def __send_unencrypted_ack(self):
chlo = ACKPacket()
conf.L3socket = L3RawSocket
chlo.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
chlo.setfieldval(
"Packet Number",
PacketNumberInstance.get_instance().get_next_packet_number())
# print("First Ack Packet Number {}".format(int(str(PacketNumberInstance.get_instance().highest_received_packet_number), 16)))
chlo.setfieldval(
'Largest Acked',
int(
str(PacketNumberInstance.get_instance().
highest_received_packet_number), 16))
chlo.setfieldval(
'First Ack Block Length',
int(
str(PacketNumberInstance.get_instance().
highest_received_packet_number), 16))
associated_data = extract_from_packet(chlo, end=15)
body = extract_from_packet(chlo, start=27)
message_authentication_hash = FNV128A().generate_hash(
associated_data, body, True)
chlo.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / chlo
send(p)
def send_full_chlo(self):
chlo = FullCHLOPacket()
chlo.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
chlo.setfieldval('SCID_Value',
SessionInstance.get_instance().server_config_id)
chlo.setfieldval('STK_Value',
SessionInstance.get_instance().source_address_token)
# Lets just create the public key for DHKE
dhke.set_up_my_keys()
chlo.setfieldval(
"Packet Number",
PacketNumberInstance.get_instance().get_next_packet_number())
chlo.setfieldval(
'PUBS_Value',
string_to_ascii(
SessionInstance.get_instance().public_values_bytes))
associated_data = extract_from_packet(chlo, end=15)
body = extract_from_packet(chlo, start=27)
message_authentication_hash = FNV128A().generate_hash(
associated_data, body)
chlo.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
conf.L3socket = L3RawSocket
SessionInstance.get_instance(
).chlo = extract_from_packet_as_bytestring(
chlo, start=31
) # CHLO from the CHLO tag, which starts at offset 26 (22 header + frame type + stream id + offset)
# print("Send full CHLO")
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / chlo
# Maybe we cannot assume that is just a version negotiation packet?
# ans, _ = sr(p)
self.sniffer.add_observer(self)
send(p)
self.wait_for_signal_or_expiration()
self.processed = False
self.sniffer.remove_observer(self)
def send_chlo(self, only_reset):
# print("Only reset? {}".format(only_reset))
self.reset(only_reset)
if only_reset:
self.learner.respond("RESET")
return
# print(SessionInstance.get_instance().connection_id)
# print("Sending CHLO")
chlo = QUICHeader()
conf.L3socket = L3RawSocket
chlo.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
chlo.setfieldval(
"Packet Number",
PacketNumberInstance.get_instance().get_next_packet_number())
associated_data = extract_from_packet(chlo, end=15)
body = extract_from_packet(chlo, start=27)
message_authentication_hash = FNV128A().generate_hash(
associated_data, body)
chlo.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
# Store chlo for the key derivation
SessionInstance.get_instance(
).chlo = extract_from_packet_as_bytestring(chlo)
self.sniffer.add_observer(self)
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / chlo
send(p)
self.wait_for_signal_or_expiration()
self.processed = False
self.sniffer.remove_observer(self)
def send_second_ack(self):
chlo = SecondACKPacket()
conf.L3socket = L3RawSocket
chlo.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
chlo.setfieldval(
"Packet Number",
PacketNumberInstance.get_instance().get_next_packet_number())
associated_data = extract_from_packet(chlo, end=15)
body = extract_from_packet(chlo, start=27)
message_authentication_hash = FNV128A().generate_hash(
associated_data, body)
chlo.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / chlo
send(p)
def send_full_chlo_to_existing_connection(self):
"""
Is it sent encrypted?
:return:
"""
try:
previous_session = SessionModel.get(SessionModel.id == 1)
self.logger.info(previous_session)
self.logger.info("Server config Id {}".format(
previous_session.server_config_id))
self.logger.info(SessionInstance.get_instance().app_keys)
SessionInstance.get_instance(
).last_received_rej = "-1" # I want to force the sniffer to generate a new set of keys.
SessionInstance.get_instance().zero_rtt = True
# The order is important!
tags = [
{
'name':
'PAD',
'value':
'00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'
},
{
'name': 'SNI',
'value': '7777772e6578616d706c652e6f7267'
},
{
'name': 'STK',
'value': previous_session.source_address_token
},
{
'name': 'SNO',
'value': previous_session.server_nonce
},
{
'name': 'VER',
'value': '00000000'
},
{
'name': 'CCS',
'value': '01e8816092921ae87eed8086a2158291'
},
{
'name':
'NONC',
'value':
'5ac349e90091b5556f1a3c52eb57f92c12640e876e26ab2601c02b2a32f54830'
},
{
'name': 'AEAD',
'value': '41455347' # AESGCM12
},
{
'name': 'SCID',
'value': previous_session.server_config_id
},
{
'name': 'PDMD',
'value': '58353039'
},
{
'name': 'ICSL',
'value': '1e000000'
},
{
'name':
'PUBS',
'value':
'96D49F2CE98F31F053DCB6DFE729669385E5FD99D5AA36615E1A9AD57C1B090C'
},
{
'name': 'MIDS',
'value': '64000000'
},
{
'name': 'KEXS',
'value': '43323535' # C25519
},
{
'name': 'XLCT',
'value': '8d884a6c79a0e6de'
},
{
'name': 'CFCW',
'value': '00c00000'
},
{
'name': 'SFCW',
'value': '00800000'
},
]
d = DynamicCHLOPacket(tags)
body = d.build_body()
PacketNumberInstance.get_instance().reset()
conn_id = random.getrandbits(64)
SessionInstance.get_instance(
).server_nonce = previous_session.server_nonce
SessionInstance.get_instance().connection_id_as_number = conn_id
SessionInstance.get_instance().connection_id = str(
format(conn_id, 'x').zfill(8))
SessionInstance.get_instance().peer_public_value = bytes.fromhex(
previous_session.public_value)
self.logger.info("Using connection Id {}".format(
SessionInstance.get_instance().connection_id))
SessionInstance.get_instance().shlo_received = False
# SessionInstance.get_instance().zero_rtt = True # This one should only be set if the Zero RTT CHLO does not result in a REJ.
#
a = FullCHLOPacketNoPadding()
a.setfieldval(
'Packet Number',
PacketNumberInstance.get_instance().get_next_packet_number())
a.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
# # Lets just create the public key for DHKE
dhke.set_up_my_keys()
associated_data = extract_from_packet(a, end=15)
body_mah = [body[i:i + 2] for i in range(0, len(body), 2)]
message_authentication_hash = FNV128A().generate_hash(
associated_data, body_mah)
conf.L3socket = L3RawSocket
SessionInstance.get_instance(
).chlo = extract_from_packet_as_bytestring(
a, start=27
) # CHLO from the CHLO tag, which starts at offset 26 (22 header + frame type + stream id + offset)
SessionInstance.get_instance().chlo += body[4:]
# dhke.generate_keys(bytes.fromhex(previous_session.public_value), False)
# ciphertext = CryptoManager.encrypt(bytes.fromhex(SessionInstance.get_instance().chlo), 1)
#
a.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
#
# print("Send full CHLO from existing connection")
#
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / a / Raw(load=string_to_ascii(body))
# # Maybe we cannot assume that is just a version negotiation packet?
self.sniffer.add_observer(self)
send(p)
self.wait_for_signal_or_expiration()
self.processed = False
self.sniffer.remove_observer(self)
except Exception:
self.send_chlo(False)