def test_process_with_not_matching_signature_algorithms(self):
exp = ExpectServerKeyExchange(
valid_sig_algs=[(HashAlgorithm.sha256, SignatureAlgorithm.rsa)])
state = ConnectionState()
state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
server_hello.random = bytearray(32)
state.server_random = server_hello.random
# server hello is not necessary for the test to work
#state.handshake_messages.append(server_hello)
state.handshake_messages.append(cert)
srv_key_exchange = DHE_RSAKeyExchange(\
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
client_hello,
server_hello,
private_key)
msg = srv_key_exchange.makeServerKeyExchange('sha1')
with self.assertRaises(TLSIllegalParameterException):
exp.process(state, msg)
def test_process_with_ssl2(self):
exp = ExpectFinished((2, 0))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = ServerFinished().create(bytearray(range(12)))
exp.process(state, msg)
def test_process_with_ECDHE_RSA(self):
exp = ExpectServerKeyExchange()
state = ConnectionState()
state.cipher = CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
client_hello.extensions = [
SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)]),
SupportedGroupsExtension().create([GroupName.secp256r1])
]
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
server_hello.random = bytearray(32)
state.server_random = server_hello.random
# server hello is not necessary for the test to work
#state.handshake_messages.append(server_hello)
state.handshake_messages.append(cert)
srv_key_exchange = ECDHE_RSAKeyExchange(
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, client_hello,
server_hello, private_key, [GroupName.secp256r1])
msg = srv_key_exchange.makeServerKeyExchange('sha256')
exp.process(state, msg)
def test_process_with_rcf7919_groups_required_not_provided(self):
exp = ExpectServerKeyExchange(valid_groups=[256])
state = ConnectionState()
state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
client_hello.extensions = [SupportedGroupsExtension().create([256])]
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
server_hello.random = bytearray(32)
state.server_random = server_hello.random
# server hello is not necessary for the test to work
#state.handshake_messages.append(server_hello)
state.handshake_messages.append(cert)
srv_key_exchange = DHE_RSAKeyExchange(\
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
client_hello,
server_hello,
private_key,
dhGroups=None)
msg = srv_key_exchange.makeServerKeyExchange('sha1')
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_bad_extension(self):
exps = {ExtensionType.renegotiation_info: None,
ExtensionType.alpn: 'BAD_EXTENSION'
}
exp = ExpectServerHello(extensions=exps)
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(ALPNExtension().create([bytearray(b'http/1.1')]))
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(ValueError):
exp.process(state, msg)
def test_process_with_not_matching_signature_algorithms(self):
exp = ExpectServerKeyExchange(valid_sig_algs=[(HashAlgorithm.sha256,
SignatureAlgorithm.rsa)])
state = ConnectionState()
state.cipher = CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA
cert = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
private_key = parsePEMKey(srv_raw_key, private=True)
client_hello = ClientHello()
client_hello.client_version = (3, 3)
client_hello.random = bytearray(32)
state.client_random = client_hello.random
state.handshake_messages.append(client_hello)
server_hello = ServerHello()
server_hello.server_version = (3, 3)
server_hello.random = bytearray(32)
state.server_random = server_hello.random
# server hello is not necessary for the test to work
#state.handshake_messages.append(server_hello)
state.handshake_messages.append(cert)
srv_key_exchange = DHE_RSAKeyExchange(\
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
client_hello,
server_hello,
private_key)
msg = srv_key_exchange.makeServerKeyExchange('sha1')
with self.assertRaises(TLSIllegalParameterException):
exp.process(state, msg)
def test_process_with_ssl2(self):
exp = ExpectFinished((2, 0))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = ServerFinished().create(bytearray(range(12)))
exp.process(state, msg)
def test_get_last_message_of_type_with_no_messages_of_that_type(self):
state = ConnectionState()
msg = messages.ServerHello()
msg.server_version = (3, 1)
state.handshake_messages.append(msg)
msg = state.get_last_message_of_type(messages.ClientHello)
self.assertIsNone(msg)
def test_process(self):
state = ConnectionState()
state.msg_sock = mock.MagicMock()
close = Close()
close.process(state)
state.msg_sock.sock.close.called_once_with()
def test_post_send(self):
state = ConnectionState()
state.get_server_public_key = lambda: self.priv_key
cke = ClientKeyExchangeGenerator(constants.CipherSuite.TLS_RSA_WITH_NULL_MD5, (3, 3))
ret = cke.generate(state)
cke.post_send(state)
def test_get_last_message_of_type_with_no_messages_of_that_type(self):
state = ConnectionState()
msg = messages.ServerHello()
msg.server_version = (3, 1)
state.handshake_messages.append(msg)
msg = state.get_last_message_of_type(messages.ClientHello)
self.assertIsNone(msg)
def test_process(self):
state = ConnectionState()
state.msg_sock = mock.MagicMock()
close = Close()
close.process(state)
state.msg_sock.sock.close.called_once_with()
def test_process_with_size(self):
node = SetMaxRecordSize(2048)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
node.process(state)
self.assertEqual(2048, state.msg_sock.recordSize)
def test_post_send(self):
state = ConnectionState()
state.get_server_public_key = lambda: self.priv_key
cke = ClientKeyExchangeGenerator(
constants.CipherSuite.TLS_RSA_WITH_NULL_MD5, (3, 3))
ret = cke.generate(state)
cke.post_send(state)
def test_process(self):
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exp = ExpectCertificate()
msg = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
exp.process(state, msg)
def test_process_with_size(self):
node = SetMaxRecordSize(2048)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
node.process(state)
self.assertEqual(2048, state.msg_sock.recordSize)
def test_post_send_with_resumption(self):
fg = FinishedGenerator()
state = ConnectionState()
state.resuming = True
ret = fg.generate(state)
fg.post_send(state)
self.assertFalse(state.resuming)
def test_generate_with_export_cipher(self):
cmk = ClientMasterKeyGenerator(
cipher=constants.CipherSuite.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.get_server_public_key = mock.MagicMock()
ret = cmk.generate(state)
self.assertEqual(len(ret.clear_key), 11)
def test_process(self):
node = SetMaxRecordSize()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.msg_sock.recordSize = 1024
node.process(state)
self.assertEqual(2**14, state.msg_sock.recordSize)
def test_gen_with_session_ticket_missing(self):
state = ConnectionState()
state.cipher = CipherSuite.TLS_AES_256_GCM_SHA384
state.session_tickets = []
gen = psk_session_ext_gen()
with self.assertRaises(ValueError) as e:
psk = gen(state)
self.assertIn("No New Session Ticket", str(e.exception))
def test_generate_with_dhe(self):
state = ConnectionState()
state.key_exchange = mock.MagicMock()
cke = ClientKeyExchangeGenerator(
cipher=constants.CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
ret = cke.generate(state)
self.assertIs(ret, state.key_exchange.makeClientKeyExchange())
def test_post_send(self):
ccsg = ChangeCipherSpecGenerator()
ccsg.generate(None)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ccsg.post_send(state)
self.assertTrue(state.msg_sock.calcPendingStates.called)
self.assertTrue(state.msg_sock.changeWriteState.called)
def test_post_send(self):
ccsg = ChangeCipherSpecGenerator()
ccsg.generate(None)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ccsg.post_send(state)
self.assertTrue(state.msg_sock.calcPendingStates.called)
self.assertTrue(state.msg_sock.changeWriteState.called)
def test_generate_TLS_1_1(self):
priv_key = generateRSAKey(1024)
cert_ver_g = CertificateVerifyGenerator(priv_key)
state = ConnectionState()
state.version = (3, 2)
msg = cert_ver_g.generate(state)
self.assertIsNotNone(msg)
self.assertEqual(len(msg.signature), 128)
def test_process(self):
node = SetMaxRecordSize()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.msg_sock.recordSize = 1024
node.process(state)
self.assertEqual(2**14, state.msg_sock.recordSize)
def test_process(self):
exp = ExpectChangeCipherSpec()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = Message(ContentType.change_cipher_spec, bytearray(1))
exp.process(state, msg)
state.msg_sock.changeReadState.assert_called_once_with()
def test_generate(self):
state = ConnectionState()
state.get_server_public_key = lambda: self.priv_key
cke = ClientKeyExchangeGenerator()
ret = cke.generate(state)
self.assertEqual(len(ret.encryptedPreMasterSecret), 128)
decrypt = self.priv_key.decrypt(ret.encryptedPreMasterSecret)
self.assertEqual(decrypt[:2], bytearray([3, 3]))
def test_generate_with_ssl2(self):
fg = FinishedGenerator((0, 2))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'abba')
ret = fg.generate(state)
self.assertEqual(ret.verify_data, bytearray(b'abba'))
state.msg_sock.changeWriteState.assert_called_once_with()
state.msg_sock.changeReadState.assert_called_once_with()
def test_generate(self):
state = ConnectionState()
state.get_server_public_key = lambda: self.priv_key
cke = ClientKeyExchangeGenerator()
ret = cke.generate(state)
self.assertEqual(len(ret.encryptedPreMasterSecret), 128)
decrypt = self.priv_key.decrypt(ret.encryptedPreMasterSecret)
self.assertEqual(decrypt[:2], bytearray([3, 3]))
def test_generate_with_des_cipher(self):
cmk = ClientMasterKeyGenerator(
cipher=constants.CipherSuite.SSL_CK_DES_64_CBC_WITH_MD5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.get_server_public_key = mock.MagicMock()
ret = cmk.generate(state)
self.assertEqual(ret.encrypted_key,
state.get_server_public_key().encrypt())
def test_process(self):
exp = ExpectChangeCipherSpec()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = Message(ContentType.change_cipher_spec, bytearray(1))
exp.process(state, msg)
state.msg_sock.changeReadState.assert_called_once_with()
def test_get_server_public_key_with_valid_messages(self):
state = ConnectionState()
msg = messages.Certificate(constants.CertificateType.x509)
cert_list = mock.MagicMock()
msg.create(cert_list)
state.handshake_messages.append(msg)
state.get_server_public_key()
self.assertTrue(cert_list.getEndEntityPublicKey.called)
def test_process(self):
node = ResetRenegotiationInfo()
state = ConnectionState()
state.client_verify_data = bytearray(b'\xde\xad\xc0\xde')
state.server_verify_data = bytearray(b'\xc0\xff\xee')
node.process(state)
self.assertEqual(state.client_verify_data, bytearray(0))
self.assertEqual(state.server_verify_data, bytearray(0))
def test_get_server_public_key_with_valid_messages(self):
state = ConnectionState()
msg = messages.Certificate(constants.CertificateType.x509)
cert_list = mock.MagicMock()
msg.create(cert_list)
state.handshake_messages.append(msg)
state.get_server_public_key()
self.assertTrue(cert_list.getEndEntityPublicKey.called)
def test_get_last_message_of_type(self):
state = ConnectionState()
msg = messages.ServerHello()
msg.server_version = (3, 1)
state.handshake_messages.append(msg)
msg = messages.ServerHello()
msg.server_version = (3, 3)
state.handshake_messages.append(msg)
msg = state.get_last_message_of_type(messages.ServerHello)
self.assertEqual(msg.server_version, (3, 3))
def test_process(self):
exp = ExpectCertificateStatus()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = CertificateStatus().create(CertificateStatusType.ocsp,
bytearray(10))
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
def test_get_last_message_of_type(self):
state = ConnectionState()
msg = messages.ServerHello()
msg.server_version = (3, 1)
state.handshake_messages.append(msg)
msg = messages.ServerHello()
msg.server_version = (3, 3)
state.handshake_messages.append(msg)
msg = state.get_last_message_of_type(messages.ServerHello)
self.assertEqual(msg.server_version, (3, 3))
def test_generate(self):
state = ConnectionState()
state.get_server_public_key = lambda : self.priv_key
cke = ClientKeyExchangeGenerator(
cipher=constants.CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA)
ret = cke.generate(state)
self.assertEqual(len(ret.encryptedPreMasterSecret), 128)
decrypt = self.priv_key.decrypt(ret.encryptedPreMasterSecret)
self.assertEqual(decrypt[:2], bytearray([3, 3]))
def test_generate_TLS_1_2(self):
priv_key = generateRSAKey(1024)
cert_ver_g = CertificateVerifyGenerator(priv_key)
state = ConnectionState()
state.version = (3, 3)
msg = cert_ver_g.generate(state)
self.assertIsNotNone(msg)
self.assertEqual(len(msg.signature), 128)
self.assertEqual(msg.signatureAlgorithm,
(constants.HashAlgorithm.sha1,
constants.SignatureAlgorithm.rsa))
def test_process(self):
exp = ExpectServerHello2()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = ServerHello2()
msg.session_id_hit = 1
msg.session_id = bytearray(b'\x12')
msg.certificate = X509().parse(srv_raw_certificate).writeBytes()
ret = exp.process(state, msg)
self.assertEqual(state.session_id, msg.session_id)
def test_process(self):
exp = ExpectServerHello2()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = ServerHello2()
msg.session_id_hit = 1
msg.session_id = bytearray(b'\x12')
msg.certificate = X509().parse(srv_raw_certificate).writeBytes()
ret = exp.process(state, msg)
self.assertEqual(state.session_id, msg.session_id)
def test_generate_extensions_with_renego_info_default_generator(self):
state = ConnectionState()
state.client_verify_data = bytearray(b"\xab\xcd")
chg = ClientHelloGenerator(extensions={constants.ExtensionType.renegotiation_info: None})
return_val = mock.MagicMock()
return_val.write = mock.MagicMock(return_value=bytearray(10))
with mock.patch.object(messages.ClientHello, "create", return_value=return_val) as mock_method:
ch = chg.generate(state)
self.assertEqual(ch, return_val)
ext = RenegotiationInfoExtension().create(bytearray(b"\xab\xcd"))
mock_method.assert_called_once_with((3, 3), bytearray(32), bytearray(0), [], extensions=[ext])
def test_generate(self):
cmk = ClientMasterKeyGenerator(
cipher=constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.get_server_public_key = mock.MagicMock()
ret = cmk.generate(state)
self.assertEqual(ret.cipher,
constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5)
self.assertEqual(ret.clear_key, bytearray(0))
self.assertEqual(ret.encrypted_key,
state.get_server_public_key().encrypt())
self.assertEqual(ret.key_argument,
state.msg_sock.calcSSL2PendingStates())
def test_post_send_with_extended_master_secret(self):
ccsg = ChangeCipherSpecGenerator()
ccsg.generate(None)
state = ConnectionState()
state.extended_master_secret = True
state.msg_sock = mock.MagicMock()
with mock.patch('tlsfuzzer.messages.calcExtendedMasterSecret') as mthd:
mthd.return_value = bytearray(48)
ccsg.post_send(state)
mthd.assert_called_once_with(state.version, state.cipher,
state.premaster_secret,
state.handshake_hashes)
self.assertTrue(state.msg_sock.calcPendingStates.called)
self.assertTrue(state.msg_sock.changeWriteState.called)
def test_process(self):
exp = ExpectAlert()
state = ConnectionState()
msg = Message(ContentType.alert, bytearray(2))
exp.process(state, msg)
def test_generate_with_session_key(self):
cmk = ClientMasterKeyGenerator(
cipher=constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.get_server_public_key = mock.MagicMock()
state.master_secret = bytearray(range(32))
ret = cmk.generate(state)
state.msg_sock.calcSSL2PendingStates.assert_called_once_with(
constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5,
bytearray(range(32)),
bytearray(0),
bytearray(0),
None)
def test_generate(self):
fg = FinishedGenerator()
state = ConnectionState()
ret = fg.generate(state)
self.assertIsInstance(ret, messages.Finished)
def test_gen(self):
state = ConnectionState()
state.cipher = CipherSuite.TLS_AES_256_GCM_SHA384
state.session_tickets = [
NewSessionTicket().create(134, 0, bytearray(b'nonce'),
bytearray(b'ticket value'), [])
]
state.session_tickets[0].time = 1214
gen = psk_session_ext_gen()
psk = gen(state)
self.assertIsInstance(psk, PreSharedKeyExtension)
self.assertEqual(len(psk.identities), 1)
self.assertEqual(psk.binders, [bytearray(48)])
self.assertEqual(psk.identities[0].identity, b'ticket value')
def test_process_with_values_not_matching_anything(self):
exp = ExpectAlert(AlertLevel.warning, AlertDescription.bad_record_mac)
state = ConnectionState()
msg = Message(ContentType.alert, bytearray(b'\xff\xff'))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process(self):
exp = ExpectApplicationData()
state = ConnectionState()
msg = Message(ContentType.application_data, bytearray(0))
exp.process(state, msg)
def test_is_match(self):
exp = ExpectServerKeyExchange()
state = ConnectionState()
msg = Message(ContentType.handshake,
bytearray([HandshakeType.server_key_exchange]))
self.assertTrue(exp.is_match(msg))
def test_is_match(self):
exp = ExpectCertificateRequest()
state = ConnectionState()
msg = Message(ContentType.handshake,
bytearray([HandshakeType.certificate_request]))
self.assertTrue(exp.is_match(msg))
def test_is_match_with_unmatching_handshake_type(self):
exp = ExpectCertificateRequest()
state = ConnectionState()
msg = Message(ContentType.application_data,
bytearray([HandshakeType.certificate_request]))
self.assertFalse(exp.is_match(msg))
def test_process_with_values(self):
exp = ExpectAlert(AlertLevel.warning,
AlertDescription.unknown_psk_identity)
state = ConnectionState()
msg = Message(ContentType.alert, bytearray(b'\x01\x73'))
exp.process(state, msg)
def test_process_with_incorrect_cipher(self):
exp = ExpectServerHello(cipher=5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_values_and_not_matching_level(self):
exp = ExpectAlert(AlertLevel.fatal,
AlertDescription.unknown_psk_identity)
state = ConnectionState()
msg = Message(ContentType.alert, bytearray(b'\x01\x73'))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_incorrect_version(self):
extension_process = mock.MagicMock()
exp = ExpectServerHello(version=(3, 3))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 2),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_generate_TLS_1_2_with_cert_request(self):
priv_key = generateRSAKey(1024)
cert_ver_g = CertificateVerifyGenerator(priv_key)
state = ConnectionState()
state.version = (3, 3)
req = CertificateRequest((3, 3)).create([], [],
[(constants.HashAlgorithm.sha256,
constants.SignatureAlgorithm.rsa),
(constants.HashAlgorithm.sha1,
constants.SignatureAlgorithm.rsa)])
state.handshake_messages = [req]
msg = cert_ver_g.generate(state)
self.assertIsNotNone(msg)
self.assertEqual(len(msg.signature), 128)
self.assertEqual(msg.signatureAlgorithm,
(constants.HashAlgorithm.sha256,
constants.SignatureAlgorithm.rsa))
def test_process_with_unexpected_extensions(self):
exp = ExpectServerHello(extensions={ExtensionType.renegotiation_info:
None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create())
exts.append(SNIExtension().create())
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_mandatory_resumption_but_wrong_id(self):
exp = ExpectServerHello(resume=True)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xbb\xbb\xbb'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
