scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

Can we provide more comprehensive support for post handshake authentication for tls1.3 client?

Open jiuyuan-light opened this issue 2 years ago • 1 comments

1、The following issues all occur after the certificate request packet appears in the server finish packet.see file1. 2、If the certificate packet does not provide a Certificate Request Context, some servers may send a "Decode Error" alert message(There is this issue with using Python SSL, and I'm not sure if OpenSSL also has this issue).see file2. 3、TLS13NewSessionTicket messages should not participate in MAC calculations, otherwise the server will send "Decrypt Error" alert message.see file3. 4、If the certificate request packet is after the serve finish packet, the basekey used in hkdf.compute_verify_data should use client_traffic_secrets[i], not client_handshake_traffic_secret, otherwise the server will send "Decrypt Error" alert message.see file4. 5、After solving the above problem, when I send application data, the server will respond with an alert "Bad Record MAC". This is because tls_session.wcs.seq_num was reset to zero during the post_build of TLS13.see file5.

I have used temporary solutions to solve all the above problems, but I have not fully understood the specifications of TLS1.3.Therefore, can anyone provide assistance in optimizing these codes?

All the files I use can be found in the attached file: An SSL server on ssl_server_by_pylib.py file, an SSL client in test_tls13_client.py file, private key and certificate in *rsa* file, packet capture file in file*,temporary code scheme can be found in patch file. file.zip

jiuyuan-light avatar Jul 25 '23 09:07 jiuyuan-light

Scapy version

2.5.0

Python version

3.11.2

Operating system

win10

Additional environment information

No response

How to reproduce

No response

Actual result

No response

Expected result

No response

Related resources

No response

jiuyuan-light avatar Jul 25 '23 10:07 jiuyuan-light

Thanks a lot for this very detailed issue, and sorry for the long delay.

I've implemented your submission in https://github.com/secdev/scapy/pull/4295 (with some tweaks. e.g. for 5, it's because the key computation shouldn't happen in TlsFinished during post-handshake), feel free to have a look.

gpotter2 avatar Feb 20 '24 22:02 gpotter2