214 lines
4.9 KiB
Python
214 lines
4.9 KiB
Python
# This file is dual licensed under the terms of the Apache License, Version
|
|
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
# for complete details.
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
from construct import (Array, Bytes, Struct, UBInt16, UBInt32, UBInt8, PascalString, Embed, TunnelAdapter, GreedyRange,
|
|
Switch, OptionalGreedyRange, Optional)
|
|
|
|
from .utils import UBInt24
|
|
|
|
ProtocolVersion = Struct(
|
|
"version",
|
|
UBInt8("major"),
|
|
UBInt8("minor"),
|
|
)
|
|
|
|
TLSPlaintext = Struct(
|
|
"TLSPlaintext",
|
|
UBInt8("type"),
|
|
ProtocolVersion,
|
|
UBInt16("length"), # TODO: Reject packets with length > 2 ** 14
|
|
Bytes("fragment", lambda ctx: ctx.length),
|
|
)
|
|
|
|
TLSCompressed = Struct(
|
|
"TLSCompressed",
|
|
UBInt8("type"),
|
|
ProtocolVersion,
|
|
UBInt16("length"), # TODO: Reject packets with length > 2 ** 14 + 1024
|
|
Bytes("fragment", lambda ctx: ctx.length),
|
|
)
|
|
|
|
TLSCiphertext = Struct(
|
|
"TLSCiphertext",
|
|
UBInt8("type"),
|
|
ProtocolVersion,
|
|
UBInt16("length"), # TODO: Reject packets with length > 2 ** 14 + 2048
|
|
Bytes("fragment", lambda ctx: ctx.length),
|
|
)
|
|
|
|
Random = Struct(
|
|
"random",
|
|
UBInt32("gmt_unix_time"),
|
|
Bytes("random_bytes", 28),
|
|
)
|
|
|
|
SessionID = Struct(
|
|
"session_id",
|
|
UBInt8("length"),
|
|
Bytes("session_id", lambda ctx: ctx.length),
|
|
)
|
|
|
|
CipherSuites = Struct(
|
|
"cipher_suites",
|
|
UBInt16("length"), # TODO: Reject packets of length 0
|
|
Array(lambda ctx: ctx.length // 2, UBInt16("cipher_suites")),
|
|
)
|
|
|
|
CompressionMethods = Struct(
|
|
"compression_methods",
|
|
UBInt8("length"), # TODO: Reject packets of length 0
|
|
Array(lambda ctx: ctx.length, UBInt8("compression_methods")),
|
|
)
|
|
|
|
ServerName = Struct(
|
|
"",
|
|
UBInt8("type"),
|
|
PascalString("name", length_field=UBInt16("length")),
|
|
)
|
|
|
|
SNIExtension = Struct(
|
|
"",
|
|
TunnelAdapter(
|
|
PascalString("server_names", length_field=UBInt16("length")),
|
|
TunnelAdapter(
|
|
PascalString("", length_field=UBInt16("length")),
|
|
GreedyRange(ServerName)
|
|
),
|
|
),
|
|
)
|
|
|
|
ALPNExtension = Struct(
|
|
"",
|
|
TunnelAdapter(
|
|
PascalString("alpn_protocols", length_field=UBInt16("length")),
|
|
TunnelAdapter(
|
|
PascalString("", length_field=UBInt16("length")),
|
|
GreedyRange(PascalString("name"))
|
|
),
|
|
),
|
|
)
|
|
|
|
UnknownExtension = Struct(
|
|
"",
|
|
PascalString("bytes", length_field=UBInt16("extensions_length"))
|
|
)
|
|
|
|
Extension = Struct(
|
|
"Extension",
|
|
UBInt16("type"),
|
|
Embed(
|
|
Switch(
|
|
"", lambda ctx: ctx.type,
|
|
{
|
|
0x00: SNIExtension,
|
|
0x10: ALPNExtension
|
|
},
|
|
default=UnknownExtension
|
|
)
|
|
)
|
|
)
|
|
|
|
extensions = TunnelAdapter(
|
|
Optional(PascalString("extensions", length_field=UBInt16("extensions_length"))),
|
|
OptionalGreedyRange(Extension)
|
|
)
|
|
|
|
ClientHello = Struct(
|
|
"ClientHello",
|
|
ProtocolVersion,
|
|
Random,
|
|
SessionID,
|
|
CipherSuites,
|
|
CompressionMethods,
|
|
extensions,
|
|
)
|
|
|
|
ServerHello = Struct(
|
|
"ServerHello",
|
|
ProtocolVersion,
|
|
Random,
|
|
SessionID,
|
|
Bytes("cipher_suite", 2),
|
|
UBInt8("compression_method"),
|
|
extensions,
|
|
)
|
|
|
|
ClientCertificateType = Struct(
|
|
"certificate_types",
|
|
UBInt8("length"), # TODO: Reject packets of length 0
|
|
Array(lambda ctx: ctx.length, UBInt8("certificate_types")),
|
|
)
|
|
|
|
SignatureAndHashAlgorithm = Struct(
|
|
"algorithms",
|
|
UBInt8("hash"),
|
|
UBInt8("signature"),
|
|
)
|
|
|
|
SupportedSignatureAlgorithms = Struct(
|
|
"supported_signature_algorithms",
|
|
UBInt16("supported_signature_algorithms_length"),
|
|
# TODO: Reject packets of length 0
|
|
Array(
|
|
lambda ctx: ctx.supported_signature_algorithms_length / 2,
|
|
SignatureAndHashAlgorithm,
|
|
),
|
|
)
|
|
|
|
DistinguishedName = Struct(
|
|
"certificate_authorities",
|
|
UBInt16("length"),
|
|
Bytes("certificate_authorities", lambda ctx: ctx.length),
|
|
)
|
|
|
|
CertificateRequest = Struct(
|
|
"CertificateRequest",
|
|
ClientCertificateType,
|
|
SupportedSignatureAlgorithms,
|
|
DistinguishedName,
|
|
)
|
|
|
|
ServerDHParams = Struct(
|
|
"ServerDHParams",
|
|
UBInt16("dh_p_length"),
|
|
Bytes("dh_p", lambda ctx: ctx.dh_p_length),
|
|
UBInt16("dh_g_length"),
|
|
Bytes("dh_g", lambda ctx: ctx.dh_g_length),
|
|
UBInt16("dh_Ys_length"),
|
|
Bytes("dh_Ys", lambda ctx: ctx.dh_Ys_length),
|
|
)
|
|
|
|
PreMasterSecret = Struct(
|
|
"pre_master_secret",
|
|
ProtocolVersion,
|
|
Bytes("random_bytes", 46),
|
|
)
|
|
|
|
ASN1Cert = Struct(
|
|
"ASN1Cert",
|
|
UBInt32("length"), # TODO: Reject packets with length not in 1..2^24-1
|
|
Bytes("asn1_cert", lambda ctx: ctx.length),
|
|
)
|
|
|
|
Certificate = Struct(
|
|
"Certificate", # TODO: Reject packets with length > 2 ** 24 - 1
|
|
UBInt32("certificates_length"),
|
|
Bytes("certificates_bytes", lambda ctx: ctx.certificates_length),
|
|
)
|
|
|
|
Handshake = Struct(
|
|
"Handshake",
|
|
UBInt8("msg_type"),
|
|
UBInt24("length"),
|
|
Bytes("body", lambda ctx: ctx.length),
|
|
)
|
|
|
|
Alert = Struct(
|
|
"Alert",
|
|
UBInt8("level"),
|
|
UBInt8("description"),
|
|
)
|