last_message_of_type(ServerHello)
        if server_hello is None:
            server_hello = ServerHello
            server_hello.server_version = state.version
        if valid_sig_algs is None:
            # if the value was unset in script, get the advertised value from
            # Client Hello
            client_hello = state.get_last_message_of_type(ClientHello)
            if client_hello is not None:
                sig_algs_ext = client_hello.getExtension(
                    ExtensionType.signature_algorithms)
                if sig_algs_ext is not None:
                    valid_sig_algs = sig_algs_ext.sigalgs
            if valid_sig_algs is None:
                # no advertised means support for sha1 only
                valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)]

        KeyExchange.verifyServerKeyExchange(server_key_exchange, public_key,
                                            client_random, server_random,
                                            valid_sig_algs)

        if self.cipher_suite in CipherSuite.dhAllSuites:
            if valid_groups and any(i in range(256, 512)
                                    for i in valid_groups):
                self._checkParams(server_key_exchange)
            state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite,
                                                    clientHello=None,
                                                    serverHello=server_hello,
                                                    privateKey=None)
        elif self.cipher_suite in CipherSuite.ecdhAllSuites:
            # extract valid groups from Client Hello
            if valid_groups is None:
                client_hello = state.get_last_message_of_type(ClientHello)
                if client_hello is not None:
                    groups_ext = client_hello.getExtension(
                        ExtensionType.supported_groups)
                    if groups_ext is not None:
                        valid_groups = groups_ext.groups
                if valid_groups is None:
                    # no advertised means support for all
                    valid_groups = GroupName.allEC
            state.key_exchange = \
                ECDHE_RSAKeyExchange(self.cipher_suite,
                                     clientHello=None,
                                     serverHello=server_hello,
                                     privateKey=None,
                                     acceptedCurves=valid_groups)
        else:
            raise AssertionError("Unsupported cipher selected")
        state.premaster_secret = state.key_exchange.\
            processServerKeyExchange(public_key,
                                     server_key_exchange)

        state.handshake_messages.append(server_key_exchange)
        state.handshake_hashes.update(msg.write())
 def test_makeClientKeyExchange(self):
     srv_h = ServerHello().create((3, 3), bytearray(32), bytearray(0), 0)
     keyExchange = KeyExchange(0, None, srv_h, None)
     self.assertIsInstance(keyExchange.makeClientKeyExchange(),
                           ClientKeyExchange)
 def test_processServerKeyExchange(self):
     keyExchange = KeyExchange(0, None, None, None)
     with self.assertRaises(NotImplementedError):
         keyExchange.processServerKeyExchange(None, None)
 def test_makeClientKeyExchange(self):
     srv_h = ServerHello().create((3, 3), bytearray(32), bytearray(0), 0)
     keyExchange = KeyExchange(0, None, srv_h, None)
     self.assertIsInstance(keyExchange.makeClientKeyExchange(),
                           ClientKeyExchange)