hM+dZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZmZdd lmZdd lmZdd lmZGd d eZdS)zP The _TLSAutomaton class provides methods common to both TLS client and server. N) Automaton)conf)log_interactive)Raw) _tls_type)CertPrivKey)TLS)SSLv2)TLS13c`eZdZdZfdZdfd ZddZddZd Zdd Z d Z d Z ddZ xZ S) _TLSAutomatona SSLv3 and TLS 1.0-1.2 typically need a 2-RTT handshake: Client Server | --------->>> | C1 - ClientHello | <<<--------- | S1 - ServerHello | <<<--------- | S1 - Certificate | <<<--------- | S1 - ServerKeyExchange | <<<--------- | S1 - ServerHelloDone | --------->>> | C2 - ClientKeyExchange | --------->>> | C2 - ChangeCipherSpec | --------->>> | C2 - Finished [encrypted] | <<<--------- | S2 - ChangeCipherSpec | <<<--------- | S2 - Finished [encrypted] We call these successive groups of messages: ClientFlight1, ServerFlight1, ClientFlight2 and ServerFlight2. With TLS 1.3, the handshake require only 1-RTT: Client Server | --------->>> | C1 - ClientHello | <<<--------- | S1 - ServerHello | <<<--------- | S1 - Certificate [encrypted] | <<<--------- | S1 - CertificateVerify [encrypted] | <<<--------- | S1 - Finished [encrypted] | --------->>> | C2 - Finished [encrypted] We want to send our messages from the same flight all at once through the socket. This is achieved by managing a list of records in 'buffer_out'. We may put several messages (i.e. what RFC 5246 calls the record fragments) in the same record when possible, but we may need several records for the same flight, as with ClientFlight2. However, note that the flights from the opposite side may be spread wildly across TLS records and TCP packets. This is why we use a 'get_next_msg' method for feeding a list of received messages, 'buffer_in'. Raw data which has not yet been interpreted as a TLS record is kept in 'remain_in'. c`d|d<d|d<tt|j|i|dS)NcdSNargskwargss ^/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/layers/tls/automaton.pyz(_TLSAutomaton.__init__..DstllcdSrrrs rrz(_TLSAutomaton.__init__..EsTrrecvsock)superr__init__)selfrr __class__s rrz_TLSAutomaton.__init__CsD33t 99z+mT""+T  F  , /*, /c$..A.AG.K.K JGqLLS5H5HA5M5M -dnQqS.ABB1EI$)!!A#dn"5"5":":%}T4>"1"3EFF uY&&UaZZ GG$(L(-%t|H"'EDLQ+>"?%"G"'EDLQ+>"?%"G! Jglls4>7J7Ja7O7O -dnQqS.ABB1EI#dn----E /"M4;-R*8:: Q /QJEEq6;;wT^1D1D'DEED/ $:;;; $$. /,,.../    !"fn55OKK H2 MNNN  M, /*, /c$..A.AG.K.K\ t~   " "c$.&9&9W&D&D F TMM!8FBB!-77dn$2BCCCA DN NNagk )NNNDN0@AAAA }D  DN!U## AE B+3+f44!%'a'',NNagk1NNNNNae+NNi !)S)) !).0IAIs++ I#/7#/&88NNae+NNNNNagk1NNNIi     s BG:: I7IITc|r||jrt|jd|sdS|jd|_|jdd|_|)z If the next message to be processed has type 'pkt_cls', raise 'state'. If there is no message waiting to be processed, we try to get one with the default 'get_next_msg' parameters. rNr6)rYr&rDr))rpkt_clsstaterYs rraise_on_packetz_TLSAutomaton.raise_on_packetsq        t~a0'::  F~a( +egg rcNtfd|jjDS)z Return True if the pkt_cls was present during the handshake. This is used to detect whether Certificates were requested, etc. c38K|]}t|VdSr)rD).0mr[s r z-_TLSAutomaton.in_handshake..sA   q' " "      r)anyr(handshake_messages_parsed)rr[s `r in_handshakez_TLSAutomaton.in_handshakesC     %?      rc|+|)|'|jjp |jj}|dvrd}n|dkrd}|r/|jt |jdS|r/|jt |jdS|r0|jtd|jdS|jt|jdS)zW Add a new TLS or SSLv2 or TLS 1.3 record to the packets buffered out. N)ir-Tr8r9zTLS 1.2)versionr:)r(rGrFr'appendr r r )ris_sslv2is_tls13is_tls12vs r add_recordz_TLSAutomaton.add_records3   0X5E!-9!8 $$$f  F O " "5T5E#F#F#F G G G G G  F O " "5T5E#F#F#F G G G G G F O " "3y373C$E$E$E F F F F F O " "343C#D#D#D E E E E Erc"|js||jd}t|tr,|jdjj|dS|jdj|dS)z Add a TLS message (e.g. TLSClientHello or TLSApplicationData) inside the latest record to be sent through the socket. We believe a good automaton should not use the first test. N)r'rmrDr rHrIrh)rpktrs radd_msgz_TLSAutomaton.add_msgs   OO    OB  a   0 OB  % ) 0 0 5 5 5 5 5 OB  # * *3 / / / / /rcdd|jD}|j|g|_dS)zO Send all buffered records and update the session accordingly. rc3>K|]}|VdSr) raw_stateful)r`rXs rrbz._TLSAutomaton.flush_records..s,??!Q^^%%??????rN)joinr'r$sendrss r flush_recordsz_TLSAutomaton.flush_records sG HH??t??? ? ? rr;c|jr7tjrtjd|dSt d|zdSdS)Nz> %s)r!r interactiverinfoprintrxs rrAz_TLSAutomaton.vprintsR < " "$VQ/////fqj!!!!!  " "r)NN)r-r-)T)NNN)r;)__name__ __module__ __qualname____doc__rr#rYr]rermrrrzrA __classcell__)rs@rrrs&&P===== 0kkkkZ    FFFF. 0 0 0""""""""rr)rr?r$r=scapy.automatonr scapy.configr scapy.errorr scapy.packetrscapy.layers.tls.basefieldsrscapy.layers.tls.certrr scapy.layers.tls.recordr scapy.layers.tls.record_sslv2r scapy.layers.tls.record_tls13r rrrrrs %%%%%%''''''111111////////''''''////////////"""""I"""""r