1## This file is part of Scapy 2## Copyright (C) 2007, 2008, 2009 Arnaud Ebalard 3## 2015, 2016, 2017 Maxence Tury 4## This program is published under a GPLv2 license 5 6""" 7TLS client automaton. This makes for a primitive TLS stack. 8Obviously you need rights for network access. 9 10We support versions SSLv2 to TLS 1.2, along with many features. 11There is no session resumption mechanism for now. 12 13In order to run a client to tcp/50000 with one cipher suite of your choice: 14> from scapy.all import * 15> ch = TLSClientHello(ciphers=<int code of the cipher suite>) 16> t = TLSClientAutomaton(dport=50000, client_hello=ch) 17> t.run() 18""" 19 20from __future__ import print_function 21import socket 22 23from scapy.pton_ntop import inet_pton 24from scapy.utils import randstring 25from scapy.automaton import ATMT 26from scapy.layers.tls.automaton import _TLSAutomaton 27from scapy.layers.tls.basefields import _tls_version, _tls_version_options 28from scapy.layers.tls.session import tlsSession 29from scapy.layers.tls.extensions import (TLS_Ext_SupportedGroups, 30 TLS_Ext_SupportedVersions, 31 TLS_Ext_SignatureAlgorithms, 32 TLS_Ext_ServerName, ServerName) 33from scapy.layers.tls.handshake import * 34from scapy.layers.tls.handshake_sslv2 import * 35from scapy.layers.tls.keyexchange_tls13 import (TLS_Ext_KeyShare_CH, 36 KeyShareEntry) 37from scapy.layers.tls.record import (TLS, TLSAlert, TLSChangeCipherSpec, 38 TLSApplicationData) 39from scapy.modules import six 40 41 42class TLSClientAutomaton(_TLSAutomaton): 43 """ 44 A simple TLS test client automaton. Try to overload some states or 45 conditions and see what happens on the other side. 46 47 Rather than with an interruption, the best way to stop this client is by 48 typing 'quit'. This won't be a message sent to the server. 49 50 _'mycert' and 'mykey' may be provided as filenames. They will be used in 51 the handshake, should the server ask for client authentication. 52 _'server_name' does not need to be set. 53 _'client_hello' may hold a TLSClientHello or SSLv2ClientHello to be sent 54 to the server. This is particularly useful for extensions tweaking. 55 _'version' is a quicker way to advertise a protocol version ("sslv2", 56 "tls1", "tls12", etc.) It may be overriden by the previous 'client_hello'. 57 _'data' is a list of raw data to be sent to the server once the handshake 58 has been completed. Both 'stop_server' and 'quit' will work this way. 59 """ 60 61 def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, 62 mycert=None, mykey=None, 63 client_hello=None, version=None, 64 data=None, 65 **kargs): 66 67 super(TLSClientAutomaton, self).parse_args(mycert=mycert, 68 mykey=mykey, 69 **kargs) 70 tmp = socket.getaddrinfo(server, dport) 71 self.remote_name = None 72 try: 73 if ':' in server: 74 inet_pton(socket.AF_INET6, server) 75 else: 76 inet_pton(socket.AF_INET, server) 77 except: 78 self.remote_name = socket.getfqdn(server) 79 if self.remote_name != server: 80 tmp = socket.getaddrinfo(self.remote_name, dport) 81 82 if server_name: 83 self.remote_name = server_name 84 self.remote_family = tmp[0][0] 85 self.remote_ip = tmp[0][4][0] 86 self.remote_port = dport 87 self.local_ip = None 88 self.local_port = None 89 self.socket = None 90 91 self.client_hello = client_hello 92 self.advertised_tls_version = None 93 if version: 94 v = _tls_version_options.get(version, None) 95 if not v: 96 self.vprint("Unrecognized TLS version option.") 97 else: 98 self.advertised_tls_version = v 99 100 self.linebreak = False 101 if isinstance(data, bytes): 102 self.data_to_send = [data] 103 elif isinstance(data, six.string_types): 104 self.data_to_send = [raw(data)] 105 elif isinstance(data, list): 106 self.data_to_send = list(raw(d) for d in reversed(data)) 107 else: 108 self.data_to_send = [] 109 110 111 def vprint_sessioninfo(self): 112 if self.verbose: 113 s = self.cur_session 114 v = _tls_version[s.tls_version] 115 self.vprint("Version : %s" % v) 116 cs = s.wcs.ciphersuite.name 117 self.vprint("Cipher suite : %s" % cs) 118 if s.tls_version >= 0x0304: 119 ms = s.tls13_master_secret 120 else: 121 ms = s.master_secret 122 self.vprint("Master secret : %s" % repr_hex(ms)) 123 if s.server_certs: 124 self.vprint("Server certificate chain: %r" % s.server_certs) 125 self.vprint() 126 127 128 @ATMT.state(initial=True) 129 def INITIAL(self): 130 self.vprint("Starting TLS client automaton.") 131 raise self.INIT_TLS_SESSION() 132 133 @ATMT.state() 134 def INIT_TLS_SESSION(self): 135 self.cur_session = tlsSession(connection_end="client") 136 self.cur_session.client_certs = self.mycert 137 self.cur_session.client_key = self.mykey 138 v = self.advertised_tls_version 139 if v: 140 self.cur_session.advertised_tls_version = v 141 else: 142 default_version = self.cur_session.advertised_tls_version 143 self.advertised_tls_version = default_version 144 raise self.CONNECT() 145 146 @ATMT.state() 147 def CONNECT(self): 148 s = socket.socket(self.remote_family, socket.SOCK_STREAM) 149 self.vprint() 150 self.vprint("Trying to connect on %s:%d" % (self.remote_ip, 151 self.remote_port)) 152 s.connect((self.remote_ip, self.remote_port)) 153 self.socket = s 154 self.local_ip, self.local_port = self.socket.getsockname()[:2] 155 self.vprint() 156 if self.cur_session.advertised_tls_version in [0x0200, 0x0002]: 157 raise self.SSLv2_PREPARE_CLIENTHELLO() 158 elif self.cur_session.advertised_tls_version >= 0x0304: 159 raise self.TLS13_START() 160 else: 161 raise self.PREPARE_CLIENTFLIGHT1() 162 163 ########################### TLS handshake ################################# 164 165 @ATMT.state() 166 def PREPARE_CLIENTFLIGHT1(self): 167 self.add_record() 168 169 @ATMT.condition(PREPARE_CLIENTFLIGHT1) 170 def should_add_ClientHello(self): 171 self.add_msg(self.client_hello or TLSClientHello()) 172 raise self.ADDED_CLIENTHELLO() 173 174 @ATMT.state() 175 def ADDED_CLIENTHELLO(self): 176 pass 177 178 @ATMT.condition(ADDED_CLIENTHELLO) 179 def should_send_ClientFlight1(self): 180 self.flush_records() 181 raise self.SENT_CLIENTFLIGHT1() 182 183 @ATMT.state() 184 def SENT_CLIENTFLIGHT1(self): 185 raise self.WAITING_SERVERFLIGHT1() 186 187 @ATMT.state() 188 def WAITING_SERVERFLIGHT1(self): 189 self.get_next_msg() 190 raise self.RECEIVED_SERVERFLIGHT1() 191 192 @ATMT.state() 193 def RECEIVED_SERVERFLIGHT1(self): 194 pass 195 196 @ATMT.condition(RECEIVED_SERVERFLIGHT1, prio=1) 197 def should_handle_ServerHello(self): 198 """ 199 XXX We should check the ServerHello attributes for discrepancies with 200 our own ClientHello. 201 """ 202 self.raise_on_packet(TLSServerHello, 203 self.HANDLED_SERVERHELLO) 204 205 @ATMT.state() 206 def HANDLED_SERVERHELLO(self): 207 pass 208 209 @ATMT.condition(RECEIVED_SERVERFLIGHT1, prio=2) 210 def missing_ServerHello(self): 211 raise self.MISSING_SERVERHELLO() 212 213 @ATMT.state() 214 def MISSING_SERVERHELLO(self): 215 self.vprint("Missing TLS ServerHello message!") 216 raise self.CLOSE_NOTIFY() 217 218 @ATMT.condition(HANDLED_SERVERHELLO, prio=1) 219 def should_handle_ServerCertificate(self): 220 if not self.cur_session.prcs.key_exchange.anonymous: 221 self.raise_on_packet(TLSCertificate, 222 self.HANDLED_SERVERCERTIFICATE) 223 raise self.HANDLED_SERVERCERTIFICATE() 224 225 @ATMT.state() 226 def HANDLED_SERVERCERTIFICATE(self): 227 pass 228 229 @ATMT.condition(HANDLED_SERVERHELLO, prio=2) 230 def missing_ServerCertificate(self): 231 raise self.MISSING_SERVERCERTIFICATE() 232 233 @ATMT.state() 234 def MISSING_SERVERCERTIFICATE(self): 235 self.vprint("Missing TLS Certificate message!") 236 raise self.CLOSE_NOTIFY() 237 238 @ATMT.state() 239 def HANDLED_CERTIFICATEREQUEST(self): 240 self.vprint("Server asked for a certificate...") 241 if not self.mykey or not self.mycert: 242 self.vprint("No client certificate to send!") 243 self.vprint("Will try and send an empty Certificate message...") 244 245 @ATMT.condition(HANDLED_SERVERCERTIFICATE, prio=1) 246 def should_handle_ServerKeyExchange_from_ServerCertificate(self): 247 """ 248 XXX We should check the ServerKeyExchange attributes for discrepancies 249 with our own ClientHello, along with the ServerHello and Certificate. 250 """ 251 self.raise_on_packet(TLSServerKeyExchange, 252 self.HANDLED_SERVERKEYEXCHANGE) 253 254 @ATMT.state(final=True) 255 def MISSING_SERVERKEYEXCHANGE(self): 256 pass 257 258 @ATMT.condition(HANDLED_SERVERCERTIFICATE, prio=2) 259 def missing_ServerKeyExchange(self): 260 if not self.cur_session.prcs.key_exchange.no_ske: 261 raise self.MISSING_SERVERKEYEXCHANGE() 262 263 @ATMT.state() 264 def HANDLED_SERVERKEYEXCHANGE(self): 265 pass 266 267 def should_handle_CertificateRequest(self): 268 """ 269 XXX We should check the CertificateRequest attributes for discrepancies 270 with the cipher suite, etc. 271 """ 272 self.raise_on_packet(TLSCertificateRequest, 273 self.HANDLED_CERTIFICATEREQUEST) 274 275 @ATMT.condition(HANDLED_SERVERKEYEXCHANGE, prio=2) 276 def should_handle_CertificateRequest_from_ServerKeyExchange(self): 277 self.should_handle_CertificateRequest() 278 279 @ATMT.condition(HANDLED_SERVERCERTIFICATE, prio=3) 280 def should_handle_CertificateRequest_from_ServerCertificate(self): 281 self.should_handle_CertificateRequest() 282 283 def should_handle_ServerHelloDone(self): 284 self.raise_on_packet(TLSServerHelloDone, 285 self.HANDLED_SERVERHELLODONE) 286 287 @ATMT.condition(HANDLED_SERVERKEYEXCHANGE, prio=1) 288 def should_handle_ServerHelloDone_from_ServerKeyExchange(self): 289 return self.should_handle_ServerHelloDone() 290 291 @ATMT.condition(HANDLED_CERTIFICATEREQUEST, prio=4) 292 def should_handle_ServerHelloDone_from_CertificateRequest(self): 293 return self.should_handle_ServerHelloDone() 294 295 @ATMT.condition(HANDLED_SERVERCERTIFICATE, prio=4) 296 def should_handle_ServerHelloDone_from_ServerCertificate(self): 297 return self.should_handle_ServerHelloDone() 298 299 @ATMT.state() 300 def HANDLED_SERVERHELLODONE(self): 301 raise self.PREPARE_CLIENTFLIGHT2() 302 303 @ATMT.state() 304 def PREPARE_CLIENTFLIGHT2(self): 305 self.add_record() 306 307 @ATMT.condition(PREPARE_CLIENTFLIGHT2, prio=1) 308 def should_add_ClientCertificate(self): 309 """ 310 If the server sent a CertificateRequest, we send a Certificate message. 311 If no certificate is available, an empty Certificate message is sent: 312 - this is a SHOULD in RFC 4346 (Section 7.4.6) 313 - this is a MUST in RFC 5246 (Section 7.4.6) 314 315 XXX We may want to add a complete chain. 316 """ 317 hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] 318 if not TLSCertificateRequest in hs_msg: 319 return 320 certs = [] 321 if self.mycert: 322 certs = [self.mycert] 323 self.add_msg(TLSCertificate(certs=certs)) 324 raise self.ADDED_CLIENTCERTIFICATE() 325 326 @ATMT.state() 327 def ADDED_CLIENTCERTIFICATE(self): 328 pass 329 330 def should_add_ClientKeyExchange(self): 331 self.add_msg(TLSClientKeyExchange()) 332 raise self.ADDED_CLIENTKEYEXCHANGE() 333 334 @ATMT.condition(PREPARE_CLIENTFLIGHT2, prio=2) 335 def should_add_ClientKeyExchange_from_ClientFlight2(self): 336 return self.should_add_ClientKeyExchange() 337 338 @ATMT.condition(ADDED_CLIENTCERTIFICATE) 339 def should_add_ClientKeyExchange_from_ClientCertificate(self): 340 return self.should_add_ClientKeyExchange() 341 342 @ATMT.state() 343 def ADDED_CLIENTKEYEXCHANGE(self): 344 pass 345 346 @ATMT.condition(ADDED_CLIENTKEYEXCHANGE, prio=1) 347 def should_add_ClientVerify(self): 348 """ 349 XXX Section 7.4.7.1 of RFC 5246 states that the CertificateVerify 350 message is only sent following a client certificate that has signing 351 capability (i.e. not those containing fixed DH params). 352 We should verify that before adding the message. We should also handle 353 the case when the Certificate message was empty. 354 """ 355 hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] 356 if (not TLSCertificateRequest in hs_msg or 357 self.mycert is None or 358 self.mykey is None): 359 return 360 self.add_msg(TLSCertificateVerify()) 361 raise self.ADDED_CERTIFICATEVERIFY() 362 363 @ATMT.state() 364 def ADDED_CERTIFICATEVERIFY(self): 365 pass 366 367 @ATMT.condition(ADDED_CERTIFICATEVERIFY) 368 def should_add_ChangeCipherSpec_from_CertificateVerify(self): 369 self.add_record() 370 self.add_msg(TLSChangeCipherSpec()) 371 raise self.ADDED_CHANGECIPHERSPEC() 372 373 @ATMT.condition(ADDED_CLIENTKEYEXCHANGE, prio=2) 374 def should_add_ChangeCipherSpec_from_ClientKeyExchange(self): 375 self.add_record() 376 self.add_msg(TLSChangeCipherSpec()) 377 raise self.ADDED_CHANGECIPHERSPEC() 378 379 @ATMT.state() 380 def ADDED_CHANGECIPHERSPEC(self): 381 pass 382 383 @ATMT.condition(ADDED_CHANGECIPHERSPEC) 384 def should_add_ClientFinished(self): 385 self.add_record() 386 self.add_msg(TLSFinished()) 387 raise self.ADDED_CLIENTFINISHED() 388 389 @ATMT.state() 390 def ADDED_CLIENTFINISHED(self): 391 pass 392 393 @ATMT.condition(ADDED_CLIENTFINISHED) 394 def should_send_ClientFlight2(self): 395 self.flush_records() 396 raise self.SENT_CLIENTFLIGHT2() 397 398 @ATMT.state() 399 def SENT_CLIENTFLIGHT2(self): 400 raise self.WAITING_SERVERFLIGHT2() 401 402 @ATMT.state() 403 def WAITING_SERVERFLIGHT2(self): 404 self.get_next_msg() 405 raise self.RECEIVED_SERVERFLIGHT2() 406 407 @ATMT.state() 408 def RECEIVED_SERVERFLIGHT2(self): 409 pass 410 411 @ATMT.condition(RECEIVED_SERVERFLIGHT2) 412 def should_handle_ChangeCipherSpec(self): 413 self.raise_on_packet(TLSChangeCipherSpec, 414 self.HANDLED_CHANGECIPHERSPEC) 415 416 @ATMT.state() 417 def HANDLED_CHANGECIPHERSPEC(self): 418 pass 419 420 @ATMT.condition(HANDLED_CHANGECIPHERSPEC) 421 def should_handle_Finished(self): 422 self.raise_on_packet(TLSFinished, 423 self.HANDLED_SERVERFINISHED) 424 425 @ATMT.state() 426 def HANDLED_SERVERFINISHED(self): 427 self.vprint("TLS handshake completed!") 428 self.vprint_sessioninfo() 429 self.vprint("You may send data or use 'quit'.") 430 431 ####################### end of TLS handshake ############################## 432 433 @ATMT.condition(HANDLED_SERVERFINISHED) 434 def should_wait_ClientData(self): 435 raise self.WAIT_CLIENTDATA() 436 437 @ATMT.state() 438 def WAIT_CLIENTDATA(self): 439 pass 440 441 @ATMT.condition(WAIT_CLIENTDATA, prio=1) 442 def add_ClientData(self): 443 """ 444 The user may type in: 445 GET / HTTP/1.1\r\nHost: testserver.com\r\n\r\n 446 Special characters are handled so that it becomes a valid HTTP request. 447 """ 448 if not self.data_to_send: 449 data = six.moves.input().replace('\\r', '\r').replace('\\n', '\n').encode() 450 else: 451 data = self.data_to_send.pop() 452 if data == b"quit": 453 return 454 if self.linebreak: 455 data += b"\n" 456 self.add_record() 457 self.add_msg(TLSApplicationData(data=data)) 458 raise self.ADDED_CLIENTDATA() 459 460 @ATMT.condition(WAIT_CLIENTDATA, prio=2) 461 def no_more_ClientData(self): 462 raise self.CLOSE_NOTIFY() 463 464 @ATMT.state() 465 def ADDED_CLIENTDATA(self): 466 pass 467 468 @ATMT.condition(ADDED_CLIENTDATA) 469 def should_send_ClientData(self): 470 self.flush_records() 471 raise self.SENT_CLIENTDATA() 472 473 @ATMT.state() 474 def SENT_CLIENTDATA(self): 475 raise self.WAITING_SERVERDATA() 476 477 @ATMT.state() 478 def WAITING_SERVERDATA(self): 479 self.get_next_msg(0.3, 1) 480 raise self.RECEIVED_SERVERDATA() 481 482 @ATMT.state() 483 def RECEIVED_SERVERDATA(self): 484 pass 485 486 @ATMT.condition(RECEIVED_SERVERDATA, prio=1) 487 def should_handle_ServerData(self): 488 if not self.buffer_in: 489 raise self.WAIT_CLIENTDATA() 490 p = self.buffer_in[0] 491 if isinstance(p, TLSApplicationData): 492 print("> Received: %r" % p.data) 493 elif isinstance(p, TLSAlert): 494 print("> Received: %r" % p) 495 raise self.CLOSE_NOTIFY() 496 else: 497 print("> Received: %r" % p) 498 self.buffer_in = self.buffer_in[1:] 499 raise self.HANDLED_SERVERDATA() 500 501 @ATMT.state() 502 def HANDLED_SERVERDATA(self): 503 raise self.WAIT_CLIENTDATA() 504 505 @ATMT.state() 506 def CLOSE_NOTIFY(self): 507 self.vprint() 508 self.vprint("Trying to send a TLSAlert to the server...") 509 510 @ATMT.condition(CLOSE_NOTIFY) 511 def close_session(self): 512 self.add_record() 513 self.add_msg(TLSAlert(level=1, descr=0)) 514 try: 515 self.flush_records() 516 except: 517 self.vprint("Could not send termination Alert, maybe the server stopped?") 518 raise self.FINAL() 519 520 ########################## SSLv2 handshake ################################ 521 522 @ATMT.state() 523 def SSLv2_PREPARE_CLIENTHELLO(self): 524 pass 525 526 @ATMT.condition(SSLv2_PREPARE_CLIENTHELLO) 527 def sslv2_should_add_ClientHello(self): 528 self.add_record(is_sslv2=True) 529 p = self.client_hello or SSLv2ClientHello(challenge=randstring(16)) 530 self.add_msg(p) 531 raise self.SSLv2_ADDED_CLIENTHELLO() 532 533 @ATMT.state() 534 def SSLv2_ADDED_CLIENTHELLO(self): 535 pass 536 537 @ATMT.condition(SSLv2_ADDED_CLIENTHELLO) 538 def sslv2_should_send_ClientHello(self): 539 self.flush_records() 540 raise self.SSLv2_SENT_CLIENTHELLO() 541 542 @ATMT.state() 543 def SSLv2_SENT_CLIENTHELLO(self): 544 raise self.SSLv2_WAITING_SERVERHELLO() 545 546 @ATMT.state() 547 def SSLv2_WAITING_SERVERHELLO(self): 548 self.get_next_msg() 549 raise self.SSLv2_RECEIVED_SERVERHELLO() 550 551 @ATMT.state() 552 def SSLv2_RECEIVED_SERVERHELLO(self): 553 pass 554 555 @ATMT.condition(SSLv2_RECEIVED_SERVERHELLO, prio=1) 556 def sslv2_should_handle_ServerHello(self): 557 self.raise_on_packet(SSLv2ServerHello, 558 self.SSLv2_HANDLED_SERVERHELLO) 559 560 @ATMT.state() 561 def SSLv2_HANDLED_SERVERHELLO(self): 562 pass 563 564 @ATMT.condition(SSLv2_RECEIVED_SERVERHELLO, prio=2) 565 def sslv2_missing_ServerHello(self): 566 raise self.SSLv2_MISSING_SERVERHELLO() 567 568 @ATMT.state() 569 def SSLv2_MISSING_SERVERHELLO(self): 570 self.vprint("Missing SSLv2 ServerHello message!") 571 raise self.SSLv2_CLOSE_NOTIFY() 572 573 @ATMT.condition(SSLv2_HANDLED_SERVERHELLO) 574 def sslv2_should_add_ClientMasterKey(self): 575 self.add_record(is_sslv2=True) 576 self.add_msg(SSLv2ClientMasterKey()) 577 raise self.SSLv2_ADDED_CLIENTMASTERKEY() 578 579 @ATMT.state() 580 def SSLv2_ADDED_CLIENTMASTERKEY(self): 581 pass 582 583 @ATMT.condition(SSLv2_ADDED_CLIENTMASTERKEY) 584 def sslv2_should_send_ClientMasterKey(self): 585 self.flush_records() 586 raise self.SSLv2_SENT_CLIENTMASTERKEY() 587 588 @ATMT.state() 589 def SSLv2_SENT_CLIENTMASTERKEY(self): 590 raise self.SSLv2_WAITING_SERVERVERIFY() 591 592 @ATMT.state() 593 def SSLv2_WAITING_SERVERVERIFY(self): 594 # We give the server 0.5 second to send his ServerVerify. 595 # Else we assume that he's waiting for our ClientFinished. 596 self.get_next_msg(0.5, 0) 597 raise self.SSLv2_RECEIVED_SERVERVERIFY() 598 599 @ATMT.state() 600 def SSLv2_RECEIVED_SERVERVERIFY(self): 601 pass 602 603 @ATMT.condition(SSLv2_RECEIVED_SERVERVERIFY, prio=1) 604 def sslv2_should_handle_ServerVerify(self): 605 self.raise_on_packet(SSLv2ServerVerify, 606 self.SSLv2_HANDLED_SERVERVERIFY, 607 get_next_msg=False) 608 609 @ATMT.state() 610 def SSLv2_HANDLED_SERVERVERIFY(self): 611 pass 612 613 def sslv2_should_add_ClientFinished(self): 614 hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] 615 if SSLv2ClientFinished in hs_msg: 616 return 617 self.add_record(is_sslv2=True) 618 self.add_msg(SSLv2ClientFinished()) 619 raise self.SSLv2_ADDED_CLIENTFINISHED() 620 621 @ATMT.condition(SSLv2_HANDLED_SERVERVERIFY, prio=1) 622 def sslv2_should_add_ClientFinished_from_ServerVerify(self): 623 return self.sslv2_should_add_ClientFinished() 624 625 @ATMT.condition(SSLv2_HANDLED_SERVERVERIFY, prio=2) 626 def sslv2_should_wait_ServerFinished_from_ServerVerify(self): 627 raise self.SSLv2_WAITING_SERVERFINISHED() 628 629 @ATMT.condition(SSLv2_RECEIVED_SERVERVERIFY, prio=2) 630 def sslv2_should_add_ClientFinished_from_NoServerVerify(self): 631 return self.sslv2_should_add_ClientFinished() 632 633 @ATMT.condition(SSLv2_RECEIVED_SERVERVERIFY, prio=3) 634 def sslv2_missing_ServerVerify(self): 635 raise self.SSLv2_MISSING_SERVERVERIFY() 636 637 @ATMT.state(final=True) 638 def SSLv2_MISSING_SERVERVERIFY(self): 639 self.vprint("Missing SSLv2 ServerVerify message!") 640 raise self.SSLv2_CLOSE_NOTIFY() 641 642 @ATMT.state() 643 def SSLv2_ADDED_CLIENTFINISHED(self): 644 pass 645 646 @ATMT.condition(SSLv2_ADDED_CLIENTFINISHED) 647 def sslv2_should_send_ClientFinished(self): 648 self.flush_records() 649 raise self.SSLv2_SENT_CLIENTFINISHED() 650 651 @ATMT.state() 652 def SSLv2_SENT_CLIENTFINISHED(self): 653 hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] 654 if SSLv2ServerVerify in hs_msg: 655 raise self.SSLv2_WAITING_SERVERFINISHED() 656 else: 657 self.get_next_msg() 658 raise self.SSLv2_RECEIVED_SERVERVERIFY() 659 660 @ATMT.state() 661 def SSLv2_WAITING_SERVERFINISHED(self): 662 self.get_next_msg() 663 raise self.SSLv2_RECEIVED_SERVERFINISHED() 664 665 @ATMT.state() 666 def SSLv2_RECEIVED_SERVERFINISHED(self): 667 pass 668 669 @ATMT.condition(SSLv2_RECEIVED_SERVERFINISHED, prio=1) 670 def sslv2_should_handle_ServerFinished(self): 671 self.raise_on_packet(SSLv2ServerFinished, 672 self.SSLv2_HANDLED_SERVERFINISHED) 673 674 ####################### SSLv2 client authentication ####################### 675 676 @ATMT.condition(SSLv2_RECEIVED_SERVERFINISHED, prio=2) 677 def sslv2_should_handle_RequestCertificate(self): 678 self.raise_on_packet(SSLv2RequestCertificate, 679 self.SSLv2_HANDLED_REQUESTCERTIFICATE) 680 681 @ATMT.state() 682 def SSLv2_HANDLED_REQUESTCERTIFICATE(self): 683 self.vprint("Server asked for a certificate...") 684 if not self.mykey or not self.mycert: 685 self.vprint("No client certificate to send!") 686 raise self.SSLv2_CLOSE_NOTIFY() 687 688 @ATMT.condition(SSLv2_HANDLED_REQUESTCERTIFICATE) 689 def sslv2_should_add_ClientCertificate(self): 690 self.add_record(is_sslv2=True) 691 self.add_msg(SSLv2ClientCertificate(certdata=self.mycert)) 692 raise self.SSLv2_ADDED_CLIENTCERTIFICATE() 693 694 @ATMT.state() 695 def SSLv2_ADDED_CLIENTCERTIFICATE(self): 696 pass 697 698 @ATMT.condition(SSLv2_ADDED_CLIENTCERTIFICATE) 699 def sslv2_should_send_ClientCertificate(self): 700 self.flush_records() 701 raise self.SSLv2_SENT_CLIENTCERTIFICATE() 702 703 @ATMT.state() 704 def SSLv2_SENT_CLIENTCERTIFICATE(self): 705 raise self.SSLv2_WAITING_SERVERFINISHED() 706 707 ################### end of SSLv2 client authentication #################### 708 709 @ATMT.state() 710 def SSLv2_HANDLED_SERVERFINISHED(self): 711 self.vprint("SSLv2 handshake completed!") 712 self.vprint_sessioninfo() 713 self.vprint("You may send data or use 'quit'.") 714 715 @ATMT.condition(SSLv2_RECEIVED_SERVERFINISHED, prio=3) 716 def sslv2_missing_ServerFinished(self): 717 raise self.SSLv2_MISSING_SERVERFINISHED() 718 719 @ATMT.state() 720 def SSLv2_MISSING_SERVERFINISHED(self): 721 self.vprint("Missing SSLv2 ServerFinished message!") 722 raise self.SSLv2_CLOSE_NOTIFY() 723 724 ######################## end of SSLv2 handshake ########################### 725 726 @ATMT.condition(SSLv2_HANDLED_SERVERFINISHED) 727 def sslv2_should_wait_ClientData(self): 728 raise self.SSLv2_WAITING_CLIENTDATA() 729 730 @ATMT.state() 731 def SSLv2_WAITING_CLIENTDATA(self): 732 pass 733 734 @ATMT.condition(SSLv2_WAITING_CLIENTDATA, prio=1) 735 def sslv2_add_ClientData(self): 736 if not self.data_to_send: 737 data = six.moves.input().replace('\\r', '\r').replace('\\n', '\n').encode() 738 else: 739 data = self.data_to_send.pop() 740 self.vprint("> Read from list: %s" % data) 741 if data == "quit": 742 return 743 if self.linebreak: 744 data += "\n" 745 self.add_record(is_sslv2=True) 746 self.add_msg(Raw(data)) 747 raise self.SSLv2_ADDED_CLIENTDATA() 748 749 @ATMT.condition(SSLv2_WAITING_CLIENTDATA, prio=2) 750 def sslv2_no_more_ClientData(self): 751 raise self.SSLv2_CLOSE_NOTIFY() 752 753 @ATMT.state() 754 def SSLv2_ADDED_CLIENTDATA(self): 755 pass 756 757 @ATMT.condition(SSLv2_ADDED_CLIENTDATA) 758 def sslv2_should_send_ClientData(self): 759 self.flush_records() 760 raise self.SSLv2_SENT_CLIENTDATA() 761 762 @ATMT.state() 763 def SSLv2_SENT_CLIENTDATA(self): 764 raise self.SSLv2_WAITING_SERVERDATA() 765 766 @ATMT.state() 767 def SSLv2_WAITING_SERVERDATA(self): 768 self.get_next_msg(0.3, 1) 769 raise self.SSLv2_RECEIVED_SERVERDATA() 770 771 @ATMT.state() 772 def SSLv2_RECEIVED_SERVERDATA(self): 773 pass 774 775 @ATMT.condition(SSLv2_RECEIVED_SERVERDATA) 776 def sslv2_should_handle_ServerData(self): 777 if not self.buffer_in: 778 raise self.SSLv2_WAITING_CLIENTDATA() 779 p = self.buffer_in[0] 780 print("> Received: %r" % p.load) 781 if p.load.startswith(b"goodbye"): 782 raise self.SSLv2_CLOSE_NOTIFY() 783 self.buffer_in = self.buffer_in[1:] 784 raise self.SSLv2_HANDLED_SERVERDATA() 785 786 @ATMT.state() 787 def SSLv2_HANDLED_SERVERDATA(self): 788 raise self.SSLv2_WAITING_CLIENTDATA() 789 790 @ATMT.state() 791 def SSLv2_CLOSE_NOTIFY(self): 792 """ 793 There is no proper way to end an SSLv2 session. 794 We try and send a 'goodbye' message as a substitute. 795 """ 796 self.vprint() 797 self.vprint("Trying to send a 'goodbye' to the server...") 798 799 @ATMT.condition(SSLv2_CLOSE_NOTIFY) 800 def sslv2_close_session(self): 801 self.add_record() 802 self.add_msg(Raw('goodbye')) 803 try: 804 self.flush_records() 805 except: 806 self.vprint("Could not send our goodbye. The server probably stopped.") 807 self.socket.close() 808 raise self.FINAL() 809 810 ######################### TLS 1.3 handshake ############################### 811 812 @ATMT.state() 813 def TLS13_START(self): 814 pass 815 816 @ATMT.condition(TLS13_START) 817 def tls13_should_add_ClientHello(self): 818 # we have to use the legacy, plaintext TLS record here 819 self.add_record(is_tls13=False) 820 if self.client_hello: 821 p = self.client_hello 822 else: 823 # When trying to connect to a public TLS 1.3 server, 824 # you will most likely need to provide an SNI extension. 825 #sn = ServerName(servername="<put server name here>") 826 ext = [TLS_Ext_SupportedGroups(groups=["secp256r1"]), 827 #TLS_Ext_ServerName(servernames=[sn]), 828 TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group=23)]), 829 TLS_Ext_SupportedVersions(versions=["TLS 1.3-d18"]), 830 TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsapss", 831 "sha256+rsa"]) ] 832 p = TLSClientHello(ciphers=0x1301, ext=ext) 833 self.add_msg(p) 834 raise self.TLS13_ADDED_CLIENTHELLO() 835 836 @ATMT.state() 837 def TLS13_ADDED_CLIENTHELLO(self): 838 pass 839 840 @ATMT.condition(TLS13_ADDED_CLIENTHELLO) 841 def tls13_should_send_ClientHello(self): 842 self.flush_records() 843 raise self.TLS13_SENT_CLIENTHELLO() 844 845 @ATMT.state() 846 def TLS13_SENT_CLIENTHELLO(self): 847 raise self.TLS13_WAITING_SERVERHELLO() 848 849 @ATMT.state() 850 def TLS13_WAITING_SERVERHELLO(self): 851 self.get_next_msg() 852 853 @ATMT.condition(TLS13_WAITING_SERVERHELLO) 854 def tls13_should_handle_ServerHello(self): 855 self.raise_on_packet(TLS13ServerHello, 856 self.TLS13_WAITING_ENCRYPTEDEXTENSIONS) 857 858 @ATMT.state() 859 def TLS13_WAITING_ENCRYPTEDEXTENSIONS(self): 860 self.get_next_msg() 861 862 @ATMT.condition(TLS13_WAITING_ENCRYPTEDEXTENSIONS) 863 def tls13_should_handle_EncryptedExtensions(self): 864 self.raise_on_packet(TLSEncryptedExtensions, 865 self.TLS13_WAITING_CERTIFICATE) 866 867 @ATMT.state() 868 def TLS13_WAITING_CERTIFICATE(self): 869 self.get_next_msg() 870 871 @ATMT.condition(TLS13_WAITING_CERTIFICATE, prio=1) 872 def tls13_should_handle_Certificate(self): 873 self.raise_on_packet(TLS13Certificate, 874 self.TLS13_WAITING_CERTIFICATEVERIFY) 875 876 @ATMT.condition(TLS13_WAITING_CERTIFICATE, prio=2) 877 def tls13_should_handle_CertificateRequest(self): 878 hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] 879 if TLSCertificateRequest in hs_msg: 880 self.vprint("TLSCertificateRequest already received!") 881 self.raise_on_packet(TLSCertificateRequest, 882 self.TLS13_WAITING_CERTIFICATE) 883 884 @ATMT.condition(TLS13_WAITING_CERTIFICATE, prio=3) 885 def tls13_should_handle_ServerFinished_from_EncryptedExtensions(self): 886 self.raise_on_packet(TLSFinished, 887 self.TLS13_CONNECTED) 888 889 @ATMT.condition(TLS13_WAITING_CERTIFICATE, prio=4) 890 def tls13_missing_Certificate(self): 891 self.vprint("Missing TLS 1.3 message after EncryptedExtensions!") 892 raise self.FINAL() 893 894 @ATMT.state() 895 def TLS13_WAITING_CERTIFICATEVERIFY(self): 896 self.get_next_msg() 897 898 @ATMT.condition(TLS13_WAITING_CERTIFICATEVERIFY) 899 def tls13_should_handle_CertificateVerify(self): 900 self.raise_on_packet(TLSCertificateVerify, 901 self.TLS13_WAITING_SERVERFINISHED) 902 903 @ATMT.state() 904 def TLS13_WAITING_SERVERFINISHED(self): 905 self.get_next_msg() 906 907 @ATMT.condition(TLS13_WAITING_SERVERFINISHED) 908 def tls13_should_handle_ServerFinished_from_CertificateVerify(self): 909 self.raise_on_packet(TLSFinished, 910 self.TLS13_PREPARE_CLIENTFLIGHT2) 911 912 @ATMT.state() 913 def TLS13_PREPARE_CLIENTFLIGHT2(self): 914 self.add_record(is_tls13=True) 915 #raise self.FINAL() 916 917 @ATMT.condition(TLS13_PREPARE_CLIENTFLIGHT2) 918 def tls13_should_add_ClientFinished(self): 919 self.add_msg(TLSFinished()) 920 raise self.TLS13_ADDED_CLIENTFINISHED() 921 922 @ATMT.state() 923 def TLS13_ADDED_CLIENTFINISHED(self): 924 pass 925 926 @ATMT.condition(TLS13_ADDED_CLIENTFINISHED) 927 def tls13_should_send_ClientFlight2(self): 928 self.flush_records() 929 raise self.TLS13_SENT_CLIENTFLIGHT2() 930 931 @ATMT.state() 932 def TLS13_SENT_CLIENTFLIGHT2(self): 933 raise self.HANDLED_SERVERFINISHED() 934 935 @ATMT.state(final=True) 936 def FINAL(self): 937 # We might call shutdown, but it may happen that the server 938 # did not wait for us to shutdown after answering our data query. 939 #self.socket.shutdown(1) 940 self.vprint("Closing client socket...") 941 self.socket.close() 942 self.vprint("Ending TLS client automaton.") 943 944