SRP_SHA_RSA are implemented incorrectly #103

tomato42 · 2015-06-07T11:03:16Z

Current code in messages.py:

    def write(self):
        w = Writer()
        if self.cipherSuite in CipherSuite.srpAllSuites:
            w.addVarSeq(numberToByteArray(self.srp_N), 1, 2)
            w.addVarSeq(numberToByteArray(self.srp_g), 1, 2)
            w.addVarSeq(self.srp_s, 1, 1)
            w.addVarSeq(numberToByteArray(self.srp_B), 1, 2)
            if self.cipherSuite in CipherSuite.srpCertSuites:
                w.addVarSeq(self.signature, 1, 2)
        elif self.cipherSuite in CipherSuite.anonSuites:
            w.addVarSeq(numberToByteArray(self.dh_p), 1, 2)
            w.addVarSeq(numberToByteArray(self.dh_g), 1, 2)
            w.addVarSeq(numberToByteArray(self.dh_Ys), 1, 2)
            if self.cipherSuite in []: # TODO support for signed_params
                w.addVarSeq(self.signature, 1, 2)
        return self.postWrite(w)

    def hash(self, clientRandom, serverRandom):
        oldCipherSuite = self.cipherSuite
        self.cipherSuite = None
        try:
            bytes = clientRandom + serverRandom + self.write()[4:]
            return MD5(bytes) + SHA1(bytes)
        finally:
            self.cipherSuite = oldCipherSuite

will cause the hash to not include the set SRP parameters (note the self.cipherSuite = None line), also, the signature algorithm is incorrect for TLSv1.2 protocol

The text was updated successfully, but these errors were encountered:

trevp · 2015-08-03T23:51:08Z

Fixed SRP. But not TLS 1.2, yet.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SRP_SHA_RSA are implemented incorrectly #103

SRP_SHA_RSA are implemented incorrectly #103

tomato42 commented Jun 7, 2015

trevp commented Aug 3, 2015

SRP_SHA_RSA are implemented incorrectly #103

SRP_SHA_RSA are implemented incorrectly #103

Comments

tomato42 commented Jun 7, 2015

trevp commented Aug 3, 2015