def test_with_TLS1_2_and_no_overlap(self): certificate_request = CertificateRequest((3, 3)) certificate_request.create([CertificateType.x509], [], [(HashAlgorithm.sha256, SignatureAlgorithm.rsa), (HashAlgorithm.sha224, SignatureAlgorithm.rsa)]) certVerify = KeyExchange.makeCertificateVerify((3, 3), self.handshake_hashes, [(HashAlgorithm.sha1, SignatureAlgorithm.rsa), (HashAlgorithm.sha512, SignatureAlgorithm.rsa)], self.clnt_private_key, certificate_request, None, None, None) self.assertIsNotNone(certVerify) self.assertEqual(certVerify.version, (3, 3)) # when there's no overlap, we select the most wanted from our side self.assertEqual(certVerify.signatureAlgorithm, (HashAlgorithm.sha1, SignatureAlgorithm.rsa)) self.assertEqual(certVerify.signature, bytearray( b'.\x03\xa2\xf0\xa0\xfb\xbeUs\xdb\x9b\xea\xcc(\xa6:l\x84\x8e\x13' b'\xa1\xaa\xdb1P\xe9\x06\x876\xbe+\xe92\x89\xaa\xa5EU\x07\x9a\xde' b'\xd37\xafGCR\xdam\xa2v\xde\xceeFI\x80:ZtL\x96\xafZ\xe2\xe2\xce/' b'\x9f\x82\xfe\xdb*\x94\xa8\xbd\xd9Hl\xdc\xc8\xbf\x9b=o\xda\x06' b'\xfa\x9e\xbfB+05\xc6\xda\xdf\x05\xf2m[\x18\x11\xaf\x184\x12\x9d' b'\xb4:\x9b\xc1U\x1c\xba\xa3\x05\xceOn\x0fY\xcaK*\x0b\x04\xa5' ))
def test_process(self): exp = ExpectCertificateRequest() state = ConnectionState() msg = CertificateRequest((3, 3)) msg.create([ClientCertificateType.rsa_sign, ClientCertificateType.rsa_fixed_dh], [], [(HashAlgorithm.sha1, SignatureAlgorithm.rsa), (HashAlgorithm.sha256, SignatureAlgorithm.rsa), (HashAlgorithm.sha384, SignatureAlgorithm.rsa)]) msg = Message(ContentType.handshake, msg.write()) exp.process(state, msg)
def parse(self, parser): """Parse a handshake message.""" hs_type = parser.get(1) if hs_type == HandshakeType.server_hello: msg = ServerHello().parse(parser) self.version = msg.server_version self.cipher_suite = msg.cipher_suite self.certificate_type = msg.certificate_type return msg elif hs_type == HandshakeType.certificate: msg = Certificate(self.certificate_type) elif hs_type == HandshakeType.server_key_exchange: msg = ServerKeyExchange(self.cipher_suite, self.version) elif hs_type == HandshakeType.certificate_request: msg = CertificateRequest(self.version) elif hs_type == HandshakeType.next_protocol: msg = NextProtocol().parse(parser) elif hs_type == HandshakeType.server_hello_done: msg = ServerHelloDone() elif hs_type == HandshakeType.session_ticket: msg = NewSessionTicket() elif hs_type == HandshakeType.certificate_status: msg = CertificateStatus() else: raise ValueError("Unknown handshake type: {0}".format(hs_type)) # don't abort when we can't parse a message, save it as unparsed try: msg.parse(parser) except SyntaxError: msg = Message(ContentType.handshake, parser.bytes) return msg
def process(state, msg): """ Check received Certificate Request @type state: ConnectionState """ assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == HandshakeType.certificate_request cert_request = CertificateRequest(state.version) cert_request.parse(parser) state.handshake_messages.append(cert_request) state.handshake_hashes.update(msg.write())
def process(self, state, msg): """ Check received Certificate Request @type state: ConnectionState """ assert msg.contentType == ContentType.handshake parser = Parser(msg.write()) hs_type = parser.get(1) assert hs_type == HandshakeType.certificate_request cert_request = CertificateRequest(state.version) cert_request.parse(parser) if self.sig_algs is not None and \ cert_request.supported_signature_algs != self.sig_algs: raise AssertionError("Unexpected algorithms found: {0}".format( cert_request.supported_signature_algs)) state.handshake_messages.append(cert_request) state.handshake_hashes.update(msg.write())
def test_with_TLS1_1(self): certificate_request = CertificateRequest((3, 2)) certificate_request.create([CertificateType.x509], [], None) certVerify = KeyExchange.makeCertificateVerify((3, 2), self.handshake_hashes, None, self.clnt_private_key, certificate_request, None, None, None) self.assertIsNotNone(certVerify) self.assertEqual(certVerify.version, (3, 2)) self.assertIsNone(certVerify.signatureAlgorithm) self.assertEqual(certVerify.signature, bytearray( b'=X\x14\xf3\r6\x0b\x84\xde&J\x15\xa02M\xc8\xf1?\xa0\x10U\x1e\x0b' b'\x95^\xa19\x14\xf5\xf1$\xe3U[\xb4/\xe7AY(\xee]\xff\x97H\xb8\xa9' b'\x8b\x96n\xa6\xf5\x0f\xffd\r\x08/Hs6`wi8\xc4\x02\xa4}a\xcbS\x99' b'\x01;\x0e\x88oj\x9a\x02\x98Y\xb5\x00$f@>\xd8\x0cS\x95\xa8\x9e' b'\x14uU\\Z\xd0.\xe7\x01_y\x1d\xea\xad\x1b\xf8c\xa6\xc9@\xc6\x90' b'\x19~&\xd9\xaa\xc2\t,s\xde\xb1' ))
def test_process(self): exp = ExpectCertificateRequest() state = ConnectionState() msg = CertificateRequest((3, 3)) msg.create([ ClientCertificateType.rsa_sign, ClientCertificateType.rsa_fixed_dh ], [], [(HashAlgorithm.sha1, SignatureAlgorithm.rsa), (HashAlgorithm.sha256, SignatureAlgorithm.rsa), (HashAlgorithm.sha384, SignatureAlgorithm.rsa)]) msg = Message(ContentType.handshake, msg.write()) exp.process(state, msg)
def test_sig_algs_mismatched(self): sig_algs = [(HashAlgorithm.sha1, SignatureAlgorithm.rsa), (HashAlgorithm.sha256, SignatureAlgorithm.rsa), (HashAlgorithm.sha384, SignatureAlgorithm.rsa)] exp = ExpectCertificateRequest(sig_algs=sig_algs[0:0]) state = ConnectionState() msg = CertificateRequest((3, 3)) msg.create([ ClientCertificateType.rsa_sign, ClientCertificateType.rsa_fixed_dh ], [], sig_algs) msg = Message(ContentType.handshake, msg.write()) with self.assertRaises(AssertionError): exp.process(state, msg)