Exemplo n.º 1
0
 def test_fixed_crypto_data_matches_verify_data(self):
     client_verify_data = "e23f73911909a86be9e93fdb"
     server_verify_data = "c83b8eb028d3c4a8d82c1c17"
     tls_ctx = tlsc.TLSSessionCtx()
     # tls_ctx.rsa_load_keys(self.pem_priv_key)
     client_hello = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSClientHello(gmt_unix_time=1234,
                                                                              random_bytes="A" * 28)
     # Hello Request should be ignored in verify_data calculation
     tls_ctx.insert(tls.TLSHelloRequest())
     tls_ctx.insert(client_hello)
     tls_ctx.premaster_secret = "B" * 48
     epms = "C" * 256
     server_hello = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSServerHello(gmt_unix_time=1234,
                                                                              session_id="",
                                                                              random_bytes="A" * 28)
     tls_ctx.insert(server_hello)
     client_kex = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSClientKeyExchange() /\
         tls.TLSClientRSAParams(data=epms)
     tls_ctx.insert(client_kex)
     self.assertEqual(client_verify_data, binascii.hexlify(tls_ctx.get_verify_data()))
     # Make sure that client finish is included in server finish calculation
     tls_ctx.set_mode(server=True)
     client_finish = tls.TLSRecord() / tls.TLSHandshake() / tls.tls_to_raw(
         tls.TLSFinished(data=tls_ctx.get_verify_data()), tls_ctx)
     tls_ctx.insert(client_finish)
     self.assertEqual(server_verify_data, binascii.hexlify(tls_ctx.get_verify_data()))
    def _do_kex(self, version):
        self.pem_priv_key = """-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDDLrmt4lKRpm6P
2blptwJsa1EBuxuuAayLjwNqKGvm5c1CAUEa/NtEpUMM8WYKRDwxzakUIGI/BdP3
NOEMphcs5+OekgJLhzoSdtAIrXPy8JIidENZE6FzCJ2b6fHU5O4hoNvv1Bx5yoZr
HVaWJIZMRRocJJ0Nf9oMaU8IE6m6OdBzQHEwcnL2/a8Q3VxstHufzjILmaZD9WL+
6AESlQMKZPNQ+Xd7d4nvnVkY4ZV46tA+KvADGuotgovQwG+uiyQoGRrQUms21vHF
zIvd3G9OCiyCTCHSyfsE3g7tks33NZ8O8gF8xa9OmU9TQPwwAyUr6JQXz0CW77o7
Cr9LpHuNAgMBAAECggEBAJRbMbtfqc8XqDYjEfGur2Lld19Pb0yl7RbvD3NjYhDR
X2DqPyhaRfg5fWubGSp4jyBz6C5qJwMsVN80DFNm83qoj7T52lC6aoOaV6og3V8t
SIZzxLUyXKdpRxM5kR13HSHmeQYkPbi9HcrRM/1PqdzTMXNuyQl3wq9oZDAJchsf
fmoh080htkaxhEb1bMXa2Lj7j2OIkHOsQeIu6BdbxIKRPIT+zrcklE6ocW8fTWAS
Qi3IZ1FYLL+fs6TTxjx0VkC8QLaxWxY0pqTiwS7ndZiZKc3l3ARuvRk8buP+X3Jg
BD86FQ18OXZC9boMbDbzv2cOLtdkq5pS3lJE4F9gjYECgYEA69ukU2pNWot2OPwK
PuPwAXWNrvnvFzQgIc0qOiCmgKJU6wqunlop4Bx5XmetHExVyJVBEhaHoDr0F3Rs
gt8IclKDsWGXoVcgfu3llMimiZ05hOf/XtcGTCZwZenMQ30cFh4ZRuUu7WCZ9tqO
28P8jCXB3IcaRpRnNvVvmCr5NXECgYEA09nUzRW993SlohceRW2C9fT9HZ4BaPWO
5wVlnoo5mlUfAyzl+AGT/WlKmrn/1gAHIznQJ8ZIABQvPaBXhvkANXZP5Ie0lObw
jA7qFuKt7yV4GGlDnU1MOLh+acABMQBGSx8BJDaomH7glTiPEPTZjoP6wfAsd1uv
Knjt7jH2ad0CgYEAx9ghknRd+rx0fbBBVix4riPW20324ihOmZVnlD0aF6B0Z3tz
ncUz+irmQ7GBIpsjjIO60QK6BHAvZrhFQVaNp6B26ZORkSlr5WDZyImDYtMPa6fP
36I+OcPQNOo3I3Acnjj+ne2PJ59Ula92oIudr3pGmv72qpsQIacw2TSAWGECgYEA
sdNAN+HPMn68ZaGoLDjvW8uIB6tQnay5hhvWn8yA65YV0RGH+7Q/Z9BQ6i3EnPor
A5uMqUZbu4011jHYJpiuXzHvf/GVWAO92KLQReOCgqHd/Aen1MtEdrwOiG+90Ebd
ukLNL3ud61tc4oS2OlJ8p48LFm2mtY3FLA6UEYPoxhUCgYEAtsfWIGnBh7XC+HwI
2higSgN92VpJHSPOyOi0aG/u5AEQ+fsCUIi3KakxzvmiGMAEvWItkKyz2Gu8smtn
2HVsGxI5UW7aLw9s3qe8kyMSfUk6pGamVhJUQmDr77+5zEzykPBxwGwDwdeR43CR
xVgf/Neb/avXgIgi6drj8dp1fWA=
-----END PRIVATE KEY-----
        """
        rsa_priv_key = RSA.importKey(self.pem_priv_key)
        self.priv_key = PKCS1_v1_5.new(rsa_priv_key)
        self.pub_key = PKCS1_v1_5.new(rsa_priv_key.publickey())

        self.tls_ctx = tlsc.TLSSessionCtx()
        self.tls_ctx.rsa_load_keys(self.pem_priv_key)
        # SSLv2
        self.record_version = 0x0002
        self.version = version
        # RSA_WITH_AES_128_SHA
        self.cipher_suite = tls.TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA
        # DEFLATE
        self.comp_method = tls.TLSCompressionMethod.NULL
        self.client_hello = tls.TLSRecord(
            version=self.record_version) / tls.TLSHandshake(
            ) / tls.TLSClientHello(version=version,
                                   compression_methods=[self.comp_method],
                                   cipher_suites=[self.cipher_suite])
        self.tls_ctx.insert(self.client_hello)
        self.server_hello = tls.TLSRecord(
            version=self.version) / tls.TLSHandshake() / tls.TLSServerHello(
                version=version,
                compression_method=self.comp_method,
                cipher_suite=self.cipher_suite)
        self.tls_ctx.insert(self.server_hello)
        # Build method to generate EPMS automatically in TLSSessionCtx
        self.client_kex = tls.TLSRecord(version=self.version) / tls.TLSHandshake() / tls.TLSClientKeyExchange() /\
                          tls.TLSClientRSAParams(data=self.tls_ctx.get_encrypted_pms())
        self.tls_ctx.insert(self.client_kex)
Exemplo n.º 3
0
 def test_decrypted_pms_matches_generated_pms(self):
     tls_ctx = tlsc.TLSSessionCtx()
     tls_ctx.server_ctx.load_rsa_keys(self.pem_priv_key)
     pkt = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSClientHello()
     tls_ctx.insert(pkt)
     epms = tls_ctx.get_encrypted_pms()
     pkt = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSServerHello()
     tls_ctx.insert(pkt)
     pkt = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSClientKeyExchange() / tls.TLSClientRSAParams(data=epms)
     tls_ctx.insert(pkt)
     self.assertEqual(tls_ctx.encrypted_premaster_secret, epms)
     self.assertEqual(tls_ctx.premaster_secret, self.priv_key.decrypt(epms, None))
Exemplo n.º 4
0
 def test_fixed_crypto_data_matches_verify_data(self):
     verify_data = "12003ac89553b7a233da64b9"
     tls_ctx = tlsc.TLSSessionCtx()
     # tls_ctx.rsa_load_keys(self.pem_priv_key)
     client_hello = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSClientHello(gmt_unix_time=1234,
                                                                              random_bytes="A" * 28)
     tls_ctx.insert(client_hello)
     tls_ctx.crypto.session.premaster_secret = "B" * 48
     epms = "C" * 256
     server_hello = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSServerHello(gmt_unix_time=1234,
                                                                              random_bytes="A" * 28)
     tls_ctx.insert(server_hello)
     client_kex = tls.TLSRecord() / tls.TLSHandshake() / tls.TLSClientKeyExchange() /\
                  tls.TLSClientRSAParams(data=epms)
     tls_ctx.insert(client_kex)
     self.assertEqual(binascii.hexlify(tls_ctx.get_verify_data()), verify_data)