tlsfuzzer.expect module

Parsing and processing of received TLS messages

class tlsfuzzer.expect.Expect(content_type)[source]

Bases: TreeNode

Base class for objects handling message readers

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()[source]

Flag to tell that the object is a message processor

is_expect()[source]

Flag to tell if the object is a message processor

is_generator()[source]

Flag to tell that the object is not a message generator

is_match(msg)[source]

Checks if the object can handle message

Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it

Parameters:

msg (tlslite.messages.Message) – raw message to check

process(state, msg)[source]

Process the message and update the state accordingly.

Parameters:
class tlsfuzzer.expect.ExpectAlert(level=None, description=None)[source]

Bases: Expect

Processing TLS Alert message

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Checks if the object can handle message

Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it

Parameters:

msg (tlslite.messages.Message) – raw message to check

process(state, msg)[source]

Process the message and update the state accordingly.

Parameters:
class tlsfuzzer.expect.ExpectApplicationData(data=None, size=None, output=None, description=None)[source]

Bases: Expect

Processing Application Data message

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Checks if the object can handle message

Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it

Parameters:

msg (tlslite.messages.Message) – raw message to check

process(state, msg)[source]

Process the message and update the state accordingly.

Parameters:
class tlsfuzzer.expect.ExpectCertificate(cert_type=0)[source]

Bases: ExpectHandshake

Processing TLS Handshake protocol Certificate messages

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]
class tlsfuzzer.expect.ExpectCertificateRequest(sig_algs=None, cert_types=None, sanity_check_cert_types=True, extensions=None, context=None)[source]

Bases: _ExpectExtensionsMessage

Processing TLS Handshake protocol Certificate Request message.

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_compare_extensions(message)

Verify that server provided extensions match exactly expected list.

static _get_autohandler(ext_id)[source]
_process_extensions(state, msg)[source]
_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

static _sanity_check_cert_types(cert_request)[source]

Verify that the CertificateRequest is self-consistent.

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Check received Certificate Request

class tlsfuzzer.expect.ExpectCertificateStatus[source]

Bases: ExpectHandshake

Processing of CertificateStatus message from RFC 6066.

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Process the message and update the state accordingly.

Parameters:
class tlsfuzzer.expect.ExpectCertificateVerify(version=None, sig_alg=None, hash_file=None, sig_file=None)[source]

Bases: ExpectHandshake

Processing TLS Handshake protocol Certificate Verify messages. :param tuple(int,int) version: Expected TLS version of the message. If not provided will be taken from the state. :param tuple(int,int) sig_alg: Expected value of the signature scheme created by the server. If not provided it will be compared with signature algorithm extension from client hello. :param str hash_file: The file where hashes of the signature context will be logged :param str sig_file: The file where the signatures themselves will be logged

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]
class tlsfuzzer.expect.ExpectChangeCipherSpec[source]

Bases: Expect

Processing TLS Change Cipher Spec messages.

Note

In SSLv3 up to TLS 1.2, the message modifies the state of record layer to expect encrypted records after receiving this message. In case of renegotiation, record layer will expect records encrypted with the newly negotiated keys. In TLS 1.3 it has no effect on record layer encryption.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Checks if the object can handle message

Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it

Parameters:

msg (tlslite.messages.Message) – raw message to check

process(state, msg)[source]
class tlsfuzzer.expect.ExpectClose[source]

Bases: Expect

Virtual message signifying closing of TCP connection

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Checks if the object can handle message

Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it

Parameters:

msg (tlslite.messages.Message) – raw message to check

process(state, msg)[source]

Close our side

class tlsfuzzer.expect.ExpectEncryptedExtensions(extensions=None)[source]

Bases: _ExpectExtensionsMessage

Processing of the TLS handshake protocol Encrypted Extensions message

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_compare_extensions(message)

Verify that server provided extensions match exactly expected list.

_compare_extensions_in_ee(srv_exts, cln_hello)[source]

Verify that server provided extensions match exactly expected list.

static _get_autohandler(ext_id)[source]
_process_extensions(state, srv_exts)[source]

Check if extensions are correct.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Process the message and update the state accordingly.

Parameters:
class tlsfuzzer.expect.ExpectFinished(version=None, description=None)[source]

Bases: ExpectHandshake

Processing TLS handshake protocol Finished message.

Note

In TLS 1.3 the message will modify record layer to start sending records with encryption using the client_handshake_traffic_secret keys. It will also modify the record layer to start expecting the records to be encrypted with server_application_traffic_secret keys.

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]
class tlsfuzzer.expect.ExpectHandshake(content_type, handshake_type)[source]

Bases: ExpectMessage

Common methods for handling TLS Handshake protocol messages

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)[source]

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Process the message and update the state accordingly.

Parameters:
class tlsfuzzer.expect.ExpectHeartbeat(message_type=2, payload=None, padding_size=None)[source]

Bases: ExpectMessage

Processing of heartbeat messages.

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Checks if the object can handle message

Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it

Parameters:

msg (tlslite.messages.Message) – raw message to check

process(state, msg)[source]

Check if the msg meets the requirements for the message.

class tlsfuzzer.expect.ExpectHelloRequest(description=None)[source]

Bases: ExpectHandshake

Processing of TLS handshake protocol hello request message.

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Parse, verify and process the message.

class tlsfuzzer.expect.ExpectHelloRetryRequest(extensions=None, version=None, cipher=None)[source]

Bases: ExpectServerHello

Processing of the TLS 1.3 HelloRetryRequest message.

static _check_against_hrr(state, srv_hello)
_check_downgrade_protection(srv_hello)

Verify that server provided downgrade protection as specified in RFC 8446, Section 4.1.3

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_compare_extensions(message)

Verify that server provided extensions match exactly expected list.

static _extract_version(msg)

Extract the real version from the message if TLS 1.3 is in use.

static _get_autohandler(ext_id)[source]
_process_extensions(state, cln_hello, srv_hello)

Check if extensions are correct.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

_setup_tls13_handshake_keys(state)[source]

Prepare handshake ciphers for the HRR handling

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Process the message and update state accordingly

Parameters:
  • state (ConnectionState) – overall state of TLS connection

  • msg (Message) – TLS Message read from socket

class tlsfuzzer.expect.ExpectKeyUpdate(message_type=None)[source]

Bases: ExpectHandshake

Processing of post-handshake KeyUpdate message from RFC 8446

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Parse, verify and process the message.

class tlsfuzzer.expect.ExpectMessage(content_type)[source]

Bases: Expect

Common methods for handling TLS messages.

static _cmp_eq(our, recv, field_type=None, f_str=None)[source]

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)[source]

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)[source]

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Checks if the object can handle message

Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it

Parameters:

msg (tlslite.messages.Message) – raw message to check

process(state, msg)

Process the message and update the state accordingly.

Parameters:
class tlsfuzzer.expect.ExpectNewSessionTicket(version=None, description=None)[source]

Bases: ExpectHandshake

Processing TLS handshake protocol new session ticket message.

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Parse, verify and process the message.

class tlsfuzzer.expect.ExpectNoMessage(timeout=0.1)[source]

Bases: Expect

Virtual message signifying timeout on message listen.

Variables:

timeout (int or float) – how long to wait for message before giving up, in seconds, can be float

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Checks if the object can handle message

Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it

Parameters:

msg (tlslite.messages.Message) – raw message to check

process(state, msg)[source]

Do nothing.

class tlsfuzzer.expect.ExpectSSL2Alert(error=None)[source]

Bases: ExpectHandshake

Processing of SSLv2 Handshake protocol alert messages

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Analyse the error message

class tlsfuzzer.expect.ExpectServerHello(extensions=None, version=None, resume=False, cipher=None, server_max_protocol=None, force_resume=False, description=None)[source]

Bases: _ExpectExtensionsMessage

Parsing TLS Handshake protocol Server Hello messages.

Processing of the ServerHello message updates the record layer to the version advertisied by the server. Use SetRecordVersion to change it earlier to send records with different versions.

Note

Receiving of the ServerHello in TLS 1.3 influences record layer encryption. After the message is received, the client_handshake_traffic_secret and server_handshake_traffic_secret is derived and record layer is configured to expect encrypted records on the receiving side.

Variables:

~.description (str) – identifier to print when processing of the node fails

static _check_against_hrr(state, srv_hello)[source]
_check_downgrade_protection(srv_hello)[source]

Verify that server provided downgrade protection as specified in RFC 8446, Section 4.1.3

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_compare_extensions(message)

Verify that server provided extensions match exactly expected list.

static _extract_version(msg)[source]

Extract the real version from the message if TLS 1.3 is in use.

static _get_autohandler(ext_id)[source]
_process_extensions(state, cln_hello, srv_hello)[source]

Check if extensions are correct.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

_setup_tls13_handshake_keys(state)[source]

Set up the encryption keys for the TLS 1.3 handshake.

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Process the message and update state accordingly

Parameters:
  • state (ConnectionState) – overall state of TLS connection

  • msg (Message) – TLS Message read from socket

class tlsfuzzer.expect.ExpectServerHello2(version=None)[source]

Bases: ExpectHandshake

Processing of SSLv2 Handshake Protocol SERVER-HELLO message

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Process the message and update state accordingly

Parameters:
  • state (~ConnectionState) – overall state of TLS connection

  • msg (Message) – TLS Message read from socket

class tlsfuzzer.expect.ExpectServerHelloDone[source]

Bases: ExpectHandshake

Processing TLS Handshake protocol ServerHelloDone messages

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]
class tlsfuzzer.expect.ExpectServerKeyExchange(version=None, cipher_suite=None, valid_sig_algs=None, valid_groups=None, valid_params=None)[source]

Bases: ExpectHandshake

Processing TLS Handshake protocol Server Key Exchange message

_checkParams(server_key_exchange)[source]
static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Process the Server Key Exchange message

class tlsfuzzer.expect.ExpectVerify[source]

Bases: ExpectHandshake

Processing of SSLv2 SERVER-VERIFY message

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)[source]

Check if the VERIFY message has expected value

class tlsfuzzer.expect._ExpectExtensionsMessage(content_type, msg_type, extensions)[source]

Bases: ExpectHandshake

Common methods of messages that have a list of extensions.

Used in ServerHello, EncryptedExtensions and CertificateRequest (in TLS 1.3)

static _cmp_eq(our, recv, field_type=None, f_str=None)

Check if expected value matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one

static _cmp_eq_list(our, recv, field_type=None, f_str=None)

Check if expected list of values matched received, if defined.

If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one

classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)

Check if received value equals expected or is in expected list.

If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.

_compare_extensions(message)[source]

Verify that server provided extensions match exactly expected list.

_repr(attributes)

Return a text representation of the object.

Parameters:

attributes (list(str)) – names of attributes of the object that will be included in the text representation

add_child(child)

Sets the parameter as the child of the node

Returns:

the child node

get_all_siblings()

Return iterator with all siblings of node

Return type:

iterator

is_command()

Flag to tell that the object is a message processor

is_expect()

Flag to tell if the object is a message processor

is_generator()

Flag to tell that the object is not a message generator

is_match(msg)

Check if message is a given type of handshake protocol message

process(state, msg)

Process the message and update the state accordingly.

Parameters:
tlsfuzzer.expect._srv_ext_handler_psk(state, extension, psk_configs)[source]

Process the pre_shared_key extension from server.

Since it needs the psk_configurations, it can’t do it automatically so it shouldn’t be part of _srv_ext_handler.

tlsfuzzer.expect._srv_ext_handler_record_limit(state, extension, size=None)[source]

Process record_size_limit extension from server.

tlsfuzzer.expect.clnt_ext_handler_sig_algs(state, extension)[source]

Check signature_algorithms or signature_algorithms_cert extension.

To be used in ClientHello and CertificateRequest.

tlsfuzzer.expect.clnt_ext_handler_status_request(state, extension)[source]

Check status_request extension from initiating side.

To be used in ClientHello and CertificateRequest

tlsfuzzer.expect.gen_srv_ext_handler_psk(psk_configs=())[source]

Creates a handler for pre_shared_key extension from the server.

tlsfuzzer.expect.gen_srv_ext_handler_record_limit(size=None)[source]

Create a handler for record_size_limit_extension from the server.

Note that if the extension is actually negotiated, it will override any ~SetMaxRecordSize() before EncryptedExtensions in TLS 1.3 and before ChangeCipherSpec in TLS 1.2 and earlier.

Parameters:

size (int) – expected value from server, None for any valid

Process the cookie extension in HRR message.

tlsfuzzer.expect.hrr_ext_handler_key_share(state, extension)[source]

Process the key_share extension in HRR message.

tlsfuzzer.expect.srv_ext_handler_alpn(state, extension)[source]

Process the ALPN extension from server.

tlsfuzzer.expect.srv_ext_handler_ec_point(state, extension)[source]

Process the ec_point_formats extension from server.

tlsfuzzer.expect.srv_ext_handler_ems(state, extension)[source]

Process Extended Master Secret extension from server.

tlsfuzzer.expect.srv_ext_handler_etm(state, extension)[source]

Process Encrypt then MAC extension from server.

tlsfuzzer.expect.srv_ext_handler_heartbeat(state, extension)[source]

Process the heartbeat extension from server.

tlsfuzzer.expect.srv_ext_handler_key_share(state, extension)[source]

Process the key_share extension from server.

tlsfuzzer.expect.srv_ext_handler_npn(state, extension)[source]

Process the NPN extension from server.

tlsfuzzer.expect.srv_ext_handler_renego(state, extension)[source]

Process the renegotiation_info from server.

tlsfuzzer.expect.srv_ext_handler_session_ticket(state, extension)[source]

Process the session_ticket extension from server.

tlsfuzzer.expect.srv_ext_handler_sni(state, extension)[source]

Process the server_name extension from server.

tlsfuzzer.expect.srv_ext_handler_status_request(state, extension)[source]

Process the status_request extension from server.

TLS 1.2 ServerHello specific, in TLS 1.3 the extension resides in Certificate message.

tlsfuzzer.expect.srv_ext_handler_supp_groups(state, extension)[source]

Process the supported_groups from server.

tlsfuzzer.expect.srv_ext_handler_supp_vers(state, extension)[source]

Process the supported_versions from server.