示例#1
0
    def send_handshake_finished(
        self, handshake_keys: HandshakeKeys, handshake_hash: bytes
    ):
        hh_payload = HandshakeFinishedHandshakePayload.generate(
            handshake_keys.client_handshake_traffic_secret, handshake_hash
        )
        hh_header = HandshakeHeader(
            HandshakeFinishedHandshakePayload.default_htype(),
            len(hh_payload.verify_data),
        )
        plaintext_payload = b"".join(
            [hh_header.serialize(), hh_payload.verify_data, b"\x16"]
        )

        record_header = RecordHeader(rtype=0x17, size=len(plaintext_payload) + 16)

        encryptor = AES.new(
            handshake_keys.client_key, AES.MODE_GCM, handshake_keys.client_iv
        )
        encryptor.update(record_header.serialize())
        ciphertext_payload = encryptor.encrypt(plaintext_payload)
        tag = encryptor.digest()

        w = Wrapper(record_header=record_header, payload=ciphertext_payload + tag)
        self.socket.send(w.serialize())
示例#2
0
    def send(self, data: bytes):
        send_data = data + b"\x17"
        record_header = RecordHeader(rtype=0x17, size=len(send_data) + 16)
        encryptor = AES.new(
            self.application_keys.client_key,
            AES.MODE_GCM,
            xor_iv(self.application_keys.client_iv, self.application_send_counter),
        )
        encryptor.update(record_header.serialize())
        ciphertext_payload = encryptor.encrypt(send_data)
        tag = encryptor.digest()

        w = Wrapper(record_header=record_header, payload=ciphertext_payload + tag)
        self.socket.send(w.serialize())
        self.application_send_counter += 1
示例#3
0
    def __recv(self, bytes_buffer):
        # print("_recv", bytes_buffer.peek())
        # raise Exception("Need more data!!!")

        wrapper = Wrapper.deserialize(bytes_buffer)
        while wrapper.record_header.size > len(wrapper.payload):
            # print("Wrapper read", wrapper.record_header.size - len(wrapper.payload))
            wrapper.payload += self.socket.recv(
                wrapper.record_header.size - len(wrapper.payload)
            )

        recdata = wrapper.record_header.serialize()
        authtag = wrapper.auth_tag

        ciphertext = wrapper.encrypted_data

        decryptor = AES.new(
            self.application_keys.server_key,
            AES.MODE_GCM,
            xor_iv(self.application_keys.server_iv, self.application_recv_counter),
        )
        decryptor.update(recdata)

        plaintext = decryptor.decrypt(bytes(ciphertext))

        decryptor.verify(authtag)
        self.application_recv_counter += 1

        return plaintext
示例#4
0
        def parse_wrapper(bytes_buffer):
            wrapper = Wrapper.deserialize(bytes_buffer)
            while wrapper.record_header.size > len(wrapper.payload):
                wrapper.payload += self.socket.recv(
                    wrapper.record_header.size - len(wrapper.payload)
                )

            recdata = wrapper.record_header.serialize()
            authtag = wrapper.auth_tag

            ciphertext = wrapper.encrypted_data

            decryptor = AES.new(
                self.handshake_keys.server_key,
                AES.MODE_GCM,
                xor_iv(self.handshake_keys.server_iv, self.handshake_recv_counter),
            )
            decryptor.update(recdata)

            plaintext = decryptor.decrypt(bytes(ciphertext))
            self.handshake_recv_counter += 1

            decryptor.verify(authtag)
            return plaintext[:-1]
示例#5
0
    def resume(self) -> None:
        if self.application_keys is None:
            raise Exception("Can't Resume TLS1.3 Session")

        session_ticket = self.session_tickets[0]

        print("keys", self.application_keys)
        resumption_master_secret = self.application_keys.resumption_master_secret(
            hashlib.sha256(self.hello_hash_bytes).digest())
        print("resumption_master_secret", hexlify(resumption_master_secret))
        self.resumption_keys = self.key_pair.derive_early_keys(
            session_ticket.psk(resumption_master_secret), b"")
        print("binder_key", hexlify(self.resumption_keys.binder_key))

        finished_key = HKDF_Expand_Label(
            key=self.resumption_keys.binder_key,
            label="finished",
            context=b"",
            length=32,
        )
        verify_data = hmac.new(finished_key, msg=b"",
                               digestmod=hashlib.sha256).digest()
        psk_binders = verify_data
        print("finished_key", hexlify(finished_key))

        offset = len(ExtensionPreSharedKey.serialize_binders(psk_binders))

        pre_share_key_ext = ExtensionPreSharedKey(
            identity=session_ticket.session_ticket,
            obfuscated_ticket_age=session_ticket.obfuscated_ticket_age,
            binders=psk_binders)

        ch = ClientHello(self.host, self.key_pair.public)
        # ch.extensions = [ex for ex in ch.extensions if type(ex) is not ExtensionServerName]
        ch.add_extension(ExtensionEarlyData())
        ch.add_extension(pre_share_key_ext)

        ch_bytes = ch.serialize()
        my_hello_hash = hashlib.sha256(ch_bytes[5:-offset]).digest()
        print("my_hash", hexlify(my_hello_hash))
        print("my_hash_offset", hexlify(ch_bytes[5:-offset]))

        finished_key = HKDF_Expand_Label(
            key=self.resumption_keys.binder_key,
            label="finished",
            context=b"",
            length=32,
        )
        verify_data = hmac.new(finished_key,
                               msg=my_hello_hash,
                               digestmod=hashlib.sha256).digest()
        print("finished_key", hexlify(finished_key))
        psk_binders = verify_data

        print("psk_binders", hexlify(psk_binders))

        final_hash = hashlib.sha256(ch_bytes[5:]).digest()
        print("final_hash", hexlify(final_hash))
        self.resumption_keys = self.key_pair.derive_early_keys(
            session_ticket.psk(resumption_master_secret), final_hash)
        pre_share_key_ext = ExtensionPreSharedKey(
            identity=session_ticket.session_ticket,
            obfuscated_ticket_age=session_ticket.obfuscated_ticket_age,
            binders=psk_binders)

        ch.extensions = [
            ex for ex in ch.extensions if type(ex) is not ExtensionPreSharedKey
        ]
        # ch.extensions = [ex for ex in ch.extensions if type(ex) is not ExtensionServerName]
        ch.add_extension(pre_share_key_ext)

        ch_bytes_final = ch.serialize()
        # print(len(ch_bytes_final), ch_bytes_final)

        final_hash = hashlib.sha256(ch_bytes_final[5:]).digest()
        print("final_hash", hexlify(final_hash))
        self.resumption_keys = self.key_pair.derive_early_keys(
            session_ticket.psk(resumption_master_secret), final_hash)

        self.socket = socket()
        self.socket.connect((self.host, self.port))

        data = f"HEAD /img.jpg HTTP/1.1\r\nHost: {self.host.decode()}\r\nUser-Agent: curl/7.54.0\r\nAccept: */*\r\n\r\n".encode(
        )
        send_data = data + b"\x17"
        record_header = RecordHeader(rtype=0x17, size=len(send_data) + 16)
        print("client_early_traffic_secret",
              hexlify(self.resumption_keys.client_early_traffic_secret))
        print("client_early_key",
              hexlify(self.resumption_keys.client_early_key))
        print("client_early_iv", hexlify(self.resumption_keys.client_early_iv))
        encryptor = AES.new(
            self.resumption_keys.client_early_key,
            AES.MODE_GCM,
            xor_iv(self.resumption_keys.client_early_iv, 0),
        )
        encryptor.update(record_header.serialize())
        ciphertext_payload = encryptor.encrypt(send_data)
        tag = encryptor.digest()

        w = Wrapper(record_header=record_header,
                    payload=ciphertext_payload + tag)
        self.socket.send(ch_bytes_final + bytes.fromhex("140303000101") +
                         w.serialize())

        print("res", self.socket.recv(4096))
        print("res", self.socket.recv(4096))