def tls_session_update(self, msg_str): super(SSLv2ClientMasterKey, self).tls_session_update(msg_str) s = self.tls_session cs_val = self.cipher if cs_val not in _tls_cipher_suites_cls: warning("Unknown cipher suite %d from ClientMasterKey" % cs_val) cs_cls = None else: cs_cls = _tls_cipher_suites_cls[cs_val] tls_version = s.tls_version or 0x0002 connection_end = s.connection_end wcs_seq_num = s.wcs.seq_num s.pwcs = writeConnState(ciphersuite=cs_cls, connection_end=connection_end, seq_num=wcs_seq_num, tls_version=tls_version) rcs_seq_num = s.rcs.seq_num s.prcs = readConnState(ciphersuite=cs_cls, connection_end=connection_end, seq_num=rcs_seq_num, tls_version=tls_version) if self.decryptedkey is not None: s.master_secret = self.clearkey + self.decryptedkey s.compute_sslv2_km_and_derive_keys() if s.pwcs.cipher.type == "block": s.pwcs.cipher.iv = self.keyarg if s.prcs.cipher.type == "block": s.prcs.cipher.iv = self.keyarg s.triggered_prcs_commit = True s.triggered_pwcs_commit = True
def tls_session_update(self, msg_str): super(SSLv2ClientMasterKey, self).tls_session_update(msg_str) s = self.tls_session cs_val = self.cipher if cs_val not in _tls_cipher_suites_cls: warning("Unknown cipher suite %d from ClientMasterKey" % cs_val) else: cs_cls = _tls_cipher_suites_cls[cs_val] tls_version = s.tls_version connection_end = s.connection_end wcs_seq_num = s.wcs.seq_num s.pwcs = writeConnState(ciphersuite=cs_cls, connection_end=connection_end, seq_num=wcs_seq_num, tls_version=tls_version) rcs_seq_num = s.rcs.seq_num s.prcs = readConnState(ciphersuite=cs_cls, connection_end=connection_end, seq_num=rcs_seq_num, tls_version=tls_version) if self.decryptedkey is not None: s.master_secret = self.clearkey + self.decryptedkey s.compute_sslv2_km_and_derive_keys() if s.pwcs.cipher.type == "block": s.pwcs.cipher.iv = self.keyarg if s.prcs.cipher.type == "block": s.prcs.cipher.iv = self.keyarg s.triggered_prcs_commit = True s.triggered_pwcs_commit = True
def post_build_tls_session_update(self, msg_str): self.tls_session_update(msg_str) s = self.tls_session if s.tls_version >= 0x0304: s.pwcs = writeConnState(ciphersuite=type(s.wcs.ciphersuite), connection_end=s.connection_end, tls_version=s.tls_version) s.triggered_pwcs_commit = True if s.connection_end == "server": s.compute_tls13_traffic_secrets() elif s.connection_end == "client": s.compute_tls13_traffic_secrets_end() s.compute_tls13_resumption_secret()
def tls_session_update(self, msg_str): """ Either for parsing or building, we store the server_random along with the raw string representing this handshake message. We also store the session_id, the cipher suite (if recognized), the compression method, and finally we instantiate the pending write and read connection states. Usually they get updated later on in the negotiation when we learn the session keys, and eventually they are committed once a ChangeCipherSpec has been sent/received. """ super(TLSClientHello, self).tls_session_update(msg_str) self.tls_session.tls_version = self.version self.random_bytes = msg_str[10:38] self.tls_session.server_random = (struct.pack('!I', self.gmt_unix_time) + self.random_bytes) self.tls_session.sid = self.sid cs_cls = None if self.cipher: cs_val = self.cipher if cs_val not in _tls_cipher_suites_cls: warning("Unknown cipher suite %d from ServerHello" % cs_val) # we do not try to set a default nor stop the execution else: cs_cls = _tls_cipher_suites_cls[cs_val] comp_cls = Comp_NULL if self.comp: comp_val = self.comp[0] if comp_val not in _tls_compression_algs_cls: err = "Unknown compression alg %d from ServerHello" % comp_val warning(err) comp_val = 0 comp_cls = _tls_compression_algs_cls[comp_val] connection_end = self.tls_session.connection_end self.tls_session.pwcs = writeConnState(ciphersuite=cs_cls, compression_alg=comp_cls, connection_end=connection_end, tls_version=self.version) self.tls_session.prcs = readConnState(ciphersuite=cs_cls, compression_alg=comp_cls, connection_end=connection_end, tls_version=self.version)
def tls_session_update(self, msg_str): """ Either for parsing or building, we store the server_random along with the raw string representing this handshake message. We also store the session_id, the cipher suite (if recognized), the compression method, and finally we instantiate the pending write and read connection states. Usually they get updated later on in the negotiation when we learn the session keys, and eventually they are committed once a ChangeCipherSpec has been sent/received. """ super(TLSClientHello, self).tls_session_update(msg_str) self.tls_session.tls_version = self.version self.random_bytes = msg_str[10:38] self.tls_session.server_random = ( struct.pack('!I', self.gmt_unix_time) + self.random_bytes) self.tls_session.sid = self.sid cs_cls = None if self.cipher: cs_val = self.cipher if cs_val not in _tls_cipher_suites_cls: warning("Unknown cipher suite %d from ServerHello" % cs_val) # we do not try to set a default nor stop the execution else: cs_cls = _tls_cipher_suites_cls[cs_val] comp_cls = Comp_NULL if self.comp: comp_val = self.comp[0] if comp_val not in _tls_compression_algs_cls: err = "Unknown compression alg %d from ServerHello" % comp_val warning(err) comp_val = 0 comp_cls = _tls_compression_algs_cls[comp_val] connection_end = self.tls_session.connection_end self.tls_session.pwcs = writeConnState(ciphersuite=cs_cls, compression_alg=comp_cls, connection_end=connection_end, tls_version=self.version) self.tls_session.prcs = readConnState(ciphersuite=cs_cls, compression_alg=comp_cls, connection_end=connection_end, tls_version=self.version)
def tls_session_update(self, msg_str): """ Either for parsing or building, we store the server_random along with the raw string representing this handshake message. We also store the cipher suite (if recognized), and finally we instantiate the write and read connection states. """ super(TLSClientHello, self).tls_session_update(msg_str) s = self.tls_session s.tls_version = self.version s.server_random = self.random_bytes cs_cls = None if self.cipher: cs_val = self.cipher if cs_val not in _tls_cipher_suites_cls: warning("Unknown cipher suite %d from ServerHello" % cs_val) # we do not try to set a default nor stop the execution else: cs_cls = _tls_cipher_suites_cls[cs_val] connection_end = s.connection_end s.pwcs = writeConnState(ciphersuite=cs_cls, connection_end=connection_end, tls_version=self.version) s.triggered_pwcs_commit = True s.prcs = readConnState(ciphersuite=cs_cls, connection_end=connection_end, tls_version=self.version) s.triggered_prcs_commit = True if self.tls_session.tls13_early_secret is None: # In case the connState was not pre-initialized, we could not # compute the early secrets at the ClientHello, so we do it here. self.tls_session.compute_tls13_early_secrets() s.compute_tls13_handshake_secrets()