def test_process_with_unknown_key_exchange(self): exp = ExpectServerKeyExchange() state = ConnectionState() state.cipher = CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA cert = Certificate(CertificateType.x509).\ create(X509CertChain([X509().parse(srv_raw_certificate)])) private_key = parsePEMKey(srv_raw_key, private=True) client_hello = ClientHello() client_hello.client_version = (3, 3) client_hello.random = bytearray(32) client_hello.extensions = [ SignatureAlgorithmsExtension().create([(HashAlgorithm.sha256, SignatureAlgorithm.rsa)]) ] state.client_random = client_hello.random state.handshake_messages.append(client_hello) server_hello = ServerHello() server_hello.server_version = (3, 3) state.version = server_hello.server_version server_hello.random = bytearray(32) state.server_random = server_hello.random state.handshake_messages.append(cert) msg = ServerKeyExchange(state.cipher, state.version) msg.createSRP(1, 2, bytearray(3), 5) msg.signAlg = SignatureAlgorithm.rsa msg.hashAlg = HashAlgorithm.sha256 hash_bytes = msg.hash(client_hello.random, server_hello.random) hash_bytes = private_key.addPKCS1Prefix(hash_bytes, 'sha256') msg.signature = private_key.sign(hash_bytes) with self.assertRaises(AssertionError): exp.process(state, msg)
def test_client_SRP_key_exchange_with_unknown_params(self): keyExchange = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) keyExchange.createSRP(1, 2, 3, 4) client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername=bytearray(b'user'), password=bytearray(b'password')) with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange)
def test_client_SRP_key_exchange_with_unknown_params(self): keyExchange = ServerKeyExchange(self.cipher_suite, self.server_hello.server_version) keyExchange.createSRP(1, 2, 3, 4) client_keyExchange = SRPKeyExchange(self.cipher_suite, self.client_hello, self.server_hello, None, None, srpUsername='******', password='******') with self.assertRaises(TLSInsufficientSecurity): client_keyExchange.processServerKeyExchange(None, keyExchange)