1## This file is part of Scapy 2## Copyright (C) 2007, 2008, 2009 Arnaud Ebalard 3## 2015, 2016, 2017 Maxence Tury 4## This program is published under a GPLv2 license 5 6""" 7Key Exchange algorithms as listed in appendix C of RFC 4346. 8 9XXX No support yet for PSK (also, no static DH, DSS, SRP or KRB). 10""" 11 12from __future__ import absolute_import 13from scapy.layers.tls.keyexchange import (ServerDHParams, 14 ServerRSAParams, 15 ClientDiffieHellmanPublic, 16 ClientECDiffieHellmanPublic, 17 _tls_server_ecdh_cls_guess, 18 EncryptedPreMasterSecret) 19import scapy.modules.six as six 20 21 22_tls_kx_algs = {} 23 24class _GenericKXMetaclass(type): 25 """ 26 We could try to set server_kx_msg and client_kx_msg while parsing 27 the class name... :) 28 """ 29 def __new__(cls, kx_name, bases, dct): 30 if kx_name != "_GenericKX": 31 dct["name"] = kx_name[3:] # remove leading "KX_" 32 the_class = super(_GenericKXMetaclass, cls).__new__(cls, kx_name, 33 bases, dct) 34 if kx_name != "_GenericKX": 35 the_class.export = kx_name.endswith("_EXPORT") 36 the_class.anonymous = "_anon" in kx_name 37 the_class.no_ske = not ("DHE" in kx_name or "_anon" in kx_name) 38 the_class.no_ske &= not the_class.export 39 _tls_kx_algs[kx_name[3:]] = the_class 40 return the_class 41 42 43class _GenericKX(six.with_metaclass(_GenericKXMetaclass)): 44 pass 45 46 47class KX_NULL(_GenericKX): 48 descr = "No key exchange" 49 server_kx_msg_cls = lambda _,m: None 50 client_kx_msg_cls = None 51 52class KX_SSLv2(_GenericKX): 53 descr = "SSLv2 dummy key exchange class" 54 server_kx_msg_cls = lambda _,m: None 55 client_kx_msg_cls = None 56 57class KX_TLS13(_GenericKX): 58 descr = "TLS 1.3 dummy key exchange class" 59 server_kx_msg_cls = lambda _,m: None 60 client_kx_msg_cls = None 61 62 63### Standard RSA-authenticated key exchange 64 65class KX_RSA(_GenericKX): 66 descr = "RSA encryption" 67 server_kx_msg_cls = lambda _,m: None 68 client_kx_msg_cls = EncryptedPreMasterSecret 69 70#class KX_DH_RSA(_GenericKX): 71# descr = "DH with RSA-based certificates" 72# server_kx_msg_cls = lambda _,m: None 73# client_kx_msg_cls = None 74 75class KX_DHE_RSA(_GenericKX): 76 descr = "Ephemeral DH with RSA signature" 77 server_kx_msg_cls = lambda _,m: ServerDHParams 78 client_kx_msg_cls = ClientDiffieHellmanPublic 79 80# class KX_ECDH_RSA(_GenericKX): 81# descr = "ECDH RSA key exchange" 82# server_kx_msg_cls = lambda _,m: None 83# client_kx_msg_cls = None 84 85class KX_ECDHE_RSA(_GenericKX): 86 descr = "Ephemeral ECDH with RSA signature" 87 server_kx_msg_cls = lambda _,m: _tls_server_ecdh_cls_guess(m) 88 client_kx_msg_cls = ClientECDiffieHellmanPublic 89 90class KX_RSA_EXPORT(KX_RSA): 91 descr = "RSA encryption, export version" 92 server_kx_msg_cls = lambda _,m: ServerRSAParams 93 94#class KX_DH_RSA_EXPORT(KX_DH_RSA): 95# descr = "DH with RSA-based certificates - Export version" 96 97class KX_DHE_RSA_EXPORT(KX_DHE_RSA): 98 descr = "Ephemeral DH with RSA signature, export version" 99 100 101### Standard ECDSA-authenticated key exchange 102 103# class KX_ECDH_ECDSA(_GenericKX): 104# descr = "ECDH ECDSA key exchange" 105# server_kx_msg_cls = lambda _,m: None 106# client_kx_msg_cls = None 107 108class KX_ECDHE_ECDSA(_GenericKX): 109 descr = "Ephemeral ECDH with ECDSA signature" 110 server_kx_msg_cls = lambda _,m: _tls_server_ecdh_cls_guess(m) 111 client_kx_msg_cls = ClientECDiffieHellmanPublic 112 113 114### Classes below are offered without any guarantee. 115### They may offer some parsing capabilities, 116### but surely won't be able to handle a proper TLS negotiation. 117### Uncomment them at your own risk. 118 119### Standard DSS-authenticated key exchange 120 121# class KX_DH_DSS(_GenericKX): 122# descr = "DH with DSS-based certificates" 123# server_kx_msg_cls = lambda _,m: ServerDHParams 124# client_kx_msg_cls = ClientDiffieHellmanPublic 125 126#class KX_DHE_DSS(_GenericKX): 127# descr = "Ephemeral DH with DSS signature" 128# server_kx_msg_cls = lambda _,m: ServerDHParams 129# client_kx_msg_cls = ClientDiffieHellmanPublic 130 131# class KX_DH_DSS_EXPORT(KX_DH_DSS): 132# descr = "DH with DSS-based certificates - Export version" 133 134#class KX_DHE_DSS_EXPORT(KX_DHE_DSS): 135# descr = "Ephemeral DH with DSS signature, export version" 136 137 138### PSK-based key exchange 139 140# class KX_PSK(_GenericKX): # RFC 4279 141# descr = "PSK key exchange" 142# server_kx_msg_cls = lambda _,m: ServerPSKParams 143# client_kx_msg_cls = None 144 145# class KX_RSA_PSK(_GenericKX): # RFC 4279 146# descr = "RSA PSK key exchange" 147# server_kx_msg_cls = lambda _,m: ServerPSKParams 148# client_kx_msg_cls = None 149 150# class KX_DHE_PSK(_GenericKX): # RFC 4279 151# descr = "Ephemeral DH with PSK key exchange" 152# server_kx_msg_cls = lambda _,m: ServerPSKParams 153# client_kx_msg_cls = ClientDiffieHellmanPublic 154 155# class KX_ECDHE_PSK(_GenericKX): # RFC 5489 156# descr = "Ephemeral ECDH PSK key exchange" 157# server_kx_msg_cls = lambda _,m: _tls_server_ecdh_cls_guess(m) 158# client_kx_msg_cls = ClientDiffieHellmanPublic 159 160 161### SRP-based key exchange 162 163# 164 165 166### Kerberos-based key exchange 167 168# class KX_KRB5(_GenericKX): 169# descr = "Kerberos 5 key exchange" 170# server_kx_msg_cls = lambda _,m: None # No SKE with kerberos 171# client_kx_msg_cls = None 172 173# class KX_KRB5_EXPORT(KX_KRB5): 174# descr = "Kerberos 5 key exchange - Export version" 175 176 177### Unauthenticated key exchange (opportunistic encryption) 178 179class KX_DH_anon(_GenericKX): 180 descr = "Anonymous DH, no signatures" 181 server_kx_msg_cls = lambda _,m: ServerDHParams 182 client_kx_msg_cls = ClientDiffieHellmanPublic 183 184class KX_ECDH_anon(_GenericKX): 185 descr = "ECDH anonymous key exchange" 186 server_kx_msg_cls = lambda _,m: _tls_server_ecdh_cls_guess(m) 187 client_kx_msg_cls = ClientECDiffieHellmanPublic 188 189class KX_DH_anon_EXPORT(KX_DH_anon): 190 descr = "Anonymous DH, no signatures - Export version" 191 192