corrections

tlsfuzzer · May 9, 2024 · de34b15 · de34b15
1 parent 076956c
commit de34b15
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 27 deletions.
diff --git a/scripts/tls.py b/scripts/tls.py
@@ -416,8 +416,6 @@ def clientCmd(argv):
     if cipherlist:
         settings.cipherNames = [item for cipher in cipherlist
                                 for item in cipher.split(',')]
-    # CHANGED
-    settings.ec_point_formats = []
     try:
         start = time_stamp()
         if username and password:
@@ -570,9 +568,6 @@ def serverCmd(argv):
     if cipherlist:
         settings.cipherNames = [item for cipher in cipherlist
                                 for item in cipher.split(',')]
-    # CHANGED
-
-    settings.ec_point_formats = [2, 0]
 
     class MySimpleEchoHandler(BaseRequestHandler):
         def handle(self):

diff --git a/tests/tlstest.py b/tests/tlstest.py
@@ -307,9 +307,10 @@ def connect():
     settings.minVersion = (3, 3)
     settings.maxVersion = (3, 3)
     settings.eccCurves = ["secp256r1", "secp384r1", "secp521r1", "x25519", "x448"]
+    settings.ec_point_formats = [ECPointFormat.ansiX962_compressed_prime, ECPointFormat.uncompressed]
     connection.handshakeClientCert(settings=settings)
     testConnClient(connection)
-    assert connection.session.ec_point_format == ECPointFormat.ansiX962_compressed_char2
+    assert connection.session.ec_point_format == ECPointFormat.ansiX962_compressed_prime
     connection.close()
 
     test_no += 1
@@ -2213,10 +2214,12 @@ def connect():
     settings.minVersion = (3, 1)
     settings.maxVersion = (3, 3)
     settings.eccCurves = ["secp256r1", "secp384r1", "secp521r1", "x25519", "x448"]
+    settings.ec_point_formats = [ECPointFormat.ansiX962_compressed_prime, ECPointFormat.uncompressed]
     connection.handshakeServer(certChain=x509ecdsaChain,
                             privateKey=x509ecdsaKey, settings=settings)
     testConnServer(connection)
-    assert connection.session.ec_point_format == ECPointFormat.ansiX962_compressed_char2
+    print(connection.session.ec_point_format)
+    assert connection.session.ec_point_format == ECPointFormat.ansiX962_compressed_prime
     connection.close()
 
     test_no +=1

diff --git a/tlslite/handshakesettings.py b/tlslite/handshakesettings.py
@@ -358,7 +358,7 @@ class HandshakeSettings(object):
         influences selected cipher suites.
 
     :vartype ec_point_formats: list
-    :ivat ec_point_formats: Enabeled point format extension for
+    :ivar ec_point_formats: Enabled point format extension for
      elliptic curves.
     """
 
@@ -606,11 +606,11 @@ def _sanityCheckExtensions(other):
         if other.record_size_limit is not None and \
                 not 64 <= other.record_size_limit <= 2**14 + 1:
             raise ValueError("record_size_limit cannot exceed 2**14+1 bytes")
-        
+
         bad_ec_ext = [i for i in other.ec_point_formats if
                       i not in EC_POINT_FORMATS]
         if bad_ec_ext:
-            raise ValueError("Unknown ec point format extension: "
+            raise ValueError("Unknown EC point format provided: "
                              "{0}".format(bad_ec_ext))
 
         HandshakeSettings._sanityCheckEMSExtension(other)

diff --git a/tlslite/session.py b/tlslite/session.py
@@ -74,8 +74,7 @@ class Session(object):
         from the server
 
     :vartype ec_point_format: int
-    :ivar ec_point_format: used ec point extension format; 
-        created for testing
+    :ivar ec_point_format: used EC point format for the ECDH key exchange; 
     """
 
     def __init__(self):

diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
@@ -659,8 +659,9 @@ def _handshakeClientAsyncHelper(self, srpParams, certParams, anonParams,
         ext_s = serverHello.getExtension(ExtensionType.ec_point_formats)
         ext_ec_point = ECPointFormat.uncompressed
         if ext_c and ext_s:
-            ext_ec_point = [i for i in ext_c.formats \
-                        if i in ext_s.formats][0]
+            ext_ec_point = next((i for i in ext_c.formats \
+                                 if i in ext_s.formats), \
+                                    ECPointFormat.uncompressed)
 
         # Create the session object which is used for resumptions
         self.session = Session()
@@ -771,9 +772,6 @@ def _clientSendClientHello(self, settings, session, srpUsername,
             if settings.ec_point_formats:
                 extensions.append(ECPointFormatsExtension().\
                                 create(settings.ec_point_formats))
-            else:
-                extensions.append(ECPointFormatsExtension().\
-                                create(list([ECPointFormat.uncompressed])))
         # Advertise FFDHE groups if we have DHE ciphers
         if next((cipher for cipher in cipherSuites
                  if cipher in CipherSuite.dhAllSuites), None) is not None:
@@ -2282,9 +2280,6 @@ def _handshakeServerAsyncHelper(self, verifierDB,
             if settings.ec_point_formats:
                 extensions.append(ECPointFormatsExtension().
                                 create(settings.ec_point_formats))
-            else:
-                extensions.append(ECPointFormatsExtension().\
-                                create(list([ECPointFormat.uncompressed])))
 
         # if client sent Heartbeat extension
         if clientHello.getExtension(ExtensionType.heartbeat):
@@ -2429,7 +2424,9 @@ def _handshakeServerAsyncHelper(self, verifierDB,
         ext_s = serverHello.getExtension(ExtensionType.ec_point_formats)
         ext_ec_point = ECPointFormat.uncompressed
         if ext_c and ext_s:
-            ext_ec_point = [i for i in ext_c.formats if i in ext_s.formats][0]
+            ext_ec_point = next((i for i in ext_c.formats \
+                                 if i in ext_s.formats),\
+                                      ECPointFormat.uncompressed)
 
         # We'll update the session master secret once it is calculated
         # in _serverFinished

diff --git a/unit_tests/test_tlslite_keyexchange.py b/unit_tests/test_tlslite_keyexchange.py
@@ -18,23 +18,22 @@
 from tlslite.handshakesettings import HandshakeSettings
 from tlslite.messages import ServerHello, ClientHello, ServerKeyExchange,\
         CertificateRequest, ClientKeyExchange
-from tlslite.constants import CipherSuite, CertificateType, AlertDescription, \
+from tlslite.constants import CipherSuite, CertificateType, \
         HashAlgorithm, SignatureAlgorithm, GroupName, ECCurveType, \
-        SignatureScheme, ECPointFormat
-from tlslite.errors import TLSLocalAlert, TLSIllegalParameterException, \
+        SignatureScheme
+from tlslite.errors import TLSIllegalParameterException, \
         TLSDecryptionFailed, TLSInsufficientSecurity, TLSUnknownPSKIdentity, \
         TLSInternalError, TLSDecodeError
 from tlslite.x509 import X509
 from tlslite.x509certchain import X509CertChain
 from tlslite.utils.keyfactory import parsePEMKey
-from tlslite.utils.codec import Parser, Writer
+from tlslite.utils.codec import Parser
 from tlslite.utils.cryptomath import bytesToNumber, getRandomBytes, powMod, \
         numberToByteArray, isPrime, numBytes
 from tlslite.mathtls import makeX, makeU, makeK, goodGroupParameters
 from tlslite.handshakehashes import HandshakeHashes
 from tlslite import VerifierDB
-from tlslite.extensions import SupportedGroupsExtension, SNIExtension, \
-        ECPointFormatsExtension
+from tlslite.extensions import SupportedGroupsExtension, SNIExtension
 from tlslite.utils.ecc import getCurveByName, getPointByteSize
 from tlslite.utils.compat import a2b_hex
 import ecdsa