def setUp(self):
self.srv_cert_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = self.srv_cert_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
self.server_key_exchange = ServerKeyExchange(self.cipher_suite, (3, 3))\
.parse(Parser(self.expected_sha1_SKE[1:]))
self.ske_tls1_1 = ServerKeyExchange(self.cipher_suite, (3, 2))\
.parse(Parser(self.expected_tls1_1_SKE[1:]))
self.client_hello = ClientHello()
def test_DHE_RSA_key_exchange_with_small_prime(self):
client_keyExchange = DHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None)
srv_key_ex = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
srv_key_ex.createDH(2**768, 2, 2**512-1)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, srv_key_ex)
def process(self, state, msg):
"""Process the Server Key Exchange message"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == HandshakeType.server_key_exchange
if self.version is None:
self.version = state.version
if self.cipher_suite is None:
self.cipher_suite = state.cipher
valid_sig_algs = self.valid_sig_algs
server_key_exchange = ServerKeyExchange(self.cipher_suite,
self.version)
server_key_exchange.parse(parser)
client_random = state.client_random
server_random = state.server_random
public_key = state.get_server_public_key()
server_hello = state.get_last_message_of_type(ServerHello)
if server_hello is None:
server_hello = ServerHello
server_hello.server_version = state.version
if valid_sig_algs is None:
# if the value was unset in script, get the advertised value from
# Client Hello
client_hello = state.get_last_message_of_type(ClientHello)
if client_hello is not None:
sig_algs_ext = client_hello.getExtension(ExtensionType.
signature_algorithms)
if sig_algs_ext is not None:
valid_sig_algs = sig_algs_ext.sigalgs
if valid_sig_algs is None:
# no advertised means support for sha1 only
valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)]
KeyExchange.verifyServerKeyExchange(server_key_exchange,
public_key,
client_random,
server_random,
valid_sig_algs)
state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite,
clientHello=None,
serverHello=server_hello,
privateKey=None)
state.premaster_secret = state.key_exchange.\
processServerKeyExchange(public_key,
server_key_exchange)
state.handshake_messages.append(server_key_exchange)
state.handshake_hashes.update(msg.write())
def test_DHE_RSA_key_exchange_with_small_prime(self):
client_keyExchange = DHE_RSAKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None)
srv_key_ex = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
srv_key_ex.createDH(2**768, 2, 2**512-1)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, srv_key_ex)
def test_client_SRP_key_exchange_with_unknown_params(self):
keyExchange = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
keyExchange.createSRP(1, 2, 3, 4)
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'))
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_unknown_params(self):
keyExchange = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
keyExchange.createSRP(1, 2, 3, 4)
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******')
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_process_with_unknown_key_exchange(self):
exp = ExpectServerKeyExchange()
state = ConnectionState()
state.cipher = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
client_hello.extensions = [
SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)])
]
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
state.version = server_hello.server_version
server_hello.random = bytearray(32)
state.server_random = server_hello.random
state.handshake_messages.append(cert)
msg = ServerKeyExchange(state.cipher, state.version)
msg.createSRP(1, 2, bytearray(3), 5)
msg.signAlg = SignatureAlgorithm.rsa
msg.hashAlg = HashAlgorithm.sha256
hash_bytes = msg.hash(client_hello.random, server_hello.random)
hash_bytes = private_key.addPKCS1Prefix(hash_bytes, 'sha256')
msg.signature = private_key.sign(hash_bytes)
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_signServerKeyExchange_in_TLS1_1(self):
srv_private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
server_hello = ServerHello().create((3, 2),
bytearray(32),
bytearray(0),
cipher_suite)
keyExchange = KeyExchange(cipher_suite,
client_hello,
server_hello,
srv_private_key)
server_key_exchange = ServerKeyExchange(cipher_suite, (3, 2))\
.createDH(5, 2, 3)
keyExchange.signServerKeyExchange(server_key_exchange)
self.assertEqual(server_key_exchange.write(), self.expected_tls1_1_SKE)
def test_signServerKeyExchange_in_TLS1_1(self):
srv_private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
server_hello = ServerHello().create((3, 2),
bytearray(32),
bytearray(0),
cipher_suite)
keyExchange = KeyExchange(cipher_suite,
client_hello,
server_hello,
srv_private_key)
server_key_exchange = ServerKeyExchange(cipher_suite, (3, 2))\
.createDH(5, 2, 3)
keyExchange.signServerKeyExchange(server_key_exchange)
self.assertEqual(server_key_exchange.write(), self.expected_tls1_1_SKE)
def process(self, state, msg):
"""Process the Server Key Exchange message"""
assert msg.contentType == ContentType.handshake
parser = Parser(msg.write())
hs_type = parser.get(1)
assert hs_type == HandshakeType.server_key_exchange
if self.version is None:
self.version = state.version
if self.cipher_suite is None:
self.cipher_suite = state.cipher
valid_sig_algs = self.valid_sig_algs
valid_groups = self.valid_groups
server_key_exchange = ServerKeyExchange(self.cipher_suite,
self.version)
server_key_exchange.parse(parser)
client_random = state.client_random
server_random = state.server_random
public_key = state.get_server_public_key()
server_hello = state.get_last_message_of_type(ServerHello)
if server_hello is None:
server_hello = ServerHello
server_hello.server_version = state.version
if valid_sig_algs is None:
# if the value was unset in script, get the advertised value from
# Client Hello
client_hello = state.get_last_message_of_type(ClientHello)
if client_hello is not None:
sig_algs_ext = client_hello.getExtension(
ExtensionType.signature_algorithms)
if sig_algs_ext is not None:
valid_sig_algs = sig_algs_ext.sigalgs
if valid_sig_algs is None:
# no advertised means support for sha1 only
valid_sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa)]
KeyExchange.verifyServerKeyExchange(server_key_exchange, public_key,
client_random, server_random,
valid_sig_algs)
if self.cipher_suite in CipherSuite.dhAllSuites:
if valid_groups and any(i in range(256, 512)
for i in valid_groups):
self._checkParams(server_key_exchange)
state.key_exchange = DHE_RSAKeyExchange(self.cipher_suite,
clientHello=None,
serverHello=server_hello,
privateKey=None)
elif self.cipher_suite in CipherSuite.ecdhAllSuites:
# extract valid groups from Client Hello
if valid_groups is None:
client_hello = state.get_last_message_of_type(ClientHello)
if client_hello is not None:
groups_ext = client_hello.getExtension(
ExtensionType.supported_groups)
if groups_ext is not None:
valid_groups = groups_ext.groups
if valid_groups is None:
# no advertised means support for all
valid_groups = GroupName.allEC
state.key_exchange = \
ECDHE_RSAKeyExchange(self.cipher_suite,
clientHello=None,
serverHello=server_hello,
privateKey=None,
acceptedCurves=valid_groups)
else:
raise AssertionError("Unsupported cipher selected")
state.premaster_secret = state.key_exchange.\
processServerKeyExchange(public_key,
server_key_exchange)
state.handshake_messages.append(server_key_exchange)
state.handshake_hashes.update(msg.write())