def test_process_with_unknown_key_exchange(self): exp = ExpectServerKeyExchange() state = ConnectionState() state.cipher = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) client_hello.extensions = [ SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) ] state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) state.version = server_hello.server_version server_hello.random = bytearray(32) state.server_random = server_hello.random state.handshake_messages.append(cert) msg = ServerKeyExchange(state.cipher, state.version) msg.createSRP(1, 2, bytearray(3), 5) msg.signAlg = SignatureAlgorithm.rsa msg.hashAlg = HashAlgorithm.sha256 hash_bytes = msg.hash(client_hello.random, server_hello.random) hash_bytes = private_key.addPKCS1Prefix(hash_bytes, 'sha256') msg.signature = private_key.sign(hash_bytes) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_generate_TLS_1_1(self): priv_key = generateRSAKey(1024) cert_ver_g = CertificateVerifyGenerator(priv_key) state = ConnectionState() state.version = (3, 2) msg = cert_ver_g.generate(state) self.assertIsNotNone(msg) self.assertEqual(len(msg.signature), 128)
def test_generate_TLS_1_2(self): priv_key = generateRSAKey(1024) cert_ver_g = CertificateVerifyGenerator(priv_key) state = ConnectionState() state.version = (3, 3) msg = cert_ver_g.generate(state) self.assertIsNotNone(msg) self.assertEqual(len(msg.signature), 128) self.assertEqual(msg.signatureAlgorithm, (constants.HashAlgorithm.sha1, constants.SignatureAlgorithm.rsa))
def test_generate_TLS_1_2_with_cert_request(self): priv_key = generateRSAKey(1024) cert_ver_g = CertificateVerifyGenerator(priv_key) state = ConnectionState() state.version = (3, 3) req = CertificateRequest((3, 3)).create([], [], [(constants.HashAlgorithm.sha256, constants.SignatureAlgorithm.rsa), (constants.HashAlgorithm.sha1, constants.SignatureAlgorithm.rsa)]) state.handshake_messages = [req] msg = cert_ver_g.generate(state) self.assertIsNotNone(msg) self.assertEqual(len(msg.signature), 128) self.assertEqual(msg.signatureAlgorithm, (constants.HashAlgorithm.sha256, constants.SignatureAlgorithm.rsa))