New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Post handshake KeyUpdate support #341
Conversation
This pull request introduces 2 alerts and fixes 7 when merging b84a30e into 0294251 - view on LGTM.com new alerts:
fixed alerts:
Comment posted by LGTM.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r1, 1 of 1 files at r2, 1 of 1 files at r3.
Reviewable status: all files reviewed, 4 unresolved discussions (waiting on @NoName115)
tlslite/messages.py, line 2324 at r1 (raw file):
def parse(self, p): """Deserialize keyupdate message from parser.""" self.message_type = p.get(1)
it should check if it's not longer than 1 byte
tlslite/tlsrecordlayer.py, line 1088 at r3 (raw file):
# Calculate new keys elif request.message_type == KeyUpdateMessageType.update_requested: # Calculate new keys
calculating new receive keys is common between handling of those types, while calculating send keys should happen after the message was sent
tlslite/tlsrecordlayer.py, line 1093 at r3 (raw file):
KeyUpdateMessageType.update_not_requested) for _ in self._sendMsg(keyupdate_request): pass
it needs to be a generator (use yield
) and the method needs to be called as generator (for result in self._handle_keyupdate_request()...
tlslite/tlsrecordlayer.py, line 1095 at r3 (raw file):
pass else: for _ in self._sendError(\
unnecessary newline escape inside parentheses
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @NoName115)
tlslite/tlsrecordlayer.py, line 1086 at r3 (raw file):
""" if request.message_type == KeyUpdateMessageType.update_not_requested: # Calculate new keys
see https://tools.ietf.org/html/rfc8446#section-7.2 and https://tools.ietf.org/html/rfc8446#section-7.3 for relevant algorithm
b84a30e
to
8cd0e17
Compare
Updated. |
This pull request introduces 1 alert when merging 8cd0e17 into 0294251 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
8cd0e17
to
89f3b8a
Compare
Updated. |
This pull request introduces 1 alert when merging 89f3b8a into 0294251 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 2 files at r4, 2 of 2 files at r5.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @NoName115)
tlslite/recordlayer.py, line 1318 at r5 (raw file):
except AttributeError: state.key['server application traffic secret'] = \ new_sr_app_secret
why that try ... except
is needed?
tlslite/recordlayer.py, line 1424 at r5 (raw file):
iv_length, prf_name) self._writeState = serverState
- isn't the calculation identical for client and server, with the only difference being what is the original secret and where it is saved after it is updated and which connection state is updated?
- it's basically the same as in calcTLS1_3PendingState? (as in, there could be a method called by both of them and the only difference being where the resulting ConectionState object is saved?
tlslite/tlsrecordlayer.py, line 1086 at r5 (raw file):
@param request: Recieved KeyUpdate message. """ if request.message_type == KeyUpdateMessageType.update_not_requested:
I wonder if it wouldn't be cleaner (less code duplication) to:
- check if the
message_type
is one ofupdate_requested
andupdate_not_requested
, if not, sendillegal_paramter
- update the sender keys
- if
message_type
isupdate_requested
, send key update of our own, update receiver keys
89f3b8a
to
7f889c2
Compare
Fixed. |
This pull request introduces 1 alert when merging 7f889c2 into 0294251 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
7f889c2
to
d810043
Compare
This pull request introduces 1 alert when merging d810043 into 0294251 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 3 of 3 files at r6, 2 of 2 files at r7.
Reviewable status: all files reviewed, 4 unresolved discussions (waiting on @NoName115)
tlslite/recordlayer.py, line 1364 at r7 (raw file):
b"iv", b"", iv_length, prf_name)
isn't this calculation identical for client and server side?
tlslite/recordlayer.py, line 1373 at r7 (raw file):
if self.client: self._readState = srState return cl_app_secret, new_sr_app_secret
so the clState is thrown out, after we paid the price of deriving keys and initialising AES, Chacha and GCM or Poly1305?
also, the clState
name is camelCase
tlslite/tlsrecordlayer.py, line 1153 at r7 (raw file):
for result in self._sendMsg(keyupdate_request): yield result self.cl_app_secret, self.sr_app_secret = self._recordLayer.\
why it's not updating the session? won't that make it derive the same keys over and over?
d810043
to
637c5c6
Compare
This pull request introduces 1 alert when merging 637c5c6 into 0294251 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 2 files at r8.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @NoName115)
a discussion (no related file):
how a user can ask for sending a KeyUpdate?
637c5c6
to
3334691
Compare
updated. |
This pull request introduces 2 alerts when merging 3334691 into 0294251 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
3334691
to
64761b1
Compare
This pull request introduces 1 alert when merging 64761b1 into 0294251 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r9.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @NoName115)
a discussion (no related file):
looks good, but I won't merge it just yet as the test coverage is missing (but like I said before, please focus on tlsfuzzer test cases for now)
This pull request introduces 1 alert when merging 22ae125 into 849f1d1 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
This pull request introduces 1 alert when merging 22f1887 into 75dbe54 - view on LGTM.com new alerts:
|
22f1887
to
b057a7d
Compare
This pull request introduces 1 alert when merging b057a7d into 3d63ee4 - view on LGTM.com new alerts:
|
b057a7d
to
4b1dcdd
Compare
This pull request introduces 1 alert when merging 4b1dcdd into 322f5ff - view on LGTM.com new alerts:
|
4b1dcdd
to
ce04342
Compare
This pull request introduces 2 alerts when merging ce04342 into 322f5ff - view on LGTM.com new alerts:
|
ce04342
to
3960672
Compare
This pull request introduces 2 alerts when merging 3960672 into 322f5ff - view on LGTM.com new alerts:
|
e1e48b0
to
a3736ee
Compare
This comment has been minimized.
This comment has been minimized.
calculate new traffic keys
a3736ee
to
24575ba
Compare
The issue returned by LGTM is a false positive: github/codeql#2408 |
This comment has been minimized.
This comment has been minimized.
when client performs a "GET /keyupdate" request, the server will now send a KeyUpdate mesasge to client
24575ba
to
a65c36d
Compare
This pull request introduces 1 alert when merging a65c36d into 322f5ff - view on LGTM.com new alerts:
|
remaining test coverage is provided by tlsfuzzer/tlsfuzzer#501 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 5 of 5 files at r10, 3 of 3 files at r11, 1 of 1 files at r12, 1 of 1 files at r13.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @NoName115 and @The-Mule)
a discussion (no related file):
Previously, tomato42 (Hubert Kario) wrote…
looks good, but I won't merge it just yet as the test coverage is missing (but like I said before, please focus on tlsfuzzer test cases for now)
ok, test coverage added, but now somebody else will have to review it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 5 of 5 files at r10, 3 of 3 files at r11, 1 of 1 files at r12, 1 of 1 files at r13.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @NoName115)
I checked test coverage only. The rest was already reviewed. AFAIK all changes requested were already addressed and this can be merged, finally. |
Support for handling KeyUpdate post-handshake msg.
fixes #210
This change is