def test_process_with_bad_extension(self):
exps = {ExtensionType.renegotiation_info: None,
ExtensionType.alpn: 'BAD_EXTENSION'
}
exp = ExpectServerHello(extensions=exps)
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(ALPNExtension().create([bytearray(b'http/1.1')]))
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(ValueError):
exp.process(state, msg)
def test_process_with_incorrect_cipher(self):
exp = ExpectServerHello(cipher=5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create(None)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_udefined_cipher(self):
exp = ExpectServerHello()
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create(None)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=0xfff0)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_unexpected_extensions(self):
exp = ExpectServerHello(
extensions={ExtensionType.renegotiation_info: None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(SNIExtension().create())
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def _generate_extensions(self, state):
"""Convert extension generators to extension objects."""
extensions = []
for ext_id in self.extensions:
if self.extensions[ext_id] is not None:
if callable(self.extensions[ext_id]):
extensions.append(self.extensions[ext_id](state))
elif isinstance(self.extensions[ext_id], TLSExtension):
extensions.append(self.extensions[ext_id])
else:
raise ValueError("Bad extension, id: {0}".format(ext_id))
continue
if ext_id == ExtensionType.renegotiation_info:
ext = RenegotiationInfoExtension()\
.create(state.client_verify_data)
extensions.append(ext)
else:
extensions.append(TLSExtension().create(ext_id, bytearray(0)))
return extensions
def test_process_with_extensions(self):
extension_process = mock.MagicMock()
exp = ExpectServerHello(
extensions={ExtensionType.renegotiation_info: extension_process})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create(None)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
extension_process.assert_called_once_with(state, ext)
def test_process_with_matching_extension(self):
exps = {
ExtensionType.renegotiation_info: None,
ExtensionType.alpn:
ALPNExtension().create([bytearray(b'http/1.1')])
}
exp = ExpectServerHello(extensions=exps)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(ALPNExtension().create([bytearray(b'http/1.1')]))
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertIsInstance(state.handshake_messages[0], ServerHello)
def main():
host = "localhost"
port = 4433
num_limit = None
run_exclude = set()
dhe = False
argv = sys.argv[1:]
opts, args = getopt.getopt(argv, "h:p:e:n:d", ["help"])
for opt, arg in opts:
if opt == '-h':
host = arg
elif opt == '-p':
port = int(arg)
elif opt == '-e':
run_exclude.add(arg)
elif opt == '-d':
run_exclude.add(arg)
elif opt == '-n':
num_limit = int(arg)
elif opt == '--help':
help_msg()
sys.exit(0)
else:
raise ValueError("Unknown option: {0}".format(opt))
if args:
run_only = set(args)
else:
run_only = None
conversations = {}
conversation = Connect(host, port)
node = conversation
ext = None
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext = {
ExtensionType.supported_groups:
SupportedGroupsExtension().create(groups),
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create(RSA_SIG_ALL),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
else:
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(
ApplicationDataGenerator(
bytearray(b"GET /?Renegotiation_Test=tlsfuzzer HTTP/1.0\r\n\r\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["sanity"] = conversation
# renegotiation
conversation = Connect(host, port)
node = conversation
ext = {ExtensionType.renegotiation_info: None}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
]
else:
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
ext = {ExtensionType.renegotiation_info: None}
node = node.add_child(ExpectServerHello(extensions=ext))
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# 2nd handshake
node = node.add_child(ResetHandshakeHashes())
ext = {ExtensionType.renegotiation_info: None}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
node = node.add_child(
ClientHelloGenerator(ciphers, session_id=bytearray(0), extensions=ext))
ext = {ExtensionType.renegotiation_info: None}
node = node.add_child(ExpectServerHello(extensions=ext))
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# send GET request
node = node.add_child(
ApplicationDataGenerator(
bytearray(b"GET /?Renegotiation_Test=tlsfuzzer HTTP/1.0\r\n")))
node = node.add_child(ApplicationDataGenerator(bytearray(b'\r\n')))
node = node.add_child(ExpectApplicationData())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations[
"secure renegotiation with GET after 2nd handshake"] = conversation
# renegotiation
conversation = Connect(host, port)
node = conversation
ext = {ExtensionType.renegotiation_info: None}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
]
else:
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
ext = {ExtensionType.renegotiation_info: None}
node = node.add_child(ExpectServerHello(extensions=ext))
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# send incomplete GET request
node = node.add_child(
ApplicationDataGenerator(
bytearray(b"GET /?Renegotiation_Test=tlsfuzzer HTTP/1.0\r\n")))
# 2nd handshake
node = node.add_child(ResetHandshakeHashes())
ext = {ExtensionType.renegotiation_info: None}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
node = node.add_child(
ClientHelloGenerator(ciphers, session_id=bytearray(0), extensions=ext))
ext = {ExtensionType.renegotiation_info: None}
node = node.add_child(ExpectServerHello(extensions=ext))
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# finish the GET request
node = node.add_child(ApplicationDataGenerator(bytearray(b'\r\n')))
node = node.add_child(ExpectApplicationData())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations["secure renegotiation with incomplete GET"] = conversation
# insecure renegotiation
conversation = Connect(host, port)
node = conversation
ext = None
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext = {
ExtensionType.supported_groups:
SupportedGroupsExtension().create(groups),
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create(RSA_SIG_ALL),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
]
else:
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# 2nd handshake
node = node.add_child(ResetHandshakeHashes())
ext = None
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext = {
ExtensionType.supported_groups:
SupportedGroupsExtension().create(groups),
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create(RSA_SIG_ALL),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
node = node.add_child(
ClientHelloGenerator(ciphers, session_id=bytearray(0), extensions=ext))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# send GET request
node = node.add_child(
ApplicationDataGenerator(
bytearray(b"GET /?Renegotiation_Test=tlsfuzzer HTTP/1.0\r\n")))
node = node.add_child(ApplicationDataGenerator(bytearray(b'\r\n')))
node = node.add_child(ExpectApplicationData())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations[
"insecure (legacy) renegotiation with GET after 2nd handshake"] = conversation
# insecure renegotiation
conversation = Connect(host, port)
node = conversation
ext = None
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext = {
ExtensionType.supported_groups:
SupportedGroupsExtension().create(groups),
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create(RSA_SIG_ALL),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
]
else:
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# send incomplete GET request
node = node.add_child(
ApplicationDataGenerator(
bytearray(b"GET /?Renegotiation_Test=tlsfuzzer HTTP/1.0\r\n")))
# 2nd handshake
node = node.add_child(ResetHandshakeHashes())
ext = None
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext = {
ExtensionType.supported_groups:
SupportedGroupsExtension().create(groups),
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create(RSA_SIG_ALL),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
node = node.add_child(
ClientHelloGenerator(ciphers, session_id=bytearray(0), extensions=ext))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# finish the GET request
node = node.add_child(ApplicationDataGenerator(bytearray(b'\r\n')))
node = node.add_child(ExpectApplicationData())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(ExpectAlert())
node.next_sibling = ExpectClose()
conversations[
"insecure (legacy) renegotiation with incomplete GET"] = conversation
# sending both SCSV and renegotiation_info: cold, then renegotiated
conversation = Connect(host, port)
node = conversation
# Sending both is NOT RECOMMENDED, though valid, for the first handshake...
ext = {ExtensionType.renegotiation_info: None}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
else:
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
ext = {ExtensionType.renegotiation_info: None}
node = node.add_child(ExpectServerHello(extensions=ext))
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# ... but not for the second handshake
node = node.add_child(ResetHandshakeHashes())
ext = {ExtensionType.renegotiation_info: None}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
else:
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
node = node.add_child(
ClientHelloGenerator(ciphers, session_id=bytearray(0), extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.handshake_failure))
node = node.add_child(ExpectClose())
conversations[
"sending both SCSV and renegotiation_info in renegotiated handshake"] = conversation
# sending both SCSV and renegotiation_info: cold, then renegotiated+resumed
conversation = Connect(host, port)
node = conversation
# Sending both is NOT RECOMMENDED, though valid, for the first handshake...
ext = {ExtensionType.renegotiation_info: None}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
else:
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
ext = {ExtensionType.renegotiation_info: None}
node = node.add_child(ExpectServerHello(extensions=ext))
node = node.add_child(ExpectCertificate())
if dhe:
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
# ... but not for the second handshake
node = node.add_child(ResetHandshakeHashes())
ext = {ExtensionType.renegotiation_info: None}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
else:
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.handshake_failure))
node = node.add_child(ExpectClose())
conversations[
"sending both SCSV and renegotiation_info in renegotiation+resumption"] = conversation
# non-empty initial renegotiation_info extension (with SCSV)
conversation = Connect(host, port)
node = conversation
ext = {
ExtensionType.renegotiation_info:
RenegotiationInfoExtension().create(bytearray(b'abc'))
}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
else:
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.handshake_failure))
node = node.add_child(ExpectClose())
conversations[
"non-empty initial renegotiation_info extension (with SCSV)"] = conversation
# non-empty initial renegotiation_info extension (without SCSV)
conversation = Connect(host, port)
node = conversation
ext = {
ExtensionType.renegotiation_info:
RenegotiationInfoExtension().create(bytearray(b'abc'))
}
if dhe:
groups = [GroupName.secp256r1, GroupName.ffdhe2048]
ext[ExtensionType.supported_groups] = SupportedGroupsExtension() \
.create(groups)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension().create(RSA_SIG_ALL)
ext[ExtensionType.signature_algorithms_cert] = \
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
ciphers = [
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
]
else:
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.handshake_failure))
node = node.add_child(ExpectClose())
conversations[
"non-empty initial renegotiation_info extension (without SCSV)"] = conversation
# run the conversation
good = 0
bad = 0
failed = []
if not num_limit:
num_limit = len(conversations)
# make sure that sanity test is run first and last
# to verify that server was running and kept running throughout
sanity_tests = [('sanity', conversations['sanity'])]
regular_tests = [(k, v) for k, v in conversations.items() if k != 'sanity']
sampled_tests = sample(regular_tests, min(num_limit, len(regular_tests)))
ordered_tests = chain(sanity_tests, sampled_tests, sanity_tests)
for c_name, c_test in ordered_tests:
if run_only and c_name not in run_only or c_name in run_exclude:
continue
print("{0} ...".format(c_name))
runner = Runner(c_test)
res = True
try:
runner.run()
except Exception:
print("Error while processing")
print(traceback.format_exc())
res = False
if res:
good += 1
print("OK\n")
else:
bad += 1
failed.append(c_name)
print("Check if the server supports insecure (legacy) renegotiation")
print("version: {0}\n".format(version))
print("Test end")
print("successful: {0}".format(good))
print("failed: {0}".format(bad))
failed_sorted = sorted(failed, key=natural_sort_keys)
print(" {0}".format('\n '.join(repr(i) for i in failed_sorted)))
if bad > 0:
sys.exit(1)
SignatureScheme.rsa_pss_rsae_sha512,
SignatureScheme.rsa_pss_rsae_sha384,
SignatureScheme.rsa_pss_rsae_sha256,
SignatureScheme.rsa_pkcs1_sha512,
SignatureScheme.rsa_pkcs1_sha384,
SignatureScheme.rsa_pkcs1_sha256,
(HashAlgorithm.sha1, SignatureAlgorithm.ecdsa),
SignatureScheme.rsa_pkcs1_sha1
]
from tlslite.extensions import SignatureAlgorithmsExtension
sig_algs_ext = SignatureAlgorithmsExtension().create(sig_algs)
extensions[ExtensionType.signature_algorithms] = sig_algs_ext
from tlslite.extensions import RenegotiationInfoExtension
renego_ext = RenegotiationInfoExtension().create(b'')
extensions[ExtensionType.renegotiation_info] = renego_ext
from tlsfuzzer.messages import ClientHelloGenerator
node = node.add_child(ClientHelloGenerator(ciphers, extensions=extensions))
from tlsfuzzer.expect import (
ExpectServerHello, ExpectCertificate, ExpectServerKeyExchange,
ExpectServerHelloDone
)
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerKeyExchange())
node = node.add_child(ExpectServerHelloDone())
from tlsfuzzer.messages import (
def conv_generator(conf, host, port, sni_hostname, cert=None, key=None):
"""Generate a conversation based on dict with configuration."""
root = Connect(host, port)
hs = HandshakeSettings()
# only RSA is supported
if conf['Server_authentication'] != "RSA" and \
conf['Server_authentication'] != "anon":
print("Substituting {0} to RSA for server auth".format(
conf['Server_authentication']),
file=sys.stderr)
# get the cipher that matches the imposed restrictions
cipher_trans = {
"AES_128_CBC": "aes128",
"AES_256_CBC": "aes256",
"AES_128_GCM": "aes128gcm",
"AES_256_GCM": "aes256gcm",
"3DES_EDE_CBC": "3des",
"RC4": "rc4",
"Chacha20_Poly1305": "chacha20-poly1305"
}
hs.cipherNames = [cipher_trans.get(conf['Cipher'], None)]
if hs.cipherNames == [None]:
raise ValueError("Unknown cipher type: {0}".format(conf['Cipher']))
mac_trans = {
"AEAD": "aead",
"MD5_HMAC": "md5",
"SHA1_HMAC": "sha",
"SHA256_HMAC": "sha256",
"SHA384_HMAC": "sha384"
}
hs.macNames = [mac_trans.get(conf['Integrity'], None)]
if hs.macNames == [None]:
raise ValueError("Unknown integrity type: {0}".format(
conf['Integrity']))
if conf['Key_exchange'] == 'DHE' and \
conf['Server_authentication'] == "anon":
suites = CipherSuite.getAnonSuites(hs)
elif conf['Key_exchange'] == 'ECDHE' and \
conf['Server_authentication'] == "anon":
suites = CipherSuite.getEcdhAnonSuites(hs)
elif conf['Key_exchange'] == 'RSA':
suites = CipherSuite.getCertSuites(hs)
elif conf['Key_exchange'] == 'DHE':
suites = CipherSuite.getDheCertSuites(hs)
elif conf['Key_exchange'] == 'ECDHE':
suites = CipherSuite.getEcdheCertSuites(hs)
else:
raise ValueError("Unknown key exchange type: {0}".format(
conf['Key_exchange']))
if not suites:
raise ValueError(
"Couldn't find matching cipher for {0} {3} {1} {2}".format(
conf['Key_exchange'], conf['Cipher'], conf['Integrity'],
conf['Server_authentication']))
# session ID/resumption handling
if conf['CH_SessionID'] == 'random':
sess_ID = getRandomBytes(16)
elif conf['CH_SessionID'] == 'empty':
sess_ID = bytearray()
else:
raise ValueError("Unknown CH_SessionID value".format(
conf['CH_SessionID']))
# compression
if conf['CH_compression'] == 'null_only':
compress = [0]
elif conf['CH_compression'] == 'null_and_deflate':
compress = [0, 1]
else:
raise ValueError("Unknown CH_compression value: {0}".format(
conf['CH_compression']))
# Renegotiation Info
if conf['CH_renegotiation_info_SCSV'] == "first":
suites.insert(0, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
elif conf['CH_renegotiation_info_SCSV'] == "last":
suites.append(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
elif conf['CH_renegotiation_info_SCSV'] == "absent":
pass
elif conf['CH_renegotiation_info_SCSV'] == "second":
suites.append(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
suites.append(0xeaea) # GREASE
else:
raise ValueError(
"Unexpected CH_renegotiation_info_SCSV value: {0}".format(
conf['CH_renegotiation_info_SCSV']))
# whether to send extensions
if conf['CH_extensions_present'] == "false":
ext = None
elif conf['CH_extensions_present'] != "true":
raise ValueError("Unexpected CH_extensions_present value: {0}".format(
conf['CH_extensions_present']))
else:
ext = dict()
# session ticket
if conf['CH_session_ticket'] != "no_ext":
print("Not generating session ticket extension", file=sys.stderr)
# renegotiation info
if conf['CH_renegotiation_info_ext'] == "true":
ext[ExtensionType.renegotiation_info] = \
RenegotiationInfoExtension().create(bytearray())
elif conf['CH_renegotiation_info_ext'] == "false":
pass
else:
raise ValueError(
"Unknown option in CH_renegotiation_info_ext: {0}".format(
conf['CH_renegotiation_info_ext']))
# signature algorithms
if conf['CH_signature_algorithms_ext'] == "false":
pass
elif conf['CH_signature_algorithms_ext'] != "true":
raise ValueError(
"Unknown option CH_signature_algorithms_ext: {0}".format(
conf["CH_signature_algorithms_ext"]))
else:
sig = conf['SKE_signature_scheme']
if sig == "none" or sig == "no_message":
# enter some random ones:
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension()\
.create([SignatureScheme.rsa_pkcs1_sha256,
SignatureScheme.rsa_pss_sha256])
else:
if "dsa" in sig:
print("Changing {0} to RSA scheme".format(sig))
sig = sig.replace("ecdsa", "rsa")
sig = sig.replace("dsa", "rsa")
sig = sig.replace("rsa_sha", "rsa_pkcs1_sha")
sig = sig.replace("rsapss", "rsa_pss")
if "sha224" in sig:
scheme = (HashAlgorithm.sha224, SignatureAlgorithm.rsa)
else:
scheme = getattr(SignatureScheme, sig)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension()\
.create([scheme])
# supported groups extension
if conf['CH_supported_groups_ext'] == "false":
groups = [
GroupName.ffdhe2048, GroupName.secp256r1, GroupName.x25519
]
ext[ExtensionType.supported_groups] = \
SupportedGroupsExtension().create(groups)
pass
elif conf['CH_supported_groups_ext'] != "true":
raise ValueError(
"Unknown option in CH_supported_groups_ext: {0}".format(
conf['CH_supported_groups_ext']))
else:
if conf['SKE_dh_group'] == "no_message":
groups = [
GroupName.ffdhe2048, GroupName.secp256r1, GroupName.x25519
]
elif conf['SKE_dh_group'] == "ffdhe1024":
groups = [GroupName.secp256r1, GroupName.x25519]
else:
groups = [getattr(GroupName, conf['SKE_dh_group'])]
ext[ExtensionType.supported_groups] = \
SupportedGroupsExtension().create(groups)
ext[ExtensionType.ec_point_formats] = \
ECPointFormatsExtension()\
.create([ECPointFormat.uncompressed,
ECPointFormat.ansiX962_compressed_char2,
ECPointFormat.ansiX962_compressed_prime])
# encrypt then MAC
if conf['CH_encrypt_then_mac_ext'] == "false":
pass
elif conf['CH_encrypt_then_mac_ext'] != "true":
raise ValueError(
"Unknown option in CH_encrypt_then_mac_ext: {0}".format(
conf['CH_encrypt_then_mac_ext']))
else:
ext[ExtensionType.encrypt_then_mac] = \
TLSExtension(extType=ExtensionType.encrypt_then_mac)\
.create(bytearray(0))
# server name
if conf['CH_server_name'] == "no_ext":
pass
elif conf['CH_server_name'] == "correct":
ext[ExtensionType.server_name] = \
SNIExtension().create(sni_hostname)
elif conf['CH_server_name'] == "mismatch":
ext[ExtensionType.server_name] = \
SNIExtension().create(sni_hostname + b'.www')
else:
raise ValueError("Unknown option in CH_server_name: {0}".format(
conf['CH_server_name']))
# OCSP staple
if conf['CH_status_request_ext'] == "false":
pass
elif conf['CH_status_request_ext'] != "true":
raise ValueError(
"Unknown option in CH_status_request_ext: {0}".format(
conf['CH_status_request_ext']))
else:
ext[ExtensionType.status_request] = \
StatusRequestExtension().create()
# Extended Master Secret ext
if conf['CH_extended_master_secret_ext'] == "false":
pass
elif conf['CH_extended_master_secret_ext'] != "true":
raise ValueError(
("Unknown value in CH_extended_master_secret_ext"
": {0}").format(conf['CH_extended_master_secret_ext']))
else:
ext[ExtensionType.extended_master_secret] = \
TLSExtension(extType=ExtensionType.extended_master_secret)\
.create(bytearray())
#
#
node = root.add_child(
ClientHelloGenerator(suites,
session_id=sess_ID,
compression=compress,
extensions=ext))
if conf['CH_server_name'] == "mismatch":
node = node.add_child(
ExpectAlert(AlertLevel.warning,
AlertDescription.unrecognized_name))
al_node = node
node = node.add_child(ExpectServerHello())
if conf['CH_server_name'] == "mismatch":
# make the sending of warning alert node optional
al_node.next_sibling = node
node = node.add_child(ExpectCertificate())
# TODO if conf['Certificate_Status_msg']
if conf['SKE_dh_group'] != "no_message":
node = node.add_child(ExpectServerKeyExchange())
if conf['CR_sent'] == "true":
node = node.add_child(ExpectCertificateRequest())
elif conf['CR_sent'] != "false":
raise ValueError("Unknown option in CR_sent: {0}".format(
conf['CR_sent']))
node = node.add_child(ExpectServerHelloDone())
if conf['CR_sent'] == "true":
if conf['CV_signature_scheme'] == "no_message":
node = node.add_child(CertificateGenerator())
else:
node = node.add_child(CertificateGenerator(X509CertChain([cert])))
node = node.add_child(ClientKeyExchangeGenerator())
if conf['CV_signature_scheme'] != "no_message":
sig = conf['CV_signature_scheme']
if "dsa" in sig:
print("Changing {0} to RSA scheme in CV".format(sig))
sig = sig.replace("ecdsa", "rsa")
sig = sig.replace("dsa", "rsa")
sig = sig.replace("rsa_sha", "rsa_pkcs1_sha")
sig = sig.replace("rsapss", "rsa_pss")
if "sha224" in sig:
scheme = (HashAlgorithm.sha224, SignatureAlgorithm.rsa)
else:
scheme = getattr(SignatureScheme, sig)
node = node.add_child(CertificateVerifyGenerator(key, msg_alg=scheme))
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
if conf['Disconnect'] == "true":
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(
ExpectAlert(AlertLevel.warning, AlertDescription.close_notify))
node.next_sibling = ExpectClose()
node = node.add_child(node.next_sibling)
node = node.add_child(Connect(host, port))
node = node.add_child(ResetRenegotiationInfo())
node = node.add_child(ResetHandshakeHashes())
hs = HandshakeSettings()
hs.cipherNames = [cipher_trans.get(conf['H2Cipher'], None)]
if hs.cipherNames == [None]:
raise ValueError("Unknown cipher type: {0}".format(conf['H2Cipher']))
hs.macNames = [mac_trans.get(conf["H2Integrity"], None)]
if hs.macNames == [None]:
raise ValueError("Unknown integrity type: {0}".format(
conf['H2Integrity']))
if conf['H2Key_exchange'] == 'DHE' and \
conf['H2Server_authentication'] == "anon":
suites = CipherSuite.getAnonSuites(hs)
elif conf['H2Key_exchange'] == "ECDHE" and \
conf['H2Server_authentication'] == "anon":
suites = CipherSuite.getEcdhAnonSuites(hs)
elif conf['H2Key_exchange'] == "RSA":
suites = CipherSuite.getCertSuites(hs)
elif conf['H2Key_exchange'] == "DHE":
suites = CipherSuite.getDheCertSuites(hs)
elif conf['H2Key_exchange'] == "ECDHE":
suites = CipherSuite.getEcdheCertSuites(hs)
else:
raise ValueError("Unknown key exchange type: {0}".format(
conf['H2Key_exchange']))
if not suites:
raise ValueError(
"Couldn't find matching cipher for {0} {3} {1} {2}".format(
conf['H2Key_exchange'], conf['H2Cipher'], conf['H2Integrity'],
conf['H2Server_authentication']))
if conf['H2CH_SessionID'] == 'random':
sess_ID = getRandomBytes(16)
elif conf['H2CH_SessionID'] == 'empty':
sess_ID = bytearray()
elif conf['H2CH_SessionID'] == "resume":
sess_ID = None
else:
raise ValueError("Unknown session id value: {0}".format(
conf['H2CH_SessionID']))
# compression
if conf['H2CH_compression'] == 'null_only':
compress = [0]
elif conf['H2CH_compression'] == 'null_and_deflate':
compress = [0, 1]
else:
raise ValueError("Unknown H2CH_compression value: {0}".format(
conf['H2CH_compression']))
# Renegotiation Info
if conf['H2CH_renegotiation_info_SCSV'] == "first":
suites.insert(0, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
elif conf['H2CH_renegotiation_info_SCSV'] == "last":
suites.append(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
elif conf['H2CH_renegotiation_info_SCSV'] == "absent":
pass
elif conf['H2CH_renegotiation_info_SCSV'] == "second":
suites.append(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
suites.append(0xeaea) # GREASE
else:
raise ValueError(
"Unexpected H2CH_renegotiation_info_SCSV value: {0}".format(
conf['H2CH_renegotiation_info_SCSV']))
# whether to send extensions
if conf['H2CH_extensions_present'] == "false":
ext = None
elif conf['H2CH_extensions_present'] != "true":
raise ValueError("Unexpected CH_extensions_present value: {0}".format(
conf['H2CH_extensions_present']))
else:
ext = dict()
# session ticket
if conf['H2CH_session_ticket'] != "no_ext":
print("Not generating session ticket extension", file=sys.stderr)
# renegotiation info
if conf['H2CH_renegotiation_info_ext'] == "true":
ext[ExtensionType.renegotiation_info] = None
elif conf['H2CH_renegotiation_info_ext'] == "false":
pass
else:
raise ValueError("Unknown option in H2CH_renegotiation_info_ext: "
"{0}".format(conf['H2CH_renegotiation_info_ext']))
# signature algorithms
if conf['H2CH_signature_algorithms_ext'] == "false":
pass
elif conf['H2CH_signature_algorithms_ext'] != "true":
raise ValueError("Unknown option H2CH_signature_algorithms_ext: "
"{0}".format(
conf["H2CH_signature_algorithms_ext"]))
else:
sig = conf['H2SKE_signature_scheme']
if sig == "none" or sig == "no_message":
# enter some random ones:
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension()\
.create([SignatureScheme.rsa_pkcs1_sha256,
SignatureScheme.rsa_pss_sha256])
else:
if "dsa" in sig:
print("Changing {0} to RSA scheme".format(sig))
sig = sig.replace("ecdsa", "rsa")
sig = sig.replace("dsa", "rsa")
sig = sig.replace("rsa_sha", "rsa_pkcs1_sha")
sig = sig.replace("rsapss", "rsa_pss")
if "sha224" in sig:
scheme = (HashAlgorithm.sha224, SignatureAlgorithm.rsa)
else:
scheme = getattr(SignatureScheme, sig)
ext[ExtensionType.signature_algorithms] = \
SignatureAlgorithmsExtension()\
.create([scheme])
# supported groups extension
if conf['H2CH_supported_groups_ext'] == "false":
groups = [
GroupName.ffdhe2048, GroupName.secp256r1, GroupName.x25519
]
ext[ExtensionType.supported_groups] = \
SupportedGroupsExtension().create(groups)
pass
elif conf['H2CH_supported_groups_ext'] != "true":
raise ValueError(
"Unknown option in H2CH_supported_groups_ext: {0}".format(
conf['H2CH_supported_groups_ext']))
else:
if conf['H2SKE_dh_group'] == "no_message":
groups = [
GroupName.ffdhe2048, GroupName.secp256r1, GroupName.x25519
]
elif conf['H2SKE_dh_group'] == "ffdhe1024":
groups = [GroupName.secp256r1, GroupName.x25519]
else:
groups = [getattr(GroupName, conf['H2SKE_dh_group'])]
ext[ExtensionType.supported_groups] = \
SupportedGroupsExtension().create(groups)
ext[ExtensionType.ec_point_formats] = \
ECPointFormatsExtension()\
.create([ECPointFormat.uncompressed,
ECPointFormat.ansiX962_compressed_char2,
ECPointFormat.ansiX962_compressed_prime])
# encrypt then MAC
if conf['H2CH_encrypt_then_mac_ext'] == "false":
pass
elif conf['H2CH_encrypt_then_mac_ext'] != "true":
raise ValueError(
"Unknown option in H2CH_encrypt_then_mac_ext: {0}".format(
conf['H2CH_encrypt_then_mac_ext']))
else:
ext[ExtensionType.encrypt_then_mac] = \
TLSExtension(extType=ExtensionType.encrypt_then_mac)\
.create(bytearray(0))
# server name
if conf['H2CH_server_name'] == "no_ext":
pass
elif conf['H2CH_server_name'] == "correct":
ext[ExtensionType.server_name] = \
SNIExtension().create(sni_hostname)
elif conf['H2CH_server_name'] == "mismatch":
ext[ExtensionType.server_name] = \
SNIExtension().create(sni_hostname + b'.www')
else:
raise ValueError("Unknown option in H2CH_server_name: {0}".format(
conf['H2CH_server_name']))
# OCSP staple
if conf['H2CH_status_request_ext'] == "false":
pass
elif conf['H2CH_status_request_ext'] != "true":
raise ValueError(
"Unknown option in H2CH_status_request_ext: {0}".format(
conf['H2CH_status_request_ext']))
else:
ext[ExtensionType.status_request] = \
StatusRequestExtension().create()
# Extended Master Secret ext
if conf['H2CH_extended_master_secret_ext'] == "false":
pass
elif conf['H2CH_extended_master_secret_ext'] != "true":
raise ValueError(
("Unknown value in H2CH_extended_master_secret_ext"
": {0}").format(conf['H2CH_extended_master_secret_ext']))
else:
ext[ExtensionType.extended_master_secret] = \
TLSExtension(extType=ExtensionType.extended_master_secret)\
.create(bytearray())
node = node.add_child(
ClientHelloGenerator(suites,
session_id=sess_ID,
compression=compress,
extensions=ext))
if conf['H2CH_server_name'] == "mismatch":
node = node.add_child(
ExpectAlert(AlertLevel.warning,
AlertDescription.unrecognized_name))
al_node = node
if conf['H2SH_SessionID'] == "resume":
print("doing resumption")
node = node.add_child(ExpectServerHello(resume=True))
if conf['H2CH_server_name'] == "mismatch":
# make the sending of warning alert node optional
al_node.next_sibling = node
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(
ExpectAlert(AlertLevel.warning, AlertDescription.close_notify))
node.next_sibling = ExpectClose()
else:
node = node.add_child(ExpectServerHello())
if conf['H2CH_server_name'] == "mismatch":
# make the sending of warning alert node optional
al_node.next_sibling = node
node = node.add_child(ExpectCertificate())
# TODO if conf['Certificate_Status_msg']
if conf['H2SKE_dh_group'] != "no_message":
node = node.add_child(ExpectServerKeyExchange())
if conf['H2CR_sent'] == "true":
node = node.add_child(ExpectCertificateRequest())
elif conf['H2CR_sent'] != "false":
raise ValueError("Unknown option in H2CR_sent: {0}".format(
conf['H2CR_sent']))
node = node.add_child(ExpectServerHelloDone())
if conf['H2CR_sent'] == "true":
if conf['H2CV_signature_scheme'] == "no_message":
node = node.add_child(CertificateGenerator())
else:
node = node.add_child(
CertificateGenerator(X509CertChain([cert])))
node = node.add_child(ClientKeyExchangeGenerator())
if conf['H2CV_signature_scheme'] != "no_message":
sig = conf['H2CV_signature_scheme']
if "dsa" in sig:
print("Changing {0} to RSA scheme in CV".format(sig))
sig = sig.replace("ecdsa", "rsa")
sig = sig.replace("dsa", "rsa")
sig = sig.replace("rsa_sha", "rsa_pkcs1_sha")
sig = sig.replace("rsapss", "rsa_pss")
if "sha224" in sig:
scheme = (HashAlgorithm.sha224, SignatureAlgorithm.rsa)
else:
scheme = getattr(SignatureScheme, sig)
node = node.add_child(
CertificateVerifyGenerator(key, msg_alg=scheme))
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(
ExpectAlert(AlertLevel.warning, AlertDescription.close_notify))
node.next_sibling = ExpectClose()
return root
