h dZddlZddlmZmZmZmZddlmZddddd Z d d d d d ddddd Z dddddddddd Z dZ GddeZ Gdd eZGd!d"eZGd#d$eZGd%d&eZGd'd(eZGd)d*eZGd+d,eZGd-d.eZGd/d0eZGd1d2eZdS)3z TLS base fields, used for record parsing/building. As several operations depend upon the TLS version or ciphersuite, the packet has to provide a TLS context. N) ByteFieldShortEnumField ShortFieldStrField)orbchange_cipher_specalert handshakeapplication_data)SSLv2SSLv3zTLS 1.0zTLS 1.1zTLS 1.2z TLS 1.3-d18z TLS 1.3-d19zTLS 1.3) irrrrrrrr) sslv2sslv3tls1tls10tls11tls12z tls13-d18z tls13-d19tls13c|dkr|S|S)Nr)versionlegacy_versions _/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/layers/tls/basefields.py_tls13_version_filterr&*sceZdZdZdZdZdS)_TLSClientVersionFieldzr We use the advertised_tls_version if it has been defined, and the legacy 0x0303 for TLS 1.3 packets. cJ| |jj}|rt|dSdS|S)Nr tls_sessionadvertised_tls_versionr&selfpktxvs r%i2hz_TLSClientVersionField.i2h7s3 96A 8,Q7772r'cJ| |jj}|rt|dSdS|S)Nrr'r,r/s r%i2mz_TLSClientVersionField.i2m?s3 96A 8,Q7773r'N__name__ __module__ __qualname____doc__r4r6r"r'r%r)r)1s< r'r)ceZdZdZdZdZdS)_TLSVersionFieldz We use the tls_version if it has been defined, else the advertised version. Also, the legacy 0x0301 is used for TLS 1.3 packets. c~|:|jj}|rt|dS|jj}t|dS|SNrr- tls_versionr&r.r0r1r2r3adv_vs r%r4z_TLSVersionField.i2hNH 9+A <,Q777>,UF;;;r'c~|:|jj}|rt|dS|jj}t|dS|Sr?r@rBs r%r6z_TLSVersionField.i2mXrDr'Nr7r"r'r%r=r=Hs< r'r=ceZdZfdZxZS)_TLSLengthFieldctt|||}|j8|j}tt|||}|d|zz }|S)Nz [deciphered_len= %s])superrGi2reprdeciphered_len)r0r1r2sdxds __class__s r%rJz_TLSLengthField.i2reprdsg /4 ( ( / /Q 7 7   )#B--44S"==B +b0 0Ar')r8r9r:rJ __classcell__rOs@r%rGrGcs8r'rGc0eZdZdZdZdZdZdZdZdS) _TLSIVFielda As stated in Section 6.2.3.2. RFC 4346, TLS 1.1 implements an explicit IV mechanism. For that reason, the behavior of the field is dependent on the TLS version found in the packet if available or otherwise (on build, if not overloaded, it is provided by the session). The size of the IV and its value are obviously provided by the session. As a side note, for the first packets exchanged by peers, NULL being the default enc alg, it is empty (except if forced to a specific value). Also note that the field is kept empty (unless forced to a specific value) when the cipher is a stream cipher (and NULL is considered a stream cipher). c|t|Sd}|jjjj}|dkr'|jjdkr|jjjj}n|dkr|jjjj}|SNrblockraead)lenr-rcsciphertyperA block_sizenonce_explicit_len)r0r1itmp_len cipher_types r%i2lenz_TLSIVField.i2lenzss =q66Mo)05 ' ! !*f44/-4? F " "o)0CGr'c |pdSNr'r"r0r1r2s r%r6z_TLSIVField.i2ms xCr'c4||||zSN)r6r0r1rLvals r%addfieldz_TLSIVField.addfields488C%%%%r'cd}|jjjj}|dkr'|jjdkr|jjjj}n|dkr|jjjj}||d|||d|fSrU)r-rYrZr[rAr\r]m2i)r0r1rLr_r`s r%getfieldz_TLSIVField.getfieldso)05 ' ! !*f44/-4? F " "o)0CG{DHHS!HWH+6666r'cHt|||Srfreprr6rds r%rJz_TLSIVField.i2reprsDHHS!$$%%%r'N) r8r9r:r;rar6rirlrJr"r'r%rSrSmsi     &&&777&&&&&r'rSc,eZdZdZdZdZdZdZdS) _TLSMACFieldcF|t|S|jjjSrf)rXr-wcsmac_lenr0r1r^s r%raz_TLSMACField.i2lens =q66M"**r'c|dS|Srcr"rds r%r6z_TLSMACField.i2m 93r'c|Srfr"rgs r%riz_TLSMACField.addfieldr'c|jjjjdkr.d|jjjjvr|dfS|jjj}||d|||d|fS)NrWFr')r-rYrZr[readyvaluesrtrkr0r1rLr_s r%rlz_TLSMACField.getfields{ O  & +v 5 5 S_(/5<<>> > >c6M/%-{DHHS!HWH+6666r'cHt|||Srfrnrds r%rJz_TLSMACField.i2reprDHHS!$$%%%r'Nr8r9r:rar6rirlrJr"r'r%rqrqs_+++  777&&&&&r'rqc,eZdZdZdZdZdZdZdS) _TLSPadFieldc(|t|SdS)Nr)rXrus r%raz_TLSPadField.i2lens =q66Mqr'c|dS|Srcr"rds r%r6z_TLSPadField.i2mrwr'c|Srfr"rgs r%riz_TLSPadField.addfieldryr'c|jrEt||jdz }||d|||d|fS|dfS)N)r-consider_read_paddingrpadlenrkr}s r%rlz_TLSPadField.getfieldsd ? 0 0 2 2 ; !CJN+,,GWXX;ak : :: :$wr'cHt|||Srfrnrds r%rJz_TLSPadField.i2reprrr'Nrr"r'r%rrs_     &&&&&r'rceZdZdZdZdS)_TLSPadLenFieldc|Srfr"rgs r%riz_TLSPadLenField.addfieldryr'ch|jrtj|||S|dfSrf)r-rrrlr0r1rLs r%rlz_TLSPadLenField.getfields6 ? 0 0 2 2 4%dC33 3$wr'N)r8r9r:rirlr"r'r%rrs2r'rc$eZdZfdZdZxZS)_SSLv2LengthFieldctt|||}|jr|dz}|dt |zz }|S)Nz [with padding: %s])rIrrJ with_paddinghex)r0r1r2rLrOs r%rJz_SSLv2LengthField.i2reprsT #T * * 1 1#q 9 9   3 KA )CFF2 2Ar'ctjd|ddd}|dzdk|_|jr|dz}n|dz}|dd|fS)Nz!Hrrri?i)structunpackr)r0r1rLmsglen msglen_cleans r%rlz_SSLv2LengthField.getfieldsctQrrU++A."VO1   +!F?LL!F?Lul""r')r8r9r:rJrlrPrQs@r%rrsG#######r'rceZdZdS)_SSLv2MACFieldN)r8r9r:r"r'r%rrsDr'rceZdZdZdS)_SSLv2PadFieldcv|j/|j}||d|||d|fS|dfSrf)rrkr}s r%rlz_SSLv2PadField.getfieldsC : !jGWXX;ak : :: :$wr'Nr8r9r:rlr"r'r%rrs#r'rceZdZdZdS)_SSLv2PadLenFieldcD|jrtj|||S|dfSrf)rrrlrs r%rlz_SSLv2PadLenField.getfields+   4%dC33 3$wr'Nrr"r'r%rrs#r'r)r;r scapy.fieldsrrrr scapy.compatr _tls_type _tls_version_tls_version_optionsr&r)r=rGrSrqrrrrrrr"r'r%rs HHHHHHHHHHHH%# % %  !!!%%!## "(!' &!'!'!'%+%+!'))^.~6j*&*&*&*&*&(*&*&*&Z&&&&&8&&&<&&&&&8&&&>i########(     \   \r'