From 3e8c4dbe422a85a6ce5f17e53f0d889525de5482 Mon Sep 17 00:00:00 2001 From: Alexander Sosedkin Date: Wed, 4 Sep 2019 17:42:20 +0200 Subject: [PATCH] test-extended-master-secret*: -d for (EC)DHE Add an option to negotiate (EC)DHE instead of RSA key exchange for scripts/test-extended-master-secret-extension*.py See the #563 (umbrella bug) for the context. --- ...aster-secret-extension-with-client-cert.py | 65 +++- .../test-extended-master-secret-extension.py | 339 ++++++++++++------ 2 files changed, 285 insertions(+), 119 deletions(-) diff --git a/scripts/test-extended-master-secret-extension-with-client-cert.py b/scripts/test-extended-master-secret-extension-with-client-cert.py index 2bc182b7f..d4f0030fc 100644 --- a/scripts/test-extended-master-secret-extension-with-client-cert.py +++ b/scripts/test-extended-master-secret-extension-with-client-cert.py @@ -19,13 +19,13 @@ from tlsfuzzer.expect import ExpectServerHello, ExpectCertificate, \ ExpectServerHelloDone, ExpectChangeCipherSpec, ExpectFinished, \ ExpectAlert, ExpectClose, ExpectCertificateRequest, \ - ExpectApplicationData + ExpectApplicationData, ExpectServerKeyExchange from tlsfuzzer.helpers import sig_algs_to_ids, RSA_SIG_ALL, AutoEmptyExtension from tlslite.extensions import SignatureAlgorithmsExtension, \ - SignatureAlgorithmsCertExtension + SignatureAlgorithmsCertExtension, SupportedGroupsExtension from tlslite.constants import CipherSuite, AlertDescription, \ - HashAlgorithm, SignatureAlgorithm, ExtensionType, AlertLevel + HashAlgorithm, SignatureAlgorithm, ExtensionType, AlertLevel, GroupName from tlslite.utils.keyfactory import parsePEMKey from tlslite.x509 import X509 from tlslite.x509certchain import X509CertChain @@ -48,6 +48,7 @@ def help_msg(): print(" -s sigalgs hash and signature algorithm pairs that the server") print(" is expected to support. \"sha512+rsa sha384+rsa ") print(" sha256+rsa sha224+rsa sha1+rsa\" by default") + print(" -d negotiate (EC)DHE instead of RSA key exchange") print(" -k keyfile file with private key of client") print(" -c certfile file with the certificate of client") print(" --help this message") @@ -63,11 +64,12 @@ def main(): (HashAlgorithm.sha256, SignatureAlgorithm.rsa), (HashAlgorithm.sha224, SignatureAlgorithm.rsa), (HashAlgorithm.sha1, SignatureAlgorithm.rsa)] + dhe = False cert = None private_key = None argv = sys.argv[1:] - opts, args = getopt.getopt(argv, "h:p:e:s:k:c:", ["help"]) + opts, args = getopt.getopt(argv, "h:p:e:s:k:c:d", ["help"]) for opt, arg in opts: if opt == '-h': hostname = arg @@ -80,6 +82,8 @@ def main(): sys.exit(0) elif opt == '-s': sigalgs = sig_algs_to_ids(arg) + elif opt == '-d': + dhe = True elif opt == '-k': text_key = open(arg, 'rb').read() if sys.version_info[0] >= 3: @@ -104,8 +108,6 @@ def main(): # sanity check for Client Certificates conversation = Connect(hostname, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, - CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] ext = {ExtensionType.signature_algorithms : SignatureAlgorithmsExtension().create([ (getattr(HashAlgorithm, x), @@ -114,11 +116,23 @@ def main(): ExtensionType.signature_algorithms_cert : SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)} ext[ExtensionType.extended_master_secret] = AutoEmptyExtension() + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) ext = {ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None} node = node.add_child(ExpectServerHello(version=(3, 3), extensions=ext)) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectCertificateRequest()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(CertificateGenerator()) @@ -140,8 +154,6 @@ def main(): # sanity check for Client Certificates conversation = Connect(hostname, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, - CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] ext = {ExtensionType.signature_algorithms : SignatureAlgorithmsExtension().create([ (getattr(HashAlgorithm, x), @@ -150,11 +162,23 @@ def main(): ExtensionType.signature_algorithms_cert : SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)} ext[ExtensionType.extended_master_secret] = AutoEmptyExtension() + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) ext = {ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None} node = node.add_child(ExpectServerHello(version=(3, 3), extensions=ext)) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectCertificateRequest()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(CertificateGenerator(X509CertChain([cert]))) @@ -176,8 +200,6 @@ def main(): # resume session with client certificates conversation = Connect(hostname, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, - CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] ext = {ExtensionType.signature_algorithms : SignatureAlgorithmsExtension().create([ (getattr(HashAlgorithm, x), @@ -186,11 +208,23 @@ def main(): ExtensionType.signature_algorithms_cert : SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)} ext[ExtensionType.extended_master_secret] = AutoEmptyExtension() + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) ext = {ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None} node = node.add_child(ExpectServerHello(version=(3, 3), extensions=ext)) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectCertificateRequest()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(CertificateGenerator(X509CertChain([cert]))) @@ -214,7 +248,6 @@ def main(): node = node.add_child(ResetHandshakeHashes()) node = node.add_child(ResetRenegotiationInfo()) - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] ext = {ExtensionType.signature_algorithms : SignatureAlgorithmsExtension().create([ (getattr(HashAlgorithm, x), @@ -224,6 +257,16 @@ def main(): SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)} ext[ExtensionType.extended_master_secret] = AutoEmptyExtension() ext[ExtensionType.renegotiation_info] = None + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) ext = {ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None} diff --git a/scripts/test-extended-master-secret-extension.py b/scripts/test-extended-master-secret-extension.py index 5cd40ad5d..6ab5ce5fc 100644 --- a/scripts/test-extended-master-secret-extension.py +++ b/scripts/test-extended-master-secret-extension.py @@ -41,6 +41,7 @@ def help_msg(): print(" -e probe-name exclude the probe from the list of the ones run") print(" may be specified multiple times") print(" --no-http don't send HTTP query") + print(" -d negotiate (EC)DHE instead of RSA key exchange") print(" --help this message") @@ -49,9 +50,10 @@ def main(): port = 4433 run_exclude = set() http = True + dhe = False argv = sys.argv[1:] - opts, args = getopt.getopt(argv, "h:p:e:", ["help", "no-http"]) + opts, args = getopt.getopt(argv, "h:p:e:d", ["help", "no-http"]) for opt, arg in opts: if opt == '-h': host = arg @@ -59,6 +61,8 @@ def main(): port = int(arg) elif opt == '-e': run_exclude.add(arg) + elif opt == '-d': + dhe = True elif opt == '--help': help_msg() sys.exit(0) @@ -77,13 +81,21 @@ def main(): # check if server works at all conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None})) + ext = {ExtensionType.renegotiation_info: None} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -105,13 +117,21 @@ def main(): # check if server works with SHA384 PRF ciphersuite conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None})) + ext = {ExtensionType.renegotiation_info: None} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -133,15 +153,24 @@ def main(): # check if server works at all (TLSv1.1) conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - version=(3, 2), - extensions={ExtensionType.renegotiation_info:None})) + ext = {ExtensionType.renegotiation_info: None} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + + node = node.add_child(ClientHelloGenerator(ciphers, version=(3, 2), + extensions=ext)) node = node.add_child(ExpectServerHello( version=(3, 2), extensions={ExtensionType.renegotiation_info:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -163,16 +192,23 @@ def main(): # check if server supports extended master secret conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -260,14 +296,19 @@ def main(): # (extension must be empty) conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - ext = {ExtensionType.renegotiation_info:None} - ext[ExtensionType.extended_master_secret] = \ - TLSExtension(extType=ExtensionType.extended_master_secret).\ - create(bytearray(b'\x00')) - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions=ext)) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: \ + TLSExtension(extType=ExtensionType.extended_master_secret) \ + .create(bytearray(b'\x00'))} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension()\ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error)) node.next_sibling = ExpectClose() @@ -276,16 +317,24 @@ def main(): # check if server supports extended master secret with SHA384 PRF conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, + GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -307,18 +356,25 @@ def main(): # check if server supports extended master secret conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - version=(3, 2), - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, version=(3, 2), + extensions=ext)) node = node.add_child(ExpectServerHello( version=(3, 2), extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -340,13 +396,21 @@ def main(): # check if server doesn't default to extended master secret conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None})) + ext = {ExtensionType.renegotiation_info: None} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator( @@ -362,16 +426,23 @@ def main(): # check if server uses EMS for resumed connections conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -390,11 +461,7 @@ def main(): close.add_child(node) node = node.add_child(ResetHandshakeHashes()) node = node.add_child(ResetRenegotiationInfo()) - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None}, @@ -418,16 +485,24 @@ def main(): # check if server uses EMS for resumed connections and SHA384 PRF conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, + GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -446,11 +521,7 @@ def main(): close.add_child(node) node = node.add_child(ResetHandshakeHashes()) node = node.add_child(ResetRenegotiationInfo()) - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None}, @@ -474,16 +545,23 @@ def main(): # check if server aborts session resume without EMS extension conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -502,9 +580,12 @@ def main(): close.add_child(node) node = node.add_child(ResetHandshakeHashes()) node = node.add_child(ResetRenegotiationInfo()) - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None})) + ext = {ExtensionType.renegotiation_info: None} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectAlert(AlertLevel.fatal, AlertDescription.handshake_failure)) node = node.add_child(ExpectAlert()) @@ -516,13 +597,21 @@ def main(): # check if server does full handshake on resumed session without EMS conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None})) + ext = {ExtensionType.renegotiation_info: None} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -541,16 +630,20 @@ def main(): close.add_child(node) node = node.add_child(ResetHandshakeHashes()) node = node.add_child(ResetRenegotiationInfo()) - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None}, resume=False)) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -574,16 +667,23 @@ def main(): # EMS with renegotiation conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -595,13 +695,13 @@ def main(): node = node.add_child(ClientHelloGenerator( ciphers, session_id=bytearray(0), # do not resume - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -622,13 +722,21 @@ def main(): # renegotiation in non-EMS session conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None})) + ext = {ExtensionType.renegotiation_info: None} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -637,16 +745,22 @@ def main(): node = node.add_child(ExpectFinished()) # 2nd handshake node = node.add_child(ResetHandshakeHashes()) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) node = node.add_child(ClientHelloGenerator( ciphers, session_id=bytearray(0), # do not resume - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -667,16 +781,23 @@ def main(): # renegotiation of non-EMS session in EMS session conversation = Connect(host, port) node = conversation - ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] - node = node.add_child(ClientHelloGenerator( - ciphers, - extensions={ExtensionType.renegotiation_info:None, - ExtensionType.extended_master_secret: AutoEmptyExtension() - })) + ext = {ExtensionType.renegotiation_info: None, + ExtensionType.extended_master_secret: AutoEmptyExtension()} + if dhe: + groups = [GroupName.secp256r1, GroupName.ffdhe2048] + ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \ + .create(groups) + ciphers = [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA] + else: + ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA] + node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None, ExtensionType.extended_master_secret:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) @@ -688,10 +809,12 @@ def main(): node = node.add_child(ClientHelloGenerator( ciphers, session_id=bytearray(0), # do not resume - extensions={ExtensionType.renegotiation_info:None})) + extensions=ext)) node = node.add_child(ExpectServerHello( extensions={ExtensionType.renegotiation_info:None})) node = node.add_child(ExpectCertificate()) + if dhe: + node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator())