diff --git a/prober.py b/prober.py index fc63e79..bb84c1c 100755 --- a/prober.py +++ b/prober.py @@ -176,7 +176,13 @@ ClientAuthzNull12PFS(), ClientAuthzOverflow(), ClientAuthzOverflow12(), - ClientAuthzOverflow12PFS() + ClientAuthzOverflow12PFS(), + ServerAuthzNull(), + ServerAuthzNull12(), + ServerAuthzNull12PFS(), + ServerAuthzOverflow(), + ServerAuthzOverflow12(), + ServerAuthzOverflow12PFS() ] def probe(ipaddress, port, starttls, specified_probe): diff --git a/probes.py b/probes.py index 6522230..03916f0 100644 --- a/probes.py +++ b/probes.py @@ -1674,3 +1674,38 @@ class ClientAuthzOverflow12(ClientAuthzOverflow, NormalHandshake12): class ClientAuthzOverflow12PFS(ClientAuthzOverflow, NormalHandshake12PFS): '''As with ClientAuthzOverflow but in PFS TLSv1.3 hello''' pass + + +class ServerAuthzNull(ClientAuthzNull): + '''Send empty server authz extension in hello''' + + def make_client_authz_hello(self, value): + server_authz_ext = Extension.create( + extension_type=8, + data=value) + return self.make_hello([server_authz_ext]) + + +class ServerAuthzNull12(ServerAuthzNull, NormalHandshake12): + '''Send empty server authz extension in TLSv1.2 hello''' + pass + + +class ServerAuthzNull12PFS(ServerAuthzNull, NormalHandshake12PFS): + '''Send empty server authz extension in PFS TLSv1.2 hello''' + pass + + +class ServerAuthzOverflow(ServerAuthzNull, ClientAuthzOverflow): + '''Send server authz extension with length longer than data in hello''' + pass + + +class ServerAuthzOverflow12(ServerAuthzOverflow, NormalHandshake12): + '''As with ServerAuthzOverflow but in TLSv1.2 hello''' + pass + + +class ServerAuthzOverflow12PFS(ServerAuthzOverflow, NormalHandshake12PFS): + '''As with ServerAuthzOverflow but in PFS TLSv1.2 hello''' + pass diff --git a/tests/test_probes.py b/tests/test_probes.py index f7a1733..92788c3 100644 --- a/tests/test_probes.py +++ b/tests/test_probes.py @@ -3265,3 +3265,129 @@ def test_test(self): b'\x00\x07' b'\x00\x07\x00\x03' b'\x04\x00\x01']) + + +class TestServerAuthzNull(unittest.TestCase): + def test_test(self): + probe = ServerAuthzNull() + sock = MockSock() + + probe.test(sock) + + self.assertEqual(sock.sent_data, + [b'\x16\x03\x01\x00?' + b'\x01\x00\x00;' + b'\x03\x01' + + RANDOM_STR + + b'\x00' + b'\x00\x0e' + + DEFAULT_CIPHERS_STR + + b'\x01\x00' + b'\x00\x04' + b'\x00\x08\x00\x00']) + + +class TestServerAuthzNull12(unittest.TestCase): + def test_test(self): + probe = ServerAuthzNull12() + sock = MockSock() + + probe.test(sock) + + self.assertEqual(sock.sent_data, + [b'\x16\x03\x01\x00W' + b'\x01\x00\x00S' + b'\x03\x03' + + RANDOM_STR + + b'\x00' + b'\x00&' + + DEFAULT_12_CIPHERS_STR + + b'\x01\x00' + b'\x00\x04' + b'\x00\x08\x00\x00']) + + +class TestServerAuthzNull12PFS(unittest.TestCase): + def test_test(self): + probe = ServerAuthzNull12PFS() + sock = MockSock() + + probe.test(sock) + + self.maxDiff = None + self.assertEqual(sock.sent_data, + [b"\x16\x03\x01\x00\x8f" + b"\x01\x00\x00\x8b" + b"\x03\x03" + + RANDOM_STR + + b"\x00" + b"\x00^" + + DEFAULT_PFS_CIPHERS_STR + + b"\x01\x00" + b'\x00\x04' + b'\x00\x08\x00\x00']) + + +class TestServerAuthzOverflow(unittest.TestCase): + def test_test(self): + probe = ServerAuthzOverflow() + sock = MockSock() + + probe.test(sock) + + self.maxDiff = None + self.assertEqual(sock.sent_data, + [b'\x16\x03\x01\x00B' + b'\x01\x00\x00>' + b'\x03\x01' + + RANDOM_STR + + b'\x00' + b'\x00\x0e' + + DEFAULT_CIPHERS_STR + + b'\x01\x00' + b'\x00\x07' + b'\x00\x08\x00\x03' + b'\x04\x00\x01']) + + +class TestServerAuthzOverflow12(unittest.TestCase): + def test_test(self): + probe = ServerAuthzOverflow12() + sock = MockSock() + + probe.test(sock) + + self.assertEqual(sock.sent_data, + [b'\x16\x03\x01\x00Z' + b'\x01\x00\x00V' + b'\x03\x03' + + RANDOM_STR + + b'\x00' + b'\x00&' + + DEFAULT_12_CIPHERS_STR + + b'\x01\x00' + b'\x00\x07' + b'\x00\x08\x00\x03' + b'\x04\x00\x01']) + + +class TestServerAuthzOverflow12FS(unittest.TestCase): + def test_test(self): + probe = ServerAuthzOverflow12PFS() + sock = MockSock() + + probe.test(sock) + + self.maxDiff = None + self.assertEqual(sock.sent_data, + [b"\x16\x03\x01\x00\x92" + b"\x01\x00\x00\x8e" + b"\x03\x03" + + RANDOM_STR + + b"\x00" + b"\x00^" + + DEFAULT_PFS_CIPHERS_STR + + b"\x01\x00" + b'\x00\x07' + b'\x00\x08\x00\x03' + b'\x04\x00\x01'])