def test_pull_client_hello_with_psk(self): buf = Buffer(data=load("tls_client_hello_with_psk.bin")) hello = pull_client_hello(buf) self.assertEqual(hello.early_data, True) self.assertEqual( hello.pre_shared_key, tls.OfferedPsks( identities=[ ( binascii.unhexlify( "fab3dc7d79f35ea53e9adf21150e601591a750b80cde0cd167fef6e0cdbc032a" "c4161fc5c5b66679de49524bd5624c50d71ba3e650780a4bfe402d6a06a00525" "0b5dc52085233b69d0dd13924cc5c713a396784ecafc59f5ea73c1585d79621b" "8a94e4f2291b17427d5185abf4a994fca74ee7a7f993a950c71003fc7cf8" ), 2067156378, ) ], binders=[ binascii.unhexlify( "1788ad43fdff37cfc628f24b6ce7c8c76180705380da17da32811b5bae4e78" "d7aaaf65a9b713872f2bb28818ca1a6b01" ) ], ), ) self.assertTrue(buf.eof()) # serialize buf = Buffer(1000) push_client_hello(buf, hello) self.assertEqual(buf.data, load("tls_client_hello_with_psk.bin"))
def test_push_client_hello(self): hello = ClientHello( random=binascii.unhexlify( "18b2b23bf3e44b5d52ccfe7aecbc5ff14eadc3d349fabf804d71f165ae76e7d5" ), session_id=binascii.unhexlify( "9aee82a2d186c1cb32a329d9dcfe004a1a438ad0485a53c6bfcf55c132a23235" ), cipher_suites=[ tls.CipherSuite.AES_256_GCM_SHA384, tls.CipherSuite.AES_128_GCM_SHA256, tls.CipherSuite.CHACHA20_POLY1305_SHA256, ], compression_methods=[tls.CompressionMethod.NULL], key_share=[ ( tls.Group.SECP256R1, binascii.unhexlify( "047bfea344467535054263b75def60cffa82405a211b68d1eb8d1d944e67aef8" "93c7665a5473d032cfaf22a73da28eb4aacae0017ed12557b5791f98a1e84f15" "b0" ), ) ], psk_key_exchange_modes=[tls.PskKeyExchangeMode.PSK_DHE_KE], signature_algorithms=[ tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA256, tls.SignatureAlgorithm.ECDSA_SECP256R1_SHA256, tls.SignatureAlgorithm.RSA_PKCS1_SHA256, tls.SignatureAlgorithm.RSA_PKCS1_SHA1, ], supported_groups=[tls.Group.SECP256R1], supported_versions=[ tls.TLS_VERSION_1_3, tls.TLS_VERSION_1_3_DRAFT_28, tls.TLS_VERSION_1_3_DRAFT_27, tls.TLS_VERSION_1_3_DRAFT_26, ], other_extensions=[ ( tls.ExtensionType.QUIC_TRANSPORT_PARAMETERS, CLIENT_QUIC_TRANSPORT_PARAMETERS, ) ], ) buf = Buffer(1000) push_client_hello(buf, hello) self.assertEqual(buf.data, load("tls_client_hello.bin"))
def test_pull_client_hello_with_sni(self): buf = Buffer(data=load("tls_client_hello_with_sni.bin")) hello = pull_client_hello(buf) self.assertTrue(buf.eof()) self.assertEqual( hello.random, binascii.unhexlify( "987d8934140b0a42cc5545071f3f9f7f61963d7b6404eb674c8dbe513604346b" ), ) self.assertEqual( hello.session_id, binascii.unhexlify( "26b19bdd30dbf751015a3a16e13bd59002dfe420b799d2a5cd5e11b8fa7bcb66" ), ) self.assertEqual( hello.cipher_suites, [ tls.CipherSuite.AES_256_GCM_SHA384, tls.CipherSuite.AES_128_GCM_SHA256, tls.CipherSuite.CHACHA20_POLY1305_SHA256, ], ) self.assertEqual(hello.compression_methods, [tls.CompressionMethod.NULL]) # extensions self.assertEqual(hello.alpn_protocols, None) self.assertEqual( hello.key_share, [ ( tls.Group.SECP256R1, binascii.unhexlify( "04b62d70f907c814cd65d0f73b8b991f06b70c77153f548410a191d2b19764a2" "ecc06065a480efa9e1f10c8da6e737d5bfc04be3f773e20a0c997f51b5621280" "40" ), ) ], ) self.assertEqual( hello.psk_key_exchange_modes, [tls.PskKeyExchangeMode.PSK_DHE_KE] ) self.assertEqual(hello.server_name, "cloudflare-quic.com") self.assertEqual( hello.signature_algorithms, [ tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA256, tls.SignatureAlgorithm.ECDSA_SECP256R1_SHA256, tls.SignatureAlgorithm.RSA_PKCS1_SHA256, tls.SignatureAlgorithm.RSA_PKCS1_SHA1, ], ) self.assertEqual(hello.supported_groups, [tls.Group.SECP256R1]) self.assertEqual( hello.supported_versions, [ tls.TLS_VERSION_1_3, tls.TLS_VERSION_1_3_DRAFT_28, tls.TLS_VERSION_1_3_DRAFT_27, tls.TLS_VERSION_1_3_DRAFT_26, ], ) self.assertEqual( hello.other_extensions, [ ( tls.ExtensionType.QUIC_TRANSPORT_PARAMETERS, CLIENT_QUIC_TRANSPORT_PARAMETERS, ) ], ) # serialize buf = Buffer(1000) push_client_hello(buf, hello) self.assertEqual(buf.data, load("tls_client_hello_with_sni.bin"))
def test_pull_client_hello_with_alpn(self): buf = Buffer(data=load("tls_client_hello_with_alpn.bin")) hello = pull_client_hello(buf) self.assertTrue(buf.eof()) self.assertEqual( hello.random, binascii.unhexlify( "ed575c6fbd599c4dfaabd003dca6e860ccdb0e1782c1af02e57bf27cb6479b76" ), ) self.assertEqual(hello.session_id, b"") self.assertEqual( hello.cipher_suites, [ tls.CipherSuite.AES_128_GCM_SHA256, tls.CipherSuite.AES_256_GCM_SHA384, tls.CipherSuite.CHACHA20_POLY1305_SHA256, tls.CipherSuite.EMPTY_RENEGOTIATION_INFO_SCSV, ], ) self.assertEqual(hello.compression_methods, [tls.CompressionMethod.NULL]) # extensions self.assertEqual(hello.alpn_protocols, ["h3-19"]) self.assertEqual(hello.early_data, False) self.assertEqual( hello.key_share, [ ( tls.Group.SECP256R1, binascii.unhexlify( "048842315c437bb0ce2929c816fee4e942ec5cb6db6a6b9bf622680188ebb0d4" "b652e69033f71686aa01cbc79155866e264c9f33f45aa16b0dfa10a222e3a669" "22" ), ) ], ) self.assertEqual( hello.psk_key_exchange_modes, [tls.PskKeyExchangeMode.PSK_DHE_KE] ) self.assertEqual(hello.server_name, "cloudflare-quic.com") self.assertEqual( hello.signature_algorithms, [ tls.SignatureAlgorithm.ECDSA_SECP256R1_SHA256, tls.SignatureAlgorithm.ECDSA_SECP384R1_SHA384, tls.SignatureAlgorithm.ECDSA_SECP521R1_SHA512, tls.SignatureAlgorithm.ED25519, tls.SignatureAlgorithm.ED448, tls.SignatureAlgorithm.RSA_PSS_PSS_SHA256, tls.SignatureAlgorithm.RSA_PSS_PSS_SHA384, tls.SignatureAlgorithm.RSA_PSS_PSS_SHA512, tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA256, tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA384, tls.SignatureAlgorithm.RSA_PSS_RSAE_SHA512, tls.SignatureAlgorithm.RSA_PKCS1_SHA256, tls.SignatureAlgorithm.RSA_PKCS1_SHA384, tls.SignatureAlgorithm.RSA_PKCS1_SHA512, ], ) self.assertEqual( hello.supported_groups, [ tls.Group.SECP256R1, tls.Group.X25519, tls.Group.SECP384R1, tls.Group.SECP521R1, ], ) self.assertEqual(hello.supported_versions, [tls.TLS_VERSION_1_3]) # serialize buf = Buffer(1000) push_client_hello(buf, hello) self.assertEqual(len(buf.data), len(load("tls_client_hello_with_alpn.bin")))