def test_process_with_unknown_key_exchange(self):
exp = ExpectServerKeyExchange()
state = ConnectionState()
state.cipher = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
client_hello.extensions = [
SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)])
]
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
state.version = server_hello.server_version
server_hello.random = bytearray(32)
state.server_random = server_hello.random
state.handshake_messages.append(cert)
msg = ServerKeyExchange(state.cipher, state.version)
msg.createSRP(1, 2, bytearray(3), 5)
msg.signAlg = SignatureAlgorithm.rsa
msg.hashAlg = HashAlgorithm.sha256
hash_bytes = msg.hash(client_hello.random, server_hello.random)
hash_bytes = private_key.addPKCS1Prefix(hash_bytes, 'sha256')
msg.signature = private_key.sign(hash_bytes)
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_generate_TLS_1_1(self):
priv_key = generateRSAKey(1024)
cert_ver_g = CertificateVerifyGenerator(priv_key)
state = ConnectionState()
state.version = (3, 2)
msg = cert_ver_g.generate(state)
self.assertIsNotNone(msg)
self.assertEqual(len(msg.signature), 128)
def test_generate_TLS_1_2(self):
priv_key = generateRSAKey(1024)
cert_ver_g = CertificateVerifyGenerator(priv_key)
state = ConnectionState()
state.version = (3, 3)
msg = cert_ver_g.generate(state)
self.assertIsNotNone(msg)
self.assertEqual(len(msg.signature), 128)
self.assertEqual(msg.signatureAlgorithm,
(constants.HashAlgorithm.sha1,
constants.SignatureAlgorithm.rsa))
def test_generate_TLS_1_2_with_cert_request(self):
priv_key = generateRSAKey(1024)
cert_ver_g = CertificateVerifyGenerator(priv_key)
state = ConnectionState()
state.version = (3, 3)
req = CertificateRequest((3, 3)).create([], [],
[(constants.HashAlgorithm.sha256,
constants.SignatureAlgorithm.rsa),
(constants.HashAlgorithm.sha1,
constants.SignatureAlgorithm.rsa)])
state.handshake_messages = [req]
msg = cert_ver_g.generate(state)
self.assertIsNotNone(msg)
self.assertEqual(len(msg.signature), 128)
self.assertEqual(msg.signatureAlgorithm,
(constants.HashAlgorithm.sha256,
constants.SignatureAlgorithm.rsa))
