hdZddlZddlZddlmZmZddlmZddlm Z m Z m Z m Z m Z mZmZmZmZmZddlmZddlmZmZmZddlmZmZdd lmZdd lmZm Z dd l!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'm(Z(m)Z)ej*rdd l+m,Z,ddl-m.Z.m/Z/ddl0m1Z1ej2r ddl-m3Z3ddl-m4Z4idddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2id3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWZ5dXZ6dYZ7GdZd[e Z8Gd\d]e Z9Gd^d_e Z:Gd`dae Z;GdbdceZ<GdddeeZ=GdfdgeZ>GdhdieZ?GdjdkeZ@dldmdndoZAdpdqdrZBGdsdteZCGdudveZDGdwdxeZEeDeEdrZFGdydze ZGGd{d|eZHGd}d~eZIGddeZJGddeZKeIeJeKdoZLdZMGddeZNGddeZOGddeZPGddeZQGddeZRGddeZSGddeZTdS)z TLS key exchange logic. N)confcrypto_validator)warning) ByteEnumField ByteField EnumField FieldLenFieldFieldListField PacketFieldShortEnumField ShortFieldStrFixedLenField StrLenField)orb)PacketRawPadding) PubKeyRSA PrivKeyRSA)_GenericTLSSessionInheritance) _tls_version_TLSClientVersionField) pkcs_i2osp pkcs_os2ip) _ffdh_groups_tls_named_curves_tls_named_groups_generate_tls_named_groups_import_tls_named_groups_pubbytes)default_backend)dhec) serialization)x25519)x448z none+anonznone+rsaznone+dsaz none+ecdsazmd5+anonizmd5+rsaizmd5+dsaiz md5+ecdsaz sha1+anonizsha1+rsaizsha1+dsaiz sha1+ecdsaz sha224+anonz sha224+rsaiz sha224+dsaz sha224+ecdsaiz sha256+anoniz sha256+rsaiz sha256+dsaiz sha256+ecdsaiz sha384+anoniz sha384+rsaiz sha384+dsaiz sha384+ecdsaiz sha512+anoniz sha512+rsaiz sha512+dsaiz sha512+ecdsazsha256+rsaepssizsha384+rsaepssizsha512+rsaepssed25519ed448i z sha256+rsapssz sha384+rsapssz sha512+rsapss)i i cP|jsdS|jjsdS|jjdkS)a% We expect this. If tls_version is not set, this means we did not process any complete ClientHello, so we're most probably reading/building a signature_algorithms extension, hence we cannot be in phantom_mode. However, if the tls_version has been set, we test for TLS 1.2. Fr-) tls_session tls_versionpkts `/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/layers/tls/keyexchange.py phantom_moder9Ds5 ?u ? &u ? & //cfd}|S)z Decorator for version-dependent fields. If get_or_add is True (means get), we return s, self.phantom_value. If it is False (means add), we return s. cb|dd\}}}t|r r ||jfS|S|S)Nr()r9 phantom_value)argsselfr7sf get_or_adds r8wrapperz!phantom_decorate..wrapperXsLBQBx c1     -$,,,Hq$xr:)rArBrCs`` r8phantom_decoraterERs)  Nr:cZeZdZdZdZeejdZeejdZdS)SigAndHashAlgFieldzUsed in _TLSSignature.NTF) __name__ __module__ __qualname____doc__r=rErgetfieldaddfieldrDr:r8rGrGbsC  M 2D99H 2E::HHHr:rGcZeZdZdZdZeejdZeejdZdS)SigAndHashAlgsLenField?Used in TLS_Ext_SignatureAlgorithms and TLSCertificateResquest.rTFN) rHrIrJrKr=rEr rLrMrDr:r8rOrOisCIIM 6==H 6>>HHHr:rOcZeZdZdZgZeejdZeejdZdS)SigAndHashAlgsFieldrPTFN) rHrIrJrKr=rEr rLrMrDr:r8rRrRpsCIIM 7>>H 7??HHHr:rRc,eZdZdZfdZfdZxZS) SigLenField:There is a trick for SSLv2, which uses implicit lengths...c|jj}|r |dkr|dfStt|||S)Nr+)r4r5superrTrL)r?r7r@v __class__s r8rLzSigLenField.getfieldzsF O '  Vd7N[$''00a888r:c|jj}|r|dkr|Stt||||S)z3With SSLv2 you will never be able to add a sig_len.r+)r4r5rWrTrM)r?r7r@valrXrYs r8rMzSigLenField.addfieldsD O '  VH[$''00a===r:)rHrIrJrKrLrM __classcell__rYs@r8rTrTwsWDD99999 >>>>>>>>>r:rTc"eZdZdZfdZxZS) SigValFieldrUcj|j}|jr||jdkrqt|jdkr |jdjjjdz}ntdd}||d|||d|fStt| ||S)Nr+rzSNo client certificate provided. We're making a wild guess about the signature size.r)) r4r5len client_certspubKeypubkeykey_sizerm2irWr_rL)r?r7mr@sig_lenrYs r8rLzSigValField.getfields O = ;Q]V331>""Q&&.+29BaGNOOOWXX;ak : :: :[$''00a888r:)rHrIrJrKrLr\r]s@r8r_r_s>DD 9 9 9 9 9 9 9 9 9r:r_ceZdZdZdZeddeeddddeddd gZ fd Z d Z d Z dZ dZxZS) _TLSSignaturea Prior to TLS 1.2, digitally-signed structure implicitly used the concatenation of a MD5 hash and a SHA-1 hash. Then TLS 1.2 introduced explicit SignatureAndHashAlgorithms, i.e. couples of (hash_alg, sig_alg). See RFC 5246, section 7.4.1.4.1. By default, the _TLSSignature implements the TLS 1.2 scheme, but if it is provided a TLS context with a tls_version < 0x0303 at initialization, it will fall back to the implicit signature. Even more, the 'sig_len' field won't be used with SSLv2. zTLS Digital Signaturesig_algNri!Hsig_val)fmt length_ofc|jSN)rir6s r8z_TLSSignature.s{r: length_fromctt|j|i|d|vr^d|_|jrR|jjrH|j}|jr|j|_dS|jdkr d|_dS|jdkrd|_dSdSdSdSdS)Nrlr.r-i)rWrk__init__rlr4r5selected_sig_alg)r?r>kargsr@rYs r8rxz_TLSSignature.__init__s+mT""+T;U;;; E ! !!DL *D$4$@ *$%*#$#5DLLL]V++#'DLLL]f,,$*DLLL " ! * * * * -,r:c(|j|j_dSrr)rlr4ryr?rs r8post_dissectionz_TLSSignature.post_dissections,0L)))r:c|jN|jjdkr||dd|_dS||dd|_dS|jdvrt |jd}}nBt |jd\}}|d rd }nd}|||||_dS) z Sign 'm' with the PrivKey 'key' and update our own 'sig_val'. Note that, even when 'sig_alg' is not None, we use the signature scheme of the PrivKey (neither do we care to compare the both of them). Nr+pkcsmd5-sha1thmd5r/r1+pss)rlr4r5signrn _tls_hash_sigsplitendswith)r?rhkeyrrsigs r8 _update_sigz_TLSSignature._update_sigs < +v55"xxVzxBB "xxVux== |///$T\2D1&t|4::3??3<<&&AAA88Aa800DLLLr:c|jr|jr~|jdvrt|jd}}nBt|jd\}}|drd}nd}|||j||S|jjdkr|||jddS|||jdd Sd S) z~ Verify that our own 'sig_val' carries the signature of 'm' by the key associated to the Cert 'cert'. rNrrrrr+rrF)rnrlrrrverifyr4r5)r?rhcertrrrs r8 _verify_sigz_TLSSignature._verify_sigs < K| K<#333(6qAA*4<8>>sCCFAs||E**#!"{{1dla1{===#/699;;q$,&J;OOO;;q$,&E;JJJur:ctSrrrr?ps r8guess_payload_classz!_TLSSignature.guess_payload_classr:)rHrIrJrKnamerGrrTr_ fields_descrxr~rrrr\r]s@r8rkrks   #D%%i}EE;y$D)2444;y$+B+BDDDEK ***** 999111,.r:rkc,eZdZdZdgZddZdZdZdS)_TLSSignatureFieldz Used for 'digitally-signed struct' in several ServerKeyExchange, and also in CertificateVerify. We can handle the anonymous case. rvNcL||_tj|||tdSrr)rvr rxrkr?rdefaultrvs r8rxz_TLSSignatureField.__init__s'&T4-@@@@@r:ch||}|dkrdSt||jS)Nrr4)rvrkr4)r?r7rhtmp_lens r8rgz_TLSSignatureField.m2is8""3'' a<<4QCO<<<*>>>3qa((( ( "1!444afRaRj))>>#O   033Cq)))afRaRj))>>q'{++gak.B.BBBBB  s9D>=D>rr)rHrIrJrKrrxrgrDr:r8rr sJ  I8888r:rc eZdZdZdZedddeddd ed dd ed dd ed ddeddd gZedZ edZ dZ dZ dS)ra ServerDHParams for FFDH-based key exchanges, as defined in RFC 5246/7.4.3. Either with .fill_missing() or .post_dissection(), the server_kx_privkey or server_kx_pubkey of the TLS context are updated according to the parsed/assembled values. It is the user's responsibility to store and restore the original values if he wants to keep them. For instance, this could be done between the writing of a ServerKeyExchange and the receiving of a ClientKeyExchange (which includes secret generation). zServer FFDH parametersdh_plenNdh_prpc|jSrr)rr6s r8rszServerDHParams.Hrtr:rudh_glendh_gc|jSrr)rr6s r8rszServerDHParams.Krtr:dh_Yslendh_Ysc|jSrr)rr6s r8rszServerDHParams.Ns|r:c|j}tdd}tdd}|jst |j|dz|_|jt|j|_d|jdzz|_|j st |j d|_ |j d|_ t|j}t|j }tj||t!}|jsh||_|j}|j}t ||jdz|_|jt|j|_|js ||_dSdS)a# We do not want TLSServerKeyExchange.build() to overload and recompute things every time it is called. This method can be called specifically to have things filled in a smart fashion. Note that we do not expect default_params.g to be more than 0xff. modp2048rr&raNffdhe%s)r4rparameter_numbersrrrrrbkx_grouprgrrr!DHParameterNumbers parametersr rgenerate_private_keyserver_kx_privkey public_keypublic_numbersyrfrclient_kx_ffdh_params) r?r@default_params default_mLenrr real_paramsrers r8 fill_missingzServerDHParams.fill_missingPs  %j1!4FFHH#J/2 y H">#3\Q5FGGDI < ty>>DL$,"23 y 8">#3Q77DI < DL ty ! ! ty ! !+Aq11<<_=N=NOO z ="-"B"B"D"DA (3355F%%'')A#Av!';<r:rublenbc|jSrr)rr6s r8rszECCurvePkt.rr:)rHrIrJrr rrrDr:r8rrsw D =#FFF;sB4H4HIII =#FFF;sB4H4HIIIKKKKr:rcXeZdZdZdZeddddeddd gZd ZdS) ECTrinomialBasiszEC Trinomial BasisrklenNkrrrc|jSrr)rr6s r8rszECTrinomialBasis.rr:ructSrrrrs r8rz$ECTrinomialBasis.guess_payload_classrr: rHrIrJrr[r rrrrDr:r8rrsc D C =#FFF;sB4H4HIIIKKr:rc eZdZdZdZeddddeddd ed dd ded dd eddddeddd gZdZdS)ECPentanomialBasiszEC Pentanomial Basisr&k1lenNk1rrrc|jSrr)rr6s r8rszECPentanomialBasis.r:ruk2lenk2c|jSrr)rr6s r8rszECPentanomialBasis.rr:k3lenk3c|jSrr)rr6s r8rszECPentanomialBasis.rr:ctSrrrrs r8rz&ECPentanomialBasis.guess_payload_classrr:rrDr:r8rrs !D C =$$CHHH;tR5J5JKKK =$$CHHH;tR5J5JKKK =$$CHHH;tR5J5JKKK MKr:rc"eZdZdgZddZdZdS)_ECBasisTypeField basis_type_ofrcD||_tj||||ddS)Nr)rrrx)r?rrenumrrs r8rxz_ECBasisTypeField.__init__s)*4wc:::::r:cp|3||j\}}|||}|Srr)getfield_and_valr i2basis_type)r?r7xfldfvals r8i2mz_ECBasisTypeField.i2ms; 9,,T-?@@IC  d++Ar:N)r)rHrIrJrrxrrDr:r8rrs? !I;;;;r:rc(eZdZddgZdZdZdZdS) _ECBasisFieldclsdictbasis_type_fromcP||_||_tj|||ddSrr)rrr rx)r?rrrrs r8rxz_ECBasisField.__init__s. .T4$77777r:c\||}|j|}||Srr)rr)r?r7rhbasisrs r8rgz_ECBasisField.m2is.$$S))l5!s1vv r:c<d} |j}n#t$rYnwxYw|SNr)r[r)r?r7rr[s r8r z_ECBasisField.i2basis_types: %CC    D  s  N)rHrIrJrrxrgr rDr:r8rrsL-.I888  r:rcneZdZdZdZeddeedddd edd d e d de edddd edd d edddd edd d edddd edd d edddd edd d g Z dZ dZ dS)ServerECDHExplicitPrimeParamsz We provide parsing abilities for ExplicitPrimeParams, but there is no support from the cryptography library, hence no context operations. z'Server ECDH parameters - Explicit Prime curve_typer&plenNrrrrc|jSrr)rr6s r8rsz&ServerECDHExplicitPrimeParams.rr:rucurvebaselenbasec|jSrrr!r6s r8rsz&ServerECDHExplicitPrimeParams.rtr:orderlenorderc|jSrr)r%r6s r8rsz&ServerECDHExplicitPrimeParams.rr: cofactorlencofactorc|jSrr)r(r6s r8rsz&ServerECDHExplicitPrimeParams. ssr:pointlenpointc|jSrrr+r6s r8rsz&ServerECDHExplicitPrimeParams. rr:c<|jtd|_dSdS)z Note that if it is not set by the user, the cofactor will always be 1. It is true for most, but not all, TLS elliptic curves. Nrr_tls_ec_curve_typesr?s r8rz*ServerECDHExplicitPrimeParams.fill_missings% ? "12BCDOOO # "r:ctSrrrrs r8rz1ServerECDHExplicitPrimeParams.guess_payload_classrr:)rHrIrJrKrrr1r rr rrrrrDr:r8rrs 5D =q2EFF =#FFF;sB4H4HIII;wj99 =DFLLL;vr+B+BDDD =T+2===;w+C+CEEE =+53@@@;z2+F+FHHH =T+2===;w+C+CEEE#FK(DDDr:rc^eZdZdZdZeddeeddedde de de d e e d eeed dd d ed ddeddeddedddd edddg ZdZdZdS)ServerECDHExplicitChar2Paramsz We provide parsing abilities for Char2Params, but there is no support from the cryptography library, hence no context operations. z'Server ECDH parameters - Explicit Char2rr'rhN basis_typerc|jSrr)r6r6s r8rsz&ServerECDHExplicitChar2Params.&sS^r:r r!r"rrrc|jSrrr$r6s r8rsz&ServerECDHExplicitChar2Params.+rtr:rur&r)r+r,c|jSrrr.r6s r8rsz&ServerECDHExplicitChar2Params.1rr:c<|jtd|_dSdS)Nrr0r2s r8rz*ServerECDHExplicitChar2Params.fill_missing3s# ? "12BCDOOO # "r:ctSrrrrs r8rz1ServerECDHExplicitChar2Params.guess_payload_class7rr:)rHrIrJrKrrr1r r_tls_ec_basis_typesrr_tls_ec_basis_clsr rr rrrrrrDr:r8r5r5s\ 5D =q2EFF:c4(($$\4%8'CC =*:*:*<*Brr:ruc|j}|jtd|_|jd|_|j}|tvrd}t ||_t j|t||_ |j t|j|_ |j t|j |_ |js ||_dSdS)a& We do not want TLSServerKeyExchange.build() to overload and recompute things every time it is called. This method can be called specifically to have things filled in a smart fashion. XXX We should account for the point_format (before 'point' filling). Nr)r4rr1rrrrgetstrrr,rr+rbclient_kx_ecdh_params)r?r@ curve_groups r8rz'ServerECDHNamedCurveParams.fill_missingDs   ? "1-@DO   #!D & / / /K8EE&*;K8H8HII : 3#DJ =  OODM& 2&1A # # # 2 2r:c|j}t|j|j|_t j|jt|j|_|j s|j|_ dSdS)zr XXX Support compressed point format. XXX Check that the pubkey received is on the curve. N) r4rrr,rrrCrDrrE)r?r@s r8rz*ServerECDHNamedCurveParams.register_pubkeyhss  5   J  '*4+;SAQ=R=RSS & 7&*&6A # # # 7 7r:cR |dS#t$rYdSwxYwrrrr|s r8r~z*ServerECDHNamedCurveParams.post_dissection|rrctSrrrrs r8rz.ServerECDHNamedCurveParams.guess_payload_classrr:)rHrIrJrrr1r rr rrrrrr~rrDr:r8r?r?;s 1D =q2EFF!>-7HII =T+2===;w+C+CEEE FK!2!2!2F777& r:r?cj|sdSt|d}t|dSr)r_tls_server_ecdh_clsrC)rhrs r8rrs4 tQqTJ  # #J 5 55r:ceZdZdZdZedddeddd ed dd ed dd gZed Z edZ dZ dZ dS)ServerRSAParamsa Defined for RSA_EXPORT kx : it enables servers to share RSA keys shorter than their principal {>512}-bit key, when it is not allowed for kx. This should not appear in standard RSA kx negotiation, as the key has already been advertised in the Certificate message. zServer RSA_EXPORT parameters rsamodlenNrsamodrrc|jSrr)rNr6s r8rszServerRSAParams.s}r:ru rsaexplenrsaexpc|jSrr)rRr6s r8rszServerRSAParams.rQr:cht}|d||j_|j}|js't|j|jj dz|_|j t|j|_ d|j z|j_ tjtj|jtjdz dz }|jst|j||_|jt|j|_dSdS)Nr*) modulusLenrarsa%sr'g @)rfill_and_storer4server_tmp_rsa_keyrerrOrnrfrNrbrmathceillogerSrR)r?rpubNumrRs r8rzServerRSAParams.fill_missings LL C(((./+((**{ G$VXqx/@A/EFFDK > ! --DN$+dn$<!Idhvx0048A;;>CDD { :$VXy99DK > ! --DNNN " !r:c|j}|j}|j}t|||f|j_d|z|j_dS)NrW)rNrOrSrr4rYr)r?mLenrhr^s r8rzServerRSAParams.register_pubkeysE~ K K.7At .E.E+$+dN!!!r:cR |dS#t$rYdSwxYwrrrr?r7s r8r~zServerRSAParams.post_dissectionrrctSrrrrs r8rz#ServerRSAParams.guess_payload_classrr:rrDr:r8rMrMs *D =dhGGG;x+D+DFFF =dhGGG;x+D+DFFF GK...&333 r:rMcdeZdZdZdZeddddeddd gZd Zd Z d Z dS)ServerPSKParamsa XXX We provide some parsing abilities for ServerPSKParams, but the context operations have not been implemented yet. See RFC 4279. Note that we do not cover the (EC)DHE_PSK key exchange, which should contain a Server*DHParams after 'psk_identity_hint'. Server PSK parameterspsk_identity_hint_lenNpsk_identity_hintrmrrc|jSrr)rhr6s r8rszServerPSKParams.s s7Pr:rucdSrrrDr2s r8rzServerPSKParams.fill_missing r:cdSrrrDrcs r8r~zServerPSKParams.post_dissectionrlr:ctSrrrrs r8rz#ServerPSKParams.guess_payload_classrr:) rHrIrJrKrr rrrr~rrDr:r8rfrfs #D =!8$+>DJJJ;2B+P+PRRRSK       r:rfcxeZdZdZdZedddeddd gZed Z d Z d Z d Z dS)ClientDiffieHellmanPublica If the user provides a value for dh_Yc attribute, we assume he will set the pms and ms accordingly and trigger the key derivation on his own. XXX As specified in 7.4.7.2. of RFC 4346, we should distinguish the needs for implicit or explicit value depending on availability of DH parameters in *client* certificate. For now we can only do ephemeral/explicit DH. zClient DH Public Valuedh_YclenNdh_Ycrrc|jSrr)rqr6s r8rsz"ClientDiffieHellmanPublic.rr:ruc|j}|j|_|j}|j}t||jdz|_ |jr]|j rX|j |j }| d|_ |js|dSdSdSdS)Nra)r4rrclient_kx_privkeyrrrrrfrrrexchangelstrippre_master_secretextmscompute_ms_and_derive_keys)r?r@rerpmss r8rz&ClientDiffieHellmanPublic.fill_missings  5JJLL$//11  ! ! # # %6?a#788  /1#5 /%..q/ABBC"%**W"5"5A 7 /,,..... / / / / / /r:c|js& |n#t$rYnwxYw|jt |j|_t |jd|jz|zS)Nr')rrrrrqrbrr?r7pays r8 post_buildz$ClientDiffieHellmanPublic.post_builds{z  !!####     =  OODM$-++dj83>>  ++c|j}|jrht|j}|j}t j||}|t|_ |j r]|j rX|j |j }| d|_ |js|dSdSdSdS)z First we update the client DHParams. Then, we try to update the server DHParams generated during Server*DHParams building, with the shared secret. Finally, we derive the session keys and update the context. ruN)r4rrrrrr!rrr client_kx_pubkeyrrwrxryrzr{)r?rhr@r param_numbersrZZs r8r~z)ClientDiffieHellmanPublic.post_dissections   " N4:&&A3EEGGM/=AAN!/!:!:?;L;L!M!MA   /1#5 /$--a.@AAB"$))G"4"4A 7 /,,.....  / / / / / /r:ctSrrrrs r8rz-ClientDiffieHellmanPublic.guess_payload_class'rr:) rHrIrJrKrr rrrrrr~rrDr:r8rprps $D =TWEEE;w+C+CEEEFK/// ???///*r:rpcteZdZdZdZeddddeddd gZed Z d Z d Z dS)ClientECDiffieHellmanPubliczR Note that the 'len' field is 1 byte longer than with the previous class. zClient ECDH Public Value ecdh_YclenNecdh_Ycrrrc|jSrr)rr6s r8rsz$ClientECDiffieHellmanPublic.3ss~r:rucR|j}t|j|_|j}t |t jtj frg| tj j tjj |_|jr&|jr|j|j}n|j}|j}dt+||jdzzt+||jdzz|_|jr8|jr1|jt/j|j}|jr+|jr&||_|js|dSdSdSdS)Nra)r4rrErvr isinstancer$X25519PublicKeyr% X448PublicKey public_bytesr#Encodingr PublicFormatrrrwrrrrrfr"ECDHryrzr{)r?r@rer|rrs r8rz(ClientECDiffieHellmanPublic.fill_missing5s  8 #   $//11 fv5#13 4 4 G!..&**.DL" Gq'9 G)2213EFF%%'')A%%'')A#&q&/Q*>??@&q&/Q*>??@DL" Gq'9 G)222799343EGG  /1#5 /"%A 7 /,,..... / / / / / /r:c|js& |n#t$rYnwxYw|jt |j|_t |jd|jz|zS)Nr&)rrrrrbrr~s r8rz&ClientECDiffieHellmanPublic.post_buildVs}|  !!####     ? "!$,//DO$/1-- rzrYs r8rxz$_UnEncryptedPreMasterSecret.__init__zs: -&&&@u0$77@$P%PPPr:)rHrIrJrKrrxr\r]s@r8rrssR 8DQQQQQQQQQr:rcteZdZdZdZeddeedddgZe d dZ dZ d Z d Z dS) EncryptedPreMasterSecretzO Pay attention to implementation notes in section 7.4.7.1 of RFC 5246. zRSA Encrypted PreMaster Secretclient_versionNrandom.cV|r!d|vr|d}|j|jtStSr)rYserver_rsa_keyrr)r_pktr>rzr@s r8 dispatch_hookz&EncryptedPreMasterSecret.dispatch_hooks;  3MU**m$A#+0@0H22''r:c2|j}|}|j}||j}|dkrjt|dkr|St jd|ddd}t||dzkrd}t |n |dd}|j%|j|}|dd}n?|j %|j |}|dd}nd}d}t |||_ |j s| |S) Nr,r'rmrz7TLS 1.0+, but RSA Encrypted PMS with no explicit lengthis0z9No server RSA key to decrypt Pre Master Secret. Skipping.) r4r5advertised_tls_versionrbstructunpackrrYdecryptrryrzr{) r?rhr@tbdr5rerr decryptedr|s r8 pre_dissectz$EncryptedPreMasterSecret.pre_dissects1  m  2K & 1vvzzmD!BQB%003G1vv1$$O e  +,44S99ICDD/CC   )(0055ICDD/CCCMC CLLL!w + ( ( * * * r:c|}|j}||_|js||j|j|d}nQ|j;t|jdkr#|jd|d}ntdd}|j }||j }|dkr"tj dt|}||z|zS) a> We encrypt the premaster secret (the 48 bytes) with either the server certificate or the temporary RSA key provided in a server key exchange message. After that step, we add the 2 bytes to provide the length, as described in implementation notes at the end of section 7.4.7.1. Nr)rrz(No material to encrypt Pre Master Secretr:r,rm) r4ryrzr{rYencrypt server_certsrbrr5rrpack)r?r7rencr@rr5s r8rz#EncryptedPreMasterSecret.post_builds  !w + ( ( * * *  +&..sf.==CC ^ 'C,?,?!,C,C.#++C6+::CC > ? ? ?m  2K & k$C11G}s""r:ctSrrrrs r8rz,EncryptedPreMasterSecret.guess_payload_classrr:rr)rHrIrJrKrrrrr classmethodrrrrrDr:r8rrs ,D))*:D*688##HdB779K((([(   D###:r:rcReZdZdZdZeddddeddd gZdS) ClientPSKIdentitya' XXX We provide parsing abilities for ServerPSKParams, but the context operations have not been implemented yet. See RFC 4279. Note that we do not cover the (EC)DHE_PSK nor the RSA_PSK key exchange, which should contain either an EncryptedPMS or a ClientDiffieHellmanPublic. rgpsk_identity_lenN psk_identityrmrrc|jSrr)rr6s r8rszClientPSKIdentity.s s7Kr:ru)rHrIrJrKrr rrrDr:r8rrsi #D =!3T+9tEEE;~r+K+KMMMNKKKr:r)UrKr[r scapy.configrr scapy.errorr scapy.fieldsrrrr r r r r rr scapy.compatr scapy.packetrrrscapy.layers.tls.certrrscapy.layers.tls.sessionrscapy.layers.tls.basefieldsrrscapy.layers.tls.crypto.pkcs1rrscapy.layers.tls.crypto.groupsrrrrr crypto_validcryptography.hazmat.backendsr )cryptography.hazmat.primitives.asymmetricr!r"cryptography.hazmat.primitivesr#crypto_valid_advancedr$r%rr9rErGrOrRrTr_rkrrrr1r<rrrr=rrrr5r?rKrrMrfrprrrrrDr:r8rs ////////""""""""""""""""""""""""----------77777777BBBBBBLLLLLLLL@@@@@@@@=<<<<<<@@@@@@@@<<<<<<?@@@@@@>>>>>>CCfjCC%+\CC%+YCC%+KC C'-j C  C &,\ C  C )/ CC(.~CCC)/ CC(.~CC)/ CC(.~CC)/ CC(.~C)C,23CC)C,29C !C #)/!CC")/#CCC ( 0 0 0    ;;;;;;;;?????]???@@@@@.@@@>>>>>->>>" 9 9 9 9 9+ 9 9 9 UUUUU1UUUp:$$$$$K$$$Z^^^^^2^^^F+*'))/3IJJKKKKKKKKv        )-?@@        K<#####$A###L$A@HHHHH!>HHHV98577 666333333333pf:????? =???DC/C/C/C/C/"?C/C/C/P Q Q Q Q Q# Q Q QQQQQQ<QQQl N N N N N N N N N Nr: