def connect():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if hasattr(sock, 'settimeout'): #It's a python 2.3 feature
sock.settimeout(5)
sock.connect(address)
c = TLSConnection(sock)
return c
def testMACValidation():
"""
Tests whether the server properly rejects messages when their MAC is modified.
"""
print("Testing validation of individual MAC bits...")
failBits = []
for maskBit in range(0, 96):
rejected = False
try:
# formulate a bit mask based on the current mask bit index
mask = bytearray([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
maskIndex = int((maskBit - (maskBit % 8)) / 8)
mask[maskIndex] = (0x80 >> (maskBit % 8))
if args.verbose:
maskBinString = ''.join(format(x, 'b').zfill(8) for x in mask)
print("\tTesting bit %d, mask: %s" % (maskBit, maskBinString))
else:
print("+", end="")
# connect to the server and do a handshake
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((args.host, args.port))
tls = TLSConnection(sock)
# assign mask as tweak
tls.macTweak = bytearray(mask)
tls.handshakeClientCert()
# send a packet
tls.send("GET / HTTP/1.0\n\n\n")
# try to read some data back
data = tls.read()
except (TLSRemoteAlert, socket.error):
rejected = True
if args.verbose:
print("\tBit %d rejected correctly!" % maskBit)
except (TLSAbruptCloseError, socket.error):
rejected = True
if args.verbose:
print("\tBit %d rejected correctly!" % maskBit)
if not rejected:
failBits.append(maskBit)
if not args.verbose:
print("")
if len(failBits) > 0:
macValidationIssue = getIssueTemplate("MAC_VALIDATION_ERROR")
macValidationIssue.findings = ', '.join(str(b) for b in failBits)
report.addIssue(macValidationIssue)
print("The following modified MAC bits were incorrectly accepted: ",
end='')
print(', '.join(str(b) for b in failBits))
else:
print("All modified MAC bits were correctly rejected.")
def setup(self):
conn = TLSConnection(self.request)
conn.closeSocket = True
conn.handshakeServer(certChain=self.owner.creds.cert,
privateKey=self.owner.creds.pkey,
checker=self.owner.creds.checker,
reqCert=True)
self.rfile = conn.makefile('rb', self.rbufsize)
self.wfile = conn.makefile('wb', self.wbufsize)
self.owner.conn = conn
def connect(self):
if self.conn:
return
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(self.address)
self.conn = TLSConnection(sock)
self.conn.handshakeClientCert(self.__creds.cert,
self.__creds.pkey,
checker=self.__creds.checker)
self.fconn = self.conn.makefile()
def setup_connection(self):
hdr = self.generate_peer_header()
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.connect(self.address_tuple)
self.upstream_connection = TLSConnection(sock)
hs = self.upstream_connection.handshakeClientCert()
self.upstream_connection.write(self.nsbytes)
self.upstream_connection.write(hdr)
invalid = self.read_peer_header(self.upstream_connection)
if invalid.message != '':
raise Exception(
"GRPC Server sent invalid header or proof {0}".format(invalid))
def connect():
return TLSConnection(lsock.accept()[0])
def setBit(int_type, offset):
mask = 1 << offset
return (int_type | mask)
def testBit(int_type, offset):
mask = 1 << offset
return (int_type & mask)
sock = socket(AF_INET, SOCK_STREAM)
sock.connect((GATEWAY_HOST, GATEWAY_PORT))
connection = TLSConnection(sock)
connection.handshakeClientCert()
print '***connected***'
## Authentication message
msg = message_pb2.Container()
_SID = raw_input('YOUR SID> ')
msg.SID = _SID #'a'
msg.RID = ''
msg.STIME = 0
os.system('TITLE CLIENT %s' % _SID)
msgType = 0
msgType = setBit(msgType, 0) # Identity