def setUp(self):
self.srv_private_key = parsePEMKey(srv_raw_key, private=True)
srv_chain = X509CertChain([X509().parse(srv_raw_certificate)])
self.srv_pub_key = srv_chain.getEndEntityPublicKey()
self.cipher_suite = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
self.client_hello = ClientHello().create((3, 3),
bytearray(32),
bytearray(0),
[],
srpUsername='******')
self.server_hello = ServerHello().create((3, 3),
bytearray(32),
bytearray(0),
self.cipher_suite)
verifierDB = VerifierDB()
verifierDB.create()
entry = verifierDB.makeVerifier('user', 'password', 2048)
verifierDB['user'] = entry
self.keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
self.srv_private_key,
verifierDB)
def test_client_SRP_key_exchange_with_unknown_params(self):
keyExchange = ServerKeyExchange(self.cipher_suite,
self.server_hello.server_version)
keyExchange.createSRP(1, 2, 3, 4)
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******')
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_invalid_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
keyExchange.srp_B = keyExchange.srp_N
settings = HandshakeSettings()
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=settings)
with self.assertRaises(TLSIllegalParameterException):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_too_small_params(self):
keyExchange = self.keyExchange.makeServerKeyExchange('sha1')
settings = HandshakeSettings()
settings.minKeySize = 3072
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=settings)
with self.assertRaises(TLSInsufficientSecurity):
client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_SRP_key_exchange_with_client(self):
srv_key_ex = self.keyExchange.makeServerKeyExchange('sha1')
client_keyExchange = SRPKeyExchange(self.cipher_suite,
self.client_hello,
self.server_hello,
None, None,
srpUsername='******',
password='******',
settings=HandshakeSettings())
client_premaster = client_keyExchange.processServerKeyExchange(\
None,
srv_key_ex)
clientKeyExchange = client_keyExchange.makeClientKeyExchange()
server_premaster = self.keyExchange.processClientKeyExchange(\
clientKeyExchange)
self.assertEqual(client_premaster, server_premaster)
