def sslv2_should_add_RequestCertificate(self): hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] if not self.client_auth or SSLv2RequestCertificate in hs_msg: return self.add_record(is_sslv2=True) self.add_msg(SSLv2RequestCertificate(challenge=randstring(16))) raise self.SSLv2_ADDED_REQUESTCERTIFICATE()
def sslv2_should_add_ServerHello(self): self.add_record(is_sslv2=True) cert = self.mycert ciphers = [0x010080, 0x020080, 0x030080, 0x040080, 0x050080, 0x060040, 0x0700C0] connection_id = randstring(16) p = SSLv2ServerHello(cert=cert, ciphers=ciphers, connection_id=connection_id) self.add_msg(p) raise self.SSLv2_ADDED_SERVERHELLO()
def sslv2_should_add_ClientHello(self): self.add_record(is_sslv2=True) p = self.client_hello or SSLv2ClientHello(challenge=randstring(16)) self.add_msg(p) raise self.SSLv2_ADDED_CLIENTHELLO()
def post_build(self, pkt, pay): """ Apply the previous methods according to the writing cipher type. """ # Compute the length of TLSPlaintext fragment hdr, frag = pkt[:5], pkt[5:] tmp_len = len(frag) hdr = hdr[:3] + struct.pack("!H", tmp_len) # Compression cfrag = self._tls_compress(frag) tmp_len = len(cfrag) # Update the length as a result of compression hdr = hdr[:3] + struct.pack("!H", tmp_len) cipher_type = self.tls_session.wcs.cipher.type if cipher_type == 'block': # Integrity mfrag = self._tls_hmac_add(hdr, cfrag) # Excerpt below better corresponds to TLS 1.1 IV definition, # but the result is the same as with TLS 1.2 anyway. # if self.version >= 0x0302: # l = self.tls_session.wcs.cipher.block_size # iv = randstring(l) # mfrag = iv + mfrag # Add padding pfrag = self._tls_pad(mfrag) # Encryption if self.version >= 0x0302: # Explicit IV for TLS 1.1 and 1.2 tmp_len = self.tls_session.wcs.cipher.block_size iv = randstring(tmp_len) self.tls_session.wcs.cipher.iv = iv efrag = self._tls_encrypt(pfrag) efrag = iv + efrag else: # Implicit IV for SSLv3 and TLS 1.0 efrag = self._tls_encrypt(pfrag) elif cipher_type == "stream": # Integrity mfrag = self._tls_hmac_add(hdr, cfrag) # Encryption efrag = self._tls_encrypt(mfrag) elif cipher_type == "aead": # Authenticated encryption (with nonce_explicit as header) efrag = self._tls_auth_encrypt(cfrag) if self.len is not None: # The user gave us a 'len', let's respect this ultimately hdr = hdr[:3] + struct.pack("!H", self.len) else: # Update header with the length of TLSCiphertext.fragment hdr = hdr[:3] + struct.pack("!H", len(efrag)) # Now we commit the pending write state if it has been triggered (e.g. # by an underlying TLSChangeCipherSpec or a SSLv2ClientMasterKey). We # update nothing if the pwcs was not set. This probably means that # we're working out-of-context (and we need to keep the default wcs). if self.tls_session.triggered_pwcs_commit: if self.tls_session.pwcs is not None: self.tls_session.wcs = self.tls_session.pwcs self.tls_session.pwcs = None self.tls_session.triggered_pwcs_commit = False return hdr + efrag + pay
def post_build(self, pkt, pay): cs_val = None if self.cipher is None: common_cs = self.tls_session.sslv2_common_cs cs_vals = get_usable_ciphersuites(common_cs, "SSLv2") if len(cs_vals) == 0: warning("No known common cipher suite between SSLv2 Hellos.") cs_val = 0x0700c0 cipher = b"\x07\x00\xc0" else: cs_val = cs_vals[0] # XXX choose the best one cipher = struct.pack(">BH", cs_val >> 16, cs_val & 0x00ffff) cs_cls = _tls_cipher_suites_cls[cs_val] self.cipher = cs_val else: cipher = pkt[1:4] cs_val = struct.unpack("!I", b"\x00" + cipher)[0] if cs_val not in _tls_cipher_suites_cls: warning("Unknown ciphersuite %d from ClientMasterKey" % cs_val) cs_cls = None else: cs_cls = _tls_cipher_suites_cls[cs_val] if cs_cls: if (self.encryptedkey == b"" and len(self.tls_session.server_certs) > 0): # else, the user is responsible for export slicing & encryption key = randstring(cs_cls.cipher_alg.key_len) if self.clearkey == b"" and cs_cls.kx_alg.export: self.clearkey = key[:-5] if self.decryptedkey == b"": if cs_cls.kx_alg.export: self.decryptedkey = key[-5:] else: self.decryptedkey = key pubkey = self.tls_session.server_certs[0].pubKey self.encryptedkey = pubkey.encrypt(self.decryptedkey) if self.keyarg == b"" and cs_cls.cipher_alg.type == "block": self.keyarg = randstring(cs_cls.cipher_alg.block_size) clearkey = self.clearkey or b"" if self.clearkeylen is None: self.clearkeylen = len(clearkey) clearkeylen = struct.pack("!H", self.clearkeylen) encryptedkey = self.encryptedkey or b"" if self.encryptedkeylen is None: self.encryptedkeylen = len(encryptedkey) encryptedkeylen = struct.pack("!H", self.encryptedkeylen) keyarg = self.keyarg or b"" if self.keyarglen is None: self.keyarglen = len(keyarg) keyarglen = struct.pack("!H", self.keyarglen) s = (chb(pkt[0]) + cipher + clearkeylen + encryptedkeylen + keyarglen + clearkey + encryptedkey + keyarg) return s + pay
def sslv2_should_add_ServerFinished(self): self.add_record(is_sslv2=True) self.add_msg(SSLv2ServerFinished(sid=randstring(16))) raise self.SSLv2_ADDED_SERVERFINISHED()