def test_is_match(self):
exp = ExpectServerHello()
msg = Message(ContentType.handshake,
bytearray([HandshakeType.server_hello]))
self.assertTrue(exp.is_match(msg))
def test_is_match_with_unmatching_handshake_type(self):
exp = ExpectServerHello()
msg = Message(ContentType.handshake,
bytearray([HandshakeType.client_hello]))
self.assertFalse(exp.is_match(msg))
def test_is_match_with_unmatching_handshake_type(self):
exp = ExpectServerHello()
msg = Message(ContentType.handshake,
bytearray([HandshakeType.client_hello]))
self.assertFalse(exp.is_match(msg))
def test_is_match(self):
exp = ExpectServerHello()
msg = Message(ContentType.handshake,
bytearray([HandshakeType.server_hello]))
self.assertTrue(exp.is_match(msg))
def test_process_with_bad_extension(self):
exps = {ExtensionType.renegotiation_info: None,
ExtensionType.alpn: 'BAD_EXTENSION'
}
exp = ExpectServerHello(extensions=exps)
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(ALPNExtension().create([bytearray(b'http/1.1')]))
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(ValueError):
exp.process(state, msg)
def test_is_match_with_unmatching_content_type(self):
exp = ExpectServerHello()
msg = Message(ContentType.application_data,
bytearray([HandshakeType.server_hello]))
self.assertFalse(exp.is_match(msg))
def test_is_match_with_unmatching_content_type(self):
exp = ExpectServerHello()
msg = Message(ContentType.application_data,
bytearray([HandshakeType.server_hello]))
self.assertFalse(exp.is_match(msg))
def test_process_with_incorrect_cipher(self):
exp = ExpectServerHello(cipher=5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_incorrect_version(self):
extension_process = mock.MagicMock()
exp = ExpectServerHello(version=(3, 3))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 2),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_mandatory_resumption_but_wrong_id(self):
exp = ExpectServerHello(resume=True)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xbb\xbb\xbb'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_udefined_cipher(self):
exp = ExpectServerHello()
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create(None)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=0xfff0)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_unexpected_extensions(self):
exp = ExpectServerHello(extensions={ExtensionType.renegotiation_info:
None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create())
exts.append(SNIExtension().create())
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_extended_master_secret(self):
exp = ExpectServerHello(
extensions={ExtensionType.extended_master_secret:None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
self.assertFalse(state.extended_master_secret)
ext = TLSExtension(extType=ExtensionType.extended_master_secret)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.extended_master_secret)
def test_process_with_extended_master_secret(self):
exp = ExpectServerHello(
extensions={ExtensionType.extended_master_secret: None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
self.assertFalse(state.extended_master_secret)
ext = TLSExtension(extType=ExtensionType.extended_master_secret)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.extended_master_secret)
def test_process_with_mandatory_resumption_but_wrong_id(self):
exp = ExpectServerHello(resume=True)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xbb\xbb\xbb'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_unexpected_extensions(self):
exp = ExpectServerHello(
extensions={ExtensionType.renegotiation_info: None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create())
exts.append(SNIExtension().create())
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_resumption(self):
exp = ExpectServerHello()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xaa\xaa\xaa'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.resuming)
def test_process_with_resumption(self):
exp = ExpectServerHello()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xaa\xaa\xaa'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.resuming)
def test_process_with_extensions(self):
extension_process = mock.MagicMock()
exp = ExpectServerHello(extensions={ExtensionType.renegotiation_info:
extension_process})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
extension_process.assert_called_once_with(state, ext)
def test_process_with_extensions(self):
extension_process = mock.MagicMock()
exp = ExpectServerHello(
extensions={ExtensionType.renegotiation_info: extension_process})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
extension_process.assert_called_once_with(state, ext)
def test_process_with_mandatory_resumption(self):
exp = ExpectServerHello(resume=True)
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xaa\xaa\xaa'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.resuming)
def test_process_with_matching_extension(self):
exps = {
ExtensionType.renegotiation_info: None,
ExtensionType.alpn:
ALPNExtension().create([bytearray(b'http/1.1')])
}
exp = ExpectServerHello(extensions=exps)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(ALPNExtension().create([bytearray(b'http/1.1')]))
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertIsInstance(state.handshake_messages[0], ServerHello)
