scapy.layers.tls.handshake

TLS handshake fields & logic.

This module covers the handshake TLS subprotocol, except for the key exchange mechanisms which are addressed with keyexchange.py.

class scapy.layers.tls.handshake.SupDataEntry(_pkt, /, *, sdtype=None, len=None, data=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.tls.handshake.SupDataEntry'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortField (SupDataEntry).sdtype>, <FieldLenField (SupDataEntry).len>, <StrLenField (SupDataEntry).data>]

guess_payload_class(p)[source]

class scapy.layers.tls.handshake.SupDataEntryUM(_pkt, /, *, sdtype=None, len=None, dlen=None, data=[])[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.tls.handshake.SupDataEntryUM'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortField (SupDataEntryUM).sdtype>, <FieldLenField (SupDataEntryUM).len>, <FieldLenField (SupDataEntryUM).dlen>, <PacketListField (SupDataEntryUM).data>]

guess_payload_class(p)[source]

class scapy.layers.tls.handshake.TLS13Certificate(_pkt, /, *, msgtype=11, msglen=None, cert_req_ctxt_len=None, cert_req_ctxt=b'', certslen=None, certs=[])[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLS13Certificate'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLS13Certificate).msgtype>, <ThreeBytesField (TLS13Certificate).msglen>, <FieldLenField (TLS13Certificate).cert_req_ctxt_len>, <StrLenField (TLS13Certificate).cert_req_ctxt>, <_ASN1CertLenField (TLS13Certificate).certslen>, <_ASN1CertAndExtListField (TLS13Certificate).certs>]

post_dissection_tls_session_update(msg_str)[source]

class scapy.layers.tls.handshake.TLS13CertificateRequest(_pkt, /, *, msgtype=13, msglen=None, cert_req_ctxt_len=None, cert_req_ctxt=b'', extlen=None, ext=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLS13CertificateRequest'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLS13CertificateRequest).msgtype>, <ThreeBytesField (TLS13CertificateRequest).msglen>, <FieldLenField (TLS13CertificateRequest).cert_req_ctxt_len>, <StrLenField (TLS13CertificateRequest).cert_req_ctxt>, <_ExtensionsLenField (TLS13CertificateRequest).extlen>, <_ExtensionsField (TLS13CertificateRequest).ext>]

tls_session_update(msg_str)[source]

class scapy.layers.tls.handshake.TLS13ClientHello(_pkt, /, *, msgtype=1, msglen=None, version=None, random_bytes=None, sidlen=None, sid=b'', cipherslen=None, ciphers=None, complen=None, comp=[0], extlen=None, ext=None)[source]

Bases: _TLSHandshake

TLS 1.3 ClientHello, with abilities to handle extensions.

The Random structure is 32 random bytes without any GMT time

aliastypes = [<class 'scapy.layers.tls.handshake.TLS13ClientHello'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLS13ClientHello).msgtype>, <ThreeBytesField (TLS13ClientHello).msglen>, <_TLSClientVersionField (TLS13ClientHello).version>, <_TLSRandomBytesField (TLS13ClientHello).random_bytes>, <FieldLenField (TLS13ClientHello).sidlen>, <_SessionIDField (TLS13ClientHello).sid>, <FieldLenField (TLS13ClientHello).cipherslen>, <_CipherSuitesField (TLS13ClientHello).ciphers>, <FieldLenField (TLS13ClientHello).complen>, <_CompressionMethodsField (TLS13ClientHello).comp>, <_ExtensionsLenField (TLS13ClientHello).extlen>, <_ExtensionsField (TLS13ClientHello).ext>]

post_build(p, pay)[source]

tls_session_update(msg_str)[source]: Either for parsing or building, we store the client_random along with the raw string representing this handshake message.

class scapy.layers.tls.handshake.TLS13EndOfEarlyData(_pkt, /, *, msgtype=5, msglen=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLS13EndOfEarlyData'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLS13EndOfEarlyData).msgtype>, <ThreeBytesField (TLS13EndOfEarlyData).msglen>]

class scapy.layers.tls.handshake.TLS13HelloRetryRequest(_pkt, /, *, msgtype=2, msglen=None, version=771, random_bytes=None, sidlen=None, sid=b'', cipher=None, comp=[0], extlen=None, ext=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLS13HelloRetryRequest'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

build()[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLS13ServerHello,TLS13HelloRetryRequest).msgtype>, <ThreeBytesField (TLS13ServerHello,TLS13HelloRetryRequest).msglen>, <_TLSVersionField (TLS13ServerHello,TLS13HelloRetryRequest).version>, <_TLSRandomBytesField (TLS13ServerHello,TLS13HelloRetryRequest).random_bytes>, <FieldLenField (TLS13ServerHello,TLS13HelloRetryRequest).sidlen>, <_SessionIDField (TLS13ServerHello,TLS13HelloRetryRequest).sid>, <ShortEnumField (TLS13ServerHello,TLS13HelloRetryRequest).cipher>, <_CompressionMethodsField (TLS13ServerHello,TLS13HelloRetryRequest).comp>, <_ExtensionsLenField (TLS13ServerHello,TLS13HelloRetryRequest).extlen>, <_ExtensionsField (TLS13ServerHello,TLS13HelloRetryRequest).ext>]

tls_session_update(**kwargs: Any) → Any[source]

class scapy.layers.tls.handshake.TLS13KeyUpdate(_pkt, /, *, msgtype=24, msglen=None, request_update=0)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLS13KeyUpdate'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLS13KeyUpdate).msgtype>, <ThreeBytesField (TLS13KeyUpdate).msglen>, <ByteEnumField (TLS13KeyUpdate).request_update>]

post_build_tls_session_update(msg_str)[source]

post_dissection_tls_session_update(msg_str)[source]

class scapy.layers.tls.handshake.TLS13NewSessionTicket(_pkt, /, *, msgtype=4, msglen=None, ticket_lifetime=4294967295, ticket_age_add=0, noncelen=None, ticket_nonce=b'', ticketlen=None, ticket=b'', extlen=None, ext=None)[source]

Bases: _TLSHandshake

Uncomment the TicketField line for parsing a RFC 5077 ticket.

aliastypes = [<class 'scapy.layers.tls.handshake.TLS13NewSessionTicket'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

build()[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLS13NewSessionTicket).msgtype>, <ThreeBytesField (TLS13NewSessionTicket).msglen>, <IntField (TLS13NewSessionTicket).ticket_lifetime>, <IntField (TLS13NewSessionTicket).ticket_age_add>, <FieldLenField (TLS13NewSessionTicket).noncelen>, <StrLenField (TLS13NewSessionTicket).ticket_nonce>, <FieldLenField (TLS13NewSessionTicket).ticketlen>, <StrLenField (TLS13NewSessionTicket).ticket>, <_ExtensionsLenField (TLS13NewSessionTicket).extlen>, <_ExtensionsField (TLS13NewSessionTicket).ext>]

post_dissection_tls_session_update(msg_str)[source]

class scapy.layers.tls.handshake.TLS13ServerHello(_pkt, /, *, msgtype=2, msglen=None, version=771, random_bytes=None, sidlen=None, sid=b'', cipher=None, comp=[0], extlen=None, ext=None)[source]

Bases: TLSServerHello

TLS 1.3 ServerHello

aliastypes = [<class 'scapy.layers.tls.handshake.TLS13ServerHello'>, <class 'scapy.layers.tls.handshake.TLSServerHello'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLS13ServerHello,TLS13HelloRetryRequest).msgtype>, <ThreeBytesField (TLS13ServerHello,TLS13HelloRetryRequest).msglen>, <_TLSVersionField (TLS13ServerHello,TLS13HelloRetryRequest).version>, <_TLSRandomBytesField (TLS13ServerHello,TLS13HelloRetryRequest).random_bytes>, <FieldLenField (TLS13ServerHello,TLS13HelloRetryRequest).sidlen>, <_SessionIDField (TLS13ServerHello,TLS13HelloRetryRequest).sid>, <ShortEnumField (TLS13ServerHello,TLS13HelloRetryRequest).cipher>, <_CompressionMethodsField (TLS13ServerHello,TLS13HelloRetryRequest).comp>, <_ExtensionsLenField (TLS13ServerHello,TLS13HelloRetryRequest).extlen>, <_ExtensionsField (TLS13ServerHello,TLS13HelloRetryRequest).ext>]

post_build(p, pay)[source]

tls_session_update(msg_str)[source]: Either for parsing or building, we store the server_random along with the raw string representing this handshake message. We also store the cipher suite (if recognized), and finally we instantiate the write and read connection states.

class scapy.layers.tls.handshake.TLSCertificate(_pkt, /, *, msgtype=11, msglen=None, certslen=None, certs=[])[source]

Bases: _TLSHandshake

XXX We do not support RFC 5081, i.e. OpenPGP certificates.

aliastypes = [<class 'scapy.layers.tls.handshake.TLSCertificate'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSCertificate).msgtype>, <ThreeBytesField (TLSCertificate).msglen>, <_ASN1CertLenField (TLSCertificate).certslen>, <_ASN1CertListField (TLSCertificate).certs>]

post_dissection_tls_session_update(msg_str)[source]

class scapy.layers.tls.handshake.TLSCertificateRequest(_pkt, /, *, msgtype=13, msglen=None, ctypeslen=None, ctypes=[1, 64], sig_algs_len=None, sig_algs=[1027, 1025, 513], certauthlen=None, certauth=[])[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSCertificateRequest'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSCertificateRequest).msgtype>, <ThreeBytesField (TLSCertificateRequest).msglen>, <FieldLenField (TLSCertificateRequest).ctypeslen>, <_CertTypesField (TLSCertificateRequest).ctypes>, <SigAndHashAlgsLenField (TLSCertificateRequest).sig_algs_len>, <SigAndHashAlgsField (TLSCertificateRequest).sig_algs>, <FieldLenField (TLSCertificateRequest).certauthlen>, <_CertAuthoritiesField (TLSCertificateRequest).certauth>]

class scapy.layers.tls.handshake.TLSCertificateStatus(_pkt, /, *, msgtype=22, msglen=None, status_type=1, responselen=None, response=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSCertificateStatus'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSCertificateStatus).msgtype>, <ThreeBytesField (TLSCertificateStatus).msglen>, <ByteEnumField (TLSCertificateStatus).status_type>, <ThreeBytesLenField (TLSCertificateStatus).responselen>, <_StatusField (TLSCertificateStatus).response>]

class scapy.layers.tls.handshake.TLSCertificateURL(_pkt, /, *, msgtype=21, msglen=None, certchaintype=None, uahlen=None, uah=[])[source]

Bases: _TLSHandshake

Defined in RFC 4366. PkiPath structure of section 8 is not implemented yet.

aliastypes = [<class 'scapy.layers.tls.handshake.TLSCertificateURL'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSCertificateURL).msgtype>, <ThreeBytesField (TLSCertificateURL).msglen>, <ByteEnumField (TLSCertificateURL).certchaintype>, <FieldLenField (TLSCertificateURL).uahlen>, <PacketListField (TLSCertificateURL).uah>]

class scapy.layers.tls.handshake.TLSCertificateVerify(_pkt, /, *, msgtype=15, msglen=None, sig=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSCertificateVerify'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

build(*args, **kargs)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSCertificateVerify).msgtype>, <ThreeBytesField (TLSCertificateVerify).msglen>, <_TLSSignatureField (TLSCertificateVerify).sig>]

post_dissection(pkt)[source]

class scapy.layers.tls.handshake.TLSClientHello(_pkt, /, *, msgtype=1, msglen=None, version=None, gmt_unix_time=None, random_bytes=None, sidlen=None, sid=b'', cipherslen=None, ciphers=None, complen=None, comp=[0], extlen=None, ext=None)[source]

Bases: _TLSHandshake

TLS ClientHello, with abilities to handle extensions.

The Random structure follows the RFC 5246: while it is 32-byte long, many implementations use the first 4 bytes as a gmt_unix_time, and then the remaining 28 byts should be completely random. This was designed in order to (sort of) mitigate broken RNGs. If you prefer to show the full 32 random bytes without any GMT time, just comment in/out the lines below.

aliastypes = [<class 'scapy.layers.tls.handshake.TLSClientHello'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSClientHello).msgtype>, <ThreeBytesField (TLSClientHello).msglen>, <_TLSClientVersionField (TLSClientHello).version>, <_GMTUnixTimeField (TLSClientHello).gmt_unix_time>, <_TLSRandomBytesField (TLSClientHello).random_bytes>, <FieldLenField (TLSClientHello).sidlen>, <_SessionIDField (TLSClientHello).sid>, <FieldLenField (TLSClientHello).cipherslen>, <_CipherSuitesField (TLSClientHello).ciphers>, <FieldLenField (TLSClientHello).complen>, <_CompressionMethodsField (TLSClientHello).comp>, <_ExtensionsLenField (TLSClientHello).extlen>, <_ExtensionsField (TLSClientHello).ext>]

post_build(p, pay)[source]

tls_session_update(msg_str)[source]: Either for parsing or building, we store the client_random along with the raw string representing this handshake message.

class scapy.layers.tls.handshake.TLSClientKeyExchange(_pkt, /, *, msgtype=16, msglen=None, exchkeys=None)[source]

Bases: _TLSHandshake

This class mostly works like TLSServerKeyExchange and its ‘params’ field.

aliastypes = [<class 'scapy.layers.tls.handshake.TLSClientKeyExchange'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

build(*args, **kargs)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSClientKeyExchange).msgtype>, <ThreeBytesField (TLSClientKeyExchange).msglen>, <_TLSCKExchKeysField (TLSClientKeyExchange).exchkeys>]

tls_session_update(msg_str)[source]: Finalize the EXTMS messages and compute the hash

class scapy.layers.tls.handshake.TLSEncryptedExtensions(_pkt, /, *, msgtype=8, msglen=None, extlen=None, ext=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSEncryptedExtensions'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSEncryptedExtensions).msgtype>, <ThreeBytesField (TLSEncryptedExtensions).msglen>, <_ExtensionsLenField (TLSEncryptedExtensions).extlen>, <_ExtensionsField (TLSEncryptedExtensions).ext>]

post_build_tls_session_update(msg_str)[source]

post_dissection_tls_session_update(msg_str)[source]

class scapy.layers.tls.handshake.TLSFinished(_pkt, /, *, msgtype=20, msglen=None, vdata=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSFinished'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

build(*args, **kargs)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSFinished).msgtype>, <ThreeBytesField (TLSFinished).msglen>, <_VerifyDataField (TLSFinished).vdata>]

post_build_tls_session_update(msg_str)[source]

post_dissection(pkt)[source]

post_dissection_tls_session_update(msg_str)[source]

class scapy.layers.tls.handshake.TLSHelloRequest(_pkt, /, *, msgtype=0, msglen=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSHelloRequest'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSHelloRequest).msgtype>, <ThreeBytesField (TLSHelloRequest).msglen>]

tls_session_update(msg_str)[source]: Message should not be added to the list of handshake messages that will be hashed in the finished and certificate verify messages.

class scapy.layers.tls.handshake.TLSHelloVerifyRequest(_pkt, /, *, msgtype=21, msglen=None, cookielen=None, cookie=b'')[source]

Bases: _TLSHandshake

Defined for DTLS, see RFC 6347.

aliastypes = [<class 'scapy.layers.tls.handshake.TLSHelloVerifyRequest'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSHelloVerifyRequest).msgtype>, <ThreeBytesField (TLSHelloVerifyRequest).msglen>, <FieldLenField (TLSHelloVerifyRequest).cookielen>, <StrLenField (TLSHelloVerifyRequest).cookie>]

class scapy.layers.tls.handshake.TLSNewSessionTicket(_pkt, /, *, msgtype=4, msglen=None, lifetime=4294967295, ticketlen=None, ticket=b'')[source]

Bases: _TLSHandshake

XXX When knowing the right secret, we should be able to read the ticket.

aliastypes = [<class 'scapy.layers.tls.handshake.TLSNewSessionTicket'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSNewSessionTicket).msgtype>, <ThreeBytesField (TLSNewSessionTicket).msglen>, <IntField (TLSNewSessionTicket).lifetime>, <FieldLenField (TLSNewSessionTicket).ticketlen>, <StrLenField (TLSNewSessionTicket).ticket>]

post_dissection_tls_session_update(msg_str)[source]

class scapy.layers.tls.handshake.TLSServerHello(_pkt, /, *, msgtype=2, msglen=None, version=None, gmt_unix_time=None, random_bytes=None, sidlen=None, sid=b'', cipher=None, comp=[0], extlen=None, ext=None)[source]

Bases: _TLSHandshake

TLS ServerHello, with abilities to handle extensions.

The Random structure follows the RFC 5246: while it is 32-byte long, many implementations use the first 4 bytes as a gmt_unix_time, and then the remaining 28 byts should be completely random. This was designed in order to (sort of) mitigate broken RNGs. If you prefer to show the full 32 random bytes without any GMT time, just comment in/out the lines below.

aliastypes = [<class 'scapy.layers.tls.handshake.TLSServerHello'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

build(*args, **kargs)[source]

classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSServerHello).msgtype>, <ThreeBytesField (TLSServerHello).msglen>, <_TLSVersionField (TLSServerHello).version>, <_GMTUnixTimeField (TLSServerHello).gmt_unix_time>, <_TLSRandomBytesField (TLSServerHello).random_bytes>, <FieldLenField (TLSServerHello).sidlen>, <_SessionIDField (TLSServerHello).sid>, <ShortEnumField (TLSServerHello).cipher>, <_CompressionMethodsField (TLSServerHello).comp>, <_ExtensionsLenField (TLSServerHello).extlen>, <_ExtensionsField (TLSServerHello).ext>]

post_build(p, pay)[source]

tls_session_update(msg_str)[source]: Either for parsing or building, we store the server_random along with the raw string representing this handshake message. We also store the session_id, the cipher suite (if recognized), the compression method, and finally we instantiate the pending write and read connection states. Usually they get updated later on in the negotiation when we learn the session keys, and eventually they are committed once a ChangeCipherSpec has been sent/received.

class scapy.layers.tls.handshake.TLSServerHelloDone(_pkt, /, *, msgtype=14, msglen=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSServerHelloDone'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSServerHelloDone).msgtype>, <ThreeBytesField (TLSServerHelloDone).msglen>]

class scapy.layers.tls.handshake.TLSServerKeyExchange(_pkt, /, *, msgtype=12, msglen=None, params=None, sig=None)[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSServerKeyExchange'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

build(*args, **kargs)[source]

We overload build() method in order to provide a valid default value for params based on TLS session if not provided. This cannot be done by overriding i2m() because the method is called on a copy of the packet.

The ‘params’ field is built according to key_exchange.server_kx_msg_cls which should have been set after receiving a cipher suite in a previous ServerHello. Usual cases are:

None: for RSA encryption or fixed FF/ECDH. This should never happen, as no ServerKeyExchange should be generated in the first place.
ServerDHParams: for ephemeral FFDH. In that case, the parameter to server_kx_msg_cls does not matter.
ServerECDH*Params: for ephemeral ECDH. There are actually three classes, which are dispatched by _tls_server_ecdh_cls_guess on the first byte retrieved. The default here is b”03”, which corresponds to ServerECDHNamedCurveParams (implicit curves).

When the Server*DHParams are built via .fill_missing(), the session server_kx_privkey will be updated accordingly.

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSServerKeyExchange).msgtype>, <ThreeBytesField (TLSServerKeyExchange).msglen>, <_TLSServerParamsField (TLSServerKeyExchange).params>, <_TLSSignatureField (TLSServerKeyExchange).sig>]

post_dissection(pkt)[source]

While previously dissecting Server*DHParams, the session server_kx_pubkey should have been updated.

XXX Add a ‘fixed_dh’ OR condition to the ‘anonymous’ test.

class scapy.layers.tls.handshake.TLSSupplementalData(_pkt, /, *, msgtype=23, msglen=None, sdatalen=None, sdata=[])[source]

Bases: _TLSHandshake

aliastypes = [<class 'scapy.layers.tls.handshake.TLSSupplementalData'>, <class 'scapy.layers.tls.handshake._TLSHandshake'>, <class 'scapy.layers.tls.session._GenericTLSSessionInheritance'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (TLSSupplementalData).msgtype>, <ThreeBytesField (TLSSupplementalData).msglen>, <ThreeBytesLenField (TLSSupplementalData).sdatalen>, <PacketListField (TLSSupplementalData).sdata>]

class scapy.layers.tls.handshake.ThreeBytesLenField(name, default, length_of=None, adjust=<function ThreeBytesLenField.<lambda>>)[source]

Bases: FieldLenField

addfield(pkt, s, val)[source]

getfield(pkt, s)[source]

i2repr(pkt, x)[source]

class scapy.layers.tls.handshake.URLAndOptionalHash(_pkt, /, *, urllen=None, url=b'', hash_present=None, hash=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.tls.handshake.URLAndOptionalHash'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FieldLenField (URLAndOptionalHash).urllen>, <StrLenField (URLAndOptionalHash).url>, <FieldLenField (URLAndOptionalHash).hash_present>, <StrLenField (URLAndOptionalHash).hash>]

guess_payload_class(p)[source]

class scapy.layers.tls.handshake.UserMappingData(_pkt, /, *, version=None, len=None, data=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.tls.handshake.UserMappingData'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteField (UserMappingData).version>, <FieldLenField (UserMappingData).len>, <StrLenField (UserMappingData).data>]

guess_payload_class(p)[source]