def circuitConnected( self ): """ Initiate a ScrambleSuit handshake. This method is only relevant for clients since servers never initiate handshakes. If a session ticket is available, it is redeemed. Otherwise, a UniformDH handshake is conducted. """ # The server handles the handshake passively. if self.weAreServer: return # The preferred authentication mechanism is a session ticket. bridge = self.circuit.downstream.transport.getPeer() storedTicket = ticket.findStoredTicket(bridge) if storedTicket is not None: log.debug("Redeeming stored session ticket.") (masterKey, rawTicket) = storedTicket self.deriveSecrets(masterKey) self.circuit.downstream.write(ticket.createTicketMessage(rawTicket, self.sendHMAC)) # We switch to ST_CONNECTED opportunistically since we don't know # yet whether the server accepted the ticket. log.debug("Switching to state ST_CONNECTED.") self.protoState = const.ST_CONNECTED self.flushSendBuffer() # Conduct an authenticated UniformDH handshake if there's no ticket. else: log.debug("No session ticket to redeem. Running UniformDH.") self.circuit.downstream.write(self.uniformdh.createHandshake())
def circuitConnected(self): """ Initiate a ScrambleSuit handshake. This method is only relevant for clients since servers never initiate handshakes. If a session ticket is available, it is redeemed. Otherwise, a UniformDH handshake is conducted. """ # The server handles the handshake passively. if self.weAreServer: return # The preferred authentication mechanism is a session ticket. bridge = self.circuit.downstream.transport.getPeer() storedTicket = ticket.findStoredTicket(bridge) if storedTicket is not None: log.debug("Redeeming stored session ticket.") (masterKey, rawTicket) = storedTicket self.deriveSecrets(masterKey) self.circuit.downstream.write( ticket.createTicketMessage(rawTicket, self.sendHMAC)) # We switch to ST_CONNECTED opportunistically since we don't know # yet whether the server accepted the ticket. log.debug("Switching to state ST_CONNECTED.") self.protoState = const.ST_CONNECTED self.flushSendBuffer() # Conduct an authenticated UniformDH handshake if there's no ticket. else: log.debug("No session ticket to redeem. Running UniformDH.") self.circuit.downstream.write(self.uniformdh.createHandshake())
def test1_authentication( self ): srvState = state.State() srvState.genState() ss = scramblesuit.ScrambleSuitTransport() ss.srvState = srvState realEpoch = util.getEpoch # Try three valid and one invalid epoch value. for epoch in util.expandedEpoch() + ["000000"]: util.getEpoch = lambda: epoch # Prepare ticket message. blurb = ticket.issueTicketAndKey(srvState) rawTicket = blurb[const.MASTER_KEY_LENGTH:] masterKey = blurb[:const.MASTER_KEY_LENGTH] ss.deriveSecrets(masterKey) ticketMsg = ticket.createTicketMessage(rawTicket, ss.recvHMAC) util.getEpoch = realEpoch buf = obfs_buf.Buffer() buf.write(ticketMsg) if epoch == "000000": self.assertFalse(ss.receiveTicket(buf)) else: self.assertTrue(ss.receiveTicket(buf))