From 7bffdb9b8434e98369840d9efb5ac89d9a40f10a Mon Sep 17 00:00:00 2001 From: gstarovo Date: Mon, 26 Aug 2024 14:21:09 +0200 Subject: [PATCH] error when uncompressed is not supported --- tests/tlstest.py | 51 ++++++++++++++++++------------------ tlslite/handshakesettings.py | 2 ++ tlslite/tlsconnection.py | 5 ---- 3 files changed, 27 insertions(+), 31 deletions(-) diff --git a/tests/tlstest.py b/tests/tlstest.py index 0a42ca1c..3cdd03a0 100755 --- a/tests/tlstest.py +++ b/tests/tlstest.py @@ -314,19 +314,19 @@ def connect(): test_no += 1 - print("Test {0} - client uncompressed - error, TLSv1.2".format(test_no)) + print("Test {0} - client missing uncompressed - error, TLSv1.2".format(test_no)) synchro.recv(1) connection = connect() settings = HandshakeSettings() settings.minVersion = (3, 3) settings.maxVersion = (3, 3) - settings.ec_point_formats = [ECPointFormat.uncompressed] + settings.ec_point_formats = [ECPointFormat.ansiX962_compressed_prime] settings.eccCurves = ["secp256r1", "secp384r1", "secp521r1", "x25519", "x448"] try: connection.handshakeClientCert(settings=settings) assert False - except TLSIllegalParameterException as e: - assert "No common EC point format" in str(e) + except ValueError as e: + assert "Uncompressed EC point format is not provided" in str(e) except TLSAbruptCloseError as e: pass connection.close() @@ -736,7 +736,7 @@ def connect(): settings.cipherNames = ["rc4"] settings.maxVersion = (3, 3) connection.handshakeClientCert(settings=settings) - testConnClient(connection) + testConnClient(connection) assert(isinstance(connection.session.serverCertChain, X509CertChain)) assert(connection.session.cipherSuite == constants.CipherSuite.TLS_RSA_WITH_RC4_128_MD5) assert(connection.encryptThenMAC == False) @@ -755,8 +755,8 @@ def connect(): connection = connect() connection.handshakeClientCert(settings=settings) assert(connection.session.tackExt.tacks[0].getTackId() == "5lcbe.eyweo.yxuan.rw6xd.jtoz7") - assert(connection.session.tackExt.activation_flags == 1) - testConnClient(connection) + assert(connection.session.tackExt.activation_flags == 1) + testConnClient(connection) connection.close() test_no += 1 @@ -922,7 +922,7 @@ def connect(): print("Test {0} - good SRP: with X.509 certificate, TLSv1.0".format(test_no)) settings = HandshakeSettings() settings.minVersion = (3,1) - settings.maxVersion = (3,1) + settings.maxVersion = (3,1) synchro.recv(1) connection = connect() connection.handshakeClientSRP("test", "password", settings=settings) @@ -1281,7 +1281,7 @@ def connect(): connection = connect() settings = HandshakeSettings() settings.maxVersion = (3, 3) - connection.handshakeClientSRP("test", "garbage", serverName=address[0], + connection.handshakeClientSRP("test", "garbage", serverName=address[0], session=session, settings=settings) testConnClient(connection) #Don't close! -- see below @@ -1360,7 +1360,7 @@ def connect(): settings.cipherNames = [cipher] settings.cipherImplementations = [implementation, "python"] settings.minVersion = (3,1) - settings.maxVersion = (3,1) + settings.maxVersion = (3,1) connection.handshakeClientCert(settings=settings) testConnClient(connection) print("%s %s" % (connection.getCipherName(), connection.getCipherImplementation())) @@ -1941,7 +1941,7 @@ def serverTestCmd(argv): address = argv[0] dir = argv[1] - + #Split address into hostname/port tuple address = address.split(":") address = ( address[0], int(address[1]) ) @@ -2076,7 +2076,7 @@ def connect(): synchro.send(b'R') connection = connect() connection.handshakeServer(anon=True) - testConnServer(connection) + testConnServer(connection) connection.close() test_no += 1 @@ -2259,20 +2259,19 @@ def connect(): test_no +=1 - print("Test {0} - server compressed ec format - error, TLSv1.2".format(test_no)) + print("Test {0} - server missing uncompressed in client - error, TLSv1.2".format(test_no)) synchro.send(b'R') connection = connect() settings = HandshakeSettings() settings.minVersion = (3, 1) settings.maxVersion = (3, 3) - settings.ec_point_formats = [ECPointFormat.ansiX962_compressed_prime] settings.eccCurves = ["secp256r1", "secp384r1", "secp521r1", "x25519", "x448"] try: connection.handshakeServer(certChain=x509ecdsaChain, privateKey=x509ecdsaKey, settings=settings) assert False - except TLSIllegalParameterException as e: - assert "No common EC point format" in str(e) + except ValueError as e: + assert "Uncompressed EC point format is not provided" in str(e) except TLSAbruptCloseError as e: pass connection.close() @@ -2736,7 +2735,7 @@ def connect(): connection = connect() connection.handshakeServer(verifierDB=verifierDB, \ certChain=x509Chain, privateKey=x509Key) - testConnServer(connection) + testConnServer(connection) connection.close() test_no += 1 @@ -3041,7 +3040,7 @@ def connect(): sessionCache = SessionCache() connection = connect() connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) - assert(connection.session.serverName == address[0]) + assert(connection.session.serverName == address[0]) testConnServer(connection) connection.close() @@ -3052,7 +3051,7 @@ def connect(): connection = connect() connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) assert(connection.session.serverName == address[0]) - testConnServer(connection) + testConnServer(connection) #Don't close! -- see next test test_no += 1 @@ -3184,7 +3183,7 @@ def server_bind(self): synchro.send(b'R') connection = connect() settings = HandshakeSettings() - connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, + connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings, nextProtos=[b"http/1.1"]) testConnServer(connection) connection.close() @@ -3195,7 +3194,7 @@ def server_bind(self): synchro.send(b'R') connection = connect() settings = HandshakeSettings() - connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, + connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings, nextProtos=[b"spdy/2", b"http/1.1"]) testConnServer(connection) connection.close() @@ -3206,7 +3205,7 @@ def server_bind(self): synchro.send(b'R') connection = connect() settings = HandshakeSettings() - connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, + connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings, nextProtos=[b"http/1.1", b"spdy/2"]) testConnServer(connection) connection.close() @@ -3217,7 +3216,7 @@ def server_bind(self): synchro.send(b'R') connection = connect() settings = HandshakeSettings() - connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, + connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings, nextProtos=[b"spdy/2", b"http/1.1"]) testConnServer(connection) connection.close() @@ -3228,7 +3227,7 @@ def server_bind(self): synchro.send(b'R') connection = connect() settings = HandshakeSettings() - connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, + connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings, nextProtos=[b"http/1.1", b"spdy/2", b"spdy/3"]) testConnServer(connection) connection.close() @@ -3239,7 +3238,7 @@ def server_bind(self): synchro.send(b'R') connection = connect() settings = HandshakeSettings() - connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, + connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings, nextProtos=[b"spdy/3", b"spdy/2"]) testConnServer(connection) connection.close() @@ -3250,7 +3249,7 @@ def server_bind(self): synchro.send(b'R') connection = connect() settings = HandshakeSettings() - connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, + connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings, nextProtos=[]) testConnServer(connection) connection.close() diff --git a/tlslite/handshakesettings.py b/tlslite/handshakesettings.py index ae48b50a..f1a13a58 100644 --- a/tlslite/handshakesettings.py +++ b/tlslite/handshakesettings.py @@ -611,6 +611,8 @@ def _sanityCheckExtensions(other): if bad_ec_ext: raise ValueError("Unknown EC point format provided: " "{0}".format(bad_ec_ext)) + if ECPointFormat.uncompressed not in other.ec_point_formats: + raise ValueError("Uncompressed EC point format is not provided") HandshakeSettings._sanityCheckEMSExtension(other) diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py index 176a022a..3c5484d3 100644 --- a/tlslite/tlsconnection.py +++ b/tlslite/tlsconnection.py @@ -855,7 +855,6 @@ def _clientSendClientHello(self, settings, session, srpUsername, certificateTypes, srpUsername, reqTack, nextProtos is not None, - reqTack, nextProtos is not None, serverName, extensions=extensions) @@ -2107,7 +2106,6 @@ def handshakeServerAsync(self, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None, reqCAs=None, - reqCAs=None, tacks=None, activationFlags=0, nextProtos=None, anon=False, alpn=None, sni=None ): @@ -2128,9 +2126,6 @@ def handshakeServerAsync(self, verifierDB=None, sessionCache=sessionCache, settings=settings, reqCAs=reqCAs, tacks=tacks, activationFlags=activationFlags, - sessionCache=sessionCache, settings=settings, - reqCAs=reqCAs, - tacks=tacks, activationFlags=activationFlags, nextProtos=nextProtos, anon=anon, alpn=alpn, sni=sni) for result in self._handshakeWrapperAsync(handshaker, checker): yield result