def test_parse_with_cert_type_extension(self):
p = Parser(
bytearray(
# we don't include the type of message as it is handled by the
# hello protocol parser
#b'x01' + # type of message - client_hello
b'\x00' * 2 + b'\x2f' + # length - 47 bytes
b'\x01\x01' + # protocol version - arbitrary (invalid)
b'\x00' * 32 + # client random
b'\x00' + # session ID length
b'\x00' * 2 + # cipher suites length
b'\x00' + # compression methods length
b'\x00\x07' + # extensions length - 7 bytes
b'\x00\x09' + # extension type - certTypes (9)
b'\x00\x03' + # extension length - 3 bytes
b'\x02' + # length of array - 2 bytes
b'\x00' + # type - x509 (0)
b'\x01' # type - opengpg (1)
))
client_hello = ClientHello()
client_hello = client_hello.parse(p)
self.assertEqual((1, 1), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([], client_hello.cipher_suites)
self.assertEqual([], client_hello.compression_methods)
self.assertEqual([0, 1], client_hello.certificate_types)
certTypes = ClientCertTypeExtension().create([0, 1])
self.assertEqual([certTypes], client_hello.extensions)
def test_parse_with_SNI_extension(self):
p = Parser(
bytearray(
# we don't include the type of message as it is handled by the
# hello protocol parser
#b'x01' + # type of message - client_hello
b'\x00' * 2 + b'\x3c' + # length - 60 bytes
b'\x01\x01' + # protocol version - arbitrary (invalid)
b'\x00' * 32 + # client random
b'\x00' + # session ID length
b'\x00' * 2 + # cipher suites length
b'\x00' + # compression methods length
b'\x00\x14' + # extensions length - 20 bytes
b'\x00\x00' + # extension type - SNI (0)
b'\x00\x10' + # extension length - 16 bytes
b'\x00\x0e' + # length of array - 14 bytes
b'\x00' + # type of entry - host_name (0)
b'\x00\x0b' + # length of name - 11 bytes
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'))
client_hello = ClientHello()
client_hello = client_hello.parse(p)
self.assertEqual((1, 1), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([], client_hello.cipher_suites)
self.assertEqual([], client_hello.compression_methods)
self.assertEqual(bytearray(b'example.com'), client_hello.server_name)
sni = SNIExtension().create(bytearray(b'example.com'))
self.assertEqual([sni], client_hello.extensions)
def test_process_with_bad_extension(self):
exps = {ExtensionType.renegotiation_info: None,
ExtensionType.alpn: 'BAD_EXTENSION'
}
exp = ExpectServerHello(extensions=exps)
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(ALPNExtension().create([bytearray(b'http/1.1')]))
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(ValueError):
exp.process(state, msg)
def test_process_with_rcf7919_groups_required_not_provided(self):
exp = ExpectServerKeyExchange(valid_groups=[256])
state = ConnectionState()
state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
client_hello.extensions = [SupportedGroupsExtension().create([256])]
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
server_hello.random = bytearray(32)
state.server_random = server_hello.random
# server hello is not necessary for the test to work
#state.handshake_messages.append(server_hello)
state.handshake_messages.append(cert)
srv_key_exchange = DHE_RSAKeyExchange(\
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
client_hello,
server_hello,
private_key,
dhGroups=None)
msg = srv_key_exchange.makeServerKeyExchange('sha1')
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_parse_with_SRP_extension(self):
p = Parser(
bytearray(
# we don't include the type of message as it is handled by the
# hello protocol parser
#b'x01' + # type of message - client_hello
b'\x00' * 2 + b'\x35' + # length - 53 bytes
b'\x01\x01' + # protocol version - arbitrary (invalid)
b'\x00' * 32 + # client random
b'\x00' + # session ID length
b'\x00' * 2 + # cipher suites length
b'\x00' + # compression methods length
b'\x00\x0d' + # extensions length - 13 bytes
b'\x00\x0c' + # extension type - SRP (12)
b'\x00\x09' + # extension length - 9 bytes
b'\x08' + # length of name - 8 bytes
b'username' # UTF-8 encoding of "username" :)
))
client_hello = ClientHello()
client_hello = client_hello.parse(p)
self.assertEqual((1, 1), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([], client_hello.cipher_suites)
self.assertEqual([], client_hello.compression_methods)
self.assertEqual(bytearray(b'username'), client_hello.srp_username)
srp = SRPExtension().create(bytearray(b'username'))
self.assertEqual([srp], client_hello.extensions)
def test_alignClientHelloPadding_length_of_511_bytes(self):
clientHello = ClientHello()
clientHello.create((3,0), bytearray(32), bytearray(0), [])
clientHello.extensions = []
ext = SNIExtension()
ext.create(hostNames=[
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddd'),
])
clientHello.extensions.append(ext)
clientHelloLength = len(clientHello.write())
self.assertEqual(511, clientHelloLength - 4)
HandshakeHelpers.alignClientHelloPadding(clientHello)
# clientHello length should equal to 515, ignoring handshake
# protocol header (4B)
data = clientHello.write()
self.assertEqual(515, len(data) - 4)
# padding extension should have zero byte size
self.assertEqual(bytearray(b'\x00\x15\x00\x00'), data[clientHelloLength:])
def test_alignClientHelloPadding_length_of_512_bytes(self):
clientHello = ClientHello()
clientHello.create((3,0), bytearray(32), bytearray(0), [])
clientHello.extensions = []
ext = SNIExtension()
ext.create(hostNames=[
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccdddddddd'),
])
clientHello.extensions.append(ext)
clientHelloLength = len(clientHello.write())
self.assertEqual(512, clientHelloLength - 4)
HandshakeHelpers.alignClientHelloPadding(clientHello)
# clientHello should not be changed due to sufficient length (>=512)
self.assertEqual(clientHelloLength, len(clientHello.write()))
def test_write_with_certificate_types(self):
# note that ClienHello is "clever" and doesn't send the extension
# if only x509 certificate type is present, so we pass two values
client_hello = ClientHello().create(
(3, 1),
bytearray(b'\x00' * 31 + b'\xff'),
bytearray(0), [],
certificate_types=[CertificateType.x509, CertificateType.openpgp])
self.assertEqual(
list(
bytearray(b'\x01' + # type of message - client_hello
b'\x00' * 2 + b'\x30' + # length - 48 bytes
b'\x03\x01' + # protocol version (TLS 1.0)
b'\x00' * 31 + b'\xff' + # client random
b'\x00' + # session ID length
b'\x00\x00' + # cipher suites length
b'\x01' + # compression methods length
b'\x00' + # supported method - NULL
b'\x00\x07' + # extensions length
b'\x00\x09' + # cert_type extension value (9)
b'\x00\x03' + # size of the extension
b'\x02' + # length of supported types
b'\x00' + # type - X.509
b'\x01' # type - OpenPGP
)),
list(client_hello.write()))
def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
srpUsername='******')
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
verifierDB = VerifierDB()
verifierDB.create()
entry = verifierDB.makeVerifier('user', 'password', 2048)
verifierDB['user'] = entry
self.keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
verifierDB)
def test_process_with_not_matching_signature_algorithms(self):
exp = ExpectServerKeyExchange(
valid_sig_algs=[(HashAlgorithm.sha256, SignatureAlgorithm.rsa)])
state = ConnectionState()
state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
server_hello.random = bytearray(32)
state.server_random = server_hello.random
# server hello is not necessary for the test to work
#state.handshake_messages.append(server_hello)
state.handshake_messages.append(cert)
srv_key_exchange = DHE_RSAKeyExchange(\
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
client_hello,
server_hello,
private_key)
msg = srv_key_exchange.makeServerKeyExchange('sha1')
with self.assertRaises(TLSIllegalParameterException):
exp.process(state, msg)
def generate(self, state):
if self.version is None:
self.version = state.client_version
if self.random:
state.client_random = self.random
if self.session_id is None:
self.session_id = state.session_id
if not state.client_random:
state.client_random = bytearray(32)
extensions = None
if self.extensions is not None:
extensions = self._generate_extensions(state)
clnt_hello = ClientHello(self.ssl2).create(self.version,
state.client_random,
self.session_id,
self.ciphers,
extensions=extensions)
clnt_hello.compression_methods = self.compression
state.client_version = self.version
self.msg = clnt_hello
return clnt_hello
def test_server_with_client_proposing_SHA256_on_TLSv1_1(self):
gen_sock = MockSocket(bytearray(0))
gen_record_layer = RecordLayer(gen_sock)
gen_record_layer.version = (3, 0)
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
0x88, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
client_hello = ClientHello().create(version=(3, 2),
random=bytearray(32),
session_id=bytearray(0),
cipher_suites=ciphers)
for res in gen_record_layer.sendRecord(client_hello):
if res in (0, 1):
self.assertTrue(False, "Blocking socket")
else:
break
# test proper
sock = MockSocket(gen_sock.sent[0])
conn = TLSConnection(sock)
srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_cert_chain = X509CertChain([X509().parse(srv_raw_certificate)])
with self.assertRaises(TLSLocalAlert) as err:
conn.handshakeServer(certChain=srv_cert_chain,
privateKey=srv_private_key)
self.assertEqual(err.exception.description,
AlertDescription.handshake_failure)
def test_process_with_ECDHE_RSA(self):
exp = ExpectServerKeyExchange()
state = ConnectionState()
state.cipher = CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
client_hello.extensions = [
SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)]),
SupportedGroupsExtension().create([GroupName.secp256r1])
]
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
server_hello.random = bytearray(32)
state.server_random = server_hello.random
# server hello is not necessary for the test to work
#state.handshake_messages.append(server_hello)
state.handshake_messages.append(cert)
srv_key_exchange = ECDHE_RSAKeyExchange(
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, client_hello,
server_hello, private_key, [GroupName.secp256r1])
msg = srv_key_exchange.makeServerKeyExchange('sha256')
exp.process(state, msg)
def test_parse_with_SSLv2_client_hello(self):
parser = Parser(
bytearray(
# length and type is handled by hello protocol parser
#b'\x80\x2e' + # length - 46 bytes
#b'\x01' + # message type - client hello
b'\x00\x02' + # version - SSLv2
b'\x00\x15' + # cipher spec length - 21 bytes
b'\x00\x00' + # session ID length - 0 bytes
b'\x00\x10' + # challange length - 16 bytes
b'\x07\x00\xc0' + # cipher - SSL2_DES_192_EDE3_CBC_WITH_MD5
b'\x05\x00\x80' + # cipher - SSL2_IDEA_128_CBC_WITH_MD5
b'\x03\x00\x80' + # cipher - SSL2_RC2_CBC_128_CBC_WITH_MD5
b'\x01\x00\x80' + # cipher - SSL2_RC4_128_WITH_MD5
b'\x06\x00\x40' + # cipher - SSL2_DES_64_CBC_WITH_MD5
b'\x04\x00\x80' + # cipher - SSL2_RC2_CBC_128_CBC_WITH_MD5
b'\x02\x00\x80' + # cipher - SSL2_RC4_128_EXPORT40_WITH_MD5
b'\x01' * 16 # challenge
))
client_hello = ClientHello(ssl2=True)
client_hello = client_hello.parse(parser)
# XXX the value on the wire is LSB, but should be interpreted MSB for
# SSL2
self.assertEqual((0, 2), client_hello.client_version)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual(
[458944, 327808, 196736, 65664, 393280, 262272, 131200],
client_hello.cipher_suites)
self.assertEqual(bytearray(b'\x00' * 16 + b'\x01' * 16),
client_hello.random)
self.assertEqual([0], client_hello.compression_methods)
def test_parse(self):
p = Parser(
bytearray(
# we don't include the type of message as it is handled by the
# hello protocol parser
#b'x01' + # type of message - client_hello
b'\x00' * 2 + b'\x26' + # length - 38 bytes
b'\x01\x01' + # protocol version - arbitrary (invalid)
b'\x00' * 32 + # client random
b'\x00' + # session ID length
b'\x00' * 2 + # cipher suites length
b'\x00' # compression methods length
))
client_hello = ClientHello()
client_hello = client_hello.parse(p)
self.assertEqual((1, 1), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([], client_hello.cipher_suites)
self.assertEqual([], client_hello.compression_methods)
self.assertEqual(bytearray(0), client_hello.server_name)
# XXX not sent
self.assertEqual([0], client_hello.certificate_types)
self.assertEqual(False, client_hello.supports_npn)
self.assertEqual(False, client_hello.tack)
self.assertEqual(None, client_hello.srp_username)
self.assertEqual(None, client_hello.extensions)
def test_process_with_unknown_key_exchange(self):
exp = ExpectServerKeyExchange()
state = ConnectionState()
state.cipher = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
client_hello.extensions = [
SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)])
]
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
state.version = server_hello.server_version
server_hello.random = bytearray(32)
state.server_random = server_hello.random
state.handshake_messages.append(cert)
msg = ServerKeyExchange(state.cipher, state.version)
msg.createSRP(1, 2, bytearray(3), 5)
msg.signAlg = SignatureAlgorithm.rsa
msg.hashAlg = HashAlgorithm.sha256
hash_bytes = msg.hash(client_hello.random, server_hello.random)
hash_bytes = private_key.addPKCS1Prefix(hash_bytes, 'sha256')
msg.signature = private_key.sign(hash_bytes)
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_parse_with_TACK_extension(self):
p = Parser(
bytearray(
# we don't include the type of message as it is handled by the
# hello protocol parser
#b'x01' + # type of message - client_hello
b'\x00' * 2 + b'\x2c' + # length - 44 bytes
b'\x01\x01' + # protocol version - arbitrary (invalid)
b'\x00' * 32 + # client random
b'\x00' + # session ID length
b'\x00' * 2 + # cipher suites length
b'\x00' + # compression methods length
b'\x00\x04' + # extensions length - 4 bytes
b'\xf3\x00' + # extension type - TACK (62208)
b'\x00\x00' # extension length - 0 bytes
))
client_hello = ClientHello()
client_hello = client_hello.parse(p)
self.assertEqual((1, 1), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([], client_hello.cipher_suites)
self.assertEqual([], client_hello.compression_methods)
self.assertEqual(True, client_hello.tack)
tack = TLSExtension().create(62208, bytearray(0))
self.assertEqual([tack], client_hello.extensions)
def test_alignClientHelloPadding_length_256_bytes(self):
clientHello = ClientHello()
clientHello.create((3,0), bytearray(32), bytearray(0), [])
clientHello.extensions = []
ext = SNIExtension()
ext.create(hostNames=[
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeee'),
])
clientHello.extensions.append(ext)
clientHelloLength = len(clientHello.write())
# clientHello length (excluding 4B header) should equal to 256
self.assertEqual(256, clientHelloLength - 4)
HandshakeHelpers.alignClientHelloPadding(clientHello)
# clientHello length (excluding 4B header) should equal to 512
data = clientHello.write()
self.assertEqual(512, len(data) - 4)
# previously created data should be extended with the padding extension
# starting with the padding extension type \x00\x15 (21)
self.assertEqual(bytearray(b'\x00\x15'), data[clientHelloLength:clientHelloLength+2])
def test___str___with_all_null_session_id(self):
client_hello = ClientHello().create((3,0), bytearray(4), bytearray(10),\
[])
self.assertEqual("client_hello,version(3.0),random(...),"\
"session ID(bytearray(b'\\x00'*10)),cipher suites([]),"\
"compression methods([0])", str(client_hello))
def test_write_with_server_name(self):
client_hello = ClientHello().create((3, 1),
bytearray(b'\x00' * 31 + b'\xff'),
bytearray(0), [],
serverName="example.com")
self.assertEqual(
list(
bytearray(b'\x01' + # type of message - client_hello
b'\x00' * 2 + b'\x3d' + # length - 61 bytes
b'\x03\x01' + # protocol version
b'\x00' * 31 + b'\xff' + # client random
b'\x00' + # session ID length
b'\x00\x00' + # cipher suites length
b'\x01' + # compression methods length
b'\x00' + # supported method - NULL
b'\x00\x14' + # extensions length
b'\x00\x00' + # servername extension value (0)
b'\x00\x10' + # byte size of the extension
b'\x00\x0e' + # length of the list
b'\x00' + # name type: host_name (0)
b'\x00\x0b' + # length of host name
# utf-8 encoding of "example.com"
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d')),
list(client_hello.write()))
def test_server_name_other_than_dns_name(self):
client_hello = ClientHello().create((3, 3), bytearray(1), bytearray(0),
[])
sni_ext = SNIExtension().create(serverNames=[\
SNIExtension.ServerName(1, b'test')])
client_hello.extensions = [sni_ext]
self.assertEqual(client_hello.server_name, bytearray(0))
def test_getExtension_with_present_id(self):
client_hello = ClientHello().create(
(3, 3),
bytearray(1),
bytearray(0), [],
extensions=[TLSExtension().create(0, bytearray(0))])
ext = client_hello.getExtension(0)
self.assertEqual(ext, TLSExtension().create(0, bytearray(0)))
def test___str___with_extensions(self):
client_hello = ClientHello().create((3,0), bytearray(4), bytearray(0),\
[], extensions=[TLSExtension().create(0, bytearray(b'\x00'))])
self.assertEqual("client_hello,version(3.0),random(...),"\
"session ID(bytearray(b'')),cipher suites([]),"\
"compression methods([0]),extensions(["\
"TLSExtension(extType=0, extData=bytearray(b'\\x00'), "\
"serverType=False)])",
str(client_hello))
def test_create(self):
client_hello = ClientHello()
client_hello.create((3,0), bytearray(32), bytearray(0), \
[])
self.assertEqual((3, 0), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([], client_hello.cipher_suites)
self.assertEqual([0], client_hello.compression_methods)
def test_getExtension(self):
client_hello = ClientHello().create(
(3, 3),
bytearray(1),
bytearray(0), [],
extensions=[TLSExtension().create(0, bytearray(0))])
ext = client_hello.getExtension(1)
self.assertIsNone(ext)
def test___init__(self):
client_hello = ClientHello()
assert client_hello
self.assertEqual(False, client_hello.ssl2)
self.assertEqual((0, 0), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([], client_hello.cipher_suites)
self.assertEqual([], client_hello.compression_methods)
def test___repr__(self):
client_hello = ClientHello().create((3,3), bytearray(1), bytearray(0),\
[], extensions=[TLSExtension().create(0, bytearray(0))])
self.assertEqual("ClientHello(ssl2=False, client_version=(3.3), "\
"random=bytearray(b'\\x00'), session_id=bytearray(b''), "\
"cipher_suites=[], compression_methods=[0], "\
"extensions=[TLSExtension(extType=0, "\
"extData=bytearray(b''), serverType=False)])",
repr(client_hello))
def setUp(self):
self.srv_cert_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = self.srv_cert_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
self.server_key_exchange = ServerKeyExchange(self.cipher_suite, (3, 3))\
.parse(Parser(self.expected_sha1_SKE[1:]))
self.ske_tls1_1 = ServerKeyExchange(self.cipher_suite, (3, 2))\
.parse(Parser(self.expected_tls1_1_SKE[1:]))
self.client_hello = ClientHello()
def test_create_with_one_ciphersuite(self):
client_hello = ClientHello()
client_hello.create((3,0), bytearray(32), bytearray(0), \
[CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV])
self.assertEqual((3, 0), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV], \
client_hello.cipher_suites)
self.assertEqual([0], client_hello.compression_methods)
def test_alignClientHelloPadding_length_less_than_256_bytes(self):
clientHello = ClientHello()
clientHello.create((3,0), bytearray(32), bytearray(0), [])
clientHelloLength = len(clientHello.write())
self.assertTrue(clientHelloLength - 4 < 256)
HandshakeHelpers.alignClientHelloPadding(clientHello)
# clientHello should not be changed due to small length
self.assertEqual(clientHelloLength, len(clientHello.write()))
