def test_process_with_ssl2(self): exp = ExpectFinished((2, 0)) state = ConnectionState() state.msg_sock = mock.MagicMock() msg = ServerFinished().create(bytearray(range(12))) exp.process(state, msg)
def test_process_with_bad_extension(self): exps = {ExtensionType.renegotiation_info: None, ExtensionType.alpn: 'BAD_EXTENSION' } exp = ExpectServerHello(extensions=exps) state = ConnectionState() client_hello = ClientHello() client_hello.cipher_suites = [4] state.handshake_messages.append(client_hello) state.msg_sock = mock.MagicMock() exts = [] exts.append(RenegotiationInfoExtension().create(None)) exts.append(ALPNExtension().create([bytearray(b'http/1.1')])) msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=exts) self.assertTrue(exp.is_match(msg)) with self.assertRaises(ValueError): exp.process(state, msg)
def test_process(self): state = ConnectionState() state.msg_sock = mock.MagicMock() close = Close() close.process(state) state.msg_sock.sock.close.called_once_with()
def test_process(self): state = ConnectionState() state.msg_sock = mock.MagicMock() exp = ExpectCertificate() msg = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) exp.process(state, msg)
def test_process_with_size(self): node = SetMaxRecordSize(2048) state = ConnectionState() state.msg_sock = mock.MagicMock() node.process(state) self.assertEqual(2048, state.msg_sock.recordSize)
def test_process(self): node = SetMaxRecordSize() state = ConnectionState() state.msg_sock = mock.MagicMock() state.msg_sock.recordSize = 1024 node.process(state) self.assertEqual(2**14, state.msg_sock.recordSize)
def test_generate_with_export_cipher(self): cmk = ClientMasterKeyGenerator( cipher=constants.CipherSuite.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5) state = ConnectionState() state.msg_sock = mock.MagicMock() state.get_server_public_key = mock.MagicMock() ret = cmk.generate(state) self.assertEqual(len(ret.clear_key), 11)
def test_post_send(self): ccsg = ChangeCipherSpecGenerator() ccsg.generate(None) state = ConnectionState() state.msg_sock = mock.MagicMock() ccsg.post_send(state) self.assertTrue(state.msg_sock.calcPendingStates.called) self.assertTrue(state.msg_sock.changeWriteState.called)
def test_process(self): exp = ExpectChangeCipherSpec() state = ConnectionState() state.msg_sock = mock.MagicMock() msg = Message(ContentType.change_cipher_spec, bytearray(1)) exp.process(state, msg) state.msg_sock.changeReadState.assert_called_once_with()
def test_generate_with_des_cipher(self): cmk = ClientMasterKeyGenerator( cipher=constants.CipherSuite.SSL_CK_DES_64_CBC_WITH_MD5) state = ConnectionState() state.msg_sock = mock.MagicMock() state.get_server_public_key = mock.MagicMock() ret = cmk.generate(state) self.assertEqual(ret.encrypted_key, state.get_server_public_key().encrypt())
def test_generate_with_ssl2(self): fg = FinishedGenerator((0, 2)) state = ConnectionState() state.msg_sock = mock.MagicMock() state.session_id = bytearray(b'abba') ret = fg.generate(state) self.assertEqual(ret.verify_data, bytearray(b'abba')) state.msg_sock.changeWriteState.assert_called_once_with() state.msg_sock.changeReadState.assert_called_once_with()
def test_process(self): exp = ExpectCertificateStatus() state = ConnectionState() state.msg_sock = mock.MagicMock() msg = CertificateStatus().create(CertificateStatusType.ocsp, bytearray(10)) self.assertTrue(exp.is_match(msg)) exp.process(state, msg)
def test_process(self): exp = ExpectServerHello2() state = ConnectionState() state.msg_sock = mock.MagicMock() msg = ServerHello2() msg.session_id_hit = 1 msg.session_id = bytearray(b'\x12') msg.certificate = X509().parse(srv_raw_certificate).writeBytes() ret = exp.process(state, msg) self.assertEqual(state.session_id, msg.session_id)
def test_post_send_with_extended_master_secret(self): ccsg = ChangeCipherSpecGenerator() ccsg.generate(None) state = ConnectionState() state.extended_master_secret = True state.msg_sock = mock.MagicMock() with mock.patch('tlsfuzzer.messages.calcExtendedMasterSecret') as mthd: mthd.return_value = bytearray(48) ccsg.post_send(state) mthd.assert_called_once_with(state.version, state.cipher, state.premaster_secret, state.handshake_hashes) self.assertTrue(state.msg_sock.calcPendingStates.called) self.assertTrue(state.msg_sock.changeWriteState.called)
def test_generate(self): cmk = ClientMasterKeyGenerator( cipher=constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5) state = ConnectionState() state.msg_sock = mock.MagicMock() state.get_server_public_key = mock.MagicMock() ret = cmk.generate(state) self.assertEqual(ret.cipher, constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5) self.assertEqual(ret.clear_key, bytearray(0)) self.assertEqual(ret.encrypted_key, state.get_server_public_key().encrypt()) self.assertEqual(ret.key_argument, state.msg_sock.calcSSL2PendingStates())
def test_generate_with_session_key(self): cmk = ClientMasterKeyGenerator( cipher=constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5) state = ConnectionState() state.msg_sock = mock.MagicMock() state.get_server_public_key = mock.MagicMock() state.master_secret = bytearray(range(32)) ret = cmk.generate(state) state.msg_sock.calcSSL2PendingStates.assert_called_once_with( constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5, bytearray(range(32)), bytearray(0), bytearray(0), None)
def test_process_with_incorrect_cipher(self): exp = ExpectServerHello(cipher=5) state = ConnectionState() state.msg_sock = mock.MagicMock() ext = RenegotiationInfoExtension().create() msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4) self.assertTrue(exp.is_match(msg)) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_process_with_incorrect_version(self): extension_process = mock.MagicMock() exp = ExpectServerHello(version=(3, 3)) state = ConnectionState() state.msg_sock = mock.MagicMock() ext = RenegotiationInfoExtension().create() msg = ServerHello().create(version=(3, 2), random=bytearray(32), session_id=bytearray(0), cipher_suite=4) self.assertTrue(exp.is_match(msg)) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_process_with_extended_master_secret(self): exp = ExpectServerHello( extensions={ExtensionType.extended_master_secret:None}) state = ConnectionState() state.msg_sock = mock.MagicMock() self.assertFalse(state.extended_master_secret) ext = TLSExtension(extType=ExtensionType.extended_master_secret) msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=[ext]) self.assertTrue(exp.is_match(msg)) exp.process(state, msg) self.assertTrue(state.extended_master_secret)
def test_process_with_resumption(self): exp = ExpectChangeCipherSpec() state = ConnectionState() state.msg_sock = mock.MagicMock() state.resuming = True state.cipher = mock.Mock(name="cipher") state.master_secret = mock.Mock(name="master_secret") state.client_random = mock.Mock(name="client_random") state.server_random = mock.Mock(name="server_random") msg = Message(ContentType.change_cipher_spec, bytearray(1)) exp.process(state, msg) state.msg_sock.calcPendingStates.assert_called_once_with( state.cipher, state.master_secret, state.client_random, state.server_random, None) state.msg_sock.changeReadState.assert_called_once_with()
def test_process_with_udefined_cipher(self): exp = ExpectServerHello() state = ConnectionState() client_hello = ClientHello() client_hello.cipher_suites = [4] state.handshake_messages.append(client_hello) state.msg_sock = mock.MagicMock() ext = RenegotiationInfoExtension().create(None) msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=0xfff0) self.assertTrue(exp.is_match(msg)) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_process_with_extended_master_secret(self): exp = ExpectServerHello( extensions={ExtensionType.extended_master_secret: None}) state = ConnectionState() state.msg_sock = mock.MagicMock() self.assertFalse(state.extended_master_secret) ext = TLSExtension(extType=ExtensionType.extended_master_secret) msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=[ext]) self.assertTrue(exp.is_match(msg)) exp.process(state, msg) self.assertTrue(state.extended_master_secret)
def test_process_with_mandatory_resumption_but_wrong_id(self): exp = ExpectServerHello(resume=True) state = ConnectionState() state.msg_sock = mock.MagicMock() state.session_id = bytearray(b'\xaa\xaa\xaa') state.cipher = 4 self.assertFalse(state.resuming) msg = ServerHello() msg.create(version=(3, 3), random=bytearray(32), session_id=bytearray(b'\xbb\xbb\xbb'), cipher_suite=4) self.assertTrue(exp.is_match(msg)) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_process_with_unexpected_extensions(self): exp = ExpectServerHello( extensions={ExtensionType.renegotiation_info: None}) state = ConnectionState() state.msg_sock = mock.MagicMock() exts = [] exts.append(RenegotiationInfoExtension().create()) exts.append(SNIExtension().create()) msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=exts) self.assertTrue(exp.is_match(msg)) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_process_with_unexpected_extensions(self): exp = ExpectServerHello(extensions={ExtensionType.renegotiation_info: None}) state = ConnectionState() state.msg_sock = mock.MagicMock() exts = [] exts.append(RenegotiationInfoExtension().create()) exts.append(SNIExtension().create()) msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=exts) self.assertTrue(exp.is_match(msg)) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_process_with_resumption(self): exp = ExpectServerHello() state = ConnectionState() state.msg_sock = mock.MagicMock() state.session_id = bytearray(b'\xaa\xaa\xaa') state.cipher = 4 self.assertFalse(state.resuming) msg = ServerHello() msg.create(version=(3, 3), random=bytearray(32), session_id=bytearray(b'\xaa\xaa\xaa'), cipher_suite=4) self.assertTrue(exp.is_match(msg)) exp.process(state, msg) self.assertTrue(state.resuming)
def test_process_with_extensions(self): extension_process = mock.MagicMock() exp = ExpectServerHello( extensions={ExtensionType.renegotiation_info: extension_process}) state = ConnectionState() state.msg_sock = mock.MagicMock() ext = RenegotiationInfoExtension().create() msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=[ext]) self.assertTrue(exp.is_match(msg)) exp.process(state, msg) extension_process.assert_called_once_with(state, ext)
def test_process_with_extensions(self): extension_process = mock.MagicMock() exp = ExpectServerHello(extensions={ExtensionType.renegotiation_info: extension_process}) state = ConnectionState() state.msg_sock = mock.MagicMock() ext = RenegotiationInfoExtension().create() msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=[ext]) self.assertTrue(exp.is_match(msg)) exp.process(state, msg) extension_process.assert_called_once_with(state, ext)
def test_process_with_matching_extension(self): exps = { ExtensionType.renegotiation_info: None, ExtensionType.alpn: ALPNExtension().create([bytearray(b'http/1.1')]) } exp = ExpectServerHello(extensions=exps) state = ConnectionState() state.msg_sock = mock.MagicMock() exts = [] exts.append(RenegotiationInfoExtension().create(None)) exts.append(ALPNExtension().create([bytearray(b'http/1.1')])) msg = ServerHello().create(version=(3, 3), random=bytearray(32), session_id=bytearray(0), cipher_suite=4, extensions=exts) self.assertTrue(exp.is_match(msg)) exp.process(state, msg) self.assertIsInstance(state.handshake_messages[0], ServerHello)
def test_process_with_mandatory_resumption(self): exp = ExpectServerHello(resume=True) state = ConnectionState() client_hello = ClientHello() client_hello.cipher_suites = [4] state.handshake_messages.append(client_hello) state.msg_sock = mock.MagicMock() state.session_id = bytearray(b'\xaa\xaa\xaa') state.cipher = 4 self.assertFalse(state.resuming) msg = ServerHello() msg.create(version=(3, 3), random=bytearray(32), session_id=bytearray(b'\xaa\xaa\xaa'), cipher_suite=4) self.assertTrue(exp.is_match(msg)) exp.process(state, msg) self.assertTrue(state.resuming)