Exemplo n.º 1
0
    def test_padding_extension_with_hello_over_256(self):
        sock = self.prepare_mock_socket_with_handshake_failure()

        conn = TLSConnection(sock)
        # create hostname extension
        with self.assertRaises(TLSRemoteAlert):
            # use serverName with 252 bytes
            settings = HandshakeSettings()
            settings.maxVersion = (3, 3)
            settings.keyShares = []
            conn.handshakeClientCert(
                settings=settings,
                serverName='aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd.' +
                'eeeeeeeeeeffffffffffgggggggggghhhhhhhhhh.' +
                'iiiiiiiiiijjjjjjjjjjkkkkkkkkkkllllllllll.' +
                'mmmmmmmmmmnnnnnnnnnnoooooooooopppppppppp.' +
                'qqqqqqqqqqrrrrrrrrrrsssssssssstttttttttt.' +
                'uuuuuuuuuuvvvvvvvvvvwwwwwwwwwwxxxxxxxxxx.' + 'y.com')

        self.assertEqual(len(sock.sent), 1)
        # check for version and content type (handshake)
        self.assertEqual(sock.sent[0][0:3], bytearray(b'\x16' + b'\x03\x03'))
        # check for handshake message type (client_hello)
        self.assertEqual(sock.sent[0][5:6], bytearray(b'\x01'))
        self.assertEqual(sock.sent[0][5:9], bytearray(b'\x01\x00\x02\x00'))
        # 5 bytes is record layer header, 4 bytes is handshake protocol header
        self.assertEqual(len(sock.sent[0]) - 5 - 4, 512)
Exemplo n.º 2
0
    def test_minVersion_higher_than_maxVersion(self):
        hs = HandshakeSettings()
        hs.minVersion = (3, 3)
        hs.maxVersion = (3, 0)

        with self.assertRaises(ValueError):
            hs.validate()
Exemplo n.º 3
0
    def test_versions_and_maxVersion_mismatch(self):
        hs = HandshakeSettings()
        hs.maxVersion = (3, 3)
        hs = hs.validate()

        self.assertNotIn((3, 4), hs.versions)
        self.assertNotIn((0x7f, 21), hs.versions)
Exemplo n.º 4
0
 def test_no_signature_hashes_set_with_TLS1_1(self):
     hs = HandshakeSettings()
     hs.rsaSigHashes = []
     hs.dsaSigHashes = []
     hs.ecdsaSigHashes = []
     hs.maxVersion = (3, 2)
     self.assertIsNotNone(hs.validate())
Exemplo n.º 5
0
    def test_minVersion_higher_than_maxVersion(self):
        hs = HandshakeSettings()
        hs.minVersion = (3, 3)
        hs.maxVersion = (3, 0)

        with self.assertRaises(ValueError):
            hs.validate()
Exemplo n.º 6
0
 def test_getTLS13Suites(self):
     hs = HandshakeSettings()
     hs.maxVersion = (3, 4)
     self.assertEqual(CipherSuite.getTLS13Suites(hs),
                      [CipherSuite.TLS_AES_256_GCM_SHA384,
                       CipherSuite.TLS_AES_128_GCM_SHA256,
                       CipherSuite.TLS_CHACHA20_POLY1305_SHA256])
Exemplo n.º 7
0
 def test_getTLS13Suites(self):
     hs = HandshakeSettings()
     hs.maxVersion = (3, 4)
     self.assertEqual(CipherSuite.getTLS13Suites(hs),
                      [CipherSuite.TLS_AES_256_GCM_SHA384,
                       CipherSuite.TLS_AES_128_GCM_SHA256,
                       CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
                       CipherSuite.TLS_AES_128_CCM_SHA256])
Exemplo n.º 8
0
    def test_maxVersion_without_TLSv1_2(self):
        hs = HandshakeSettings()
        hs.maxVersion = (3, 2)

        self.assertTrue('sha256' in hs.macNames)

        new_hs = hs.validate()

        self.assertFalse("sha256" in new_hs.macNames)
Exemplo n.º 9
0
    def test_maxVersion_without_TLSv1_2(self):
        hs = HandshakeSettings()
        hs.maxVersion = (3, 2)

        self.assertTrue("sha256" in hs.macNames)

        new_hs = hs.validate()

        self.assertFalse("sha256" in new_hs.macNames)
Exemplo n.º 10
0
 def server_process(server):
     settings = HandshakeSettings()
     settings.maxVersion = (3, 3)
     server.handshakeServer(certChain=self.cert_chain,
                            privateKey=self.certKey)
     ret = server.read(min=len("client hello"))
     if ret != bytearray(b"client hello"):
         raise AssertionError("incorrect query")
     server.write(bytearray(b"Conn OK"))
     server.close()
Exemplo n.º 11
0
 def test_connection_no_rsa_pss(self):
     settings = HandshakeSettings()
     settings.maxVersion = (3, 3)
     # exclude pss as the keys in this module are too small for
     # the needed salt size for sha512 hash
     settings.rsaSchemes = ["pkcs1"]
     conn = TLSConnection(self.client_socket)
     conn.handshakeClientCert(serverName="localhost", settings=settings)
     self.assertIn(conn.session.cipherSuite, CipherSuite.aeadSuites)
     conn.write(bytearray(b"client hello"))
     ret = conn.read(min=len("Conn OK"))
     self.assertEqual(ret, bytearray(b"Conn OK"))
Exemplo n.º 12
0
    def test_maxVersion_with_unknown_version(self):
        hs = HandshakeSettings()
        hs.maxVersion = (3, 5)

        with self.assertRaises(ValueError):
            hs.validate()
Exemplo n.º 13
0
    def test_maxVersion_with_unknown_version(self):
        hs = HandshakeSettings()
        hs.maxVersion = (3, 4)

        with self.assertRaises(ValueError):
            hs.validate()
Exemplo n.º 14
0
 def test_no_signature_hashes_set_with_TLS1_1(self):
     hs = HandshakeSettings()
     hs.rsaSigHashes = []
     hs.maxVersion = (3, 2)
     self.assertIsNotNone(hs.validate())
Exemplo n.º 15
0
 def test_getTLS13Suites_with_TLS1_2(self):
     hs = HandshakeSettings()
     hs.maxVersion = (3, 4)
     self.assertEqual(CipherSuite.getTLS13Suites(hs, (3, 3)),
                      [])
Exemplo n.º 16
0
 def test_getTLS13Suites_with_TLS1_2(self):
     hs = HandshakeSettings()
     hs.maxVersion = (3, 4)
     self.assertEqual(CipherSuite.getTLS13Suites(hs, (3, 3)),
                      [])