Statistical analysis

As cryptographic security depends on proper use of primitives, tests need to verify contents of parameters.

Tlsfuzzer allows collecting some of the parameters to perform the analysis later.

AES-GCM nonces

The AES-GCM construction in TLS 1.2 uses explicit nonces. Peers select the nonce themselves and send it to their peer.

Since reusing the nonce breaks the encryption, the peers must not do that.

To collect the nonces sent by peer, use the CollectNonces node. Place it right after encryption negotiation: after ExpectChangeCipherSpec node.

After executing the connection through runner, the passed in array has the nonces selected by the peer saved as binary strings—one for every record received.

See the script for example how to verify that they monotonically increase.

Saving cryptographic parameters

Unlike nonces, negotiation or advertising of other cryptographic parameters happens just once per connection. To save those parameters use the CopyVariables node. For full list of supported parameters see the class documentation, you can find definitions of the names in the TLS RFCs.

As a parameter this node accepts a dictionary in which keys specify names of parameters to collect. The node appends collected parameters to the values of the dictionary.

For example, to check the uniqueness of random values sent in ServerHello, use the following code:

collected_randoms = []
variables_check = {"ServerHello.random": collected_randoms}
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
node = node.add_child(ClientHelloGenerator(ciphers))
node = node.add_child(ExpectServerHello())
node = node.add_child(CopyVariables(variables_check))
node = node.add_child(Close())

runner = Runner(conversation)
runner = Runner(conversation)
assert collected_randoms[0] != collected_randoms[1]

You can use the same variables_check or collected_randoms with more than one CopyVariables, it appends new values to the arrays, it doesn’t replace the arrays.

You can find a usage example of it in:


Tlsfuzzer provides a simple function to verify uniqueness of parameters in such a dictionary: uniqueness_check().