def test_very_long_numbers(self):
self.assertEqual(bytesToNumber(bytearray(b'\x00' * 16 + b'\x80')),
0x80)
self.assertEqual(bytesToNumber(bytearray(b'\x80' + b'\x00' * 16)),
1<<(8 * 16 + 7))
self.assertEqual(bytesToNumber(bytearray(b'\xff'*16)),
(1<<(8*16))-1)
def test_very_long_numbers(self):
self.assertEqual(bytesToNumber(bytearray(b'\x00' * 16 + b'\x80')),
0x80)
self.assertEqual(bytesToNumber(bytearray(b'\x80' + b'\x00' * 16)), 1 <<
(8 * 16 + 7))
self.assertEqual(bytesToNumber(bytearray(b'\xff' * 16)),
(1 << (8 * 16)) - 1)
def test_very_long_numbers_little_endian(self):
self.assertEqual(
bytesToNumber(bytearray(b'\x80' + b'\x00' * 16), "little"), 0x80)
self.assertEqual(
bytesToNumber(bytearray(b'\x00' * 16 + b'\x80'), "little"), 1 <<
(8 * 16 + 7))
self.assertEqual(bytesToNumber(bytearray(b'\xff' * 16), "little"),
(1 << (8 * 16)) - 1)
def test_very_long_numbers_little_endian(self):
self.assertEqual(bytesToNumber(bytearray(b'\x80' + b'\x00' * 16),
"little"),
0x80)
self.assertEqual(bytesToNumber(bytearray(b'\x00'*16 + b'\x80'),
"little"),
1<<(8 * 16 + 7))
self.assertEqual(bytesToNumber(bytearray(b'\xff'*16),
"little"),
(1<<(8*16))-1)
def test_SRP_key_exchange_without_signature(self):
self.cipher_suite = CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA
self.keyExchange.cipherSuite = self.cipher_suite
self.server_hello.cipher_suite = self.cipher_suite
srv_key_ex = self.keyExchange.makeServerKeyExchange()
a = bytesToNumber(getRandomBytes(32))
A = powMod(srv_key_ex.srp_g,
a,
srv_key_ex.srp_N)
x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
v = powMod(srv_key_ex.srp_g,
x,
srv_key_ex.srp_N)
u = makeU(srv_key_ex.srp_N,
A,
srv_key_ex.srp_B)
k = makeK(srv_key_ex.srp_N,
srv_key_ex.srp_g)
S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
a+(u*x),
srv_key_ex.srp_N)
cln_premaster = numberToByteArray(S)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_SRP_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256')
KeyExchange.verifyServerKeyExchange(srv_key_ex,
self.srv_pub_key,
self.client_hello.random,
self.server_hello.random,
[(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)])
a = bytesToNumber(getRandomBytes(32))
A = powMod(srv_key_ex.srp_g,
a,
srv_key_ex.srp_N)
x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
v = powMod(srv_key_ex.srp_g,
x,
srv_key_ex.srp_N)
u = makeU(srv_key_ex.srp_N,
A,
srv_key_ex.srp_B)
k = makeK(srv_key_ex.srp_N,
srv_key_ex.srp_g)
S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
a+(u*x),
srv_key_ex.srp_N)
cln_premaster = numberToByteArray(S)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_SRP_key_exchange_without_signature(self):
self.cipher_suite = CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA
self.keyExchange.cipherSuite = self.cipher_suite
self.server_hello.cipher_suite = self.cipher_suite
srv_key_ex = self.keyExchange.makeServerKeyExchange()
a = bytesToNumber(getRandomBytes(32))
A = powMod(srv_key_ex.srp_g,
a,
srv_key_ex.srp_N)
x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
v = powMod(srv_key_ex.srp_g,
x,
srv_key_ex.srp_N)
u = makeU(srv_key_ex.srp_N,
A,
srv_key_ex.srp_B)
k = makeK(srv_key_ex.srp_N,
srv_key_ex.srp_g)
S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
a+(u*x),
srv_key_ex.srp_N)
cln_premaster = numberToByteArray(S)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_SRP_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256')
KeyExchange.verifyServerKeyExchange(srv_key_ex,
self.srv_pub_key,
self.client_hello.random,
self.server_hello.random,
[(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)])
a = bytesToNumber(getRandomBytes(32))
A = powMod(srv_key_ex.srp_g,
a,
srv_key_ex.srp_N)
x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
v = powMod(srv_key_ex.srp_g,
x,
srv_key_ex.srp_N)
u = makeU(srv_key_ex.srp_N,
A,
srv_key_ex.srp_B)
k = makeK(srv_key_ex.srp_N,
srv_key_ex.srp_g)
S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
a+(u*x),
srv_key_ex.srp_N)
cln_premaster = numberToByteArray(S)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def _newRawPrivateKeyOp(self,
m,
original_rawPrivateKeyOp,
subs=None,
xors=None):
signBytes = numberToByteArray(m, numBytes(self.n))
signBytes = substitute_and_xor(signBytes, subs, xors)
m = bytesToNumber(signBytes)
return original_rawPrivateKeyOp(m)
def _newRawPrivateKeyOp(self, m, original_rawPrivateKeyOp,
subs=None, xors=None):
signBytes = numberToByteArray(m, numBytes(self.n))
signBytes = substitute_and_xor(signBytes, subs, xors)
m = bytesToNumber(signBytes)
# RSA operations are defined only on numbers that are smaller
# than the modulus, so ensure the XORing or substitutions
# didn't break it (especially necessary for pycrypto as
# it raises exception in such case)
if m > self.n:
m %= self.n
return original_rawPrivateKeyOp(m)
def test_DHE_RSA_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
cln_X = bytesToNumber(getRandomBytes(32))
cln_Yc = powMod(srv_key_ex.dh_g,
cln_X,
srv_key_ex.dh_p)
cln_secret = numberToByteArray(powMod(srv_key_ex.dh_Ys,
cln_X,
srv_key_ex.dh_p))
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3))
cln_key_ex.createDH(cln_Yc)
srv_secret = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_secret, srv_secret)
def test_DHE_RSA_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
cln_X = bytesToNumber(getRandomBytes(32))
cln_Yc = powMod(srv_key_ex.dh_g,
cln_X,
srv_key_ex.dh_p)
cln_secret = numberToByteArray(powMod(srv_key_ex.dh_Ys,
cln_X,
srv_key_ex.dh_p))
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3))
cln_key_ex.createDH(cln_Yc)
srv_secret = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_secret, srv_secret)
def test_sign_and_verify_with_sha1(self):
#message
msg = a2b_hex(
"3b46736d559bd4e0c2c1b2553a33ad3c6cf23cac998d3d0c0e8fa4b19bca06"
"f2f386db2dcff9dca4f40ad8f561ffc308b46c5f31a7735b5fa7e0f9e6cb51"
"2e63d7eea05538d66a75cd0d4234b5ccf6c1715ccaaf9cdc0a2228135f716e"
"e9bdee7fc13ec27a03a6d11c5c5b3685f51900b1337153bc6c4e8f52920c33"
"fa37f4e7")
# key
key = Python_DSAKey(
p=bytesToNumber(
a2b_hex(
"a8f9cd201e5e35d892f85f80e4db2599a5676a3b1d4f190330ed3256b2"
"6d0e80a0e49a8fffaaad2a24f472d2573241d4d6d6c7480c80b4c67bb4"
"479c15ada7ea8424d2502fa01472e760241713dab025ae1b02e1703a14"
"35f62ddf4ee4c1b664066eb22f2e3bf28bb70a2a76e4fd5ebe2d122968"
"1b5b06439ac9c7e9d8bde283")),
q=bytesToNumber(
a2b_hex("f85f0f83ac4df7ea0cdf8f469bfeeaea14156495")),
g=bytesToNumber(
a2b_hex(
"2b3152ff6c62f14622b8f48e59f8af46883b38e79b8c74deeae9df131f"
"8b856e3ad6c8455dab87cc0da8ac973417ce4f7878557d6cdf40b35b4a"
"0ca3eb310c6a95d68ce284ad4e25ea28591611ee08b8444bd64b25f3f7"
"c572410ddfb39cc728b9c936f85f419129869929cdb909a6a3a99bbe08"
"9216368171bd0ba81de4fe33")),
y=bytesToNumber(
a2b_hex(
"313fd9ebca91574e1c2eebe1517c57e0c21b0209872140c5328761bbb2"
"450b33f1b18b409ce9ab7c4cd8fda3391e8e34868357c199e16a6b2eba"
"06d6749def791d79e95d3a4d09b24c392ad89dbf100995ae19c0106205"
"6bb14bce005e8731efde175f95b975089bdcdaea562b32786d96f5a31a"
"edf75364008ad4fffebb970b")))
# signature
r = bytesToNumber(a2b_hex("50ed0e810e3f1c7cb6ac62332058448bd8b284c0"))
s = bytesToNumber(a2b_hex("c6aded17216b46b7e4b6f2a97c1ad7cc3da83fde"))
sig = encode_sequence(encode_integer(r), encode_integer(s))
# test
self.assertTrue(key.hashAndVerify(sig, msg))
def test_sign_and_verify_with_sha254(self):
#message
msg = a2b_hex(
"812172f09cbae62517804885754125fc6066e9a902f9db2041eeddd7e8"
"da67e4a2e65d0029c45ecacea6002f9540eb1004c883a8f900fd84a98b"
"5c449ac49c56f3a91d8bed3f08f427935fbe437ce46f75cd666a070726"
"5c61a096698dc2f36b28c65ec7b6e475c8b67ddfb444b2ee6a984e9d6d"
"15233e25e44bd8d7924d129d")
# key
key = Python_DSAKey(
p=bytesToNumber(
a2b_hex(
"cba13e533637c37c0e80d9fcd052c1e41a88ac325c4ebe13b7170088d5"
"4eef4881f3d35eae47c210385a8485d2423a64da3ffda63a26f92cf5a3"
"04f39260384a9b7759d8ac1adc81d3f8bfc5e6cb10efb4e0f75867f4e8"
"48d1a338586dd0648feeb163647ffe7176174370540ee8a8f588da8cc1"
"43d939f70b114a7f981b8483")),
q=bytesToNumber(
a2b_hex("95031b8aa71f29d525b773ef8b7c6701ad8a5d99")),
g=bytesToNumber(
a2b_hex(
"45bcaa443d4cd1602d27aaf84126edc73bd773de6ece15e97e7fef46f1"
"3072b7adcaf7b0053cf4706944df8c4568f26c997ee7753000fbe477a3"
"7766a4e970ff40008eb900b9de4b5f9ae06e06db6106e78711f3a67fec"
"a74dd5bddcdf675ae4014ee9489a42917fbee3bb9f2a24df67512c1c35"
"c97bfbf2308eaacd28368c5c")),
y=bytesToNumber(
a2b_hex(
"4cd6178637d0f0de1488515c3b12e203a3c0ca652f2fe30d088dc7278a"
"87affa634a727a721932d671994a958a0f89223c286c3a9b10a9656054"
"2e2626b72e0cd28e5133fb57dc238b7fab2de2a49863ecf998751861ae"
"668bf7cad136e6933f57dfdba544e3147ce0e7370fa6e8ff1de690c51b"
"4aeedf0485183889205591e8")))
# signature
r = bytesToNumber(a2b_hex("76683a085d6742eadf95a61af75f881276cfd26a"))
s = bytesToNumber(a2b_hex("3b9da7f9926eaaad0bebd4845c67fcdb64d12453"))
sig = encode_sequence(encode_integer(r), encode_integer(s))
# test
self.assertTrue(key.hashAndVerify(sig, msg, hAlg="sha256"))
def test_sign_and_verify_with_sha224(self):
#message
msg = a2b_hex(
"fb2128052509488cad0745ed3e6312850dd96ddaf791f1e624e22a6b9beaa6"
"5319c325c78ef59cacba0ccfa722259f24f92c17b77a8f6d8e97c93d880d2d"
"8dbbbedcf6acefa06b0e476ca2013d0394bd90d56c10626ef43cea79d1ef0b"
"c7ac452bf9b9acaef70325e055ac006d34024b32204abea4be5faae0a6d46d"
"365ed0d9")
# key
key = Python_DSAKey(
p=bytesToNumber(
a2b_hex(
"8b9b32f5ba38faad5e0d506eb555540d0d7963195558ca308b7466228d"
"92a17b3b14b8e0ab77a9f3b2959a09848aa69f8df92cd9e9edef0adf79"
"2ce77bfceccadd9352700ca5faecf181fa0c326db1d6e5d352458011e5"
"1bd3248f4e3bd7c820d7e0a81932aca1eba390175e53eada197223674e"
"3900263e90f72d94e7447bff")),
q=bytesToNumber(
a2b_hex("bc550e965647fb3a20f245ec8475624abbb26edd")),
g=bytesToNumber(
a2b_hex(
"11333a931fba503487777376859fdc12f7c687b0948ae889d287f1b7a7"
"12ad220ae4f1ce379d0dbb5c9abf419621f005fc123c327e5055d18506"
"34c36d397e689e111d598c1c3636b940c84f42f436846e8e7fcad9012c"
"eda398720f32fffd1a45ab6136ce417069207ac140675b8f86dd063915"
"ae6f62b0cec729fbd509ac17")),
y=bytesToNumber(
a2b_hex(
"7e339f3757450390160e02291559f30bed0b2d758c5ccc2d8d456232bb"
"435ae49de7e7957e3aad9bfdcf6fd5d9b6ee3b521bc2229a8421dc2aa5"
"9b9952345a8fc1de49b348003a9b18da642d7f6f56e3bc665131ae9762"
"088a93786f7b4b72a4bcc308c67e2532a3a5bf09652055cc26bf3b1883"
"3598cffd7011f2285f794557")))
# signature
r = bytesToNumber(a2b_hex("afee719e7f848b54349ccc3b4fb26065833a4d8e"))
s = bytesToNumber(a2b_hex("734efe992256f31325e749bc32a24a1f957b3a1b"))
sig = encode_sequence(encode_integer(r), encode_integer(s))
# test
self.assertTrue(key.hashAndVerify(sig, msg, hAlg="sha224"))
def test_with_empty_string_little_endian(self):
self.assertEqual(0, bytesToNumber(b'', "little"))
def test_with_empty_string(self):
self.assertEqual(0, bytesToNumber(b''))
def test_with_unknown_type(self):
with self.assertRaises(ValueError):
bytesToNumber(bytearray(b'\xf0'), "middle")
def test_multi_byte_numbers_little_endian(self, number):
self.assertEqual(bytesToNumber(bytearray(struct.pack("<I", number)),
"little"),
number)
def test_multi_byte_numbers(self, number):
self.assertEqual(bytesToNumber(bytearray(struct.pack(">I", number))),
number)
def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
from dns.dnssec import ValidationFailure, ECKeyWrapper, ECDSAP256SHA256, ECDSAP384SHA384
from dns.dnssec import _find_candidate_keys, _make_hash, _is_rsa, _to_rdata, _make_algorithm_id
if isinstance(origin, (str, unicode)):
origin = dns.name.from_text(origin, dns.name.root)
for candidate_key in _find_candidate_keys(keys, rrsig):
if not candidate_key:
raise ValidationFailure, 'unknown key'
# For convenience, allow the rrset to be specified as a (name, rdataset)
# tuple as well as a proper rrset
if isinstance(rrset, tuple):
rrname = rrset[0]
rdataset = rrset[1]
else:
rrname = rrset.name
rdataset = rrset
if now is None:
now = time.time()
if rrsig.expiration < now:
raise ValidationFailure, 'expired'
if rrsig.inception > now:
raise ValidationFailure, 'not yet valid'
hash = _make_hash(rrsig.algorithm)
if _is_rsa(rrsig.algorithm):
from tlslite.utils.keyfactory import _createPublicRSAKey
from tlslite.utils.cryptomath import bytesToNumber
keyptr = candidate_key.key
(bytes, ) = struct.unpack('!B', keyptr[0:1])
keyptr = keyptr[1:]
if bytes == 0:
(bytes, ) = struct.unpack('!H', keyptr[0:2])
keyptr = keyptr[2:]
rsa_e = keyptr[0:bytes]
rsa_n = keyptr[bytes:]
n = bytesToNumber(bytearray(rsa_n))
e = bytesToNumber(bytearray(rsa_e))
pubkey = _createPublicRSAKey(n, e)
sig = rrsig.signature
elif _is_ecdsa(rrsig.algorithm):
if rrsig.algorithm == ECDSAP256SHA256:
curve = ecdsa.curves.NIST256p
key_len = 32
digest_len = 32
elif rrsig.algorithm == ECDSAP384SHA384:
curve = ecdsa.curves.NIST384p
key_len = 48
digest_len = 48
else:
# shouldn't happen
raise ValidationFailure, 'unknown ECDSA curve'
keyptr = candidate_key.key
x = ecdsa.util.string_to_number(keyptr[0:key_len])
y = ecdsa.util.string_to_number(keyptr[key_len:key_len * 2])
assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
point = ecdsa.ellipticcurve.Point(curve.curve, x, y, curve.order)
verifying_key = ecdsa.keys.VerifyingKey.from_public_point(
point, curve)
pubkey = ECKeyWrapper(verifying_key, key_len)
r = rrsig.signature[:key_len]
s = rrsig.signature[key_len:]
sig = ecdsa.ecdsa.Signature(ecdsa.util.string_to_number(r),
ecdsa.util.string_to_number(s))
else:
raise ValidationFailure, 'unknown algorithm %u' % rrsig.algorithm
hash.update(_to_rdata(rrsig, origin)[:18])
hash.update(rrsig.signer.to_digestable(origin))
if rrsig.labels < len(rrname) - 1:
suffix = rrname.split(rrsig.labels + 1)[1]
rrname = dns.name.from_text('*', suffix)
rrnamebuf = rrname.to_digestable(origin)
rrfixed = struct.pack('!HHI', rdataset.rdtype, rdataset.rdclass,
rrsig.original_ttl)
rrlist = sorted(rdataset)
for rr in rrlist:
hash.update(rrnamebuf)
hash.update(rrfixed)
rrdata = rr.to_digestable(origin)
rrlen = struct.pack('!H', len(rrdata))
hash.update(rrlen)
hash.update(rrdata)
digest = hash.digest()
if _is_rsa(rrsig.algorithm):
digest = _make_algorithm_id(rrsig.algorithm) + digest
if pubkey.verify(bytearray(sig), bytearray(digest)):
return
elif _is_ecdsa(rrsig.algorithm):
if pubkey.verify(digest, sig):
return
else:
raise ValidationFailure, 'unknown algorithm %u' % rrsig.algorithm
raise ValidationFailure, 'verify failure'
def test_small_numbers(self, number):
self.assertEqual(bytesToNumber(bytearray(struct.pack(">B", number))),
number)
def test_betole32(self):
number = self.betole32(bytesToNumber(bytearray(b'\x00\x01\x02\x03')))
self.assertEqual(number, 0x03020100)
def test_betole32(self):
number = self.betole32(bytesToNumber(bytearray(b'\x00\x01\x02\x03')))
self.assertEqual(number, 0x03020100)
def main():
"""Check if nonces used by server are monotonically increasing"""
host = "localhost"
port = 4433
num_limit = None
run_exclude = set()
expected_failures = {}
last_exp_tmp = None
argv = sys.argv[1:]
opts, args = getopt.getopt(argv, "h:p:e:x:X:n:", ["help"])
for opt, arg in opts:
if opt == '-h':
host = arg
elif opt == '-p':
port = int(arg)
elif opt == '-e':
run_exclude.add(arg)
elif opt == '-x':
expected_failures[arg] = None
last_exp_tmp = str(arg)
elif opt == '-X':
if not last_exp_tmp:
raise ValueError("-x has to be specified before -X")
expected_failures[last_exp_tmp] = str(arg)
elif opt == '-n':
num_limit = int(arg)
elif opt == '--help':
help_msg()
sys.exit(0)
else:
raise ValueError("Unknown option: {0}".format(opt))
if args:
run_only = set(args)
else:
run_only = None
conversations = {}
nonces = []
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
node = node.add_child(ClientHelloGenerator(ciphers))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(
bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertLevel.warning,
AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["sanity"] = conversation
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256]
node = node.add_child(ClientHelloGenerator(ciphers,
extensions={ExtensionType.renegotiation_info:None}))
node = node.add_child(ExpectServerHello(extensions={ExtensionType.renegotiation_info:None}))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(CollectNonces(nonces))
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(
bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertLevel.warning,
AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["aes-128-gcm cipher"] = conversation
nonces256 = []
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384]
node = node.add_child(ClientHelloGenerator(ciphers,
extensions={ExtensionType.renegotiation_info:None}))
node = node.add_child(ExpectServerHello(extensions={ExtensionType.renegotiation_info:None}))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(CollectNonces(nonces256))
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(
bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertLevel.warning,
AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["aes-256-gcm cipher"] = conversation
good = 0
bad = 0
xfail = 0
xpass = 0
failed = []
xpassed = []
if not num_limit:
num_limit = len(conversations)
# make sure that sanity test is run first and last
# to verify that server was running and kept running throughout
sanity_tests = [('sanity', conversations['sanity'])]
regular_tests = [(k, v) for k, v in conversations.items() if k != 'sanity']
sampled_tests = sample(regular_tests, min(num_limit, len(regular_tests)))
ordered_tests = chain(sanity_tests, sampled_tests, sanity_tests)
for c_name, c_test in ordered_tests:
if run_only and c_name not in run_only or c_name in run_exclude:
continue
print("{0} ...".format(c_name))
runner = Runner(c_test)
res = True
exception = None
try:
runner.run()
except Exception as exp:
exception = exp
print("Error while processing")
print(traceback.format_exc())
res = False
if c_name in expected_failures:
if res:
xpass += 1
xpassed.append(c_name)
print("XPASS: expected failure but test passed\n")
else:
if expected_failures[c_name] is not None and \
expected_failures[c_name] not in str(exception):
bad += 1
failed.append(c_name)
print("Expected error message: {0}\n"
.format(expected_failures[c_name]))
else:
xfail += 1
print("OK-expected failure\n")
else:
if res:
good += 1
print("OK\n")
else:
bad += 1
failed.append(c_name)
print("aes-128-gcm Nonce monotonicity...")
if len(nonces) < 2:
print("Not enough nonces collected, FAIL")
bad += 1
else:
if bytesToNumber(nonces[0]) == bytesToNumber(nonces[1]):
print("reused nonce! Security vulnerability!")
bad += 1
elif bytesToNumber(nonces[0]) + 1 != bytesToNumber(nonces[1]):
print("nonce not monotonically increasing, FAIL")
bad += 1
else:
print("OK\n")
good += 1
print("aes-256-gcm Nonce monotonicity...")
if len(nonces256) < 2:
print("Not enough nonces collected, FAIL")
bad += 1
else:
if bytesToNumber(nonces256[0]) == bytesToNumber(nonces256[1]):
print("reused nonce! Security vulnerability!")
bad += 1
elif bytesToNumber(nonces256[0]) + 1 != bytesToNumber(nonces256[1]):
print("nonce not monotonically increasing, FAIL")
bad += 1
else:
print("OK\n")
good += 1
print("Test end")
print(20 * '=')
print("TOTAL: {0}".format(len(sampled_tests) + 2*len(sanity_tests)))
print("SKIP: {0}".format(len(run_exclude.intersection(conversations.keys()))))
print("PASS: {0}".format(good))
print("XFAIL: {0}".format(xfail))
print("FAIL: {0}".format(bad))
print("XPASS: {0}".format(xpass))
print(20 * '=')
sort = sorted(xpassed ,key=natural_sort_keys)
if len(sort):
print("XPASSED:\n\t{0}".format('\n\t'.join(repr(i) for i in sort)))
sort = sorted(failed, key=natural_sort_keys)
if len(sort):
print("FAILED:\n\t{0}".format('\n\t'.join(repr(i) for i in sort)))
if bad > 0:
sys.exit(1)
def test_small_numbers(self, number):
self.assertEqual(bytesToNumber(bytearray(struct.pack(">B", number))),
number)
def test_multi_byte_numbers_little_endian(self, number):
self.assertEqual(
bytesToNumber(bytearray(struct.pack("<I", number)), "little"),
number)
def test_sign_and_verify_with_sha384(self):
#message
msg = a2b_hex(
"ed9a64d3109ef8a9292956b946873ca4bd887ce624b81be81b82c69c67aadd"
"f5655f70fe4768114db2834c71787f858e5165da1a7fa961d855ad7e5bc4b7"
"be31b97dbe770798ef7966152b14b86ae35625a28aee5663b9ef3067cbdfba"
"bd87197e5c842d3092eb88dca57c6c8ad4c00a19ddf2e1967b59bd06ccaef9"
"33bc28e7")
# key
key = Python_DSAKey(
p=bytesToNumber(
a2b_hex(
"a410d23ed9ad9964d3e401cb9317a25213f75712acbc5c12191abf3f1c"
"0e723e2333b49eb1f95b0f9748d952f04a5ae358859d384403ce364aa3"
"f58dd9769909b45048548c55872a6afbb3b15c54882f96c20df1b2df16"
"4f0bac849ca17ad2df63abd75c881922e79a5009f00b7d631622e90e7f"
"a4e980618575e1d6bd1a72d5b6a50f4f6a68b793937c4af95fc1154175"
"9a1736577d9448b87792dff07232415512e933755e12250d466e9cc8df"
"150727d747e51fea7964158326b1365d580cb190f4518291598221fdf3"
"6c6305c8b8a8ed05663dd7b006e945f592abbecae460f77c71b6ec649d"
"3fd5394202ed7bbbd040f7b8fd57cb06a99be254fa25d71a3760734046"
"c2a0db383e02397913ae67ce65870d9f6c6f67a9d00497be1d763b2193"
"7cf9cbf9a24ef97bbcaa07916f8894e5b7fb03258821ac46140965b23c"
"5409ca49026efb2bf95bce025c4183a5f659bf6aaeef56d7933bb29697"
"d7d541348c871fa01f869678b2e34506f6dc0a4c132b689a0ed27dc3c8"
"d53702aa584877")),
q=bytesToNumber(
a2b_hex(
"abc67417725cf28fc7640d5de43825f416ebfa80e191c42ee886303338"
"f56045")),
g=bytesToNumber(
a2b_hex(
"867d5fb72f5936d1a14ed3b60499662f3124686ef108c5b3da6663a0e8"
"6197ec2cc4c9460193a74ff16028ac9441b0c7d27c2272d483ac7cd794"
"d598416c4ff9099a61679d417d478ce5dd974bf349a14575afe74a88b1"
"2dd5f6d1cbd3f91ddd597ed68e79eba402613130c224b94ac28714a1f1"
"c552475a5d29cfcdd8e08a6b1d65661e28ef313514d1408f5abd3e06eb"
"e3a7d814d1ede316bf495273ca1d574f42b482eea30db53466f454b51a"
"175a0b89b3c05dda006e719a2e6371669080d768cc038cdfb8098e9aad"
"9b8d83d4b759f43ac9d22b353ed88a33723550150de0361b7a376f37b4"
"5d437f71cb711f2847de671ad1059516a1d45755224a15d37b4aeada3f"
"58c69a136daef0636fe38e3752064afe598433e80089fda24b144a4627"
"34bef8f77638845b00e59ce7fa4f1daf487a2cada11eaba72bb23e1df6"
"b66a183edd226c440272dd9b06bec0e57f1a0822d2e00212064b6dba64"
"562085f5a75929afa5fe509e0b78e630aaf12f91e4980c9b0d6f7e059a"
"2ea3e23479d930")),
y=bytesToNumber(
a2b_hex(
"1f0a5c75e7985d6e70e4fbfda51a10b925f6accb600d7c6510db90ec36"
"7b93bb069bd286e8f979b22ef0702f717a8755c18309c87dae3fe82cc3"
"dc8f4b7aa3d5f3876f4d4b3eb68bfe910c43076d6cd0d39fc88dde78f0"
"9480db55234e6c8ca59fe2700efec04feee6b4e8ee2413721858be7190"
"dbe905f456edcab55b2dc2916dc1e8731988d9ef8b619abcf8955aa960"
"ef02b3f02a8dc649369222af50f1338ed28d667f3f10cae2a3c28a3c1d"
"08df639c81ada13c8fd198c6dae3d62a3fe9f04c985c65f610c06cb8fa"
"ea68edb80de6cf07a8e89c00218185a952b23572e34df07ce5b4261e5d"
"e427eb503ee1baf5992db6d438b47434c40c22657bc163e7953fa33eff"
"39dc2734607039aadd6ac27e4367131041f845ffa1a13f556bfba2307a"
"5c78f2ccf11298c762e08871968e48dc3d1569d09965cd09da43cf0309"
"a16af1e20fee7da3dc21b364c4615cd5123fa5f9b23cfc4ffd9cfdcea6"
"70623840b062d4648d2eba786ad3f7ae337a4284324ace236f9f7174fb"
"f442b99043002f")))
# signature
r = bytesToNumber(
a2b_hex("7695698a14755db4206e850b4f5f19c540b07d07e08a"
"ac591e20081646e6eedc"))
s = bytesToNumber(
a2b_hex("3dae01154ecff7b19007a953f185f0663ef7f2537f0b"
"15e04fb343c961f36de2"))
sig = encode_sequence(encode_integer(r), encode_integer(s))
# test
self.assertTrue(key.hashAndVerify(sig, msg, hAlg="sha384"))
def test_multi_byte_numbers(self, number):
self.assertEqual(bytesToNumber(bytearray(struct.pack(">I", number))),
number)
def test_with_empty_string(self):
self.assertEqual(0, bytesToNumber(b''))
def test_with_empty_string_little_endian(self):
self.assertEqual(0, bytesToNumber(b'', "little"))
def test_with_unknown_type(self):
with self.assertRaises(ValueError):
bytesToNumber(bytearray(b'\xf0'), "middle")
def test_sign_and_verify_with_sha512(self):
#message
msg = a2b_hex(
"494180eed0951371bbaf0a850ef13679df49c1f13fe3770b6c13285bf3ad93"
"dc4ab018aab9139d74200808e9c55bf88300324cc697efeaa641d37f3acf72"
"d8c97bff0182a35b940150c98a03ef41a3e1487440c923a988e53ca3ce883a"
"2fb532bb7441c122f1dc2f9d0b0bc07f26ba29a35cdf0da846a9d8eab405cb"
"f8c8e77f")
# key
key = Python_DSAKey(
p=bytesToNumber(
a2b_hex(
"c1d0a6d0b5ed615dee76ac5a60dd35ecb000a202063018b1ba0a06fe7a"
"00f765db1c59a680cecfe3ad41475badb5ad50b6147e2596b88d346560"
"52aca79486ea6f6ec90b23e363f3ab8cdc8b93b62a070e02688ea87784"
"3a4685c2ba6db111e9addbd7ca4bce65bb10c9ceb69bf806e2ebd7e54e"
"deb7f996a65c907b50efdf8e575bae462a219c302fef2ae81d73cee752"
"74625b5fc29c6d60c057ed9e7b0d46ad2f57fe01f823230f3142272231"
"9ce0abf1f141f326c00fbc2be4cdb8944b6fd050bd300bdb1c5f4da725"
"37e553e01d51239c4d461860f1fb4fd8fa79f5d5263ff62fed7008e2e0"
"a2d36bf7b9062d0d75db226c3464b67ba24101b085f2c670c0f87ae530"
"d98ee60c5472f4aa15fb25041e19106354da06bc2b1d322d40ed97b21f"
"d1cdad3025c69da6ce9c7ddf3dcf1ea4d56577bfdec23071c1f05ee407"
"7b5391e9a404eaffe12d1ea62d06acd6bf19e91a158d2066b4cd20e4c4"
"e52ffb1d5204cd022bc7108f2c799fb468866ef1cb09bce09dfd49e474"
"0ff8140497be61")),
q=bytesToNumber(
a2b_hex(
"bf65441c987b7737385eadec158dd01614da6f15386248e59f3cddbefc"
"8e9dd1")),
g=bytesToNumber(
a2b_hex(
"c02ac85375fab80ba2a784b94e4d145b3be0f92090eba17bd12358cf3e"
"03f4379584f8742252f76b1ede3fc37281420e74a963e4c088796ff2ba"
"b8db6e9a4530fc67d51f88b905ab43995aab46364cb40c1256f0466f3d"
"bce36203ef228b35e90247e95e5115e831b126b628ee984f349911d30f"
"fb9d613b50a84dfa1f042ba536b82d5101e711c629f9f2096dc834deec"
"63b70f2a2315a6d27323b995aa20d3d0737075186f5049af6f512a0c38"
"a9da06817f4b619b94520edfac85c4a6e2e186225c95a04ec3c3422b8d"
"eb284e98d24b31465802008a097c25969e826c2baa59d2cba33d6c1d9f"
"3962330c1fcda7cfb18508fea7d0555e3a169daed353f3ee6f4bb30244"
"319161dff6438a37ca793b24bbb1b1bc2194fc6e6ef60278157899cb03"
"c5dd6fc91a836eb20a25c09945643d95f7bd50d206684d6ffc14d16d82"
"d5f781225bff908392a5793b803f9b70b4dfcb394f9ed81c18e391a09e"
"b3f93a032d81ba670cabfd6f64aa5e3374cb7c2029f45200e4f0bfd820"
"c8bd58dc5eeb34")),
y=bytesToNumber(
a2b_hex(
"6da54f2b0ddb4dcce2da1edfa16ba84953d8429ce60cd111a5c65edcf7"
"ba5b8d9387ab6881c24880b2afbdb437e9ed7ffb8e96beca7ea80d1d90"
"f24d546112629df5c9e9661742cc872fdb3d409bc77b75b17c7e6cfff8"
"6261071c4b5c9f9898be1e9e27349b933c34fb345685f8fc6c12470d12"
"4cecf51b5d5adbf5e7a2490f8d67aac53a82ed6a2110686cf631c348bc"
"bc4cf156f3a6980163e2feca72a45f6b3d68c10e5a2283b470b7292674"
"490383f75fa26ccf93c0e1c8d0628ca35f2f3d9b6876505d1189889572"
"37a2fc8051cb47b410e8b7a619e73b1350a9f6a260c5f16841e7c4db53"
"d8eaa0b4708d62f95b2a72e2f04ca14647bca6b5e3ee707fcdf758b925"
"eb8d4e6ace4fc7443c9bc5819ff9e555be098aa055066828e21b818fed"
"c3aac517a0ee8f9060bd86e0d4cce212ab6a3a243c5ec0274563353ca7"
"103af085e8f41be524fbb75cda88903907df94bfd69373e288949bd062"
"6d85c1398b3073a139d5c747d24afdae7a3e745437335d0ee993eef36a"
"3041c912f7eb58")))
# signature
r = bytesToNumber(
a2b_hex("a40a6c905654c55fc58e99c7d1a3feea2c5be64823d4"
"086ce811f334cfdc448d"))
s = bytesToNumber(
a2b_hex("6478050977ec585980454e0a2f26a03037b921ca588a"
"78a4daff7e84d49a8a6c"))
sig = encode_sequence(encode_integer(r), encode_integer(s))
# test
self.assertTrue(key.hashAndVerify(sig, msg, hAlg="sha512"))
def main():
"""Check if nonces used by server are monotonically increasing"""
conversations = {}
nonces = []
conversation = Connect("localhost", 4433)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256]
node = node.add_child(
ClientHelloGenerator(
ciphers, extensions={ExtensionType.renegotiation_info: None}))
node = node.add_child(
ExpectServerHello(extensions={ExtensionType.renegotiation_info: None}))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(CollectNonces(nonces))
node = node.add_child(ExpectFinished())
node = node.add_child(
ApplicationDataGenerator(bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["aes-128-gcm cipher"] = conversation
nonces256 = []
conversation = Connect("localhost", 4433)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384]
node = node.add_child(
ClientHelloGenerator(
ciphers, extensions={ExtensionType.renegotiation_info: None}))
node = node.add_child(
ExpectServerHello(extensions={ExtensionType.renegotiation_info: None}))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(CollectNonces(nonces256))
node = node.add_child(ExpectFinished())
node = node.add_child(
ApplicationDataGenerator(bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["aes-256-gcm cipher"] = conversation
good = 0
bad = 0
for conversation_name, conversation in conversations.items():
print("{0} ...".format(conversation_name))
runner = Runner(conversation)
res = True
try:
runner.run()
except:
print("Error while processing")
print(traceback.format_exc())
print("")
res = False
if res:
good += 1
print("OK\n")
else:
bad += 1
print("aes-128-gcm Nonce monotonicity...")
if len(nonces) < 2:
print("Not enough nonces collected, FAIL")
bad += 1
else:
if bytesToNumber(nonces[0]) == bytesToNumber(nonces[1]):
print("reused nonce! Security vulnerability!")
bad += 1
elif bytesToNumber(nonces[0]) + 1 != bytesToNumber(nonces[1]):
print("nonce not monotonically increasing, FAIL")
bad += 1
else:
print("OK\n")
good += 1
print("aes-256-gcm Nonce monotonicity...")
if len(nonces256) < 2:
print("Not enough nonces collected, FAIL")
bad += 1
else:
if bytesToNumber(nonces256[0]) == bytesToNumber(nonces256[1]):
print("reused nonce! Security vulnerability!")
bad += 1
elif bytesToNumber(nonces256[0]) + 1 != bytesToNumber(nonces256[1]):
print("nonce not monotonically increasing, FAIL")
bad += 1
else:
print("OK\n")
good += 1
print("Test end")
print("successful: {0}".format(good))
print("failed: {0}".format(bad))
if bad > 0:
sys.exit(1)
def main():
"""Check if nonces used by server are monotonically increasing"""
host = "localhost"
port = 4433
num_limit = None
run_exclude = set()
argv = sys.argv[1:]
opts, args = getopt.getopt(argv, "h:p:e:n:", ["help"])
for opt, arg in opts:
if opt == '-h':
host = arg
elif opt == '-p':
port = int(arg)
elif opt == '-e':
run_exclude.add(arg)
elif opt == '-n':
num_limit = int(arg)
elif opt == '--help':
help_msg()
sys.exit(0)
else:
raise ValueError("Unknown option: {0}".format(opt))
if args:
run_only = set(args)
else:
run_only = None
conversations = {}
nonces = []
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
node = node.add_child(ClientHelloGenerator(ciphers))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(
bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertLevel.warning,
AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["sanity"] = conversation
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256]
node = node.add_child(ClientHelloGenerator(ciphers,
extensions={ExtensionType.renegotiation_info:None}))
node = node.add_child(ExpectServerHello(extensions={ExtensionType.renegotiation_info:None}))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(CollectNonces(nonces))
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(
bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertLevel.warning,
AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["aes-128-gcm cipher"] = conversation
nonces256 = []
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384]
node = node.add_child(ClientHelloGenerator(ciphers,
extensions={ExtensionType.renegotiation_info:None}))
node = node.add_child(ExpectServerHello(extensions={ExtensionType.renegotiation_info:None}))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(CollectNonces(nonces256))
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(
bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertLevel.warning,
AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["aes-256-gcm cipher"] = conversation
good = 0
bad = 0
failed = []
if not num_limit:
num_limit = len(conversations)
# make sure that sanity test is run first and last
# to verify that server was running and kept running throught
sanity_test = ('sanity', conversations['sanity'])
ordered_tests = chain([sanity_test],
islice(filter(lambda x: x[0] != 'sanity',
conversations.items()), num_limit),
[sanity_test])
for c_name, c_test in ordered_tests:
if run_only and c_name not in run_only or c_name in run_exclude:
continue
print("{0} ...".format(c_name))
runner = Runner(c_test)
res = True
try:
runner.run()
except:
print("Error while processing")
print(traceback.format_exc())
res = False
if res:
good += 1
print("OK\n")
else:
bad += 1
failed.append(c_name)
print("aes-128-gcm Nonce monotonicity...")
if len(nonces) < 2:
print("Not enough nonces collected, FAIL")
bad += 1
else:
if bytesToNumber(nonces[0]) == bytesToNumber(nonces[1]):
print("reused nonce! Security vulnerability!")
bad += 1
elif bytesToNumber(nonces[0]) + 1 != bytesToNumber(nonces[1]):
print("nonce not monotonically increasing, FAIL")
bad += 1
else:
print("OK\n")
good += 1
print("aes-256-gcm Nonce monotonicity...")
if len(nonces256) < 2:
print("Not enough nonces collected, FAIL")
bad += 1
else:
if bytesToNumber(nonces256[0]) == bytesToNumber(nonces256[1]):
print("reused nonce! Security vulnerability!")
bad += 1
elif bytesToNumber(nonces256[0]) + 1 != bytesToNumber(nonces256[1]):
print("nonce not monotonically increasing, FAIL")
bad += 1
else:
print("OK\n")
good += 1
print("Test end")
print("successful: {0}".format(good))
print("failed: {0}".format(bad))
failed_sorted = sorted(failed, key=natural_sort_keys)
print(" {0}".format('\n '.join(repr(i) for i in failed_sorted)))
if bad > 0:
sys.exit(1)
