Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(263)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/tests/tlstest.py

Issue 210323002: Update tlslite to 0.4.6. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: More policy_testserver.py Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « third_party/tlslite/tests/serverX509Key.pem ('k') | third_party/tlslite/tests/verifierDB » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #! python 1 #!/usr/bin/env python
2 2
3 # Authors:
4 # Trevor Perrin
5 # Kees Bos - Added tests for XML-RPC
6 # Dimitris Moraitis - Anon ciphersuites
7 # Marcelo Fernandez - Added test for NPN
8 # Martin von Loewis - python 3 port
9
10 #
11 # See the LICENSE file for legal information regarding use of this file.
12 from __future__ import print_function
3 import sys 13 import sys
4 import os 14 import os
5 import os.path 15 import os.path
6 import socket 16 import socket
7 import thread
8 import time 17 import time
9 import httplib 18 import getopt
10 import BaseHTTPServer 19 try:
11 import SimpleHTTPServer 20 from BaseHTTPServer import HTTPServer
21 from SimpleHTTPServer import SimpleHTTPRequestHandler
22 except ImportError:
23 from http.server import HTTPServer, SimpleHTTPRequestHandler
12 24
25 from tlslite import TLSConnection, Fault, HandshakeSettings, \
26 X509, X509CertChain, IMAP4_TLS, VerifierDB, Session, SessionCache, \
27 parsePEMKey, constants, \
28 AlertDescription, HTTPTLSConnection, TLSSocketServerMixIn, \
29 POP3_TLS, m2cryptoLoaded, pycryptoLoaded, gmpyLoaded, tackpyLoaded, \
30 Checker, __version__
31
32 from tlslite.errors import *
33 from tlslite.utils.cryptomath import prngName
34 try:
35 import xmlrpclib
36 except ImportError:
37 # Python 3
38 from xmlrpc import client as xmlrpclib
39 from tlslite import *
13 40
14 try: 41 try:
15 from cryptoIDlib.api import * 42 from tack.structures.Tack import Tack
16 cryptoIDlibLoaded = True 43
17 except: 44 except ImportError:
18 cryptoIDlibLoaded = False 45 pass
19 46
20 if __name__ != "__main__": 47 def printUsage(s=None):
21 raise "This must be run as a command, not used as a module!" 48 if m2cryptoLoaded:
49 crypto = "M2Crypto/OpenSSL"
50 else:
51 crypto = "Python crypto"
52 if s:
53 print("ERROR: %s" % s)
54 print("""\ntls.py version %s (using %s)
22 55
23 #import tlslite 56 Commands:
24 #from tlslite.constants import AlertDescription, Fault 57 server HOST:PORT DIRECTORY
25 58
26 #from tlslite.utils.jython_compat import formatExceptionTrace 59 client HOST:PORT DIRECTORY
27 #from tlslite.X509 import X509, X509CertChain 60 """ % (__version__, crypto))
61 sys.exit(-1)
62
28 63
29 from tlslite.api import * 64 def testConnClient(conn):
65 b1 = os.urandom(1)
66 b10 = os.urandom(10)
67 b100 = os.urandom(100)
68 b1000 = os.urandom(1000)
69 conn.write(b1)
70 conn.write(b10)
71 conn.write(b100)
72 conn.write(b1000)
73 assert(conn.read(min=1, max=1) == b1)
74 assert(conn.read(min=10, max=10) == b10)
75 assert(conn.read(min=100, max=100) == b100)
76 assert(conn.read(min=1000, max=1000) == b1000)
30 77
31 def parsePrivateKey(s): 78 def clientTestCmd(argv):
32 try: 79
33 return parsePEMKey(s, private=True) 80 address = argv[0]
34 except Exception, e: 81 dir = argv[1]
35 print e
36 return parseXMLKey(s, private=True)
37
38
39 def clientTest(address, dir):
40 82
41 #Split address into hostname/port tuple 83 #Split address into hostname/port tuple
42 address = address.split(":") 84 address = address.split(":")
43 if len(address)==1:
44 address.append("4443")
45 address = ( address[0], int(address[1]) ) 85 address = ( address[0], int(address[1]) )
46 86
47 def connect(): 87 def connect():
48 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 88 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
49 if hasattr(sock, 'settimeout'): #It's a python 2.3 feature 89 if hasattr(sock, 'settimeout'): #It's a python 2.3 feature
50 sock.settimeout(5) 90 sock.settimeout(5)
51 sock.connect(address) 91 sock.connect(address)
52 c = TLSConnection(sock) 92 c = TLSConnection(sock)
53 return c 93 return c
54 94
55 test = 0 95 test = 0
56 96
57 badFault = False 97 badFault = False
58 98
59 print "Test 1 - good shared key" 99 print("Test 0 - anonymous handshake")
60 connection = connect() 100 connection = connect()
61 connection.handshakeClientSharedKey("shared", "key") 101 connection.handshakeClientAnonymous()
102 testConnClient(connection)
62 connection.close() 103 connection.close()
63 connection.sock.close() 104
105 print("Test 1 - good X509 (plus SNI)")
106 connection = connect()
107 connection.handshakeClientCert(serverName=address[0])
108 testConnClient(connection)
109 assert(isinstance(connection.session.serverCertChain, X509CertChain))
110 assert(connection.session.serverName == address[0])
111 connection.close()
64 112
65 print "Test 2 - shared key faults" 113 print("Test 1.a - good X509, SSLv3")
66 for fault in Fault.clientSharedKeyFaults + Fault.genericFaults: 114 connection = connect()
115 settings = HandshakeSettings()
116 settings.minVersion = (3,0)
117 settings.maxVersion = (3,0)
118 connection.handshakeClientCert(settings=settings)
119 testConnClient(connection)
120 assert(isinstance(connection.session.serverCertChain, X509CertChain))
121 connection.close()
122
123 print("Test 1.b - good X509, RC4-MD5")
124 connection = connect()
125 settings = HandshakeSettings()
126 settings.macNames = ["md5"]
127 connection.handshakeClientCert(settings=settings)
128 testConnClient(connection)
129 assert(isinstance(connection.session.serverCertChain, X509CertChain))
130 assert(connection.session.cipherSuite == constants.CipherSuite.TLS_RSA_WITH_ RC4_128_MD5)
131 connection.close()
132
133 if tackpyLoaded:
134
135 settings = HandshakeSettings()
136 settings.useExperimentalTackExtension = True
137
138 print("Test 2.a - good X.509, TACK")
67 connection = connect() 139 connection = connect()
68 connection.fault = fault 140 connection.handshakeClientCert(settings=settings)
141 assert(connection.session.tackExt.tacks[0].getTackId() == "rrted.ptvtl.d 2uiq.ox2xe.w4ss3")
142 assert(connection.session.tackExt.activation_flags == 1)
143 testConnClient(connection)
144 connection.close()
145
146 print("Test 2.b - good X.509, TACK unrelated to cert chain")
147 connection = connect()
69 try: 148 try:
70 connection.handshakeClientSharedKey("shared", "key") 149 connection.handshakeClientCert(settings=settings)
71 print " Good Fault %s" % (Fault.faultNames[fault]) 150 assert(False)
72 except TLSFaultError, e: 151 except TLSLocalAlert as alert:
73 print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) 152 if alert.description != AlertDescription.illegal_parameter:
74 badFault = True 153 raise
75 connection.sock.close() 154 connection.close()
76 155
77 print "Test 3 - good SRP" 156 print("Test 3 - good SRP")
78 connection = connect() 157 connection = connect()
79 connection.handshakeClientSRP("test", "password") 158 connection.handshakeClientSRP("test", "password")
159 testConnClient(connection)
80 connection.close() 160 connection.close()
81 161
82 print "Test 4 - SRP faults" 162 print("Test 4 - SRP faults")
83 for fault in Fault.clientSrpFaults + Fault.genericFaults: 163 for fault in Fault.clientSrpFaults + Fault.genericFaults:
84 connection = connect() 164 connection = connect()
85 connection.fault = fault 165 connection.fault = fault
86 try: 166 try:
87 connection.handshakeClientSRP("test", "password") 167 connection.handshakeClientSRP("test", "password")
88 print " Good Fault %s" % (Fault.faultNames[fault]) 168 print(" Good Fault %s" % (Fault.faultNames[fault]))
89 except TLSFaultError, e: 169 except TLSFaultError as e:
90 print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) 170 print(" BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)))
91 badFault = True 171 badFault = True
92 connection.sock.close()
93 172
94 print "Test 5 - good SRP: unknown_srp_username idiom" 173 print("Test 6 - good SRP: with X.509 certificate, TLSv1.0")
95 def srpCallback(): 174 settings = HandshakeSettings()
96 return ("test", "password") 175 settings.minVersion = (3,1)
176 settings.maxVersion = (3,1)
97 connection = connect() 177 connection = connect()
98 connection.handshakeClientUnknown(srpCallback=srpCallback) 178 connection.handshakeClientSRP("test", "password", settings=settings)
179 assert(isinstance(connection.session.serverCertChain, X509CertChain))
180 testConnClient(connection)
99 connection.close() 181 connection.close()
100 connection.sock.close()
101 182
102 print "Test 6 - good SRP: with X.509 certificate" 183 print("Test 7 - X.509 with SRP faults")
103 connection = connect()
104 connection.handshakeClientSRP("test", "password")
105 assert(isinstance(connection.session.serverCertChain, X509CertChain))
106 connection.close()
107 connection.sock.close()
108
109 print "Test 7 - X.509 with SRP faults"
110 for fault in Fault.clientSrpFaults + Fault.genericFaults: 184 for fault in Fault.clientSrpFaults + Fault.genericFaults:
111 connection = connect() 185 connection = connect()
112 connection.fault = fault 186 connection.fault = fault
113 try: 187 try:
114 connection.handshakeClientSRP("test", "password") 188 connection.handshakeClientSRP("test", "password")
115 print " Good Fault %s" % (Fault.faultNames[fault]) 189 print(" Good Fault %s" % (Fault.faultNames[fault]))
116 except TLSFaultError, e: 190 except TLSFaultError as e:
117 print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) 191 print(" BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)))
118 badFault = True 192 badFault = True
119 connection.sock.close()
120 193
121 if cryptoIDlibLoaded: 194 print("Test 11 - X.509 faults")
122 print "Test 8 - good SRP: with cryptoID certificate chain"
123 connection = connect()
124 connection.handshakeClientSRP("test", "password")
125 assert(isinstance(connection.session.serverCertChain, CertChain))
126 if not (connection.session.serverCertChain.validate()):
127 print connection.session.serverCertChain.validate(listProblems=True)
128
129 connection.close()
130 connection.sock.close()
131
132 print "Test 9 - CryptoID with SRP faults"
133 for fault in Fault.clientSrpFaults + Fault.genericFaults:
134 connection = connect()
135 connection.fault = fault
136 try:
137 connection.handshakeClientSRP("test", "password")
138 print " Good Fault %s" % (Fault.faultNames[fault])
139 except TLSFaultError, e:
140 print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e))
141 badFault = True
142 connection.sock.close()
143
144 print "Test 10 - good X509"
145 connection = connect()
146 connection.handshakeClientCert()
147 assert(isinstance(connection.session.serverCertChain, X509CertChain))
148 connection.close()
149 connection.sock.close()
150
151 print "Test 10.a - good X509, SSLv3"
152 connection = connect()
153 settings = HandshakeSettings()
154 settings.minVersion = (3,0)
155 settings.maxVersion = (3,0)
156 connection.handshakeClientCert(settings=settings)
157 assert(isinstance(connection.session.serverCertChain, X509CertChain))
158 connection.close()
159 connection.sock.close()
160
161 print "Test 11 - X.509 faults"
162 for fault in Fault.clientNoAuthFaults + Fault.genericFaults: 195 for fault in Fault.clientNoAuthFaults + Fault.genericFaults:
163 connection = connect() 196 connection = connect()
164 connection.fault = fault 197 connection.fault = fault
165 try: 198 try:
166 connection.handshakeClientCert() 199 connection.handshakeClientCert()
167 print " Good Fault %s" % (Fault.faultNames[fault]) 200 print(" Good Fault %s" % (Fault.faultNames[fault]))
168 except TLSFaultError, e: 201 except TLSFaultError as e:
169 print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) 202 print(" BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)))
170 badFault = True 203 badFault = True
171 connection.sock.close()
172 204
173 if cryptoIDlibLoaded: 205 print("Test 14 - good mutual X509")
174 print "Test 12 - good cryptoID"
175 connection = connect()
176 connection.handshakeClientCert()
177 assert(isinstance(connection.session.serverCertChain, CertChain))
178 assert(connection.session.serverCertChain.validate())
179 connection.close()
180 connection.sock.close()
181
182 print "Test 13 - cryptoID faults"
183 for fault in Fault.clientNoAuthFaults + Fault.genericFaults:
184 connection = connect()
185 connection.fault = fault
186 try:
187 connection.handshakeClientCert()
188 print " Good Fault %s" % (Fault.faultNames[fault])
189 except TLSFaultError, e:
190 print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e))
191 badFault = True
192 connection.sock.close()
193
194 print "Test 14 - good mutual X509"
195 x509Cert = X509().parse(open(os.path.join(dir, "clientX509Cert.pem")).read() ) 206 x509Cert = X509().parse(open(os.path.join(dir, "clientX509Cert.pem")).read() )
196 x509Chain = X509CertChain([x509Cert]) 207 x509Chain = X509CertChain([x509Cert])
197 s = open(os.path.join(dir, "clientX509Key.pem")).read() 208 s = open(os.path.join(dir, "clientX509Key.pem")).read()
198 x509Key = parsePEMKey(s, private=True) 209 x509Key = parsePEMKey(s, private=True)
199 210
200 connection = connect() 211 connection = connect()
201 connection.handshakeClientCert(x509Chain, x509Key) 212 connection.handshakeClientCert(x509Chain, x509Key)
213 testConnClient(connection)
202 assert(isinstance(connection.session.serverCertChain, X509CertChain)) 214 assert(isinstance(connection.session.serverCertChain, X509CertChain))
203 connection.close() 215 connection.close()
204 connection.sock.close()
205 216
206 print "Test 14.a - good mutual X509, SSLv3" 217 print("Test 14.a - good mutual X509, SSLv3")
207 connection = connect() 218 connection = connect()
208 settings = HandshakeSettings() 219 settings = HandshakeSettings()
209 settings.minVersion = (3,0) 220 settings.minVersion = (3,0)
210 settings.maxVersion = (3,0) 221 settings.maxVersion = (3,0)
211 connection.handshakeClientCert(x509Chain, x509Key, settings=settings) 222 connection.handshakeClientCert(x509Chain, x509Key, settings=settings)
223 testConnClient(connection)
212 assert(isinstance(connection.session.serverCertChain, X509CertChain)) 224 assert(isinstance(connection.session.serverCertChain, X509CertChain))
213 connection.close() 225 connection.close()
214 connection.sock.close()
215 226
216 print "Test 15 - mutual X.509 faults" 227 print("Test 15 - mutual X.509 faults")
217 for fault in Fault.clientCertFaults + Fault.genericFaults: 228 for fault in Fault.clientCertFaults + Fault.genericFaults:
218 connection = connect() 229 connection = connect()
219 connection.fault = fault 230 connection.fault = fault
220 try: 231 try:
221 connection.handshakeClientCert(x509Chain, x509Key) 232 connection.handshakeClientCert(x509Chain, x509Key)
222 print " Good Fault %s" % (Fault.faultNames[fault]) 233 print(" Good Fault %s" % (Fault.faultNames[fault]))
223 except TLSFaultError, e: 234 except TLSFaultError as e:
224 print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) 235 print(" BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)))
225 badFault = True 236 badFault = True
226 connection.sock.close()
227 237
228 if cryptoIDlibLoaded: 238 print("Test 18 - good SRP, prepare to resume... (plus SNI)")
229 print "Test 16 - good mutual cryptoID"
230 cryptoIDChain = CertChain().parse(open(os.path.join(dir, "serverCryptoID Chain.xml"), "r").read())
231 cryptoIDKey = parseXMLKey(open(os.path.join(dir, "serverCryptoIDKey.xml" ), "r").read(), private=True)
232
233 connection = connect()
234 connection.handshakeClientCert(cryptoIDChain, cryptoIDKey)
235 assert(isinstance(connection.session.serverCertChain, CertChain))
236 assert(connection.session.serverCertChain.validate())
237 connection.close()
238 connection.sock.close()
239
240 print "Test 17 - mutual cryptoID faults"
241 for fault in Fault.clientCertFaults + Fault.genericFaults:
242 connection = connect()
243 connection.fault = fault
244 try:
245 connection.handshakeClientCert(cryptoIDChain, cryptoIDKey)
246 print " Good Fault %s" % (Fault.faultNames[fault])
247 except TLSFaultError, e:
248 print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e))
249 badFault = True
250 connection.sock.close()
251
252 print "Test 18 - good SRP, prepare to resume..."
253 connection = connect() 239 connection = connect()
254 connection.handshakeClientSRP("test", "password") 240 connection.handshakeClientSRP("test", "password", serverName=address[0])
241 testConnClient(connection)
255 connection.close() 242 connection.close()
256 connection.sock.close()
257 session = connection.session 243 session = connection.session
258 244
259 print "Test 19 - resumption" 245 print("Test 19 - resumption (plus SNI)")
260 connection = connect() 246 connection = connect()
261 connection.handshakeClientSRP("test", "garbage", session=session) 247 connection.handshakeClientSRP("test", "garbage", serverName=address[0],
248 session=session)
249 testConnClient(connection)
262 #Don't close! -- see below 250 #Don't close! -- see below
263 251
264 print "Test 20 - invalidated resumption" 252 print("Test 20 - invalidated resumption (plus SNI)")
265 connection.sock.close() #Close the socket without a close_notify! 253 connection.sock.close() #Close the socket without a close_notify!
266 connection = connect() 254 connection = connect()
267 try: 255 try:
268 connection.handshakeClientSRP("test", "garbage", session=session) 256 connection.handshakeClientSRP("test", "garbage",
269 assert() 257 serverName=address[0], session=session)
270 except TLSRemoteAlert, alert: 258 assert(False)
259 except TLSRemoteAlert as alert:
271 if alert.description != AlertDescription.bad_record_mac: 260 if alert.description != AlertDescription.bad_record_mac:
272 raise 261 raise
273 connection.sock.close() 262 connection.close()
274 263
275 print "Test 21 - HTTPS test X.509" 264 print("Test 21 - HTTPS test X.509")
276 address = address[0], address[1]+1 265 address = address[0], address[1]+1
277 if hasattr(socket, "timeout"): 266 if hasattr(socket, "timeout"):
278 timeoutEx = socket.timeout 267 timeoutEx = socket.timeout
279 else: 268 else:
280 timeoutEx = socket.error 269 timeoutEx = socket.error
281 while 1: 270 while 1:
282 try: 271 try:
283 time.sleep(2) 272 time.sleep(2)
284 htmlBody = open(os.path.join(dir, "index.html")).read() 273 htmlBody = bytearray(open(os.path.join(dir, "index.html")).read(), " utf-8")
285 fingerprint = None 274 fingerprint = None
286 for y in range(2): 275 for y in range(2):
276 checker =Checker(x509Fingerprint=fingerprint)
287 h = HTTPTLSConnection(\ 277 h = HTTPTLSConnection(\
288 address[0], address[1], x509Fingerprint=fingerprint) 278 address[0], address[1], checker=checker)
289 for x in range(3): 279 for x in range(3):
290 h.request("GET", "/index.html") 280 h.request("GET", "/index.html")
291 r = h.getresponse() 281 r = h.getresponse()
292 assert(r.status == 200) 282 assert(r.status == 200)
293 s = r.read() 283 b = bytearray(r.read())
294 assert(s == htmlBody) 284 assert(b == htmlBody)
295 fingerprint = h.tlsSession.serverCertChain.getFingerprint() 285 fingerprint = h.tlsSession.serverCertChain.getFingerprint()
296 assert(fingerprint) 286 assert(fingerprint)
297 time.sleep(2) 287 time.sleep(2)
298 break 288 break
299 except timeoutEx: 289 except timeoutEx:
300 print "timeout, retrying..." 290 print("timeout, retrying...")
301 pass 291 pass
302 292
303 if cryptoIDlibLoaded:
304 print "Test 21a - HTTPS test SRP+cryptoID"
305 address = address[0], address[1]+1
306 if hasattr(socket, "timeout"):
307 timeoutEx = socket.timeout
308 else:
309 timeoutEx = socket.error
310 while 1:
311 try:
312 time.sleep(2) #Time to generate key and cryptoID
313 htmlBody = open(os.path.join(dir, "index.html")).read()
314 fingerprint = None
315 protocol = None
316 for y in range(2):
317 h = HTTPTLSConnection(\
318 address[0], address[1],
319 username="test", password="password",
320 cryptoID=fingerprint, protocol=protocol)
321 for x in range(3):
322 h.request("GET", "/index.html")
323 r = h.getresponse()
324 assert(r.status == 200)
325 s = r.read()
326 assert(s == htmlBody)
327 fingerprint = h.tlsSession.serverCertChain.cryptoID
328 assert(fingerprint)
329 protocol = "urn:whatever"
330 time.sleep(2)
331 break
332 except timeoutEx:
333 print "timeout, retrying..."
334 pass
335
336 address = address[0], address[1]+1 293 address = address[0], address[1]+1
337 294
338 implementations = [] 295 implementations = []
339 if cryptlibpyLoaded:
340 implementations.append("cryptlib")
341 if m2cryptoLoaded: 296 if m2cryptoLoaded:
342 implementations.append("openssl") 297 implementations.append("openssl")
343 if pycryptoLoaded: 298 if pycryptoLoaded:
344 implementations.append("pycrypto") 299 implementations.append("pycrypto")
345 implementations.append("python") 300 implementations.append("python")
346 301
347 print "Test 22 - different ciphers" 302 print("Test 22 - different ciphers, TLSv1.0")
348 for implementation in implementations: 303 for implementation in implementations:
349 for cipher in ["aes128", "aes256", "rc4"]: 304 for cipher in ["aes128", "aes256", "rc4"]:
350 305
351 print "Test 22:", 306 print("Test 22:", end=' ')
352 connection = connect() 307 connection = connect()
353 308
354 settings = HandshakeSettings() 309 settings = HandshakeSettings()
355 settings.cipherNames = [cipher] 310 settings.cipherNames = [cipher]
356 settings.cipherImplementations = [implementation, "python"] 311 settings.cipherImplementations = [implementation, "python"]
357 connection.handshakeClientSharedKey("shared", "key", settings=settin gs) 312 settings.minVersion = (3,1)
358 print ("%s %s" % (connection.getCipherName(), connection.getCipherIm plementation())) 313 settings.maxVersion = (3,1)
314 connection.handshakeClientCert(settings=settings)
315 testConnClient(connection)
316 print("%s %s" % (connection.getCipherName(), connection.getCipherImp lementation()))
317 connection.close()
359 318
360 connection.write("hello") 319 print("Test 23 - throughput test")
361 h = connection.read(min=5, max=5)
362 assert(h == "hello")
363 connection.close()
364 connection.sock.close()
365
366 print "Test 23 - throughput test"
367 for implementation in implementations: 320 for implementation in implementations:
368 for cipher in ["aes128", "aes256", "3des", "rc4"]: 321 for cipher in ["aes128", "aes256", "3des", "rc4"]:
369 if cipher == "3des" and implementation not in ("openssl", "cryptlib" , "pycrypto"): 322 if cipher == "3des" and implementation not in ("openssl", "pycrypto" ):
370 continue 323 continue
371 324
372 print "Test 23:", 325 print("Test 23:", end=' ')
373 connection = connect() 326 connection = connect()
374 327
375 settings = HandshakeSettings() 328 settings = HandshakeSettings()
376 settings.cipherNames = [cipher] 329 settings.cipherNames = [cipher]
377 settings.cipherImplementations = [implementation, "python"] 330 settings.cipherImplementations = [implementation, "python"]
378 connection.handshakeClientSharedKey("shared", "key", settings=settin gs) 331 connection.handshakeClientCert(settings=settings)
379 print ("%s %s:" % (connection.getCipherName(), connection.getCipherI mplementation())), 332 print("%s %s:" % (connection.getCipherName(), connection.getCipherIm plementation()), end=' ')
380 333
381 startTime = time.clock() 334 startTime = time.clock()
382 connection.write("hello"*10000) 335 connection.write(b"hello"*10000)
383 h = connection.read(min=50000, max=50000) 336 h = connection.read(min=50000, max=50000)
384 stopTime = time.clock() 337 stopTime = time.clock()
385 print "100K exchanged at rate of %d bytes/sec" % int(100000/(stopTim e-startTime)) 338 if stopTime-startTime:
339 print("100K exchanged at rate of %d bytes/sec" % int(100000/(sto pTime-startTime)))
340 else:
341 print("100K exchanged very fast")
386 342
387 assert(h == "hello"*10000) 343 assert(h == b"hello"*10000)
388 connection.close() 344 connection.close()
389 connection.sock.close() 345
346 print("Test 24.a - Next-Protocol Client Negotiation")
347 connection = connect()
348 connection.handshakeClientCert(nextProtos=[b"http/1.1"])
349 #print(" Next-Protocol Negotiated: %s" % connection.next_proto)
350 assert(connection.next_proto == b'http/1.1')
351 connection.close()
390 352
391 print "Test 24 - Internet servers test" 353 print("Test 24.b - Next-Protocol Client Negotiation")
354 connection = connect()
355 connection.handshakeClientCert(nextProtos=[b"spdy/2", b"http/1.1"])
356 #print(" Next-Protocol Negotiated: %s" % connection.next_proto)
357 assert(connection.next_proto == b'spdy/2')
358 connection.close()
359
360 print("Test 24.c - Next-Protocol Client Negotiation")
361 connection = connect()
362 connection.handshakeClientCert(nextProtos=[b"spdy/2", b"http/1.1"])
363 #print(" Next-Protocol Negotiated: %s" % connection.next_proto)
364 assert(connection.next_proto == b'spdy/2')
365 connection.close()
366
367 print("Test 24.d - Next-Protocol Client Negotiation")
368 connection = connect()
369 connection.handshakeClientCert(nextProtos=[b"spdy/3", b"spdy/2", b"http/1.1" ])
370 #print(" Next-Protocol Negotiated: %s" % connection.next_proto)
371 assert(connection.next_proto == b'spdy/2')
372 connection.close()
373
374 print("Test 24.e - Next-Protocol Client Negotiation")
375 connection = connect()
376 connection.handshakeClientCert(nextProtos=[b"spdy/3", b"spdy/2", b"http/1.1" ])
377 #print(" Next-Protocol Negotiated: %s" % connection.next_proto)
378 assert(connection.next_proto == b'spdy/3')
379 connection.close()
380
381 print("Test 24.f - Next-Protocol Client Negotiation")
382 connection = connect()
383 connection.handshakeClientCert(nextProtos=[b"http/1.1"])
384 #print(" Next-Protocol Negotiated: %s" % connection.next_proto)
385 assert(connection.next_proto == b'http/1.1')
386 connection.close()
387
388 print("Test 24.g - Next-Protocol Client Negotiation")
389 connection = connect()
390 connection.handshakeClientCert(nextProtos=[b"spdy/2", b"http/1.1"])
391 #print(" Next-Protocol Negotiated: %s" % connection.next_proto)
392 assert(connection.next_proto == b'spdy/2')
393 connection.close()
394
395 print('Test 25 - good standard XMLRPC https client')
396 time.sleep(2) # Hack for lack of ability to set timeout here
397 address = address[0], address[1]+1
398 server = xmlrpclib.Server('https://%s:%s' % address)
399 assert server.add(1,2) == 3
400 assert server.pow(2,4) == 16
401
402 print('Test 26 - good tlslite XMLRPC client')
403 transport = XMLRPCTransport(ignoreAbruptClose=True)
404 server = xmlrpclib.Server('https://%s:%s' % address, transport)
405 assert server.add(1,2) == 3
406 assert server.pow(2,4) == 16
407
408 print('Test 27 - good XMLRPC ignored protocol')
409 server = xmlrpclib.Server('http://%s:%s' % address, transport)
410 assert server.add(1,2) == 3
411 assert server.pow(2,4) == 16
412
413 print("Test 28 - Internet servers test")
392 try: 414 try:
393 i = IMAP4_TLS("cyrus.andrew.cmu.edu") 415 i = IMAP4_TLS("cyrus.andrew.cmu.edu")
394 i.login("anonymous", "anonymous@anonymous.net") 416 i.login("anonymous", "anonymous@anonymous.net")
395 i.logout() 417 i.logout()
396 print "Test 24: IMAP4 good" 418 print("Test 28: IMAP4 good")
397 p = POP3_TLS("pop.gmail.com") 419 p = POP3_TLS("pop.gmail.com")
398 p.quit() 420 p.quit()
399 print "Test 24: POP3 good" 421 print("Test 29: POP3 good")
400 except socket.error, e: 422 except socket.error as e:
401 print "Non-critical error: socket error trying to reach internet server: ", e 423 print("Non-critical error: socket error trying to reach internet server: ", e)
402 424
403 if not badFault: 425 if not badFault:
404 print "Test succeeded" 426 print("Test succeeded")
405 else: 427 else:
406 print "Test failed" 428 print("Test failed")
407 429
408 430
409 def serverTest(address, dir): 431
432 def testConnServer(connection):
433 count = 0
434 while 1:
435 s = connection.read()
436 count += len(s)
437 if len(s) == 0:
438 break
439 connection.write(s)
440 if count == 1111:
441 break
442
443 def serverTestCmd(argv):
444
445 address = argv[0]
446 dir = argv[1]
447
410 #Split address into hostname/port tuple 448 #Split address into hostname/port tuple
411 address = address.split(":") 449 address = address.split(":")
412 if len(address)==1:
413 address.append("4443")
414 address = ( address[0], int(address[1]) ) 450 address = ( address[0], int(address[1]) )
415 451
416 #Connect to server 452 #Connect to server
417 lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 453 lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
418 lsock.bind(address) 454 lsock.bind(address)
419 lsock.listen(5) 455 lsock.listen(5)
420 456
421 def connect(): 457 def connect():
422 return TLSConnection(lsock.accept()[0]) 458 return TLSConnection(lsock.accept()[0])
423 459
424 print "Test 1 - good shared key" 460 x509Cert = X509().parse(open(os.path.join(dir, "serverX509Cert.pem")).read() )
425 sharedKeyDB = SharedKeyDB() 461 x509Chain = X509CertChain([x509Cert])
426 sharedKeyDB["shared"] = "key" 462 s = open(os.path.join(dir, "serverX509Key.pem")).read()
427 sharedKeyDB["shared2"] = "key2" 463 x509Key = parsePEMKey(s, private=True)
464
465 print("Test 0 - Anonymous server handshake")
428 connection = connect() 466 connection = connect()
429 connection.handshakeServer(sharedKeyDB=sharedKeyDB) 467 connection.handshakeServer(anon=True)
468 testConnServer(connection)
469 connection.close()
470
471 print("Test 1 - good X.509")
472 connection = connect()
473 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key)
474 assert(connection.session.serverName == address[0])
475 testConnServer(connection)
430 connection.close() 476 connection.close()
431 connection.sock.close()
432 477
433 print "Test 2 - shared key faults" 478 print("Test 1.a - good X.509, SSL v3")
434 for fault in Fault.clientSharedKeyFaults + Fault.genericFaults: 479 connection = connect()
480 settings = HandshakeSettings()
481 settings.minVersion = (3,0)
482 settings.maxVersion = (3,0)
483 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings =settings)
484 testConnServer(connection)
485 connection.close()
486
487 print("Test 1.b - good X.509, RC4-MD5")
488 connection = connect()
489 settings = HandshakeSettings()
490 settings.macNames = ["sha", "md5"]
491 settings.cipherNames = ["rc4"]
492 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings =settings)
493 testConnServer(connection)
494 connection.close()
495
496 if tackpyLoaded:
497 tack = Tack.createFromPem(open("./TACK1.pem", "rU").read())
498 tackUnrelated = Tack.createFromPem(open("./TACKunrelated.pem", "rU").rea d())
499
500 settings = HandshakeSettings()
501 settings.useExperimentalTackExtension = True
502
503 print("Test 2.a - good X.509, TACK")
435 connection = connect() 504 connection = connect()
436 connection.fault = fault 505 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
506 tacks=[tack], activationFlags=1, settings=settings)
507 testConnServer(connection)
508 connection.close()
509
510 print("Test 2.b - good X.509, TACK unrelated to cert chain")
511 connection = connect()
437 try: 512 try:
438 connection.handshakeServer(sharedKeyDB=sharedKeyDB) 513 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
439 assert() 514 tacks=[tackUnrelated], settings=settings)
440 except: 515 assert(False)
441 pass 516 except TLSRemoteAlert as alert:
442 connection.sock.close() 517 if alert.description != AlertDescription.illegal_parameter:
443 518 raise
444 print "Test 3 - good SRP" 519
445 #verifierDB = tlslite.VerifierDB(os.path.join(dir, "verifierDB")) 520 print("Test 3 - good SRP")
446 #verifierDB.open()
447 verifierDB = VerifierDB() 521 verifierDB = VerifierDB()
448 verifierDB.create() 522 verifierDB.create()
449 entry = VerifierDB.makeVerifier("test", "password", 1536) 523 entry = VerifierDB.makeVerifier("test", "password", 1536)
450 verifierDB["test"] = entry 524 verifierDB["test"] = entry
451 525
452 connection = connect() 526 connection = connect()
453 connection.handshakeServer(verifierDB=verifierDB) 527 connection.handshakeServer(verifierDB=verifierDB)
528 testConnServer(connection)
454 connection.close() 529 connection.close()
455 connection.sock.close()
456 530
457 print "Test 4 - SRP faults" 531 print("Test 4 - SRP faults")
458 for fault in Fault.clientSrpFaults + Fault.genericFaults: 532 for fault in Fault.clientSrpFaults + Fault.genericFaults:
459 connection = connect() 533 connection = connect()
460 connection.fault = fault 534 connection.fault = fault
461 try: 535 try:
462 connection.handshakeServer(verifierDB=verifierDB) 536 connection.handshakeServer(verifierDB=verifierDB)
463 assert() 537 assert()
464 except: 538 except:
465 pass 539 pass
466 connection.sock.close() 540 connection.close()
467 541
468 print "Test 5 - good SRP: unknown_srp_username idiom" 542 print("Test 6 - good SRP: with X.509 cert")
469 connection = connect()
470 connection.handshakeServer(verifierDB=verifierDB)
471 connection.close()
472 connection.sock.close()
473
474 print "Test 6 - good SRP: with X.509 cert"
475 x509Cert = X509().parse(open(os.path.join(dir, "serverX509Cert.pem")).read() )
476 x509Chain = X509CertChain([x509Cert])
477 s = open(os.path.join(dir, "serverX509Key.pem")).read()
478 x509Key = parsePEMKey(s, private=True)
479
480 connection = connect() 543 connection = connect()
481 connection.handshakeServer(verifierDB=verifierDB, \ 544 connection.handshakeServer(verifierDB=verifierDB, \
482 certChain=x509Chain, privateKey=x509Key) 545 certChain=x509Chain, privateKey=x509Key)
546 testConnServer(connection)
483 connection.close() 547 connection.close()
484 connection.sock.close()
485 548
486 print "Test 7 - X.509 with SRP faults" 549 print("Test 7 - X.509 with SRP faults")
487 for fault in Fault.clientSrpFaults + Fault.genericFaults: 550 for fault in Fault.clientSrpFaults + Fault.genericFaults:
488 connection = connect() 551 connection = connect()
489 connection.fault = fault 552 connection.fault = fault
490 try: 553 try:
491 connection.handshakeServer(verifierDB=verifierDB, \ 554 connection.handshakeServer(verifierDB=verifierDB, \
492 certChain=x509Chain, privateKey=x509Key) 555 certChain=x509Chain, privateKey=x509Key)
493 assert() 556 assert()
494 except: 557 except:
495 pass 558 pass
496 connection.sock.close() 559 connection.close()
497 560
498 if cryptoIDlibLoaded: 561 print("Test 11 - X.509 faults")
499 print "Test 8 - good SRP: with cryptoID certs"
500 cryptoIDChain = CertChain().parse(open(os.path.join(dir, "serverCryptoID Chain.xml"), "r").read())
501 cryptoIDKey = parseXMLKey(open(os.path.join(dir, "serverCryptoIDKey.xml" ), "r").read(), private=True)
502 connection = connect()
503 connection.handshakeServer(verifierDB=verifierDB, \
504 certChain=cryptoIDChain, privateKey=cryptoIDK ey)
505 connection.close()
506 connection.sock.close()
507
508 print "Test 9 - cryptoID with SRP faults"
509 for fault in Fault.clientSrpFaults + Fault.genericFaults:
510 connection = connect()
511 connection.fault = fault
512 try:
513 connection.handshakeServer(verifierDB=verifierDB, \
514 certChain=cryptoIDChain, privateKey=c ryptoIDKey)
515 assert()
516 except:
517 pass
518 connection.sock.close()
519
520 print "Test 10 - good X.509"
521 connection = connect()
522 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key)
523 connection.close()
524 connection.sock.close()
525
526 print "Test 10.a - good X.509, SSL v3"
527 connection = connect()
528 settings = HandshakeSettings()
529 settings.minVersion = (3,0)
530 settings.maxVersion = (3,0)
531 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings =settings)
532 connection.close()
533 connection.sock.close()
534
535 print "Test 11 - X.509 faults"
536 for fault in Fault.clientNoAuthFaults + Fault.genericFaults: 562 for fault in Fault.clientNoAuthFaults + Fault.genericFaults:
537 connection = connect() 563 connection = connect()
538 connection.fault = fault 564 connection.fault = fault
539 try: 565 try:
540 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key) 566 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key)
541 assert() 567 assert()
542 except: 568 except:
543 pass 569 pass
544 connection.sock.close() 570 connection.close()
545 571
546 if cryptoIDlibLoaded: 572 print("Test 14 - good mutual X.509")
547 print "Test 12 - good cryptoID"
548 connection = connect()
549 connection.handshakeServer(certChain=cryptoIDChain, privateKey=cryptoIDK ey)
550 connection.close()
551 connection.sock.close()
552
553 print "Test 13 - cryptoID faults"
554 for fault in Fault.clientNoAuthFaults + Fault.genericFaults:
555 connection = connect()
556 connection.fault = fault
557 try:
558 connection.handshakeServer(certChain=cryptoIDChain, privateKey=c ryptoIDKey)
559 assert()
560 except:
561 pass
562 connection.sock.close()
563
564 print "Test 14 - good mutual X.509"
565 connection = connect() 573 connection = connect()
566 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert= True) 574 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert= True)
575 testConnServer(connection)
567 assert(isinstance(connection.session.serverCertChain, X509CertChain)) 576 assert(isinstance(connection.session.serverCertChain, X509CertChain))
568 connection.close() 577 connection.close()
569 connection.sock.close()
570 578
571 print "Test 14a - good mutual X.509, SSLv3" 579 print("Test 14a - good mutual X.509, SSLv3")
572 connection = connect() 580 connection = connect()
573 settings = HandshakeSettings() 581 settings = HandshakeSettings()
574 settings.minVersion = (3,0) 582 settings.minVersion = (3,0)
575 settings.maxVersion = (3,0) 583 settings.maxVersion = (3,0)
576 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert= True, settings=settings) 584 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert= True, settings=settings)
585 testConnServer(connection)
577 assert(isinstance(connection.session.serverCertChain, X509CertChain)) 586 assert(isinstance(connection.session.serverCertChain, X509CertChain))
578 connection.close() 587 connection.close()
579 connection.sock.close()
580 588
581 print "Test 15 - mutual X.509 faults" 589 print("Test 15 - mutual X.509 faults")
582 for fault in Fault.clientCertFaults + Fault.genericFaults: 590 for fault in Fault.clientCertFaults + Fault.genericFaults:
583 connection = connect() 591 connection = connect()
584 connection.fault = fault 592 connection.fault = fault
585 try: 593 try:
586 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert=True) 594 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert=True)
587 assert() 595 assert()
588 except: 596 except:
589 pass 597 pass
590 connection.sock.close() 598 connection.close()
591 599
592 if cryptoIDlibLoaded: 600 print("Test 18 - good SRP, prepare to resume")
593 print "Test 16 - good mutual cryptoID"
594 connection = connect()
595 connection.handshakeServer(certChain=cryptoIDChain, privateKey=cryptoIDK ey, reqCert=True)
596 assert(isinstance(connection.session.serverCertChain, CertChain))
597 assert(connection.session.serverCertChain.validate())
598 connection.close()
599 connection.sock.close()
600
601 print "Test 17 - mutual cryptoID faults"
602 for fault in Fault.clientCertFaults + Fault.genericFaults:
603 connection = connect()
604 connection.fault = fault
605 try:
606 connection.handshakeServer(certChain=cryptoIDChain, privateKey=c ryptoIDKey, reqCert=True)
607 assert()
608 except:
609 pass
610 connection.sock.close()
611
612 print "Test 18 - good SRP, prepare to resume"
613 sessionCache = SessionCache() 601 sessionCache = SessionCache()
614 connection = connect() 602 connection = connect()
615 connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) 603 connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache)
604 assert(connection.session.serverName == address[0])
605 testConnServer(connection)
616 connection.close() 606 connection.close()
617 connection.sock.close()
618 607
619 print "Test 19 - resumption" 608 print("Test 19 - resumption")
620 connection = connect() 609 connection = connect()
621 connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) 610 connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache)
611 assert(connection.session.serverName == address[0])
612 testConnServer(connection)
622 #Don't close! -- see next test 613 #Don't close! -- see next test
623 614
624 print "Test 20 - invalidated resumption" 615 print("Test 20 - invalidated resumption")
625 try: 616 try:
626 connection.read(min=1, max=1) 617 connection.read(min=1, max=1)
627 assert() #Client is going to close the socket without a close_notify 618 assert() #Client is going to close the socket without a close_notify
628 except TLSAbruptCloseError, e: 619 except TLSAbruptCloseError as e:
629 pass 620 pass
630 connection = connect() 621 connection = connect()
631 try: 622 try:
632 connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCa che) 623 connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCa che)
633 except TLSLocalAlert, alert: 624 except TLSLocalAlert as alert:
634 if alert.description != AlertDescription.bad_record_mac: 625 if alert.description != AlertDescription.bad_record_mac:
635 raise 626 raise
636 connection.sock.close() 627 connection.close()
637 628
638 print "Test 21 - HTTPS test X.509" 629 print("Test 21 - HTTPS test X.509")
639 630
640 #Close the current listening socket 631 #Close the current listening socket
641 lsock.close() 632 lsock.close()
642 633
643 #Create and run an HTTP Server using TLSSocketServerMixIn 634 #Create and run an HTTP Server using TLSSocketServerMixIn
644 class MyHTTPServer(TLSSocketServerMixIn, 635 class MyHTTPServer(TLSSocketServerMixIn,
645 BaseHTTPServer.HTTPServer): 636 HTTPServer):
646 def handshake(self, tlsConnection): 637 def handshake(self, tlsConnection):
647 tlsConnection.handshakeServer(certChain=x509Chain, privateKey=x5 09Key) 638 tlsConnection.handshakeServer(certChain=x509Chain, privateKey=x5 09Key)
648 return True 639 return True
649 cd = os.getcwd() 640 cd = os.getcwd()
650 os.chdir(dir) 641 os.chdir(dir)
651 address = address[0], address[1]+1 642 address = address[0], address[1]+1
652 httpd = MyHTTPServer(address, SimpleHTTPServer.SimpleHTTPRequestHandler) 643 httpd = MyHTTPServer(address, SimpleHTTPRequestHandler)
653 for x in range(6): 644 for x in range(6):
654 httpd.handle_request() 645 httpd.handle_request()
655 httpd.server_close() 646 httpd.server_close()
656 cd = os.chdir(cd) 647 cd = os.chdir(cd)
657 648
658 if cryptoIDlibLoaded:
659 print "Test 21a - HTTPS test SRP+cryptoID"
660
661 #Create and run an HTTP Server using TLSSocketServerMixIn
662 class MyHTTPServer(TLSSocketServerMixIn,
663 BaseHTTPServer.HTTPServer):
664 def handshake(self, tlsConnection):
665 tlsConnection.handshakeServer(certChain=cryptoIDChain, priva teKey=cryptoIDKey,
666 verifierDB=verifierDB)
667 return True
668 cd = os.getcwd()
669 os.chdir(dir)
670 address = address[0], address[1]+1
671 httpd = MyHTTPServer(address, SimpleHTTPServer.SimpleHTTPRequestHandler)
672 for x in range(6):
673 httpd.handle_request()
674 httpd.server_close()
675 cd = os.chdir(cd)
676
677 #Re-connect the listening socket 649 #Re-connect the listening socket
678 lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 650 lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
679 address = address[0], address[1]+1 651 address = address[0], address[1]+1
680 lsock.bind(address) 652 lsock.bind(address)
681 lsock.listen(5) 653 lsock.listen(5)
682 654
683 def connect():
684 return TLSConnection(lsock.accept()[0])
685
686 implementations = [] 655 implementations = []
687 if cryptlibpyLoaded:
688 implementations.append("cryptlib")
689 if m2cryptoLoaded: 656 if m2cryptoLoaded:
690 implementations.append("openssl") 657 implementations.append("openssl")
691 if pycryptoLoaded: 658 if pycryptoLoaded:
692 implementations.append("pycrypto") 659 implementations.append("pycrypto")
693 implementations.append("python") 660 implementations.append("python")
694 661
695 print "Test 22 - different ciphers" 662 print("Test 22 - different ciphers")
696 for implementation in ["python"] * len(implementations): 663 for implementation in ["python"] * len(implementations):
697 for cipher in ["aes128", "aes256", "rc4"]: 664 for cipher in ["aes128", "aes256", "rc4"]:
698 665
699 print "Test 22:", 666 print("Test 22:", end=' ')
700 connection = connect() 667 connection = connect()
701 668
702 settings = HandshakeSettings() 669 settings = HandshakeSettings()
703 settings.cipherNames = [cipher] 670 settings.cipherNames = [cipher]
704 settings.cipherImplementations = [implementation, "python"] 671 settings.cipherImplementations = [implementation, "python"]
705 672
706 connection.handshakeServer(sharedKeyDB=sharedKeyDB, settings=setting s) 673 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
707 print connection.getCipherName(), connection.getCipherImplementation () 674 settings=settings)
708 h = connection.read(min=5, max=5) 675 print(connection.getCipherName(), connection.getCipherImplementation ())
709 assert(h == "hello") 676 testConnServer(connection)
710 connection.write(h)
711 connection.close() 677 connection.close()
712 connection.sock.close()
713 678
714 print "Test 23 - throughput test" 679 print("Test 23 - throughput test")
715 for implementation in implementations: 680 for implementation in implementations:
716 for cipher in ["aes128", "aes256", "3des", "rc4"]: 681 for cipher in ["aes128", "aes256", "3des", "rc4"]:
717 if cipher == "3des" and implementation not in ("openssl", "cryptlib" , "pycrypto"): 682 if cipher == "3des" and implementation not in ("openssl", "pycrypto" ):
718 continue 683 continue
719 684
720 print "Test 23:", 685 print("Test 23:", end=' ')
721 connection = connect() 686 connection = connect()
722 687
723 settings = HandshakeSettings() 688 settings = HandshakeSettings()
724 settings.cipherNames = [cipher] 689 settings.cipherNames = [cipher]
725 settings.cipherImplementations = [implementation, "python"] 690 settings.cipherImplementations = [implementation, "python"]
726 691
727 connection.handshakeServer(sharedKeyDB=sharedKeyDB, settings=setting s) 692 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
728 print connection.getCipherName(), connection.getCipherImplementation () 693 settings=settings)
694 print(connection.getCipherName(), connection.getCipherImplementation ())
729 h = connection.read(min=50000, max=50000) 695 h = connection.read(min=50000, max=50000)
730 assert(h == "hello"*10000) 696 assert(h == b"hello"*10000)
731 connection.write(h) 697 connection.write(h)
732 connection.close() 698 connection.close()
733 connection.sock.close()
734 699
735 print "Test succeeded" 700 print("Test 24.a - Next-Protocol Server Negotiation")
701 connection = connect()
702 settings = HandshakeSettings()
703 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
704 settings=settings, nextProtos=[b"http/1.1"])
705 testConnServer(connection)
706 connection.close()
707
708 print("Test 24.b - Next-Protocol Server Negotiation")
709 connection = connect()
710 settings = HandshakeSettings()
711 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
712 settings=settings, nextProtos=[b"spdy/2", b"http/ 1.1"])
713 testConnServer(connection)
714 connection.close()
715
716 print("Test 24.c - Next-Protocol Server Negotiation")
717 connection = connect()
718 settings = HandshakeSettings()
719 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
720 settings=settings, nextProtos=[b"http/1.1", b"spd y/2"])
721 testConnServer(connection)
722 connection.close()
723
724 print("Test 24.d - Next-Protocol Server Negotiation")
725 connection = connect()
726 settings = HandshakeSettings()
727 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
728 settings=settings, nextProtos=[b"spdy/2", b"http/ 1.1"])
729 testConnServer(connection)
730 connection.close()
731
732 print("Test 24.e - Next-Protocol Server Negotiation")
733 connection = connect()
734 settings = HandshakeSettings()
735 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
736 settings=settings, nextProtos=[b"http/1.1", b"spd y/2", b"spdy/3"])
737 testConnServer(connection)
738 connection.close()
739
740 print("Test 24.f - Next-Protocol Server Negotiation")
741 connection = connect()
742 settings = HandshakeSettings()
743 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
744 settings=settings, nextProtos=[b"spdy/3", b"spdy/ 2"])
745 testConnServer(connection)
746 connection.close()
747
748 print("Test 24.g - Next-Protocol Server Negotiation")
749 connection = connect()
750 settings = HandshakeSettings()
751 connection.handshakeServer(certChain=x509Chain, privateKey=x509Key,
752 settings=settings, nextProtos=[])
753 testConnServer(connection)
754 connection.close()
755
756 print("Tests 25-27 - XMLRPXC server")
757 address = address[0], address[1]+1
758 class Server(TLSXMLRPCServer):
759
760 def handshake(self, tlsConnection):
761 try:
762 tlsConnection.handshakeServer(certChain=x509Chain,
763 privateKey=x509Key,
764 sessionCache=sessionCache)
765 tlsConnection.ignoreAbruptClose = True
766 return True
767 except TLSError as error:
768 print("Handshake failure:", str(error))
769 return False
770
771 class MyFuncs:
772 def pow(self, x, y): return pow(x, y)
773 def add(self, x, y): return x + y
774
775 server = Server(address)
776 server.register_instance(MyFuncs())
777 #sa = server.socket.getsockname()
778 #print "Serving HTTPS on", sa[0], "port", sa[1]
779 for i in range(6):
780 server.handle_request()
781
782 print("Test succeeded")
736 783
737 784
738 785 if __name__ == '__main__':
739 786 if len(sys.argv) < 2:
740 787 printUsage("Missing command")
741 788 elif sys.argv[1] == "client"[:len(sys.argv[1])]:
742 789 clientTestCmd(sys.argv[2:])
743 790 elif sys.argv[1] == "server"[:len(sys.argv[1])]:
744 791 serverTestCmd(sys.argv[2:])
745
746
747
748 if len(sys.argv) == 1 or (len(sys.argv)==2 and sys.argv[1].lower().endswith("hel p")):
749 print ""
750 print "Version: 0.3.8"
751 print ""
752 print "RNG: %s" % prngName
753 print ""
754 print "Modules:"
755 if cryptlibpyLoaded:
756 print " cryptlib_py : Loaded"
757 else: 792 else:
758 print " cryptlib_py : Not Loaded" 793 printUsage("Unknown command: %s" % sys.argv[1])
759 if m2cryptoLoaded:
760 print " M2Crypto : Loaded"
761 else:
762 print " M2Crypto : Not Loaded"
763 if pycryptoLoaded:
764 print " pycrypto : Loaded"
765 else:
766 print " pycrypto : Not Loaded"
767 if gmpyLoaded:
768 print " GMPY : Loaded"
769 else:
770 print " GMPY : Not Loaded"
771 if cryptoIDlibLoaded:
772 print " cryptoIDlib : Loaded"
773 else:
774 print " cryptoIDlib : Not Loaded"
775 print ""
776 print "Commands:"
777 print ""
778 print " clientcert <server> [<chain> <key>]"
779 print " clientsharedkey <server> <user> <pass>"
780 print " clientsrp <server> <user> <pass>"
781 print " clienttest <server> <dir>"
782 print ""
783 print " serversrp <server> <verifierDB>"
784 print " servercert <server> <chain> <key> [req]"
785 print " serversrpcert <server> <verifierDB> <chain> <key>"
786 print " serversharedkey <server> <sharedkeyDB>"
787 print " servertest <server> <dir>"
788 sys.exit()
789
790 cmd = sys.argv[1].lower()
791
792 class Args:
793 def __init__(self, argv):
794 self.argv = argv
795 def get(self, index):
796 if len(self.argv)<=index:
797 raise SyntaxError("Not enough arguments")
798 return self.argv[index]
799 def getLast(self, index):
800 if len(self.argv)>index+1:
801 raise SyntaxError("Too many arguments")
802 return self.get(index)
803
804 args = Args(sys.argv)
805
806 def reformatDocString(s):
807 lines = s.splitlines()
808 newLines = []
809 for line in lines:
810 newLines.append(" " + line.strip())
811 return "\n".join(newLines)
812
813 try:
814 if cmd == "clienttest":
815 address = args.get(2)
816 dir = args.getLast(3)
817 clientTest(address, dir)
818 sys.exit()
819
820 elif cmd.startswith("client"):
821 address = args.get(2)
822
823 #Split address into hostname/port tuple
824 address = address.split(":")
825 if len(address)==1:
826 address.append("4443")
827 address = ( address[0], int(address[1]) )
828
829 def connect():
830 #Connect to server
831 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
832 if hasattr(sock, "settimeout"):
833 sock.settimeout(5)
834 sock.connect(address)
835
836 #Instantiate TLSConnections
837 return TLSConnection(sock)
838
839 try:
840 if cmd == "clientsrp":
841 username = args.get(3)
842 password = args.getLast(4)
843 connection = connect()
844 start = time.clock()
845 connection.handshakeClientSRP(username, password)
846 elif cmd == "clientsharedkey":
847 username = args.get(3)
848 password = args.getLast(4)
849 connection = connect()
850 start = time.clock()
851 connection.handshakeClientSharedKey(username, password)
852 elif cmd == "clientcert":
853 certChain = None
854 privateKey = None
855 if len(sys.argv) > 3:
856 certFilename = args.get(3)
857 keyFilename = args.getLast(4)
858
859 s1 = open(certFilename, "rb").read()
860 s2 = open(keyFilename, "rb").read()
861
862 #Try to create cryptoID cert chain
863 if cryptoIDlibLoaded:
864 try:
865 certChain = CertChain().parse(s1)
866 privateKey = parsePrivateKey(s2)
867 except:
868 certChain = None
869 privateKey = None
870
871 #Try to create X.509 cert chain
872 if not certChain:
873 x509 = X509()
874 x509.parse(s1)
875 certChain = X509CertChain([x509])
876 privateKey = parsePrivateKey(s2)
877
878 connection = connect()
879 start = time.clock()
880 connection.handshakeClientCert(certChain, privateKey)
881 else:
882 raise SyntaxError("Unknown command")
883
884 except TLSLocalAlert, a:
885 if a.description == AlertDescription.bad_record_mac:
886 if cmd == "clientsharedkey":
887 print "Bad sharedkey password"
888 else:
889 raise
890 elif a.description == AlertDescription.user_canceled:
891 print str(a)
892 else:
893 raise
894 sys.exit()
895 except TLSRemoteAlert, a:
896 if a.description == AlertDescription.unknown_srp_username:
897 if cmd == "clientsrp":
898 print "Unknown username"
899 else:
900 raise
901 elif a.description == AlertDescription.bad_record_mac:
902 if cmd == "clientsrp":
903 print "Bad username or password"
904 else:
905 raise
906 elif a.description == AlertDescription.handshake_failure:
907 print "Unable to negotiate mutually acceptable parameters"
908 else:
909 raise
910 sys.exit()
911
912 stop = time.clock()
913 print "Handshake success"
914 print " Handshake time: %.4f seconds" % (stop - start)
915 print " Version: %s.%s" % connection.version
916 print " Cipher: %s %s" % (connection.getCipherName(), connection.getCip herImplementation())
917 if connection.session.srpUsername:
918 print " Client SRP username: %s" % connection.session.srpUsername
919 if connection.session.sharedKeyUsername:
920 print " Client shared key username: %s" % connection.session.shared KeyUsername
921 if connection.session.clientCertChain:
922 print " Client fingerprint: %s" % connection.session.clientCertChai n.getFingerprint()
923 if connection.session.serverCertChain:
924 print " Server fingerprint: %s" % connection.session.serverCertChai n.getFingerprint()
925 connection.close()
926 connection.sock.close()
927
928 elif cmd.startswith("server"):
929 address = args.get(2)
930
931 #Split address into hostname/port tuple
932 address = address.split(":")
933 if len(address)==1:
934 address.append("4443")
935 address = ( address[0], int(address[1]) )
936
937 verifierDBFilename = None
938 sharedKeyDBFilename = None
939 certFilename = None
940 keyFilename = None
941 sharedKeyDB = None
942 reqCert = False
943
944 if cmd == "serversrp":
945 verifierDBFilename = args.getLast(3)
946 elif cmd == "servercert":
947 certFilename = args.get(3)
948 keyFilename = args.get(4)
949 if len(sys.argv)>=6:
950 req = args.getLast(5)
951 if req.lower() != "req":
952 raise SyntaxError()
953 reqCert = True
954 elif cmd == "serversrpcert":
955 verifierDBFilename = args.get(3)
956 certFilename = args.get(4)
957 keyFilename = args.getLast(5)
958 elif cmd == "serversharedkey":
959 sharedKeyDBFilename = args.getLast(3)
960 elif cmd == "servertest":
961 address = args.get(2)
962 dir = args.getLast(3)
963 serverTest(address, dir)
964 sys.exit()
965
966 verifierDB = None
967 if verifierDBFilename:
968 verifierDB = VerifierDB(verifierDBFilename)
969 verifierDB.open()
970
971 sharedKeyDB = None
972 if sharedKeyDBFilename:
973 sharedKeyDB = SharedKeyDB(sharedKeyDBFilename)
974 sharedKeyDB.open()
975
976 certChain = None
977 privateKey = None
978 if certFilename:
979 s1 = open(certFilename, "rb").read()
980 s2 = open(keyFilename, "rb").read()
981
982 #Try to create cryptoID cert chain
983 if cryptoIDlibLoaded:
984 try:
985 certChain = CertChain().parse(s1)
986 privateKey = parsePrivateKey(s2)
987 except:
988 certChain = None
989 privateKey = None
990
991 #Try to create X.509 cert chain
992 if not certChain:
993 x509 = X509()
994 x509.parse(s1)
995 certChain = X509CertChain([x509])
996 privateKey = parsePrivateKey(s2)
997
998
999
1000 #Create handler function - performs handshake, then echos all bytes rece ived
1001 def handler(sock):
1002 try:
1003 connection = TLSConnection(sock)
1004 settings = HandshakeSettings()
1005 connection.handshakeServer(sharedKeyDB=sharedKeyDB, verifierDB=v erifierDB, \
1006 certChain=certChain, privateKey=priva teKey, \
1007 reqCert=reqCert, settings=settings)
1008 print "Handshake success"
1009 print " Version: %s.%s" % connection.version
1010 print " Cipher: %s %s" % (connection.getCipherName(), connectio n.getCipherImplementation())
1011 if connection.session.srpUsername:
1012 print " Client SRP username: %s" % connection.session.srpUs ername
1013 if connection.session.sharedKeyUsername:
1014 print " Client shared key username: %s" % connection.sessio n.sharedKeyUsername
1015 if connection.session.clientCertChain:
1016 print " Client fingerprint: %s" % connection.session.client CertChain.getFingerprint()
1017 if connection.session.serverCertChain:
1018 print " Server fingerprint: %s" % connection.session.server CertChain.getFingerprint()
1019
1020 s = ""
1021 while 1:
1022 newS = connection.read()
1023 if not newS:
1024 break
1025 s += newS
1026 if s[-1]=='\n':
1027 connection.write(s)
1028 s = ""
1029 except TLSLocalAlert, a:
1030 if a.description == AlertDescription.unknown_srp_username:
1031 print "Unknown SRP username"
1032 elif a.description == AlertDescription.bad_record_mac:
1033 if cmd == "serversrp" or cmd == "serversrpcert":
1034 print "Bad SRP password for:", connection.allegedSrpUser name
1035 else:
1036 raise
1037 elif a.description == AlertDescription.handshake_failure:
1038 print "Unable to negotiate mutually acceptable parameters"
1039 else:
1040 raise
1041 except TLSRemoteAlert, a:
1042 if a.description == AlertDescription.bad_record_mac:
1043 if cmd == "serversharedkey":
1044 print "Bad sharedkey password for:", connection.allegedS haredKeyUsername
1045 else:
1046 raise
1047 elif a.description == AlertDescription.user_canceled:
1048 print "Handshake cancelled"
1049 elif a.description == AlertDescription.handshake_failure:
1050 print "Unable to negotiate mutually acceptable parameters"
1051 elif a.description == AlertDescription.close_notify:
1052 pass
1053 else:
1054 raise
1055
1056 #Run multi-threaded server
1057 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
1058 sock.bind(address)
1059 sock.listen(5)
1060 while 1:
1061 (newsock, cliAddress) = sock.accept()
1062 thread.start_new_thread(handler, (newsock,))
1063
1064
1065 else:
1066 print "Bad command: '%s'" % cmd
1067 except TLSRemoteAlert, a:
1068 print str(a)
1069 raise
1070
1071
1072
1073
1074
OLDNEW
« no previous file with comments | « third_party/tlslite/tests/serverX509Key.pem ('k') | third_party/tlslite/tests/verifierDB » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698