def process_payload(self, message, conn): print "Received payload at server" if len(message) < 12: return '\x03', None # Validate some bytes message_id = message[0] if not util.is_known_message_id(message_id): return '\x02', None if not message[0] == ord('\x07'): return '\x01', None if not message[5:7] == self.session_ids[conn]: return '\x04', None # Get the length of the actual payload and extract it length = util.binary_to_int(message[7:11]) if len(message) < 12 + length: return '\x03', None payload = message[11:11 + length] # Validate some bytes if not (message[11 + length] == ord('\xF0') and message[12 + length] == ord('\xF0')): return '\x06', None # If no listener, nothing to do if self.payload_listener is None: return None, None # Let listener generate replies replies = self.payload_listener.callback(payload, self.user_ids[conn]) return None, replies
def process_payload(self, message, conn): print "Received payload at client" if len(message) < 12: return '\x03' # Validate some bytes message_id = message[0] if not util.is_known_message_id(message_id): return '\x02' if not message[0] == ord('\x07'): return '\x01' if not message[5:7] == self.session_id: return '\x04' # Get the unencrypted payload length length = util.binary_to_int(message[7:11]) if len(message) < 12 + length: return '\x03' # Extract the payload payload = message[11:11 + length] if not (message[11 + length] == ord('\xF0') and message[12 + length] == ord('\xF0')): return '\x06' # If no listener, nothing to do if self.payload_listener is None: return None # Generate reply self.payload_listener.callback(payload, self) return None
def process_hello(self, message, conn): print "Received Server Hello" if len(message) != 1249: return '\x03' # Validate some bytes message_id = message[0] if not util.is_known_message_id(message_id): return '\x02' if not message[0] == ord('\x02'): return '\x01' if not message[5] == ord('\x64'): return '\x05' if not message[6] == ord('\x65'): return '\x05' # Extract server_random and session ID self.server_random = util.binary_to_text(message[7:39]) self.session_id = message[39:41] # Validate some more bytes if not (message[41] == ord('\x00') and message[42] == ord('\x2F')): return '\x05' self.certificate_required = message[43] == ord('\x01') # Parse and validate the server certificate server_cert = crypto.load_certificate(crypto.FILETYPE_PEM, util.binary_to_text(message[44:1247])) if server_cert.get_issuer().commonName != 'orion' or server_cert.has_expired(): return '\x07' # Extract server public key self.server_pubkey = Crypto.PublicKey.RSA.importKey( M2Crypto.X509.load_cert_string(message[44:1247]).get_pubkey().as_der()) # Validate some more bytes if not (message[1247] == ord('\xF0') and message[1248] == ord('\xF0')): return '\x06' return None
def process_finished(self, message, conn): print "Received FinishedClient" if len(message) != 10: return '\x03' # Validate some bytes message_id = message[0] if not util.is_known_message_id(message_id): return '\x02' if not message[0] == ord('\x04'): return '\x01' if not message[5:7] == self.session_ids[conn]: return '\x04' # skip state if not (message[8] == ord('\xF0') and message[9] == ord('\xF0')): return '\x06' return None
def process_hello(self, message, conn): print "Received ClientHello" if len(message) != 43: return '\x03' message_id = message[0] # Validate some bytes if not util.is_known_message_id(message_id): return '\x02' if not message[0] == ord('\x01'): return '\x01' if not message[5] == ord('\x64'): return '\x05' if not message[6] == ord('\x65'): return '\x05' # Extract client_random self.client_randoms[conn] = util.binary_to_text(message[7:39]) # Validate some more bytes if not (message[39] == ord('\x00') and message[40] == ord('\x2F')): return '\x05' if not (message[41] == ord('\xF0') and message[42] == ord('\xF0')): return '\x06' return None
def process_key_exchange(self, message, conn): print "Received ClientKeyExchange" if len(message) < 1234: return '\x03' # Validate some bytes message_id = message[0] if not util.is_known_message_id(message_id): return '\x02' if not message[0] == ord('\x03'): return '\x01' if not message[5:7] == self.session_ids[conn]: return '\x04' # Parse and validate certificate client_cert = crypto.load_certificate( crypto.FILETYPE_PEM, util.binary_to_text(message[7:1210])) if client_cert.get_issuer( ).commonName != 'orion' or client_cert.has_expired(): return '\x08' # Extract pubkey from certificate self.client_pubkeys[conn] = Crypto.PublicKey.RSA.importKey( M2Crypto.X509.load_cert_string( message[7:1210]).get_pubkey().as_der()) # Extract and decrypt pre_master length = util.binary_to_int(message[1210:1212]) if len(message) != 1234 + length: return '\x03' pre_master = rsa.long_to_text( rsa.decrypt_rsa(util.binary_to_long(message[1212:1212 + length]), self.private_key.d, self.private_key.n), 48) # Validate login user_id = client_cert.get_subject().commonName if not self.accounts.get(user_id): # Don't know this user at all return '\x09' expected_hash = sha1.sha1( sha1.digestToString(self.accounts[user_id]) + self.server_randoms[conn]) if not message[1212 + length:1232 + length] == util.int_to_binary( expected_hash, 20): return '\x09' self.user_ids[conn] = user_id # Validate some bytes if not (message[1232 + length] == ord('\xF0') and message[1233 + length] == ord('\xF0')): return '\x06' # Now knows enough to calculate master secret server_random = self.server_randoms[conn] client_random = self.client_randoms[conn] master_secret = \ sha1.sha1( sha1.digestToString(sha1.sha1( pre_master + sha1.digestToString(sha1.sha1('A' + pre_master + client_random + server_random)))) + sha1.digestToString(sha1.sha1( pre_master + sha1.digestToString(sha1.sha1('BB' + pre_master + client_random + server_random)))) + sha1.digestToString(sha1.sha1( pre_master + sha1.digestToString(sha1.sha1('CCC' + pre_master + client_random + server_random))))) self.master_secrets[conn] = master_secret return None