def setUp(self): self.srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = srv_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA self.client_hello = ClientHello().create((3, 3), bytearray(32), bytearray(0), [], srpUsername='******') self.server_hello = ServerHello().create((3, 3), bytearray(32), bytearray(0), self.cipher_suite) verifierDB = VerifierDB() verifierDB.create() entry = verifierDB.makeVerifier('user', 'password', 2048) verifierDB['user'] = entry self.keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, self.srv_private_key, verifierDB)
def test_client_SRP_key_exchange_with_unknown_params(self): keyExchange = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) keyExchange.createSRP(1, 2, 3, 4) client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password')) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_unknown_params(self): keyExchange = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) keyExchange.createSRP(1, 2, 3, 4) client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******') with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_invalid_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') keyExchange.srp_B = keyExchange.srp_N settings = HandshakeSettings() client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password'), settings=settings) with self.assertRaises(TLSIllegalParameterException): client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_small_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') settings = HandshakeSettings() settings.minKeySize = 3072 client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password'), settings=settings) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_invalid_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') keyExchange.srp_B = keyExchange.srp_N settings = HandshakeSettings() client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******', settings=settings) with self.assertRaises(TLSIllegalParameterException): client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_small_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') settings = HandshakeSettings() settings.minKeySize = 3072 client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******', settings=settings) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_big_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') settings = HandshakeSettings() settings.minKeySize = 512 settings.maxKeySize = 1024 client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******', settings=settings) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange)
def setUp(self): self.srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = srv_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA self.client_hello = ClientHello().create((3, 3), bytearray(32), bytearray(0), [], srpUsername=bytearray(b'user') ) self.server_hello = ServerHello().create((3, 3), bytearray(32), bytearray(0), self.cipher_suite) verifierDB = VerifierDB() verifierDB.create() entry = verifierDB.makeVerifier('user', 'password', 2048) verifierDB[b'user'] = entry self.keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, self.srv_private_key, verifierDB)
def test_SRP_key_exchange_with_client(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password'), settings=HandshakeSettings()) client_premaster = client_keyExchange.processServerKeyExchange(\ None, srv_key_ex) clientKeyExchange = client_keyExchange.makeClientKeyExchange() server_premaster = self.keyExchange.processClientKeyExchange(\ clientKeyExchange) self.assertEqual(client_premaster, server_premaster)
def test_SRP_key_exchange_with_client(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******', settings=HandshakeSettings()) client_premaster = client_keyExchange.processServerKeyExchange(\ None, srv_key_ex) clientKeyExchange = client_keyExchange.makeClientKeyExchange() server_premaster = self.keyExchange.processClientKeyExchange(\ clientKeyExchange) self.assertEqual(client_premaster, server_premaster)
class TestSRPKeyExchange(unittest.TestCase): def setUp(self): self.srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = srv_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA self.client_hello = ClientHello().create((3, 3), bytearray(32), bytearray(0), [], srpUsername=bytearray(b'user') ) self.server_hello = ServerHello().create((3, 3), bytearray(32), bytearray(0), self.cipher_suite) verifierDB = VerifierDB() verifierDB.create() entry = verifierDB.makeVerifier('user', 'password', 2048) verifierDB[b'user'] = entry self.keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, self.srv_private_key, verifierDB) def test_SRP_key_exchange(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256') KeyExchange.verifyServerKeyExchange(srv_key_ex, self.srv_pub_key, self.client_hello.random, self.server_hello.random, [(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) a = bytesToNumber(getRandomBytes(32)) A = powMod(srv_key_ex.srp_g, a, srv_key_ex.srp_N) x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password')) v = powMod(srv_key_ex.srp_g, x, srv_key_ex.srp_N) u = makeU(srv_key_ex.srp_N, A, srv_key_ex.srp_B) k = makeK(srv_key_ex.srp_N, srv_key_ex.srp_g) S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N, a+(u*x), srv_key_ex.srp_N) cln_premaster = numberToByteArray(S) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A) srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_premaster, srv_premaster) def test_SRP_key_exchange_without_signature(self): self.cipher_suite = CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA self.keyExchange.cipherSuite = self.cipher_suite self.server_hello.cipher_suite = self.cipher_suite srv_key_ex = self.keyExchange.makeServerKeyExchange() a = bytesToNumber(getRandomBytes(32)) A = powMod(srv_key_ex.srp_g, a, srv_key_ex.srp_N) x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password')) v = powMod(srv_key_ex.srp_g, x, srv_key_ex.srp_N) u = makeU(srv_key_ex.srp_N, A, srv_key_ex.srp_B) k = makeK(srv_key_ex.srp_N, srv_key_ex.srp_g) S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N, a+(u*x), srv_key_ex.srp_N) cln_premaster = numberToByteArray(S) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A) srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_premaster, srv_premaster) def test_SRP_init_with_invalid_name(self): with self.assertRaises(TypeError): SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password=bytearray(b'password'), settings=HandshakeSettings()) def test_SRP_init_with_invalid_password(self): with self.assertRaises(TypeError): SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password='******', settings=HandshakeSettings()) def test_SRP_with_invalid_name(self): self.client_hello.srp_username = bytearray(b'test') with self.assertRaises(TLSUnknownPSKIdentity): self.keyExchange.makeServerKeyExchange('sha1') def test_SRP_with_invalid_client_key_share(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') A = srv_key_ex.srp_N cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A) with self.assertRaises(TLSIllegalParameterException): self.keyExchange.processClientKeyExchange(cln_key_ex) def test_SRP_key_exchange_with_client(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password'), settings=HandshakeSettings()) client_premaster = client_keyExchange.processServerKeyExchange(\ None, srv_key_ex) clientKeyExchange = client_keyExchange.makeClientKeyExchange() server_premaster = self.keyExchange.processClientKeyExchange(\ clientKeyExchange) self.assertEqual(client_premaster, server_premaster) def test_client_SRP_key_exchange_with_unknown_params(self): keyExchange = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) keyExchange.createSRP(1, 2, 3, 4) client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password')) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange) def test_client_SRP_key_exchange_with_too_small_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') settings = HandshakeSettings() settings.minKeySize = 3072 client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password'), settings=settings) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange) def test_client_SRP_key_exchange_with_too_big_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') settings = HandshakeSettings() settings.minKeySize = 512 settings.maxKeySize = 1024 client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password'), settings=settings) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange) def test_client_SRP_key_exchange_with_invalid_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') keyExchange.srp_B = keyExchange.srp_N settings = HandshakeSettings() client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password'), settings=settings) with self.assertRaises(TLSIllegalParameterException): client_keyExchange.processServerKeyExchange(None, keyExchange)
class TestSRPKeyExchange(unittest.TestCase): def setUp(self): self.srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = srv_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA self.client_hello = ClientHello().create((3, 3), bytearray(32), bytearray(0), [], srpUsername='******') self.server_hello = ServerHello().create((3, 3), bytearray(32), bytearray(0), self.cipher_suite) verifierDB = VerifierDB() verifierDB.create() entry = verifierDB.makeVerifier('user', 'password', 2048) verifierDB['user'] = entry self.keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, self.srv_private_key, verifierDB) def test_SRP_key_exchange(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256') KeyExchange.verifyServerKeyExchange(srv_key_ex, self.srv_pub_key, self.client_hello.random, self.server_hello.random, [(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) a = bytesToNumber(getRandomBytes(32)) A = powMod(srv_key_ex.srp_g, a, srv_key_ex.srp_N) x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password')) v = powMod(srv_key_ex.srp_g, x, srv_key_ex.srp_N) u = makeU(srv_key_ex.srp_N, A, srv_key_ex.srp_B) k = makeK(srv_key_ex.srp_N, srv_key_ex.srp_g) S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N, a+(u*x), srv_key_ex.srp_N) cln_premaster = numberToByteArray(S) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A) srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_premaster, srv_premaster) def test_SRP_key_exchange_without_signature(self): self.cipher_suite = CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA self.keyExchange.cipherSuite = self.cipher_suite self.server_hello.cipher_suite = self.cipher_suite srv_key_ex = self.keyExchange.makeServerKeyExchange() a = bytesToNumber(getRandomBytes(32)) A = powMod(srv_key_ex.srp_g, a, srv_key_ex.srp_N) x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password')) v = powMod(srv_key_ex.srp_g, x, srv_key_ex.srp_N) u = makeU(srv_key_ex.srp_N, A, srv_key_ex.srp_B) k = makeK(srv_key_ex.srp_N, srv_key_ex.srp_g) S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N, a+(u*x), srv_key_ex.srp_N) cln_premaster = numberToByteArray(S) cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A) srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex) self.assertEqual(cln_premaster, srv_premaster) def test_SRP_with_invalid_name(self): self.client_hello.srp_username = bytearray(b'test') with self.assertRaises(TLSUnknownPSKIdentity): self.keyExchange.makeServerKeyExchange('sha1') def test_SRP_with_invalid_client_key_share(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') A = srv_key_ex.srp_N cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A) with self.assertRaises(TLSIllegalParameterException): self.keyExchange.processClientKeyExchange(cln_key_ex) def test_SRP_key_exchange_with_client(self): srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1') client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******', settings=HandshakeSettings()) client_premaster = client_keyExchange.processServerKeyExchange(\ None, srv_key_ex) clientKeyExchange = client_keyExchange.makeClientKeyExchange() server_premaster = self.keyExchange.processClientKeyExchange(\ clientKeyExchange) self.assertEqual(client_premaster, server_premaster) def test_client_SRP_key_exchange_with_unknown_params(self): keyExchange = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) keyExchange.createSRP(1, 2, 3, 4) client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******') with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange) def test_client_SRP_key_exchange_with_too_small_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') settings = HandshakeSettings() settings.minKeySize = 3072 client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******', settings=settings) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange) def test_client_SRP_key_exchange_with_too_big_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') settings = HandshakeSettings() settings.minKeySize = 512 settings.maxKeySize = 1024 client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******', settings=settings) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange) def test_client_SRP_key_exchange_with_invalid_params(self): keyExchange = self.keyExchange.makeServerKeyExchange('sha1') keyExchange.srp_B = keyExchange.srp_N settings = HandshakeSettings() client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******', settings=settings) with self.assertRaises(TLSIllegalParameterException): client_keyExchange.processServerKeyExchange(None, keyExchange)