def tls_session_update(self, msg_str):
super(SSLv2ClientMasterKey, self).tls_session_update(msg_str)
s = self.tls_session
cs_val = self.cipher
if cs_val not in _tls_cipher_suites_cls:
warning("Unknown cipher suite %d from ClientMasterKey" % cs_val)
cs_cls = None
else:
cs_cls = _tls_cipher_suites_cls[cs_val]
tls_version = s.tls_version or 0x0002
connection_end = s.connection_end
wcs_seq_num = s.wcs.seq_num
s.pwcs = writeConnState(ciphersuite=cs_cls,
connection_end=connection_end,
seq_num=wcs_seq_num,
tls_version=tls_version)
rcs_seq_num = s.rcs.seq_num
s.prcs = readConnState(ciphersuite=cs_cls,
connection_end=connection_end,
seq_num=rcs_seq_num,
tls_version=tls_version)
if self.decryptedkey is not None:
s.master_secret = self.clearkey + self.decryptedkey
s.compute_sslv2_km_and_derive_keys()
if s.pwcs.cipher.type == "block":
s.pwcs.cipher.iv = self.keyarg
if s.prcs.cipher.type == "block":
s.prcs.cipher.iv = self.keyarg
s.triggered_prcs_commit = True
s.triggered_pwcs_commit = True
def tls_session_update(self, msg_str):
super(SSLv2ClientMasterKey, self).tls_session_update(msg_str)
s = self.tls_session
cs_val = self.cipher
if cs_val not in _tls_cipher_suites_cls:
warning("Unknown cipher suite %d from ClientMasterKey" % cs_val)
else:
cs_cls = _tls_cipher_suites_cls[cs_val]
tls_version = s.tls_version
connection_end = s.connection_end
wcs_seq_num = s.wcs.seq_num
s.pwcs = writeConnState(ciphersuite=cs_cls,
connection_end=connection_end,
seq_num=wcs_seq_num,
tls_version=tls_version)
rcs_seq_num = s.rcs.seq_num
s.prcs = readConnState(ciphersuite=cs_cls,
connection_end=connection_end,
seq_num=rcs_seq_num,
tls_version=tls_version)
if self.decryptedkey is not None:
s.master_secret = self.clearkey + self.decryptedkey
s.compute_sslv2_km_and_derive_keys()
if s.pwcs.cipher.type == "block":
s.pwcs.cipher.iv = self.keyarg
if s.prcs.cipher.type == "block":
s.prcs.cipher.iv = self.keyarg
s.triggered_prcs_commit = True
s.triggered_pwcs_commit = True
def post_build_tls_session_update(self, msg_str):
self.tls_session_update(msg_str)
s = self.tls_session
if s.tls_version >= 0x0304:
s.pwcs = writeConnState(ciphersuite=type(s.wcs.ciphersuite),
connection_end=s.connection_end,
tls_version=s.tls_version)
s.triggered_pwcs_commit = True
if s.connection_end == "server":
s.compute_tls13_traffic_secrets()
elif s.connection_end == "client":
s.compute_tls13_traffic_secrets_end()
s.compute_tls13_resumption_secret()
def post_build_tls_session_update(self, msg_str):
self.tls_session_update(msg_str)
s = self.tls_session
if s.tls_version >= 0x0304:
s.pwcs = writeConnState(ciphersuite=type(s.wcs.ciphersuite),
connection_end=s.connection_end,
tls_version=s.tls_version)
s.triggered_pwcs_commit = True
if s.connection_end == "server":
s.compute_tls13_traffic_secrets()
elif s.connection_end == "client":
s.compute_tls13_traffic_secrets_end()
s.compute_tls13_resumption_secret()
def tls_session_update(self, msg_str):
"""
Either for parsing or building, we store the server_random
along with the raw string representing this handshake message.
We also store the session_id, the cipher suite (if recognized),
the compression method, and finally we instantiate the pending write
and read connection states. Usually they get updated later on in the
negotiation when we learn the session keys, and eventually they
are committed once a ChangeCipherSpec has been sent/received.
"""
super(TLSClientHello, self).tls_session_update(msg_str)
self.tls_session.tls_version = self.version
self.random_bytes = msg_str[10:38]
self.tls_session.server_random = (struct.pack('!I',
self.gmt_unix_time) +
self.random_bytes)
self.tls_session.sid = self.sid
cs_cls = None
if self.cipher:
cs_val = self.cipher
if cs_val not in _tls_cipher_suites_cls:
warning("Unknown cipher suite %d from ServerHello" % cs_val)
# we do not try to set a default nor stop the execution
else:
cs_cls = _tls_cipher_suites_cls[cs_val]
comp_cls = Comp_NULL
if self.comp:
comp_val = self.comp[0]
if comp_val not in _tls_compression_algs_cls:
err = "Unknown compression alg %d from ServerHello" % comp_val
warning(err)
comp_val = 0
comp_cls = _tls_compression_algs_cls[comp_val]
connection_end = self.tls_session.connection_end
self.tls_session.pwcs = writeConnState(ciphersuite=cs_cls,
compression_alg=comp_cls,
connection_end=connection_end,
tls_version=self.version)
self.tls_session.prcs = readConnState(ciphersuite=cs_cls,
compression_alg=comp_cls,
connection_end=connection_end,
tls_version=self.version)
def tls_session_update(self, msg_str):
"""
Either for parsing or building, we store the server_random
along with the raw string representing this handshake message.
We also store the session_id, the cipher suite (if recognized),
the compression method, and finally we instantiate the pending write
and read connection states. Usually they get updated later on in the
negotiation when we learn the session keys, and eventually they
are committed once a ChangeCipherSpec has been sent/received.
"""
super(TLSClientHello, self).tls_session_update(msg_str)
self.tls_session.tls_version = self.version
self.random_bytes = msg_str[10:38]
self.tls_session.server_random = (
struct.pack('!I', self.gmt_unix_time) + self.random_bytes)
self.tls_session.sid = self.sid
cs_cls = None
if self.cipher:
cs_val = self.cipher
if cs_val not in _tls_cipher_suites_cls:
warning("Unknown cipher suite %d from ServerHello" % cs_val)
# we do not try to set a default nor stop the execution
else:
cs_cls = _tls_cipher_suites_cls[cs_val]
comp_cls = Comp_NULL
if self.comp:
comp_val = self.comp[0]
if comp_val not in _tls_compression_algs_cls:
err = "Unknown compression alg %d from ServerHello" % comp_val
warning(err)
comp_val = 0
comp_cls = _tls_compression_algs_cls[comp_val]
connection_end = self.tls_session.connection_end
self.tls_session.pwcs = writeConnState(ciphersuite=cs_cls,
compression_alg=comp_cls,
connection_end=connection_end,
tls_version=self.version)
self.tls_session.prcs = readConnState(ciphersuite=cs_cls,
compression_alg=comp_cls,
connection_end=connection_end,
tls_version=self.version)
def tls_session_update(self, msg_str):
"""
Either for parsing or building, we store the server_random along with
the raw string representing this handshake message. We also store the
cipher suite (if recognized), and finally we instantiate the write and
read connection states.
"""
super(TLSClientHello, self).tls_session_update(msg_str)
s = self.tls_session
s.tls_version = self.version
s.server_random = self.random_bytes
cs_cls = None
if self.cipher:
cs_val = self.cipher
if cs_val not in _tls_cipher_suites_cls:
warning("Unknown cipher suite %d from ServerHello" % cs_val)
# we do not try to set a default nor stop the execution
else:
cs_cls = _tls_cipher_suites_cls[cs_val]
connection_end = s.connection_end
s.pwcs = writeConnState(ciphersuite=cs_cls,
connection_end=connection_end,
tls_version=self.version)
s.triggered_pwcs_commit = True
s.prcs = readConnState(ciphersuite=cs_cls,
connection_end=connection_end,
tls_version=self.version)
s.triggered_prcs_commit = True
if self.tls_session.tls13_early_secret is None:
# In case the connState was not pre-initialized, we could not
# compute the early secrets at the ClientHello, so we do it here.
self.tls_session.compute_tls13_early_secrets()
s.compute_tls13_handshake_secrets()
def tls_session_update(self, msg_str):
"""
Either for parsing or building, we store the server_random along with
the raw string representing this handshake message. We also store the
cipher suite (if recognized), and finally we instantiate the write and
read connection states.
"""
super(TLSClientHello, self).tls_session_update(msg_str)
s = self.tls_session
s.tls_version = self.version
s.server_random = self.random_bytes
cs_cls = None
if self.cipher:
cs_val = self.cipher
if cs_val not in _tls_cipher_suites_cls:
warning("Unknown cipher suite %d from ServerHello" % cs_val)
# we do not try to set a default nor stop the execution
else:
cs_cls = _tls_cipher_suites_cls[cs_val]
connection_end = s.connection_end
s.pwcs = writeConnState(ciphersuite=cs_cls,
connection_end=connection_end,
tls_version=self.version)
s.triggered_pwcs_commit = True
s.prcs = readConnState(ciphersuite=cs_cls,
connection_end=connection_end,
tls_version=self.version)
s.triggered_prcs_commit = True
if self.tls_session.tls13_early_secret is None:
# In case the connState was not pre-initialized, we could not
# compute the early secrets at the ClientHello, so we do it here.
self.tls_session.compute_tls13_early_secrets()
s.compute_tls13_handshake_secrets()