add ssl negotiation for TPDU layer

2013-10-14 18:39:10 +02:00
parent 0f6952f6b0
commit 1764aa1c4e
2 changed files with 39 additions and 4 deletions
--- a/rdpy/protocol/common/error.py
+++ b/rdpy/protocol/common/error.py
@@ -12,3 +12,13 @@ class InvalidExpectedDataException(Exception):
        '''
        Exception.__init__(self, message)
        
+class NegotiationFailure(Exception):
+    '''
+    raise when negotiation failure in different protocols
+    '''
+    def __init__(self, message):
+        '''
+        constructor with message
+        '''
+        Exception.__init__(self, message)
+        
--- a/rdpy/protocol/rdp/tpdu.py
+++ b/rdpy/protocol/rdp/tpdu.py
@@ -3,7 +3,7 @@
 '''
 from rdpy.protocol.common.layer import LayerAutomata
 from rdpy.protocol.common.stream import Stream
-from rdpy.protocol.common.error import InvalidExpectedDataException
+from rdpy.protocol.common.error import InvalidExpectedDataException, NegotiationFailure

 class TPDU(LayerAutomata):
    '''
@@ -121,6 +121,8 @@ class TPDU(LayerAutomata):
            self.readNegResp(data)
        else:
            raise InvalidExpectedDataException("bad protocol negotiation response code")
+        #_transport is TPKT and transport is TCP layer of twisted
+        self._transport.transport.startTLS(ClientTLSContext())
    
    def readNegFailure(self, data):
        '''
@@ -130,7 +132,30 @@ class TPDU(LayerAutomata):
    
    def readNegResp(self, data):
        '''
-        read negotiatiion response packet
+        read negotiation response packet
        '''
-        pass
-        
+        flag = data.read_uint8()
+        len = data.read_leuint16()
+        
+        if len != 0x0008:
+            raise InvalidExpectedDataException("invalid size of negotiation response")
+        
+        protocol = data.read_leuint32()
+        if protocol != self._protocol:
+            raise NegotiationFailure("protocol negotiation failure")
+        
+
+#open ssl needed
+from twisted.internet import ssl
+from OpenSSL import SSL
+
+class ClientTLSContext(ssl.ClientContextFactory):
+    '''
+    client context factory for open ssl
+    '''
+    isClient = 1
+    def getContext(self):
+        context = SSL.Context(SSL.TLSv1_METHOD)
+        context.set_options(SSL.OP_DONT_INSERT_EMPTY_FRAGMENTS)
+        context.set_options(SSL.OP_TLS_BLOCK_PADDING_BUG)
+        return context