def test_process_with_ssl2(self):
exp = ExpectFinished((2, 0))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = ServerFinished().create(bytearray(range(12)))
exp.process(state, msg)
def test_process_with_bad_extension(self):
exps = {ExtensionType.renegotiation_info: None,
ExtensionType.alpn: 'BAD_EXTENSION'
}
exp = ExpectServerHello(extensions=exps)
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(ALPNExtension().create([bytearray(b'http/1.1')]))
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(ValueError):
exp.process(state, msg)
def test_process_with_ssl2(self):
exp = ExpectFinished((2, 0))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = ServerFinished().create(bytearray(range(12)))
exp.process(state, msg)
def test_process(self):
state = ConnectionState()
state.msg_sock = mock.MagicMock()
close = Close()
close.process(state)
state.msg_sock.sock.close.called_once_with()
def test_process(self):
state = ConnectionState()
state.msg_sock = mock.MagicMock()
close = Close()
close.process(state)
state.msg_sock.sock.close.called_once_with()
def test_process(self):
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exp = ExpectCertificate()
msg = Certificate(CertificateType.x509).\
create(X509CertChain([X509().parse(srv_raw_certificate)]))
exp.process(state, msg)
def test_process_with_size(self):
node = SetMaxRecordSize(2048)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
node.process(state)
self.assertEqual(2048, state.msg_sock.recordSize)
def test_process_with_size(self):
node = SetMaxRecordSize(2048)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
node.process(state)
self.assertEqual(2048, state.msg_sock.recordSize)
def test_process(self):
node = SetMaxRecordSize()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.msg_sock.recordSize = 1024
node.process(state)
self.assertEqual(2**14, state.msg_sock.recordSize)
def test_generate_with_export_cipher(self):
cmk = ClientMasterKeyGenerator(
cipher=constants.CipherSuite.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.get_server_public_key = mock.MagicMock()
ret = cmk.generate(state)
self.assertEqual(len(ret.clear_key), 11)
def test_post_send(self):
ccsg = ChangeCipherSpecGenerator()
ccsg.generate(None)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ccsg.post_send(state)
self.assertTrue(state.msg_sock.calcPendingStates.called)
self.assertTrue(state.msg_sock.changeWriteState.called)
def test_process(self):
node = SetMaxRecordSize()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.msg_sock.recordSize = 1024
node.process(state)
self.assertEqual(2**14, state.msg_sock.recordSize)
def test_post_send(self):
ccsg = ChangeCipherSpecGenerator()
ccsg.generate(None)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ccsg.post_send(state)
self.assertTrue(state.msg_sock.calcPendingStates.called)
self.assertTrue(state.msg_sock.changeWriteState.called)
def test_process(self):
exp = ExpectChangeCipherSpec()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = Message(ContentType.change_cipher_spec, bytearray(1))
exp.process(state, msg)
state.msg_sock.changeReadState.assert_called_once_with()
def test_generate_with_des_cipher(self):
cmk = ClientMasterKeyGenerator(
cipher=constants.CipherSuite.SSL_CK_DES_64_CBC_WITH_MD5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.get_server_public_key = mock.MagicMock()
ret = cmk.generate(state)
self.assertEqual(ret.encrypted_key,
state.get_server_public_key().encrypt())
def test_process(self):
exp = ExpectChangeCipherSpec()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = Message(ContentType.change_cipher_spec, bytearray(1))
exp.process(state, msg)
state.msg_sock.changeReadState.assert_called_once_with()
def test_generate_with_ssl2(self):
fg = FinishedGenerator((0, 2))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'abba')
ret = fg.generate(state)
self.assertEqual(ret.verify_data, bytearray(b'abba'))
state.msg_sock.changeWriteState.assert_called_once_with()
state.msg_sock.changeReadState.assert_called_once_with()
def test_process(self):
exp = ExpectCertificateStatus()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = CertificateStatus().create(CertificateStatusType.ocsp,
bytearray(10))
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
def test_process(self):
exp = ExpectServerHello2()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = ServerHello2()
msg.session_id_hit = 1
msg.session_id = bytearray(b'\x12')
msg.certificate = X509().parse(srv_raw_certificate).writeBytes()
ret = exp.process(state, msg)
self.assertEqual(state.session_id, msg.session_id)
def test_process(self):
exp = ExpectServerHello2()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
msg = ServerHello2()
msg.session_id_hit = 1
msg.session_id = bytearray(b'\x12')
msg.certificate = X509().parse(srv_raw_certificate).writeBytes()
ret = exp.process(state, msg)
self.assertEqual(state.session_id, msg.session_id)
def test_post_send_with_extended_master_secret(self):
ccsg = ChangeCipherSpecGenerator()
ccsg.generate(None)
state = ConnectionState()
state.extended_master_secret = True
state.msg_sock = mock.MagicMock()
with mock.patch('tlsfuzzer.messages.calcExtendedMasterSecret') as mthd:
mthd.return_value = bytearray(48)
ccsg.post_send(state)
mthd.assert_called_once_with(state.version, state.cipher,
state.premaster_secret,
state.handshake_hashes)
self.assertTrue(state.msg_sock.calcPendingStates.called)
self.assertTrue(state.msg_sock.changeWriteState.called)
def test_generate(self):
cmk = ClientMasterKeyGenerator(
cipher=constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.get_server_public_key = mock.MagicMock()
ret = cmk.generate(state)
self.assertEqual(ret.cipher,
constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5)
self.assertEqual(ret.clear_key, bytearray(0))
self.assertEqual(ret.encrypted_key,
state.get_server_public_key().encrypt())
self.assertEqual(ret.key_argument,
state.msg_sock.calcSSL2PendingStates())
def test_generate_with_session_key(self):
cmk = ClientMasterKeyGenerator(
cipher=constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.get_server_public_key = mock.MagicMock()
state.master_secret = bytearray(range(32))
ret = cmk.generate(state)
state.msg_sock.calcSSL2PendingStates.assert_called_once_with(
constants.CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5,
bytearray(range(32)),
bytearray(0),
bytearray(0),
None)
def test_process_with_incorrect_cipher(self):
exp = ExpectServerHello(cipher=5)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_incorrect_version(self):
extension_process = mock.MagicMock()
exp = ExpectServerHello(version=(3, 3))
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 2),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_extended_master_secret(self):
exp = ExpectServerHello(
extensions={ExtensionType.extended_master_secret:None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
self.assertFalse(state.extended_master_secret)
ext = TLSExtension(extType=ExtensionType.extended_master_secret)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.extended_master_secret)
def test_process_with_resumption(self):
exp = ExpectChangeCipherSpec()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.resuming = True
state.cipher = mock.Mock(name="cipher")
state.master_secret = mock.Mock(name="master_secret")
state.client_random = mock.Mock(name="client_random")
state.server_random = mock.Mock(name="server_random")
msg = Message(ContentType.change_cipher_spec, bytearray(1))
exp.process(state, msg)
state.msg_sock.calcPendingStates.assert_called_once_with(
state.cipher, state.master_secret, state.client_random,
state.server_random, None)
state.msg_sock.changeReadState.assert_called_once_with()
def test_process_with_udefined_cipher(self):
exp = ExpectServerHello()
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create(None)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=0xfff0)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_extended_master_secret(self):
exp = ExpectServerHello(
extensions={ExtensionType.extended_master_secret: None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
self.assertFalse(state.extended_master_secret)
ext = TLSExtension(extType=ExtensionType.extended_master_secret)
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.extended_master_secret)
def test_process_with_mandatory_resumption_but_wrong_id(self):
exp = ExpectServerHello(resume=True)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xbb\xbb\xbb'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_unexpected_extensions(self):
exp = ExpectServerHello(
extensions={ExtensionType.renegotiation_info: None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create())
exts.append(SNIExtension().create())
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_unexpected_extensions(self):
exp = ExpectServerHello(extensions={ExtensionType.renegotiation_info:
None})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create())
exts.append(SNIExtension().create())
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_mandatory_resumption_but_wrong_id(self):
exp = ExpectServerHello(resume=True)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xbb\xbb\xbb'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
with self.assertRaises(AssertionError):
exp.process(state, msg)
def test_process_with_resumption(self):
exp = ExpectServerHello()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xaa\xaa\xaa'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.resuming)
def test_process_with_extensions(self):
extension_process = mock.MagicMock()
exp = ExpectServerHello(
extensions={ExtensionType.renegotiation_info: extension_process})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
extension_process.assert_called_once_with(state, ext)
def test_process_with_extensions(self):
extension_process = mock.MagicMock()
exp = ExpectServerHello(extensions={ExtensionType.renegotiation_info:
extension_process})
state = ConnectionState()
state.msg_sock = mock.MagicMock()
ext = RenegotiationInfoExtension().create()
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=[ext])
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
extension_process.assert_called_once_with(state, ext)
def test_process_with_resumption(self):
exp = ExpectServerHello()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xaa\xaa\xaa'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.resuming)
def test_process_with_resumption(self):
exp = ExpectChangeCipherSpec()
state = ConnectionState()
state.msg_sock = mock.MagicMock()
state.resuming = True
state.cipher = mock.Mock(name="cipher")
state.master_secret = mock.Mock(name="master_secret")
state.client_random = mock.Mock(name="client_random")
state.server_random = mock.Mock(name="server_random")
msg = Message(ContentType.change_cipher_spec, bytearray(1))
exp.process(state, msg)
state.msg_sock.calcPendingStates.assert_called_once_with(
state.cipher,
state.master_secret,
state.client_random,
state.server_random,
None)
state.msg_sock.changeReadState.assert_called_once_with()
def test_process_with_matching_extension(self):
exps = {
ExtensionType.renegotiation_info: None,
ExtensionType.alpn:
ALPNExtension().create([bytearray(b'http/1.1')])
}
exp = ExpectServerHello(extensions=exps)
state = ConnectionState()
state.msg_sock = mock.MagicMock()
exts = []
exts.append(RenegotiationInfoExtension().create(None))
exts.append(ALPNExtension().create([bytearray(b'http/1.1')]))
msg = ServerHello().create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(0),
cipher_suite=4,
extensions=exts)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertIsInstance(state.handshake_messages[0], ServerHello)
def test_process_with_mandatory_resumption(self):
exp = ExpectServerHello(resume=True)
state = ConnectionState()
client_hello = ClientHello()
client_hello.cipher_suites = [4]
state.handshake_messages.append(client_hello)
state.msg_sock = mock.MagicMock()
state.session_id = bytearray(b'\xaa\xaa\xaa')
state.cipher = 4
self.assertFalse(state.resuming)
msg = ServerHello()
msg.create(version=(3, 3),
random=bytearray(32),
session_id=bytearray(b'\xaa\xaa\xaa'),
cipher_suite=4)
self.assertTrue(exp.is_match(msg))
exp.process(state, msg)
self.assertTrue(state.resuming)
