Fix tempesta-tech/tempesta#1310

(tintinweb/scapy-ssl_tls#163). RFC 5246 6.2.3.3 requires the explicit nonce (most usually sequence number) in the additional authenticated data (AAD), however crypto_data.sequence, used for the AAD creation in EAEADCryptoContainer, wasn't initialized with the explicit_nonce.
tempesta-tech · Dec 11, 2020 · eb4700f · eb4700f
1 parent 062a350
commit eb4700f
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/tls/scapy_ssl_tls/ssl_tls_crypto.py b/tls/scapy_ssl_tls/ssl_tls_crypto.py
@@ -1078,6 +1078,7 @@ def decrypt(self, ciphertext, content_type=tls.TLSContentType.APPLICATION_DATA):
         # Create an empty Crypto container to retrieve AEAD data based on length of cleartext
         crypto_data = CryptoData.from_context(self.tls_ctx, self.ctx, "\x00" * len(ciphertext))
         crypto_data.content_type = content_type
+        crypto_data.sequence = struct.unpack("!Q", explicit_nonce)[0]
         crypto_container = EAEADCryptoContainer.from_context(self.tls_ctx, self.ctx, crypto_data)
         self.__init_ciphers(self.get_nonce(explicit_nonce))
         self.dec_cipher.update(crypto_container.aead)