add probes with encrypt then mac extension from RFC 7366

WestpointLtd · Aug 27, 2016 · c50235d · c50235d
1 parent 7d89351
commit c50235d
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/prober.py b/prober.py
@@ -290,7 +290,10 @@
     Padding16389Byte12PFS(),
     Padding17520Byte(),
     Padding17520Byte12(),
-    Padding17520Byte12PFS()
+    Padding17520Byte12PFS(),
+    EtMNotNull(),
+    EtMNotNull12(),
+    EtMNotNull12PFS()
 ]
 
 def probe(ipaddress, port, starttls, specified_probe):

diff --git a/probes.py b/probes.py
@@ -2597,3 +2597,28 @@ class Padding17520Byte12PFS(Padding16385Byte12PFS):
     def test(self, sock):
         logging.debug('Sending Client Hello...')
         sock.write(self.make_padding_hello(b'\x00' * (17520 - (144 - 5) - 4)))
+
+
+class EtMNotNull(NormalHandshake):
+    '''Send not empty encrypt then mac extension in hello'''
+
+    def make_etm_hello(self, value):
+        etm_ext = Extension.create(
+            extension_type=22,
+            data=value)
+        return self.make_hello([etm_ext])
+
+    def test(self, sock):
+        logging.debug('Sending Client Hello...')
+        # normal extension must be empty
+        sock.write(self.make_etm_hello(b'\x04'))
+
+
+class EtMNotNull12(EtMNotNull, NormalHandshake12):
+    '''Send not empty encrypt then mac extension in TLSv1.2 hello'''
+    pass
+
+
+class EtMNotNull12PFS(EtMNotNull, NormalHandshake12PFS):
+    '''Send not empty encrypt then mac extension in PFS TLSv1.2 hello'''
+    pass