Tls Helpers Module
- class mtf.network_port.tls.tls_helpers.ConnectCommand
Object used to initiate a TCP connection to a server.
This class handles the creation of a TCP socket and connects to a specified server, setting up the necessary configurations for further communication.
- __init__(src_address: str, src_port: int, dst_address: str, dst_port: int, version: tuple, timeout: float)
Initializes the connection parameters.
This method sets up the necessary parameters for establishing a network connection, including source and destination addresses and ports, protocol version, and timeout settings.
- Args:
src_address (str): The hostname or IP address of the source. src_port (int): The TCP port number to connect from. dst_address (str): The hostname or IP address of the server to connect to. dst_port (int): The TCP port number on the server to connect to. version (Optional[tuple], optional): The protocol version used in the TLS record layer
for the initial handshake messages. Defaults to the value specified in TLSConfigurator.record_version.
- timeout (float, optional): The timeout in seconds for the connection and subsequent
read/write operations. Defaults to the value specified in TLSConfigurator.time_out.
- Returns:
None: This method does not return a value.
- process(state: ConnectionState)
Establishes a connection to the server and prepares the socket for message exchange.
This method creates a TCP socket, connects to the specified server, and sets up the necessary socket options, such as disabling Nagle’s algorithm. It also wraps the socket in a BufferedSocket for more efficient I/O operations and sets up a Defragmenter for handling message fragmentation.
- Parameters:
state – An object representing the current state of the connection, where the connected socket and protocol version will be stored.
- cleanup()
Cleans up resources such as sockets to prevent resource leaks.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class mtf.network_port.tls.tls_helpers.AcceptConnection
Object used to accept an incoming TCP connection from a client.
This class listens on a specified hostname and port, accepts a connection from a client, and sets up the necessary configurations for further communication.
- __init__(hostname: str, port: int, version: tuple, timeout: float)
Initializes the server-side connection parameters.
- Parameters:
hostname (str) – The hostname or IP address to bind to for accepting connections.
port (int) – The TCP port number to listen on for incoming connections.
version (tuple(int, int)) – The protocol version used in the TLS record layer for the initial handshake messages. Defaults to (3, 0).
timeout (float) – The timeout in seconds for accepting the connection and subsequent read/write operations. Defaults to 5 seconds.
- process(state: ConnectionState)
Listens for and accepts an incoming connection from a client.
This method creates a TCP socket, binds it to the specified hostname and port, and listens for incoming connection requests. Upon accepting a connection, it disables Nagle’s algorithm, wraps the socket in a BufferedSocket for optimized I/O, and sets up a Defragmenter for handling message fragmentation.
- Parameters:
state – An object representing the current state of the connection, where the accepted socket and protocol version will be stored.
- cleanup()
Cleans up resources such as sockets to prevent resource leaks.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class mtf.network_port.tls.tls_helpers.TLSExtensionManager
A helper class for managing TLS extensions in the TLS context.
This class provides methods to add various TLS extensions to the context, including SNI, status request, and supported versions, among others.
- __init__()
- clear_extensions()
Clears all stored TLS extensions from the internal dictionary.
This method resets the extensions attribute to an empty dictionary, effectively removing all previously added extensions.
- add_sni_ext(server_name: str)
Adds a Server Name Indication (SNI) extension to the TLS context.
The SNI extension is used to indicate the hostname of the server that the client is attempting to connect to, enabling virtual hosting.
RFC6066 - Extension value: 0
- Args:
server_name (str): The server’s hostname.
- Example:
self.add_sni_ext(‘example.com’)
- add_status_request_ext(r_id_list: list[bytearray])
Adds a Status Request extension to the TLS context.
This extension is used to request the status of the certificate chain (e.g., OCSP stapling).
RFC6066 - Extension value: 5
- Args:
r_id_list (List[bytearray]): List of responder IDs.
- Example:
self.add_status_request_ext([bytearray(b’¢’) + bytearray([(i + 2) % 256] * 20) for i in range(625)])
- add_supported_groups_ext(groups: list[int])
Adds a Supported Groups (formerly Elliptic Curves) extension to the TLS context.
This extension indicates the supported groups (curves) for key exchange.
RFC8422 - Extension value: 10
- Args:
groups (List[int]): List of supported group identifiers.
- Example:
self.add_supported_groups_ext([GroupName.secp256r1, GroupName.secp384r1])
- add_point_formats_ext(point_formats: list[int])
Adds a Supported Point Formats extension to the TLS context.
This extension specifies the supported elliptic curve point formats.
RFC8442 - Extension value: 11
- Args:
- point_formats (List[int]): A list of elliptic curve point formats to add. Each format should
be an integer, such as ECPointFormat.uncompressed.
- Example:
self.add_point_formats_ext([ECPointFormat.uncompressed])
- add_srp_ext(name: str | bytearray)
Adds a Secure Remote Password (SRP) extension to the TLS context.
SRP is used for secure password-based authentication.
RFC5054 - Extension value: 12
- Args:
name (Union[str, bytearray]): SRP username, either as a string or a bytearray.
- Example:
self.add_srp_ext(‘user123’)
- add_signature_algorithms_ext(sig_algs: list[tuple[int, int]])
Adds a Signature Algorithms extension to the TLS context.
This extension specifies the supported signature algorithms.
RFC8446 - Extension value: 13
- Args:
- sig_algs (List[Tuple[int, int]]): A list of supported signature algorithm identifiers,
where each tuple contains two integers representing the hash algorithm and the signature algorithm.
- Example:
self.add_signature_algorithms_ext([(SignatureScheme.ecdsa_secp521r1_sha512, SignatureScheme.rsa_pss_rsae_sha256)])
- add_heartbeat_ext(mode: int)
Adds a Heartbeat extension to the TLS context.
The Heartbeat extension provides a keep-alive mechanism to test and maintain the connection.
RFC6520 - Extension value: 15
- Args:
mode (int): Heartbeat mode (1 for PeerAllowedToSend, 2 for PeerNotAllowedToSend).
- Example:
self.add_heartbeat_ext(1)
- add_alpn_ext(data: list[bytes])
Adds an Application-Layer Protocol Negotiation (ALPN) extension to the TLS context.
ALPN allows the application layer to negotiate which protocol to use over a TLS connection.
RFC7301 - Extension value: 16
- Args:
data (list[bytes]): List of supported protocols.
- Example:
self.add_alpn_ext([b’http/1.1’, b’h2’])
- add_padding_ext(padding_len: int)
Adds a Padding extension to the TLS context.
Padding is used to adjust the size of the ClientHello message to mitigate certain attacks.
RFC7685 - Extension value: 21
- Args:
padding_len (int): Length of the padding.
- Example:
self.add_padding_ext(10)
- add_record_size_limit_ext(size: int)
Adds a Record Size Limit extension to the TLS context.
This extension allows the client to specify the maximum record size it is willing to receive.
RFC8449 - Extension value: 28
- Args:
size (int): Maximum record size.
- Example:
self.add_record_size_limit_ext(65535)
- add_supported_versions_ext(versions_list: list[ProtocolVersion])
Adds a Supported Versions extension to the TLS context.
This extension specifies the versions of TLS supported by the client.
RFC8446 - Extension value: 43
- Args:
versions_list (list[ProtocolVersion]): List of supported TLS versions as ProtocolVersion enum members.
- Example:
self.add_supported_versions_ext([ProtocolVersion.TLS13, ProtocolVersion.TLS12, ProtocolVersion.TLS11])
- add_psk_identity_ext(psk_id: bytearray, psk_binder: int)
Adds a Pre-Shared Key (PSK) extension to the TLS context.
PSK is used for resuming sessions or fast-forwarding handshakes.
RFC8446 - Extension value: 41
- Args:
psk_id (bytearray): PSK identifier. psk_binder (int): PSK binder (HMAC) value.
- Example:
psk_id = bytearray([10]) psk_binder = 32 self.add_psk_identity_ext(psk_id, psk_binder)
- add_cookie_ext(cookie_payload)
Adds a Cookie extension to the TLS context.
Cookies are used in DTLS to prevent denial-of-service attacks.
RFC8446 - Extension value: 44
- Args:
cookie_payload (bytes): The cookie data.
- Example:
cookie_payload = b’test_cookie’ self.add_cookie_ext(cookie_payload)
- add_psk_exchange_ext(mode_list: list[int])
Adds a PSK Key Exchange Modes extension to the TLS context.
This extension specifies the key exchange modes allowed with PSK.
RFC8446 - Extension value: 45
- Args:
mode_list (list[int]): List of supported key exchange modes.
- Example:
mode_list = [PskKeyExchangeMode.psk_dhe_ke, PskKeyExchangeMode.psk_ke] self.add_psk_exchange_ext(mode_list)
- add_signature_algorithms_cert_ext()
Adds a Signature Algorithms Certificate extension to the TLS context.
This extension specifies the signature algorithms that can be used in certificates.
RFC8446 - Extension value: 50
Adds a Key Share extension to the TLS context.
This extension is used to facilitate key exchange in TLS 1.3.
RFC8446 - Extension value: 51
- Args:
group_id (int): Identifier of the supported group. key_share (bytearray): Key share data.
- Example:
group_id = 0x1300 key_share = bytearray(b’«’ * 32) self.add_key_share_ext(group_id, key_share)
- add_npn_ext(data: list[bytes])
Adds an unofficial Next Protocol Negotiation (NPN) extension to the TLS context.
NPN is used to negotiate the application protocol during the TLS handshake.
Note: This is an unofficial extension.
RFC xxxx - Extension value: 13172
- Args:
data (list[bytes]): List of supported protocols.
- Example:
data = [b’http/1.1’] self.add_npn_ext(data)
- add_renegotiation_indication_ext(data: bytes = b'')
Adds a Renegotiation Indication extension to the TLS context.
This extension is used to indicate whether renegotiation is supported.
RFC5746 - Extension value: 65281
- Args:
data (bytes, optional): Optional renegotiation data. Defaults to an empty byte string.
- Example:
self.add_renegotiation_indication_ext(b’some_data’)
- add_max_fragment_length_ext(max_length: bytearray)
Adds a Max Fragment Length extension to the TLS context.
RFC6066 - Extension value: 1
- Args:
- max_length (bytearray): The maximum fragment length, represented as a power of 2.
For example, a value of 2 represents 2^10 bytes.
- Example:
self.add_max_fragment_length_ext(2)
- add_user_mapping_ext(mapping_type: bytearray)
Adds a User Mapping extension to the TLS context.
RFC4681 - Extension value: 6
- Args:
mapping_type (bytearray): The user mapping type as a bytearray.
- Example:
self.add_user_mapping_ext(bytearray(b’’))
- add_client_authz_ext(authz_data: bytearray)
Adds a Client Authorization extension to the TLS context.
RFC5878 - Extension value: 7
- Args:
authz_data (bytearray): The client authorization data.
- Example:
self.add_client_authz_ext(bytearray(b’’))
- add_cert_type_ext(cert_type: bytearray)
Adds a Certificate Type extension to the TLS context.
RFC6091 - Extension value: 9
- Args:
cert_type (bytearray): The type of certificate.
- Example:
self.add_cert_type_ext(bytearray(b’'))
- add_use_srtp_ext(srtp_profiles: bytearray)
Adds a Use SRTP extension to the TLS context.
RFC5764 - Extension value: 14
- Args:
srtp_profiles (bytearray): The SRTP profiles to be used.
- Example:
self.add_use_srtp_ext(bytearray(b’’))
- add_status_request_v2_ext(status_data: bytearray)
Adds a Status Request V2 extension to the TLS context. This extension is used to request the status of the certificate chain, specifically
RFC6961 - Extension value: 17
- Args:
status_data (bytearray): Status request data.
- Example:
self.add_status_request_v2_ext(bytearray(b’'))
- add_client_cert_type_ext(cert_type: bytearray)
Adds a Client Certificate Type extension to the TLS context.
RFC7250 - Extension value: 19
- Args:
cert_type (bytearray): The client certificate type to be used.
- Example:
self.add_client_cert_type_ext(bytearray(b’'))
- add_server_cert_type_ext(cert_type: bytearray)
Adds a Server Certificate Type extension to the TLS context.
RFC7250 - Extension value: 20
- Args:
cert_type (bytearray): The server certificate type to be used.
- Example:
self.add_server_cert_type_ext(bytearray(b’'))
- add_compress_certificate_ext(compress_algorithms: bytearray)
Adds a Compress Certificate extension to the TLS context.
RFC8879 - Extension value: 27
- Args:
compress_algorithms (bytearray): The compression algorithms to be used.
- Example:
self.add_compress_certificate_ext(bytearray(b’’))
- add_connection_id_ext(conn_id: bytearray)
Adds a Connection ID extension to the TLS context.
RFC9146 - Extension value: 54
- Args:
conn_id (bytearray): The connection ID data.
- Example:
self.add_connection_id_ext(bytearray(b’'))
- add_external_id_hash_ext(external_id: bytearray)
Adds an External ID Hash extension to the TLS context.
Draft RFC - Extension value: 55
- Args:
external_id (bytearray): The external ID hash data.
- Example:
self.add_external_id_hash_ext(bytearray(b’'))
- add_external_session_id_ext(session_id: bytearray)
Adds an External Session ID extension to the TLS context.
Draft RFC - Extension value: 56
- Args:
session_id (bytearray): The external session ID data.
- Example:
self.add_external_session_id_ext(bytearray(b’'))
- add_quic_transport_parameters_ext(quic_params: bytearray)
Adds a QUIC Transport Parameters extension to the TLS context.
RFC9001 - Extension value: 57
- Args:
quic_params (bytearray): The QUIC transport parameters data.
- Example:
self.add_quic_transport_parameters_ext(bytearray(b’'))
- add_ticket_request_ext(request_param: bytearray)
Adds a Ticket Request extension to the TLS context.
This extension is used to request a ticket for session resumption or similar purposes.
Draft RFC - Extension value: 58
- Args:
request_param (bytearray): The ticket request parameters data.
- Example:
self.add_ticket_request_ext(bytearray(b’'))
- add_dnssec_chain_ext(chain_data: bytearray)
Adds a DNSSEC Chain extension to the TLS context.
Draft RFC - Extension value: 59
- Args:
chain_data (bytearray): The DNSSEC chain data.
- Example:
self.add_dnssec_chain_ext(bytearray(b’'))
- add_connection_id_deprecated_ext(conn_id: bytearray)
Adds a deprecated Connection ID extension to the TLS context.
RFC xxxx - Extension value: 53
- Args:
conn_id (bytearray): Deprecated Connection ID data.
- Example:
self.add_connection_id_deprecated_ext(bytearray(b’'))
- add_transparency_info_ext(transparency_data: bytearray)
Adds a Transparency Info extension to the TLS context.
This extension is used for Certificate Transparency, which helps in detecting fraudulent certificates.
RFC xxxx - Extension value: 52
- Args:
transparency_data (bytearray): Transparency information data.
- Example:
self.add_transparency_info_ext(bytearray(b’’))
- add_encrypt_then_mac_ext(data: bytearray)
Adds an Encrypt-Then-MAC extension to the TLS context.
This extension specifies the use of Encrypt-Then-MAC as a security mechanism.
RFC xxxx - Extension value: 22
- Args:
data (bytearray): Encrypt-Then-MAC data.
- Example:
self.add_encrypt_then_mac_ext(bytearray(b’'))
- add_extended_master_secret_ext(master_secret: bytearray)
Adds an Extended Master Secret extension to the TLS context.
This extension allows the use of an extended master secret to enhance security against certain attacks.
RFC5077 - Extension value: 23
- Args:
master_secret (bytearray): extended master secret.
- Example:
self.add_extended_master_secret_ext(bytearray(b’'))
- add_session_ticket_ext(ticket_data: bytearray)
Adds a Session Ticket extension to the TLS context.
This extension allows for session resumption by using a session ticket.
RFC xxxx - Extension value: 35
- Args:
ticket_data (bytearray): Session ticket data.
- Example:
self.add_session_ticket_ext(bytearray(b’'))
- add_extended_random_ext(random_data: bytearray)
Adds an Extended Random extension to the TLS context.
This extension extends the random data used in the handshake to improve security.
Draft RFC - Extension value: 40
- Args:
random_data (bytearray): Extended random data.
- Example:
self.add_extended_random_ext(bytearray(b’'))
- add_early_data_ext(early_data: bytearray)
Adds an Early Data extension to the TLS context.
This extension is used to negotiate and send early data before the handshake completes.
RFC8446 - Extension value: 42
- Args:
early_data (bytearray): Early data to be sent.
- Example:
self.add_early_data_ext(bytearray(b’'))
- add_post_handshake_auth_ext(authentication: bytearray)
Adds a Post-Handshake Authentication extension to the TLS context.
This extension allows for authentication after the initial handshake has been completed.
RFC8446 - Extension value: 49
- Args:
authentication (bytearray): authentication
- Example:
self.add_post_handshake_auth_ext()
- add_extension(ext_value: int | TlsExtensionType)
Adds the specified extension with dummy data to the TLS context.
This method automatically selects and adds an extension based on the provided extension value, using predefined dummy data where applicable.
- Args:
ext_value (Union[int, TlsExtensionType]): The extension number or type to be added.
- class mtf.network_port.tls.tls_helpers.ExpectClientHello
A class that processes the ClientHello message during a TLS handshake.
This class inherits from ExpectHandshake and is responsible for handling the ClientHello message as defined in the TLS protocol. The ClientHello message is the first message sent by the client to initiate the handshake.
- Attributes:
- client_ciphers (dict, optional): A dictionary to store the cipher suites
offered by the client.
- __init__(client_ciphers=None)
Initializes the ExpectClientHello handler.
- Args:
- client_ciphers (dict, optional): A dictionary to store the cipher suites
offered by the client. Defaults to None.
- process(state: ConnectionState, msg: Message)
Processes the ClientHello message received from the client.
This method asserts that the message is of the expected type and parses the ClientHello message. It extracts and stores the client’s cipher suites and TLS version in the provided state object. Additionally, it updates the handshake messages and hashes within the state.
- Args:
- state (object): The current state of the TLS connection, which will
be updated based on the parsed ClientHello message.
msg (object): The message object containing the ClientHello data.
- Raises:
- AssertionError: If the message type does not match the expected
ContentType or HandshakeType.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class mtf.network_port.tls.tls_helpers.ServerHelloGenerator
Generator for TLS handshake protocol ‘Server Hello’ messages.
This class is responsible for constructing and generating ‘Server Hello’ messages during the TLS handshake process, based on the specified configuration such as supported ciphers, extensions, and protocol version.
- Attributes:
version (Optional[ProtocolVersion]): The TLS version to use in the Server Hello message. ciphers (List[Any]): A list of supported cipher suites. extensions (Optional[Dict[TlsExtensionType, Union[Callable, TLSExtension]]]):
A dictionary mapping extension types to their corresponding generators or objects.
session_id (Optional[bytes]): The session ID to include in the Server Hello message. random (Optional[bytes]): Random data for the Server Hello message. compression (List[int]): A list of supported compression methods (typically [0]). ssl2 (bool): Flag indicating whether to use SSLv2-compatible format. modifiers (Optional[List[Callable]]): A list of modifier functions for custom processing.
- __init__(ciphers: List[Any] | None = None, extensions: dict[TlsExtensionType, Callable | TLSExtension] | None = None, version: ProtocolVersion | None = None, session_id: bytearray | None = None, random: bytearray | None = None, compression: List[int] | None = None, ssl2: bool = False, modifiers: List[Callable] | None = None)
Initializes the ServerHelloGenerator with the given parameters.
- Args:
ciphers (Optional[List[Any]]): List of cipher suites to include in the Server Hello. extensions (Optional[Dict[TlsExtensionType, Union[Callable, TLSExtension]]]):
Dictionary of extensions to include.
version (Optional[ProtocolVersion]): The TLS version to use. session_id (Optional[bytearray]): The session ID for the Server Hello. random (Optional[bytearray]): Random data for the Server Hello. compression (Optional[List[int]]): Supported compression methods. ssl2 (bool): If True, generates SSLv2-compatible messages. modifiers (Optional[List[Callable]]): List of functions to modify the message.
- generate(state: ConnectionState)
Generates the Server Hello message based on the current state and configuration.
- Args:
state (ConnectionState): The current state of the handshake process.
- Returns:
ServerHello: The generated Server Hello message.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Update handshake hashes after sending.
- class mtf.network_port.tls.tls_helpers.ServerHelloDoneGenerator
Generator for TLS handshake protocol Server Hello Done messages.
This class is responsible for generating the Server Hello Done message in the TLS handshake process. The Server Hello Done message indicates that the server has finished its part of the negotiation.
- Attributes:
- version (Optional[ProtocolVersion]): The version of the TLS protocol to use.
If None, the version from the client’s state will be used.
ssl2 (bool): A flag indicating whether SSLv2 should be supported. modifiers (Optional[List[Callable]]): A list of functions that modify the
handshake message or its state.
- __init__(version: ProtocolVersion | None = None, ssl2: bool = False, modifiers: List[Callable] | None = None)
Initialize the ServerHelloDoneGenerator.
- Args:
- version (Optional[ProtocolVersion]): The TLS version to use. Defaults to None,
meaning the client’s version will be used.
- ssl2 (bool): Whether to generate a Server Hello Done message compatible
with SSLv2. Defaults to False.
- modifiers (Optional[List[Callable]]): A list of modifier functions to apply
to the handshake message or state.
- generate(state: ConnectionState)
Generate a Server Hello Done message.
This method creates the Server Hello Done message, which is sent by the server to indicate the end of its part in the TLS handshake.
- Args:
- state: The current state of the handshake, containing relevant
information such as client version.
- Returns:
ServerHelloDone: The generated Server Hello Done message.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Update handshake hashes after sending.
- class mtf.network_port.tls.tls_helpers.ServerKeyExchange
Handles TLS Handshake protocol Server Key Exchange messages.
This class is responsible for creating, serializing, and deserializing Server Key Exchange messages, which are used in the TLS handshake process to exchange cryptographic parameters between the server and the client.
- __init__(version: ProtocolVersion | None = None, identity: bytes | None = None)
Initialize the Server Key Exchange message.
- Args:
version (Optional[ProtocolVersion]): The TLS version being used. identity (Optional[bytes]): The server’s cryptographic identity, typically
an integer derived from a public key or other cryptographic material.
- parse(parser: Parser)
Deserialize the Server Key Exchange message from a Parser.
- Args:
parser (Parser): The parser to read data from.
- Returns:
ServerKeyExchange: The parsed Server Key Exchange message.
- write()
Serialize the Server Key Exchange message into a bytearray.
- Returns:
bytearray: The serialized Server Key Exchange message.
- create()
Create a new Server Key Exchange message.
- Returns:
ServerKeyExchange: The newly created Server Key Exchange message.
- postWrite(w)
- class mtf.network_port.tls.tls_helpers.ServerKeyExchangeGenerator
Generator for TLS handshake protocol Server Key Exchange messages.
- __init__(version: ProtocolVersion | None = None, identity: bytes | None = None)
Initialize the ServerKeyExchangeGenerator.
- Args:
version (Optional[ProtocolVersion]): The TLS version being used for the handshake. identity (Optional[bytes]): The server’s cryptographic identity, typically
an integer derived from a public key or other cryptographic material.
- generate(state: ConnectionState)
Generate a Server Key Exchange message.
This method creates and returns a ServerKeyExchange message based on the provided TLS version and identity.
- Args:
- state: The current state of the TLS handshake, typically containing
information such as client version, random data, etc.
- Returns:
ServerKeyExchange: The generated Server Key Exchange message.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Update handshake hashes after sending.
- class mtf.network_port.tls.tls_helpers.ClientKeyExchange
Represents the TLS Handshake protocol Client Key Exchange message.
This message is used by the client to provide key exchange information to the server as part of the TLS handshake.
- Attributes:
version (Optional[ProtocolVersion]): The TLS version used for the handshake. identity (Optional[bytes]): The client’s cryptographic identity, often
containing key exchange material.
- __init__(version: ProtocolVersion | None = None, identity: bytes | None = None)
Initialize the ClientKeyExchange message.
- Args:
version (Optional[ProtocolVersion]): The TLS version for the handshake. identity (Optional[bytes]): The client’s cryptographic identity or key exchange data.
- parse(parser: Parser)
Deserialize the message from a Parser object.
- Args:
parser (Parser): The parser used to read and extract data.
- Returns:
ClientKeyExchange: The current instance with data populated from the parser.
- write()
Serialize the message into a bytearray.
- Returns:
bytearray: The serialized message.
- create()
Create a new ClientKeyExchange message instance.
- Returns:
ClientKeyExchange: The new instance of the ClientKeyExchange message.
- postWrite(w)
- class mtf.network_port.tls.tls_helpers.ExpectClientKeyExchange
Processor for the TLS Handshake protocol Client Key Exchange message.
This class handles the receipt and processing of the Client Key Exchange message during the TLS handshake.
- Attributes:
version (Optional[ProtocolVersion]): The expected TLS version for the handshake. identity (Optional[bytes]): The expected client’s cryptographic identity or key exchange data.
- __init__(version: ProtocolVersion | None = None, identity: bytes | None = None)
Initialize the ExpectClientKeyExchange processor.
- Args:
version (Optional[ProtocolVersion]): The expected TLS version for the handshake. identity (Optional[bytes]): The expected client’s cryptographic identity or key exchange data.
- process(state: ConnectionState, msg: Message)
Process the received Client Key Exchange message.
- Args:
state (ConnectionState): The current handshake state containing version and handshake messages. msg (Message): The message containing the Client Key Exchange data.
- Raises:
AssertionError: If the message content type or handshake type does not match expected values.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class mtf.network_port.tls.tls_helpers.ExpectFinishedNoVerify
Processor for the TLS handshake protocol Finished message.
This class handles the receipt and processing of the Finished message during the TLS handshake. In TLS 1.3, this message triggers the start of sending records encrypted with the client_handshake_traffic_secret keys and expects records to be encrypted with the server_application_traffic_secret keys.
- Attributes:
version (Optional[ProtocolVersion]): The expected TLS version for the handshake.
- __init__(version: ProtocolVersion | None = None)
Set the type of message
- process(state: ConnectionState, msg: Message)
Process the received Finished message.
This method parses the Finished message and updates the connection state with the received message. It also updates the handshake hashes with the message data.
- Args:
state (ConnectionState): The current connection state containing version and handshake messages. msg (Message): The message containing the Finished data.
- Raises:
AssertionError: If the message content type or handshake type does not match expected values.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message