def test_pull_client_hello_with_psk(self):
buf = Buffer(data=load("tls_client_hello_with_psk.bin"))
hello = pull_client_hello(buf)
self.assertEqual(hello.early_data, True)
self.assertEqual(
hello.pre_shared_key,
tls.OfferedPsks(
identities=[
(
binascii.unhexlify(
"fab3dc7d79f35ea53e9adf21150e601591a750b80cde0cd167fef6e0cdbc032a"
"c4161fc5c5b66679de49524bd5624c50d71ba3e650780a4bfe402d6a06a00525"
"0b5dc52085233b69d0dd13924cc5c713a396784ecafc59f5ea73c1585d79621b"
"8a94e4f2291b17427d5185abf4a994fca74ee7a7f993a950c71003fc7cf8"
),
2067156378,
)
],
binders=[
binascii.unhexlify(
"1788ad43fdff37cfc628f24b6ce7c8c76180705380da17da32811b5bae4e78"
"d7aaaf65a9b713872f2bb28818ca1a6b01"
)
],
),
)
self.assertTrue(buf.eof())
# serialize
buf = Buffer(1000)
push_client_hello(buf, hello)
self.assertEqual(buf.data, load("tls_client_hello_with_psk.bin"))
def test_push_client_hello(self):
hello = ClientHello(
random=binascii.unhexlify(
"18b2b23bf3e44b5d52ccfe7aecbc5ff14eadc3d349fabf804d71f165ae76e7d5"
),
session_id=binascii.unhexlify(
"9aee82a2d186c1cb32a329d9dcfe004a1a438ad0485a53c6bfcf55c132a23235"
),
cipher_suites=[
tls.CipherSuite.AES_256_GCM_SHA384,
tls.CipherSuite.AES_128_GCM_SHA256,
tls.CipherSuite.CHACHA20_POLY1305_SHA256,
],
compression_methods=[tls.CompressionMethod.NULL],
key_share=[
(
tls.Group.SECP256R1,
binascii.unhexlify(
"047bfea344467535054263b75def60cffa82405a211b68d1eb8d1d944e67aef8"
"93c7665a5473d032cfaf22a73da28eb4aacae0017ed12557b5791f98a1e84f15"
"b0"
),
)
],
psk_key_exchange_modes=[tls.PskKeyExchangeMode.PSK_DHE_KE],
signature_algorithms=[
tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA256,
tls.SignatureAlgorithm.ECDSA_SECP256R1_SHA256,
tls.SignatureAlgorithm.RSA_PKCS1_SHA256,
tls.SignatureAlgorithm.RSA_PKCS1_SHA1,
],
supported_groups=[tls.Group.SECP256R1],
supported_versions=[
tls.TLS_VERSION_1_3,
tls.TLS_VERSION_1_3_DRAFT_28,
tls.TLS_VERSION_1_3_DRAFT_27,
tls.TLS_VERSION_1_3_DRAFT_26,
],
other_extensions=[
(
tls.ExtensionType.QUIC_TRANSPORT_PARAMETERS,
CLIENT_QUIC_TRANSPORT_PARAMETERS,
)
],
)
buf = Buffer(1000)
push_client_hello(buf, hello)
self.assertEqual(buf.data, load("tls_client_hello.bin"))
def test_pull_client_hello_with_sni(self):
buf = Buffer(data=load("tls_client_hello_with_sni.bin"))
hello = pull_client_hello(buf)
self.assertTrue(buf.eof())
self.assertEqual(
hello.random,
binascii.unhexlify(
"987d8934140b0a42cc5545071f3f9f7f61963d7b6404eb674c8dbe513604346b"
),
)
self.assertEqual(
hello.session_id,
binascii.unhexlify(
"26b19bdd30dbf751015a3a16e13bd59002dfe420b799d2a5cd5e11b8fa7bcb66"
),
)
self.assertEqual(
hello.cipher_suites,
[
tls.CipherSuite.AES_256_GCM_SHA384,
tls.CipherSuite.AES_128_GCM_SHA256,
tls.CipherSuite.CHACHA20_POLY1305_SHA256,
],
)
self.assertEqual(hello.compression_methods, [tls.CompressionMethod.NULL])
# extensions
self.assertEqual(hello.alpn_protocols, None)
self.assertEqual(
hello.key_share,
[
(
tls.Group.SECP256R1,
binascii.unhexlify(
"04b62d70f907c814cd65d0f73b8b991f06b70c77153f548410a191d2b19764a2"
"ecc06065a480efa9e1f10c8da6e737d5bfc04be3f773e20a0c997f51b5621280"
"40"
),
)
],
)
self.assertEqual(
hello.psk_key_exchange_modes, [tls.PskKeyExchangeMode.PSK_DHE_KE]
)
self.assertEqual(hello.server_name, "cloudflare-quic.com")
self.assertEqual(
hello.signature_algorithms,
[
tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA256,
tls.SignatureAlgorithm.ECDSA_SECP256R1_SHA256,
tls.SignatureAlgorithm.RSA_PKCS1_SHA256,
tls.SignatureAlgorithm.RSA_PKCS1_SHA1,
],
)
self.assertEqual(hello.supported_groups, [tls.Group.SECP256R1])
self.assertEqual(
hello.supported_versions,
[
tls.TLS_VERSION_1_3,
tls.TLS_VERSION_1_3_DRAFT_28,
tls.TLS_VERSION_1_3_DRAFT_27,
tls.TLS_VERSION_1_3_DRAFT_26,
],
)
self.assertEqual(
hello.other_extensions,
[
(
tls.ExtensionType.QUIC_TRANSPORT_PARAMETERS,
CLIENT_QUIC_TRANSPORT_PARAMETERS,
)
],
)
# serialize
buf = Buffer(1000)
push_client_hello(buf, hello)
self.assertEqual(buf.data, load("tls_client_hello_with_sni.bin"))
def test_pull_client_hello_with_alpn(self):
buf = Buffer(data=load("tls_client_hello_with_alpn.bin"))
hello = pull_client_hello(buf)
self.assertTrue(buf.eof())
self.assertEqual(
hello.random,
binascii.unhexlify(
"ed575c6fbd599c4dfaabd003dca6e860ccdb0e1782c1af02e57bf27cb6479b76"
),
)
self.assertEqual(hello.session_id, b"")
self.assertEqual(
hello.cipher_suites,
[
tls.CipherSuite.AES_128_GCM_SHA256,
tls.CipherSuite.AES_256_GCM_SHA384,
tls.CipherSuite.CHACHA20_POLY1305_SHA256,
tls.CipherSuite.EMPTY_RENEGOTIATION_INFO_SCSV,
],
)
self.assertEqual(hello.compression_methods, [tls.CompressionMethod.NULL])
# extensions
self.assertEqual(hello.alpn_protocols, ["h3-19"])
self.assertEqual(hello.early_data, False)
self.assertEqual(
hello.key_share,
[
(
tls.Group.SECP256R1,
binascii.unhexlify(
"048842315c437bb0ce2929c816fee4e942ec5cb6db6a6b9bf622680188ebb0d4"
"b652e69033f71686aa01cbc79155866e264c9f33f45aa16b0dfa10a222e3a669"
"22"
),
)
],
)
self.assertEqual(
hello.psk_key_exchange_modes, [tls.PskKeyExchangeMode.PSK_DHE_KE]
)
self.assertEqual(hello.server_name, "cloudflare-quic.com")
self.assertEqual(
hello.signature_algorithms,
[
tls.SignatureAlgorithm.ECDSA_SECP256R1_SHA256,
tls.SignatureAlgorithm.ECDSA_SECP384R1_SHA384,
tls.SignatureAlgorithm.ECDSA_SECP521R1_SHA512,
tls.SignatureAlgorithm.ED25519,
tls.SignatureAlgorithm.ED448,
tls.SignatureAlgorithm.RSA_PSS_PSS_SHA256,
tls.SignatureAlgorithm.RSA_PSS_PSS_SHA384,
tls.SignatureAlgorithm.RSA_PSS_PSS_SHA512,
tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA256,
tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA384,
tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA512,
tls.SignatureAlgorithm.RSA_PKCS1_SHA256,
tls.SignatureAlgorithm.RSA_PKCS1_SHA384,
tls.SignatureAlgorithm.RSA_PKCS1_SHA512,
],
)
self.assertEqual(
hello.supported_groups,
[
tls.Group.SECP256R1,
tls.Group.X25519,
tls.Group.SECP384R1,
tls.Group.SECP521R1,
],
)
self.assertEqual(hello.supported_versions, [tls.TLS_VERSION_1_3])
# serialize
buf = Buffer(1000)
push_client_hello(buf, hello)
self.assertEqual(len(buf.data), len(load("tls_client_hello_with_alpn.bin")))
