def test_SRP_key_exchange(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256') KeyExchange.verifyServerKeyExchange(srv_key_ex, self.srv_pub_key, self.client_hello.random, self.server_hello.random, [(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) a = bytesToNumber(getRandomBytes(32)) A = powMod(srv_key_ex.srp_g, a, srv_key_ex.srp_N) x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password')) v = powMod(srv_key_ex.srp_g, x, srv_key_ex.srp_N) u = makeU(srv_key_ex.srp_N, A, srv_key_ex.srp_B) k = makeK(srv_key_ex.srp_N, srv_key_ex.srp_g) S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N, a+(u*x), srv_key_ex.srp_N) cln_premaster = numberToByteArray(S) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A) srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_premaster, srv_premaster)
def test_ECDHE_key_exchange(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') KeyExchange.verifyServerKeyExchange(srv_key_ex, self.srv_pub_key, self.client_hello.random, self.server_hello.random, [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)]) curveName = GroupName.toStr(srv_key_ex.named_curve) curve = getCurveByName(curveName) generator = curve.generator cln_Xc = ecdsa.util.randrange(generator.order()) cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve) cln_Yc = encodeX962Point(generator * cln_Xc) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)) cln_key_ex.createECDH(cln_Yc) cln_S = cln_Ys * cln_Xc cln_premaster = numberToByteArray(cln_S.x(), getPointByteSize(cln_S)) srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_premaster, srv_premaster)
def test_verifyServerKeyExchange(self): KeyExchange.verifyServerKeyExchange(self.server_key_exchange, self.srv_pub_key, self.client_hello.random, bytearray(32), [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)])
def test_ECDHE_key_exchange(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') KeyExchange.verifyServerKeyExchange(srv_key_ex, self.srv_pub_key, self.client_hello.random, self.server_hello.random, [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)]) curveName = GroupName.toStr(srv_key_ex.named_curve) curve = getCurveByName(curveName) generator = curve.generator cln_Xc = ecdsa.util.randrange(generator.order()) cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve) cln_Yc = encodeX962Point(generator * cln_Xc) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)) cln_key_ex.createECDH(cln_Yc) cln_S = cln_Ys * cln_Xc cln_premaster = numberToByteArray(cln_S.x(), getPointByteSize(cln_S)) srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_premaster, srv_premaster)
def test_SRP_key_exchange(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256') KeyExchange.verifyServerKeyExchange(srv_key_ex, self.srv_pub_key, self.client_hello.random, self.server_hello.random, [(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) a = bytesToNumber(getRandomBytes(32)) A = powMod(srv_key_ex.srp_g, a, srv_key_ex.srp_N) x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password')) v = powMod(srv_key_ex.srp_g, x, srv_key_ex.srp_N) u = makeU(srv_key_ex.srp_N, A, srv_key_ex.srp_B) k = makeK(srv_key_ex.srp_N, srv_key_ex.srp_g) S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N, a+(u*x), srv_key_ex.srp_N) cln_premaster = numberToByteArray(S) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A) srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_premaster, srv_premaster)
def test_verifyServerKeyExchange(self): KeyExchange.verifyServerKeyExchange(self.server_key_exchange, self.srv_pub_key, self.client_hello.random, bytearray(32), [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)])
def test_verifyServerKeyExchange_with_invalid_hash(self): with self.assertRaises(TLSIllegalParameterException): KeyExchange.verifyServerKeyExchange(self.server_key_exchange, self.srv_pub_key, self.client_hello.random, bytearray(32), [(HashAlgorithm.sha256, SignatureAlgorithm.rsa)])
def test_verifyServerKeyExchange_with_invalid_hash(self): with self.assertRaises(TLSIllegalParameterException): KeyExchange.verifyServerKeyExchange(self.server_key_exchange, self.srv_pub_key, self.client_hello.random, bytearray(32), [(HashAlgorithm.sha256, SignatureAlgorithm.rsa)])
def test_verifyServerKeyExchange_with_damaged_signature(self): self.server_key_exchange.signature[-1] ^= 0x01 with self.assertRaises(TLSDecryptionFailed): KeyExchange.verifyServerKeyExchange(self.server_key_exchange, self.srv_pub_key, self.client_hello.random, bytearray(32), [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)])
def test_verifyServerKeyExchange_with_damaged_signature(self): self.server_key_exchange.signature[-1] ^= 0x01 with self.assertRaises(TLSDecryptionFailed): KeyExchange.verifyServerKeyExchange(self.server_key_exchange, self.srv_pub_key, self.client_hello.random, bytearray(32), [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)])
def process(self, state, msg): """Process the Server Key Exchange message""" assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == HandshakeType.server_key_exchange if self.version is None: self.version = state.version if self.cipher_suite is None: self.cipher_suite = state.cipher valid_sig_algs = self.valid_sig_algs server_key_exchange = ServerKeyExchange(self.cipher_suite, self.version) server_key_exchange.parse(parser) client_random = state.client_random server_random = state.server_random public_key = state.get_server_public_key() server_hello = state.get_last_message_of_type(ServerHello) if server_hello is None: server_hello = ServerHello server_hello.server_version = state.version if valid_sig_algs is None: # if the value was unset in script, get the advertised value from # Client Hello client_hello = state.get_last_message_of_type(ClientHello) if client_hello is not None: sig_algs_ext = client_hello.getExtension(ExtensionType. signature_algorithms) if sig_algs_ext is not None: valid_sig_algs = sig_algs_ext.sigalgs if valid_sig_algs is None: # no advertised means support for sha1 only valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)] KeyExchange.verifyServerKeyExchange(server_key_exchange, public_key, client_random, server_random, valid_sig_algs) state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite, clientHello=None, serverHello=server_hello, privateKey=None) state.premaster_secret = state.key_exchange.\ processServerKeyExchange(public_key, server_key_exchange) state.handshake_messages.append(server_key_exchange) state.handshake_hashes.update(msg.write())
def test_ECDHE_key_exchange_with_invalid_CKE(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') KeyExchange.verifyServerKeyExchange(srv_key_ex, self.srv_pub_key, self.client_hello.random, self.server_hello.random, [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)]) curveName = GroupName.toStr(srv_key_ex.named_curve) curve = getCurveByName(curveName) generator = curve.generator cln_Xc = ecdsa.util.randrange(generator.order()) cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve) cln_Yc = encodeX962Point(generator * cln_Xc) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)) cln_key_ex.createECDH(cln_Yc) cln_key_ex.ecdh_Yc[-1] ^= 0x01 with self.assertRaises(TLSIllegalParameterException): self.keyExchange.processClientKeyExchange(cln_key_ex)
def process(self, state, msg): """Process the Server Key Exchange message""" assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == HandshakeType.server_key_exchange if self.version is None: self.version = state.version if self.cipher_suite is None: self.cipher_suite = state.cipher valid_sig_algs = self.valid_sig_algs valid_groups = self.valid_groups server_key_exchange = ServerKeyExchange(self.cipher_suite, self.version) server_key_exchange.parse(parser) client_random = state.client_random server_random = state.server_random public_key = state.get_server_public_key() server_hello = state.get_last_message_of_type(ServerHello) if server_hello is None: server_hello = ServerHello server_hello.server_version = state.version if valid_sig_algs is None: # if the value was unset in script, get the advertised value from # Client Hello client_hello = state.get_last_message_of_type(ClientHello) if client_hello is not None: sig_algs_ext = client_hello.getExtension( ExtensionType.signature_algorithms) if sig_algs_ext is not None: valid_sig_algs = sig_algs_ext.sigalgs if valid_sig_algs is None: # no advertised means support for sha1 only valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)] KeyExchange.verifyServerKeyExchange(server_key_exchange, public_key, client_random, server_random, valid_sig_algs) if self.cipher_suite in CipherSuite.dhAllSuites: if valid_groups and any(i in range(256, 512) for i in valid_groups): self._checkParams(server_key_exchange) state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite, clientHello=None, serverHello=server_hello, privateKey=None) elif self.cipher_suite in CipherSuite.ecdhAllSuites: # extract valid groups from Client Hello if valid_groups is None: client_hello = state.get_last_message_of_type(ClientHello) if client_hello is not None: groups_ext = client_hello.getExtension( ExtensionType.supported_groups) if groups_ext is not None: valid_groups = groups_ext.groups if valid_groups is None: # no advertised means support for all valid_groups = GroupName.allEC state.key_exchange = \ ECDHE_RSAKeyExchange(self.cipher_suite, clientHello=None, serverHello=server_hello, privateKey=None, acceptedCurves=valid_groups) else: raise AssertionError("Unsupported cipher selected") state.premaster_secret = state.key_exchange.\ processServerKeyExchange(public_key, server_key_exchange) state.handshake_messages.append(server_key_exchange) state.handshake_hashes.update(msg.write())
def test_verifyServerKeyExchange_in_TLS1_1(self): KeyExchange.verifyServerKeyExchange(self.ske_tls1_1, self.srv_pub_key, self.client_hello.random, bytearray(32), None)
def test_verifyServerKeyExchange_in_TLS1_1(self): KeyExchange.verifyServerKeyExchange(self.ske_tls1_1, self.srv_pub_key, self.client_hello.random, bytearray(32), None)