def test_client_with_server_responing_with_SHA256_on_TLSv1_1(self): # socket to generate the faux response gen_sock = MockSocket(bytearray(0)) gen_record_layer = RecordLayer(gen_sock) gen_record_layer.version = (3, 2) server_hello = ServerHello().create( version=(3, 2), random=bytearray(32), session_id=bytearray(0), cipher_suite=CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256, certificate_type=None, tackExt=None, next_protos_advertised=None) for res in gen_record_layer.sendRecord(server_hello): if res in (0, 1): self.assertTrue(False, "Blocking socket") else: break # test proper sock = MockSocket(gen_sock.sent[0]) conn = TLSConnection(sock) with self.assertRaises(TLSLocalAlert) as err: conn.handshakeClientCert() self.assertEqual(err.exception.description, AlertDescription.illegal_parameter)
def test_padding_extension_with_hello_over_256(self): sock = self.prepare_mock_socket_with_handshake_failure() conn = TLSConnection(sock) # create hostname extension with self.assertRaises(TLSRemoteAlert): # use serverName with 252 bytes settings = HandshakeSettings() settings.maxVersion = (3, 3) settings.keyShares = [] conn.handshakeClientCert( settings=settings, serverName='aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd.' + 'eeeeeeeeeeffffffffffgggggggggghhhhhhhhhh.' + 'iiiiiiiiiijjjjjjjjjjkkkkkkkkkkllllllllll.' + 'mmmmmmmmmmnnnnnnnnnnoooooooooopppppppppp.' + 'qqqqqqqqqqrrrrrrrrrrsssssssssstttttttttt.' + 'uuuuuuuuuuvvvvvvvvvvwwwwwwwwwwxxxxxxxxxx.' + 'y.com') self.assertEqual(len(sock.sent), 1) # check for version and content type (handshake) self.assertEqual(sock.sent[0][0:3], bytearray(b'\x16' + b'\x03\x03')) # check for handshake message type (client_hello) self.assertEqual(sock.sent[0][5:6], bytearray(b'\x01')) self.assertEqual(sock.sent[0][5:9], bytearray(b'\x01\x00\x02\x00')) # 5 bytes is record layer header, 4 bytes is handshake protocol header self.assertEqual(len(sock.sent[0]) - 5 - 4, 512)
def test_client_with_server_responing_with_SHA256_on_TLSv1_1(self): # socket to generate the faux response gen_sock = MockSocket(bytearray(0)) gen_record_layer = RecordLayer(gen_sock) gen_record_layer.version = (3, 2) server_hello = ServerHello().create( version=(3, 2), random=bytearray(32), session_id=bytearray(0), cipher_suite=CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256, certificate_type=None, tackExt=None, next_protos_advertised=None, ) for res in gen_record_layer.sendRecord(server_hello): if res in (0, 1): self.assertTrue(False, "Blocking socket") else: break # test proper sock = MockSocket(gen_sock.sent[0]) conn = TLSConnection(sock) with self.assertRaises(TLSLocalAlert) as err: conn.handshakeClientCert() self.assertEqual(err.exception.description, AlertDescription.illegal_parameter)
def test_padding_extension_with_hello_over_256(self): sock = self.prepare_mock_socket_with_handshake_failure() conn = TLSConnection(sock) # create hostname extension with self.assertRaises(TLSRemoteAlert): # use serverName with 254 bytes conn.handshakeClientCert( serverName='aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd' + 'eeeeeeeeeeffffffffffgggggggggghhhhhhhhhh' + 'iiiiiiiiiijjjjjjjjjjkkkkkkkkkkllllllllll' + 'mmmmmmmmmmnnnnnnnnnnoooooooooopppppppppp' + 'qqqqqqqqqqrrrrrrrrrrsssssssssstttttttttt' + 'uuuuuuuuuuvvvvvvvvvvwwwwwwwwwwxxxxxxxxxx' + 'yyyyyyyyyy.com') self.assertEqual(len(sock.sent), 1) # check for version and content type (handshake) self.assertEqual(sock.sent[0][0:3], bytearray( b'\x16' + b'\x03\x03')) # check for handshake message type (client_hello) self.assertEqual(sock.sent[0][5:6], bytearray( b'\x01')) self.assertEqual(sock.sent[0][5:9], bytearray( b'\x01\x00\x02\x00')) # 5 bytes is record layer header, 4 bytes is handshake protocol header self.assertEqual(len(sock.sent[0]) - 5 - 4, 512)
def test_connection_no_rsa_pss(self): settings = HandshakeSettings() settings.maxVersion = (3, 3) # exclude pss as the keys in this module are too small for # the needed salt size for sha512 hash settings.rsaSchemes = ["pkcs1"] conn = TLSConnection(self.client_socket) conn.handshakeClientCert(serverName="localhost", settings=settings) self.assertIn(conn.session.cipherSuite, CipherSuite.aeadSuites) conn.write(bytearray(b"client hello")) ret = conn.read(min=len("Conn OK")) self.assertEqual(ret, bytearray(b"Conn OK"))
def test_client_with_server_responing_with_wrong_session_id_in_TLS1_3( self): # socket to generate the faux response gen_sock = MockSocket(bytearray(0)) gen_record_layer = RecordLayer(gen_sock) gen_record_layer.version = (3, 3) srv_ext = [] srv_ext.append(SrvSupportedVersionsExtension().create((3, 4))) srv_ext.append(ServerKeyShareExtension().create(KeyShareEntry().create( GroupName.secp256r1, bytearray(b'\x03' + b'\x01' * 32)))) server_hello = ServerHello().create( version=(3, 3), random=bytearray(32), session_id=bytearray(b"test"), cipher_suite=CipherSuite.TLS_AES_128_GCM_SHA256, certificate_type=None, tackExt=None, next_protos_advertised=None, extensions=srv_ext) for res in gen_record_layer.sendRecord(server_hello): if res in (0, 1): self.assertTrue(False, "Blocking socket") else: break # test proper sock = MockSocket(gen_sock.sent[0]) conn = TLSConnection(sock) with self.assertRaises(TLSLocalAlert) as err: conn.handshakeClientCert() self.assertEqual(err.exception.description, AlertDescription.illegal_parameter)