def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
srpUsername='******')
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
verifierDB = VerifierDB()
verifierDB.create()
entry = verifierDB.makeVerifier('user', 'password', 2048)
verifierDB['user'] = entry
self.keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
verifierDB)
def test_client_SRP_key_exchange_with_unknown_params(self):
keyExchange = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
keyExchange.createSRP(1, 2, 3, 4)
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'))
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_unknown_params(self):
keyExchange = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
keyExchange.createSRP(1, 2, 3, 4)
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******')
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_invalid_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
keyExchange.srp_B = keyExchange.srp_N
settings = HandshakeSettings()
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'),
settings=settings)
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_small_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
settings = HandshakeSettings()
settings.minKeySize = 3072
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'),
settings=settings)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_invalid_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
keyExchange.srp_B = keyExchange.srp_N
settings = HandshakeSettings()
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=settings)
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_small_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
settings = HandshakeSettings()
settings.minKeySize = 3072
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=settings)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_big_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
settings = HandshakeSettings()
settings.minKeySize = 512
settings.maxKeySize = 1024
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=settings)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
srpUsername=bytearray(b'user')
)
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
verifierDB = VerifierDB()
verifierDB.create()
entry = verifierDB.makeVerifier('user', 'password', 2048)
verifierDB[b'user'] = entry
self.keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
verifierDB)
def test_SRP_key_exchange_with_client(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'),
settings=HandshakeSettings())
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
def test_SRP_key_exchange_with_client(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=HandshakeSettings())
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
class TestSRPKeyExchange(unittest.TestCase):
def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
srpUsername=bytearray(b'user')
)
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
verifierDB = VerifierDB()
verifierDB.create()
entry = verifierDB.makeVerifier('user', 'password', 2048)
verifierDB[b'user'] = entry
self.keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
verifierDB)
def test_SRP_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256')
KeyExchange.verifyServerKeyExchange(srv_key_ex,
self.srv_pub_key,
self.client_hello.random,
self.server_hello.random,
[(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)])
a = bytesToNumber(getRandomBytes(32))
A = powMod(srv_key_ex.srp_g,
a,
srv_key_ex.srp_N)
x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
v = powMod(srv_key_ex.srp_g,
x,
srv_key_ex.srp_N)
u = makeU(srv_key_ex.srp_N,
A,
srv_key_ex.srp_B)
k = makeK(srv_key_ex.srp_N,
srv_key_ex.srp_g)
S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
a+(u*x),
srv_key_ex.srp_N)
cln_premaster = numberToByteArray(S)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_SRP_key_exchange_without_signature(self):
self.cipher_suite = CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA
self.keyExchange.cipherSuite = self.cipher_suite
self.server_hello.cipher_suite = self.cipher_suite
srv_key_ex = self.keyExchange.makeServerKeyExchange()
a = bytesToNumber(getRandomBytes(32))
A = powMod(srv_key_ex.srp_g,
a,
srv_key_ex.srp_N)
x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
v = powMod(srv_key_ex.srp_g,
x,
srv_key_ex.srp_N)
u = makeU(srv_key_ex.srp_N,
A,
srv_key_ex.srp_B)
k = makeK(srv_key_ex.srp_N,
srv_key_ex.srp_g)
S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
a+(u*x),
srv_key_ex.srp_N)
cln_premaster = numberToByteArray(S)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_SRP_init_with_invalid_name(self):
with self.assertRaises(TypeError):
SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password=bytearray(b'password'),
settings=HandshakeSettings())
def test_SRP_init_with_invalid_password(self):
with self.assertRaises(TypeError):
SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password='******',
settings=HandshakeSettings())
def test_SRP_with_invalid_name(self):
self.client_hello.srp_username = bytearray(b'test')
with self.assertRaises(TLSUnknownPSKIdentity):
self.keyExchange.makeServerKeyExchange('sha1')
def test_SRP_with_invalid_client_key_share(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
A = srv_key_ex.srp_N
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
with self.assertRaises(TLSIllegalParameterException):
self.keyExchange.processClientKeyExchange(cln_key_ex)
def test_SRP_key_exchange_with_client(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'),
settings=HandshakeSettings())
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
def test_client_SRP_key_exchange_with_unknown_params(self):
keyExchange = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
keyExchange.createSRP(1, 2, 3, 4)
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'))
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_small_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
settings = HandshakeSettings()
settings.minKeySize = 3072
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'),
settings=settings)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_big_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
settings = HandshakeSettings()
settings.minKeySize = 512
settings.maxKeySize = 1024
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'),
settings=settings)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_invalid_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
keyExchange.srp_B = keyExchange.srp_N
settings = HandshakeSettings()
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername=bytearray(b'user'),
password=bytearray(b'password'),
settings=settings)
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, keyExchange)
class TestSRPKeyExchange(unittest.TestCase):
def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
srpUsername='******')
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
verifierDB = VerifierDB()
verifierDB.create()
entry = verifierDB.makeVerifier('user', 'password', 2048)
verifierDB['user'] = entry
self.keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
verifierDB)
def test_SRP_key_exchange(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha256')
KeyExchange.verifyServerKeyExchange(srv_key_ex,
self.srv_pub_key,
self.client_hello.random,
self.server_hello.random,
[(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)])
a = bytesToNumber(getRandomBytes(32))
A = powMod(srv_key_ex.srp_g,
a,
srv_key_ex.srp_N)
x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
v = powMod(srv_key_ex.srp_g,
x,
srv_key_ex.srp_N)
u = makeU(srv_key_ex.srp_N,
A,
srv_key_ex.srp_B)
k = makeK(srv_key_ex.srp_N,
srv_key_ex.srp_g)
S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
a+(u*x),
srv_key_ex.srp_N)
cln_premaster = numberToByteArray(S)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_SRP_key_exchange_without_signature(self):
self.cipher_suite = CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA
self.keyExchange.cipherSuite = self.cipher_suite
self.server_hello.cipher_suite = self.cipher_suite
srv_key_ex = self.keyExchange.makeServerKeyExchange()
a = bytesToNumber(getRandomBytes(32))
A = powMod(srv_key_ex.srp_g,
a,
srv_key_ex.srp_N)
x = makeX(srv_key_ex.srp_s, bytearray(b'user'), bytearray(b'password'))
v = powMod(srv_key_ex.srp_g,
x,
srv_key_ex.srp_N)
u = makeU(srv_key_ex.srp_N,
A,
srv_key_ex.srp_B)
k = makeK(srv_key_ex.srp_N,
srv_key_ex.srp_g)
S = powMod((srv_key_ex.srp_B - (k*v)) % srv_key_ex.srp_N,
a+(u*x),
srv_key_ex.srp_N)
cln_premaster = numberToByteArray(S)
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
srv_premaster = self.keyExchange.processClientKeyExchange(cln_key_ex)
self.assertEqual(cln_premaster, srv_premaster)
def test_SRP_with_invalid_name(self):
self.client_hello.srp_username = bytearray(b'test')
with self.assertRaises(TLSUnknownPSKIdentity):
self.keyExchange.makeServerKeyExchange('sha1')
def test_SRP_with_invalid_client_key_share(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
A = srv_key_ex.srp_N
cln_key_ex = ClientKeyExchange(self.cipher_suite, (3, 3)).createSRP(A)
with self.assertRaises(TLSIllegalParameterException):
self.keyExchange.processClientKeyExchange(cln_key_ex)
def test_SRP_key_exchange_with_client(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=HandshakeSettings())
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
def test_client_SRP_key_exchange_with_unknown_params(self):
keyExchange = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
keyExchange.createSRP(1, 2, 3, 4)
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******')
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_small_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
settings = HandshakeSettings()
settings.minKeySize = 3072
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=settings)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_big_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
settings = HandshakeSettings()
settings.minKeySize = 512
settings.maxKeySize = 1024
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=settings)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_invalid_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
keyExchange.srp_B = keyExchange.srp_N
settings = HandshakeSettings()
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=settings)
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, keyExchange)
