Skip to content

Commit

Permalink
tls: Add DTLS handshake test
Browse files Browse the repository at this point in the history
Closes #51
  • Loading branch information
Synss committed Apr 7, 2022
1 parent af7b8ec commit c6852a0
Showing 1 changed file with 138 additions and 2 deletions.
140 changes: 138 additions & 2 deletions tests/test_tls.py
Original file line number Diff line number Diff line change
Expand Up @@ -475,7 +475,7 @@ def test_wrap_buffers(self, context):
assert isinstance(context.wrap_buffers(), TLSWrappedBuffer)


class TestTLSWrappedBuffer:
class TestTLSHandshake:
@pytest.fixture
def server_hostname(self):
return "hostname"
Expand All @@ -497,7 +497,7 @@ def srv_conf(self, psk):
)

@pytest.fixture
def client(Self, cli_conf, server_hostname):
def client(self, cli_conf, server_hostname):
buf = ClientContext(cli_conf).wrap_buffers(server_hostname)
yield buf
buf.shutdown()
Expand Down Expand Up @@ -587,3 +587,139 @@ def do_handshake(end, states):
amt = server.write(secret)
do_io(src=server, dst=client)
assert client.read(amt) == secret


class TestDTLSHandshake:
@pytest.fixture
def server_hostname(self):
return "hostname"

@pytest.fixture
def psk(self):
return ("cli", b"secret")

@pytest.fixture
def cli_conf(self, psk):
return DTLSConfiguration(
pre_shared_key=psk, validate_certificates=False
)

@pytest.fixture
def srv_conf(self, psk):
return DTLSConfiguration(
pre_shared_key_store=dict((psk,)), validate_certificates=False
)

@pytest.fixture
def client(self, cli_conf, server_hostname):
buf = ClientContext(cli_conf).wrap_buffers(server_hostname)
yield buf
buf.shutdown()

@pytest.fixture
def server(sefl, srv_conf):
buf = ServerContext(srv_conf).wrap_buffers()
yield buf
buf.shutdown()

@pytest.fixture
def cli_ctx(Self, cli_conf):
return ClientContext(cli_conf)

@pytest.fixture
def srv_ctx(self, srv_conf):
return ServerContext(srv_conf)

def test_e2e_handshake_and_communicate(self, client, server):
def do_io(*, src, dst, amt=1024):
in_transit = src.peek_outgoing(amt)
src.consume_outgoing(len(in_transit))
dst.receive_from_network(in_transit)

def do_handshake(end, states):
while end._handshake_state is not states[0]:
# The backend goes through every state for both
# ends. This is not relevant.
end.do_handshake()

for state in states:
assert end._handshake_state is state
if state is HandshakeStep.HANDSHAKE_OVER:
break
with suppress(WantReadError, WantWriteError):
end.do_handshake()

do_handshake(
client,
(
HandshakeStep.HELLO_REQUEST,
HandshakeStep.CLIENT_HELLO,
),
)

do_io(src=client, dst=server)
server.setcookieparam("🍪🍪🍪".encode("utf-8"))
with pytest.raises(HelloVerifyRequest):
do_handshake(
server,
(
HandshakeStep.SERVER_HELLO,
HandshakeStep.SERVER_HELLO_VERIFY_REQUEST_SENT,
),
)

do_handshake(server, (HandshakeStep.HELLO_REQUEST,))
do_io(src=server, dst=client)
do_handshake(client, (HandshakeStep.CLIENT_HELLO,))
do_io(src=client, dst=server)
server.setcookieparam("🍪🍪🍪".encode("utf-8"))
do_handshake(
server,
(
HandshakeStep.SERVER_HELLO,
HandshakeStep.SERVER_CERTIFICATE,
HandshakeStep.SERVER_KEY_EXCHANGE,
HandshakeStep.CERTIFICATE_REQUEST,
HandshakeStep.SERVER_HELLO_DONE,
),
)
assert client.negotiated_protocol() == server.negotiated_protocol()

do_io(src=server, dst=client)
do_handshake(
client,
(
HandshakeStep.CLIENT_KEY_EXCHANGE,
HandshakeStep.CERTIFICATE_VERIFY,
HandshakeStep.CLIENT_CHANGE_CIPHER_SPEC,
HandshakeStep.CLIENT_FINISHED,
),
)
assert (
client.negotiated_tls_version() == server.negotiated_tls_version()
)

do_io(src=client, dst=server)
do_handshake(
server,
(
HandshakeStep.SERVER_CHANGE_CIPHER_SPEC,
HandshakeStep.SERVER_FINISHED,
HandshakeStep.FLUSH_BUFFERS,
HandshakeStep.HANDSHAKE_WRAPUP,
HandshakeStep.HANDSHAKE_OVER,
),
)
do_io(src=server, dst=client)
do_handshake(client, (HandshakeStep.HANDSHAKE_OVER,))
assert client.cipher() == server.cipher()

secret = b"a very secret message"

amt = client.write(secret)
do_io(src=client, dst=server)
assert server.read(amt) == secret

amt = server.write(secret)
do_io(src=server, dst=client)
assert client.read(amt) == secret

0 comments on commit c6852a0

Please sign in to comment.