示例#1
0
 def tls13_should_add_ClientHello_Retry(self):
     s = self.cur_session
     s.tls13_retry = True
     # we have to use the legacy, plaintext TLS record here
     self.add_record(is_tls13=False)
     # We retrieve the group to be used and the selected version from the
     # previous message
     hrr = s.handshake_messages_parsed[-1]
     if isinstance(hrr, TLS13HelloRetryRequest):
         pass
     ciphersuite = hrr.cipher
     if hrr.ext:
         for e in hrr.ext:
             if isinstance(e, TLS_Ext_KeyShare_HRR):
                 selected_group = e.selected_group
             if isinstance(e, TLS_Ext_SupportedVersion_SH):
                 selected_version = e.version
     if not selected_group or not selected_version:
         raise self.CLOSE_NOTIFY()
     ext = [
         TLS_Ext_SupportedVersion_CH(
             versions=[_tls_version[selected_version]]),  # noqa: E501
         TLS_Ext_SupportedGroups(
             groups=[_tls_named_groups[selected_group]]),  # noqa: E501
         TLS_Ext_KeyShare_CH(
             client_shares=[KeyShareEntry(
                 group=selected_group)]),  # noqa: E501
         TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss"])
     ]
     p = TLS13ClientHello(ciphers=ciphersuite, ext=ext)
     self.add_msg(p)
     raise self.TLS13_ADDED_CLIENTHELLO()
示例#2
0
 def tls13_should_add_ClientHello(self):
     # we have to use the legacy, plaintext TLS record here
     supported_groups = ["secp256r1", "secp384r1"]
     if conf.crypto_valid_advanced:
         supported_groups.append("x25519")
     self.add_record(is_tls13=False)
     ext = [
         TLS_Ext_SupportedVersion_CH(versions=["TLS 1.3"]),
         TLS_Ext_SupportedGroups(groups=supported_groups),
         TLS_Ext_KeyShare_CH(
             client_shares=[KeyShareEntry(group=self.curve)]),  # noqa: E501
         TLS_Ext_SignatureAlgorithms(
             sig_algs=["sha256+rsaepss", "sha256+rsa"])
     ]
     if self.client_hello:
         if not self.client_hello.ext:
             self.client_hello.ext = ext
         p = self.client_hello
     else:
         if self.ciphersuite is None:
             c = 0x1301
         else:
             c = self.ciphersuite
         p = TLS13ClientHello(ciphers=c, ext=ext)
     self.add_msg(p)
     raise self.TLS13_ADDED_CLIENTHELLO()
示例#3
0
 def should_add_ClientHello(self):
     if self.client_hello:
         p = self.client_hello
     else:
         p = TLSClientHello()
     # Add TLS_Ext_SignatureAlgorithms for TLS 1.2 ClientHello
     if self.cur_session.advertised_tls_version == 0x0303:
         p.ext = TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsa"])
     self.add_msg(p)
     raise self.ADDED_CLIENTHELLO()
示例#4
0
    def tls13_should_add_ClientHello_Retry(self):
        s = self.cur_session
        s.tls13_retry = True
        # we have to use the legacy, plaintext TLS record here
        self.add_record(is_tls13=False)
        # We retrieve the group to be used and the selected version from the
        # previous message
        hrr = s.handshake_messages_parsed[-1]
        if isinstance(hrr, TLS13HelloRetryRequest):
            pass
        ciphersuite = hrr.cipher
        if hrr.ext:
            for e in hrr.ext:
                if isinstance(e, TLS_Ext_KeyShare_HRR):
                    selected_group = e.selected_group
                if isinstance(e, TLS_Ext_SupportedVersion_SH):
                    selected_version = e.version
        if not selected_group or not selected_version:
            raise self.CLOSE_NOTIFY()

        ext = []
        ext += TLS_Ext_SupportedVersion_CH(
            versions=[_tls_version[selected_version]])  # noqa: E501

        if s.tls13_psk_secret:
            if self.tls13_psk_mode == "psk_dhe_ke":
                ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke"),
                ext += TLS_Ext_SupportedGroups(
                    groups=[_tls_named_groups[selected_group]])  # noqa: E501
                ext += TLS_Ext_KeyShare_CH(client_shares=[
                    KeyShareEntry(group=selected_group)
                ])  # noqa: E501
            else:
                ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke")

            hkdf = TLS13_HKDF("sha256")
            hash_len = hkdf.hash.digest_size
            psk_id = PSKIdentity(identity='Client_identity')
            psk_binder_entry = PSKBinderEntry(binder_len=hash_len,
                                              binder=b"\x00" * hash_len)

            ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id],
                                           binders=[psk_binder_entry])

        else:
            ext += TLS_Ext_SupportedGroups(
                groups=[_tls_named_groups[selected_group]])  # noqa: E501
            ext += TLS_Ext_KeyShare_CH(client_shares=[
                KeyShareEntry(group=selected_group)
            ])  # noqa: E501
            ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss"])

        p = TLS13ClientHello(ciphers=ciphersuite, ext=ext)
        self.add_msg(p)
        raise self.TLS13_ADDED_CLIENTHELLO()
示例#5
0
    def tls13_should_add_ClientHello(self):
        # we have to use the legacy, plaintext TLS record here
        supported_groups = ["secp256r1", "secp384r1"]
        if conf.crypto_valid_advanced:
            supported_groups.append("x25519")
        self.add_record(is_tls13=False)
        if self.client_hello:
            p = self.client_hello
        else:
            if self.ciphersuite is None:
                c = 0x1301
            else:
                c = self.ciphersuite
            p = TLS13ClientHello(ciphers=c)

        ext = []
        ext += TLS_Ext_SupportedVersion_CH(versions=["TLS 1.3"])

        if self.cur_session.tls13_psk_secret:
            if self.tls13_psk_mode == "psk_dhe_ke":
                ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke")
                ext += TLS_Ext_SupportedGroups(groups=supported_groups)
                ext += TLS_Ext_KeyShare_CH(
                    client_shares=[KeyShareEntry(group=self.curve)])
            else:
                ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke")
            # RFC844, section 4.2.11.
            # "The "pre_shared_key" extension MUST be the last extension
            # in the ClientHello "
            hkdf = TLS13_HKDF("sha256")
            hash_len = hkdf.hash.digest_size
            psk_id = PSKIdentity(identity='Client_identity')
            # XXX see how to not pass binder as argument
            psk_binder_entry = PSKBinderEntry(binder_len=hash_len,
                                              binder=b"\x00" * hash_len)

            ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id],
                                           binders=[psk_binder_entry])
        else:
            ext += TLS_Ext_SupportedGroups(groups=supported_groups)
            ext += TLS_Ext_KeyShare_CH(
                client_shares=[KeyShareEntry(group=self.curve)])
            ext += TLS_Ext_SignatureAlgorithms(
                sig_algs=["sha256+rsaepss", "sha256+rsa"])
        p.ext = ext
        self.add_msg(p)
        raise self.TLS13_ADDED_CLIENTHELLO()
示例#6
0
 def tls13_should_add_ClientHello(self):
     # we have to use the legacy, plaintext TLS record here
     self.add_record(is_tls13=False)
     if self.client_hello:
         p = self.client_hello
     else:
         # When trying to connect to a public TLS 1.3 server,
         # you will most likely need to provide an SNI extension.
         # sn = ServerName(servername="<put server name here>")
         ext = [TLS_Ext_SupportedGroups(groups=["secp256r1"]),
                # TLS_Ext_ServerName(servernames=[sn]),
                TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group=23)]),  # noqa: E501
                TLS_Ext_SupportedVersions(versions=["TLS 1.3-d18"]),
                TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsapss",
                                                      "sha256+rsa"])]
         p = TLSClientHello(ciphers=0x1301, ext=ext)
     self.add_msg(p)
     raise self.TLS13_ADDED_CLIENTHELLO()
示例#7
0
async def get_sros_certificate(address, port, timeout=3):
    """
    Function to connect to a SROS Node, simulate the TLS handshake, and get it's server certificate on the process.
    :param address: Address of the node.
    :param port: Port of the node.
    :param timeout: Timeout for the connection.
    :return: A tuple containing the address, port and certificate if found, otherwise,
    a tuple containing address, port and None.
    """
    client_hello = TLS(
        version='TLS 1.0',
        msg=TLSClientHello(
            ciphers=[
                49200, 49196, 49202, 49198, 49199, 49195, 49201, 49197, 165,
                163, 161, 159, 164, 162, 160, 158, 49192, 49188, 49172, 49162,
                49194, 49190, 49167, 49157, 107, 106, 105, 104,
                57, 56, 55, 54, 49191, 49187, 49171, 49161, 49193, 49189,
                49166, 49156, 103, 64, 63, 62, 51, 50, 49, 48, 136, 135, 134,
                133, 69, 68, 67, 66, 49170, 49160, 49165, 49155,
                22, 19, 16, 13, 157, 156, 61, 53, 60, 47, 132, 65, 10, 255
            ],
            comp=[0],
            gmt_unix_time=12345566,
            ext=[
                TLS_Ext_SupportedGroups(
                    groups=[23, 25, 28, 27, 24, 26, 22, 14, 13, 11, 12, 9, 10
                            ]),
                TLS_Ext_SupportedPointFormat(ecpl=[0, 1, 2]),
                TLS_Ext_SignatureAlgorithms(sig_algs=[
                    1537, 1538, 1539, 1281, 1282, 1283, 1025, 1026, 1027, 769,
                    770, 771, 513, 514, 515
                ]),
                TLS_Ext_Heartbeat(heartbeat_mode=1),
                TLS_Ext_Padding(padding=212 * b'\x00')
            ]))

    tls_header = b'\x16\x03\x03'
    server_hello_done = b'\x0e\x00\x00\x00'
    received_data = b''
    is_sros = True
    writer = None
    try:
        conn = asyncio.open_connection(str(address),
                                       port,
                                       loop=asyncio.get_event_loop())
        reader, writer = await asyncio.wait_for(conn, timeout=timeout)
        writer.write(bytes(client_hello))
        await writer.drain()
        while received_data[-4:] != server_hello_done:
            received_data += await asyncio.wait_for(reader.read(1024),
                                                    timeout=3)
            if received_data[:3] != tls_header:
                is_sros = False
                break
    except Exception as e:
        logger.error('[-] Error connecting to host ' + str(address) + ': ' +
                     str(e) + '\n\tNot a SROS host')
        return address, port, None
    else:
        if is_sros:
            server_hello = TLS(received_data)
            cert = server_hello.payload.msg[0].certs[0][1]
            logger.warning('[+] SROS host found!!!')
            return address, port, cert
    finally:
        if writer:
            writer.close()
            await writer.wait_closed()
    return address, port, None
示例#8
0
    def tls13_should_add_ClientHello(self):
        # we have to use the legacy, plaintext TLS record here
        supported_groups = ["secp256r1", "secp384r1"]
        if conf.crypto_valid_advanced:
            supported_groups.append("x25519")
        self.add_record(is_tls13=False)
        if self.client_hello:
            p = self.client_hello
        else:
            if self.ciphersuite is None:
                c = 0x1301
            else:
                c = self.ciphersuite
            p = TLS13ClientHello(ciphers=c)

        ext = []
        ext += TLS_Ext_SupportedVersion_CH(versions=["TLS 1.3"])

        s = self.cur_session

        if s.tls13_psk_secret:
            # Check if DHE is need (both for out of band and resumption PSK)
            if self.tls13_psk_mode == "psk_dhe_ke":
                ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke")
                ext += TLS_Ext_SupportedGroups(groups=supported_groups)
                ext += TLS_Ext_KeyShare_CH(
                    client_shares=[KeyShareEntry(group=self.curve)])
            else:
                ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke")

            # RFC844, section 4.2.11.
            # "The "pre_shared_key" extension MUST be the last extension
            # in the ClientHello "
            # Compute the pre_shared_key extension for resumption PSK
            if s.client_session_ticket:
                cs_cls = _tls_cipher_suites_cls[
                    s.tls13_ticket_ciphersuite]  # noqa: E501
                hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower())
                hash_len = hkdf.hash.digest_size
                # We compute the client's view of the age of the ticket (ie
                # the time since the receipt of the ticket) in ms
                agems = int((time.time() - s.client_ticket_age) * 1000)
                # Then we compute the obfuscated version of the ticket age
                # by adding the "ticket_age_add" value included in the
                # ticket (modulo 2^32)
                obfuscated_age = ((agems + s.client_session_ticket_age_add)
                                  & 0xffffffff)

                psk_id = PSKIdentity(identity=s.client_session_ticket,
                                     obfuscated_ticket_age=obfuscated_age)

                psk_binder_entry = PSKBinderEntry(binder_len=hash_len,
                                                  binder=b"\x00" * hash_len)

                ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id],
                                               binders=[psk_binder_entry])
            else:
                # Compute the pre_shared_key extension for out of band PSK
                # (SHA256 is used as default hash function for HKDF for out
                # of band PSK)
                hkdf = TLS13_HKDF("sha256")
                hash_len = hkdf.hash.digest_size
                psk_id = PSKIdentity(identity='Client_identity')
                # XXX see how to not pass binder as argument
                psk_binder_entry = PSKBinderEntry(binder_len=hash_len,
                                                  binder=b"\x00" * hash_len)

                ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id],
                                               binders=[psk_binder_entry])
        else:
            ext += TLS_Ext_SupportedGroups(groups=supported_groups)
            ext += TLS_Ext_KeyShare_CH(
                client_shares=[KeyShareEntry(group=self.curve)])
            ext += TLS_Ext_SignatureAlgorithms(
                sig_algs=["sha256+rsaepss", "sha256+rsa"])
        p.ext = ext
        self.add_msg(p)
        raise self.TLS13_ADDED_CLIENTHELLO()
示例#9
0
    def tls13_should_add_ClientHello_Retry(self):
        s = self.cur_session
        s.tls13_retry = True
        # we have to use the legacy, plaintext TLS record here
        self.add_record(is_tls13=False)
        # We retrieve the group to be used and the selected version from the
        # previous message
        hrr = s.handshake_messages_parsed[-1]
        if isinstance(hrr, TLS13HelloRetryRequest):
            pass
        ciphersuite = hrr.cipher
        if hrr.ext:
            for e in hrr.ext:
                if isinstance(e, TLS_Ext_KeyShare_HRR):
                    selected_group = e.selected_group
                if isinstance(e, TLS_Ext_SupportedVersion_SH):
                    selected_version = e.version
        if not selected_group or not selected_version:
            raise self.CLOSE_NOTIFY()

        ext = []
        ext += TLS_Ext_SupportedVersion_CH(
            versions=[_tls_version[selected_version]])  # noqa: E501

        if s.tls13_psk_secret:
            if self.tls13_psk_mode == "psk_dhe_ke":
                ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke"),
                ext += TLS_Ext_SupportedGroups(
                    groups=[_tls_named_groups[selected_group]])  # noqa: E501
                ext += TLS_Ext_KeyShare_CH(client_shares=[
                    KeyShareEntry(group=selected_group)
                ])  # noqa: E501
            else:
                ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke")

            if s.client_session_ticket:

                # XXX Retrieve parameters from first ClientHello...
                cs_cls = _tls_cipher_suites_cls[s.tls13_ticket_ciphersuite]
                hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower())
                hash_len = hkdf.hash.digest_size

                # We compute the client's view of the age of the ticket (ie
                # the time since the receipt of the ticket) in ms
                agems = int((time.time() - s.client_ticket_age) * 1000)

                # Then we compute the obfuscated version of the ticket age by
                # adding the "ticket_age_add" value included in the ticket
                # (modulo 2^32)
                obfuscated_age = ((agems + s.client_session_ticket_age_add)
                                  & 0xffffffff)

                psk_id = PSKIdentity(identity=s.client_session_ticket,
                                     obfuscated_ticket_age=obfuscated_age)

                psk_binder_entry = PSKBinderEntry(binder_len=hash_len,
                                                  binder=b"\x00" * hash_len)

                ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id],
                                               binders=[psk_binder_entry])
            else:
                hkdf = TLS13_HKDF("sha256")
                hash_len = hkdf.hash.digest_size
                psk_id = PSKIdentity(identity='Client_identity')
                psk_binder_entry = PSKBinderEntry(binder_len=hash_len,
                                                  binder=b"\x00" * hash_len)

                ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id],
                                               binders=[psk_binder_entry])

        else:
            ext += TLS_Ext_SupportedGroups(
                groups=[_tls_named_groups[selected_group]])  # noqa: E501
            ext += TLS_Ext_KeyShare_CH(client_shares=[
                KeyShareEntry(group=selected_group)
            ])  # noqa: E501
            ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss"])

        p = TLS13ClientHello(ciphers=ciphersuite, ext=ext)
        self.add_msg(p)
        raise self.TLS13_ADDED_CLIENTHELLO()
示例#10
0
 def tls13_should_add_CertificateRequest(self):
     if self.client_auth:
         ext = [TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss"])]
         p = TLS13CertificateRequest(ext=ext)
         self.add_msg(p)
     raise self.tls13_ADDED_CERTIFICATEREQUEST()