scapy.layers.tls.keyexchange

TLS密钥交换逻辑.

class scapy.layers.tls.keyexchange.ClientDiffieHellmanPublic(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.session._GenericTLSSessionInheritance

如果用户为dh_Yc属性提供值,我们假设他将相应地设置pms和ms并自行触发密钥派生.

XXX如7.4.7.2. 根据RFC 4346,我们应该根据客户端证书中DH参数的可用性来区分对隐式或显式值的需求. 目前,我们只能进行临时/显式DH.

aliastypes
fields_desc
ClientDiffieHellman公共字段

dh_Yclen

FieldLenField

None

dh_Yc

StrLenField

b''

fill_missing(**kwargs)
guess_payload_class(p)
post_build(pkt, pay)
post_dissection(m)

首先,我们更新客户端DHParams. 然后,我们尝试使用共享密钥更新在Server * DHParams构建期间生成的服务器DHParams. 最后,我们导出会话密钥并更新上下文.

class scapy.layers.tls.keyexchange.ClientECDiffieHellmanPublic(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.session._GenericTLSSessionInheritance

请注意," len"字段比上一个类长1个字节.

aliastypes
fields_desc
ClientECDiffieHellman公共字段

ecdh_Yclen

FieldLenField

None

ecdh_Yc

StrLenField

b''

fill_missing(**kwargs)
post_build(pkt, pay)
post_dissection(m)
class scapy.layers.tls.keyexchange.ClientPSKIdentity

Bases: scapy.packet.Packet

XXX我们提供了ServerPSKParams的解析功能,但是上下文操作尚未实现. 请参阅RFC4279.请注意,我们不涵盖(EC)DHE_PSK或RSA_PSK密钥交换,后者应包含EncryptedPMS或ClientDiffieHellmanPublic.

aliastypes
fields_desc
ClientPSKIdentity字段

psk_identity_len

FieldLenField

None

psk_identity

StrLenField

b''

class scapy.layers.tls.keyexchange.ECCurvePkt

Bases: scapy.packet.Packet

aliastypes
fields_desc
ECCurvePkt字段

alen

FieldLenField

None

a

StrLenField

b''

blen

FieldLenField

None

b

StrLenField

b''

class scapy.layers.tls.keyexchange.ECPentanomialBasis

Bases: scapy.packet.Packet

aliastypes
fields_desc
ECPentanomialBasis字段

k1len

FieldLenField

None

k1

StrLenField

b''

k2len

FieldLenField

None

k2

StrLenField

b''

k3len

FieldLenField

None

k3

StrLenField

b''

guess_payload_class(p)
val = 1
class scapy.layers.tls.keyexchange.ECTrinomialBasis

Bases: scapy.packet.Packet

aliastypes
fields_desc
ECTrinomialBasis字段

klen

FieldLenField

None

k

StrLenField

b''

guess_payload_class(p)
val = 0
class scapy.layers.tls.keyexchange.EncryptedPreMasterSecret(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.session._GenericTLSSessionInheritance

请注意RFC 5246的7.4.7.1节中的实现说明.

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
加密的PreMasterSecret字段

client_version

_TLSClientVersionField

None

random

StrFixedLenField

None

guess_payload_class(p)
post_build(pkt, pay)

我们使用服务器证书或服务器密钥交换消息中提供的临时RSA密钥来加密premaster机密(48个字节). 在该步骤之后,我们添加2个字节以提供长度,如第7.4.7.1节末尾的实现说明中所述.

pre_dissect(m)
class scapy.layers.tls.keyexchange.ServerDHParams(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.session._GenericTLSSessionInheritance

ServerDHParams,用于基于FFDH的密钥交换,如RFC 5246 / 7.4.3所定义.

使用.fill_missing()或.post_dissection(),TLS上下文的server_kx_privkey或server_kx_pubkey均根据已解析/组合的值进行更新. 如果要保留原始值,则用户有责任存储和恢复原始值. 例如,可以在编写ServerKeyExchange和接收ClientKeyExchange(包括秘密生成)之间完成此操作.

aliastypes
fields_desc
ServerDHParams字段

dh_plen

FieldLenField

None

dh_p

StrLenField

b''

dh_glen

FieldLenField

None

dh_g

StrLenField

b''

dh_Yslen

FieldLenField

None

dh_Ys

StrLenField

b''

fill_missing(**kwargs)
guess_payload_class(p)

参数后的签名将另存为填充. 这样,_TLSServerParamsField继承自PacketField的.getfield()将返回签名,与预期的一样.

post_dissection(r)
register_pubkey(**kwargs)
class scapy.layers.tls.keyexchange.ServerECDHExplicitChar2Params(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.session._GenericTLSSessionInheritance

我们为Char2Params提供了解析功能,但是加密库不提供支持,因此没有上下文操作.

aliastypes
fields_desc
ServerECDHExplicitChar2Params字段

curve_type

ByteEnumField

2

m

ShortField

None

basis_type

_ECBasisTypeField

None

basis

_ECBasisField

<ECTrinomialBasis  |>

curve

PacketField

<ECCurvePkt  |>

baselen

FieldLenField

None

base

StrLenField

b''

order

ByteField

None

cofactor

ByteField

None

pointlen

FieldLenField

None

point

StrLenField

b''

fill_missing()
guess_payload_class(p)
class scapy.layers.tls.keyexchange.ServerECDHExplicitPrimeParams(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.session._GenericTLSSessionInheritance

我们为ExplicitPrimeParams提供了解析功能,但是密码库不提供支持,因此没有上下文操作.

aliastypes
fields_desc
ServerECDHExplicitPrimeParams字段

curve_type

ByteEnumField

1

plen

FieldLenField

None

p

StrLenField

b''

curve

PacketField

None

baselen

FieldLenField

None

base

StrLenField

b''

orderlen

FieldLenField

None

order

StrLenField

b''

cofactorlen

FieldLenField

None

cofactor

StrLenField

b''

pointlen

FieldLenField

None

point

StrLenField

b''

fill_missing()

请注意,如果用户未设置,则辅因子将始终为1.对于大多数(但不是全部)TLS椭圆曲线,这是正确的.

guess_payload_class(p)
class scapy.layers.tls.keyexchange.ServerECDHNamedCurveParams(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.session._GenericTLSSessionInheritance

aliastypes
fields_desc
ServerECDHNamedCurveParams字段

curve_type

ByteEnumField

3

named_curve

ShortEnumField

None

pointlen

FieldLenField

None

point

StrLenField

None

fill_missing(**kwargs)
guess_payload_class(p)
post_dissection(r)
register_pubkey(**kwargs)
class scapy.layers.tls.keyexchange.ServerPSKParams

Bases: scapy.packet.Packet

XXX我们为ServerPSKParams提供了一些解析功能,但是上下文操作尚未实现. 请参阅RFC4279.请注意,我们不涵盖(EC)DHE_PSK密钥交换,该密钥交换应在'psk_identity_hint'之后包含Server * DHParams.

aliastypes
fields_desc
ServerPSKParams字段

psk_identity_hint_len

FieldLenField

None

psk_identity_hint

StrLenField

b''

fill_missing()
guess_payload_class(p)
post_dissection(pkt)
class scapy.layers.tls.keyexchange.ServerRSAParams(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.session._GenericTLSSessionInheritance

为RSA_EXPORT kx定义:在kx不允许的情况下,它使服务器可以共享比其主体{> 512}位密钥短的RSA密钥.

在标准RSA kx协商中,这不应出现,因为密钥已经在"证书"消息中发布.

aliastypes
fields_desc
ServerRSAParams字段

rsamodlen

FieldLenField

None

rsamod

StrLenField

b''

rsaexplen

FieldLenField

None

rsaexp

StrLenField

b''

fill_missing(**kwargs)
guess_payload_class(p)
post_dissection(pkt)
register_pubkey(**kwargs)
class scapy.layers.tls.keyexchange.SigAndHashAlgField(name, default, enum, fmt='H')

Bases: scapy.fields.EnumField

在_TLSSignature中使用.

addfield()
getfield()
phantom_value = None
class scapy.layers.tls.keyexchange.SigAndHashAlgsField(name, default, field, length_from=None, count_from=None)

Bases: scapy.fields.FieldListField

在TLS_Ext_SignatureAlgorithms和TLSCertificateResquest中使用.

addfield()
getfield()
phantom_value = []
class scapy.layers.tls.keyexchange.SigAndHashAlgsLenField(name, default, length_of=None, fmt='H', count_of=None, adjust=<function FieldLenField.<lambda>>, fld=None)

Bases: scapy.fields.FieldLenField

在TLS_Ext_SignatureAlgorithms和TLSCertificateResquest中使用.

addfield()
getfield()
phantom_value = 0
class scapy.layers.tls.keyexchange.SigLenField(name, default, length_of=None, fmt='H', count_of=None, adjust=<function FieldLenField.<lambda>>, fld=None)

Bases: scapy.fields.FieldLenField

SSLv2有一个技巧,它使用隐式长度…

addfield(pkt, s, val)

With SSLv2 you will never be able to add a sig_len.

getfield(pkt, s)
class scapy.layers.tls.keyexchange.SigValField(name, default, fld=None, length_from=None, max_length=None)

Bases: scapy.fields.StrLenField

SSLv2有一个技巧,它使用隐式长度…

getfield(pkt, m)
scapy.layers.tls.keyexchange.phantom_decorate(f, get_or_add)

用于版本相关字段的装饰器. 如果get_or_add为True(表示get),则返回s,self.phantom_value. 如果为False(均值加),则返回s.

scapy.layers.tls.keyexchange.phantom_mode(pkt)

我们期望如此. 如果未设置tls_version,则意味着我们没有处理任何完整的ClientHello,因此我们很可能正在读取/构建一个signature_algorithms扩展,因此我们不能处于phantom_mode. 但是,如果已设置tls_version,我们将测试TLS 1.2.