scapy.layers.tls.crypto.prf
TLS Pseudorandom Function.
- class scapy.layers.tls.crypto.prf.PRF(hash_name='SHA256', tls_version=771)[source]
Bases:
objectThe PRF used by SSL/TLS varies based on the version of the protocol and (for TLS 1.2) possibly the Hash algorithm of the negotiated cipher suite. The various uses of the PRF (key derivation, computation of verify_data, computation of pre_master_secret values) for the different versions of the protocol also changes. In order to abstract those elements, the common _tls_PRF() object is provided. It is expected to be initialised in the context of the connection state using the tls_version and the cipher suite.
- compute_master_secret(pre_master_secret, client_random, server_random, extms=False, handshake_hash=None)[source]
Return the 48-byte master_secret, computed from pre_master_secret, client_random and server_random. See RFC 5246, section 6.3. Supports Extended Master Secret Derivation, see RFC 7627
- compute_verify_data(con_end, read_or_write, handshake_msg, master_secret)[source]
Return verify_data based on handshake messages, connection end, master secret, and read_or_write position. See RFC 5246, section 7.4.9.
Every TLS 1.2 cipher suite has a verify_data of length 12. Note also:
"This PRF with the SHA-256 hash function is used for all cipher suites defined in this document and in TLS documents published prior to this document when TLS 1.2 is negotiated."
Cipher suites using SHA-384 were defined later on.
- derive_key_block(master_secret, server_random, client_random, req_len)[source]
Perform the derivation of master_secret into a key_block of req_len requested length. See RFC 5246, section 6.3.