def test_minVersion_higher_than_maxVersion(self):
hs = HandshakeSettings()
hs.minVersion = (3, 3)
hs.maxVersion = (3, 0)
with self.assertRaises(ValueError):
hs.validate()
def test_maxKeySize_smaller_than_minKeySize(self):
hs = HandshakeSettings()
hs.maxKeySize = 1024
hs.minKeySize = 2048
with self.assertRaises(ValueError):
hs.validate()
def test_requireExtendedMasterSecret_with_incompatible_use_EMS(self):
hs = HandshakeSettings()
hs.useExtendedMasterSecret = False
hs.requireExtendedMasterSecret = True
with self.assertRaises(ValueError):
hs.validate()
def test_not_matching_keyShares(self):
hs = HandshakeSettings()
hs.keyShares = ["x25519"]
hs.eccCurves = ["x448"]
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("x25519", str(e.exception))
def test_no_signature_hashes_set_with_TLS1_2(self):
hs = HandshakeSettings()
hs.rsaSigHashes = []
hs.dsaSigHashes = []
hs.ecdsaSigHashes = []
hs.more_sig_schemes = []
with self.assertRaises(ValueError):
hs.validate()
def test_ticket_count_negative(self):
hs = HandshakeSettings()
hs.ticket_count = -1
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("new session tickets", str(e.exception))
def test_invalid_use_heartbeat_extension(self):
hs = HandshakeSettings()
hs.use_heartbeat_extension = None
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("use_heartbeat_extension", str(e.exception))
def test_invalid_max_early_data(self):
hs = HandshakeSettings()
hs.max_early_data = -1
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("max_early_data", str(e.exception))
def test_invalid_psk_mode(self):
hs = HandshakeSettings()
hs.psk_modes = ["psk_pqe_ke"]
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("psk_pqe_ke", str(e.exception))
def test_ticketLifetime_wrong(self):
hs = HandshakeSettings()
hs.ticketLifetime = 2**32
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("Ticket lifetime", str(e.exception))
def test_ticketKeys_wrong_size(self):
hs = HandshakeSettings()
hs.ticketKeys = [bytearray(8)]
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("encryption keys", str(e.exception))
def test_ticketCipher_invalid(self):
hs = HandshakeSettings()
hs.ticketCipher = "aes-128-cbc"
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("Invalid cipher", str(e.exception))
def test_pskConfig_invalid_hash(self):
hs = HandshakeSettings()
hs.pskConfigs = [(b'test', b'sicrits', 'wrong-hash')]
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("wrong-hash", str(e.exception))
def test_pskConfigs_invalid_tuple(self):
hs = HandshakeSettings()
hs.pskConfigs = [(b'test', b'sicrits'), tuple([b'invalid'])]
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("pskConfigs", str(e.exception))
def test_not_matching_ffdhe_keyShares(self):
hs = HandshakeSettings()
hs.keyShares = ["ffdhe2048", "x25519"]
hs.dhGroups = ["ffdhe4096"]
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("ffdhe2048", str(e.exception))
def test_too_big_record_size_limit(self):
hs = HandshakeSettings()
hs.record_size_limit = 2**14 + 2
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("record_size_limit", str(e.exception))
def test_invalid_heartbeat_extension_combination(self):
hs = HandshakeSettings()
def heartbeatResponseCallback(message):
return message
hs.heartbeat_response_callback = heartbeatResponseCallback
hs.use_heartbeat_extension = False
with self.assertRaises(ValueError) as e:
hs.validate()
self.assertIn("heartbeat_response_callback", str(e.exception))
def test_no_signature_hashes_set_with_TLS1_1(self):
hs = HandshakeSettings()
hs.rsaSigHashes = []
hs.dsaSigHashes = []
hs.ecdsaSigHashes = []
hs.maxVersion = (3, 2)
self.assertIsNotNone(hs.validate())
def test_cipherNames_with_unknown_name(self):
hs = HandshakeSettings()
hs.cipherNames = ["aes256"]
newHs = hs.validate()
self.assertEqual(["aes256"], newHs.cipherNames)
def test_cipherNames_with_unknown_name(self):
hs = HandshakeSettings()
hs.cipherNames = ["aes256"]
newHs = hs.validate()
self.assertEqual(["aes256"], newHs.cipherNames)
def test_ticket_count_200(self):
hs = HandshakeSettings()
hs.ticket_count = 200
hs = hs.validate()
self.assertIsNotNone(hs.ticket_count, 200)
def test_pskConfigs(self):
hs = HandshakeSettings()
hs.pskConfigs = [(b'test', b'sicritz', 'sha384')]
hs = hs.validate()
self.assertEqual(hs.pskConfigs, [(b'test', b'sicritz', 'sha384')])
def test_versions_and_maxVersion_mismatch(self):
hs = HandshakeSettings()
hs.maxVersion = (3, 3)
hs = hs.validate()
self.assertNotIn((3, 4), hs.versions)
self.assertNotIn((0x7f, 21), hs.versions)
def test_none_as_record_size_limit(self):
hs = HandshakeSettings()
self.assertIsNotNone(hs.record_size_limit)
hs.record_size_limit = None
hs = hs.validate()
self.assertIsNone(hs.record_size_limit)
def test_useEncryptThenMAC(self):
hs = HandshakeSettings()
self.assertTrue(hs.useEncryptThenMAC)
hs.useEncryptThenMAC = False
n_hs = hs.validate()
self.assertFalse(n_hs.useEncryptThenMAC)
def test_requireExtendedMasterSecret(self):
hs = HandshakeSettings()
self.assertFalse(hs.requireExtendedMasterSecret)
hs.requireExtendedMasterSecret = True
n_hs = hs.validate()
self.assertTrue(n_hs.requireExtendedMasterSecret)
def test_requireExtendedMasterSecret(self):
hs = HandshakeSettings()
self.assertFalse(hs.requireExtendedMasterSecret)
hs.requireExtendedMasterSecret = True
n_hs = hs.validate()
self.assertTrue(n_hs.requireExtendedMasterSecret)
def test_maxVersion_without_TLSv1_2(self):
hs = HandshakeSettings()
hs.maxVersion = (3, 2)
self.assertTrue("sha256" in hs.macNames)
new_hs = hs.validate()
self.assertFalse("sha256" in new_hs.macNames)
def test_useEncryptThenMAC(self):
hs = HandshakeSettings()
self.assertTrue(hs.useEncryptThenMAC)
hs.useEncryptThenMAC = False
n_hs = hs.validate()
self.assertFalse(n_hs.useEncryptThenMAC)
def test_maxVersion_without_TLSv1_2(self):
hs = HandshakeSettings()
hs.maxVersion = (3, 2)
self.assertTrue('sha256' in hs.macNames)
new_hs = hs.validate()
self.assertFalse("sha256" in new_hs.macNames)
def test_certificateTypes_with_unknown_type(self):
hs = HandshakeSettings()
hs.certificateTypes = [0, 42]
with self.assertRaises(ValueError):
hs.validate()
def test_certificateTypes_empty(self):
hs = HandshakeSettings()
hs.certificateTypes = []
with self.assertRaises(ValueError):
hs.validate()
def test_cipherNames_empty(self):
hs = HandshakeSettings()
hs.cipherNames = []
with self.assertRaises(ValueError):
hs.validate()
def test_cipherNames_with_unknown_name(self):
hs = HandshakeSettings()
hs.cipherNames = ["aes256gcm", "aes256"]
with self.assertRaises(ValueError):
hs.validate()
def test_useEncryptThenMAC_with_wrong_value(self):
hs = HandshakeSettings()
hs.useEncryptThenMAC = None
with self.assertRaises(ValueError):
hs.validate()
def test_certificateTypes_with_unknown_type(self):
hs = HandshakeSettings()
hs.certificateTypes = [0, 42]
with self.assertRaises(ValueError):
hs.validate()
def test_maxKeySize_too_small(self):
hs = HandshakeSettings()
hs.maxKeySize = 511
with self.assertRaises(ValueError):
hs.validate()
def test_validate(self):
hs = HandshakeSettings()
newHS = hs.validate()
self.assertIsNotNone(newHS)
self.assertIsNot(hs, newHS)
def test_maxVersion_with_unknown_version(self):
hs = HandshakeSettings()
hs.maxVersion = (3, 4)
with self.assertRaises(ValueError):
hs.validate()
def test_invalid_MAC(self):
hs = HandshakeSettings()
hs.macNames = ['sha1', 'whirpool']
with self.assertRaises(ValueError):
hs.validate()
def test_invalid_dhGroups(self):
hs = HandshakeSettings()
hs.dhGroups = ["ffdhe2048", "ffdhe1024"]
with self.assertRaises(ValueError):
hs.validate()
def test_cipherImplementations_empty(self):
hs = HandshakeSettings()
hs.cipherImplementations = []
with self.assertRaises(ValueError):
hs.validate()
def test_maxKeySize_too_large(self):
hs = HandshakeSettings()
hs.maxKeySize = 16385
with self.assertRaises(ValueError):
hs.validate()
def test_requireExtendedMasterSecret_with_wrong_value(self):
hs = HandshakeSettings()
hs.requireExtendedMasterSecret = None
with self.assertRaises(ValueError):
hs.validate()
def test_invalid_KEX(self):
hs = HandshakeSettings()
hs.keyExchangeNames = ['rsa', 'ecdhe_rsa', 'gost']
with self.assertRaises(ValueError):
hs.validate()
def test_cipherNames_empty(self):
hs = HandshakeSettings()
hs.cipherNames = []
with self.assertRaises(ValueError):
hs.validate()
def test_invalid_signature_algorithm(self):
hs = HandshakeSettings()
hs.rsaSigHashes += ['md2']
with self.assertRaises(ValueError):
hs.validate()
def test_no_signature_hashes_set_with_TLS1_2(self):
hs = HandshakeSettings()
hs.rsaSigHashes = []
with self.assertRaises(ValueError):
hs.validate()
def test_maxKeySize_too_small(self):
hs = HandshakeSettings()
hs.maxKeySize = 511
with self.assertRaises(ValueError):
hs.validate()
def test_no_signature_hashes_set_with_TLS1_1(self):
hs = HandshakeSettings()
hs.rsaSigHashes = []
hs.maxVersion = (3, 2)
self.assertIsNotNone(hs.validate())
def test_maxKeySize_too_large(self):
hs = HandshakeSettings()
hs.maxKeySize = 16385
with self.assertRaises(ValueError):
hs.validate()
def test_invalid_curve_name(self):
hs = HandshakeSettings()
hs.eccCurves = ['P-256']
with self.assertRaises(ValueError):
hs.validate()
def test_cipherNames_with_unknown_name(self):
hs = HandshakeSettings()
hs.cipherNames = ["camellia256gcm", "aes256"]
with self.assertRaises(ValueError):
hs.validate()
def test_invalid_usePaddingExtension(self):
hs = HandshakeSettings()
hs.usePaddingExtension = -1
with self.assertRaises(ValueError):
hs.validate()
def test_certificateTypes_empty(self):
hs = HandshakeSettings()
hs.certificateTypes = []
with self.assertRaises(ValueError):
hs.validate()
def test_cipherImplementations_with_unknown_implementations(self):
hs = HandshakeSettings()
hs.cipherImplementations = ["openssl", "NSS"]
with self.assertRaises(ValueError):
hs.validate()
def test_cipherImplementations_empty(self):
hs = HandshakeSettings()
hs.cipherImplementations = []
with self.assertRaises(ValueError):
hs.validate()
def test_invalid_dhParams(self):
hs = HandshakeSettings()
hs.dhParams = (2, 'bd')
with self.assertRaises(ValueError):
hs.validate()
