h~#dZddlZddlZddlZddlmZmZddlmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZddlmZmZmZddlmZddlmZmZmZddl m!Z!m"Z"dd l#m$Z$dd l%m&Z&dd l'm(Z(m)Z)m*Z*dd l+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6dd l7m8Z8m9Z9m:Z:m;Z;mZ>ddl?m@Z@mAZAmBZBddlCmDZDddlEmFZFmGZGmHZHmIZImJZJddlKmLZLmMZMmNZNmOZOddlPmQZQejRr ddlSmTZTddlUmVZViddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7iZWGd8d9e@ZXGd:d;eXZYGd<d=eZZGd>d?eZ[Gd@dAeZ\GdBdCeZ]GdDdEe]Z^GdFdGeXZ_GdHdIeXZ`GdJdKeXZaedLdeWedMde)dNdOe(e[dPddQe dRddSdTUe\dSdVdWXedYdeLe^dZdgeFdTd[\e,d]dd^_e-d^dd`Xg ZbGdadbeaZcGdcddeXZdGdedfeXZeGdgdhe ZfGdidjeZgGdkdleZhGdmdneXZiGdodpe@ZjGdqdreZkGdsdteXZlGdudveXZmdwdxdydzd{d|d}d~ddd ZnGdde]ZoGddeZpGddeXZqGddeXZrGddeXZsGddeXZtGdde ZuGddeXZvGddeZwGddeXZxGddeXZydddZzGddeZ{GddeXZ|Gdde Z}de$iZ~GddeZGddeXZGddeZGddeZGddeZGddeXZGddeXZGddeXZGddeXZdddZGddeXZideYde_deadeyded eed"eid$emd&eqd(esd*etd,evd.exd0e|d2ed4eZe`eceeeeeleretexed ZdS)z TLS handshake fields & logic. This module covers the handshake TLS subprotocol, except for the key exchange mechanisms which are addressed with keyexchange.py. N) log_runtimewarning) ByteEnumField ByteFieldField FieldLenFieldIntField PacketFieldPacketLenFieldPacketListFieldShortEnumField ShortFieldStrFixedLenField StrLenFieldThreeBytesField UTCTimeField) hex_bytesorbraw)conf)PacketRawPadding) randstringrepr_hex) OCSP_Response)Cert) _tls_version_TLSVersionField_TLSClientVersionField) _ExtensionsLenField_ExtensionsField_cert_status_typeTLS_Ext_PostHandshakeAuthTLS_Ext_SupportedVersion_CHTLS_Ext_SignatureAlgorithmsTLS_Ext_SupportedVersion_SHTLS_Ext_EarlyDataIndication_tls_hello_retry_magicTLS_Ext_ExtendedMasterSecretTLS_Ext_EncryptThenMAC) _TLSSignature_TLSServerParamsField_TLSSignatureFieldServerRSAParamsSigAndHashAlgsField _tls_hash_sigSigAndHashAlgsLenField)_GenericTLSSessionInheritance readConnStatewriteConnState)TLS_Ext_PreSharedKey_CH)_tls_compression_algs_tls_compression_algs_cls Comp_NULL _GenericComp_GenericCompMetaclass)_tls_cipher_suites_tls_cipher_suites_cls_GenericCipherSuite_GenericCipherSuiteMetaclass) TLS13_HKDF)default_backend)hashes hello_request client_hello server_hellohello_verify_requestsession_tickethello_retry_requestencrypted_extensions certificate server_key_exchange certificate_requestserver_hello_donecertificate_verifyclient_key_exchangefinishedcertificate_urlcertificate_statussupplemental_data key_updatecveZdZdZdZeddeeddeddd gZ d Z d Z d Z dS) _TLSHandshakez Inherited by other Handshake classes to get post_build(). Also used as a fallback for unknown TLS Handshake packets. zTLS Handshake Generic messagemsgtypeNmsglenmsgc|jSNripkts ^/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/layers/tls/handshake.pyz_TLSHandshake.esz length_fromct|}|j>|dz }tjdt |ddz|z|ddz}||zS)NrJ!Irrd)lenristructpackr)selfppaytmp_lenl2s rq post_buildz_TLSHandshake.post_buildgsXa&& ; 1B D3qt99?b"899AabbEAA3wrtctjSrm)r padding_layerr|r}s rqguess_payload_classz!_TLSHandshake.guess_payload_classns !!rtc|jjr!|jj|dS|jj||jj|dS)zO Covers both post_build- and post_dissection- context updates. N) tls_sessionpost_handshakepost_handshake_messagesappendhandshake_messageshandshake_messages_parsedr|msg_strs rqtls_session_updatez _TLSHandshake.tls_session_updateqsm   * D   4 ; ;G D D D D D   / 6 6w ? ? ?   6 = =d C C C C Crt) __name__ __module__ __qualname____doc__namer_tls_handshake_typerr fields_descrrrrtrqrgrg\s +D =D2EFF"?8T22;ub+A+ACCCDK """ D D D D DrtrgcJeZdZdZeddeeddgZdZdS)TLSHelloRequestzTLS Handshake - Hello RequestrhrriNcdS)z Message should not be added to the list of handshake messages that will be hashed in the finished and certificate verify messages. Nrrs rqrz"TLSHelloRequest.tls_session_updates rt) rrrrrrrrrrrtrqrrsP *D =A/BCC"?8T224KrtrceZdZdZdZdZdS)_GMTUnixTimeFieldz "The current time and date in standard UNIX 32-bit format (seconds since the midnight starting Jan 1, 1970, GMT, ignoring leap seconds)." c||SdSNrrr|rpxs rqi2hz_GMTUnixTimeField.i2hs =Hqrtc(|t|ndSr)intrs rqi2mz_GMTUnixTimeField.i2mss1vvvA-rtN)rrrrrrrrtrqrrs<  .....rtrceZdZdZdS)_TLSRandomBytesFieldcj|t|St|||Srm)reprrrrs rqi2reprz_TLSRandomBytesField.i2reprs. 977Na(()))rtN)rrrrrrtrqrrs#*****rtrceZdZdZdS)_SessionIDFieldz> opaque SessionID<0..32>; section 7.4.1.2 of RFC 4346 N)rrrrrrtrqrrs DrtrcLeZdZgdZdZd dZdZdZdZd Z d Z d Z d Z dS)_CipherSuitesField)itemfmtitemsizei2ss2irDN!Hctj||||||_tj||_ix}|_ix}|_|D]}||||<||||<dS)Nru) r__init__rrzcalcsizerrrkeys) r|rdefaultdicorvrrrks rqrz_CipherSuitesField.__init__sT4kJJJJ 00 dhdh  A!WCFCQLL  rtct|ttfr|j}t|tr |j|}|Srm) isinstancer>r?valbytesrrs rq any2i_onez_CipherSuitesField.any2i_onesD a-/KL M M A a    ArtcRd|jz}|j|||zS)Nz0x%%0%dx)rrget)r|rprfmts rq i2repr_onez_CipherSuitesField.i2repr_ones(4=(x||AsQw'''rtc\|dSt|ts|g}fd|DS)Nc<g|]}|Sr)r.0zrpr|s rq z,_CipherSuitesField.any2i..s'2221sA&&222rt)rlistrs`` rqany2iz_CipherSuitesField.any2isD 94!T"" A222222222rtc|dSfd|D}t|dkr |d}ndd|z}|S)NNonec<g|]}|Sr)rrs rqrz-_CipherSuitesField.i2repr..s'666q4??3**666rtrDrz[%s]z, )ryjoin)r|rprrs`` rqrz_CipherSuitesField.i2reprsa 9666666A666 w<<1  ajGGtyy111GrtcN|g}dfd|DS)Nrtc3LK|]}tjj|VdSrm)rzr{r)rrr|s rq z)_CipherSuitesField.i2m..s1BB DL!44BBBBBBrt)rr|rprs` rqrz_CipherSuitesField.i2ms4 ;CxxBBBBcBBBBBBrtcg}tj|j}|rG|tj|j|d|d||d}|G|Sr)rzrrrunpack)r|rpmresitemlens rqm2iz_CipherSuitesField.m2isk/$,//  JJv}T\1XgX;??B C C C'(( A  rtc8|dSt||jzSr)ryrr|rpis rqi2lenz_CipherSuitesField.i2lens 911vv %%rt)Nr) rrr __slots__islistrrrrrrrrrrtrqrrs555I F(((333CCC &&&&&rtrceZdZdZdS)_CompressionMethodsFieldct|ttfr|j}t|tr |j|}|Srm)rr:r;rstrrrs rqrz"_CompressionMethodsField.any2i_onesC a,(=> ? ? A a    ArtN)rrrrrrtrqrrs#rtrceZdZdZdZeddeeddedde e dde d dd e d dd d e d dde ddddeddedde ddd deddged dedddedddg ZfdZfd ZxZS)!TLSClientHelloa TLS ClientHello, with abilities to handle extensions. The Random structure follows the RFC 5246: while it is 32-byte long, many implementations use the first 4 bytes as a gmt_unix_time, and then the remaining 28 byts should be completely random. This was designed in order to (sort of) mitigate broken RNGs. If you prefer to show the full 32 random bytes without any GMT time, just comment in/out the lines below. zTLS Handshake - Client HellorhrDriNversion gmt_unix_time random_bytessidlenBsidr length_ofrkc|jSrmrros rqrrzTLSClientHello.3:rtru cipherslenrciphersc|jSrmrros rqrrzTLSClientHello.cnrtrrvcomplencomprc|jSrmrros rqrrzTLSClientHello.CKrtextlenextrcR|j|jpdz |jpdz |jpdz dz SNr(rirrrros rqrrzTLSClientHello."GSZ>AjoA>O>An>QPQ>S?Bk>NQ>P>@ >@rtcl|j%|ddtdz|ddz}|jXd|jpdz}d}|d|t |z||dzdz}|jd}d }d }d }d } |||z|z|z| zz }t t|||S) N r&'rs8001ac02bc023c02fc027009e0067009c003cc009c0130033002f000arFs,ss secdev.orgs s ) rrrrrrsuperrr) r|r}r~ cipherstartsext_len ext_renegext_sn ext_sigalg ext_supgroups __class__s rqrzTLSClientHello.post_build(s   $#2#B'!GHH+5A <  0q1KKA,;,)A,,.;?3C3C1DDAx%3 FN A Wy(61J>NN^T**55a===rtcbtt|||j}|j|_|jr|jdkr |j|_|dd|_tj d|j |jz|_ |j r|j D]}t|tr9t!|jdD]}|t$vr ||_n|jrd|_t|t(r |j|_t|t.rd|_dSdS) Either for parsing or building, we store the client_random along with the raw string representing this handshake message. rrrrxTreverseN)rrrrradvertised_tls_versionrrrrzr{r client_randomrrr%sortedversionsrmiddlebox_compatibilityr&sig_algsadvertised_sig_algsr$post_handshake_authr|rr everrs rqrz!TLSClientHello.tls_session_update<sS nd##66w???  #'<  ; 4;??HAE#BrEN!;tT-?@@,- 8 1X 1 1a!<==9%aj$???"",..7:A4!E/u9481a!<==7,-JA)a!:;;1,0A) 1 1 1 1rt)rrrrrrrrr rrrrrrr<rr7r!r"rrr __classcell__rs@rqrrs *D =A/BCC"?8T22)))T<HH%$_d;;''bAA =4SEJJJ"?5"/E/EGGG!=t+4666%%i&8$2L2LNNN!=DcVLLL++FQC,A478O8OQQQ '&xGGG##E41A1ABBB3CK@>>>>>(!1!1!1!1!1!1!1!1!1rtrcveZdZdZdZeddeeddedde e ddd e d dd d e d dde dddd e ddedde ddd d eddged dedddedddg ZdZfdZxZS) TLS13ClientHelloz TLS 1.3 ClientHello, with abilities to handle extensions. The Random structure is 32 random bytes without any GMT time z TLS 1.3 Handshake - Client HellorhrDriNrr rrrrrkc|jSrmrros rqrrzTLS13ClientHello.orrtrurrrc|jSrmrros rqrrzTLS13ClientHello.urrtrrrrc|jSrmrros rqrrzTLS13ClientHello.{rrtrrrcR|j|jpdz |jpdz |jpdz dz Srrros rqrrzTLS13ClientHello.rrtcT|j%|ddtdz|ddz}t|}|j>|dz }t jdt |ddz|z|ddz}|j}|jr|jD] }t|tr|j rb|j }t|}t|jj} | jj} |d n1td } | jj} |d d } |jr|jD]} | | z } | |d| d z z } |jd} | | | }|d| |z}||zS)NrLr$rrJrxrrdF)externalsha256TrtrH binder_key)rrryrirzr{rrrrr6client_session_tickettls13_ticket_ciphersuiter=r@hash_algrlowerhash digest_sizecompute_tls13_early_secrets tls13_retryrtls13_derived_secretscompute_verify_data)r|r}r~rszr r res_suitecs_clshkdfhash_lenhandshake_contextrr, psk_binders rqrzTLS13ClientHello.post_builds   $"1" 2&6773Aa&& ; 1B D3qt99?b"899AabbEAA   81 3X0 30 3a!899/3.E%&$> !7 !B)&/*>*D*D*F*FGG#'9#855u5EEEE *(33#'9#855t5DDD),%}3!"!533A-2--%>XIM>)::%!"!8!FJ!%!9!9*:K"M"MJ *H9* 2A3wrtctt|||j}|jr|jdkr|j|_d|_|dd|_|j|_|j r|j D]}t|tr+t|j dD]}|tvr ||_nt|t r |j|_t|t&rd|_dSdS)rrTrLrrN)rr#rrrrrrrrrr%rrrrr&rrr$rrs rqrz#TLS13ClientHello.tls_session_updates% %%88AAA   ; -4;??HAE(,A %#AbDM+ 8 1X 1 1a!<=="%aj$???"",..7:A4!E/a!<==7,-JA)a!:;;1,0A) 1 1 1 1rt)rrrrrrrrr rrrrrr<rr7r!r"rrrr r!s@rqr#r#`s .D =A/BCC"?8T22)))T<HH''bAA =4SEJJJ"?5"/E/EGGG!=t+4666%%i&8$2L2LNNN!=DcVLLL++FQC,A478O8OQQQ '&xGGG##E41A1ABBB/CK<>>>@111111111rtr#creZdZdZdZeddeeddedde e dde d dd e d dd d e d ddeddeeddged dedddedddg ZeddZfdZfdZfdZxZS) TLSServerHelloa TLS ServerHello, with abilities to handle extensions. The Random structure follows the RFC 5246: while it is 32-byte long, many implementations use the first 4 bytes as a gmt_unix_time, and then the remaining 28 byts should be completely random. This was designed in order to (sort of) mitigate broken RNGs. If you prefer to show the full 32 random bytes without any GMT time, just comment in/out the lines below. zTLS Handshake - Server HellorhrFriNrrrrrrrrrrkc|jSrmrros rqrrzTLSServerHello.rrtrucipherrrcdSNrDrros rqrrzTLSServerHello.sArtrrrrc*|j|jpdz dz Sr)rirros rqrrzTLSServerHello.s(+ cjoA(F(Krtc|rIt|dkr6tjd|ddd}|dks|dkrtStS)NrLrrJri)ryrzrTLS13ServerHellor@)cls_pktargskargsrs rq dispatch_hookzTLSServerHello.dispatch_hook sW  (CIINNmD$qs)44Q7G&  Gf$4$4''rtc|ddkr|jr|jj|_tt|j|i|S)Nrrt) getfieldvalrrrr@build)r|rLrMrs rqrQzTLSServerHello.buildsS   E " "c ) )d.> )'+DH0u^T**0$@%@@@rtc|j%|ddtdz|ddz}tt|||S)Nrrr)rrrr@rr|r}r~rs rqrzTLSServerHello.post_buildsQ   $#2#B'!GHH+5A^T**55a===rtc\tt|||j}|j|_t |dr7|dd|_tj d|j |jz|_ n |j|_ |j |_ |j rL|j D]D}t|tr d|j_t|t"r d|j_Ed}|jr.|j}|t(vrt+d|n t(|}t,}|jr7|jd}|t0vrd }t+||d}t0|}|j} t5||| |j |_t9||| |j |_dS) a Either for parsing or building, we store the server_random along with the raw string representing this handshake message. We also store the session_id, the cipher suite (if recognized), the compression method, and finally we instantiate the pending write and read connection states. Usually they get updated later on in the negotiation when we learn the session keys, and eventually they are committed once a ChangeCipherSpec has been sent/received. rrrrxTN(Unknown cipher suite %d from ServerHellorz+Unknown compression alg %d from ServerHello) ciphersuitecompression_algconnection_end tls_version)rr@rrrrYhasattrrrzr{r server_randomrrrr*extmsr+encrypt_then_macrCr=rr9rr8rXr5pwcsr4prcs) r|rr rr9cs_valcomp_clscomp_valerrrXrs rqrz!TLSServerHello.tls_session_updates nd##66w???    4 ) ) 0 '2D %{41CDD#0 1AOO#/AO 8 =X = =a!=>>2-1D$*a!788=8(D2DEE++FQC,A478E GGG '&xGGG##E41&1&''''(K0[AAAAA >>>>> 797979797979797979rtr@rhrirrr$rrrrArkc|jSrmrros rqrrrr]sCJrtrurCrcdSrErros rqrrrrbsQrtrrrrc|jdz S)Nrrnros rqrrrrescj.0/1rtcHeZdZdZdZeZeddZfdZ dZ xZ S)rIz TLS 1.3 ServerHello z TLS 1.3 Handshake - Server HelloNcr|r/t|dkr|dd}|tkrtStS)NrrL)ryr)TLS13HelloRetryRequestrI)rJrKrLrMrs rqrNzTLS13ServerHello.dispatch_hookqs?  .CIIOO ":L555--rtc|j%|ddtdz|ddz}tt|||S)NrLr$r)rrrrIrrSs rqrzTLS13ServerHello.post_build{sR   $"1" 2&6773A%t,,773???rtc|j}|j|_|j|_|j|_|jr-|jD]%}t|tr|j|_n&|jdkrt ||St ||d}|jr.|j}|tvrtd|n t|}|j}|dkr+t!|||j|_|jsd|_n0|dkr*t)|||j|_|jsd|_|j|||dkr)|jd}|j|dS|dkr)|jd}|j|dSdS) a Either for parsing or building, we store the server_random along with the raw string representing this handshake message. We also store the cipher suite (if recognized), and finally we instantiate the write and read connection states. rHNrUserverrVrXrYTclientserver_handshake_traffic_secret)rrr[rCrVrrYrrr'r@rrgr=rrXr5r^rtriggered_pwcs_commitr4r_triggered_prcs_committls13_early_secretr3compute_tls13_handshake_secretsr5tls13_derive_keys)r|rr rr9r`rXshtss rqrz#TLS13ServerHello.tls_session_updates  +    8 X  a!<==$%IAME =5 "44T7CC C  , ,T7 ; ; ; ; 8[F333BFKKKK07) X % %#3A01 ???AF, /*.' x ' '"v2@/0}>>>AF, /*.'  '  ) ) + + + ))+++ X % %*+LMD F $ $T * * * * * x ' '*+LMD F $ $T * * * * *( 'rtrm) rrrrr_tls_13_server_hello_fieldsrrdrNrrr r!s@rqrIrIjs| -D-K   [ @@@@@ ;+;+;+;+;+;+;+rtrIc,eZdZdZeZdZfdZxZS)rkz'TLS 1.3 Handshake - Hello Retry Requestc|d}| t|_|ddkr|jr|jj|_t |S)Nrrrt)rPr)rrrrgrQr|fvals rqrQzTLS13HelloRetryRequest.buildsd// < 6D    E " "c ) )d.> )'+DH""4(((rtc@|j}d|_i|_|jrJt|j}t |jj }|j j }nIt|j }t |jj }|j j }tjdd}|tjddz }|tjddz }|tjd|z }tj|j t#}||jd||z }||jd<t+t,||dS)NTrr)backend)rr4tls13_client_pubsharesr-r=r.r@r/rr0r1r2rCrzr{rBHashrAupdaterfinalizerrkr) r|rr r9r:r;r<digestrs rqrz)TLS13HelloRetryRequest.tls_session_updatesf   #%  " -+A,FGFfo288::;;Dy,HH+DK8Ffo288::;;Dy,H"KS11V[a000V[a000V[h777TY0A0ABBB a*1-...V__..."3Q $d++>>wGGGGGrt) rrrrrxrrQrr r!s@rqrkrksZ 4D-K)))HHHHHHHHHrtrkceZdZdZeddeeddedddeddd gZ d Z d Z dS) TLSEncryptedExtensionsz(TLS 1.3 Handshake - Encrypted ExtensionsrhrNriNrrrc|jdz SNrFrnros rqrrzTLSEncryptedExtensions.s CJNrtruc|||j}|j}d}|jr!|jD]}t |t rd}|dkr|st t|jj ||j |_ |j d}|j ||js|jj |_d|_dSd|_dSdSdS)NFTrnroclient_handshake_traffic_secret)rrrXrrr(r4typewcsrVrYr_r5rvrrcsrsr|rr rXearly_data_acceptedrchtss rqpost_build_tls_session_updatez4TLSEncryptedExtensions.post_build_tls_session_updates (((  ) $ 8 /X / /a!<==/*.' X % %& 3&48I3J3J6D34=BBB./PQ((...03 ,1AE.3A+++.2A+++ & % 3 3rtc|||j}|j}d}|jr!|jD]}t |t rd}|dkr|st t|jj ||j |_ |j d}|j ||js|jj |_d|_dSd|_dSdSdS)NFTrpror)rrrXrrr(r5rrrVrYr^r5rvrrrrrs rq"post_dissection_tls_session_updatez9TLSEncryptedExtensions.post_dissection_tls_session_updates (((  ) $ 8 /X / /a!<==/*.' X % %& 3'D9J4K4K7E45MCCC./PQ((...03 ,1AE.3A+++.2A+++ & % 3 3rt) rrrrrrrr!r"rrrrrtrqrrs 5D =A/BCC"?8T22&&xGGG##E40J0JLLLMK 333B33333rtrc2eZdZdZddfdZdZdZdZdS)_ASN1CertLenFieldz0 This is mostly a 3-byte FieldLenField. Nc|Srmrrprs rqrrz_ASN1CertLenField.AArtcR||_||_tj|||ddS)Nrx)r)radjustrrr|rrrrs rqrz_ASN1CertLenField.__init__As/"  tT7555555rtc|P|jI||j\}}|||}|||}|Srm)rgetfield_and_valrr)r|rprfldr|fs rqrz_ASN1CertLenField.i2mFsS 9~)00@@ TIIc4((KKQ''rtct|tj|j|||ddzSNrDrJrzr{rrr|rpr rs rqaddfieldz_ASN1CertLenField.addfieldN26;tx#s););<.i2m_oner!S!! !T"" #E +dCFF33AaC8{"LWa!T"" E;tW--ac2Q6 6rtrtc3.K|]}|VdSrmr)rrrs rqrz)_ASN1CertListField.i2m..s+..q ......rt)rrrrr|rprrs @rqrz_ASN1CertListField.i2mqsu 7 7 7 93 a   H a   Axx....A......rtc|Srmrrs rqrz_ASN1CertListField.any2irtN)rrrrrrrrrrtrqrrUsU F%%% (///,rtrc&eZdZdZdZdZdZdS)_ASN1CertFieldcP|dSt|||Srrrs rqrz_ASN1CertField.i2lenrrtcd}|j||}d}|}||d|||d}}tjdd|ddzd}|t|dd|zf}|d|zd}||z|fS)NrtrxrrHr)rvrzrr)r|rpr rrrrlen_certs rqrz_ASN1CertField.getfields   '&&s++G   xx[!GHH+sA dGaeO44Q74!AI+//0 a%ijjM3w  rtc&d}|dS||S)NcHt|tr|St|tr6|j}t jdt |dd}||zS|\}}t|tr|j}t jd|dd|zSrrrs rqrz#_ASN1CertField.i2m..i2m_onerrtrtrrs rqrz_ASN1CertField.i2ms+ 7 7 7 93wqzzrtc|Srmrrs rqrz_ASN1CertField.any2irrtN)rrrrrrrrrtrqrrsP%%% ! ! !$rtrceZdZdZdZeddeeddeddd e dgd gZ e dd Z d Z dS)TLSCertificatezD XXX We do not support RFC 5081, i.e. OpenPGP certificates. zTLS Handshake - CertificaterhrPriNcertslencertsrc|jSrmrros rqrrzTLSCertificate.sclrtrucl|r,|dd}|r|jpddkrtStS)NrrrH)rrYTLS13Certificater)rJrKrLrMrs rqrNzTLSCertificate.dispatch_hooksC  ())M488K ( 7 <1GG''rtc|||jj}|dkrd|jD|j_dSd|jD|j_dS)Nrpcg|] }|d SrDrrrs rqrzETLSCertificate.post_dissection_tls_session_update..,F,F,FaQqT,F,F,Frtcg|] }|d Srrrs rqrzETLSCertificate.post_dissection_tls_session_update..rrtrrrXr server_certs client_certs)r|rrXs rqrz1TLSCertificate.post_dissection_tls_session_updatesn ((()8 X % %,F,F4:,F,F,FD  ) ) ),F,F4:,F,F,FD  ) ) )rtrm)rrrrrrrrrrrrdrNrrrtrqrrs )D =B0CDD"?8T22$$ZIII%%gr2J2JLLLMK [GGGGGrtrcheZdZdZeddedddedgd gZd ZdS) _ASN1CertAndExtzCertificate and ExtensionscertrkrNrrc|jSrm)rros rqrrz_ASN1CertAndExt.sCJrtruc d|fS)Nrtr)r|r s rqextract_paddingz_ASN1CertAndExt.extract_paddings Av rt) rrrrrrr"rrrrtrqrrsu 'D!>&"-- =45AAA##E20F0FHHHIK rtrceZdZdZdS)_ASN1CertAndExtListFieldc:|||jS)Nr)rJr)r|rprs rqrz_ASN1CertAndExtListField.m2isxxsx777rtNrrrrrrtrqrrs#88888rtrc eZdZdZeddeeddedddd edd d e d dde dge d gZ dZ dS)rzTLS 1.3 Handshake - CertificaterhrPriNcert_req_ctxt_lenr cert_req_ctxtrrkc|jSrmrros rqrrzTLS13Certificate. s7Lrtrurrrc|jSrmrros rqrrzTLS13Certificate.sCLrtc|||jj}|dkr(|jrd|jD}||j_dSdS|jrd|jD}||j_dSdS)NrpcHg|]}t|d|jd SrrDrZrrs rqrzGTLS13Certificate.post_dissection_tls_session_update..-JJJAwq&7I7IJafQiJJJrtcHg|]}t|d|jd Srrrs rqrzGTLS13Certificate.post_dissection_tls_session_update..rrtr)r|rrXscccs rqrz3TLS13Certificate.post_dissection_tls_session_updates ((()8 X % %z 3JJJJJ02 --- 3 3z 3JJJJJ02 --- 3 3rt)rrrrrrrrrrrrrrrrtrqrrs ,D =B0CDD"?8T22 =!4d+:<<<;+L+LNNN$$ZIII++GR8P8PRRRSK 3 3 3 3 3rtrceZdZdZeddeeddeddded dd gZ d Z d Z dS) TLSServerKeyExchangez#TLS Handshake - Server Key ExchangerhrRriNparamsc|jSrmrnros rqrrzTLSServerKeyExchange.srtrusigc:|jt|jz Srm)riryrros rqrrzTLSServerKeyExchange.scj3sz??>Zrtc|d}||j}|jr|jjjrt |}n+|jjd}||} |n+#t$rtj rYnwxYwt}||_ |d}||j}|jr}|j rv|jjjsV|j }|d}|j |jzt!|z}t#|}|||jnt}nt}||_t+j|g|Ri|S)av We overload build() method in order to provide a valid default value for params based on TLS session if not provided. This cannot be done by overriding i2m() because the method is called on a copy of the packet. The 'params' field is built according to key_exchange.server_kx_msg_cls which should have been set after receiving a cipher suite in a previous ServerHello. Usual cases are: - None: for RSA encryption or fixed FF/ECDH. This should never happen, as no ServerKeyExchange should be generated in the first place. - ServerDHParams: for ephemeral FFDH. In that case, the parameter to server_kx_msg_cls does not matter. - ServerECDH\*Params: for ephemeral ECDH. There are actually three classes, which are dispatched by _tls_server_ecdh_cls_guess on the first byte retrieved. The default here is b"\03", which corresponds to ServerECDHNamedCurveParams (implicit curves). When the Server\*DHParams are built via .fill_missing(), the session server_kx_privkey will be updated accordingly. rNrrrt)rPrr^ key_exchangeexportr/server_kx_msg_cls fill_missing Exceptionrdebug_dissectorrrr anonymousr[rr, _update_sig server_keyrrgrQ)r|rLrMr|r rJr}rs rqrQzTLSServerKeyExchange.builds,)) < Av 6&--)a888CC&-??HHC#!,,,C$$&&&& +eeDK&& < Av !/ v*4  Ay!/9CFFBA'A666COOAq|4444%%CCeeDH"48$888%888s4B B#"B#cn|j}|jrL|jjjr;|}t jd||jr|jjjs|j r|j r|j rt|j dkr|j |j zt|jz}|j||j d}|sI|}t jd|dSdSdSdSdSdSdSdS)z While previously dissecting Server*DHParams, the session server_kx_pubkey should have been updated. XXX Add a 'fixed_dh' OR condition to the 'anonymous' test. z#TLS: useless ServerKeyExchange [%s]rz-TLS: invalid ServerKeyExchange signature [%s]N)rr_rno_ske firstlayersummaryrinforrr[rryrrr _verify_sig)r|rpr pkt_inforsig_tests rqpost_dissectionz$TLSServerKeyExchange.post_dissectionAsv   6 Naf)0 N~~''//11H  BH M M M F \#- \ O \ ! \ \$'q~#6#6#:#:!/1C 4D4DDAx++Aq~a/@AAH \>>++3355 !PRZ[[[[[ \ \ \ \ \ \ \ \ \ \$;#: \ \rt) rrrrrrrr-r.rrQrrrtrqrrs 0D =B0CDD"?8T22((45K5KMMM%%eT2Z2Z\\\ ]K999999v\\\\\rtrrsa_signdss_sign rsa_fixed_dh dss_fixed_dhrsa_ephemeral_dh_RESERVEDdss_ephemeral_dh_RESERVEDfortezza_dms_RESERVED ecdsa_signrsa_fixed_ecdhecdsa_fixed_ecdh) rDrFrHrJrLr\@ABceZdZdS)_CertTypesFieldN)rrrrrtrqrrgsDrtrc4eZdZdZdZdZdZdZdZdZ dS) _CertAuthoritiesFieldz4 XXX Rework this with proper ASN.1 parsing. rDc|||}||d|||d|fSrm)rvr)r|rpr rs rqrz_CertAuthoritiesField.getfieldqs>""3''{DHHS!HWH+6666rtcjg}t|dkrtjd|ddd}t||dzkr |||ddfnD|dd|z}|||f|d|zd}t|dk|S)NrDrrFr)ryrzrr)r|rprrrdns rqrz_CertAuthoritiesField.m2ius!ffqjjmD!BQB%003G1vv! ## GQqrrU+,,,1Q[=!B JJ} % % %!g+,,A!ffqjj rtcJdtd|S)NrtcJtjd|d|dzS)NrrrD)rzr{)x_ys rqrrz+_CertAuthoritiesField.i2m..s D#a&(A(ACF(Jrt)rmaprs rqrz_CertAuthoritiesField.i2ms"xxJJANNOOOrtc4||||zSrm)rrs rqrz_CertAuthoritiesField.addfields488C%%%%rtcP|dSt|||Srrrs rqrz_CertAuthoritiesField.i2lens( ;1txxS))** *rtN) rrrrrrrrrrrrtrqr r kssF777   PPP&&&+++++rtr ceZdZdZeddeeddedddd edd d ge d d e ddde dgde dde dedddd edgdgZdS)TLSCertificateRequestz#TLS Handshake - Certificate RequestrhrTriN ctypeslenrctypesrrDrz!Bc|jSrm)r,ros rqrrzTLSCertificateRequest.s3=rtr sig_algs_lenrr)iiihash_sigc|jSrm)r/ros rqrrzTLSCertificateRequest.s s?Ortru certauthlenrcertauthc|jSrm)r2ros rqrrzTLSCertificateRequest.srt)rrrrrrrrr_tls_client_certificate_typesr2r0r r1r rrrtrqr+r+s  0D =B0CDD"?8T22 =d+3555"?8aW#@+//H/HJJJ*).$4>@@@&&z3K3K3K'5~j$ 'V'V3O3OQQQ!=$+5777((R5P5PRRRSKKKrtr+c eZdZdZeddeeddedddd edd d e d dde ddd gZ fdZ xZ S)TLS13CertificateRequestz'TLS 1.3 Handshake - Certificate RequestrhrTriNrrrrrkc|jSrmrros rqrrz TLS13CertificateRequest.rrtrurrrc&|j|jz dz S)NrH)rirros rqrrz TLS13CertificateRequest.sCJ$'$9=:<==>rtcztt|||j|j_dSrm)rr7rrrtls13_cert_req_ctxt)r|rrs rqrz*TLS13CertificateRequest.tls_session_updates6 %t,,??HHH/3/A,,,rt)rrrrrrrrrr!r"rrr r!s@rqr7r7s 4D =B0CDD"?8T22 =!4d+:<<<;+L+LNNN&&xGGG##E41>1>??? @KBBBBBBBBBrtr7cDeZdZdZeddeeddgZdS)TLSServerHelloDonez!TLS Handshake - Server Hello DonerhrVriNrrrrrrrrrrtrqr=r=s; .D =B0CDD"?8T224KKKrtr=cleZdZdZeddeeddedddgZd Z d Z dS) TLSCertificateVerifyz"TLS Handshake - Certificate VerifyrhrXriNrc|jSrmrnros rqrrzTLSCertificateVerify.scjrtrucp|d}| |j}d|j}|jr|d|jz }|j}||j}|dkrC|jdkrd}n |jdkrd}d|zd z|j j |z}t| |_ |jdkr!|j ||jn+|jdkr |j ||jt#j|g|Ri|S) NrrtrHrp!TLS 1.3, client CertificateVerifyrn!TLS 1.3, server CertificateVerify@ rr)rPrrrrrrYrrXrr1rr,rr client_keyrrgrQ)r|rLrMrr rrYcontext_strings rqrQzTLSCertificateVerify.buildsOu%% ; A-..A 9SXXa7888-K"6 f$$#x//%INN%11%IN >1G;aej>O>OPQ>R>RR$333DH8++$$Q 5555!X--$$Q 555"48$888%888rtc|j}d|j}|jr|d|jz }|j}||j}|dkrC|jdkrd}n |jdkrd}d|zdz|jj |z}|jdkr|j r}t|j d krg|j ||j d }|sA|}t#jd |dSdSdSdS|jdkr|jrt|jd kri|j ||jd }|sC|}t#jd |dSdSdSdSdS) NrtrHrprDrnrCrErrz-TLS: invalid CertificateVerify signature [%s])rrrrrrYrrXrr1rrryrr rr rr r)r|rpr rrYrGr r s rqrz$TLSCertificateVerify.post_dissections    HHQ) * *  5 !344 4Am  2K & 8++!E!X--!E~-7!%*:K:KA:N:NNA x ' '~ `#an"5"5"9"98//1>!3DEE`"~~//7799H$%TV^_____  ` `"9"9``  ) )~ `#an"5"5"9"98//1>!3DEE`"~~//7799H$%TV^_____ * ) ` `"9"9``rt) rrrrrrrr.rrQrrrtrqr@r@s /D =B0CDD"?8T22%%eT2H2HJJJKK9990`````rtr@c&eZdZdgZdZddZdZdS)_TLSCKExchKeysFieldrvrDNcB||_tj||dddSrm)rvr r)r|rrvs rqrz_TLSCKExchKeysField.__init__ s'&T4t44444rtc*||}|d|||d}}|j}d}|jr|jjr|jjj}|t |t |z S|||t |z S)a The client_kx_msg may be either None, EncryptedPreMasterSecret (for RSA encryption key exchange), ClientDiffieHellmanPublic, or ClientECDiffieHellmanPublic. When either one of them gets dissected, the session context is updated accordingly. Nr)rvrr_rclient_kx_msg_clsrr)r|rprrtbdremr rJs rqrz_TLSCKExchKeysField.m2is""3''XgX;'(( S O 6 8af) 8&%7C ;s88gcll* *s3A&&&55rtrm)rrrr holds_packetrrrrtrqrJrJsCIL555566666rtrJcxeZdZdZdZeddeeddedd gZ d Z fd Z xZ S) TLSClientKeyExchangezS This class mostly works like TLSServerKeyExchange and its 'params' field. z#TLS Handshake - Client Key ExchangerhrZriNexchkeysc|jSrmrnros rqrrzTLSClientKeyExchange..sszrtruc|d}|A|j}|jr|jjj}||}nt }||_tj|g|Ri|S)NrSr) rPrr_rrMrrSrgrQ)r|rLrMr|r rJs rqrQzTLSClientKeyExchange.build0s~ ++ < Av f);ca(((eeDM"48$888%888rtctt|||jjrd|jj}|jjdkrWddlm }| |jj j j }|||j_nMddlm}m}||||z|j_|jjr|j|jjs4|jr|jdSdSdS)zB Finalize the EXTMS messages and compute the hash rtrer)_tls_hash_algs)Hash_MD5Hash_SHAN)rrRrrr\rrrYscapy.layers.tls.crypto.hashrWrr_prf hash_namer session_hashrXrYpre_master_secretcompute_ms_and_derive_keys master_secret use_nss_master_secret_if_present)r|rto_hashrW hash_objectrXrYrs rqrz'TLSClientKeyExchange.tls_session_update<s "D))<hht/BCCG+u44GGGGGGn00$)-7 1<0B0B70K0K --LKKKKKKKHJJ%%g..1B1B71K1KK -1 > ;;===- >@@BB > ;;=====  > > > >rt) rrrrrrrrrJrrQrr r!s@rqrRrR&s 1D =B0CDD"?8T22&&z3I3IKKKLK 9 9 9>>>>>>>>>rtrRceZdZdZdS)_VerifyDataFieldc|jjdkrd}n5|jjr'|jjdkr|jjjj}nd}||d|d|fS)Ni$rHrR)rrYrr1r;)r|rpr seps rqrz_VerifyDataField.getfieldasg ? && 0 0CC _ ( S_-HF-R-R/%*3CCCw$3$rtN)rrrrrrtrqrere`s#     rtrecreZdZdZeddeeddeddgZdZ dZ d Z d Z dS) TLSFinishedzTLS Handshake - Finishedrhr\riNvdatac|d}||j}d|j}|jr|d|jz }|j}|j}||j}|dkr/|j }|j j |d|||_ n||d||_ tj|g|Ri|S)NrkrtrHwrite)rPrrrrrrXrYrr`rr[r6rkcompute_tls13_verify_datargrQ) r|rLrMr|r  handshake_msgcon_endrYmss rqrQzTLSFinished.buildqs(( < AHHQ%9::M E!*C!D!DD &G-K"6 V##_UY::7G;H"NN 88'9FHH "48$888%888rtc|j}|jsAd|j}|jr|d|jz }|j}||j}|dkr|jz|j}|j }|j j |d||}|j |kr=|}t!jd|dSdS|dkrh|j }||d|}|j |krA|}t!jd|dSdSdSdS)NrtrHreadz#TLS: invalid Finished received [%s])rfrozenrrrrrYrr`rXrr[r6rkrr rr rn) r|rpr rorYrqrp verify_datar s rqrzTLSFinished.post_dissections  x VHHQ%9::M E!*C!D!DD -K"6 V##(C_*ei;;GV>>AF'+A #8++//1111!X--3355511333 x ' '#A (*A % % % ( 'rt) rrrrrrrrerrQrrrrrtrqrjrjks %D =B0CDD"?8T22##GT224K999(VVV2+++(+++++rtrjceZdZdZdZeddeeddedddd e d d d gZ dS)TLSHelloVerifyRequestz) Defined for DTLS, see RFC 6347. z$TLS Handshake - Hello Verify Requestrhr^riN cookielenrcookierrkc|jSrm)r~ros rqrrzTLSHelloVerifyRequest.s}rtru) rrrrrrrrrrrrrtrqr}r}s 2D =B0CDD"?8T22 =d%(H>>>;x+D+DFFF GKKKrtr}individual_certspkipath)rrDc eZdZdZedddeddded dd d d ed ddgZdZdS)URLAndOptionalHashz0URLAndOptionHash structure for TLSCertificateURLurllenNurlrrkc|jSrm)rros rqrrzURLAndOptionalHash.rsrtru hash_presentrr1cJttj|dz S)Ng4@)rmathceilrs rqrrzURLAndOptionalHash.ss49QW;M;M7N7Nrt)rrrcd|jzS)Nr\)rros rqrrzURLAndOptionalHash.srCrrtru) rrrrrrrr_tls_cert_chain_typesrr rrrrtrqrrs -D =B0CDD"?8T22 =$8MNN =45AAA"?5".@/E/EGGG HKKKrtrc.eZdZddfdZdZdZdZdS)ThreeBytesLenFieldNc|Srmrrs rqrrzThreeBytesLenField.rrtc:tj||||d|dS)Nrx)rrr)rrrs rqrzThreeBytesLenField.__init__s3tT7i#' 8 8 8 8 8 8rtcP|dSt|||Sr)rrrs rqrzThreeBytesLenField.i2reprs( 91DHHS!$$%%%rtct|tj|j|||ddzSrrrs rqrzThreeBytesLenField.addfield rrtc |dd||tj|jd|ddzdfSrrrs rqrzThreeBytesLenField.getfieldrrt)rrrrrrrrrtrqrrsf04=M=M8888&&& BBBQQQQQrtrceZdZdZdS) _StatusFieldc`|j}|j}|tvr t|}||Srm) status_typerJ_cert_status_cls)r|rpridtyperJs rqrz_StatusField.m2is3h % % %"6*Cs1vv rtNrrrtrqrrs#rtrc eZdZdZeddeeddeddeeddd e d de d gZ dS) TLSCertificateStatusz"TLS Handshake - Certificate Statusrhr`riNrrD responselenresponserc|jSrm)rros rqrrzTLSCertificateStatus.'srtru) rrrrrrrr#rrrrrrtrqrrs /D =B0CDD"?8T22 =3DEE%%mT0:<<<< D#,G,GIII JKKKrtrcheZdZdZeddedddeddd gZd ZdS) SupDataEntryz!Supplemental Data Entry - GenericsdtypeNrydatarrkc|jSrmryros rqrrzSupDataEntry.3scgrtructSrmrrs rqrz SupDataEntry.guess_payload_class5rrt) rrrrrrrrrrrtrqrr.sq .D:h-- =???;vr+=+=???@K rtrcheZdZdZeddedddeddd gZd ZdS) UserMappingDatazUser Mapping DatarNryrrrkc|jSrmrros rqrrzUserMappingData.>sswrtructSrmrrs rqrz#UserMappingData.guess_payload_class@rrt) rrrrrrrrrrrtrqrr9st D9Y-- =???;vr+>+>@@@AK rtrc eZdZdZeddeddddeddd edged gZd Z dS) SupDataEntryUMz&Supplemental Data Entry - User MappingrNryrc |dzSrrrs rqrrzSupDataEntryUM.Hs q1urt)rrdlenrc|jSrm)rros rqrrzSupDataEntryUM.Ks#(rtructSrmrrs rqrz"SupDataEntryUM.guess_payload_classMrrt) rrrrrrr rrrrrtrqrrDs 3D:h-- =(<(<>>> =@@@"?62/B/BDDD EKrtrc |eZdZdZeddeeddedddedge d gZ dS) TLSSupplementalDataz!TLS Handshake - Supplemental DatarhrbriNsdatalensdatarc|jSrm)rros rqrrzTLSSupplementalData.Ws3<rtru) rrrrrrrrr rrrrtrqrrQst .D =B0CDD"?8T22%%j$'JJJ"?7B /G/GIIIJKKKrtrc eZdZdZdZeddeeddedde d dd e d d d gZ e ddZ dZdS)TLSNewSessionTicketzR XXX When knowing the right secret, we should be able to read the ticket. z"TLS Handshake - New Session TicketrhrJriNlifetime ticketlenticketrrkc|jSrmrros rqrrzTLSNewSessionTicket.hrrtrucr|dd}|r|jr|jdkrtStS)NrrH)rrYTLS13NewSessionTicketr)rJrKrLrMr s rqrNz!TLSNewSessionTicket.dispatch_hookjs> IImT * *  ) )1=F#:#:( (""rtcv|||jjdkr|j|j_dSdSNrp)rrrXrr-rs rqrz6TLSNewSessionTicket.post_dissection_tls_session_updateqsB (((   *h 6 659[D  2 2 2 7 6rtrm)rrrrrrrrr rrrrdrNrrrtrqrr^s 0D =A/BCC"?8T228J 33 =dhGGG;x+D+DFFF GK###[# AAAAArtrc$eZdZdZdZeddeeddedded d e d dd d e d dde ddde ddde ddde dddg Z dZdZdS)rzG Uncomment the TicketField line for parsing a RFC 5077 ticket. z&TLS 1.3 Handshake - New Session TicketrhrJriNticket_lifetimerticket_age_addrnoncelenr ticket_noncerrkc|jSrm)rros rqrrzTLS13NewSessionTicket.ss|rtrurrrc|jSrmrros rqrrzTLS13NewSessionTicket.rrtrrc>|j|jpdz |jz pddz S)NrrT)rirrros rqrrzTLS13NewSessionTicket.s5SZ>Am>Pq>R=@\>J>OMNRT=Urtc|d}|dkrtjd|_|d}|dkrtjd|_|d}|dkrd|_|d }|d kr2t jd tjd d |_t |S) Nrrt0rr$rrirrrxrJ) rPosurandomrrrrzrrrgrQr{s rqrQzTLS13NewSessionTicket.builds)) 3;;*R..DK// 3;; " 2D  122 :  #(D  011 199"(-bjmm"D"DQ"GD ""4(((rtcL|jjdkr|j|j_dSdSr)rrXrr-rs rqrz8TLS13NewSessionTicket.post_dissection_tls_session_updates.   *h 6 659[D  2 2 2 7 6rt)rrrrrrrrr rrr!r"rrQrrrtrqrrwsA 4D =A/BCC"?8T228-z::8,a00 =Ts+9;;;;~r+C+CEEE =dhGGG;x+D+DFFF&&xGGG##E41U1UVVVWK$)))2AAAAArtrcDeZdZdZeddeeddgZdS)TLS13EndOfEarlyDataz%TLS 1.3 Handshake - End Of Early DatarhrriNr>rrtrqrrs; 2D =A/BCC"?8T224KKKrtrupdate_not_requestedupdate_requestedcheZdZdZeddeeddeddegZdZ d Z dS) TLS13KeyUpdatezTLS 1.3 Handshake - Key UpdaterhrdriNrequest_updaterc|j}tt|jj|j|j|_d|_| |jddS)NroTrm) rr5rrrVrXrYr^rr"compute_tls13_next_traffic_secretsr|rr s rqrz,TLS13KeyUpdate.post_build_tls_session_updatesc  D1B,C,C/0/?,-M;;;#' ,,Q-=wGGGGGrtc|j}tt|jj|j|j|_d|_|jdkr| dddS|jdkr| dddSdS)NroTrnrprs) rr5rrrVrXrYr_rsrrs rqrz1TLS13KeyUpdate.post_dissection_tls_session_updates  D1B,C,C/0/?,-M;;;#' x ' ' 0 06 B B B B B   ) ) 0 06 B B B B B* )rt) rrrrrrr_key_update_requestrrrrrtrqrrs{ +D =B0CDD"?8T22 =!116IJJLKHHH C C C C Crtr) rDrFrJrrNrPrTrXr\rd)rrrrz scapy.errorrr scapy.fieldsrrrrr r r r r rrrrr scapy.compatrrr scapy.configr scapy.packetrrr scapy.utilsrrscapy.layers.x509rscapy.layers.tls.certrscapy.layers.tls.basefieldsrrr scapy.layers.tls.extensionsr!r"r#r$r%r&r'r(r)r*r+scapy.layers.tls.keyexchanger,r-r.r/r0r1r2scapy.layers.tls.sessionr3r4r5"scapy.layers.tls.keyexchange_tls13r6#scapy.layers.tls.crypto.compressionr7r8r9r:r;scapy.layers.tls.crypto.suitesr<r=r>r?scapy.layers.tls.crypto.hkdfr@ crypto_validcryptography.hazmat.backendsrAcryptography.hazmat.primitivesrBrrgrrrrrrrr#r@rxrIrkrrrrrrrrrr5rr r+r7r=r@rJrRrerjr}rrrrrrrrrrrrrrrr_tls_handshake_cls_tls13_handshake_clsrrtrqrsU ,,,,,,,,"-,,,,,,,,,----------,,,,,,,,++++++&&&&&&AAAAAAAAAA A A A A A A A A A A A A A A A A A A A A A A A A A ABBBBBBBBBBBBBBBBBBEEEEEEEEEEFFFFFFHHHHHHHHHHHHHHJJJJJJJJJJJJ4333336<<<<<<555555Bq/B1nB.B*+-CB*B,-/DB0B35mB0 B356K B . B 134H B 0 B 35j B,B/12FB.B13LBB!D!D!D!D!D1!D!D!DP     m   " . . . . . . . .*****+***     k   :&:&:&:&:&:&:&:&z1`1`1`1`1`1]`1`1`1F11111}111Nl9l9l9l9l9]l9l9l9`M)Q 344OHd##Y 55r22M(DEs;;;OE2 6 6888N8T#566VaS2%()6888$%888UD"2"2333(Q+Q+Q+Q+Q+~Q+Q+Q+p%H%H%H%H%H]%H%H%HZE3E3E3E3E3]E3E3E3\QQQQQ QQQ033333333l&&&&&[&&&RGGGGG]GGG8388888888 33333}333:W\W\W\W\W\=W\W\W\|%/$.$2$2$?$?%<%1%5%7 !9 !9     (    + + + + +K + + +FSSSSSMSSS*BBBBBmBBB.44444444=`=`=`=`=`==`=`=`H66666+666<3>3>3>3>3>=3>3>3>t     {   Y+Y+Y+Y+Y+-Y+Y+Y+D G G G G GM G G G"/%''         H H H H H H H H"QQQQQQQQ"}%>JJJJJ=JJJ6f     V   JJJJJ-JJJAAAAA-AAA22A2A2A2A2AM2A2A2Ar44444-44415GHHCCCCC]CCC</a/!^//)*,A/,///24^/. /134I / , / /12F / . / 13K /+/.01E/-/,0@05H17G39M'^ ==rt