def test_parse_client_hello_cipher_suites(self):
"""
:py:func:`tls.hello_message.ClientHello` fails to parse a
packet whose ``cipher_suites`` is too short.
"""
with pytest.raises(ValidationError) as exc_info:
ClientHello.from_bytes(self.cipher_suites_too_short_packet)
assert exc_info.value.args == ('invalid object', 0)
def test_parse_client_hello_cipher_suites(self):
"""
:py:func:`tls.hello_message.ClientHello` fails to parse a
packet whose ``cipher_suites`` is too short.
"""
with pytest.raises(ValidationError) as exc_info:
ClientHello.from_bytes(self.cipher_suites_too_short_packet)
assert exc_info.value.args == ('invalid object', 0)
def test_as_bytes_cert_status_request_extension(self):
"""
:py:func:`tls.hello_message.ClientHello.as_bytes` serializes a message
containing the STATUS_REQUEST extension.
"""
record = ClientHello.from_bytes(self.client_hello_with_cert_status_ext)
assert record.as_bytes() == self.client_hello_with_cert_status_ext
def test_hello_from_bytes_with_unsupported_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` does not parse a packet
with an unsupported extension, and raises an error.
"""
server_certificate_type_extension_data = (
b'\x00\x14' # Extension Type: Server Certificate Type
b'\x00\x00' # Length
b'' # Data
)
client_hello_packet = self.common_client_hello_data + (
b'\x00\x04') + server_certificate_type_extension_data
with pytest.raises(UnsupportedExtensionException):
ClientHello.from_bytes(client_hello_packet)
def test_as_bytes_client_certificate_url_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` serializes a message
containing the CLIENT_CERTIFICATE_URL extension.
"""
record = ClientHello.from_bytes(
self.client_hello_packet_with_client_certificate_url_extension)
assert (record.as_bytes() ==
self.client_hello_packet_with_client_certificate_url_extension)
def test_as_bytes_client_hello_cipher_suites(self):
"""
:py:func:`tls.hello_message.ClientHello` fails to construct a
packet whose ``cipher_suites`` would be too short.
"""
record = ClientHello.from_bytes(self.no_extensions_packet)
record.cipher_suites = []
with pytest.raises(ValidationError) as exc_info:
record.as_bytes()
assert exc_info.value.args == ('invalid object', 0)
def test_hello_from_bytes_with_unsupported_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` does not parse a packet
with an unsupported extension, and raises an error.
"""
server_certificate_type_extension_data = (
b'\x00\x14' # Extension Type: Server Certificate Type
b'\x00\x00' # Length
b'' # Data
)
client_hello_packet = self.common_client_hello_data + (
b'\x00\x04'
) + server_certificate_type_extension_data
with pytest.raises(UnsupportedExtensionException):
ClientHello.from_bytes(
client_hello_packet
)
def test_as_bytes_client_hello_cipher_suites(self):
"""
:py:func:`tls.hello_message.ClientHello` fails to construct a
packet whose ``cipher_suites`` would be too short.
"""
record = ClientHello.from_bytes(self.no_extensions_packet)
record.cipher_suites = []
with pytest.raises(ValidationError) as exc_info:
record.as_bytes()
assert exc_info.value.args == ('invalid object', 0)
def test_as_bytes_cert_status_request_zero_extension(self):
"""
:py:func:`tls.hello_message.ClientHello.as_bytes` serializes a message
containing the STATUS_REQUEST extension with zero length
responder_id_list and request_extensions.
"""
record = ClientHello.from_bytes(
self.client_hello_with_status_req_zero_ext
)
assert record.as_bytes() == self.client_hello_with_status_req_zero_ext
def test_as_bytes_trusted_ca_keys_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` serializes a message
containing the TRUSTED_CA_KEYS extension.
"""
record = ClientHello.from_bytes(
self.client_hello_with_trusted_ca_keys_ext
)
assert (record.as_bytes() ==
self.client_hello_with_trusted_ca_keys_ext)
def test_as_bytes_client_certificate_url_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` serializes a message
containing the CLIENT_CERTIFICATE_URL extension.
"""
record = ClientHello.from_bytes(
self.client_hello_packet_with_client_certificate_url_extension
)
assert (record.as_bytes() ==
self.client_hello_packet_with_client_certificate_url_extension)
def test_from_bytes_with_truncated_hmac_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with a
truncated_hmac extension.
"""
record = ClientHello.from_bytes(
self.client_hello_with_truncated_hmac_ext)
assert len(record.extensions) == 1
assert record.extensions[0].type == enums.ExtensionType.TRUNCATED_HMAC
assert record.extensions[0].data == Container()
def test_parse_client_certificate_url_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with
CLIENT_CERTIFICATE_URL extension.
"""
record = ClientHello.from_bytes(
self.client_hello_packet_with_client_certificate_url_extension)
assert len(record.extensions) == 1
assert (record.extensions[0].type ==
enums.ExtensionType.CLIENT_CERTIFICATE_URL)
assert record.extensions[0].data == Container()
def test_from_bytes_with_truncated_hmac_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with a
truncated_hmac extension.
"""
record = ClientHello.from_bytes(
self.client_hello_with_truncated_hmac_ext
)
assert len(record.extensions) == 1
assert record.extensions[0].type == enums.ExtensionType.TRUNCATED_HMAC
assert record.extensions[0].data == Container()
def test_client_hello_with_maximum_fragment_length_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with
a `maximum_fragment_length` extension.
"""
record = ClientHello.from_bytes(
self.client_hello_packet_with_maximum_fragment_length_ext)
assert len(record.extensions) == 1
[extension] = record.extensions
assert extension.type == enums.ExtensionType.MAX_FRAGMENT_LENGTH
assert extension.data == enums.MaxFragmentLength.TWO_TO_THE_9TH
def test_parse_client_certificate_url_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with
CLIENT_CERTIFICATE_URL extension.
"""
record = ClientHello.from_bytes(
self.client_hello_packet_with_client_certificate_url_extension
)
assert len(record.extensions) == 1
assert (record.extensions[0].type ==
enums.ExtensionType.CLIENT_CERTIFICATE_URL)
assert record.extensions[0].data == Container()
def test_client_hello_with_server_name_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with a
server_name extension
"""
record = ClientHello.from_bytes(
self.client_hello_packet_with_server_name_ext)
assert len(record.extensions) == 1
assert record.extensions[0].type == enums.ExtensionType.SERVER_NAME
assert len(record.extensions[0].data) == 1
server_name_list = record.extensions[0].data
assert server_name_list[0].name_type == enums.NameType.HOST_NAME
assert server_name_list[0].name == b'localhost'
def test_from_bytes_cert_status_request_extension(self):
"""
:py:func:`tls.hello_message.ClientHello.from_bytes` parses a packet
with STATUS_REQUEST extension.
"""
record = ClientHello.from_bytes(self.client_hello_with_cert_status_ext)
assert len(record.extensions) == 1
assert record.extensions[0].type == enums.ExtensionType.STATUS_REQUEST
extension_data = record.extensions[0].data
assert extension_data.status_type == enums.CertificateStatusType.OCSP
assert extension_data.request.responder_id_list == [b'12', b'345']
assert extension_data.request.request_extensions == b'678'
def test_client_hello_with_maximum_fragment_length_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with
a `maximum_fragment_length` extension.
"""
record = ClientHello.from_bytes(
self.client_hello_packet_with_maximum_fragment_length_ext
)
assert len(record.extensions) == 1
[extension] = record.extensions
assert extension.type == enums.ExtensionType.MAX_FRAGMENT_LENGTH
assert extension.data == enums.MaxFragmentLength.TWO_TO_THE_9TH
def test_client_hello_with_server_name_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with a
server_name extension
"""
record = ClientHello.from_bytes(
self.client_hello_packet_with_server_name_ext
)
assert len(record.extensions) == 1
assert record.extensions[0].type == enums.ExtensionType.SERVER_NAME
assert len(record.extensions[0].data) == 1
server_name_list = record.extensions[0].data
assert server_name_list[0].name_type == enums.NameType.HOST_NAME
assert server_name_list[0].name == b'localhost'
def test_resumption_no_extensions(self):
"""
:func:`parse_client_hello` returns an instance of
:class:`ClientHello`.
"""
record = ClientHello.from_bytes(self.no_extensions_packet)
assert isinstance(record, ClientHello)
assert record.client_version.major == 3
assert record.client_version.minor == 0
assert record.random.gmt_unix_time == 16909060
assert record.random.random_bytes == b'0123456789012345678901234567'
assert record.session_id == b'01234567890123456789012345678901'
assert record.cipher_suites == [0x006b]
assert record.compression_methods == [0]
assert len(record.extensions) == 0
def test_resumption_no_extensions(self):
"""
:func:`parse_client_hello` returns an instance of
:class:`ClientHello`.
"""
record = ClientHello.from_bytes(self.no_extensions_packet)
assert isinstance(record, ClientHello)
assert record.client_version.major == 3
assert record.client_version.minor == 0
assert record.random.gmt_unix_time == 16909060
assert record.random.random_bytes == b'0123456789012345678901234567'
assert record.session_id == b'01234567890123456789012345678901'
assert record.cipher_suites == [0x006b]
assert record.compression_methods == [0]
assert len(record.extensions) == 0
def test_parse_trusted_ca_keys_extension(self):
"""
:py:func:`tls.hello_message.ClientHello` parses a packet with
TRUSTED_CA_KEYS_EXT extension.
"""
record = ClientHello.from_bytes(
self.client_hello_with_trusted_ca_keys_ext
)
assert len(record.extensions) == 1
assert (record.extensions[0].type ==
enums.ExtensionType.TRUSTED_CA_KEYS)
extension_data = record.extensions[0].data
assert extension_data == [Container(
identifier_type=enums.TrustedAuthorityIdentifierType.KEY_SHA1_HASH,
identifier=b'a' * 20,
)]
def test_as_bytes_unsupported_extension(self):
"""
:func:`ClientHello.as_bytes` fails to serialize a message that
contains invalid extensions
"""
extensions_data = (
b'\x00\x04'
b'\x00\x14' # Extension Type: Server Certificate Type
b'\x00\x00' # Length
b'' # Data
)
record = ClientHello.from_bytes(self.no_extensions_packet)
extensions = _constructs.Extensions.parse(extensions_data)
record.extensions = extensions
with pytest.raises(UnsupportedExtensionException):
record.as_bytes()
def test_as_bytes_unsupported_extension(self):
"""
:py:func:`ClientHello.as_bytes` fails to serialize a message that
contains invalid extensions
"""
extensions_data = (
b'\x00\x04'
b'\x00\x14' # Extension Type: Server Certificate Type
b'\x00\x00' # Length
b'' # Data
)
record = ClientHello.from_bytes(self.no_extensions_packet)
extensions = _constructs.Extensions.parse(extensions_data)
record.extensions = extensions
with pytest.raises(UnsupportedExtensionException):
record.as_bytes()
def test_as_bytes_with_extensions(self):
"""
:func:`ClientHello.as_bytes` returns the bytes it was created with
"""
record = ClientHello.from_bytes(self.extensions_packet)
assert record.as_bytes() == self.extensions_packet
def test_client_hello_maximum_fragment_length_extension_as_bytes(self):
record = ClientHello.from_bytes(
self.client_hello_packet_with_maximum_fragment_length_ext
)
assert record.as_bytes() == (
self.client_hello_packet_with_maximum_fragment_length_ext)
def test_parse_client_hello_extensions(self):
record = ClientHello.from_bytes(self.extensions_packet)
assert len(record.extensions) == 1
assert (record.extensions[0].type ==
enums.ExtensionType.SIGNATURE_ALGORITHMS)
assert len(record.extensions[0].data) == 10
def test_as_bytes_with_truncated_hmac_extension(self):
record = ClientHello.from_bytes(
self.client_hello_with_truncated_hmac_ext)
assert record.as_bytes() == self.client_hello_with_truncated_hmac_ext
def test_as_bytes_with_truncated_hmac_extension(self):
record = ClientHello.from_bytes(
self.client_hello_with_truncated_hmac_ext
)
assert record.as_bytes() == self.client_hello_with_truncated_hmac_ext
def test_client_hello_maximum_fragment_length_extension_as_bytes(self):
record = ClientHello.from_bytes(
self.client_hello_packet_with_maximum_fragment_length_ext)
assert record.as_bytes() == (
self.client_hello_packet_with_maximum_fragment_length_ext)
def test_as_bytes_with_extensions(self):
"""
:func:`ClientHello.as_bytes` returns the bytes it was created with
"""
record = ClientHello.from_bytes(self.extensions_packet)
assert record.as_bytes() == self.extensions_packet
def test_parse_client_hello_extensions(self):
record = ClientHello.from_bytes(self.extensions_packet)
assert len(record.extensions) == 1
assert (record.extensions[0].type ==
enums.ExtensionType.SIGNATURE_ALGORITHMS)
assert len(record.extensions[0].data) == 10