Merge pull request #753 from tlsfuzzer/more-message-skipping

message-skipping - skip all messages but Finished
tlsfuzzer · Aug 15, 2021 · 21fd652 · 21fd652
2 parents 811d9c1 + 0d73c61
commit 21fd652
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/scripts/test-message-skipping.py b/scripts/test-message-skipping.py
@@ -264,6 +264,48 @@ def main():
     node = node.add_child(ExpectClose())
     conversations["skip Finished"] = conversation
 
+    # skip all but Finished
+    conversation = Connect(host, port)
+    node = conversation
+    node = node.add_child(FinishedGenerator(protocol=(3, 0)))
+    node = node.add_child(ExpectAlert(AlertLevel.fatal,
+                                      AlertDescription.unexpected_message))
+    node = node.add_child(ExpectClose())
+    conversations["skip all but Finished in SSLv3"] = conversation
+
+    conversation = Connect(host, port, version=(3, 1))
+    node = conversation
+    node = node.add_child(FinishedGenerator(protocol=(3, 1)))
+    node = node.add_child(ExpectAlert(AlertLevel.fatal,
+                                      AlertDescription.unexpected_message))
+    node = node.add_child(ExpectClose())
+    conversations["skip all but Finished in TLS 1.0"] = conversation
+
+    conversation = Connect(host, port, version=(3, 2))
+    node = conversation
+    node = node.add_child(FinishedGenerator(protocol=(3, 2)))
+    node = node.add_child(ExpectAlert(AlertLevel.fatal,
+                                      AlertDescription.unexpected_message))
+    node = node.add_child(ExpectClose())
+    conversations["skip all but Finished in TLS 1.1"] = conversation
+
+    conversation = Connect(host, port, version=(3, 3))
+    node = conversation
+    node = node.add_child(FinishedGenerator(protocol=(3, 3)))
+    node = node.add_child(ExpectAlert(AlertLevel.fatal,
+                                      AlertDescription.unexpected_message))
+    node = node.add_child(ExpectClose())
+    conversations["skip all but Finished in TLS 1.2"] = conversation
+
+    # TLS 1.3 uses TLS 1.2 version on record layer level
+    conversation = Connect(host, port, version=(3, 3))
+    node = conversation
+    node = node.add_child(FinishedGenerator(protocol=(3, 4)))
+    node = node.add_child(ExpectAlert(AlertLevel.fatal,
+                                      AlertDescription.unexpected_message))
+    node = node.add_child(ExpectClose())
+    conversations["skip all but Finished in TLS 1.3"] = conversation
+
     # run the conversation
     good = 0
     bad = 0

diff --git a/tlsfuzzer/runner.py b/tlsfuzzer/runner.py
@@ -67,6 +67,8 @@ def __init__(self):
         self.key = {}
         self.key['premaster_secret'] = bytearray(0)
 
+        self.key['client handshake traffic secret'] = bytearray(0)
+
         # negotiated value for master secret
         self.key['master_secret'] = bytearray(0)