diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index a644acde10a..7bbb80f26a6 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -22,39 +22,11 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dh, ec from cryptography.hazmat.primitives import serialization + from cryptography.hazmat.primitives.asymmetric.dh import DHParameterNumbers if conf.crypto_valid_advanced: from cryptography.hazmat.primitives.asymmetric import x25519 from cryptography.hazmat.primitives.asymmetric import x448 -# We have to start by a dirty hack in order to allow long generators, -# which some versions of openssl love to use... - -if conf.crypto_valid: - from cryptography.hazmat.primitives.asymmetric.dh import DHParameterNumbers - - try: - # We test with dummy values whether the size limitation has been removed. # noqa: E501 - pn_test = DHParameterNumbers(2, 7) - except ValueError: - # We get rid of the limitation through the cryptography v1.9 __init__. - - def DHParameterNumbers__init__hack(self, p, g, q=None): - if ( - not isinstance(p, int) or - not isinstance(g, int) - ): - raise TypeError("p and g must be integers") - if q is not None and not isinstance(q, int): - raise TypeError("q must be integer or None") - - self._p = p - self._g = g - self._q = q - - DHParameterNumbers.__init__ = DHParameterNumbers__init__hack - - # End of hack. - _ffdh_groups = {} @@ -459,7 +431,12 @@ def _tls_named_groups_import(group, pubbytes): import_point = x448.X448PublicKey.from_public_bytes return import_point(pubbytes) else: - curve = ec._CURVE_TYPES[_tls_named_curves[group]]() + curve = ec._CURVE_TYPES[_tls_named_curves[group]] + try: + # cryptography < 42 + curve = curve() + except TypeError: + pass try: # cryptography >= 2.5 return ec.EllipticCurvePublicKey.from_encoded_point( curve, @@ -516,7 +493,12 @@ def _tls_named_groups_generate(group): "Your cryptography version doesn't support " + group_name ) else: - curve = ec._CURVE_TYPES[_tls_named_curves[group]]() + curve = ec._CURVE_TYPES[_tls_named_curves[group]] + try: + # cryptography < 42 + curve = curve() + except TypeError: + pass return ec.generate_private_key(curve, default_backend()) # Below lies ghost code since the shift from 'ecdsa' to 'cryptography' lib. diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc index debb353a173..894e23977d1 100644 --- a/test/configs/cryptography.utsc +++ b/test/configs/cryptography.utsc @@ -1,6 +1,6 @@ { "testfiles": [ - "test/tls*.uts", + "test/scapy/layers/tls/tls*.uts", "test/scapy/layers/dot11.uts", "test/scapy/layers/ipsec.uts", "test/contrib/macsec.uts" diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index c9860f3b8f4..e967cfbd338 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -484,7 +484,7 @@ assert isinstance(p, Dot11WEP) conf.crypto_valid = bck_conf_crypto_valid conf.wepkey = "Fobar" -r = raw(Dot11WEP()/LLC()/SNAP()/IP()/TCP(seq=12345678)) +r = raw(Dot11WEP()/LLC()/SNAP()/IP(src="127.0.0.1", dst="127.0.0.1")/TCP(seq=12345678)) r assert r == b'\x00\x00\x00\x00\xe3OjYLw\xc3x_%\xd0\xcf\xdeu-\xc3pH#\x1eK\xae\xf5\xde\xe7\xb8\x1d,\xa1\xfe\xe83\xca\xe1\xfe\xbd\xfe\xec\x00)T`\xde.\x93Td\x95C\x0f\x07\xdd' p = Dot11WEP(r)