Tools for handling TLS sessions and digital certificates. Use load_layer(‘tls’) to load them to the main namespace.
You may need to ‘pip install cryptography’ for the module to be loaded.
X.509 certificates parsing/building.
RSA & ECDSA keys sign/verify methods.
TLS records and sublayers (handshake…) parsing/building. Works with versions SSLv2 to TLS 1.2. This may be enhanced by a TLS context. For instance, if Scapy reads a ServerHello with version TLS 1.2 and a cipher suite using AES, it will assume the presence of IVs prepending the data. See test/tls.uts for real examples.
TLS encryption/decryption capabilities with many ciphersuites, including some which may be deemed dangerous. Once again, the TLS context enables Scapy to transparently send/receive protected data if it learnt the session secrets. Note that if Scapy acts as one side of the handshake (e.g. reads all server-related packets and builds all client-related packets), it will indeed compute the session secrets.
TLS client & server basic automatons, provided for testing and tweaking purposes. These make for a very primitive TLS stack.
Additionally, a basic test PKI (key + certificate for a CA, a client and a server) is provided in tls/examples/pki_test.
Various cryptography checks.
Reading a TLS handshake between a Firefox client and a GitHub server.
Reading TLS 1.3 handshakes from test vectors of a draft RFC.
Reading a SSLv2 handshake between s_client and s_server, without PFS.
Test our TLS server against s_client with different cipher suites.
Test our TLS client against our TLS server (s_server is unscriptable).
TODO list (may it be carved away by good souls):
Features to add (or wait for) in the cryptography library:
X448 from RFC 7748 (no support in openssl yet);
the compressed EC point format.
About the automatons:
Add resumption support, through session IDs or session tickets.
Add various checks for discrepancies between client and server. Is the ServerHello ciphersuite ok? What about the SKE params? Etc.
Add some examples which illustrate how the automatons could be used. Typically, we could showcase this with Heartbleed.
Allow the server to store both one RSA key and one ECDSA key, and select the right one to use according to the ClientHello suites.
Find a way to shutdown the automatons sockets properly without simultaneously breaking the unit tests.
Enhance PSK and session ticket support.
Define several Certificate Transparency objects.
Add the extended master secret and encrypt-then-mac logic.
Mostly unused features : DSS, fixed DH, SRP, char2 curves…