diff options
| author | gpotter2 <gabriel@potter.fr> | 2018-01-16 20:33:53 +0100 |
|---|---|---|
| committer | gpotter2 <gabriel@potter.fr> | 2018-01-16 21:20:30 +0100 |
| commit | 5ae2a6b24e885a071c52c317e988ae041b60e114 (patch) | |
| tree | 67f31381e8c25393ac211a14d355c7109834e93c | |
| parent | 343303a435e9c49503cc8655001bddd5f736ebaa (diff) | |
| download | scapy-5ae2a6b24e885a071c52c317e988ae041b60e114.tar.gz | |
Fix TLS SSLv2&3 netaccess tests
| -rw-r--r-- | scapy/layers/tls/automaton.py | 1 | ||||
| -rw-r--r-- | scapy/layers/tls/cert.py | 5 | ||||
| -rw-r--r-- | scapy/layers/tls/crypto/cipher_block.py | 4 | ||||
| -rw-r--r-- | scapy/layers/tls/keyexchange.py | 60 | ||||
| -rw-r--r-- | scapy/layers/tls/keyexchange_tls13.py | 2 | ||||
| -rw-r--r-- | scapy/layers/tls/record.py | 4 | ||||
| -rw-r--r-- | test/tls/tests_tls_netaccess.uts | 2 |
7 files changed, 38 insertions, 40 deletions
diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py index c9f2329d..886b1b2f 100644 --- a/scapy/layers/tls/automaton.py +++ b/scapy/layers/tls/automaton.py @@ -130,6 +130,7 @@ class _TLSAutomaton(Automaton): else: self.remain_in += tmp except: + self.vprint("Could not join host ! Retrying...") retry -= 1 if len(self.remain_in) < 2 or len(self.remain_in) != grablen: diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 735e63a0..b2abec6f 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -279,9 +279,9 @@ class PubKeyRSA(PubKey, _EncryptAndVerifyRSA): def import_from_tuple(self, tup): # this is rarely used e, m, mLen = tup - if isinstance(m, str): + if isinstance(m, (str, bytes)): m = pkcs_os2ip(m) - if isinstance(e, str): + if isinstance(e, (str, bytes)): e = pkcs_os2ip(e) self.fill_and_store(modulus=m, pubExp=e) self.pem = self.pubkey.public_bytes( @@ -512,7 +512,6 @@ class PrivKeyECDSA(PrivKey): @crypto_validator def import_from_asn1pkt(self, privkey): - print(privkey) self.key = serialization.load_der_private_key(raw(privkey), None, backend=default_backend()) self.pubkey = self.key.public_key() diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index bd2b04f0..9fd2a5ae 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -44,14 +44,14 @@ class _BlockCipher(six.with_metaclass(_BlockCipherMetaclass, object)): def __init__(self, key=None, iv=None): self.ready = {"key": True, "iv": True} - if key is None: + if not key: self.ready["key"] = False if hasattr(self, "expanded_key_len"): l = self.expanded_key_len else: l = self.key_len key = b"\0" * l - if iv is None or iv == "": + if not iv: self.ready["iv"] = False iv = b"\0" * self.block_size diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 386a9bb2..11dcbc04 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -163,7 +163,7 @@ class _TLSSignature(_GenericTLSSessionInheritance): Note that, even when 'sig_alg' is not None, we use the signature scheme of the PrivKey (neither do we care to compare the both of them). """ - if self.sig_alg is None: + if not self.sig_alg: if self.tls_session.tls_version >= 0x0300: self.sig_val = key.sign(m, t='pkcs', h='md5-sha1') else: @@ -219,7 +219,7 @@ class _TLSSignatureField(PacketField): i = self.m2i(pkt, s) if i is None: return s, None - remain = "" + remain = b"" if conf.padding_layer in i: r = i[conf.padding_layer] del(r.underlayer.payload) @@ -248,7 +248,7 @@ class _TLSServerParamsField(PacketField): l = self.length_from(pkt) if s.prcs: cls = s.prcs.key_exchange.server_kx_msg_cls(m) - if cls is None: + if not cls: return None, Raw(m[:l])/Padding(m[l:]) return cls(m, tls_session=s) else: @@ -307,27 +307,27 @@ class ServerDHParams(_GenericTLSSessionInheritance): default_params = _ffdh_groups['modp2048'][0].parameter_numbers() default_mLen = _ffdh_groups['modp2048'][1] - if self.dh_p is "": + if not self.dh_p: self.dh_p = pkcs_i2osp(default_params.p, default_mLen/8) - if self.dh_plen is None: + if not self.dh_plen: self.dh_plen = len(self.dh_p) - if self.dh_g is "": + if not self.dh_g: self.dh_g = pkcs_i2osp(default_params.g, 1) - if self.dh_glen is None: + if not self.dh_glen: self.dh_glen = 1 p = pkcs_os2ip(self.dh_p) g = pkcs_os2ip(self.dh_g) real_params = dh.DHParameterNumbers(p, g).parameters(default_backend()) - if self.dh_Ys is "": + if not self.dh_Ys: s.server_kx_privkey = real_params.generate_private_key() pubkey = s.server_kx_privkey.public_key() y = pubkey.public_numbers().y self.dh_Ys = pkcs_i2osp(y, pubkey.key_size/8) # else, we assume that the user wrote the server_kx_privkey by himself - if self.dh_Yslen is None: + if not self.dh_Yslen: self.dh_Yslen = len(self.dh_Ys) if not s.client_kx_ffdh_params: @@ -479,7 +479,7 @@ class ServerECDHExplicitPrimeParams(_GenericTLSSessionInheritance): Note that if it is not set by the user, the cofactor will always be 1. It is true for most, but not all, TLS elliptic curves. """ - if self.curve_type is None: + if not self.curve_type: self.curve_type = _tls_ec_curve_types["explicit_prime"] def guess_payload_class(self, p): @@ -511,7 +511,7 @@ class ServerECDHExplicitChar2Params(_GenericTLSSessionInheritance): length_from = lambda pkt: pkt.pointlen) ] def fill_missing(self): - if self.curve_type is None: + if not self.curve_type: self.curve_type = _tls_ec_curve_types["explicit_char2"] def guess_payload_class(self, p): @@ -538,10 +538,10 @@ class ServerECDHNamedCurveParams(_GenericTLSSessionInheritance): """ s = self.tls_session - if self.curve_type is None: + if not self.curve_type: self.curve_type = _tls_ec_curve_types["named_curve"] - if self.named_curve is None: + if not self.named_curve: curve = ec.SECP256R1() s.server_kx_privkey = ec.generate_private_key(curve, default_backend()) @@ -553,12 +553,12 @@ class ServerECDHNamedCurveParams(_GenericTLSSessionInheritance): self.named_curve = curve_id else: curve_name = _tls_named_curves.get(self.named_curve) - if curve_name is None: + if not curve_name: # this fallback is arguable curve = ec.SECP256R1() else: curve_cls = ec._CURVE_TYPES.get(curve_name) - if curve_cls is None: + if not curve_cls: # this fallback is arguable curve = ec.SECP256R1() else: @@ -566,11 +566,11 @@ class ServerECDHNamedCurveParams(_GenericTLSSessionInheritance): s.server_kx_privkey = ec.generate_private_key(curve, default_backend()) - if self.point is None: + if not self.point: pubkey = s.server_kx_privkey.public_key() self.point = pubkey.public_numbers().encode_point() # else, we assume that the user wrote the server_kx_privkey by himself - if self.pointlen is None: + if not self.pointlen: self.pointlen = len(self.point) if not s.client_kx_ecdh_params: @@ -642,15 +642,15 @@ class ServerRSAParams(_GenericTLSSessionInheritance): self.tls_session.server_tmp_rsa_key = k pubNum = k.pubkey.public_numbers() - if self.rsamod is "": + if not self.rsamod: self.rsamod = pkcs_i2osp(pubNum.n, k.pubkey.key_size/8) - if self.rsamodlen is None: + if not self.rsamodlen: self.rsamodlen = len(self.rsamod) rsaexplen = math.ceil(math.log(pubNum.e)/math.log(2)/8.) - if self.rsaexp is "": + if not self.rsaexp: self.rsaexp = pkcs_i2osp(pubNum.e, rsaexplen) - if self.rsaexplen is None: + if not self.rsaexplen: self.rsaexplen = len(self.rsaexp) @crypto_validator @@ -730,12 +730,12 @@ class ClientDiffieHellmanPublic(_GenericTLSSessionInheritance): s.compute_ms_and_derive_keys() def post_build(self, pkt, pay): - if self.dh_Yc == "": + if not self.dh_Yc: try: self.fill_missing() except ImportError: pass - if self.dh_Yclen is None: + if not self.dh_Yclen: self.dh_Yclen = len(self.dh_Yc) return pkcs_i2osp(self.dh_Yclen, 2) + self.dh_Yc + pay @@ -791,12 +791,12 @@ class ClientECDiffieHellmanPublic(_GenericTLSSessionInheritance): s.compute_ms_and_derive_keys() def post_build(self, pkt, pay): - if self.ecdh_Yc == "": + if not self.ecdh_Yc: try: self.fill_missing() except ImportError: pass - if self.ecdh_Yclen is None: + if not self.ecdh_Yclen: self.ecdh_Yclen = len(self.ecdh_Yc) return pkcs_i2osp(self.ecdh_Yclen, 1) + self.ecdh_Yc + pay @@ -841,7 +841,7 @@ class EncryptedPreMasterSecret(_GenericTLSSessionInheritance): def dispatch_hook(cls, _pkt=None, *args, **kargs): if 'tls_session' in kargs: s = kargs['tls_session'] - if s.server_tmp_rsa_key is None and s.server_rsa_key is None: + if not s.server_tmp_rsa_key and not s.server_rsa_key: return _UnEncryptedPreMasterSecret return EncryptedPreMasterSecret @@ -857,11 +857,11 @@ class EncryptedPreMasterSecret(_GenericTLSSessionInheritance): warning(err) else: tbd = m[2:] - if s.server_tmp_rsa_key is not None: + if s.server_tmp_rsa_key: # priority is given to the tmp_key, if there is one decrypted = s.server_tmp_rsa_key.decrypt(tbd) pms = decrypted[-48:] - elif s.server_rsa_key is not None: + elif s.server_rsa_key: decrypted = s.server_rsa_key.decrypt(tbd) pms = decrypted[-48:] else: @@ -888,9 +888,9 @@ class EncryptedPreMasterSecret(_GenericTLSSessionInheritance): s.pre_master_secret = enc s.compute_ms_and_derive_keys() - if s.server_tmp_rsa_key is not None: + if s.server_tmp_rsa_key: enc = s.server_tmp_rsa_key.encrypt(pkt, t="pkcs") - elif s.server_certs is not None and len(s.server_certs) > 0: + elif s.server_certs and len(s.server_certs) > 0: enc = s.server_certs[0].encrypt(pkt, t="pkcs") else: warning("No material to encrypt Pre Master Secret") diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index 2bbdc51a..09af443b 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -84,7 +84,7 @@ class KeyShareEntry(Packet): if self.group is None: self.group = 23 # secp256r1 - if self.key_exchange == "": + if not self.key_exchange: try: self.create_privkey() except ImportError: diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index 55a3c089..aa44d9d4 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -99,7 +99,7 @@ class _TLSMsgListField(PacketListField): return cls(m, tls_session=pkt.tls_session) except: if conf.debug_dissector: - traceback.print_exc() + raise return Raw(m) def getfield(self, pkt, s): @@ -352,7 +352,7 @@ class TLS(_GenericTLSSessionInheritance): if version > 0x300: h = alg.digest(read_seq_num + hdr + msg) elif version == 0x300: - h = alg.digest_sslv3(read_seq_num + hdr[0] + hdr[3:5] + msg) + h = alg.digest_sslv3(read_seq_num + hdr[:1] + hdr[3:5] + msg) else: raise Exception("Unrecognized version.") except HMACError: diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 63424ca9..324dd128 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -112,12 +112,10 @@ def perform_tls_client_test(suite, version): assert False = Testing TLS server and client with SSLv2 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5 -~ FIXME_py3 perform_tls_client_test("0700c0", "0002") = Testing TLS client with SSLv3 and TLS_RSA_EXPORT_WITH_RC4_40_MD5 -~ FIXME_py3 perform_tls_client_test("0003", "0300") |