Skip to content

Commit

Permalink
Merge pull request #496 from tlsfuzzer/keyupdate
Browse files Browse the repository at this point in the history 
check handshake messages for interleaving and alignment in TLS 1.3
  • Loading branch information
@tomato42
tomato42 committed Aug 2, 2023
2 parents 19ac006 + 4eed237 commit 4263b0b
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 2 deletions.
5 changes: 3 additions & 2 deletions tlslite/constants.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,8 +117,9 @@ class HandshakeType(TLSEnum):
client_hello = 1
server_hello = 2
new_session_ticket = 4
hello_retry_request = 6 # draft version of TLS 1.3
encrypted_extensions = 8
end_of_early_data = 5 # TLS 1.3
hello_retry_request = 6 # TLS 1.3
encrypted_extensions = 8 # TLS 1.3
certificate = 11
server_key_exchange = 12
certificate_request = 13
Expand Down
4 changes: 4 additions & 0 deletions tlslite/defragmenter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,3 +126,7 @@ def clear_buffers(self):
"""Remove all data from buffers"""
for key in self.buffers.keys():
self.buffers[key] = bytearray(0)

def is_empty(self):
"""Return True if all buffers are empty."""
return all(not i for i in self.buffers.values())
25 changes: 25 additions & 0 deletions tlslite/tlsrecordlayer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1039,6 +1039,17 @@ def _getMsg(self, expectedType, secondaryType=None, constructorType=None):
# ignore the message
continue

# TLS 1.3 Handshake messages MUST NOT be interleaved with
# other messages, Section 5.1 RFC 8446
if self.version > (3, 3) and \
recordHeader.type != ContentType.handshake and \
self._defragmenter.buffers[ContentType.handshake]:
for result in self._sendError(
AlertDescription.unexpected_message,
"Interleaved Handshake and "
"non-handshake messages"):
yield result

#If we received an unexpected record type...
if recordHeader.type not in expectedType:

Expand Down Expand Up @@ -1188,6 +1199,20 @@ def _getMsg(self, expectedType, secondaryType=None, constructorType=None):
.format(exp, rec)):
yield result

# in TLS 1.3 some Handshake messages MUST NOT span key changes
if self.version > (3, 3) and \
subType in (HandshakeType.client_hello,
HandshakeType.end_of_early_data,
HandshakeType.server_hello,
HandshakeType.finished,
HandshakeType.key_update) and \
not self._defragmenter.is_empty():
for result in self._sendError(
AlertDescription.unexpected_message,
"CH, EOED, SH, Finished, or KU not aligned with "
"record boundary"):
yield result

#Update handshake hashes
self._handshake_hash.update(p.bytes)

Expand Down

0 comments on commit 4263b0b

Please sign in to comment.