Example #1
0
    def __init__(self,
                 connection_end="server",
                 read_or_write="read",
                 seq_num=0,
                 compression_alg=Comp_NULL,
                 ciphersuite=None,
                 tls_version=0x0303):

        self.tls_version = tls_version

        # It is the user's responsibility to keep the record seq_num
        # under 2**64-1. If this value gets maxed out, the TLS class in
        # record.py will crash when trying to encode it with struct.pack().
        self.seq_num = seq_num

        self.connection_end = connection_end
        self.row = read_or_write

        if ciphersuite is None:
            from scapy.layers.tls.crypto.suites import TLS_NULL_WITH_NULL_NULL
            ciphersuite = TLS_NULL_WITH_NULL_NULL
        self.ciphersuite = ciphersuite(tls_version=tls_version)

        if not self.ciphersuite.usable:
            warning(
                "TLS ciphersuite not usable. Is the cryptography Python module installed ?"
            )  # noqa: E501
            return

        self.compression = compression_alg()
        self.key_exchange = ciphersuite.kx_alg()
        self.cipher = ciphersuite.cipher_alg()
        self.hash = ciphersuite.hash_alg()

        if tls_version > 0x0200:
            if ciphersuite.cipher_alg.type == "aead":
                self.hmac = None
                self.mac_len = self.cipher.tag_len
            else:
                self.hmac = ciphersuite.hmac_alg()
                self.mac_len = self.hmac.hmac_len
        else:
            self.hmac = ciphersuite.hmac_alg()  # should be Hmac_NULL
            self.mac_len = self.hash.hash_len

        if tls_version >= 0x0304:
            self.hkdf = TLS13_HKDF(self.hash.name.lower())
        else:
            self.prf = PRF(ciphersuite.hash_alg.name, tls_version)
Example #2
0
    def __init__(self,
                 connection_end="client",
                 read_or_write="read",
                 compression_alg=Comp_NULL,
                 ciphersuite=None,
                 tls_version=0x0303):

        # It is the user's responsibility to keep the record seq_num
        # under 2**64-1. If this value gets maxed out, the TLS class in
        # record.py will crash when trying to encode it with struct.pack().
        self.seq_num = 0

        self.connection_end = connection_end
        self.row = read_or_write

        if ciphersuite is None:
            from scapy.layers.tls.crypto.suites import TLS_NULL_WITH_NULL_NULL
            ciphersuite = TLS_NULL_WITH_NULL_NULL

        self.ciphersuite = ciphersuite(tls_version=tls_version)

        self.compression = compression_alg()
        self.key_exchange = ciphersuite.kx_alg()
        self.prf = PRF(ciphersuite.hash_alg.name, tls_version)

        # The attributes below usually get updated by .derive_keys()
        # As discussed, we need to initialize cipher and mac with dummy values.

        self.master_secret = None  # 48-byte shared secret
        self.cipher_secret = None  # key for the symmetric cipher
        self.mac_secret = None  # key for the MAC (stays None for AEAD)

        self.cipher = ciphersuite.cipher_alg()

        if ciphersuite.hmac_alg is None:  # AEAD
            self.hmac = None
            self.mac_len = self.cipher.tag_len
        else:
            self.hmac = ciphersuite.hmac_alg()
            self.mac_len = self.hmac.hmac_len
Example #3
0
privkey = open('key.pem', 'r').read()
rsakey = RSA.importKey(privkey)
rsa = PKCS1_v1_5.new(rsakey)
sentinel = 'Error'
premaster_secret = rsa.decrypt(hex_to_data(encrypted_premaster_secret),
                               sentinel)

# Your answer should be printed here
print('Decrypted Premaster Secret: %s' % data_to_hex(premaster_secret))
"""
2. Caclulate Master Secret (20 pts)
"""

# Your code goes here
prf = PRF(hash_name=PRF_ALGORITHM, tls_version=TLS_12)
master_secret = prf.compute_master_secret(premaster_secret, client_random,
                                          server_random)
# Your answer should be printed here
print('Master Secret: %s' % data_to_hex(master_secret))
"""
3. Calculate the Following (30 pts): 


    1) Client Write Key,
    2) Client Write IV,
    3) Client Write Mac Key,
    4) Server Write Key,
    5) Server Write IV,
    6) Server Write Mac Key
Example #4
0
# Your code goes here
encrypted_premaster_secret = '92c4684b5c1bb97aa3cd3bf8caf33cc659b1e3294d8f98618eb4f961792985ec75d18088f760db4096be2b894f5778a73e0f40b118120bd306340a158be3a770fc173977fceb7b1f1fad35f6cfbbe2efa4dcc7b4b9f798879b6ff22e190e3f75e194333e00472a7c6370425c4ef1702ed3a9166a2c27a1fe2587dc13794192cd0677b49e600e77ea153dce079ea34756bd813de352f3aeae9a09b9369cc16a79c8cd51d48bf484b08a6fc3f245812236ea10285ce347e41a93f0a398ec6f8b8b2edcd55d10fe35bb88ebbabb556d6d42544886f462bce76c1515b6ad0ed1f547cf4a1a9ba423853ffa99d174dfba8071d6808155ab4d9ac6866a472df7a77106'

k = PrivKeyRSA('key.pem')
premaster_secret = k.decrypt(bytes(hex_to_data(encrypted_premaster_secret)))

# Your answer should be printed here
print('Decrypted Premaster Secret: %s\n' % data_to_hex(premaster_secret))
"""
2. Caclulate Master Secret (20 pts)
"""

# Your code goes here

f = PRF(PRF_ALGORITHM, TLS_12)
master_secret = f.compute_master_secret(premaster_secret,
                                        hex_to_data(client_random),
                                        hex_to_data(server_random))

# Your answer should be printed here
print('Master Secret: %s\n' % data_to_hex(master_secret))
"""
3. Calculate the Following (30 pts): 


    1) Client Write Key,
    2) Client Write IV,
    3) Client Write Mac Key,
    4) Server Write Key,
    5) Server Write IV,