tlsfuzzer.expect module
Parsing and processing of received TLS messages
- class tlsfuzzer.expect.Expect(content_type)[source]
Bases:
TreeNode
Base class for objects handling message readers
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_match(msg)[source]
Checks if the object can handle message
Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it
- Parameters:
msg (tlslite.messages.Message) – raw message to check
- process(state, msg)[source]
Process the message and update the state accordingly.
- Parameters:
state (tlsfuzzer.runner.ConnectionState) – current connection state, needs to be updated after parsing the message by inheriting classes
msg (tlslite.messages.Message) – raw message to parse
- class tlsfuzzer.expect.ExpectAlert(level=None, description=None)[source]
Bases:
Expect
Processing TLS Alert message
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Checks if the object can handle message
Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it
- Parameters:
msg (tlslite.messages.Message) – raw message to check
- process(state, msg)[source]
Process the message and update the state accordingly.
- Parameters:
state (tlsfuzzer.runner.ConnectionState) – current connection state, needs to be updated after parsing the message by inheriting classes
msg (tlslite.messages.Message) – raw message to parse
- class tlsfuzzer.expect.ExpectApplicationData(data=None, size=None, output=None, description=None)[source]
Bases:
Expect
Processing Application Data message
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Checks if the object can handle message
Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it
- Parameters:
msg (tlslite.messages.Message) – raw message to check
- process(state, msg)[source]
Process the message and update the state accordingly.
- Parameters:
state (tlsfuzzer.runner.ConnectionState) – current connection state, needs to be updated after parsing the message by inheriting classes
msg (tlslite.messages.Message) – raw message to parse
- class tlsfuzzer.expect.ExpectCertificate(cert_type=0)[source]
Bases:
ExpectHandshake
Processing TLS Handshake protocol Certificate messages
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectCertificateRequest(sig_algs=None, cert_types=None, sanity_check_cert_types=True, extensions=None, context=None)[source]
Bases:
_ExpectExtensionsMessage
Processing TLS Handshake protocol Certificate Request message.
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _compare_extensions(message)
Verify that server provided extensions match exactly expected list.
- _repr(attributes)
Return a text representation of the object.
- static _sanity_check_cert_types(cert_request)[source]
Verify that the CertificateRequest is self-consistent.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectCertificateStatus[source]
Bases:
ExpectHandshake
Processing of CertificateStatus message from RFC 6066.
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- process(state, msg)[source]
Process the message and update the state accordingly.
- Parameters:
state (tlsfuzzer.runner.ConnectionState) – current connection state, needs to be updated after parsing the message by inheriting classes
msg (tlslite.messages.Message) – raw message to parse
- class tlsfuzzer.expect.ExpectCertificateVerify(version=None, sig_alg=None, hash_file=None, sig_file=None)[source]
Bases:
ExpectHandshake
Processing TLS Handshake protocol Certificate Verify messages. :param tuple(int,int) version: Expected TLS version of the message. If not provided will be taken from the state. :param tuple(int,int) sig_alg: Expected value of the signature scheme created by the server. If not provided it will be compared with signature algorithm extension from client hello. :param str hash_file: The file where hashes of the signature context will be logged :param str sig_file: The file where the signatures themselves will be logged
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectChangeCipherSpec[source]
Bases:
Expect
Processing TLS Change Cipher Spec messages.
Note
In SSLv3 up to TLS 1.2, the message modifies the state of record layer to expect encrypted records after receiving this message. In case of renegotiation, record layer will expect records encrypted with the newly negotiated keys. In TLS 1.3 it has no effect on record layer encryption.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Checks if the object can handle message
Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it
- Parameters:
msg (tlslite.messages.Message) – raw message to check
- class tlsfuzzer.expect.ExpectClose[source]
Bases:
Expect
Virtual message signifying closing of TCP connection
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Checks if the object can handle message
Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it
- Parameters:
msg (tlslite.messages.Message) – raw message to check
- class tlsfuzzer.expect.ExpectEncryptedExtensions(extensions=None)[source]
Bases:
_ExpectExtensionsMessage
Processing of the TLS handshake protocol Encrypted Extensions message
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _compare_extensions(message)
Verify that server provided extensions match exactly expected list.
- _compare_extensions_in_ee(srv_exts, cln_hello)[source]
Verify that server provided extensions match exactly expected list.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- process(state, msg)[source]
Process the message and update the state accordingly.
- Parameters:
state (tlsfuzzer.runner.ConnectionState) – current connection state, needs to be updated after parsing the message by inheriting classes
msg (tlslite.messages.Message) – raw message to parse
- class tlsfuzzer.expect.ExpectFinished(version=None, description=None)[source]
Bases:
ExpectHandshake
Processing TLS handshake protocol Finished message.
Note
In TLS 1.3 the message will modify record layer to start sending records with encryption using the
client_handshake_traffic_secret
keys. It will also modify the record layer to start expecting the records to be encrypted withserver_application_traffic_secret
keys.- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectHandshake(content_type, handshake_type)[source]
Bases:
ExpectMessage
Common methods for handling TLS Handshake protocol messages
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- process(state, msg)[source]
Process the message and update the state accordingly.
- Parameters:
state (tlsfuzzer.runner.ConnectionState) – current connection state, needs to be updated after parsing the message by inheriting classes
msg (tlslite.messages.Message) – raw message to parse
- class tlsfuzzer.expect.ExpectHeartbeat(message_type=2, payload=None, padding_size=None)[source]
Bases:
ExpectMessage
Processing of heartbeat messages.
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Checks if the object can handle message
Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it
- Parameters:
msg (tlslite.messages.Message) – raw message to check
- class tlsfuzzer.expect.ExpectHelloRequest(description=None)[source]
Bases:
ExpectHandshake
Processing of TLS handshake protocol hello request message.
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectHelloRetryRequest(extensions=None, version=None, cipher=None)[source]
Bases:
ExpectServerHello
Processing of the TLS 1.3 HelloRetryRequest message.
- static _check_against_hrr(state, srv_hello)
- _check_downgrade_protection(srv_hello)
Verify that server provided downgrade protection as specified in RFC 8446, Section 4.1.3
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _compare_extensions(message)
Verify that server provided extensions match exactly expected list.
- static _extract_version(msg)
Extract the real version from the message if TLS 1.3 is in use.
- _process_extensions(state, cln_hello, srv_hello)
Check if extensions are correct.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- process(state, msg)[source]
Process the message and update state accordingly
- Parameters:
state (ConnectionState) – overall state of TLS connection
msg (Message) – TLS Message read from socket
- class tlsfuzzer.expect.ExpectKeyUpdate(message_type=None)[source]
Bases:
ExpectHandshake
Processing of post-handshake KeyUpdate message from RFC 8446
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectMessage(content_type)[source]
Bases:
Expect
Common methods for handling TLS messages.
- static _cmp_eq(our, recv, field_type=None, f_str=None)[source]
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)[source]
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)[source]
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Checks if the object can handle message
Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it
- Parameters:
msg (tlslite.messages.Message) – raw message to check
- process(state, msg)
Process the message and update the state accordingly.
- Parameters:
state (tlsfuzzer.runner.ConnectionState) – current connection state, needs to be updated after parsing the message by inheriting classes
msg (tlslite.messages.Message) – raw message to parse
- class tlsfuzzer.expect.ExpectNewSessionTicket(version=None, description=None)[source]
Bases:
ExpectHandshake
Processing TLS handshake protocol new session ticket message.
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectNoMessage(timeout=0.1)[source]
Bases:
Expect
Virtual message signifying timeout on message listen.
- Variables:
timeout (int or float) – how long to wait for message before giving up, in seconds, can be float
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Checks if the object can handle message
Note that the msg is a raw, unparsed message of indicated type that requires calling write() to get a raw bytearray() representation of it
- Parameters:
msg (tlslite.messages.Message) – raw message to check
- class tlsfuzzer.expect.ExpectSSL2Alert(error=None)[source]
Bases:
ExpectHandshake
Processing of SSLv2 Handshake protocol alert messages
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectServerHello(extensions=None, version=None, resume=False, cipher=None, server_max_protocol=None, force_resume=False, description=None)[source]
Bases:
_ExpectExtensionsMessage
Parsing TLS Handshake protocol Server Hello messages.
Processing of the ServerHello message updates the record layer to the version advertisied by the server. Use
SetRecordVersion
to change it earlier to send records with different versions.Note
Receiving of the ServerHello in TLS 1.3 influences record layer encryption. After the message is received, the
client_handshake_traffic_secret
andserver_handshake_traffic_secret
is derived and record layer is configured to expect encrypted records on the receiving side.- Variables:
~.description (str) – identifier to print when processing of the node fails
- _check_downgrade_protection(srv_hello)[source]
Verify that server provided downgrade protection as specified in RFC 8446, Section 4.1.3
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _compare_extensions(message)
Verify that server provided extensions match exactly expected list.
- static _extract_version(msg)[source]
Extract the real version from the message if TLS 1.3 is in use.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- process(state, msg)[source]
Process the message and update state accordingly
- Parameters:
state (ConnectionState) – overall state of TLS connection
msg (Message) – TLS Message read from socket
- class tlsfuzzer.expect.ExpectServerHello2(version=None)[source]
Bases:
ExpectHandshake
Processing of SSLv2 Handshake Protocol SERVER-HELLO message
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectServerHelloDone[source]
Bases:
ExpectHandshake
Processing TLS Handshake protocol ServerHelloDone messages
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectServerKeyExchange(version=None, cipher_suite=None, valid_sig_algs=None, valid_groups=None, valid_params=None)[source]
Bases:
ExpectHandshake
Processing TLS Handshake protocol Server Key Exchange message
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect.ExpectVerify[source]
Bases:
ExpectHandshake
Processing of SSLv2 SERVER-VERIFY message
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- class tlsfuzzer.expect._ExpectExtensionsMessage(content_type, msg_type, extensions)[source]
Bases:
ExpectHandshake
Common methods of messages that have a list of extensions.
Used in ServerHello, EncryptedExtensions and CertificateRequest (in TLS 1.3)
- static _cmp_eq(our, recv, field_type=None, f_str=None)
Check if expected value matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating them with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be expected value and the second one will be the received one
- static _cmp_eq_list(our, recv, field_type=None, f_str=None)
Check if expected list of values matched received, if defined.
If our is not None, compare with recv. If they don’t match, try translating items in the lists with field_type.toStr() method and rise AssertionError with message formatted with f_str. First parameter to .format() will be list of expected values and the second one will be the received one
- classmethod _cmp_eq_or_in(our, recv, field_type=None, f_str=None)
Check if received value equals expected or is in expected list.
If our is a list or set, check if recv is in it. If our is not None, check if it’s equal to recv. If they don’t match or are not part of a set, try translating them with field_type.toStr() method and raise AssertionError formatted with f_str. First parameter to .format() will be the expected value and the second one witll be the received one.
- _compare_extensions(message)[source]
Verify that server provided extensions match exactly expected list.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Flag to tell that the object is a message processor
- is_expect()
Flag to tell if the object is a message processor
- is_generator()
Flag to tell that the object is not a message generator
- is_match(msg)
Check if message is a given type of handshake protocol message
- process(state, msg)
Process the message and update the state accordingly.
- Parameters:
state (tlsfuzzer.runner.ConnectionState) – current connection state, needs to be updated after parsing the message by inheriting classes
msg (tlslite.messages.Message) – raw message to parse
- tlsfuzzer.expect._srv_ext_handler_psk(state, extension, psk_configs)[source]
Process the pre_shared_key extension from server.
Since it needs the psk_configurations, it can’t do it automatically so it shouldn’t be part of _srv_ext_handler.
- tlsfuzzer.expect._srv_ext_handler_record_limit(state, extension, size=None)[source]
Process record_size_limit extension from server.
- tlsfuzzer.expect.clnt_ext_handler_sig_algs(state, extension)[source]
Check signature_algorithms or signature_algorithms_cert extension.
To be used in ClientHello and CertificateRequest.
- tlsfuzzer.expect.clnt_ext_handler_status_request(state, extension)[source]
Check status_request extension from initiating side.
To be used in ClientHello and CertificateRequest
- tlsfuzzer.expect.gen_srv_ext_handler_psk(psk_configs=())[source]
Creates a handler for pre_shared_key extension from the server.
- tlsfuzzer.expect.gen_srv_ext_handler_record_limit(size=None)[source]
Create a handler for record_size_limit_extension from the server.
Note that if the extension is actually negotiated, it will override any ~SetMaxRecordSize() before EncryptedExtensions in TLS 1.3 and before ChangeCipherSpec in TLS 1.2 and earlier.
- Parameters:
size (int) – expected value from server, None for any valid
- tlsfuzzer.expect.hrr_ext_handler_cookie(state, extension)[source]
Process the cookie extension in HRR message.
Process the key_share extension in HRR message.
- tlsfuzzer.expect.srv_ext_handler_alpn(state, extension)[source]
Process the ALPN extension from server.
- tlsfuzzer.expect.srv_ext_handler_ec_point(state, extension)[source]
Process the ec_point_formats extension from server.
- tlsfuzzer.expect.srv_ext_handler_ems(state, extension)[source]
Process Extended Master Secret extension from server.
- tlsfuzzer.expect.srv_ext_handler_etm(state, extension)[source]
Process Encrypt then MAC extension from server.
- tlsfuzzer.expect.srv_ext_handler_heartbeat(state, extension)[source]
Process the heartbeat extension from server.
Process the key_share extension from server.
- tlsfuzzer.expect.srv_ext_handler_npn(state, extension)[source]
Process the NPN extension from server.
- tlsfuzzer.expect.srv_ext_handler_renego(state, extension)[source]
Process the renegotiation_info from server.
- tlsfuzzer.expect.srv_ext_handler_session_ticket(state, extension)[source]
Process the session_ticket extension from server.
- tlsfuzzer.expect.srv_ext_handler_sni(state, extension)[source]
Process the server_name extension from server.
- tlsfuzzer.expect.srv_ext_handler_status_request(state, extension)[source]
Process the status_request extension from server.
TLS 1.2 ServerHello specific, in TLS 1.3 the extension resides in Certificate message.