Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to parse TLS 1.3 Server Hello #1668

Closed
bbayles opened this issue Oct 26, 2018 · 9 comments
Closed

Unable to parse TLS 1.3 Server Hello #1668

bbayles opened this issue Oct 26, 2018 · 9 comments
Labels
bug tls

Comments

@bbayles
Copy link

bbayles commented Oct 26, 2018

I found that I wasn't able to parse a Server Hello from the TLS 1.3 testing site https://enabled.tls13.com/ with the current development version of scapy (87916fd , Python 3, Linux).

Here's a snippet that reproduces the issue:

Code to reproduce 
from scapy.all import load_layer
load_layer('tls')

data = bytes.fromhex(
    '160303007a02000076030354d872a960290781a55827539ab607abe2ba8db77a212053ad'
    '7e98c92598ba462033d562b393540c7520405833f06e8c84d0dfb0e8e09f2ea9d4e7b854'
    '81b989ac130100002e00330024001d0020100b726fd77a0fd0e6a00228579d5e649f4105'
    '1a9b2b59f5afb09fe72f793410002b000203041403030001011703030943359c1d734183'
    '288f4c6141d07109241fde952af155d9b6162cf0db7a890322b650f66c54212d93d9bf2f'
    'ac78bb2872e29a89b6ff3ef85d777f3dcb773ccaed62900908a2d310903cf22897d97ed9'
    'e175596d78d4beb061ac6ed885f165ed443696c0ee6d9b5116ed09237e3f5beda2c1ff9f'
    'f33e755ad84450ae9cf7763d3c6aec98eb6dff9c9753cb5a0c60d6f7b20bb7a45ae1e639'
    'ae8a07c73db8db26b37c992f4d4ea7bec54715b696b463dbd5904b6d38bf69f9b4379d2a'
    'bc101cdd5da07a21e4b1913ef5484c3d9b61b5c0abe6cb6dbaa9fbee0a81a4b3bd2aa744'
    '9a4d3127f137b42191a635d8ec2b09a48f659656dae6ed246c1d8d9c8fced1b2a0a610d3'
    '124410f32e9a4000b451a28ca3f1c02f705466bf8f6356cdec497471d78e4f785379ec71'
    '468e8ac9dbce8bb29d249030929f4442003e3a67d4581d97f540e3309a2d8b3eb84b36ca'
    'e9f9e78fb14e5401ff57cdcae2029e62875bc9d5bd9140ce8fae77dbf54495ef4cb4a0af'
    'f591ad6f69eafab106db663adcc183722b62f03b1e273d17438a18be0880fab1c443d7b6'
    '4746f33a5c57bf8f8ac3881ad47400b40f9d1b27e0c86012f2d3b18a5555610e772d3b51'
    '711f591eaa1d5a6826a6390caa537d7db9511c208b668ea88b88c578a5b85cd8862e22b1'
    '7b535156bd9093315b9cd0b47f76f1193d6e27440486dce42316dd342d942aad68e4b35e'
    '31cf7a272a50a35f9fa00dc8f700a2ca981a32757dfa2a1ba0778c3308229e96b74ae350'
    '751945c0286d35924b79763835a4bd05e8a6d2a632fff649615c8d8a1f73ad39b5c3478b'
    'b6b4b4b6b21f26f4526ce710148d2ec37125de1ad72bada016c92c438a2d404a2ed0d246'
    '21606509b8736cd3f99e387667dd23e15d56dc7ffbc3ec61825af7f08d633c7740655ea9'
    '8fb0587a800fc74951b0a28b1724215c877a58a3f9b164edfd09b84508d8b3620413cdcc'
    '2f88be147ff5c393fd2322b516547aae2e6dfcdd7d5ea36ef12b4f11c57c99ccde69d84a'
    '3e08c85f57e1c907b1d9ba2cb011b05a518471d6484d5caddbb34070a7b720d561dec167'
    '1f623e7f16f99897b7bc3f08f24ab00ece158e4bef897d3aca77d87c7fef27dd736fcd6c'
    '8f0cfa7e42db6722bed9d88015afbe5ccdf4d17ce76122971fa4270d443eab4046724d79'
    '1fca2355ca5aeba11f6881c05d4e47b55023aec41d297f744f2b0c23fe02ad1c245ebc78'
    '972e3f6da0792911c793d0132327761e68758c3b5ce49f834de08e46c2c0284ffa2c7c6c'
    '1ec20edfecd04872adba4bf046698e62361235ffc91738f7933bb7dbb65e6d206e747e9e'
    'da02ddfcb1576a55c4a876df38b283aeb9cc965af8e67afa3bc19a66d208ee7fb1018f04'
    '77ad6920bbafe294eb492c86af594adcef0b238a46f11f7c0e3a9c4b8f8db2feb8566f3f'
    '87d9280a03b040fed551ebfeec95a6b7a163f043a209c16571893d61081afb797f3dff90'
    'cd1261b086f64d2bbaaf80eff511d3b40549389d288827f758a620bf2dd7cd1e7ac1fa1d'
    '08810fa595b12204286109b34b662d81759e6b36b300b56bb866b6bc4f9bc725f06d3aa2'
)
parsed = TLS(data)
representation = parsed.show()
print(representation)

Wireshark knows that the first part of this is a Server Hello Handshake:

image

Unfortunately, Scapy doesn't:

###[ TLS ]### 
  type      = application_data
  version   = TLS 1.2
  len       = 122
  iv        = b''
  \msg       \
   |###[ Raw ]### 
   |  load      = "\x02\x00\x00v\x03\x03T\xd8r\xa9`)\x07\x81\xa5X'S\x9a\xb6\x07\xab\xe2\xba\x8d\xb7z! S\xad~\x98\xc9%\x98\xbaF 3\xd5b\xb3\x93T\x0cu @X3\xf0n\x8c\x84\xd0\xdf\xb0\xe8\xe0\x9f.\xa9\xd4\xe7\xb8T\x81\xb9\x89\xac\x13\x01\x00\x00.\x003\x00$\x00\x1d\x00 \x10\x0bro\xd7z\x0f\xd0\xe6\xa0\x02(W\x9d^d\x9fA\x05\x1a\x9b+Y\xf5\xaf\xb0\x9f\xe7/y4\x10\x00+\x00\x02\x03\x04"
  mac       = b''
  pad       = b''
  padlen    = None

It's getting the version and len, but not recognizing anything past that.

I can provide other captures if it helps?
@p-l-
Copy link
Member

p-l- commented Oct 27, 2018

Thanks for this report! Yep, a capture file would help.

@bbayles
Copy link
Author

bbayles commented Oct 27, 2018

Here's a capture. The server hello is in packet 6:
tls-13-handshake.pcap.gz

@gpotter2 gpotter2 added the bug label Nov 2, 2018
@vincae-dalean vincae-dalean mentioned this issue Nov 4, 2018
Closed
@gpotter2 gpotter2 mentioned this issue Nov 18, 2018
Closed
@gpotter2 gpotter2 mentioned this issue Dec 2, 2018
Closed
@gpotter2 gpotter2 added the tls label Apr 13, 2019
@Tschet1
Copy link

Tschet1 commented May 28, 2019
edited
Loading

I think the problem are the TLS1.3 version numbers. I think the message is parsed as TLSServerHello instead of TLS13ServerHello because the version number that is mentioned in the packet is 0x0303 for both TLS1.2 and TLS1.3.

In handshake.py

if _pkt and len(_pkt) >= 6:
    version = struct.unpack("!H", _pkt[4:6])[0]
    if version == 0x0304 or version > 0x7f00:
        return TLS13ServerHello
    return TLSServerHello

@romain-perez romain-perez mentioned this issue Jul 7, 2019
Closed
9 tasks
@guedou
Copy link
Member

guedou commented Jul 17, 2019

@bbayles does PR #2146 fix the issue?

@bbayles
Copy link
Author

bbayles commented Jul 17, 2019

Here is the new output (see my code to reproduce in the OP). This is better, but still not great.

###[ TLS ]### 
  type      = handshake
  version   = TLS 1.2
  len       = 122    [deciphered_len= 122]
  iv        = b''
  \msg       \
   |###[ Raw ]### 
   |  load      = "\x02\x00\x00v\x03\x03T\xd8r\xa9`)\x07\x81\xa5X'S\x9a\xb6\x07\xab\xe2\xba\x8d\xb7z! S\xad~\x98\xc9%\x98\xbaF 3\xd5b\xb3\x93T\x0cu @X3\xf0n\x8c\x84\xd0\xdf\xb0\xe8\xe0\x9f.\xa9\xd4\xe7\xb8T\x81\xb9\x89\xac\x13\x01\x00\x00.\x003\x00$\x00\x1d\x00 \x10\x0bro\xd7z\x0f\xd0\xe6\xa0\x02(W\x9d^d\x9fA\x05\x1a\x9b+Y\xf5\xaf\xb0\x9f\xe7/y4\x10\x00+\x00\x02\x03\x04"
  mac       = b''
  pad       = b''
  padlen    = None
###[ TLS ]### 
     type      = change_cipher_spec
     version   = TLS 1.2
     len       = 1    [deciphered_len= 1]
     iv        = b''
     \msg       \
      |###[ TLS ChangeCipherSpec ]### 
      |  msgtype   = change_cipher_spec
     mac       = b''
     pad       = b''
     padlen    = None
###[ TLS ]### 
        type      = application_data
        version   = TLS 1.2
        len       = 2371    [deciphered_len= 1122]
        iv        = b''
        \msg       \
         |###[ TLS Application Data ]### 
         |  data      = '5\x9c\x1dsA\x83(\x8fLaA\xd0q\t$\x1f\xde\x95*\xf1U\xd9\xb6\x16,\xf0\xdbz\x89\x03"\xb6P\xf6lT!-\x93\xd9\xbf/\xacx\xbb(r\xe2\x9a\x89\xb6\xff>\xf8]w\x7f=\xcbw<\xca\xedb\x90\t\x08\xa2\xd3\x10\x90<\xf2(\x97\xd9~\xd9\xe1uYmx\xd4\xbe\xb0a\xacn\xd8\x85\xf1e\xedD6\x96\xc0\xeem\x9bQ\x16\xed\t#~?[\xed\xa2\xc1\xff\x9f\xf3>uZ\xd8DP\xae\x9c\xf7v=<j\xec\x98\xebm\xff\x9c\x97S\xcbZ\x0c`\xd6\xf7\xb2\x0b\xb7\xa4Z\xe1\xe69\xae\x8a\x07\xc7=\xb8\xdb&\xb3|\x99/MN\xa7\xbe\xc5G\x15\xb6\x96\xb4c\xdb\xd5\x90Km8\xbfi\xf9\xb47\x9d*\xbc\x10\x1c\xdd]\xa0z!\xe4\xb1\x91>\xf5HL=\x9ba\xb5\xc0\xab\xe6\xcbm\xba\xa9\xfb\xee\n\x81\xa4\xb3\xbd*\xa7D\x9aM1\'\xf17\xb4!\x91\xa65\xd8\xec+\t\xa4\x8fe\x96V\xda\xe6\xed$l\x1d\x8d\x9c\x8f\xce\xd1\xb2\xa0\xa6\x10\xd3\x12D\x10\xf3.\x9a@\x00\xb4Q\xa2\x8c\xa3\xf1\xc0/pTf\xbf\x8fcV\xcd\xecItq\xd7\x8eOxSy\xecqF\x8e\x8a\xc9\xdb\xce\x8b\xb2\x9d$\x900\x92\x9fDB\x00>:g\xd4X\x1d\x97\xf5@\xe30\x9a-\x8b>\xb8K6\xca\xe9\xf9\xe7\x8f\xb1NT\x01\xffW\xcd\xca\xe2\x02\x9eb\x87[\xc9\xd5\xbd\x91@\xce\x8f\xaew\xdb\xf5D\x95\xefL\xb4\xa0\xaf\xf5\x91\xadoi\xea\xfa\xb1\x06\xdbf:\xdc\xc1\x83r+b\xf0;\x1e\'=\x17C\x8a\x18\xbe\x08\x80\xfa\xb1\xc4C\xd7\xb6GF\xf3:\\W\xbf\x8f\x8a\xc3\x88\x1a\xd4t\x00\xb4\x0f\x9d\x1b\'\xe0\xc8`\x12\xf2\xd3\xb1\x8aUUa\x0ew-;Qq\x1fY\x1e\xaa\x1dZh&\xa69\x0c\xaaS}}\xb9Q\x1c \x8bf\x8e\xa8\x8b\x88\xc5x\xa5\xb8\\\xd8\x86."\xb1{SQV\xbd\x90\x931[\x9c\xd0\xb4\x7fv\xf1\x19=n\'D\x04\x86\xdc\xe4#\x16\xdd4-\x94*\xadh\xe4\xb3^1\xcfz\'*P\xa3_\x9f\xa0\r\xc8\xf7\x00\xa2\xca\x98\x1a2u}\xfa*\x1b\xa0w\x8c3\x08"\x9e\x96\xb7J\xe3Pu\x19E\xc0(m5\x92Kyv85\xa4\xbd\x05\xe8\xa6\xd2\xa62\xff\xf6Ia\\\x8d\x8a\x1fs\xad9\xb5\xc3G\x8b\xb6\xb4\xb4\xb6\xb2\x1f&\xf4Rl\xe7\x10\x14\x8d.\xc3q%\xde\x1a\xd7+\xad\xa0\x16\xc9,C\x8a-@J.\xd0\xd2F!`e\t\xb8sl\xd3\xf9\x9e8vg\xdd#\xe1]V\xdc\x7f\xfb\xc3\xeca\x82Z\xf7\xf0\x8dc<w@e^\xa9\x8f\xb0Xz\x80\x0f\xc7IQ\xb0\xa2\x8b\x17$!\\\x87zX\xa3\xf9\xb1d\xed\xfd\t\xb8E\x08\xd8\xb3b\x04\x13\xcd\xcc/\x88\xbe\x14\x7f\xf5\xc3\x93\xfd#"\xb5\x16Tz\xae.m\xfc\xdd}^\xa3n\xf1+O\x11\xc5|\x99\xcc\xdei\xd8J>\x08\xc8_W\xe1\xc9\x07\xb1\xd9\xba,\xb0\x11\xb0ZQ\x84q\xd6HM\\\xad\xdb\xb3@p\xa7\xb7 \xd5a\xde\xc1g\x1fb>\x7f\x16\xf9\x98\x97\xb7\xbc?\x08\xf2J\xb0\x0e\xce\x15\x8eK\xef\x89}:\xcaw\xd8|\x7f\xef\'\xddso\xcdl\x8f\x0c\xfa~B\xdbg"\xbe\xd9\xd8\x80\x15\xaf\xbe\\\xcd\xf4\xd1|\xe7a"\x97\x1f\xa4\'\rD>\xab@FrMy\x1f\xca#U\xcaZ\xeb\xa1\x1fh\x81\xc0]NG\xb5P#\xae\xc4\x1d)\x7ftO+\x0c#\xfe\x02\xad\x1c$^\xbcx\x97.?m\xa0y)\x11\xc7\x93\xd0\x13#\'v\x1ehu\x8c;\\\xe4\x9f\x83M\xe0\x8eF\xc2\xc0(O\xfa,|l\x1e\xc2\x0e\xdf\xec\xd0Hr\xad\xbaK\xf0Fi\x8eb6\x125\xff\xc9\x178\xf7\x93;\xb7\xdb\xb6^m nt~\x9e\xda\x02\xdd\xfc\xb1WjU\xc4\xa8v\xdf8\xb2\x83\xae\xb9\xcc\x96Z\xf8\xe6z\xfa;\xc1\x9af\xd2\x08\xee\x7f\xb1\x01\x8f\x04w\xadi \xbb\xaf\xe2\x94\xebI,\x86\xafYJ\xdc\xef\x0b#\x8aF\xf1\x1f|\x0e:\x9cK\x8f\x8d\xb2\xfe\xb8Vo?\x87\xd9(\n\x03\xb0@\xfe\xd5Q\xeb\xfe\xec\x95\xa6\xb7\xa1c\xf0C\xa2\t\xc1eq\x89=a\x08\x1a\xfby\x7f=\xff\x90\xcd\x12a\xb0\x86\xf6M+\xba\xaf\x80\xef\xf5\x11\xd3\xb4\x05I8\x9d(\x88\'\xf7X\xa6 \xbf-\xd7\xcd\x1ez\xc1\xfa\x1d\x08\x81\x0f\xa5\x95\xb1"\x04(a\t\xb3Kf-\x81u\x9ek6\xb3\x00\xb5k\xb8f\xb6\xbcO\x9b\xc7%\xf0m:\xa2'
        mac       = b''
        pad       = b''
        padlen    = None

@guedou
Copy link
Member

guedou commented Jul 17, 2019
edited
Loading

Are you using the code from PR #2146 ?

Here is the (truncated) output that I have when the PR is used:

###[ TLS ]###                                                                                                                 
  type      = handshake                                                                                                       
  version   = TLS 1.2                                                                                                         
  len       = 122    [deciphered_len= 122]                                                                                    
  iv        = b''                                                                                                             
  \msg       \                                                                                                                
   |###[ TLS Handshake - Server Hello ]###                                                                                    
   |  msgtype   = server_hello                                                                                                
   |  msglen    = 118                                                                                                         
   |  version   = TLS 1.2                                                                                                     
   |  gmt_unix_time= Mon, 09 Feb 2015 08:41:13 +0000 (1423471273)                                                             
   |  random_bytes= 60290781a55827539ab607abe2ba8db77a212053ad7e98c92598ba46                                                  
   |  sidlen    = 32
   |  sid       = '3\xd5b\xb3\x93T\x0cu @X3\xf0n\x8c\x84\xd0\xdf\xb0\xe8\xe0\x9f.\xa9\xd4\xe7\xb8T\x81\xb9\x89\xac'
   |  cipher    = TLS_AES_128_GCM_SHA256
   |  comp      = null
   |  extlen    = 46
   |  \ext       \
   |   |###[ TLS Extension - Key Share (for ServerHello) ]###
   |   |  type      = key_share
   |   |  len       = 36
   |   |  \server_share\
   |   |   |###[ Key Share Entry ]###
   |   |   |  group     = x25519
   |   |   |  kxlen     = 32
   |   |   |  key_exchange= '\x10\x0bro\xd7z\x0f\xd0\xe6\xa0\x02(W\x9d^d\x9fA\x05\x1a\x9b+Y\xf5\xaf\xb0\x9f\xe7/y4\x10'
   |   |###[ TLS Extension - Supported Versions (for ServerHello) ]###                                                         
   |   |  type      = supported_versions                                                                                       
   |   |  len       = 2                                                                                                        
   |   |  version   = TLS 1.3    
[..]

@bbayles
Copy link
Author

bbayles commented Jul 17, 2019

Evidently I had the wrong branch checked out; my output now matches yours. The part after you trim is a bit odd still?

@guedou
Copy link
Member

guedou commented Jul 17, 2019 via email

@guedou
Copy link
Member

guedou commented Jul 25, 2019

Closed as #2146 is merged.

@guedou guedou closed this as completed Jul 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug tls
Projects
None yet
Milestone
No milestone
5 participants
@bbayles @p-l- @gpotter2 @guedou @Tschet1