def aes_decryptor(ssl_convo, record, source='client'): """Decrypt via aes.""" # I think we need to reset the iv to the last encrypted block for CBC. # We are doing this in all cases because I heard that it is all CBC. # We will see. :) (Should this even be in the individual decryptor?) iv_size = int(ssl_convo.suite_props['iv_size']) if source == 'client': key = ssl_convo.client_key iv = ssl_convo.client_iv ssl_convo.client_iv = byteArray(record.body[-iv_size:]) else: key = ssl_convo.server_key iv = ssl_convo.server_iv ssl_convo.server_iv = byteArray(record.body[-iv_size:]) decryptor = OpenSSL_AES(key, 2, iv) # 2 = mode CBC #len_decrypted_iv = len(decryptor.decrypt(iv.tostring())) return decryptor.decrypt(record.body)
def hs_parse_server_hello(self, ssl_convo, record, handshake, bytes): """Parse ServerHello handshake message.""" ssl_convo.version = uint8(bytes[0]), uint8(bytes[1]) # TODO: Log unexpected versions. ssl_convo.server_random = byteArray(bytes[2:34]) session_id_end = uint8(bytes[34]) + 35 ssl_convo.session_id = bytes[35:session_id_end] suite = (uint8(bytes[session_id_end]), uint8(bytes[session_id_end + 1])) # TODO: Log unexected suites. ssl_convo.cipher_suite = cipher_suites[suite] ssl_convo.suite_props = suite_props[ssl_convo.cipher_suite]
def hs_parse_client_key_exchange(self, ssl_convo, record, handshake, bytes): """Parse ClientKeyExchange handshake message.""" # TODO: Where the heck did these 2 extra bytes come from? ssl_convo.encrypted_pre_master_secret = bytes[2:] if ssl_convo.suite_props['key_exchange'] == 'RSA': private_key = self.cfg.get('ssl', 'private_key') rsa_key = parsePEMKey(open(private_key).read()) array = byteArray(bytes[2:]) ssl_convo.pre_master_secret = rsa_key.decrypt(array) assert len(ssl_convo.pre_master_secret) == 48 else: pass # TODO: Something. Logging.
def derive_master_secret(self): """Derive master secret from pre-master secret. You need to have parsed the key exchange before doing this. """ props = self.suite_props seed = self.client_random + self.server_random if props['key_exchange'] == 'RSA' and self.version == (3, 1): self.master_secret = PRF(self.pre_master_secret, byteArray("master secret"), seed, 48) elif props['key_exchange'] == 'RSA' and self.version == (3, 0): self.master_secret = PRF_SSL(self.pre_master_secret, seed, 48) else: pass # TODO: Log this.
def derive_keys(self): """Generate the needed key material.""" props = self.suite_props hash_size = (props['hash'] == 'SHA' and 20 or 16) key_block_size = (int(props['iv_size']) + int(props['key_size']) + hash_size) * 2 if props['key_exchange'] == 'RSA' and self.version == (3, 1): key_block = PRF(self.master_secret, byteArray("key expansion"), self.server_random + self.client_random, key_block_size) elif props['key_exchange'] == 'RSA' and self.version == (3, 0): key_block = PRF_SSL(self.master_secret, self.server_random + self.client_random, key_block_size) else: pass # TODO: Log This self.slice_key_block(key_block)
def hs_parse_client_hello(self, ssl_convo, record, handshake, bytes): """Parse ClientHello handshake message.""" ssl_convo.client_version = uint8(bytes[0]), uint8(bytes[1]) ssl_convo.client_random = byteArray(bytes[2:34])