def test_update_binders_default_prf(self):
"""
Verify that configurations that don't specify the associated hash
explicitly still work correctly (as the TLS 1.3 standard mandates
that SHA-256 is used by default)
"""
clientHello = ClientHello()
clientHello.create((3, 3), bytearray(32), bytearray(0), [0])
identities = [PskIdentity().create(bytearray(b'test'), 0)]
binders = [bytearray(32)]
psk_ext = PreSharedKeyExtension().create(identities, binders)
clientHello.extensions = [psk_ext]
hh = HandshakeHashes()
pskConfigs = [(b'test', b'\x00\x12\x13')]
HandshakeHelpers.update_binders(clientHello, hh, pskConfigs)
self.assertIsInstance(clientHello.extensions[-1],
PreSharedKeyExtension)
ch_ext = clientHello.extensions[-1]
self.assertEqual(ch_ext.identities, identities)
self.assertEqual(ch_ext.binders,
[bytearray(b'wOl\xbe\x9b\xca\xa4\xf3tS\x08M\ta\xa2t'
b'\xa5lYF\xb7\x01F{M\xab\x85R\xa3'
b'\xf3\x11^')])
def test_update_binders_with_ticket(self):
clientHello = ClientHello()
clientHello.create((3, 3), bytearray(32), bytearray(0), [0])
identities = [PskIdentity().create(bytearray(b'\x00ticket\x00ident'),
123)]
binders = [bytearray(48)]
psk_ext = PreSharedKeyExtension().create(identities, binders)
clientHello.extensions = [psk_ext]
ticket = NewSessionTicket().create(3600, # ticket lifetime
123, # age_add
bytearray(b'\xc0' * 48), # nonce
bytearray(b'\x00ticket\x00ident'),
[])
hh = HandshakeHashes()
resum_master_secret = bytearray(b'\x01' * 48)
HandshakeHelpers.update_binders(clientHello, hh, [], [ticket],
resum_master_secret)
self.assertIsInstance(clientHello.extensions[-1],
PreSharedKeyExtension)
ch_ext = clientHello.extensions[-1]
self.assertEqual(ch_ext.identities, identities)
self.assertEqual(ch_ext.binders,
[bytearray(b'<\x03\xcd\xd5\xce\xaeo\x8d\xc6\x8c\xe3'
b'\xe3\xbc\xa2h\xdcm0+\xa7\xbe\xf7\x9ca-'
b'\xcc\x0c\xdb\xb2ZtE\x1e:\xe2\xc4\xb8'
b'\x1bd\x10wN\x8a\xb0\x90\x7f\xb1F')])
def test_update_binders_wrong_last_ext(self):
"""
PSK binders mandate that the PSK extension be the very last extension
in client hello (as it's necessary to truncate the body of the hello
up to the PSK extension and calculate hash over it)
check if the updater will abort if the passed in message has
PSK extension that is not last
"""
clientHello = ClientHello()
clientHello.create((3, 3), bytearray(32), bytearray(0), [0])
identities = [PskIdentity().create(bytearray(b'test'), 0)]
binders = [bytearray(32)]
psk_ext = PreSharedKeyExtension().create(identities, binders)
sni_ext = SNIExtension().create(b'example.com')
clientHello.extensions = [psk_ext, sni_ext]
hh = HandshakeHashes()
pskConfigs = [(b'test', b'\x00\x12\x13')]
with self.assertRaises(ValueError) as e:
HandshakeHelpers.update_binders(clientHello, hh, pskConfigs)
self.assertIn('Last extension', str(e.exception))
def _psk_ext_updater(state, client_hello, psk_settings):
h_hash = state.handshake_hashes
nst = None
if state.session_tickets:
nst = state.session_tickets[-1]
HandshakeHelpers.update_binders(
client_hello, h_hash, psk_settings, [nst] if nst else None,
state.key['resumption master secret'] if nst else None)
def test_update_binders_with_missing_secret(self):
clientHello = ClientHello()
psk = PreSharedKeyExtension()
clientHello.extensions = [psk]
hh = HandshakeHashes()
with self.assertRaises(ValueError):
HandshakeHelpers.update_binders(clientHello, hh, [], [None])
def test_update_binders_with_wrong_config(self):
"""
Updater requires all binders to be have associated configurations
otherwise it wouldb't be able to calculate a new binder value
in this case, the identity in ClientHello is "test" while in
configurations it's "example"
"""
clientHello = ClientHello()
clientHello.create((3, 3), bytearray(32), bytearray(0), [0])
identities = [PskIdentity().create(bytearray(b'test'), 0)]
binders = [bytearray(32)]
psk_ext = PreSharedKeyExtension().create(identities, binders)
clientHello.extensions = [psk_ext]
hh = HandshakeHashes()
pskConfigs = [(b'example', b'\x00\x12\x13')]
with self.assertRaises(ValueError) as e:
HandshakeHelpers.update_binders(clientHello, hh, pskConfigs)
self.assertIn('psk_configs', str(e.exception))
def test_update_binders_sha256_prf(self):
"""Check if we can calculate a binder that uses SHA-256 PRF."""
clientHello = ClientHello()
clientHello.create((3, 3), bytearray(32), bytearray(0), [0])
identities = [PskIdentity().create(bytearray(b'test'), 0)]
binders = [bytearray(32)]
psk_ext = PreSharedKeyExtension().create(identities, binders)
clientHello.extensions = [psk_ext]
hh = HandshakeHashes()
pskConfigs = [(b'test', b'\x00\x12\x13', 'sha256')]
HandshakeHelpers.update_binders(clientHello, hh, pskConfigs)
self.assertIsInstance(clientHello.extensions[-1],
PreSharedKeyExtension)
ch_ext = clientHello.extensions[-1]
self.assertEqual(ch_ext.identities, identities)
self.assertEqual(ch_ext.binders,
[bytearray(b'wOl\xbe\x9b\xca\xa4\xf3tS\x08M\ta\xa2t'
b'\xa5lYF\xb7\x01F{M\xab\x85R\xa3'
b'\xf3\x11^')])
def test_update_binders_sha384_prf(self):
"""Check if we can calculate a binder that uses SHA-384 PRF."""
clientHello = ClientHello()
clientHello.create((3, 3), bytearray(32), bytearray(0), [0])
identities = [PskIdentity().create(bytearray(b'test'), 0)]
binders = [bytearray(48)]
psk_ext = PreSharedKeyExtension().create(identities, binders)
clientHello.extensions = [psk_ext]
hh = HandshakeHashes()
pskConfigs = [(b'test', b'\x00\x12\x13', 'sha384')]
HandshakeHelpers.update_binders(clientHello, hh, pskConfigs)
self.assertIsInstance(clientHello.extensions[-1],
PreSharedKeyExtension)
ch_ext = clientHello.extensions[-1]
self.assertEqual(ch_ext.identities, identities)
self.assertEqual(ch_ext.binders,
[bytearray(b'\x8d\x92\xd2\xb7+D&\xd7\x0e>x\x1a\xc5i+'
b'M\x0e\xd2\xfe\xd6\x11\x07\n\x0c\xdc\xcf'
b'\xee\xf43\x8e\x9b@z\x00\xbcE\xff\x15%'
b'\xdc\xee\xb4\x1c\x8f\\\x03Z\xc5')])
def _psk_ext_updater(state, client_hello, psk_settings):
h_hash = state.handshake_hashes
HandshakeHelpers.update_binders(client_hello, h_hash, psk_settings)
