def generate(self, status): """Create a Finished message.""" if self.protocol is None: self.protocol = status.version if self.protocol in ((0, 2), (2, 0)): finished = ClientFinished() verify_data = status.session_id # in SSLv2 we're using it as a CCS-of-sorts too status.msg_sock.changeWriteState() status.msg_sock.changeReadState() elif self.protocol <= (3, 3): finished = Finished(self.protocol) verify_data = calcFinished(status.version, status.key['master_secret'], status.cipher, status.handshake_hashes, status.client) else: # TLS 1.3 finished = Finished(self.protocol, status.prf_size) finished_key = HKDF_expand_label( status.key['client handshake traffic secret'], b'finished', b'', status.prf_size, status.prf_name) self.server_finish_hh = status.handshake_hashes.copy() verify_data = secureHMAC( finished_key, self.server_finish_hh.digest(status.prf_name), status.prf_name) status.key['client_verify_data'] = verify_data finished.create(verify_data) self.msg = finished return finished
def process(self, state, msg): """ @type state: ConnectionState @type msg: Message """ assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == HandshakeType.finished if self.version is None: self.version = state.version finished = Finished(self.version) finished.parse(parser) verify_expected = calcFinished(state.version, state.master_secret, state.cipher, state.handshake_hashes, not state.client) assert finished.verify_data == verify_expected state.handshake_messages.append(finished) state.server_verify_data = finished.verify_data state.handshake_hashes.update(msg.write())
def test_server_value(self): ret = calcFinished((3, 0), bytearray(48), 0, self.hhashes, False) self.assertEqual( bytearray( b'\xe3^aCb\x8a\xfc\x98\xbf\xd7\x08\xddX\xdc[\xeac\x02\xdb' + b'\x9b\x8aN\xed\xed\xaaZ\xcb\xda"\x87K\xff\x89m\xa9/'), ret)
def generate(self, status): """Create a Finished message""" if self.protocol is None: self.protocol = status.version if self.protocol in ((0, 2), (2, 0)): finished = ClientFinished() verify_data = status.session_id # in SSLv2 we're using it as a CCS-of-sorts too status.msg_sock.changeWriteState() status.msg_sock.changeReadState() else: finished = Finished(self.protocol) verify_data = calcFinished(status.version, status.master_secret, status.cipher, status.handshake_hashes, status.client) status.client_verify_data = verify_data finished.create(verify_data) self.msg = finished return finished
def test_server_value(self): ret_srv = calcFinished((3, 3), bytearray(48), CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, self.hhashes, False) self.assertEqual(bytearray( b'\x02St\x13\xa8\xe6\xb6\xa2\x1c4\xff\xc5'), ret_srv)
def test_server_value(self): ret_srv = calcFinished((3, 1), bytearray(48), 0, self.hhashes, False) self.assertEqual(12, len(ret_srv)) self.assertEqual(bytearray( b'kYB\xce \x7f\xbb\xee\xe5\xe7<\x9d'), ret_srv)
def test_server_value(self): ret_srv = calcFinished((3, 3), bytearray(48), 0, self.hhashes, False) self.assertEqual(12, len(self.finished)) self.assertEqual(bytearray( b'\xa8\xf1\xdf8s|\xedU\\Z=U'), ret_srv)
def test_server_value(self): ret = calcFinished((3, 0), bytearray(48), 0, self.hhashes, False) self.assertEqual(bytearray( b'\xe3^aCb\x8a\xfc\x98\xbf\xd7\x08\xddX\xdc[\xeac\x02\xdb'+ b'\x9b\x8aN\xed\xed\xaaZ\xcb\xda"\x87K\xff\x89m\xa9/'), ret)
def process(self, state, msg): """ @type state: ConnectionState @type msg: Message """ assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == self.handshake_type if self.version is None: self.version = state.version if self.version in ((0, 2), (2, 0)): finished = ServerFinished() else: finished = Finished(self.version) finished.parse(parser) if self.version in ((0, 2), (2, 0)): state.session_id = finished.verify_data else: verify_expected = calcFinished(state.version, state.master_secret, state.cipher, state.handshake_hashes, not state.client) assert finished.verify_data == verify_expected state.handshake_messages.append(finished) state.server_verify_data = finished.verify_data state.handshake_hashes.update(msg.write()) if self.version in ((0, 2), (2, 0)): state.msg_sock.handshake_finished = True
def setUp(self): super(TestCalcFinishedInTLS1_2WithSHA256, self).setUp() self.finished = calcFinished((3, 3), bytearray(48), 0, self.hhashes, True)
def setUp(self): super(TestCalcFinishedInTLS1_2WithSHA384, self).setUp() self.finished = calcFinished((3, 3), bytearray(48), CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, self.hhashes, True)
def setUp(self): super(TestCalcFinishedInSSL3, self).setUp() self.finished = calcFinished((3, 0), bytearray(48), 0, self.hhashes, True)
def process(self, state, msg): """ @type state: ConnectionState @type msg: Message """ assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == self.handshake_type if self.version is None: self.version = state.version if self.version in ((0, 2), (2, 0)): finished = ServerFinished() else: finished = Finished(self.version, state.prf_size) finished.parse(parser) if self.version in ((0, 2), (2, 0)): state.session_id = finished.verify_data elif self.version <= (3, 3): verify_expected = calcFinished(state.version, state.key['master_secret'], state.cipher, state.handshake_hashes, not state.client) assert finished.verify_data == verify_expected else: # TLS 1.3 finished_key = HKDF_expand_label( state.key['server handshake traffic secret'], b'finished', b'', state.prf_size, state.prf_name) transcript_hash = state.handshake_hashes.digest(state.prf_name) verify_expected = secureHMAC(finished_key, transcript_hash, state.prf_name) assert finished.verify_data == verify_expected state.handshake_messages.append(finished) state.key['server_verify_data'] = finished.verify_data state.handshake_hashes.update(msg.write()) if self.version in ((0, 2), (2, 0)): state.msg_sock.handshake_finished = True # in TLS 1.3 ChangeCipherSpec is a no-op, we need to attach # the change to some message if self.version > (3, 3): state.msg_sock.changeWriteState()
def generate(self, status): finished = Finished(self.protocol) verify_data = calcFinished(status.version, status.master_secret, status.cipher, status.handshake_hashes, status.client) status.client_verify_data = verify_data finished.create(verify_data) self.msg = finished return finished
def process(self, state, msg): """ @type state: ConnectionState @type msg: Message """ assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == HandshakeType.finished finished = Finished(self.version) finished.parse(parser) verify_expected = calcFinished(state.version, state.master_secret, state.cipher, state.handshake_hashes, not state.client) assert finished.verify_data == verify_expected state.handshake_messages.append(finished) state.server_verify_data = finished.verify_data
def test_server_value(self): ret_srv = calcFinished((3, 1), bytearray(48), 0, self.hhashes, False) self.assertEqual(12, len(ret_srv)) self.assertEqual(bytearray(b'kYB\xce \x7f\xbb\xee\xe5\xe7<\x9d'), ret_srv)
def setUp(self): super(TestCalcFinishedInTLS1_2WithSHA384, self).setUp() self.finished = calcFinished( (3, 3), bytearray(48), CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, self.hhashes, True)
def test_if_client_and_server_values_differ(self): ret_srv = calcFinished((3, 3), bytearray(48), CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, self.hhashes, False) self.assertNotEqual(self.finished, ret_srv)
def test_if_values_for_TLS1_0_and_TLS1_0_are_same(self): ret = calcFinished((3, 2), bytearray(48), 0, self.hhashes, True) self.assertEqual(self.finished, ret)
def test_server_value(self): ret_srv = calcFinished((3, 3), bytearray(48), 0, self.hhashes, False) self.assertEqual(12, len(self.finished)) self.assertEqual(bytearray(b'\xa8\xf1\xdf8s|\xedU\\Z=U'), ret_srv)
def test_if_client_and_server_values_differ(self): ret_srv = calcFinished((3, 3), bytearray(48), 0, self.hhashes, False) self.assertNotEqual(ret_srv, self.finished)
def process(self, state, msg): """ @type state: ConnectionState @type msg: Message """ assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == self.handshake_type if self.version is None: self.version = state.version if self.version in ((0, 2), (2, 0)): finished = ServerFinished() else: finished = Finished(self.version, state.prf_size) finished.parse(parser) if self.version in ((0, 2), (2, 0)): state.session_id = finished.verify_data elif self.version <= (3, 3): verify_expected = calcFinished(state.version, state.key['master_secret'], state.cipher, state.handshake_hashes, not state.client) assert finished.verify_data == verify_expected else: # TLS 1.3 finished_key = HKDF_expand_label( state.key['server handshake traffic secret'], b'finished', b'', state.prf_size, state.prf_name) transcript_hash = state.handshake_hashes.digest(state.prf_name) verify_expected = secureHMAC(finished_key, transcript_hash, state.prf_name) assert finished.verify_data == verify_expected state.handshake_messages.append(finished) state.key['server_verify_data'] = finished.verify_data state.handshake_hashes.update(msg.write()) if self.version in ((0, 2), (2, 0)): state.msg_sock.handshake_finished = True if self.version > (3, 3): # in TLS 1.3 ChangeCipherSpec is a no-op, so we need to attach # the change for reading to some message that is always sent state.msg_sock.changeWriteState() # we now need to calculate application traffic keys to allow # correct interpretation of the alerts regarding Certificate, # CertificateVerify and Finished # derive the master secret secret = derive_secret(state.key['handshake secret'], b'derived', None, state.prf_name) secret = secureHMAC(secret, bytearray(state.prf_size), state.prf_name) state.key['master secret'] = secret # derive encryption keys c_traff_sec = derive_secret(secret, b'c ap traffic', state.handshake_hashes, state.prf_name) state.key['client application traffic secret'] = c_traff_sec s_traff_sec = derive_secret(secret, b's ap traffic', state.handshake_hashes, state.prf_name) state.key['server application traffic secret'] = s_traff_sec # derive TLS exporter key exp_ms = derive_secret(secret, b'exp master', state.handshake_hashes, state.prf_name) state.key['exporter master secret'] = exp_ms # set up the encryption keys for application data state.msg_sock.calcTLS1_3PendingState(state.cipher, c_traff_sec, s_traff_sec, None) state.msg_sock.changeReadState()
def test_server_value(self): ret_srv = calcFinished((3, 3), bytearray(48), CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, self.hhashes, False) self.assertEqual(bytearray(b'\x02St\x13\xa8\xe6\xb6\xa2\x1c4\xff\xc5'), ret_srv)
def test_if_multiple_runs_are_the_same(self): ret2 = calcFinished((3, 0), bytearray(48), 0, self.hhashes, True) self.assertEqual(self.finished, ret2)