def generate(self, status):
"""Create a Finished message."""
if self.protocol is None:
self.protocol = status.version
if self.protocol in ((0, 2), (2, 0)):
finished = ClientFinished()
verify_data = status.session_id
# in SSLv2 we're using it as a CCS-of-sorts too
status.msg_sock.changeWriteState()
status.msg_sock.changeReadState()
elif self.protocol <= (3, 3):
finished = Finished(self.protocol)
verify_data = calcFinished(status.version,
status.key['master_secret'],
status.cipher, status.handshake_hashes,
status.client)
else: # TLS 1.3
finished = Finished(self.protocol, status.prf_size)
finished_key = HKDF_expand_label(
status.key['client handshake traffic secret'], b'finished',
b'', status.prf_size, status.prf_name)
self.server_finish_hh = status.handshake_hashes.copy()
verify_data = secureHMAC(
finished_key, self.server_finish_hh.digest(status.prf_name),
status.prf_name)
status.key['client_verify_data'] = verify_data
finished.create(verify_data)
self.msg = finished
return finished
def process(self, state, msg):
"""
@type state: ConnectionState
@type msg: Message
"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == HandshakeType.finished
if self.version is None:
self.version = state.version
finished = Finished(self.version)
finished.parse(parser)
verify_expected = calcFinished(state.version,
state.master_secret,
state.cipher,
state.handshake_hashes,
not state.client)
assert finished.verify_data == verify_expected
state.handshake_messages.append(finished)
state.server_verify_data = finished.verify_data
state.handshake_hashes.update(msg.write())
def test_server_value(self):
ret = calcFinished((3, 0), bytearray(48), 0, self.hhashes, False)
self.assertEqual(
bytearray(
b'\xe3^aCb\x8a\xfc\x98\xbf\xd7\x08\xddX\xdc[\xeac\x02\xdb' +
b'\x9b\x8aN\xed\xed\xaaZ\xcb\xda"\x87K\xff\x89m\xa9/'), ret)
def generate(self, status):
"""Create a Finished message"""
if self.protocol is None:
self.protocol = status.version
if self.protocol in ((0, 2), (2, 0)):
finished = ClientFinished()
verify_data = status.session_id
# in SSLv2 we're using it as a CCS-of-sorts too
status.msg_sock.changeWriteState()
status.msg_sock.changeReadState()
else:
finished = Finished(self.protocol)
verify_data = calcFinished(status.version, status.master_secret,
status.cipher, status.handshake_hashes,
status.client)
status.client_verify_data = verify_data
finished.create(verify_data)
self.msg = finished
return finished
def test_server_value(self):
ret_srv = calcFinished((3, 3), bytearray(48),
CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
self.hhashes, False)
self.assertEqual(bytearray(
b'\x02St\x13\xa8\xe6\xb6\xa2\x1c4\xff\xc5'),
ret_srv)
def test_server_value(self):
ret_srv = calcFinished((3, 1), bytearray(48), 0, self.hhashes, False)
self.assertEqual(12, len(ret_srv))
self.assertEqual(bytearray(
b'kYB\xce \x7f\xbb\xee\xe5\xe7<\x9d'),
ret_srv)
def test_server_value(self):
ret_srv = calcFinished((3, 3), bytearray(48), 0, self.hhashes, False)
self.assertEqual(12, len(self.finished))
self.assertEqual(bytearray(
b'\xa8\xf1\xdf8s|\xedU\\Z=U'),
ret_srv)
def test_server_value(self):
ret = calcFinished((3, 0), bytearray(48), 0, self.hhashes, False)
self.assertEqual(bytearray(
b'\xe3^aCb\x8a\xfc\x98\xbf\xd7\x08\xddX\xdc[\xeac\x02\xdb'+
b'\x9b\x8aN\xed\xed\xaaZ\xcb\xda"\x87K\xff\x89m\xa9/'),
ret)
def process(self, state, msg):
"""
@type state: ConnectionState
@type msg: Message
"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == self.handshake_type
if self.version is None:
self.version = state.version
if self.version in ((0, 2), (2, 0)):
finished = ServerFinished()
else:
finished = Finished(self.version)
finished.parse(parser)
if self.version in ((0, 2), (2, 0)):
state.session_id = finished.verify_data
else:
verify_expected = calcFinished(state.version, state.master_secret,
state.cipher,
state.handshake_hashes,
not state.client)
assert finished.verify_data == verify_expected
state.handshake_messages.append(finished)
state.server_verify_data = finished.verify_data
state.handshake_hashes.update(msg.write())
if self.version in ((0, 2), (2, 0)):
state.msg_sock.handshake_finished = True
def setUp(self):
super(TestCalcFinishedInTLS1_2WithSHA256, self).setUp()
self.finished = calcFinished((3, 3),
bytearray(48),
0,
self.hhashes,
True)
def setUp(self):
super(TestCalcFinishedInTLS1_2WithSHA384, self).setUp()
self.finished = calcFinished((3, 3),
bytearray(48),
CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
self.hhashes,
True)
def setUp(self):
super(TestCalcFinishedInSSL3, self).setUp()
self.finished = calcFinished((3, 0),
bytearray(48),
0,
self.hhashes,
True)
def process(self, state, msg):
"""
@type state: ConnectionState
@type msg: Message
"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == self.handshake_type
if self.version is None:
self.version = state.version
if self.version in ((0, 2), (2, 0)):
finished = ServerFinished()
else:
finished = Finished(self.version, state.prf_size)
finished.parse(parser)
if self.version in ((0, 2), (2, 0)):
state.session_id = finished.verify_data
elif self.version <= (3, 3):
verify_expected = calcFinished(state.version,
state.key['master_secret'],
state.cipher,
state.handshake_hashes,
not state.client)
assert finished.verify_data == verify_expected
else: # TLS 1.3
finished_key = HKDF_expand_label(
state.key['server handshake traffic secret'],
b'finished',
b'',
state.prf_size,
state.prf_name)
transcript_hash = state.handshake_hashes.digest(state.prf_name)
verify_expected = secureHMAC(finished_key,
transcript_hash,
state.prf_name)
assert finished.verify_data == verify_expected
state.handshake_messages.append(finished)
state.key['server_verify_data'] = finished.verify_data
state.handshake_hashes.update(msg.write())
if self.version in ((0, 2), (2, 0)):
state.msg_sock.handshake_finished = True
# in TLS 1.3 ChangeCipherSpec is a no-op, we need to attach
# the change to some message
if self.version > (3, 3):
state.msg_sock.changeWriteState()
def generate(self, status):
finished = Finished(self.protocol)
verify_data = calcFinished(status.version, status.master_secret,
status.cipher, status.handshake_hashes,
status.client)
status.client_verify_data = verify_data
finished.create(verify_data)
self.msg = finished
return finished
def generate(self, status):
finished = Finished(self.protocol)
verify_data = calcFinished(status.version,
status.master_secret,
status.cipher,
status.handshake_hashes,
status.client)
status.client_verify_data = verify_data
finished.create(verify_data)
self.msg = finished
return finished
def process(self, state, msg):
"""
@type state: ConnectionState
@type msg: Message
"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == HandshakeType.finished
finished = Finished(self.version)
finished.parse(parser)
verify_expected = calcFinished(state.version, state.master_secret,
state.cipher, state.handshake_hashes,
not state.client)
assert finished.verify_data == verify_expected
state.handshake_messages.append(finished)
state.server_verify_data = finished.verify_data
def process(self, state, msg):
"""
@type state: ConnectionState
@type msg: Message
"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == self.handshake_type
if self.version is None:
self.version = state.version
if self.version in ((0, 2), (2, 0)):
finished = ServerFinished()
else:
finished = Finished(self.version)
finished.parse(parser)
if self.version in ((0, 2), (2, 0)):
state.session_id = finished.verify_data
else:
verify_expected = calcFinished(state.version,
state.master_secret,
state.cipher,
state.handshake_hashes,
not state.client)
assert finished.verify_data == verify_expected
state.handshake_messages.append(finished)
state.server_verify_data = finished.verify_data
state.handshake_hashes.update(msg.write())
if self.version in ((0, 2), (2, 0)):
state.msg_sock.handshake_finished = True
def test_server_value(self):
ret_srv = calcFinished((3, 1), bytearray(48), 0, self.hhashes, False)
self.assertEqual(12, len(ret_srv))
self.assertEqual(bytearray(b'kYB\xce \x7f\xbb\xee\xe5\xe7<\x9d'),
ret_srv)
def setUp(self):
super(TestCalcFinishedInTLS1_2WithSHA384, self).setUp()
self.finished = calcFinished(
(3, 3), bytearray(48), CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
self.hhashes, True)
def test_if_client_and_server_values_differ(self):
ret_srv = calcFinished((3, 3), bytearray(48),
CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
self.hhashes, False)
self.assertNotEqual(self.finished, ret_srv)
def test_if_values_for_TLS1_0_and_TLS1_0_are_same(self):
ret = calcFinished((3, 2), bytearray(48), 0, self.hhashes, True)
self.assertEqual(self.finished, ret)
def test_server_value(self):
ret_srv = calcFinished((3, 3), bytearray(48), 0, self.hhashes, False)
self.assertEqual(12, len(self.finished))
self.assertEqual(bytearray(b'\xa8\xf1\xdf8s|\xedU\\Z=U'), ret_srv)
def setUp(self):
super(TestCalcFinishedInTLS1_2WithSHA256, self).setUp()
self.finished = calcFinished((3, 3), bytearray(48), 0, self.hhashes,
True)
def test_if_client_and_server_values_differ(self):
ret_srv = calcFinished((3, 3), bytearray(48), 0, self.hhashes, False)
self.assertNotEqual(ret_srv, self.finished)
def test_if_client_and_server_values_differ(self):
ret_srv = calcFinished((3, 3), bytearray(48), 0, self.hhashes, False)
self.assertNotEqual(ret_srv, self.finished)
def test_if_values_for_TLS1_0_and_TLS1_0_are_same(self):
ret = calcFinished((3, 2), bytearray(48), 0, self.hhashes, True)
self.assertEqual(self.finished, ret)
def process(self, state, msg):
"""
@type state: ConnectionState
@type msg: Message
"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == self.handshake_type
if self.version is None:
self.version = state.version
if self.version in ((0, 2), (2, 0)):
finished = ServerFinished()
else:
finished = Finished(self.version, state.prf_size)
finished.parse(parser)
if self.version in ((0, 2), (2, 0)):
state.session_id = finished.verify_data
elif self.version <= (3, 3):
verify_expected = calcFinished(state.version,
state.key['master_secret'],
state.cipher,
state.handshake_hashes,
not state.client)
assert finished.verify_data == verify_expected
else: # TLS 1.3
finished_key = HKDF_expand_label(
state.key['server handshake traffic secret'], b'finished', b'',
state.prf_size, state.prf_name)
transcript_hash = state.handshake_hashes.digest(state.prf_name)
verify_expected = secureHMAC(finished_key, transcript_hash,
state.prf_name)
assert finished.verify_data == verify_expected
state.handshake_messages.append(finished)
state.key['server_verify_data'] = finished.verify_data
state.handshake_hashes.update(msg.write())
if self.version in ((0, 2), (2, 0)):
state.msg_sock.handshake_finished = True
if self.version > (3, 3):
# in TLS 1.3 ChangeCipherSpec is a no-op, so we need to attach
# the change for reading to some message that is always sent
state.msg_sock.changeWriteState()
# we now need to calculate application traffic keys to allow
# correct interpretation of the alerts regarding Certificate,
# CertificateVerify and Finished
# derive the master secret
secret = derive_secret(state.key['handshake secret'], b'derived',
None, state.prf_name)
secret = secureHMAC(secret, bytearray(state.prf_size),
state.prf_name)
state.key['master secret'] = secret
# derive encryption keys
c_traff_sec = derive_secret(secret, b'c ap traffic',
state.handshake_hashes, state.prf_name)
state.key['client application traffic secret'] = c_traff_sec
s_traff_sec = derive_secret(secret, b's ap traffic',
state.handshake_hashes, state.prf_name)
state.key['server application traffic secret'] = s_traff_sec
# derive TLS exporter key
exp_ms = derive_secret(secret, b'exp master',
state.handshake_hashes, state.prf_name)
state.key['exporter master secret'] = exp_ms
# set up the encryption keys for application data
state.msg_sock.calcTLS1_3PendingState(state.cipher, c_traff_sec,
s_traff_sec, None)
state.msg_sock.changeReadState()
def test_server_value(self):
ret_srv = calcFinished((3, 3), bytearray(48),
CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
self.hhashes, False)
self.assertEqual(bytearray(b'\x02St\x13\xa8\xe6\xb6\xa2\x1c4\xff\xc5'),
ret_srv)
def test_if_multiple_runs_are_the_same(self):
ret2 = calcFinished((3, 0), bytearray(48), 0, self.hhashes, True)
self.assertEqual(self.finished, ret2)
def test_if_client_and_server_values_differ(self):
ret_srv = calcFinished((3, 3), bytearray(48),
CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
self.hhashes, False)
self.assertNotEqual(self.finished, ret_srv)
def setUp(self):
super(TestCalcFinishedInSSL3, self).setUp()
self.finished = calcFinished((3, 0), bytearray(48), 0, self.hhashes,
True)
def test_if_multiple_runs_are_the_same(self):
ret2 = calcFinished((3, 0), bytearray(48), 0, self.hhashes, True)
self.assertEqual(self.finished, ret2)
