def test_padding_extension_with_hello_over_256(self): sock = self.prepare_mock_socket_with_handshake_failure() conn = TLSConnection(sock) # create hostname extension with self.assertRaises(TLSRemoteAlert): # use serverName with 252 bytes settings = HandshakeSettings() settings.maxVersion = (3, 3) settings.keyShares = [] conn.handshakeClientCert( settings=settings, serverName='aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd.' + 'eeeeeeeeeeffffffffffgggggggggghhhhhhhhhh.' + 'iiiiiiiiiijjjjjjjjjjkkkkkkkkkkllllllllll.' + 'mmmmmmmmmmnnnnnnnnnnoooooooooopppppppppp.' + 'qqqqqqqqqqrrrrrrrrrrsssssssssstttttttttt.' + 'uuuuuuuuuuvvvvvvvvvvwwwwwwwwwwxxxxxxxxxx.' + 'y.com') self.assertEqual(len(sock.sent), 1) # check for version and content type (handshake) self.assertEqual(sock.sent[0][0:3], bytearray(b'\x16' + b'\x03\x03')) # check for handshake message type (client_hello) self.assertEqual(sock.sent[0][5:6], bytearray(b'\x01')) self.assertEqual(sock.sent[0][5:9], bytearray(b'\x01\x00\x02\x00')) # 5 bytes is record layer header, 4 bytes is handshake protocol header self.assertEqual(len(sock.sent[0]) - 5 - 4, 512)
def test_minVersion_higher_than_maxVersion(self): hs = HandshakeSettings() hs.minVersion = (3, 3) hs.maxVersion = (3, 0) with self.assertRaises(ValueError): hs.validate()
def test_versions_and_maxVersion_mismatch(self): hs = HandshakeSettings() hs.maxVersion = (3, 3) hs = hs.validate() self.assertNotIn((3, 4), hs.versions) self.assertNotIn((0x7f, 21), hs.versions)
def test_no_signature_hashes_set_with_TLS1_1(self): hs = HandshakeSettings() hs.rsaSigHashes = [] hs.dsaSigHashes = [] hs.ecdsaSigHashes = [] hs.maxVersion = (3, 2) self.assertIsNotNone(hs.validate())
def test_minVersion_higher_than_maxVersion(self): hs = HandshakeSettings() hs.minVersion = (3, 3) hs.maxVersion = (3, 0) with self.assertRaises(ValueError): hs.validate()
def test_getTLS13Suites(self): hs = HandshakeSettings() hs.maxVersion = (3, 4) self.assertEqual(CipherSuite.getTLS13Suites(hs), [CipherSuite.TLS_AES_256_GCM_SHA384, CipherSuite.TLS_AES_128_GCM_SHA256, CipherSuite.TLS_CHACHA20_POLY1305_SHA256])
def test_getTLS13Suites(self): hs = HandshakeSettings() hs.maxVersion = (3, 4) self.assertEqual(CipherSuite.getTLS13Suites(hs), [CipherSuite.TLS_AES_256_GCM_SHA384, CipherSuite.TLS_AES_128_GCM_SHA256, CipherSuite.TLS_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_AES_128_CCM_SHA256])
def test_maxVersion_without_TLSv1_2(self): hs = HandshakeSettings() hs.maxVersion = (3, 2) self.assertTrue('sha256' in hs.macNames) new_hs = hs.validate() self.assertFalse("sha256" in new_hs.macNames)
def test_maxVersion_without_TLSv1_2(self): hs = HandshakeSettings() hs.maxVersion = (3, 2) self.assertTrue("sha256" in hs.macNames) new_hs = hs.validate() self.assertFalse("sha256" in new_hs.macNames)
def server_process(server): settings = HandshakeSettings() settings.maxVersion = (3, 3) server.handshakeServer(certChain=self.cert_chain, privateKey=self.certKey) ret = server.read(min=len("client hello")) if ret != bytearray(b"client hello"): raise AssertionError("incorrect query") server.write(bytearray(b"Conn OK")) server.close()
def test_connection_no_rsa_pss(self): settings = HandshakeSettings() settings.maxVersion = (3, 3) # exclude pss as the keys in this module are too small for # the needed salt size for sha512 hash settings.rsaSchemes = ["pkcs1"] conn = TLSConnection(self.client_socket) conn.handshakeClientCert(serverName="localhost", settings=settings) self.assertIn(conn.session.cipherSuite, CipherSuite.aeadSuites) conn.write(bytearray(b"client hello")) ret = conn.read(min=len("Conn OK")) self.assertEqual(ret, bytearray(b"Conn OK"))
def test_maxVersion_with_unknown_version(self): hs = HandshakeSettings() hs.maxVersion = (3, 5) with self.assertRaises(ValueError): hs.validate()
def test_maxVersion_with_unknown_version(self): hs = HandshakeSettings() hs.maxVersion = (3, 4) with self.assertRaises(ValueError): hs.validate()
def test_no_signature_hashes_set_with_TLS1_1(self): hs = HandshakeSettings() hs.rsaSigHashes = [] hs.maxVersion = (3, 2) self.assertIsNotNone(hs.validate())
def test_getTLS13Suites_with_TLS1_2(self): hs = HandshakeSettings() hs.maxVersion = (3, 4) self.assertEqual(CipherSuite.getTLS13Suites(hs, (3, 3)), [])
def test_getTLS13Suites_with_TLS1_2(self): hs = HandshakeSettings() hs.maxVersion = (3, 4) self.assertEqual(CipherSuite.getTLS13Suites(hs, (3, 3)), [])