def test_parse_with_cert_type_extension(self): p = Parser( bytearray( # we don't include the type of message as it is handled by the # hello protocol parser #b'x01' + # type of message - client_hello b'\x00' * 2 + b'\x2f' + # length - 47 bytes b'\x01\x01' + # protocol version - arbitrary (invalid) b'\x00' * 32 + # client random b'\x00' + # session ID length b'\x00' * 2 + # cipher suites length b'\x00' + # compression methods length b'\x00\x07' + # extensions length - 7 bytes b'\x00\x09' + # extension type - certTypes (9) b'\x00\x03' + # extension length - 3 bytes b'\x02' + # length of array - 2 bytes b'\x00' + # type - x509 (0) b'\x01' # type - opengpg (1) )) client_hello = ClientHello() client_hello = client_hello.parse(p) self.assertEqual((1, 1), client_hello.client_version) self.assertEqual(bytearray(32), client_hello.random) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual([], client_hello.cipher_suites) self.assertEqual([], client_hello.compression_methods) self.assertEqual([0, 1], client_hello.certificate_types) certTypes = ClientCertTypeExtension().create([0, 1]) self.assertEqual([certTypes], client_hello.extensions)
def test_parse_with_SNI_extension(self): p = Parser( bytearray( # we don't include the type of message as it is handled by the # hello protocol parser #b'x01' + # type of message - client_hello b'\x00' * 2 + b'\x3c' + # length - 60 bytes b'\x01\x01' + # protocol version - arbitrary (invalid) b'\x00' * 32 + # client random b'\x00' + # session ID length b'\x00' * 2 + # cipher suites length b'\x00' + # compression methods length b'\x00\x14' + # extensions length - 20 bytes b'\x00\x00' + # extension type - SNI (0) b'\x00\x10' + # extension length - 16 bytes b'\x00\x0e' + # length of array - 14 bytes b'\x00' + # type of entry - host_name (0) b'\x00\x0b' + # length of name - 11 bytes # UTF-8 encoding of example.com b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d')) client_hello = ClientHello() client_hello = client_hello.parse(p) self.assertEqual((1, 1), client_hello.client_version) self.assertEqual(bytearray(32), client_hello.random) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual([], client_hello.cipher_suites) self.assertEqual([], client_hello.compression_methods) self.assertEqual(bytearray(b'example.com'), client_hello.server_name) sni = SNIExtension().create(bytearray(b'example.com')) self.assertEqual([sni], client_hello.extensions)
def test_process_with_bad_extension(self): exps = {ExtensionType.renegotiation_info: None, ExtensionType.alpn: 'BAD_EXTENSION' } exp = ExpectServerHello(extensions=exps) state = ConnectionState() client_hello = ClientHello() client_hello.cipher_suites = [4] state.handshake_messages.append(client_hello) state.msg_sock = mock.MagicMock() exts = [] exts.append(RenegotiationInfoExtension().create(None)) exts.append(ALPNExtension().create([bytearray(b'http/1.1')])) msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=exts) self.assertTrue(exp.is_match(msg)) with self.assertRaises(ValueError): exp.process(state, msg)
def test_process_with_rcf7919_groups_required_not_provided(self): exp = ExpectServerKeyExchange(valid_groups=[256]) state = ConnectionState() state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) client_hello.extensions = [SupportedGroupsExtension().create([256])] state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) server_hello.random = bytearray(32) state.server_random = server_hello.random # server hello is not necessary for the test to work #state.handshake_messages.append(server_hello) state.handshake_messages.append(cert) srv_key_exchange = DHE_RSAKeyExchange(\ CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, client_hello, server_hello, private_key, dhGroups=None) msg = srv_key_exchange.makeServerKeyExchange('sha1') with self.assertRaises(AssertionError): exp.process(state, msg)
def test_parse_with_SRP_extension(self): p = Parser( bytearray( # we don't include the type of message as it is handled by the # hello protocol parser #b'x01' + # type of message - client_hello b'\x00' * 2 + b'\x35' + # length - 53 bytes b'\x01\x01' + # protocol version - arbitrary (invalid) b'\x00' * 32 + # client random b'\x00' + # session ID length b'\x00' * 2 + # cipher suites length b'\x00' + # compression methods length b'\x00\x0d' + # extensions length - 13 bytes b'\x00\x0c' + # extension type - SRP (12) b'\x00\x09' + # extension length - 9 bytes b'\x08' + # length of name - 8 bytes b'username' # UTF-8 encoding of "username" :) )) client_hello = ClientHello() client_hello = client_hello.parse(p) self.assertEqual((1, 1), client_hello.client_version) self.assertEqual(bytearray(32), client_hello.random) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual([], client_hello.cipher_suites) self.assertEqual([], client_hello.compression_methods) self.assertEqual(bytearray(b'username'), client_hello.srp_username) srp = SRPExtension().create(bytearray(b'username')) self.assertEqual([srp], client_hello.extensions)
def test_alignClientHelloPadding_length_of_511_bytes(self): clientHello = ClientHello() clientHello.create((3,0), bytearray(32), bytearray(0), []) clientHello.extensions = [] ext = SNIExtension() ext.create(hostNames=[ bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddd'), ]) clientHello.extensions.append(ext) clientHelloLength = len(clientHello.write()) self.assertEqual(511, clientHelloLength - 4) HandshakeHelpers.alignClientHelloPadding(clientHello) # clientHello length should equal to 515, ignoring handshake # protocol header (4B) data = clientHello.write() self.assertEqual(515, len(data) - 4) # padding extension should have zero byte size self.assertEqual(bytearray(b'\x00\x15\x00\x00'), data[clientHelloLength:])
def test_alignClientHelloPadding_length_of_512_bytes(self): clientHello = ClientHello() clientHello.create((3,0), bytearray(32), bytearray(0), []) clientHello.extensions = [] ext = SNIExtension() ext.create(hostNames=[ bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccdddddddd'), ]) clientHello.extensions.append(ext) clientHelloLength = len(clientHello.write()) self.assertEqual(512, clientHelloLength - 4) HandshakeHelpers.alignClientHelloPadding(clientHello) # clientHello should not be changed due to sufficient length (>=512) self.assertEqual(clientHelloLength, len(clientHello.write()))
def test_write_with_certificate_types(self): # note that ClienHello is "clever" and doesn't send the extension # if only x509 certificate type is present, so we pass two values client_hello = ClientHello().create( (3, 1), bytearray(b'\x00' * 31 + b'\xff'), bytearray(0), [], certificate_types=[CertificateType.x509, CertificateType.openpgp]) self.assertEqual( list( bytearray(b'\x01' + # type of message - client_hello b'\x00' * 2 + b'\x30' + # length - 48 bytes b'\x03\x01' + # protocol version (TLS 1.0) b'\x00' * 31 + b'\xff' + # client random b'\x00' + # session ID length b'\x00\x00' + # cipher suites length b'\x01' + # compression methods length b'\x00' + # supported method - NULL b'\x00\x07' + # extensions length b'\x00\x09' + # cert_type extension value (9) b'\x00\x03' + # size of the extension b'\x02' + # length of supported types b'\x00' + # type - X.509 b'\x01' # type - OpenPGP )), list(client_hello.write()))
def setUp(self): self.srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = srv_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA self.client_hello = ClientHello().create((3, 3), bytearray(32), bytearray(0), [], srpUsername='******') self.server_hello = ServerHello().create((3, 3), bytearray(32), bytearray(0), self.cipher_suite) verifierDB = VerifierDB() verifierDB.create() entry = verifierDB.makeVerifier('user', 'password', 2048) verifierDB['user'] = entry self.keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, self.srv_private_key, verifierDB)
def test_process_with_not_matching_signature_algorithms(self): exp = ExpectServerKeyExchange( valid_sig_algs=[(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) state = ConnectionState() state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) server_hello.random = bytearray(32) state.server_random = server_hello.random # server hello is not necessary for the test to work #state.handshake_messages.append(server_hello) state.handshake_messages.append(cert) srv_key_exchange = DHE_RSAKeyExchange(\ CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, client_hello, server_hello, private_key) msg = srv_key_exchange.makeServerKeyExchange('sha1') with self.assertRaises(TLSIllegalParameterException): exp.process(state, msg)
def generate(self, state): if self.version is None: self.version = state.client_version if self.random: state.client_random = self.random if self.session_id is None: self.session_id = state.session_id if not state.client_random: state.client_random = bytearray(32) extensions = None if self.extensions is not None: extensions = self._generate_extensions(state) clnt_hello = ClientHello(self.ssl2).create(self.version, state.client_random, self.session_id, self.ciphers, extensions=extensions) clnt_hello.compression_methods = self.compression state.client_version = self.version self.msg = clnt_hello return clnt_hello
def test_server_with_client_proposing_SHA256_on_TLSv1_1(self): gen_sock = MockSocket(bytearray(0)) gen_record_layer = RecordLayer(gen_sock) gen_record_layer.version = (3, 0) ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256, CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256, 0x88, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV] client_hello = ClientHello().create(version=(3, 2), random=bytearray(32), session_id=bytearray(0), cipher_suites=ciphers) for res in gen_record_layer.sendRecord(client_hello): if res in (0, 1): self.assertTrue(False, "Blocking socket") else: break # test proper sock = MockSocket(gen_sock.sent[0]) conn = TLSConnection(sock) srv_private_key = parsePEMKey(srv_raw_key, private=True) srv_cert_chain = X509CertChain([X509().parse(srv_raw_certificate)]) with self.assertRaises(TLSLocalAlert) as err: conn.handshakeServer(certChain=srv_cert_chain, privateKey=srv_private_key) self.assertEqual(err.exception.description, AlertDescription.handshake_failure)
def test_process_with_ECDHE_RSA(self): exp = ExpectServerKeyExchange() state = ConnectionState() state.cipher = CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) client_hello.extensions = [ SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]), SupportedGroupsExtension().create([GroupName.secp256r1]) ] state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) server_hello.random = bytearray(32) state.server_random = server_hello.random # server hello is not necessary for the test to work #state.handshake_messages.append(server_hello) state.handshake_messages.append(cert) srv_key_exchange = ECDHE_RSAKeyExchange( CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, client_hello, server_hello, private_key, [GroupName.secp256r1]) msg = srv_key_exchange.makeServerKeyExchange('sha256') exp.process(state, msg)
def test_parse_with_SSLv2_client_hello(self): parser = Parser( bytearray( # length and type is handled by hello protocol parser #b'\x80\x2e' + # length - 46 bytes #b'\x01' + # message type - client hello b'\x00\x02' + # version - SSLv2 b'\x00\x15' + # cipher spec length - 21 bytes b'\x00\x00' + # session ID length - 0 bytes b'\x00\x10' + # challange length - 16 bytes b'\x07\x00\xc0' + # cipher - SSL2_DES_192_EDE3_CBC_WITH_MD5 b'\x05\x00\x80' + # cipher - SSL2_IDEA_128_CBC_WITH_MD5 b'\x03\x00\x80' + # cipher - SSL2_RC2_CBC_128_CBC_WITH_MD5 b'\x01\x00\x80' + # cipher - SSL2_RC4_128_WITH_MD5 b'\x06\x00\x40' + # cipher - SSL2_DES_64_CBC_WITH_MD5 b'\x04\x00\x80' + # cipher - SSL2_RC2_CBC_128_CBC_WITH_MD5 b'\x02\x00\x80' + # cipher - SSL2_RC4_128_EXPORT40_WITH_MD5 b'\x01' * 16 # challenge )) client_hello = ClientHello(ssl2=True) client_hello = client_hello.parse(parser) # XXX the value on the wire is LSB, but should be interpreted MSB for # SSL2 self.assertEqual((0, 2), client_hello.client_version) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual( [458944, 327808, 196736, 65664, 393280, 262272, 131200], client_hello.cipher_suites) self.assertEqual(bytearray(b'\x00' * 16 + b'\x01' * 16), client_hello.random) self.assertEqual([0], client_hello.compression_methods)
def test_parse(self): p = Parser( bytearray( # we don't include the type of message as it is handled by the # hello protocol parser #b'x01' + # type of message - client_hello b'\x00' * 2 + b'\x26' + # length - 38 bytes b'\x01\x01' + # protocol version - arbitrary (invalid) b'\x00' * 32 + # client random b'\x00' + # session ID length b'\x00' * 2 + # cipher suites length b'\x00' # compression methods length )) client_hello = ClientHello() client_hello = client_hello.parse(p) self.assertEqual((1, 1), client_hello.client_version) self.assertEqual(bytearray(32), client_hello.random) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual([], client_hello.cipher_suites) self.assertEqual([], client_hello.compression_methods) self.assertEqual(bytearray(0), client_hello.server_name) # XXX not sent self.assertEqual([0], client_hello.certificate_types) self.assertEqual(False, client_hello.supports_npn) self.assertEqual(False, client_hello.tack) self.assertEqual(None, client_hello.srp_username) self.assertEqual(None, client_hello.extensions)
def test_process_with_unknown_key_exchange(self): exp = ExpectServerKeyExchange() state = ConnectionState() state.cipher = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) client_hello.extensions = [ SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) ] state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) state.version = server_hello.server_version server_hello.random = bytearray(32) state.server_random = server_hello.random state.handshake_messages.append(cert) msg = ServerKeyExchange(state.cipher, state.version) msg.createSRP(1, 2, bytearray(3), 5) msg.signAlg = SignatureAlgorithm.rsa msg.hashAlg = HashAlgorithm.sha256 hash_bytes = msg.hash(client_hello.random, server_hello.random) hash_bytes = private_key.addPKCS1Prefix(hash_bytes, 'sha256') msg.signature = private_key.sign(hash_bytes) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_parse_with_TACK_extension(self): p = Parser( bytearray( # we don't include the type of message as it is handled by the # hello protocol parser #b'x01' + # type of message - client_hello b'\x00' * 2 + b'\x2c' + # length - 44 bytes b'\x01\x01' + # protocol version - arbitrary (invalid) b'\x00' * 32 + # client random b'\x00' + # session ID length b'\x00' * 2 + # cipher suites length b'\x00' + # compression methods length b'\x00\x04' + # extensions length - 4 bytes b'\xf3\x00' + # extension type - TACK (62208) b'\x00\x00' # extension length - 0 bytes )) client_hello = ClientHello() client_hello = client_hello.parse(p) self.assertEqual((1, 1), client_hello.client_version) self.assertEqual(bytearray(32), client_hello.random) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual([], client_hello.cipher_suites) self.assertEqual([], client_hello.compression_methods) self.assertEqual(True, client_hello.tack) tack = TLSExtension().create(62208, bytearray(0)) self.assertEqual([tack], client_hello.extensions)
def test_alignClientHelloPadding_length_256_bytes(self): clientHello = ClientHello() clientHello.create((3,0), bytearray(32), bytearray(0), []) clientHello.extensions = [] ext = SNIExtension() ext.create(hostNames=[ bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'), bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeee'), ]) clientHello.extensions.append(ext) clientHelloLength = len(clientHello.write()) # clientHello length (excluding 4B header) should equal to 256 self.assertEqual(256, clientHelloLength - 4) HandshakeHelpers.alignClientHelloPadding(clientHello) # clientHello length (excluding 4B header) should equal to 512 data = clientHello.write() self.assertEqual(512, len(data) - 4) # previously created data should be extended with the padding extension # starting with the padding extension type \x00\x15 (21) self.assertEqual(bytearray(b'\x00\x15'), data[clientHelloLength:clientHelloLength+2])
def test___str___with_all_null_session_id(self): client_hello = ClientHello().create((3,0), bytearray(4), bytearray(10),\ []) self.assertEqual("client_hello,version(3.0),random(...),"\ "session ID(bytearray(b'\\x00'*10)),cipher suites([]),"\ "compression methods([0])", str(client_hello))
def test_write_with_server_name(self): client_hello = ClientHello().create((3, 1), bytearray(b'\x00' * 31 + b'\xff'), bytearray(0), [], serverName="example.com") self.assertEqual( list( bytearray(b'\x01' + # type of message - client_hello b'\x00' * 2 + b'\x3d' + # length - 61 bytes b'\x03\x01' + # protocol version b'\x00' * 31 + b'\xff' + # client random b'\x00' + # session ID length b'\x00\x00' + # cipher suites length b'\x01' + # compression methods length b'\x00' + # supported method - NULL b'\x00\x14' + # extensions length b'\x00\x00' + # servername extension value (0) b'\x00\x10' + # byte size of the extension b'\x00\x0e' + # length of the list b'\x00' + # name type: host_name (0) b'\x00\x0b' + # length of host name # utf-8 encoding of "example.com" b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d')), list(client_hello.write()))
def test_server_name_other_than_dns_name(self): client_hello = ClientHello().create((3, 3), bytearray(1), bytearray(0), []) sni_ext = SNIExtension().create(serverNames=[\ SNIExtension.ServerName(1, b'test')]) client_hello.extensions = [sni_ext] self.assertEqual(client_hello.server_name, bytearray(0))
def test_getExtension_with_present_id(self): client_hello = ClientHello().create( (3, 3), bytearray(1), bytearray(0), [], extensions=[TLSExtension().create(0, bytearray(0))]) ext = client_hello.getExtension(0) self.assertEqual(ext, TLSExtension().create(0, bytearray(0)))
def test___str___with_extensions(self): client_hello = ClientHello().create((3,0), bytearray(4), bytearray(0),\ [], extensions=[TLSExtension().create(0, bytearray(b'\x00'))]) self.assertEqual("client_hello,version(3.0),random(...),"\ "session ID(bytearray(b'')),cipher suites([]),"\ "compression methods([0]),extensions(["\ "TLSExtension(extType=0, extData=bytearray(b'\\x00'), "\ "serverType=False)])", str(client_hello))
def test_create(self): client_hello = ClientHello() client_hello.create((3,0), bytearray(32), bytearray(0), \ []) self.assertEqual((3, 0), client_hello.client_version) self.assertEqual(bytearray(32), client_hello.random) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual([], client_hello.cipher_suites) self.assertEqual([0], client_hello.compression_methods)
def test_getExtension(self): client_hello = ClientHello().create( (3, 3), bytearray(1), bytearray(0), [], extensions=[TLSExtension().create(0, bytearray(0))]) ext = client_hello.getExtension(1) self.assertIsNone(ext)
def test___init__(self): client_hello = ClientHello() assert client_hello self.assertEqual(False, client_hello.ssl2) self.assertEqual((0, 0), client_hello.client_version) self.assertEqual(bytearray(32), client_hello.random) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual([], client_hello.cipher_suites) self.assertEqual([], client_hello.compression_methods)
def test___repr__(self): client_hello = ClientHello().create((3,3), bytearray(1), bytearray(0),\ [], extensions=[TLSExtension().create(0, bytearray(0))]) self.assertEqual("ClientHello(ssl2=False, client_version=(3.3), "\ "random=bytearray(b'\\x00'), session_id=bytearray(b''), "\ "cipher_suites=[], compression_methods=[0], "\ "extensions=[TLSExtension(extType=0, "\ "extData=bytearray(b''), serverType=False)])", repr(client_hello))
def setUp(self): self.srv_cert_chain = X509CertChain([X509().parse(srv_raw_certificate)]) self.srv_pub_key = self.srv_cert_chain.getEndEntityPublicKey() self.cipher_suite = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA self.server_key_exchange = ServerKeyExchange(self.cipher_suite, (3, 3))\ .parse(Parser(self.expected_sha1_SKE[1:])) self.ske_tls1_1 = ServerKeyExchange(self.cipher_suite, (3, 2))\ .parse(Parser(self.expected_tls1_1_SKE[1:])) self.client_hello = ClientHello()
def test_create_with_one_ciphersuite(self): client_hello = ClientHello() client_hello.create((3,0), bytearray(32), bytearray(0), \ [CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV]) self.assertEqual((3, 0), client_hello.client_version) self.assertEqual(bytearray(32), client_hello.random) self.assertEqual(bytearray(0), client_hello.session_id) self.assertEqual([CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV], \ client_hello.cipher_suites) self.assertEqual([0], client_hello.compression_methods)
def test_alignClientHelloPadding_length_less_than_256_bytes(self): clientHello = ClientHello() clientHello.create((3,0), bytearray(32), bytearray(0), []) clientHelloLength = len(clientHello.write()) self.assertTrue(clientHelloLength - 4 < 256) HandshakeHelpers.alignClientHelloPadding(clientHello) # clientHello should not be changed due to small length self.assertEqual(clientHelloLength, len(clientHello.write()))