Skip to content

Commit

Permalink
expose block size used by cipher
Browse files Browse the repository at this point in the history 
Stops the unit tests depending on private fields, useful
for overriding the padding method in general
  • Loading branch information
@tomato42
tomato42 committed Nov 12, 2015
1 parent 021bef0 commit 837c773
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 8 deletions.
7 changes: 6 additions & 1 deletion tlslite/recordlayer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,11 @@ def __init__(self, sock):

self.encryptThenMAC = False

@property
def blockSize(self):
"""Return the size of block used by current symmetric cipher (R/O)"""
return self._writeState.encContext.block_size

@property
def version(self):
"""Return the TLS version used by record layer"""
Expand Down Expand Up @@ -300,7 +305,7 @@ def isCBCMode(self):
def addPadding(self, data):
"""Add padding to data so that it is multiple of block size"""
currentLength = len(data)
blockLength = self._writeState.encContext.block_size
blockLength = self.blockSize
paddingLength = blockLength - 1 - (currentLength % blockLength)

paddingBytes = bytearray([paddingLength] * (paddingLength+1))
Expand Down
45 changes: 38 additions & 7 deletions unit_tests/test_tlslite_recordlayer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,37 @@ def test_getCipherName(self):
self.assertEqual('aes128', recordLayer.getCipherName())
self.assertTrue(recordLayer.isCBCMode())

def test_blockSize(self):
sock = MockSocket(bytearray(0))

recordLayer = RecordLayer(sock)
recordLayer.version = (3, 3)

recordLayer.calcPendingStates(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
bytearray(48), # master secret
bytearray(32), # client random
bytearray(32), # server random
None)
recordLayer.changeWriteState()

self.assertEqual(16, recordLayer.blockSize)

@unittest.skipUnless(cryptomath.m2cryptoLoaded, "requires M2Crypto")
def test_blockSize_with_3DES(self):
sock = MockSocket(bytearray(0))

recordLayer = RecordLayer(sock)
recordLayer.version = (3, 3)

recordLayer.calcPendingStates(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
bytearray(48), # master secret
bytearray(32), # client random
bytearray(32), # server random
None)
recordLayer.changeWriteState()

self.assertEqual(8, recordLayer.blockSize)

def test_getCipherImplementation(self):
sock = MockSocket(bytearray(0))

Expand Down Expand Up @@ -1320,7 +1351,7 @@ def test_recvRecord_with_zero_filled_padding_in_SSLv3(self):
# change the padding method to return simple version of padding (SSLv3)
def broken_padding(data):
currentLength = len(data)
blockLength = sendingRecordLayer._writeState.encContext.block_size
blockLength = sendingRecordLayer.blockSize
paddingLength = blockLength - 1 - (currentLength % blockLength)

paddingBytes = bytearray([0] * (paddingLength)) + \
Expand Down Expand Up @@ -1397,7 +1428,7 @@ def test_recvRecord_with_invalid_last_byte_in_padding(self):
# change the padding method to return invalid padding
def broken_padding(data):
currentLength = len(data)
blockLength = sendingRecordLayer._writeState.encContext.block_size
blockLength = sendingRecordLayer.blockSize
paddingLength = blockLength - 1 - (currentLength % blockLength)

# make the value of last byte longer than all data
Expand Down Expand Up @@ -1468,7 +1499,7 @@ def test_recvRecord_with_invalid_middle_byte_in_padding(self):
# change the padding method to return invalid padding
def broken_padding(data):
currentLength = len(data)
blockLength = sendingRecordLayer._writeState.encContext.block_size
blockLength = sendingRecordLayer.blockSize
paddingLength = blockLength - 1 - (currentLength % blockLength)

# make the value of last byte longer than all data
Expand Down Expand Up @@ -1541,7 +1572,7 @@ def test_recvRecord_with_truncated_MAC(self):
def broken_padding(data):
data = data[:18]
currentLength = len(data)
blockLength = sendingRecordLayer._writeState.encContext.block_size
blockLength = sendingRecordLayer.blockSize
paddingLength = blockLength - 1 - (currentLength % blockLength)

paddingBytes = bytearray([paddingLength] * (paddingLength)) + \
Expand Down Expand Up @@ -1612,7 +1643,7 @@ def test_recvRecord_with_invalid_MAC(self):
def broken_padding(data):
data[-1] ^= 255
currentLength = len(data)
blockLength = sendingRecordLayer._writeState.encContext.block_size
blockLength = sendingRecordLayer.blockSize
paddingLength = blockLength - 1 - (currentLength % blockLength)

paddingBytes = bytearray([paddingLength] * (paddingLength)) + \
Expand Down Expand Up @@ -1882,7 +1913,7 @@ def test_recvRecord_with_encryptThenMAC_and_bad_last_padding_byte(self):
# change the padding method to return invalid padding
def broken_padding(data):
currentLength = len(data)
blockLength = sendingRecordLayer._writeState.encContext.block_size
blockLength = sendingRecordLayer.blockSize
paddingLength = blockLength - 1 - (currentLength % blockLength)

# make the value of last byte longer than all data
Expand Down Expand Up @@ -2012,7 +2043,7 @@ def test_recvRecord_with_encryptThenMAC_and_bad_padding_byte(self):
# change the padding method to return invalid padding
def broken_padding(data):
currentLength = len(data)
blockLength = sendingRecordLayer._writeState.encContext.block_size
blockLength = sendingRecordLayer.blockSize
paddingLength = blockLength - 1 - (currentLength % blockLength)

# make the value of second to last byte invalid (0)
Expand Down

1 comment on commit 837c773

@joshbressers
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+

Please sign in to comment.