From 34b2a3613c9af47e9fb760ba2214831002efa0f1 Mon Sep 17 00:00:00 2001 From: Adam Janovsky Date: Thu, 23 Aug 2018 15:03:10 +0200 Subject: [PATCH 1/3] Added extms support to TLS --- scapy/layers/tls/crypto/prf.py | 11 +++++++++-- scapy/layers/tls/handshake.py | 28 +++++++++++++++++++++++++++- scapy/layers/tls/session.py | 9 ++++++++- 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/scapy/layers/tls/crypto/prf.py b/scapy/layers/tls/crypto/prf.py index 9cd2b79f88d..3c2652a462f 100644 --- a/scapy/layers/tls/crypto/prf.py +++ b/scapy/layers/tls/crypto/prf.py @@ -208,18 +208,25 @@ def __init__(self, hash_name="SHA256", tls_version=0x0303): warning("Unknown TLS version") def compute_master_secret(self, pre_master_secret, - client_random, server_random): + client_random, server_random, extms=False, handshake_hash=None): """ Return the 48-byte master_secret, computed from pre_master_secret, client_random and server_random. See RFC 5246, section 6.3. + Supports Extended Master Secret Derivation, see RFC 7627 """ seed = client_random + server_random + label = b'master secret' + + if extms is True and handshake_hash is not None: + seed = handshake_hash + label = b'extended master secret' + if self.tls_version < 0x0300: return None elif self.tls_version == 0x0300: return self.prf(pre_master_secret, seed, 48) else: - return self.prf(pre_master_secret, b"master secret", seed, 48) + return self.prf(pre_master_secret, label, seed, 48) def derive_key_block(self, master_secret, server_random, client_random, req_len): diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 49a47166352..ebaee1a3380 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -34,7 +34,9 @@ TLS_Ext_SignatureAlgorithms, TLS_Ext_SupportedVersion_SH, TLS_Ext_EarlyDataIndication, - _tls_hello_retry_magic) + _tls_hello_retry_magic, + TLS_Ext_SupportedVersions, + TLS_Ext_ExtendedMasterSecret) from scapy.layers.tls.keyexchange import (_TLSSignature, _TLSServerParamsField, _TLSSignatureField, ServerRSAParams, SigAndHashAlgsField, _tls_hash_sig, @@ -96,6 +98,7 @@ def tls_session_update(self, msg_str): """ Covers both post_build- and post_dissection- context updates. """ + self.tls_session.handshake_messages.append(msg_str) self.tls_session.handshake_messages_parsed.append(self) @@ -447,6 +450,13 @@ def tls_session_update(self, msg_str): self.random_bytes) self.tls_session.sid = self.sid + # EXTMS + if self.ext: + for e in self.ext: + if isinstance(e, TLS_Ext_ExtendedMasterSecret): + self.tls_session.extms = True + break + cs_cls = None if self.cipher: cs_val = self.cipher @@ -1184,6 +1194,22 @@ def build(self, *args, **kargs): self.exchkeys = cls return _TLSHandshake.build(self, *args, **kargs) + def tls_session_update(self, msg_str): + """ + Finalize the EXTMS messages and compute the hash + """ + + self.tls_session.handshake_messages.append(msg_str) + self.tls_session.handshake_messages_parsed.append(self) + + if self.tls_session.extms: + hash_object = self.tls_session.pwcs.hash + to_hash = b''.join(self.tls_session.handshake_messages) + self.tls_session.session_hash = hash_object.digest(to_hash) + + + + ############################################################################### # Finished # diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 24b2d111b8a..2888eac8263 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -445,6 +445,10 @@ def __init__(self, self.handshake_messages = [] self.handshake_messages_parsed = [] + # Flag, whether we derive the secret as Extended MS or not + self.extms = False + self.session_hash = None + # All exchanged TLS packets. # XXX no support for now # self.exchanged_pkts = [] @@ -519,9 +523,12 @@ def compute_master_secret(self): if self.server_random is None: warning("Missing server_random while computing master_secret!") + ms = self.pwcs.prf.compute_master_secret(self.pre_master_secret, self.client_random, - self.server_random) + self.server_random, + self.extms, + self.session_hash) self.master_secret = ms if conf.debug_tls: log_runtime.debug("TLS: master secret: %s", repr_hex(ms)) From 525d2321259ee7d7593fcb2ed095dd653b41d058 Mon Sep 17 00:00:00 2001 From: Adam Janovsky Date: Thu, 23 Aug 2018 15:48:41 +0200 Subject: [PATCH 2/3] minor fix --- scapy/layers/tls/session.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 2888eac8263..386e3428737 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -522,7 +522,8 @@ def compute_master_secret(self): warning("Missing client_random while computing master_secret!") if self.server_random is None: warning("Missing server_random while computing master_secret!") - + if self.extms and self.session_hash is None: + warning("Missing session hash while computing master secret!") ms = self.pwcs.prf.compute_master_secret(self.pre_master_secret, self.client_random, From 787383d6ecf668aa3a6f731cce9a5a4412ed20c9 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 6 Jan 2020 21:58:06 +0100 Subject: [PATCH 3/3] PEP-08 fixes --- scapy/layers/tls/crypto/prf.py | 4 ++-- scapy/layers/tls/handshake.py | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/scapy/layers/tls/crypto/prf.py b/scapy/layers/tls/crypto/prf.py index 3c2652a462f..5d1b39b6f8d 100644 --- a/scapy/layers/tls/crypto/prf.py +++ b/scapy/layers/tls/crypto/prf.py @@ -207,8 +207,8 @@ def __init__(self, hash_name="SHA256", tls_version=0x0303): else: warning("Unknown TLS version") - def compute_master_secret(self, pre_master_secret, - client_random, server_random, extms=False, handshake_hash=None): + def compute_master_secret(self, pre_master_secret, client_random, + server_random, extms=False, handshake_hash=None): """ Return the 48-byte master_secret, computed from pre_master_secret, client_random and server_random. See RFC 5246, section 6.3. diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index ebaee1a3380..d5a9ee7e358 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -35,7 +35,6 @@ TLS_Ext_SupportedVersion_SH, TLS_Ext_EarlyDataIndication, _tls_hello_retry_magic, - TLS_Ext_SupportedVersions, TLS_Ext_ExtendedMasterSecret) from scapy.layers.tls.keyexchange import (_TLSSignature, _TLSServerParamsField, _TLSSignatureField, ServerRSAParams, @@ -1208,9 +1207,6 @@ def tls_session_update(self, msg_str): self.tls_session.session_hash = hash_object.digest(to_hash) - - - ############################################################################### # Finished # ###############################################################################