def test_building_with_null_cipher_sets_lengths(self):
#RSA_WITH_NULL_MD5
cipher_suite = 0x1
sec_params = tlsc.TLSSecurityParameters(cipher_suite, self.pre_master_secret, self.client_random, self.server_random)
self.assertEqual(sec_params.cipher_key_length, 0)
self.assertEqual(sec_params.mac_key_length, MD5.digest_size)
self.assertEqual(sec_params.iv_length, tlsc.NullCipher.block_size)
def test_building_with_supported_cipher_sets_lengths(self):
# RSA_WITH_AES_128_CBC_SHA
cipher_suite = 0x2f
sec_params = tlsc.TLSSecurityParameters(cipher_suite, self.pre_master_secret, self.client_random, self.server_random)
self.assertEqual(sec_params.cipher_key_length, 16)
self.assertEqual(sec_params.mac_key_length, SHA.digest_size)
self.assertEqual(sec_params.iv_length, AES.block_size)
def test_cleartext_message_matches_decrypted_message_with_stream_cipher(self):
# RSA_WITH_RC4_128_SHA
cipher_suite = 0x5
sec_params = tlsc.TLSSecurityParameters(cipher_suite, self.pre_master_secret, self.client_random, self.server_random)
self.assertEqual(sec_params.master_secret, self.master_secret)
client_enc_cipher = sec_params.get_client_enc_cipher()
client_dec_cipher = sec_params.get_client_dec_cipher()
plaintext = "a" * 32
self.assertEqual(client_dec_cipher.decrypt(client_enc_cipher.encrypt(plaintext)), plaintext)
def test_hmac_used_matches_selected_ciphersuite(self):
# RSA_WITH_3DES_EDE_CBC_SHA
cipher_suite = 0xa
sec_params = tlsc.TLSSecurityParameters(cipher_suite, self.pre_master_secret, self.client_random, self.server_random)
self.assertEqual(sec_params.master_secret, self.master_secret)
client_enc_cipher = sec_params.get_client_enc_cipher()
client_dec_cipher = sec_params.get_client_dec_cipher()
self.assertEqual(client_enc_cipher.mode, DES3.MODE_CBC)
plaintext = "a" * 32
self.assertEqual(client_dec_cipher.decrypt(client_enc_cipher.encrypt(plaintext)), plaintext)
client_hmac = sec_params.get_client_hmac()
client_hmac.update("some secret")
self.assertEqual(client_hmac.hexdigest(), HMAC.new(sec_params.client_write_MAC_key, "some secret", digestmod=SHA).hexdigest())
sp = str(p)
session.insert(SSL(sp))
history.append(SSL(sp))
r = sendrcv(s, sp)
SSL(r).show()
history.append(SSL(r))
session.insert(SSL(r))
# send premaster secret
#p = TLSRecord()/TLSHandshake()/TLSClientKeyExchange()/TLSKexParamDH("haha")
client_hello = p
server_hello = SSL(r)
#generate random premaster secret
secparams = ssl_tls_crypto.TLSSecurityParameters()
# latest_version + 46rndbytes
secparams.premaster_secret = '\03\01' + 'a' * 22 + 'b' * 24
print "client_random:", repr(
struct.pack("!I", client_hello[TLSClientHello].gmt_unix_time) +
client_hello[TLSClientHello].random_bytes)
print "server_random:", repr(
struct.pack("!I", server_hello[TLSServerHello].gmt_unix_time) +
server_hello[TLSServerHello].random_bytes)
secparams.generate(
secparams.premaster_secret,
struct.pack("!I", client_hello[TLSClientHello].gmt_unix_time) +
client_hello[TLSClientHello].random_bytes,
struct.pack("!I", server_hello[TLSServerHello].gmt_unix_time) +
server_hello[TLSServerHello].random_bytes)
def test_unsupported_cipher_suite_throws_exception(self):
with self.assertRaises(tlsc.UnsupportedCipherError):
tlsc.TLSSecurityParameters(0xffff, self.pre_master_secret, self.client_random, self.server_random)