def test_parse_with_name_length_short_by_one(self):
server_name = SNIExtension()
p = Parser(
bytearray(b'\x00\x1c' + # length of array - 28 bytes
b'\x0a' + # type of entry - unassigned (10)
b'\x00\x0a' + # length of name - 10 bytes (short by one)
# UTF-8 encoding of example.org
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x6f\x72\x67' +
b'\x00' + # type of entry - host_name (0)
b'\x00\x0b' + # length of name - 11 bytes
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'))
with self.assertRaises(SyntaxError):
server_name = server_name.parse(p)
server_name = SNIExtension()
p = Parser(
bytearray(b'\x00\x1c' + # length of array - 28 bytes
b'\x0a' + # type of entry - unassigned (10)
b'\x00\x0b' + # length of name - 11 bytes
# UTF-8 encoding of example.org
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x6f\x72\x67' +
b'\x00' + # type of entry - host_name (0)
b'\x00\x0a' + # length of name - 10 bytes (short by one)
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'))
with self.assertRaises(SyntaxError):
server_name = server_name.parse(p)
def test_write_with_multiple_hostnames(self):
server_name = SNIExtension()
server_name = server_name.create(
hostNames=[bytearray(b'example.com'),
bytearray(b'example.org')])
self.assertEqual(
bytearray(b'\x00\x1c' + # lenght of array - 28 bytes
b'\x00' + # type of element - host_name (0)
b'\x00\x0b' + # length of element - 11 bytes
# utf-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d' +
b'\x00' + # type of elemnt - host_name (0)
b'\x00\x0b' + # length of elemnet - 11 bytes
# utf-8 encoding of example.org
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x6f\x72\x67'),
server_name.extData)
self.assertEqual(
bytearray(b'\x00\x00' + # type of extension - SNI (0)
b'\x00\x1e' + # length of extension - 26 bytes
b'\x00\x1c' + # lenght of array - 24 bytes
b'\x00' + # type of element - host_name (0)
b'\x00\x0b' + # length of element - 11 bytes
# utf-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d' +
b'\x00' + # type of elemnt - host_name (0)
b'\x00\x0b' + # length of elemnet - 11 bytes
# utf-8 encoding of example.org
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x6f\x72\x67'),
server_name.write())
def tes_parse_with_invalid_data(self):
server_name = SNIExtension()
p = Parser(bytearray(b'\x00\x01'))
with self.assertRaises(SyntaxError):
server_name.parse(p)
def test_parse_with_SNI_extension(self):
p = Parser(
bytearray(
# we don't include the type of message as it is handled by the
# hello protocol parser
#b'x01' + # type of message - client_hello
b'\x00' * 2 + b'\x3c' + # length - 60 bytes
b'\x01\x01' + # protocol version - arbitrary (invalid)
b'\x00' * 32 + # client random
b'\x00' + # session ID length
b'\x00' * 2 + # cipher suites length
b'\x00' + # compression methods length
b'\x00\x14' + # extensions length - 20 bytes
b'\x00\x00' + # extension type - SNI (0)
b'\x00\x10' + # extension length - 16 bytes
b'\x00\x0e' + # length of array - 14 bytes
b'\x00' + # type of entry - host_name (0)
b'\x00\x0b' + # length of name - 11 bytes
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'))
client_hello = ClientHello()
client_hello = client_hello.parse(p)
self.assertEqual((1, 1), client_hello.client_version)
self.assertEqual(bytearray(32), client_hello.random)
self.assertEqual(bytearray(0), client_hello.session_id)
self.assertEqual([], client_hello.cipher_suites)
self.assertEqual([], client_hello.compression_methods)
self.assertEqual(bytearray(b'example.com'), client_hello.server_name)
sni = SNIExtension().create(bytearray(b'example.com'))
self.assertEqual([sni], client_hello.extensions)
def test_parse_with_multiple_hostNames(self):
server_name = SNIExtension()
p = Parser(
bytearray(b'\x00\x1c' + # length of array - 28 bytes
b'\x0a' + # type of entry - unassigned (10)
b'\x00\x0b' + # length of name - 11 bytes
# UTF-8 encoding of example.org
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x6f\x72\x67' +
b'\x00' + # type of entry - host_name (0)
b'\x00\x0b' + # length of name - 11 bytes
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'))
server_name = server_name.parse(p)
self.assertEqual(bytearray(b'example.com'), server_name.hostNames[0])
self.assertEqual(tuple([bytearray(b'example.com')]),
server_name.hostNames)
SN = SNIExtension.ServerName
self.assertEqual([
SN(10, bytearray(b'example.org')),
SN(0, bytearray(b'example.com'))
], server_name.serverNames)
def test_alignClientHelloPadding_length_of_512_bytes(self):
clientHello = ClientHello()
clientHello.create((3,0), bytearray(32), bytearray(0), [])
clientHello.extensions = []
ext = SNIExtension()
ext.create(hostNames=[
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccdddddddd'),
])
clientHello.extensions.append(ext)
clientHelloLength = len(clientHello.write())
self.assertEqual(512, clientHelloLength - 4)
HandshakeHelpers.alignClientHelloPadding(clientHello)
# clientHello should not be changed due to sufficient length (>=512)
self.assertEqual(clientHelloLength, len(clientHello.write()))
def test_alignClientHelloPadding_length_256_bytes(self):
clientHello = ClientHello()
clientHello.create((3,0), bytearray(32), bytearray(0), [])
clientHello.extensions = []
ext = SNIExtension()
ext.create(hostNames=[
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeee'),
])
clientHello.extensions.append(ext)
clientHelloLength = len(clientHello.write())
# clientHello length (excluding 4B header) should equal to 256
self.assertEqual(256, clientHelloLength - 4)
HandshakeHelpers.alignClientHelloPadding(clientHello)
# clientHello length (excluding 4B header) should equal to 512
data = clientHello.write()
self.assertEqual(512, len(data) - 4)
# previously created data should be extended with the padding extension
# starting with the padding extension type \x00\x15 (21)
self.assertEqual(bytearray(b'\x00\x15'), data[clientHelloLength:clientHelloLength+2])
def test_alignClientHelloPadding_length_of_511_bytes(self):
clientHello = ClientHello()
clientHello.create((3,0), bytearray(32), bytearray(0), [])
clientHello.extensions = []
ext = SNIExtension()
ext.create(hostNames=[
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee'),
bytearray(b'aaaaaaaaaabbbbbbbbbbccccccccccddddddd'),
])
clientHello.extensions.append(ext)
clientHelloLength = len(clientHello.write())
self.assertEqual(511, clientHelloLength - 4)
HandshakeHelpers.alignClientHelloPadding(clientHello)
# clientHello length should equal to 515, ignoring handshake
# protocol header (4B)
data = clientHello.write()
self.assertEqual(515, len(data) - 4)
# padding extension should have zero byte size
self.assertEqual(bytearray(b'\x00\x15\x00\x00'), data[clientHelloLength:])
def test_parse(self):
server_name = SNIExtension()
p = Parser(bytearray(0))
with self.assertRaises(SyntaxError):
server_name = server_name.parse(p)
def test___init__(self):
server_name = SNIExtension()
self.assertIsNone(server_name.serverNames)
self.assertEqual(tuple(), server_name.hostNames)
# properties inherited from TLSExtension:
self.assertEqual(0, server_name.extType)
self.assertEqual(bytearray(0), server_name.extData)
def test_write_of_empty_extension(self):
server_name = SNIExtension()
self.assertEqual(
bytearray(b'\x00\x00' + # type of extension - SNI (0)
b'\x00\x00' # length of extension - 0 bytes
),
server_name.write())
def test_parse_null_length_array(self):
server_name = SNIExtension()
p = Parser(bytearray(b'\x00\x00'))
server_name = server_name.parse(p)
self.assertEqual([], server_name.serverNames)
def test_parse_of_server_side_version(self):
server_name = SNIExtension()
p = Parser(bytearray(0))
server_name = server_name.parse(p)
self.assertIsNone(server_name.serverNames)
def test_create_with_hostname(self):
server_name = SNIExtension()
server_name = server_name.create(bytearray(b'example.com'))
self.assertEqual((bytearray(b'example.com'), ), server_name.hostNames)
self.assertEqual([
SNIExtension.ServerName(NameType.host_name,
bytearray(b'example.com'))
], server_name.serverNames)
def test_server_name_other_than_dns_name(self):
client_hello = ClientHello().create((3, 3), bytearray(1), bytearray(0),
[])
sni_ext = SNIExtension().create(serverNames=[\
SNIExtension.ServerName(1, b'test')])
client_hello.extensions = [sni_ext]
self.assertEqual(client_hello.server_name, bytearray(0))
def test___repr__(self):
server_name = SNIExtension()
server_name = server_name.create(serverNames=[
SNIExtension.ServerName(0, bytearray(b'example.com')),
SNIExtension.ServerName(1, bytearray(b'\x04\x01'))
])
self.assertEqual("SNIExtension(serverNames=["\
"ServerName(name_type=0, name=bytearray(b'example.com')), "\
"ServerName(name_type=1, name=bytearray(b'\\x04\\x01'))])",
repr(server_name))
def test_parse_with_array_length_short_by_one(self):
server_name = SNIExtension()
p = Parser(
bytearray(b'\x00\x0d' + # length of array (one too short)
b'\x00' + # type of entry - host_name (0)
b'\x00\x0b' + # length of name - 11 bytes
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'))
with self.assertRaises(SyntaxError):
server_name = server_name.parse(p)
def test_getExtension_with_duplicated_extensions(self):
client_hello = ClientHello().create(
(3, 3),
bytearray(1),
bytearray(0), [],
extensions=[
TLSExtension().create(0, bytearray(0)),
SNIExtension().create(b'localhost')
])
with self.assertRaises(TLSInternalError):
client_hello.getExtension(0)
def test_create_with_serverNames(self):
server_name = SNIExtension()
server_name = server_name.create(serverNames=[
SNIExtension.ServerName(1, bytearray(b'example.com')),
SNIExtension.ServerName(4, bytearray(b'www.example.com')),
SNIExtension.ServerName(0, bytearray(b'example.net'))
])
self.assertEqual((bytearray(b'example.net'), ), server_name.hostNames)
self.assertEqual([
SNIExtension.ServerName(1, bytearray(b'example.com')),
SNIExtension.ServerName(4, bytearray(b'www.example.com')),
SNIExtension.ServerName(0, bytearray(b'example.net'))
], server_name.serverNames)
def test_parse_with_host_name(self):
server_name = SNIExtension()
p = Parser(
bytearray(b'\x00\x0e' + # length of array
b'\x00' + # type of entry - host_name (0)
b'\x00\x0b' + # length of name - 11 bytes
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'))
server_name = server_name.parse(p)
self.assertEqual(bytearray(b'example.com'), server_name.hostNames[0])
self.assertEqual(tuple([bytearray(b'example.com')]),
server_name.hostNames)
def test_hostNames_delete(self):
server_name = SNIExtension()
server_name = server_name.create(serverNames=[
SNIExtension.ServerName(0, bytearray(b'example.net')),
SNIExtension.ServerName(1, bytearray(b'example.com')),
SNIExtension.ServerName(4, bytearray(b'www.example.com'))
])
del server_name.hostNames
self.assertEqual(tuple(), server_name.hostNames)
self.assertEqual([
SNIExtension.ServerName(1, bytearray(b'example.com')),
SNIExtension.ServerName(4, bytearray(b'www.example.com'))
], server_name.serverNames)
def test_write_of_empty_list_of_names(self):
server_name = SNIExtension()
server_name = server_name.create(serverNames=[])
self.assertEqual(
bytearray(b'\x00\x00' # length of array - 0 bytes
),
server_name.extData)
self.assertEqual(
bytearray(b'\x00\x00' + # type of extension - SNI 0
b'\x00\x02' + # length of extension - 2 bytes
b'\x00\x00' # length of array of names - 0 bytes
),
server_name.write())
def __init__(self):
"""Set the configuration to Firefox 42."""
super(Firefox_42, self).__init__()
self._name = "Firefox 42"
self.version = (3, 3)
self.record_version = (3, 1)
self.ciphers = [
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA
]
ext = self.extensions = []
ext.append(SNIExtension())
ext.append(
TLSExtension(extType=ExtensionType.renegotiation_info).create(
bytearray(1)))
ext.append(SupportedGroupsExtension().create(
[GroupName.secp256r1, GroupName.secp384r1, GroupName.secp521r1]))
ext.append(ECPointFormatsExtension().create(
[ECPointFormat.uncompressed]))
ext.append(TLSExtension(extType=ExtensionType.session_ticket))
ext.append(NPNExtension())
ext.append(
TLSExtension(extType=ExtensionType.alpn).create(
bytearray(b'\x00\x15' + b'\x02' + b'h2' + b'\x08' +
b'spdy/3.1' + b'\x08' + b'http/1.1')))
ext.append(
TLSExtension(extType=ExtensionType.status_request).create(
bytearray(b'\x01' + b'\x00\x00' + b'\x00\x00')))
sig_algs = []
for alg in ['sha256', 'sha384', 'sha512', 'sha1']:
sig_algs.append((getattr(HashAlgorithm,
alg), SignatureAlgorithm.rsa))
for alg in ['sha256', 'sha384', 'sha512', 'sha1']:
sig_algs.append((getattr(HashAlgorithm,
alg), SignatureAlgorithm.ecdsa))
for alg in ['sha256', 'sha1']:
sig_algs.append((getattr(HashAlgorithm,
alg), SignatureAlgorithm.dsa))
ext.append(SignatureAlgorithmsExtension().create(sig_algs))
def test_process_with_unexpected_extensions(self):
exp = ExpectServerHello(
extensions={ExtensionType.renegotiation_info: None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create())
exts.append(SNIExtension().create())
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_write(self):
server_name = SNIExtension()
server_name = server_name.create(bytearray(b'example.com'))
self.assertEqual(
bytearray(b'\x00\x0e' + # length of array - 14 bytes
b'\x00' + # type of element - host_name (0)
b'\x00\x0b' + # length of element - 11 bytes
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'),
server_name.extData)
self.assertEqual(
bytearray(b'\x00\x00' + # type of extension - SNI (0)
b'\x00\x10' + # length of extension - 16 bytes
b'\x00\x0e' + # length of array - 14 bytes
b'\x00' + # type of element - host_name (0)
b'\x00\x0b' + # length of element - 11 bytes
# UTF-8 encoding of example.com
b'\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'),
server_name.write())
def main():
"""check if server handles malformed server name indication extension"""
host = "localhost"
hostname = "localhost"
port = 4433
num_limit = None
run_exclude = set()
expected_failures = {}
last_exp_tmp = None
sni_fatal = False
argv = sys.argv[1:]
opts, args = getopt.getopt(argv, "h:p:n:e:x:X:",
["help", "sni=", "sni-fatal"])
for opt, arg in opts:
if opt == '-h':
host = arg
elif opt == '-p':
port = int(arg)
elif opt == '-e':
run_exclude.add(arg)
elif opt == '-n':
num_limit = int(arg)
elif opt == '-x':
expected_failures[arg] = None
last_exp_tmp = str(arg)
elif opt == '-X':
if not last_exp_tmp:
raise ValueError("-x has to be specified before -X")
expected_failures[last_exp_tmp] = str(arg)
elif opt == '--help':
help_msg()
sys.exit(0)
elif opt == '--sni':
hostname = arg
elif opt == '--sni-fatal':
sni_fatal = True
else:
raise ValueError("Unknown option: {0}".format(opt))
if args:
run_only = set(args)
else:
run_only = None
conversations = {}
# sanity check without SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["sanity"] = conversation
# sanity check SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = SNIExtension().create(bytearray(hostname, 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["Sanity check, SNI"] = conversation
# empty SNI extension
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = TLSExtension(extType=ExtensionType.server_name).create(bytearray(0))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node.add_child(ExpectClose())
conversations["Empty SNI extension"] = conversation
# empty host list
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = SNIExtension().create(serverNames=[])
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node.add_child(ExpectClose())
conversations["Empty host list in SNI extension"] = conversation
# empty host name
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = SNIExtension().create(hostNames=[bytearray(0)])
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node.add_child(ExpectClose())
conversations["Empty hostname in SNI extension"] = conversation
# trailing data in extension
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
payload = bytearray(b'\x00\x04' # overall length
b'\x00' # type - host_name
b'\x00\x01' # length of host name
b'e' # host name
b'x' # trailing data
)
sni = TLSExtension(extType=ExtensionType.server_name).create(payload)
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node.add_child(ExpectClose())
conversations["Trailing data in extension"] = conversation
# incorrect host name
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = SNIExtension().create(
bytearray(b'www.') + bytearray(hostname, 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
if sni_fatal:
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.unrecognized_name))
node = node.add_child(ExpectClose())
else:
node = node.add_child(
ExpectAlert(AlertLevel.warning,
AlertDescription.unrecognized_name))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["incorrect SNI"] = conversation
# SNI name with NULL
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# names MUST be valid DNS host names
sni = SNIExtension().create(
bytearray(hostname[:-1], 'utf-8') + bytearray(b'\x00') +
bytearray(hostname[-1:], 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["SNI name with NULL"] = conversation
# SNI name with special character
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# names MUST be valid DNS host names
sni = SNIExtension().create(
bytearray(hostname[:-1], 'utf-8') + bytearray(b'\x07') +
bytearray(hostname[-1:], 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["SNI name with BEL"] = conversation
# SNI name with UTF-8 character
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# names MUST be valid DNS host names
sni = SNIExtension().create(
bytearray(hostname[:-1], 'utf-8') + bytearray(b'\xc4\x85') +
bytearray(hostname[-1:], 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["SNI name with UTF-8"] = conversation
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# names MUST be valid DNS host names
sni = SNIExtension().create(
bytearray(hostname, 'utf-8') + bytearray(b'\x1b[31mBAD\x1b[0;37m'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["SNI name with ANSI color escapes code"] = conversation
# malformed extension
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
ext = {
ExtensionType.server_name:
lambda _: TLSExtension().create(0, bytearray(b'\xff' * 4))
}
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node = node.add_child(ExpectClose())
conversations["malformed overall length"] = conversation
# multiple names in SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# RFC 6066 client MUST NOT send two names of the same type
sni = SNIExtension().create(hostNames=[
bytearray(hostname, 'utf-8'),
bytearray(b'www.') + bytearray(hostname, 'utf-8')
])
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations[
"multiple host_names in SNI, RFC 6066 compliance"] = conversation
# multiple types in SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
names = [
SNIExtension.ServerName(NameType.host_name,
bytearray(hostname, 'utf-8')),
# some unknown SNI type, should be ignored by server
SNIExtension.ServerName(NameType.host_name + 1, bytearray(range(0,
24)))
]
sni = SNIExtension().create(serverNames=names)
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["multiple types in SNI, host_name first"] = conversation
# multiple types in SNI, host_name last
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
names = [ # some unknown SNI type, should be ignored by server
SNIExtension.ServerName(NameType.host_name + 1, bytearray(range(0,
24))),
# actual SNI payload
SNIExtension.ServerName(NameType.host_name,
bytearray(hostname, 'utf-8'))
]
sni = SNIExtension().create(serverNames=names)
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
# hangs gnutls-serv
conversations["multiple types in SNI, host_name last"] = conversation
# run the conversation
good = 0
bad = 0
xfail = 0
xpass = 0
failed = []
xpassed = []
if not num_limit:
num_limit = len(conversations)
# make sure that sanity test is run first and last
# to verify that server was running and kept running throughout
sanity_tests = [('sanity', conversations['sanity'])]
if run_only:
if num_limit > len(run_only):
num_limit = len(run_only)
regular_tests = [(k, v) for k, v in conversations.items()
if k in run_only]
else:
regular_tests = [(k, v) for k, v in conversations.items()
if (k != 'sanity') and k not in run_exclude]
sampled_tests = sample(regular_tests, min(num_limit, len(regular_tests)))
ordered_tests = chain(sanity_tests, sampled_tests, sanity_tests)
for c_name, c_test in ordered_tests:
if run_only and c_name not in run_only or c_name in run_exclude:
continue
print("{0} ...".format(c_name))
runner = Runner(c_test)
res = True
exception = None
try:
runner.run()
except Exception as exp:
exception = exp
print("Error while processing")
print(traceback.format_exc())
res = False
if c_name in expected_failures:
if res:
xpass += 1
xpassed.append(c_name)
print("XPASS-expected failure but test passed\n")
else:
if expected_failures[c_name] is not None and \
expected_failures[c_name] not in str(exception):
bad += 1
failed.append(c_name)
print("Expected error message: {0}\n".format(
expected_failures[c_name]))
else:
xfail += 1
print("OK-expected failure\n")
else:
if res:
good += 1
print("OK\n")
else:
bad += 1
failed.append(c_name)
print("SNI extension test")
print("Test end")
print(20 * '=')
print("version: {0}".format(version))
print(20 * '=')
print("TOTAL: {0}".format(len(sampled_tests) + 2 * len(sanity_tests)))
print("SKIP: {0}".format(
len(run_exclude.intersection(conversations.keys()))))
print("PASS: {0}".format(good))
print("XFAIL: {0}".format(xfail))
print("FAIL: {0}".format(bad))
print("XPASS: {0}".format(xpass))
print(20 * '=')
sort = sorted(xpassed, key=natural_sort_keys)
if len(sort):
print("XPASSED:\n\t{0}".format('\n\t'.join(repr(i) for i in sort)))
sort = sorted(failed, key=natural_sort_keys)
if len(sort):
print("FAILED:\n\t{0}".format('\n\t'.join(repr(i) for i in sort)))
if bad or xpass:
sys.exit(1)
def test(self):
sock = MockSocket(server_hello_ciphertext)
record_layer = RecordLayer(sock)
ext = [SNIExtension().create(bytearray(b'server')),
TLSExtension(extType=ExtensionType.renegotiation_info)
.create(bytearray(b'\x00')),
SupportedGroupsExtension().create([GroupName.x25519,
GroupName.secp256r1,
GroupName.secp384r1,
GroupName.secp521r1,
GroupName.ffdhe2048,
GroupName.ffdhe3072,
GroupName.ffdhe4096,
GroupName.ffdhe6144,
GroupName.ffdhe8192]),
ECPointFormatsExtension().create([ECPointFormat.uncompressed]),
TLSExtension(extType=35),
ClientKeyShareExtension().create([KeyShareEntry().create(GroupName.x25519,
client_key_public,
client_key_private)]),
SupportedVersionsExtension().create([TLS_1_3_DRAFT,
(3, 3), (3, 2)]),
SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256,
SignatureAlgorithm.ecdsa),
(HashAlgorithm.sha384,
SignatureAlgorithm.ecdsa),
(HashAlgorithm.sha512,
SignatureAlgorithm.ecdsa),
(HashAlgorithm.sha1,
SignatureAlgorithm.ecdsa),
SignatureScheme.rsa_pss_sha256,
SignatureScheme.rsa_pss_sha384,
SignatureScheme.rsa_pss_sha512,
SignatureScheme.rsa_pkcs1_sha256,
SignatureScheme.rsa_pkcs1_sha384,
SignatureScheme.rsa_pkcs1_sha512,
SignatureScheme.rsa_pkcs1_sha1,
(HashAlgorithm.sha256,
SignatureAlgorithm.dsa),
(HashAlgorithm.sha384,
SignatureAlgorithm.dsa),
(HashAlgorithm.sha512,
SignatureAlgorithm.dsa),
(HashAlgorithm.sha1,
SignatureAlgorithm.dsa)]),
TLSExtension(extType=45).create(bytearray(b'\x01\x01')),
TLSExtension(extType=ExtensionType.client_hello_padding)
.create(bytearray(252))
]
client_hello = ClientHello()
client_hello.create((3, 3),
bytearray(b'\xaf!\x15k\x04\xdbc\x9ef\x15J\x1f\xe5'
b'\xad\xfa\xea\xdf\x9eA4\x16\x00\rW\xb8'
b'\xe1\x12mM\x11\x9a\x8b'),
bytearray(b''),
[CipherSuite.TLS_AES_128_GCM_SHA256,
CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_AES_256_GCM_SHA384,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
0xCCA9,
CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
0x0032,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
0x0038,
CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
0x0013,
CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
CipherSuite.TLS_RSA_WITH_RC4_128_SHA,
CipherSuite.TLS_RSA_WITH_RC4_128_MD5],
extensions=ext)
self.assertEqual(client_hello.write(), client_hello_ciphertext[5:])
for result in record_layer.recvRecord():
# check if non-blocking
self.assertNotIn(result, (0, 1))
header, parser = result
hs_type = parser.get(1)
self.assertEqual(hs_type, HandshakeType.server_hello)
server_hello = ServerHello().parse(parser)
self.assertEqual(server_hello.server_version, TLS_1_3_DRAFT)
self.assertEqual(server_hello.cipher_suite, CipherSuite.TLS_AES_128_GCM_SHA256)
server_key_share = server_hello.getExtension(ExtensionType.key_share)
server_key_share = server_key_share.server_share
self.assertEqual(server_key_share.group, GroupName.x25519)
# for TLS_AES_128_GCM_SHA256:
prf_name = 'sha256'
prf_size = 256 // 8
secret = bytearray(prf_size)
psk = bytearray(prf_size)
# early secret
secret = secureHMAC(secret, psk, prf_name)
self.assertEqual(secret,
str_to_bytearray(
"33ad0a1c607ec03b 09e6cd9893680ce2"
"10adf300aa1f2660 e1b22e10f170f92a"))
# derive secret for handshake
secret = derive_secret(secret, b"derived", None, prf_name)
self.assertEqual(secret,
str_to_bytearray(
"6f2615a108c702c5 678f54fc9dbab697"
"16c076189c48250c ebeac3576c3611ba"))
# extract secret "handshake"
Z = x25519(client_key_private, server_key_share.key_exchange)
self.assertEqual(Z,
str_to_bytearray(
"f677c3cdac26a755 455b130efa9b1a3f"
"3cafb153544ca46a ddf670df199d996e"))
secret = secureHMAC(secret, Z, prf_name)
self.assertEqual(secret,
str_to_bytearray(
"0cefce00d5d29fd0 9f5de36c86fc8e72"
"99b4ad11ba4211c6 7063c2cc539fc4f9"))
handshake_hashes = HandshakeHashes()
handshake_hashes.update(client_hello_plaintext)
handshake_hashes.update(server_hello_payload)
# derive "tls13 c hs traffic"
c_hs_traffic = derive_secret(secret,
bytearray(b'c hs traffic'),
handshake_hashes,
prf_name)
self.assertEqual(c_hs_traffic,
str_to_bytearray(
"5a63db760b817b1b da96e72832333aec"
"6a177deeadb5b407 501ac10c17dac0a4"))
s_hs_traffic = derive_secret(secret,
bytearray(b's hs traffic'),
handshake_hashes,
prf_name)
self.assertEqual(s_hs_traffic,
str_to_bytearray(
"3aa72a3c77b791e8 f4de243f9ccce172"
"941f8392aeb05429 320f4b572ccfe744"))
# derive master secret
secret = derive_secret(secret, b"derived", None, prf_name)
self.assertEqual(secret,
str_to_bytearray(
"32cadf38f3089048 5c54bf4f1184eaa5"
"569eeef15a43f3c7 6ab33965a47c9ff6"))
# extract secret "master
secret = secureHMAC(secret, bytearray(prf_size), prf_name)
self.assertEqual(secret,
str_to_bytearray(
"6c6d4b3e7c925460 82d7b7a32f6ce219"
"3804f1bb930fed74 5c6b93c71397f424"))
def test(self):
sock = MockSocket(server_hello_ciphertext)
record_layer = RecordLayer(sock)
ext = [
SNIExtension().create(bytearray(b'server')),
TLSExtension(extType=ExtensionType.renegotiation_info).create(
bytearray(b'\x00')),
SupportedGroupsExtension().create([
GroupName.x25519, GroupName.secp256r1, GroupName.secp384r1,
GroupName.secp521r1, GroupName.ffdhe2048, GroupName.ffdhe3072,
GroupName.ffdhe4096, GroupName.ffdhe6144, GroupName.ffdhe8192
]),
TLSExtension(extType=35),
ClientKeyShareExtension().create([
KeyShareEntry().create(GroupName.x25519, client_key_public,
client_key_private)
]),
SupportedVersionsExtension().create([(3, 4)]),
SignatureAlgorithmsExtension().create([
SignatureScheme.ecdsa_secp256r1_sha256,
SignatureScheme.ecdsa_secp384r1_sha384,
SignatureScheme.ecdsa_secp521r1_sha512,
(HashAlgorithm.sha1, SignatureAlgorithm.ecdsa),
SignatureScheme.rsa_pss_rsae_sha256,
SignatureScheme.rsa_pss_rsae_sha384,
SignatureScheme.rsa_pss_rsae_sha512,
SignatureScheme.rsa_pkcs1_sha256,
SignatureScheme.rsa_pkcs1_sha384,
SignatureScheme.rsa_pkcs1_sha512,
SignatureScheme.rsa_pkcs1_sha1,
(HashAlgorithm.sha256, SignatureAlgorithm.dsa),
(HashAlgorithm.sha384, SignatureAlgorithm.dsa),
(HashAlgorithm.sha512, SignatureAlgorithm.dsa),
(HashAlgorithm.sha1, SignatureAlgorithm.dsa)
]),
TLSExtension(extType=45).create(bytearray(b'\x01\x01')),
RecordSizeLimitExtension().create(16385)
]
client_hello = ClientHello()
client_hello.create((3, 3),
bytearray(b'\xcb4\xec\xb1\xe7\x81c'
b'\xba\x1c8\xc6\xda\xcb'
b'\x19jm\xff\xa2\x1a\x8d'
b'\x99\x12\xec\x18\xa2'
b'\xefb\x83\x02M\xec\xe7'),
bytearray(b''), [
CipherSuite.TLS_AES_128_GCM_SHA256,
CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_AES_256_GCM_SHA384
],
extensions=ext)
self.assertEqual(client_hello.write(), client_hello_ciphertext[5:])
for result in record_layer.recvRecord():
# check if non-blocking
self.assertNotIn(result, (0, 1))
break
header, parser = result
hs_type = parser.get(1)
self.assertEqual(hs_type, HandshakeType.server_hello)
server_hello = ServerHello().parse(parser)
self.assertEqual(server_hello.server_version, (3, 3))
self.assertEqual(server_hello.cipher_suite,
CipherSuite.TLS_AES_128_GCM_SHA256)
server_key_share = server_hello.getExtension(ExtensionType.key_share)
server_key_share = server_key_share.server_share
self.assertEqual(server_key_share.group, GroupName.x25519)
# for TLS_AES_128_GCM_SHA256:
prf_name = 'sha256'
prf_size = 256 // 8
secret = bytearray(prf_size)
psk = bytearray(prf_size)
# early secret
secret = secureHMAC(secret, psk, prf_name)
self.assertEqual(
secret,
clean("""
33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
"""))
# derive secret for handshake
secret = derive_secret(secret, b"derived", None, prf_name)
self.assertEqual(
secret,
clean("""
6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
"""))
# extract secret "handshake"
Z = x25519(client_key_private, server_key_share.key_exchange)
self.assertEqual(
Z,
clean("""
8b d4 05 4f b5 5b 9d 63 fd fb ac f9 f0 4b 9f 0d
35 e6 d6 3f 53 75 63 ef d4 62 72 90 0f 89 49 2d
"""))
secret = secureHMAC(secret, Z, prf_name)
self.assertEqual(
secret,
clean("""
1d c8 26 e9 36 06 aa 6f dc 0a ad c1 2f 74 1b
01 04 6a a6 b9 9f 69 1e d2 21 a9 f0 ca 04 3f be ac
"""))
handshake_hashes = HandshakeHashes()
handshake_hashes.update(client_hello_plaintext)
handshake_hashes.update(server_hello_payload)
# derive "tls13 c hs traffic"
c_hs_traffic = derive_secret(secret, bytearray(b'c hs traffic'),
handshake_hashes, prf_name)
self.assertEqual(
c_hs_traffic,
clean("""
b3 ed db 12 6e 06 7f 35 a7 80 b3 ab f4 5e
2d 8f 3b 1a 95 07 38 f5 2e 96 00 74 6a 0e 27 a5 5a 21
"""))
s_hs_traffic = derive_secret(secret, bytearray(b's hs traffic'),
handshake_hashes, prf_name)
self.assertEqual(
s_hs_traffic,
clean("""
b6 7b 7d 69 0c c1 6c 4e 75 e5 42 13 cb 2d
37 b4 e9 c9 12 bc de d9 10 5d 42 be fd 59 d3 91 ad 38
"""))
# derive master secret
secret = derive_secret(secret, b"derived", None, prf_name)
self.assertEqual(
secret,
clean("""
43 de 77 e0 c7 77 13 85 9a 94 4d b9 db 25
90 b5 31 90 a6 5b 3e e2 e4 f1 2d d7 a0 bb 7c e2 54 b4
"""))
# extract secret "master"
secret = secureHMAC(secret, bytearray(prf_size), prf_name)
self.assertEqual(
secret,
clean("""
18 df 06 84 3d 13 a0 8b f2 a4 49 84 4c 5f 8a
47 80 01 bc 4d 4c 62 79 84 d5 a4 1d a8 d0 40 29 19
"""))
# derive write keys for handshake data
server_hs_write_trafic_key = HKDF_expand_label(s_hs_traffic, b"key",
b"", 16, prf_name)
self.assertEqual(
server_hs_write_trafic_key,
clean("""
3f ce 51 60 09 c2 17 27 d0 f2 e4 e8 6e
e4 03 bc
"""))
server_hs_write_trafic_iv = HKDF_expand_label(s_hs_traffic, b"iv", b"",
12, prf_name)
self.assertEqual(
server_hs_write_trafic_iv,
clean("""
5d 31 3e b2 67 12 76 ee 13 00 0b 30
"""))
# derive key for Finished message
server_finished_key = HKDF_expand_label(s_hs_traffic, b"finished", b"",
prf_size, prf_name)
self.assertEqual(
server_finished_key,
clean("""
00 8d 3b 66 f8 16 ea 55 9f 96 b5 37 e8 85
c3 1f c0 68 bf 49 2c 65 2f 01 f2 88 a1 d8 cd c1 9f c8
"""))
# Update the handshake transcript
handshake_hashes.update(server_encrypted_extensions)
handshake_hashes.update(server_certificate_message)
handshake_hashes.update(server_certificateverify_message)
hs_transcript = handshake_hashes.digest(prf_name)
server_finished = secureHMAC(server_finished_key, hs_transcript,
prf_name)
self.assertEqual(
server_finished,
clean("""
9b 9b 14 1d 90 63 37 fb d2 cb dc e7 1d f4
de da 4a b4 2c 30 95 72 cb 7f ff ee 54 54 b7 8f 07 18
"""))
server_finished_message = Finished((3, 4)).create(server_finished)
server_finished_payload = server_finished_message.write()
# update handshake transcript to include Finished payload
handshake_hashes.update(server_finished_payload)
# derive keys for client application traffic
c_ap_traffic = derive_secret(secret, b"c ap traffic", handshake_hashes,
prf_name)
self.assertEqual(
c_ap_traffic,
clean("""
9e 40 64 6c e7 9a 7f 9d c0 5a f8 88 9b ce
65 52 87 5a fa 0b 06 df 00 87 f7 92 eb b7 c1 75 04 a5
"""))
# derive keys for server application traffic
s_ap_traffic = derive_secret(secret, b"s ap traffic", handshake_hashes,
prf_name)
self.assertEqual(
s_ap_traffic,
clean("""
a1 1a f9 f0 55 31 f8 56 ad 47 11 6b 45 a9
50 32 82 04 b4 f4 4b fb 6b 3a 4b 4f 1f 3f cb 63 16 43
"""))
# derive exporter master secret
exp_master = derive_secret(secret, b"exp master", handshake_hashes,
prf_name)
self.assertEqual(
exp_master,
clean("""
fe 22 f8 81 17 6e da 18 eb 8f 44 52 9e 67
92 c5 0c 9a 3f 89 45 2f 68 d8 ae 31 1b 43 09 d3 cf 50
"""))
# derive write traffic keys for app data
server_write_traffic_key = HKDF_expand_label(s_ap_traffic, b"key", b"",
16, prf_name)
self.assertEqual(
server_write_traffic_key,
clean("""
9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac
92 e3 56
"""))
server_write_traffic_iv = HKDF_expand_label(s_ap_traffic, b"iv", b"",
12, prf_name)
self.assertEqual(
server_write_traffic_iv,
clean("""
cf 78 2b 88 dd 83 54 9a ad f1 e9 84
"""))
# derive read traffic keys for app data
server_read_hs_key = HKDF_expand_label(c_hs_traffic, b"key", b"", 16,
prf_name)
self.assertEqual(
server_read_hs_key,
clean("""
db fa a6 93 d1 76 2c 5b 66 6a f5 d9 50
25 8d 01
"""))
server_read_hs_iv = HKDF_expand_label(c_hs_traffic, b"iv", b"", 12,
prf_name)
self.assertEqual(
server_read_hs_iv,
clean("""
5b d3 c7 1b 83 6e 0b 76 bb 73 26 5f
"""))
def main():
"""check if server handles malformed server name indication extension"""
host = "localhost"
hostname = "localhost"
port = 4433
run_exclude = set()
sni_fatal = False
argv = sys.argv[1:]
opts, args = getopt.getopt(argv, "h:p:e:", ["help", "sni=", "sni-fatal"])
for opt, arg in opts:
if opt == '-h':
host = arg
elif opt == '-p':
port = int(arg)
elif opt == '-e':
run_exclude.add(arg)
elif opt == '--help':
help_msg()
sys.exit(0)
elif opt == '--sni':
hostname = arg
elif opt == '--sni-fatal':
sni_fatal = True
else:
raise ValueError("Unknown option: {0}".format(opt))
if args:
run_only = set(args)
else:
run_only = None
conversations = {}
# sanity check without SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["sanity"] = conversation
# sanity check SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = SNIExtension().create(bytearray(hostname, 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["Sanity check, SNI"] = conversation
# empty SNI extension
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = TLSExtension(extType=ExtensionType.server_name).create(bytearray(0))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node.add_child(ExpectClose())
conversations["Empty SNI extension"] = conversation
# empty host list
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = SNIExtension().create(serverNames=[])
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node.add_child(ExpectClose())
conversations["Empty host list in SNI extension"] = conversation
# empty host name
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = SNIExtension().create(hostNames=[bytearray(0)])
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node.add_child(ExpectClose())
conversations["Empty hostname in SNI extension"] = conversation
# trailing data in extension
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
payload = bytearray(b'\x00\x04' # overall length
b'\x00' # type - host_name
b'\x00\x01' # length of host name
b'e' # host name
b'x' # trailing data
)
sni = TLSExtension(extType=ExtensionType.server_name).create(payload)
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node.add_child(ExpectClose())
conversations["Trailing data in extension"] = conversation
# incorrect host name
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
sni = SNIExtension().create(
bytearray(b'www.') + bytearray(hostname, 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
if sni_fatal:
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.unrecognized_name))
node = node.add_child(ExpectClose())
else:
node = node.add_child(
ExpectAlert(AlertLevel.warning,
AlertDescription.unrecognized_name))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["incorrect SNI"] = conversation
# SNI name with NULL
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# names MUST be valid DNS host names
sni = SNIExtension().create(
bytearray(hostname[:-1], 'utf-8') + bytearray(b'\x00') +
bytearray(hostname[-1:], 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["SNI name with NULL"] = conversation
# SNI name with special character
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# names MUST be valid DNS host names
sni = SNIExtension().create(
bytearray(hostname[:-1], 'utf-8') + bytearray(b'\x07') +
bytearray(hostname[-1:], 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["SNI name with BEL"] = conversation
# SNI name with UTF-8 character
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# names MUST be valid DNS host names
sni = SNIExtension().create(
bytearray(hostname[:-1], 'utf-8') + bytearray(b'\xc4\x85') +
bytearray(hostname[-1:], 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["SNI name with UTF-8"] = conversation
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# names MUST be valid DNS host names
sni = SNIExtension().create(
bytearray(hostname, 'utf-8') + bytearray(b'\x1b[31mBAD\x1b[0;37m'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["SNI name with ANSI color escapes code"] = conversation
# malformed extension
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
ext = {
ExtensionType.server_name:
lambda _: TLSExtension().create(0, bytearray(b'\xff' * 4))
}
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.decode_error))
node = node.add_child(ExpectClose())
conversations["malformed overall length"] = conversation
# multiple names in SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
# RFC 6066 client MUST NOT send two names of the same type
sni = SNIExtension().create(hostNames=[
bytearray(hostname, 'utf-8'),
bytearray(b'www.') + bytearray(hostname, 'utf-8')
])
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations[
"multiple host_names in SNI, RFC 6066 compliance"] = conversation
# multiple types in SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
names = [
SNIExtension.ServerName(NameType.host_name,
bytearray(hostname, 'utf-8')),
# some unknown SNI type, should be ignored by server
SNIExtension.ServerName(NameType.host_name + 1, bytearray(range(0,
24)))
]
sni = SNIExtension().create(serverNames=names)
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["multiple types in SNI, host_name first"] = conversation
# multiple types in SNI, host_name last
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
]),
ExtensionType.signature_algorithms_cert:
SignatureAlgorithmsCertExtension().create(RSA_SIG_ALL)
}
names = [ # some unknown SNI type, should be ignored by server
SNIExtension.ServerName(NameType.host_name + 1, bytearray(range(0,
24))),
# actual SNI payload
SNIExtension.ServerName(NameType.host_name,
bytearray(hostname, 'utf-8'))
]
sni = SNIExtension().create(serverNames=names)
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
# hangs gnutls-serv
conversations["multiple types in SNI, host_name last"] = conversation
# run the conversation
good = 0
bad = 0
failed = []
# make sure that sanity test is run first and last
# to verify that server was running and kept running throught
sanity_test = ('sanity', conversations['sanity'])
ordered_tests = chain([sanity_test],
filter(lambda x: x[0] != 'sanity',
conversations.items()), [sanity_test])
for c_name, c_test in ordered_tests:
if run_only and c_name not in run_only or c_name in run_exclude:
continue
print("{0} ...".format(c_name))
runner = Runner(c_test)
res = True
try:
runner.run()
except:
print("Error while processing")
print(traceback.format_exc())
res = False
if res:
good += 1
print("OK\n")
else:
bad += 1
failed.append(c_name)
print("SNI extension test version 3")
print("Test end")
print("successful: {0}".format(good))
print("failed: {0}".format(bad))
failed_sorted = sorted(failed, key=natural_sort_keys)
print(" {0}".format('\n '.join(repr(i) for i in failed_sorted)))
if bad > 0:
sys.exit(1)
def main():
"""check if server handles incorrect resumption w/server name indication"""
host = "localhost"
hostname = "localhost4"
port = 4433
num_limit = None
run_exclude = set()
argv = sys.argv[1:]
opts, args = getopt.getopt(argv, "h:p:e:n:", ["help", "sni="])
for opt, arg in opts:
if opt == '-h':
host = arg
elif opt == '-p':
port = int(arg)
elif opt == '-e':
run_exclude.add(arg)
elif opt == '-n':
num_limit = int(arg)
elif opt == '--help':
help_msg()
sys.exit(0)
elif opt == '--sni':
hostname = arg
else:
raise ValueError("Unknown option: {0}".format(opt))
if args:
run_only = set(args)
else:
run_only = None
conversations = {}
# sanity check without SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
])
}
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["sanity"] = conversation
# sanity check SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
])
}
sni = SNIExtension().create(bytearray(hostname, 'utf-8'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(ApplicationDataGenerator(b"GET / HTTP/1.0\n\n"))
node = node.add_child(ExpectApplicationData())
node = node.add_child(AlertGenerator(AlertDescription.close_notify))
node = node.add_child(ExpectClose())
node.next_sibling = ExpectAlert(AlertLevel.warning,
AlertDescription.close_notify)
node.next_sibling.add_child(ExpectClose())
conversations["Sanity check, SNI"] = conversation
# sanity check bad SNI
conversation = Connect(host, port)
node = conversation
ciphers = [
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
]
ext = {
ExtensionType.signature_algorithms:
SignatureAlgorithmsExtension().create([
(getattr(HashAlgorithm, x), SignatureAlgorithm.rsa)
for x in ['sha512', 'sha384', 'sha256', 'sha224', 'sha1']
])
}
sni = SNIExtension().create(
bytearray(hostname, 'utf-8') + bytearray(b'\x00'))
ext[ExtensionType.server_name] = sni
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node = node.add_child(ExpectClose())
conversations["Sanity check, bad SNI"] = conversation
# session resume with malformed SNI
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
ext = {
ExtensionType.renegotiation_info:
None,
ExtensionType.server_name:
SNIExtension().create(bytearray(hostname, 'utf-8'))
}
node = node.add_child(
ClientHelloGenerator(ciphers, session_id=bytearray(32),
extensions=ext))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(
ExpectAlert(AlertLevel.warning, AlertDescription.close_notify))
close = ExpectClose()
node.next_sibling = close
node = node.add_child(ExpectClose())
node = node.add_child(Close())
node = node.add_child(Connect(host, port))
close.add_child(node)
node = node.add_child(ResetHandshakeHashes())
node = node.add_child(ResetRenegotiationInfo())
ext = {
ExtensionType.renegotiation_info:
None,
ExtensionType.server_name:
SNIExtension().create(
bytearray(hostname, 'utf-8') + bytearray(b'\x00'))
}
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectAlert(AlertLevel.fatal, AlertDescription.illegal_parameter))
node.next_sibling = ExpectClose()
node = node.add_child(ExpectClose())
conversations["session resume with malformed SNI"] = conversation
# session resume with malformed SNI
conversation = Connect(host, port)
node = conversation
ciphers = [CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA]
ext = {
ExtensionType.renegotiation_info:
None,
ExtensionType.server_name:
SNIExtension().create(bytearray(hostname, 'utf-8'))
}
node = node.add_child(
ClientHelloGenerator(ciphers, session_id=bytearray(32),
extensions=ext))
node = node.add_child(ExpectServerHello())
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(
ExpectAlert(AlertLevel.warning, AlertDescription.close_notify))
close = ExpectClose()
node.next_sibling = close
node = node.add_child(ExpectClose())
node = node.add_child(Close())
node = node.add_child(Connect(host, port))
close.add_child(node)
node = node.add_child(ResetHandshakeHashes())
node = node.add_child(ResetRenegotiationInfo())
ext = {
ExtensionType.renegotiation_info:
None,
ExtensionType.server_name:
SNIExtension().create(
bytearray(b'www.') + bytearray(hostname, 'utf-8'))
}
node = node.add_child(ClientHelloGenerator(ciphers, extensions=ext))
node = node.add_child(
ExpectServerHello(extensions={ExtensionType.renegotiation_info: None},
resume=False))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
node = node.add_child(ClientKeyExchangeGenerator())
node = node.add_child(ChangeCipherSpecGenerator())
node = node.add_child(FinishedGenerator())
node = node.add_child(ExpectChangeCipherSpec())
node = node.add_child(ExpectFinished())
node = node.add_child(
ApplicationDataGenerator(bytearray(b"GET / HTTP/1.0\n\n")))
node = node.add_child(ExpectApplicationData())
node = node.add_child(
AlertGenerator(AlertLevel.warning, AlertDescription.close_notify))
node = node.add_child(
ExpectAlert(AlertLevel.warning, AlertDescription.close_notify))
node.next_sibling = ExpectClose()
node = node.add_child(ExpectClose())
conversations["session resume with different SNI"] = conversation
# run the conversation
good = 0
bad = 0
failed = []
if not num_limit:
num_limit = len(conversations)
# make sure that sanity test is run first and last
# to verify that server was running and kept running throught
sanity_test = ('sanity', conversations['sanity'])
ordered_tests = chain([sanity_test],
islice(
filter(lambda x: x[0] != 'sanity',
conversations.items()), num_limit),
[sanity_test])
for c_name, c_test in ordered_tests:
if run_only and c_name not in run_only or c_name in run_exclude:
continue
print("{0} ...".format(c_name))
runner = Runner(c_test)
res = True
try:
runner.run()
except:
print("Error while processing")
print(traceback.format_exc())
res = False
if res:
good += 1
print("OK\n")
else:
bad += 1
failed.append(c_name)
print()
print("SNI resumption test version 2")
print("In case the \"session resume with malformed SNI\" or the")
print("\"session resume with different SNI\" test case")
print("the server replies with ChangeCipherSpec when we expect")
print("ExpectCertificate, it means it does not follow a \"MUST NOT\"")
print("clause of RFC 6066 Section 3")
print()
print("Test end")
print("successful: {0}".format(good))
print("failed: {0}".format(bad))
failed_sorted = sorted(failed, key=natural_sort_keys)
print(" {0}".format('\n '.join(repr(i) for i in failed_sorted)))
if bad > 0:
sys.exit(1)