diff options
Diffstat (limited to 'libmproxy/contrib/tls')
| -rw-r--r-- | libmproxy/contrib/tls/__init__.py | 5 | ||||
| -rw-r--r-- | libmproxy/contrib/tls/_constructs.py | 213 | ||||
| -rw-r--r-- | libmproxy/contrib/tls/utils.py | 26 |
3 files changed, 0 insertions, 244 deletions
diff --git a/libmproxy/contrib/tls/__init__.py b/libmproxy/contrib/tls/__init__.py deleted file mode 100644 index 4b540884..00000000 --- a/libmproxy/contrib/tls/__init__.py +++ /dev/null @@ -1,5 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function diff --git a/libmproxy/contrib/tls/_constructs.py b/libmproxy/contrib/tls/_constructs.py deleted file mode 100644 index 4cb7d382..00000000 --- a/libmproxy/contrib/tls/_constructs.py +++ /dev/null @@ -1,213 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from construct import (Array, Bytes, Struct, UBInt16, UBInt32, UBInt8, PascalString, Embed, TunnelAdapter, GreedyRange, - Switch, OptionalGreedyRange, Optional) - -from .utils import UBInt24 - -ProtocolVersion = Struct( - "version", - UBInt8("major"), - UBInt8("minor"), -) - -TLSPlaintext = Struct( - "TLSPlaintext", - UBInt8("type"), - ProtocolVersion, - UBInt16("length"), # TODO: Reject packets with length > 2 ** 14 - Bytes("fragment", lambda ctx: ctx.length), -) - -TLSCompressed = Struct( - "TLSCompressed", - UBInt8("type"), - ProtocolVersion, - UBInt16("length"), # TODO: Reject packets with length > 2 ** 14 + 1024 - Bytes("fragment", lambda ctx: ctx.length), -) - -TLSCiphertext = Struct( - "TLSCiphertext", - UBInt8("type"), - ProtocolVersion, - UBInt16("length"), # TODO: Reject packets with length > 2 ** 14 + 2048 - Bytes("fragment", lambda ctx: ctx.length), -) - -Random = Struct( - "random", - UBInt32("gmt_unix_time"), - Bytes("random_bytes", 28), -) - -SessionID = Struct( - "session_id", - UBInt8("length"), - Bytes("session_id", lambda ctx: ctx.length), -) - -CipherSuites = Struct( - "cipher_suites", - UBInt16("length"), # TODO: Reject packets of length 0 - Array(lambda ctx: ctx.length // 2, UBInt16("cipher_suites")), -) - -CompressionMethods = Struct( - "compression_methods", - UBInt8("length"), # TODO: Reject packets of length 0 - Array(lambda ctx: ctx.length, UBInt8("compression_methods")), -) - -ServerName = Struct( - "", - UBInt8("type"), - PascalString("name", length_field=UBInt16("length")), -) - -SNIExtension = Struct( - "", - TunnelAdapter( - PascalString("server_names", length_field=UBInt16("length")), - TunnelAdapter( - PascalString("", length_field=UBInt16("length")), - GreedyRange(ServerName) - ), - ), -) - -ALPNExtension = Struct( - "", - TunnelAdapter( - PascalString("alpn_protocols", length_field=UBInt16("length")), - TunnelAdapter( - PascalString("", length_field=UBInt16("length")), - GreedyRange(PascalString("name")) - ), - ), -) - -UnknownExtension = Struct( - "", - PascalString("bytes", length_field=UBInt16("extensions_length")) -) - -Extension = Struct( - "Extension", - UBInt16("type"), - Embed( - Switch( - "", lambda ctx: ctx.type, - { - 0x00: SNIExtension, - 0x10: ALPNExtension - }, - default=UnknownExtension - ) - ) -) - -extensions = TunnelAdapter( - Optional(PascalString("extensions", length_field=UBInt16("extensions_length"))), - OptionalGreedyRange(Extension) -) - -ClientHello = Struct( - "ClientHello", - ProtocolVersion, - Random, - SessionID, - CipherSuites, - CompressionMethods, - extensions, -) - -ServerHello = Struct( - "ServerHello", - ProtocolVersion, - Random, - SessionID, - Bytes("cipher_suite", 2), - UBInt8("compression_method"), - extensions, -) - -ClientCertificateType = Struct( - "certificate_types", - UBInt8("length"), # TODO: Reject packets of length 0 - Array(lambda ctx: ctx.length, UBInt8("certificate_types")), -) - -SignatureAndHashAlgorithm = Struct( - "algorithms", - UBInt8("hash"), - UBInt8("signature"), -) - -SupportedSignatureAlgorithms = Struct( - "supported_signature_algorithms", - UBInt16("supported_signature_algorithms_length"), - # TODO: Reject packets of length 0 - Array( - lambda ctx: ctx.supported_signature_algorithms_length / 2, - SignatureAndHashAlgorithm, - ), -) - -DistinguishedName = Struct( - "certificate_authorities", - UBInt16("length"), - Bytes("certificate_authorities", lambda ctx: ctx.length), -) - -CertificateRequest = Struct( - "CertificateRequest", - ClientCertificateType, - SupportedSignatureAlgorithms, - DistinguishedName, -) - -ServerDHParams = Struct( - "ServerDHParams", - UBInt16("dh_p_length"), - Bytes("dh_p", lambda ctx: ctx.dh_p_length), - UBInt16("dh_g_length"), - Bytes("dh_g", lambda ctx: ctx.dh_g_length), - UBInt16("dh_Ys_length"), - Bytes("dh_Ys", lambda ctx: ctx.dh_Ys_length), -) - -PreMasterSecret = Struct( - "pre_master_secret", - ProtocolVersion, - Bytes("random_bytes", 46), -) - -ASN1Cert = Struct( - "ASN1Cert", - UBInt32("length"), # TODO: Reject packets with length not in 1..2^24-1 - Bytes("asn1_cert", lambda ctx: ctx.length), -) - -Certificate = Struct( - "Certificate", # TODO: Reject packets with length > 2 ** 24 - 1 - UBInt32("certificates_length"), - Bytes("certificates_bytes", lambda ctx: ctx.certificates_length), -) - -Handshake = Struct( - "Handshake", - UBInt8("msg_type"), - UBInt24("length"), - Bytes("body", lambda ctx: ctx.length), -) - -Alert = Struct( - "Alert", - UBInt8("level"), - UBInt8("description"), -) diff --git a/libmproxy/contrib/tls/utils.py b/libmproxy/contrib/tls/utils.py deleted file mode 100644 index 4c917303..00000000 --- a/libmproxy/contrib/tls/utils.py +++ /dev/null @@ -1,26 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -import construct - -import six - - -class _UBInt24(construct.Adapter): - def _encode(self, obj, context): - return ( - six.int2byte((obj & 0xFF0000) >> 16) + - six.int2byte((obj & 0x00FF00) >> 8) + - six.int2byte(obj & 0x0000FF) - ) - - def _decode(self, obj, context): - obj = bytearray(obj) - return (obj[0] << 16 | obj[1] << 8 | obj[2]) - - -def UBInt24(name): # noqa - return _UBInt24(construct.Bytes(name, 3)) |