def test_process_with_ECDHE_RSA(self):
exp = ExpectServerKeyExchange()
state = ConnectionState()
state.cipher = CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
client_hello.extensions = [
SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)]),
SupportedGroupsExtension().create([GroupName.secp256r1])
]
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
server_hello.random = bytearray(32)
state.server_random = server_hello.random
# server hello is not necessary for the test to work
#state.handshake_messages.append(server_hello)
state.handshake_messages.append(cert)
srv_key_exchange = ECDHE_RSAKeyExchange(
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, client_hello,
server_hello, private_key, [GroupName.secp256r1])
msg = srv_key_exchange.makeServerKeyExchange('sha256')
exp.process(state, msg)
def test_client_ECDHE_key_exchange_with_invalid_server_curve(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
srv_key_ex.named_curve = GroupName.secp384r1
client_keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None,
[GroupName.secp256r1])
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, srv_key_ex)
def test_client_ECDHE_key_exchange_with_invalid_server_curve(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
srv_key_ex.named_curve = GroupName.secp384r1
client_keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None,
[GroupName.secp256r1])
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, srv_key_ex)
def test_client_ECDHE_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None,
[GroupName.secp256r1])
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
def test_client_ECDHE_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None,
[GroupName.secp256r1])
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ext = [SupportedGroupsExtension().create([GroupName.secp256r1])]
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
extensions=ext)
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
self.keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
[GroupName.secp256r1])
def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ext = [SupportedGroupsExtension().create([GroupName.secp256r1])]
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
extensions=ext)
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
self.keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
[GroupName.secp256r1])
def process(self, state, msg):
"""Process the Server Key Exchange message"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == HandshakeType.server_key_exchange
if self.version is None:
self.version = state.version
if self.cipher_suite is None:
self.cipher_suite = state.cipher
valid_sig_algs = self.valid_sig_algs
valid_groups = self.valid_groups
server_key_exchange = ServerKeyExchange(self.cipher_suite,
self.version)
server_key_exchange.parse(parser)
client_random = state.client_random
server_random = state.server_random
public_key = state.get_server_public_key()
server_hello = state.get_last_message_of_type(ServerHello)
if server_hello is None:
server_hello = ServerHello
server_hello.server_version = state.version
if valid_sig_algs is None:
# if the value was unset in script, get the advertised value from
# Client Hello
client_hello = state.get_last_message_of_type(ClientHello)
if client_hello is not None:
sig_algs_ext = client_hello.getExtension(
ExtensionType.signature_algorithms)
if sig_algs_ext is not None:
valid_sig_algs = sig_algs_ext.sigalgs
if valid_sig_algs is None:
# no advertised means support for sha1 only
valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)]
KeyExchange.verifyServerKeyExchange(server_key_exchange, public_key,
client_random, server_random,
valid_sig_algs)
if self.cipher_suite in CipherSuite.dhAllSuites:
if valid_groups and any(i in range(256, 512)
for i in valid_groups):
self._checkParams(server_key_exchange)
state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite,
clientHello=None,
serverHello=server_hello,
privateKey=None)
elif self.cipher_suite in CipherSuite.ecdhAllSuites:
# extract valid groups from Client Hello
if valid_groups is None:
client_hello = state.get_last_message_of_type(ClientHello)
if client_hello is not None:
groups_ext = client_hello.getExtension(
ExtensionType.supported_groups)
if groups_ext is not None:
valid_groups = groups_ext.groups
if valid_groups is None:
# no advertised means support for all
valid_groups = GroupName.allEC
state.key_exchange = \
ECDHE_RSAKeyExchange(self.cipher_suite,
clientHello=None,
serverHello=server_hello,
privateKey=None,
acceptedCurves=valid_groups)
else:
raise AssertionError("Unsupported cipher selected")
state.premaster_secret = state.key_exchange.\
processServerKeyExchange(public_key,
server_key_exchange)
state.handshake_messages.append(server_key_exchange)
state.handshake_hashes.update(msg.write())
class TestECDHE_RSAKeyExchange(unittest.TestCase):
def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ext = [SupportedGroupsExtension().create([GroupName.secp256r1])]
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
extensions=ext)
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
self.keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
[GroupName.secp256r1])
def test_ECDHE_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
KeyExchange.verifyServerKeyExchange(srv_key_ex,
self.srv_pub_key,
self.client_hello.random,
self.server_hello.random,
[(HashAlgorithm.sha1,
SignatureAlgorithm.rsa)])
curveName = GroupName.toStr(srv_key_ex.named_curve)
curve = getCurveByName(curveName)
generator = curve.generator
cln_Xc = ecdsa.util.randrange(generator.order())
cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve)
cln_Yc = encodeX962Point(generator * cln_Xc)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3))
cln_key_ex.createECDH(cln_Yc)
cln_S = cln_Ys * cln_Xc
cln_premaster = numberToByteArray(cln_S.x(),
getPointByteSize(cln_S))
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_ECDHE_key_exchange_with_invalid_CKE(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
KeyExchange.verifyServerKeyExchange(srv_key_ex,
self.srv_pub_key,
self.client_hello.random,
self.server_hello.random,
[(HashAlgorithm.sha1,
SignatureAlgorithm.rsa)])
curveName = GroupName.toStr(srv_key_ex.named_curve)
curve = getCurveByName(curveName)
generator = curve.generator
cln_Xc = ecdsa.util.randrange(generator.order())
cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve)
cln_Yc = encodeX962Point(generator * cln_Xc)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3))
cln_key_ex.createECDH(cln_Yc)
cln_key_ex.ecdh_Yc[-1] ^= 0x01
with self.assertRaises(TLSIllegalParameterException):
self.keyExchange.processClientKeyExchange(cln_key_ex)
def test_ECDHE_key_exchange_with_missing_curves(self):
self.client_hello.extensions = [SNIExtension().create(bytearray(b"a"))]
with self.assertRaises(TLSInternalError):
self.keyExchange.makeServerKeyExchange('sha1')
def test_ECDHE_key_exchange_with_no_mutual_curves(self):
ext = SupportedGroupsExtension().create([GroupName.secp160r1])
self.client_hello.extensions = [ext]
with self.assertRaises(TLSInsufficientSecurity):
self.keyExchange.makeServerKeyExchange('sha1')
def test_client_ECDHE_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None,
[GroupName.secp256r1])
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
def test_client_ECDHE_key_exchange_with_invalid_server_curve(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
srv_key_ex.named_curve = GroupName.secp384r1
client_keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None,
[GroupName.secp256r1])
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, srv_key_ex)
class TestECDHE_RSAKeyExchange(unittest.TestCase):
def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ext = [SupportedGroupsExtension().create([GroupName.secp256r1])]
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
extensions=ext)
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
self.keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
[GroupName.secp256r1])
def test_ECDHE_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
KeyExchange.verifyServerKeyExchange(srv_key_ex,
self.srv_pub_key,
self.client_hello.random,
self.server_hello.random,
[(HashAlgorithm.sha1,
SignatureAlgorithm.rsa)])
curveName = GroupName.toStr(srv_key_ex.named_curve)
curve = getCurveByName(curveName)
generator = curve.generator
cln_Xc = ecdsa.util.randrange(generator.order())
cln_Ys = decodeX962Point(srv_key_ex.ecdh_Ys, curve)
cln_Yc = encodeX962Point(generator * cln_Xc)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3))
cln_key_ex.createECDH(cln_Yc)
cln_S = cln_Ys * cln_Xc
cln_premaster = numberToByteArray(cln_S.x(),
getPointByteSize(cln_S))
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_ECDHE_key_exchange_with_missing_curves(self):
self.client_hello.extensions = [SNIExtension().create(bytearray(b"a"))]
with self.assertRaises(TLSInternalError):
self.keyExchange.makeServerKeyExchange('sha1')
def test_ECDHE_key_exchange_with_no_mutual_curves(self):
ext = SupportedGroupsExtension().create([GroupName.secp160r1])
self.client_hello.extensions = [ext]
with self.assertRaises(TLSInsufficientSecurity):
self.keyExchange.makeServerKeyExchange('sha1')
def test_client_ECDHE_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None,
[GroupName.secp256r1])
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
def test_client_ECDHE_key_exchange_with_invalid_server_curve(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
srv_key_ex.named_curve = GroupName.secp384r1
client_keyExchange = ECDHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None,
[GroupName.secp256r1])
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, srv_key_ex)
