Merge pull request #341 from tomato42/key-update-support

Post handshake KeyUpdate support

Author: tomato42

Makefile

@@ -92,20 +92,21 @@ endif
 	pylint --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}" tlslite > pylint_report.txt || :
 	diff-quality --violations=pylint --fail-under=90 pylint_report.txt
 ifdef COVERAGE2
-	coverage2 combine --append
+	coverage2 combine --append .coverage .coverage.2.server .coverage.2.client
 	coverage2 report -m
 	coverage2 xml
 	diff-cover --fail-under=90 coverage.xml
 endif
 ifdef COVERAGE3
+	coverage2 combine --append .coverage .coverage.3.server .coverage.3.client
 	coverage3 report -m
 	coverage3 xml
 	diff-cover --fail-under=90 coverage.xml
 endif
 ifndef COVERAGE2
 ifndef COVERAGE3
 ifdef COVERAGE
-	coverage combine --append
+	coverage combine --append .coverage .coverage.server .coverage.client
 	coverage report -m
 	coverage xml
 	diff-cover --fail-under=90 coverage.xml

scripts/tls.py

@@ -37,6 +37,7 @@
 from tlslite.utils.compat import b2a_hex, a2b_hex, time_stamp
 from tlslite.utils.dns_utils import is_valid_hostname
 from tlslite.utils.cryptomath import getRandomBytes
+from tlslite.constants import KeyUpdateMessageType
 
 try:
     from tack.structures.Tack import Tack
@@ -530,10 +531,22 @@ def serverCmd(argv):
         settings.maxVersion = max_ver
     settings.virtual_hosts = virtual_hosts
 
-    class MySimpleHTTPHandler(SimpleHTTPRequestHandler):
+    class MySimpleHTTPHandler(SimpleHTTPRequestHandler, object):
         """Buffer the header and body of HTTP message."""
         wbufsize = -1
 
+        def do_GET(self):
+            """Simple override to send KeyUpdate to client."""
+            if self.path.startswith('/keyupdate'):
+                for i in self.connection.send_keyupdate_request(
+                        KeyUpdateMessageType.update_requested):
+                    if i in (0, 1):
+                        continue
+                    else:
+                        raise ValueError("Invalid return from "
+                                         "send_keyupdate_request")
+            return super(MySimpleHTTPHandler, self).do_GET()
+
     class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn, HTTPServer):
         def handshake(self, connection):
             print("About to handshake...")
@@ -588,7 +601,7 @@ def handshake(self, connection):
                     return False
                 else:
                     raise
-                
+
             connection.ignoreAbruptClose = True
             printGoodConnection(connection, stop-start)
             printExporter(connection, expLabel, expLength)

tests/tlstest.py

@@ -44,6 +44,7 @@
     from xmlrpc import client as xmlrpclib
 import ssl
 from tlslite import *
+from tlslite.constants import KeyUpdateMessageType
 
 try:
     from tack.structures.Tack import Tack
@@ -77,10 +78,18 @@ def testConnClient(conn):
     conn.write(b10)
     conn.write(b100)
     conn.write(b1000)
-    assert(conn.read(min=1, max=1) == b1)
-    assert(conn.read(min=10, max=10) == b10)
-    assert(conn.read(min=100, max=100) == b100)
-    assert(conn.read(min=1000, max=1000) == b1000)
+    r1 = conn.read(min=1, max=1)
+    assert len(r1) == 1
+    assert r1 == b1
+    r10 = conn.read(min=10, max=10)
+    assert len(r10) == 10
+    assert r10 == b10
+    r100 = conn.read(min=100, max=100)
+    assert len(r100) == 100
+    assert r100 == b100
+    r1000 = conn.read(min=1000, max=1000)
+    assert len(r1000) == 1000
+    assert r1000 == b1000
 
 def clientTestCmd(argv):
 
@@ -1203,6 +1212,51 @@ def heartbeat_response_check(message):
 
     test_no += 1
 
+    print("Test {0} - KeyUpdate from client in TLSv1.3".format(test_no))
+    assert synchro.recv(1) == b'R'
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.maxVersion = (3, 4)
+    connection.handshakeClientCert(serverName=address[0], settings=settings)
+    assert synchro.recv(1) == b'K'
+    for i in connection.send_keyupdate_request(KeyUpdateMessageType.update_requested):
+        assert i in (0, 1)
+    assert synchro.recv(1) == b'K'
+    testConnClient(connection)
+    connection.close()
+
+    test_no += 1
+
+    print("Test {0} - mutual KeyUpdates in TLSv1.3".format(test_no))
+    assert synchro.recv(1) == b'R'
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.maxVersion = (3, 4)
+    connection.handshakeClientCert(serverName=address[0], settings=settings)
+    for i in connection.send_keyupdate_request(KeyUpdateMessageType.update_requested):
+        assert i in (0, 1)
+    testConnClient(connection)
+    synchro.send(b'R')
+    connection.close()
+
+    test_no += 1
+
+    print("Test {0} - multiple mutual KeyUpdates in TLSv1.3".format(test_no))
+    assert synchro.recv(1) == b'R'
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.maxVersion = (3, 4)
+    connection.handshakeClientCert(serverName=address[0], settings=settings)
+    for i in connection.send_keyupdate_request(KeyUpdateMessageType.update_requested):
+        assert i in (0, 1)
+    for i in connection.send_keyupdate_request(KeyUpdateMessageType.update_requested):
+        assert i in (0, 1)
+    testConnClient(connection)
+    synchro.send(b'R')
+    connection.close()
+
+    test_no += 1
+
     print('Test {0} - good standard XMLRPC https client'.format(test_no))
     address = address[0], address[1]+1
     synchro.recv(1)
@@ -2274,8 +2328,53 @@ def heartbeat_response_check(message):
 
     test_no += 1
 
+    print("Test {0} - KeyUpdate from client in TLSv1.3".format(test_no))
+    synchro.send(b'R')
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.maxVersion = (3, 4)
+    connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
+                               settings=settings)
+    synchro.send(b'K')
+    synchro.send(b'K')
+    testConnServer(connection)
+    connection.close()
+
+    test_no += 1
+
+    print("Test {0} - mutual KeyUpdates in TLSv1.3".format(test_no))
+    synchro.send(b'R')
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.maxVersion = (3, 4)
+    connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
+                               settings=settings)
+    for i in connection.send_keyupdate_request(KeyUpdateMessageType.update_requested):
+        assert i in (0, 1)
+    testConnServer(connection)
+    assert synchro.recv(1) == b'R'
+    connection.close()
+
+    test_no += 1
+
+    print("Test {0} - multiple mutual KeyUpdates in TLSv1.3".format(test_no))
+    synchro.send(b'R')
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.maxVersion = (3, 4)
+    connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
+                               settings=settings)
+    for i in connection.send_keyupdate_request(KeyUpdateMessageType.update_requested):
+        assert i in (0, 1)
+    for i in connection.send_keyupdate_request(KeyUpdateMessageType.update_requested):
+        assert i in (0, 1)
+    testConnServer(connection)
+    assert synchro.recv(1) == b'R'
+    connection.close()
+
+    test_no += 1
+
     print("Tests {0}-{1} - XMLRPXC server".format(test_no, test_no + 2))
-    test_no += 2
 
     address = address[0], address[1]+1
     class Server(TLSXMLRPCServer):
@@ -2306,6 +2405,7 @@ def add(self, x, y): return x + y
 
     synchro.close()
     synchroSocket.close()
+    test_no += 2
 
     print("Test succeeded")
 

tlslite/constants.py

@@ -125,6 +125,7 @@ class HandshakeType(TLSEnum):
     client_key_exchange = 16
     finished = 20
     certificate_status = 22
+    key_update = 24  # TLS 1.3
     next_protocol = 67
     message_hash = 254  # TLS 1.3
 
@@ -409,6 +410,13 @@ class HeartbeatMessageType(TLSEnum):
     heartbeat_response = 2
 
 
+class KeyUpdateMessageType(TLSEnum):
+    """Types of keyupdate messages from RFC 8446"""
+
+    update_not_requested = 0
+    update_requested = 1
+
+
 class AlertLevel(TLSEnum):
     """Enumeration of TLS Alert protocol levels"""
 

tlslite/messages.py

@@ -2329,3 +2329,35 @@ def _message_type(self):
     def __str__(self):
         """Return human readable representation of heartbeat message."""
         return "heartbeat {0}".format(self._message_type)
+
+
+class KeyUpdate(HandshakeMsg):
+    """
+    Handling KeyUpdate message from RFC 8446
+
+    @type message_type: int
+    @ivar message_type: type of message (update_not_requested or
+                                         update_requested)
+    """
+
+    def __init__(self):
+        super(KeyUpdate, self).__init__(HandshakeType.key_update)
+        self.message_type = 0
+
+    def create(self, message_type):
+        """Create KeyUpdate message with selected parameter."""
+        self.message_type = message_type
+        return self
+
+    def parse(self, p):
+        """Deserialize keyupdate message from parser."""
+        p.startLengthCheck(3)
+        self.message_type = p.get(1)
+        p.stopLengthCheck()
+        return self
+
+    def write(self):
+        """Serialise keyupdate message."""
+        writer = Writer()
+        writer.add(self.message_type, 1)
+        return self.postWrite(writer)

tlslite/recordlayer.py

@@ -1316,3 +1316,55 @@ def calcTLS1_3PendingState(self, cipherSuite, cl_traffic_secret,
         else:
             self._pendingWriteState = serverPendingState
             self._pendingReadState = clientPendingState
+
+    def _calcTLS1_3KeyUpdate(self, cipherSuite, app_secret):
+        prf_name, prf_length = ('sha384', 48) if cipherSuite \
+                                in CipherSuite.sha384PrfSuites \
+                                else ('sha256', 32)
+        key_length, iv_length, cipher_func = \
+            self._getCipherSettings(cipherSuite)
+        iv_length = 12
+
+        new_app_secret = HKDF_expand_label(app_secret,
+                                           b"traffic upd", b"",
+                                           prf_length,
+                                           prf_name)
+        new_state = ConnectionState()
+        new_state.macContext = None
+        new_state.encContext = \
+            cipher_func(HKDF_expand_label(new_app_secret,
+                                          b"key", b"",
+                                          key_length,
+                                          prf_name),
+                        None)
+        new_state.fixedNonce = HKDF_expand_label(new_app_secret,
+                                                 b"iv", b"",
+                                                 iv_length,
+                                                 prf_name)
+        return new_app_secret, new_state
+
+    def calcTLS1_3KeyUpdate_sender(self, cipherSuite, cl_app_secret,
+                                   sr_app_secret):
+        if self.client:
+            new_sr_app_secret, server_state = self._calcTLS1_3KeyUpdate(
+                cipherSuite, sr_app_secret)
+            self._readState = server_state
+            return cl_app_secret, new_sr_app_secret
+        else:
+            new_cl_app_secret, client_state = self._calcTLS1_3KeyUpdate(
+                cipherSuite, cl_app_secret)
+            self._readState = client_state
+            return new_cl_app_secret, sr_app_secret
+
+    def calcTLS1_3KeyUpdate_reciever(self, cipherSuite, cl_app_secret,
+                                     sr_app_secret):
+        if self.client:
+            new_cl_app_secret, client_state = self._calcTLS1_3KeyUpdate(
+                cipherSuite, cl_app_secret)
+            self._writeState = client_state
+            return new_cl_app_secret, sr_app_secret
+        else:
+            new_sr_app_secret, server_state = self._calcTLS1_3KeyUpdate(
+                cipherSuite, sr_app_secret)
+            self._writeState = server_state
+            return cl_app_secret, new_sr_app_secret