Support for AECDH key exchange on server side

[mildas]

The main changes are in _serverAnonKeyExchange in parts if cipherSuite in CipherSuite.ecdhAnonSuites:.
else: part is same as it was (ADH support).

---

This change is

[tomato42]

no need to close the pull request when some test fail :)

It's actually good to keep the same branch name and the same pull request ID for subsequent versions of the code. You can do that by modifying your local commit (either by amending or rebasing) and then force pushing to github.

Now, for actual code: I'd rather not add more code to tlsconnection.py but work to move code out from it. In other words, please first move the already implemented anonymous DH to tlslite.keyexchange module and in another commit(s) add support for new key exchange that uses AECDH (there probably will be some code duplication between RSA_DHE and ADH and similarly between RSA_ECDHE and AECDH, so combining then will be a good idea too).

Finally, in comments you can use FFDHE to differentiate the "old" DH from the new, elliptic curve based, ECDHE. The FF stands for Finite Field and is already somewhat standard designation (see for example draft-ietf-tls-negotiated-ff-dhe-10.

[tomato42]

don't forget to remove it :)

[mildas]

Ok :) Should I reopen this pull request?
I tried fix these PEP-8 problems, so I can commit it, but it is probably unnecessary and will be better to make next commit to this pull request after I will move ADH to tlslite.keyexchange, true?
Question about adding ADH (AECDH) to tlslite.keyexchange: Should I add new classes for these anonymous cipher suites (maybe inherite from RSA_DHE/RSA_ECDHE) or better will be add them to existing classes?

[tomato42]

Ok :) Should I reopen this pull request?

yes

I tried fix these PEP-8 problems, so I can commit it, but it is probably unnecessary and will be better to make next commit to this pull request after I will move ADH to tlslite.keyexchange, true?

yes

Question about adding ADH (AECDH) to tlslite.keyexchange: Should I add new classes for these anonymous cipher suites (maybe inherite from RSA_DHE/RSA_ECDHE) or better will be add them to existing classes?

the difference between RSA_DHE and ADH are the calls to signServerKeyExchange and verifyServerKeyExchange so you may want to introduce the new ADH class and make the RSA_DHE inherit from the ADH class, but I haven't thought about it much - the goal is to have little code and make it reusable/testable at the same time without changing the already defined API. If it means that most of the RSA_DHE code lands in the ADH class, that's fine.

[mildas]

Sorry, that long time nothing happend. Im almost done with moving ADH to keyexchange, but I wanted to ask, if you please could help me, how to make openssl client with DHE-RSA to try connection with tlslite server. I want to test it before sending it, ADH works good, but I want to test DHE-RSA too, but I dont know how to right generate certificate and use it in openssl s_client. Everything that I tried gave me no peer certificate available or unable to load client certificate private key file

[tomato42]

since tlslite-ng does not verify client certificates, you can use any set of certificates for testing, there is already a set in the tests/ directory

something like this should be enough to test it:

PYTHONPATH=. python scripts/tls.py server -c tests/serverX509Cert.pem \
-k tests/serverX509Key.pem --reqcert localhost:4433

openssl s_client -key tests/clientX509Key.pem -cert tests/clientX509Cert.pem \
-connect localhost:4433 -cipher EDH

[mildas]

Ok, thanks. When I tried it like you wrote, it works.
Next question is, how to right add these changes to this pull request? I can make New pull request, but it wont add to this, right? I can also attach files to comment, but it isnt best way in my opinion, right?
Im just asking to be sure, because I dont want to add you next problems, that I will make bad pull request etc. to wrong places.

[tomato42]

first: don't worry, you can't do anything to break my repository (or rather, if you do, tell those people: https://bounty.github.com/ 😄 ), and even in your repository (both local and remote) you can fix most if not all problems (if you're really worried you may loose your work, just copy the whole repository folder, with the hidden .git directory to some other place)

second: you add changes to this pull request by changing your local branch (that usually is just a series of git add and git commit or git gui and few "commit" actions there), then you may want to rebase) this local branch (usually that will be git rebase -i master) and then force pushing to github to overwrite the old remote branch with new fixed commits (in most cases you do that by git push origin aecdh-key-exchange --force while working on the aecdh-key-exchange branch).

alternatively, if you created a new branch to work out the pull request, you can rename local copy of the aecdh-key-exchange branch (git checkout aecdh-key-exchange and git branch -m aecdh-key-exchange-old-obsolete) or just simply remove it completely (git checkout master and git branch -D aecdh-key-exchange). Then you can rename your new branch (not necessary, but keeps things orderly) to the name of the branch of this pull request (git checkout new-hot-stuff then git branch -m aecdh-key-exchange) after all of that you can force push this branch to github as you would in the rebase case above (this is just what the rebase command automatically).

[mildas]

Ok, thanks.
I commited it. I inspired at _serverCertKeyExchange, how is there used keyExchange, but I am not sure with:

1. Part if dh_Yc % dh_p == 0: isnt used at DHE_RSA, but at serverAnonKeyExchange is this checked. So this part is in comment, because Ive got some problem with return with argument inside generator, and wasnt sure, if should I let it here or dont.
2. ADH got getRandomBytes with constant 32, but DH calculate this with strength, so is it correct, what I have done, or should ADH calculate with strength too?

[tomato42]

you need to do the same in makeClientKeyExchange (see Travis-CI errors)

[tomato42]

finally, please merge those two commits together, in git rebase it's the squash command

[tomato42]

one more thing, you may want to read CONTRIBUTING.md as it says how to set up your system so that you can run the tests from the Makefile (using make test-dev) or unittests (using python -m unittest discover -v)

[mildas]

I tried to make merge with git rebase and then git push origin aecdh-key-exchange --force, but it added some old commits to this pull request and didnt merge them.
I dont know, what I have done wrong. I have studied this almost all day to do it right and failed... I have explored all github.com, if there isnt any merge button for commits in pull request and nothing.
Sorry for these problems, but I have almost no experiences with git.

[tomato42]

I tried to make merge with git rebase and then git push origin aecdh-key-exchange --force, but it
added some old commits to this pull request and didnt merge them.

hmm, maybe it's because your local master doesn't match my master

I dont know, what I have done wrong. I have studied this almost all day to do it right and failed... I
have explored all github.com, if there isnt any merge button for commits in pull request and nothing.

no, there isn't one, you have to do everything locally

Sorry for these problems, but I have almost no experiences with git.

no problem, nobody is born with the knowledge how to operate git :) and it was one of the reasons why I proposed to Standa that you work on such a relatively simple change code wise, so that you could learn the process

ok, so now I see it, your master doesn't match my master, so the suggestion to rebase on top of master was incorrect, at least for you, sorry about that

so, on https://github.com/mildass/tlslite-ng/network I see that the master and aecdh-key-exchange contain exactly the same commits

If that is not the case locally (you can check that using either gitk --all or tig --all, but you'll need to install those tools, or manually using git rev-parse master, git rev-parse aecdh-key-exchange, they should return the same commit id), then git checkout master to switch to the master branch and git branch work-in-progress to save your current local master as the work-in-progress branch.

it may be good idea to save the state of that branch anyway, as the first commit is correct functionally, and you may want to use it later as a template... (as later rebases will essentially drop it)

once we know that we can operate on master without fear of loosing previous work, we need to update it to my version of master

first, make sure that you're on master, use git status, check if it reports

On branch master

now you have to make a local copy of my repository, to do that, you first need to add a remote:
git remote add tomato42 https://github.com/tomato42/tlslite-ng.git and then download the changes: git fetch tomato42

now your local repository knows how my repository looks like

to switch your local master to the correct position, you can run the following command:
git reset --hard tomato42/master but do note that this is not safe to do in general case, we're doing it only to restore the repository to known good state

(normal workflow is to git fetch tomato42 --prune to get changes from my repository and remove not existing branches, and then git pull tomato42 master to update your local copy, this will never overwrite your local changes and performs checks to make sure that the local version doesn't contain any stray commits)

now that we have updated local master, we need to update your remote master on github: git push origin master --force (again, we're doing --force here only because we're restoring the repo to good state, once that's done, you should be able to do just git push origin master to update remote repository, if you follow this workflow, you should never have a reason to use --force again on master branch)

now we can switch to the feature branch and and combine all the commits together:

git checkout aecdh-key-exchange
git rebase -i master

in the git rebase change pick to fixup for all the commits but the first one, this will squash the commits together, and drop their commit messages (use squash if you want to combine messages, but you will want to edit the commit message anyway, as it won't be adding AECDH any more but refactoring DHE/ADH)

do not push the branch to github yet! if you do, github sometimes gets confused and drops the comments and you then won't know what changes you should do to the code

now's the time to resolve all the comments I provided; edit the code as normal, but instead of doing git commit after git add tlslite/keyexchange.py, do git commit --amend this will combine all the changes to a single commit again (I'm assuming you'll want to perform the ADH move first, and only after that's done, start work on AECDH)

once you think that all the changes are as they should be, run the test suite with make test-dev (see CONTRIBUTING.md for dependencies of the test suite) and make sure the tests pass (at the very least, python2 -m unittest discover -v, python3 -m unittest discover -v and the ./tlstest.py tests should pass)

now, that the commit is updated, and the tests pass, you can force push your local branch to github:
git push origin aecdh-key-exchange --force and you can start working on AECDH :)

note that for feature branches like aecdh-key-exchange, it is normal to --force push them, since you're still modifying the commits and working with a set of patches, it's almost expected that you will depart from how the branch looks remotely

[mildas]

Everything looks good, but make test-dev and python2 -m unittest discover -v are still giving me 2 fails, both ImportError: No module named enum. Dunno in which lib is problem. I have got everything from CONTRIBUTING.md except optional modules.
python3 -m unittest discover -v is ok.

[tomato42]

neither tlslite-ng nor ecdsa use the enum module, I don't know where this error could be coming from... does the new code use it?

[mildas]

I got this error from tests unit_tests.test_tlslite_utils_constanttime and unit_tests.test_tlslite_utils_cryptomath. It looks that hypothesis lib causes it.
So I think, that isnt problem in new code.

[tomato42]

aah, yes, indeed the new hypothesis requires enum34 package (I had an old version checked out, that's why I didn't find it), but then it should have been installed as a dependency of hypothesis, if it was installed through a package manager... 😕

[tomato42]

why adding a serverKeyExchange field in the object?

anything wrong with this?:

ske = super(DHE_RSAKeyExchange, self).makeServerKeyExchange()
self.signServerKeyExchange(ske, sigHash)
return ske

[mildas]

super(DHE_RSAKeyExchange, self).makeServerKeyExchange() creates attribute serverKeyExchange. This attribute will be created in both cases, so why cant we use it and do not create new variable ske?

[tomato42]

because adding attributes to objects outside constructors is bad form (you can see landscape test complaining about it)

and makeServerKeyExchange() needs to return (and already returns) a ServerKeyExchange object, so there is no need to pass this SKE through a field, it just makes code more complex

[mildas]

Ok, I got it. I'll change it, before working on AECDH.
When I will add changes now, its just on aecdh-key-exchange branch - git add, git commit, git rebase -i master and git push origin aecdh-key-exchange --force, right?

[tomato42]

yes, but if you still have just one commit in the branch, you can do also git commit --amend instead of git commit, git rebase -i master (with squash/fixup)

[tomato42]

two things, the summary of the documentation string (the first line) should be a single line and be separated by an empty line from the rest of the doc string

while we're editing it, I think we can remove the "Not stable API" warning, it's not the case any more (it was added when the code was in a different module actually)

[tomato42]

sorry, for some reason github didn't notify me of the new pull request, please mention/ping me (@tomato42) if I haven't provided a review on a patch in 24h (especially during the week)

[tomato42]

looks good 👍

you may want to rebase on top of my master branch after you've created additional commits - travis will then finish tests much quicker

[mildas]

You mean git rebase -i master and then git push origin aecdh-key-exchange --force, when I am at master branch?

[tomato42]

yes, but first you need to go to your master branch and update it to my master, so it will be

git checkout master
git pull tomato42 master
git push origin master

then switch to the feature branch, and rebase and push changes:

git checkout aecdh-key-exchange
git rebase master # since there's no editing necessary, you can drop the "interactive" switch
git push origin aecdh-key-exchange --force

[mildas]

Is it now ok and ready to start working on AECDH?

[mildas]

@tomato42 Is it rebased, how you have meant? I'm not sure, because I think that it is same as every rebase, that I have done after commit.

[tomato42]

you could have started working on AECDH right away, the rebase -i allows you to modify previous commits, so even if we had anything to left to change in the already present commit, we could have done that, just remember to add AECDH work as another commit, not modification of existing one (don't use --amend or git rebase -i with fixup or squash)

and yes, this is what I meant, if you go to the commit: mildas@76cbe31 , on the upper right side you'll see the commit id, to left of it is "1 parent" with a link to other commit, it now points to f9950c8, which is a new commit in my repo, and in Travis you can see that the tests finished in 3 minutes per configuration, not 25 minutes per configuration

[mildas]

So now just git commit and git push origin aecdh-key-exchange --force at aecdh-key-exchange branch, am I right?

[tomato42]

in general yes, but if you don't modify the existing commit, you shouldn't need to use --force to git push: since you have not rewritten history, you don't need to update past commits on the server, and that's what --force does

[tomato42]

everything from for result ... is the same as in the ADH, the code can reuse it

[mildas]

If I git rebase -i master now, wont it rebase both commits(Moves ADH...+Adds AECDH...) to one?

[tomato42]

only if you set the action for the second action to squash or fixup, but since you need to modify just the latest patch, you can do git commit --amend

[mildas]

@tomato42 What do you think about it?
Codeclimate says that makeServerKeyExchange is similar in DHE_RSAKeyExchange and ECDHE_RSAKeyExchange, but can I do anything with it?

[tomato42]

we could make an abstract class and use multiple inheritance, but I don't think it's worth it this time, we can rethink it with addition of ECDSA.

I'll do the review on Monday

[tomato42]

since code is not disabling the invalid-name check, it doesn't need to re-enable it

[tomato42]

sorry for the delay in review. Those nits are all of the problems, please fix them and next message will be that the PR is merged 😄

[tomato42]

Reviewed 1 of 2 files at r11, 1 of 1 files at r12.
Review status: all files reviewed at latest revision, 3 unresolved discussions, some commit checks failed.

---

Comments from Reviewable

[tomato42]

Thank you!