def aes_decryptor(ssl_convo, record, source='client'):
"""Decrypt via aes."""
# I think we need to reset the iv to the last encrypted block for CBC.
# We are doing this in all cases because I heard that it is all CBC.
# We will see. :) (Should this even be in the individual decryptor?)
iv_size = int(ssl_convo.suite_props['iv_size'])
if source == 'client':
key = ssl_convo.client_key
iv = ssl_convo.client_iv
ssl_convo.client_iv = byteArray(record.body[-iv_size:])
else:
key = ssl_convo.server_key
iv = ssl_convo.server_iv
ssl_convo.server_iv = byteArray(record.body[-iv_size:])
decryptor = OpenSSL_AES(key, 2, iv) # 2 = mode CBC
#len_decrypted_iv = len(decryptor.decrypt(iv.tostring()))
return decryptor.decrypt(record.body)
def hs_parse_server_hello(self, ssl_convo, record, handshake, bytes):
"""Parse ServerHello handshake message."""
ssl_convo.version = uint8(bytes[0]), uint8(bytes[1])
# TODO: Log unexpected versions.
ssl_convo.server_random = byteArray(bytes[2:34])
session_id_end = uint8(bytes[34]) + 35
ssl_convo.session_id = bytes[35:session_id_end]
suite = (uint8(bytes[session_id_end]),
uint8(bytes[session_id_end + 1]))
# TODO: Log unexected suites.
ssl_convo.cipher_suite = cipher_suites[suite]
ssl_convo.suite_props = suite_props[ssl_convo.cipher_suite]
def hs_parse_client_key_exchange(self, ssl_convo, record, handshake,
bytes):
"""Parse ClientKeyExchange handshake message."""
# TODO: Where the heck did these 2 extra bytes come from?
ssl_convo.encrypted_pre_master_secret = bytes[2:]
if ssl_convo.suite_props['key_exchange'] == 'RSA':
private_key = self.cfg.get('ssl', 'private_key')
rsa_key = parsePEMKey(open(private_key).read())
array = byteArray(bytes[2:])
ssl_convo.pre_master_secret = rsa_key.decrypt(array)
assert len(ssl_convo.pre_master_secret) == 48
else:
pass # TODO: Something. Logging.
def derive_master_secret(self):
"""Derive master secret from pre-master secret.
You need to have parsed the key exchange before doing this.
"""
props = self.suite_props
seed = self.client_random + self.server_random
if props['key_exchange'] == 'RSA' and self.version == (3, 1):
self.master_secret = PRF(self.pre_master_secret,
byteArray("master secret"), seed, 48)
elif props['key_exchange'] == 'RSA' and self.version == (3, 0):
self.master_secret = PRF_SSL(self.pre_master_secret, seed, 48)
else:
pass # TODO: Log this.
def derive_keys(self):
"""Generate the needed key material."""
props = self.suite_props
hash_size = (props['hash'] == 'SHA' and 20 or 16)
key_block_size = (int(props['iv_size']) + int(props['key_size']) +
hash_size) * 2
if props['key_exchange'] == 'RSA' and self.version == (3, 1):
key_block = PRF(self.master_secret, byteArray("key expansion"),
self.server_random + self.client_random,
key_block_size)
elif props['key_exchange'] == 'RSA' and self.version == (3, 0):
key_block = PRF_SSL(self.master_secret,
self.server_random + self.client_random,
key_block_size)
else:
pass # TODO: Log This
self.slice_key_block(key_block)
def hs_parse_client_hello(self, ssl_convo, record, handshake, bytes):
"""Parse ClientHello handshake message."""
ssl_convo.client_version = uint8(bytes[0]), uint8(bytes[1])
ssl_convo.client_random = byteArray(bytes[2:34])