def circuitConnected( self ):
"""
Initiate a ScrambleSuit handshake.
This method is only relevant for clients since servers never initiate
handshakes. If a session ticket is available, it is redeemed.
Otherwise, a UniformDH handshake is conducted.
"""
# The server handles the handshake passively.
if self.weAreServer:
return
# The preferred authentication mechanism is a session ticket.
bridge = self.circuit.downstream.transport.getPeer()
storedTicket = ticket.findStoredTicket(bridge)
if storedTicket is not None:
log.debug("Redeeming stored session ticket.")
(masterKey, rawTicket) = storedTicket
self.deriveSecrets(masterKey)
self.circuit.downstream.write(ticket.createTicketMessage(rawTicket,
self.sendHMAC))
# We switch to ST_CONNECTED opportunistically since we don't know
# yet whether the server accepted the ticket.
log.debug("Switching to state ST_CONNECTED.")
self.protoState = const.ST_CONNECTED
self.flushSendBuffer()
# Conduct an authenticated UniformDH handshake if there's no ticket.
else:
log.debug("No session ticket to redeem. Running UniformDH.")
self.circuit.downstream.write(self.uniformdh.createHandshake())
def circuitConnected(self):
"""
Initiate a ScrambleSuit handshake.
This method is only relevant for clients since servers never initiate
handshakes. If a session ticket is available, it is redeemed.
Otherwise, a UniformDH handshake is conducted.
"""
# The server handles the handshake passively.
if self.weAreServer:
return
# The preferred authentication mechanism is a session ticket.
bridge = self.circuit.downstream.transport.getPeer()
storedTicket = ticket.findStoredTicket(bridge)
if storedTicket is not None:
log.debug("Redeeming stored session ticket.")
(masterKey, rawTicket) = storedTicket
self.deriveSecrets(masterKey)
self.circuit.downstream.write(
ticket.createTicketMessage(rawTicket, self.sendHMAC))
# We switch to ST_CONNECTED opportunistically since we don't know
# yet whether the server accepted the ticket.
log.debug("Switching to state ST_CONNECTED.")
self.protoState = const.ST_CONNECTED
self.flushSendBuffer()
# Conduct an authenticated UniformDH handshake if there's no ticket.
else:
log.debug("No session ticket to redeem. Running UniformDH.")
self.circuit.downstream.write(self.uniformdh.createHandshake())
def test1_authentication( self ):
srvState = state.State()
srvState.genState()
ss = scramblesuit.ScrambleSuitTransport()
ss.srvState = srvState
realEpoch = util.getEpoch
# Try three valid and one invalid epoch value.
for epoch in util.expandedEpoch() + ["000000"]:
util.getEpoch = lambda: epoch
# Prepare ticket message.
blurb = ticket.issueTicketAndKey(srvState)
rawTicket = blurb[const.MASTER_KEY_LENGTH:]
masterKey = blurb[:const.MASTER_KEY_LENGTH]
ss.deriveSecrets(masterKey)
ticketMsg = ticket.createTicketMessage(rawTicket, ss.recvHMAC)
util.getEpoch = realEpoch
buf = obfs_buf.Buffer()
buf.write(ticketMsg)
if epoch == "000000":
self.assertFalse(ss.receiveTicket(buf))
else:
self.assertTrue(ss.receiveTicket(buf))
