TLS Session Context refactoring

examples/SCSV_fallback_test.py

@@ -20,37 +20,36 @@
 import itertools
 
 # https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
-if __name__=="__main__":
-    if len(sys.argv)<=2:
+if __name__ == "__main__":
+    if len(sys.argv) <= 2:
         print ("USAGE: <host> <port>")
         exit(1)
 
-    target = (sys.argv[1],int(sys.argv[2]))
+    target = (sys.argv[1], int(sys.argv[2]))
 
     PROTOS = [p for p in TLS_VERSIONS.values() if p.startswith("TLS_") or p.startswith("SSL_3")]
 
-    TESTS = itertools.product(PROTOS,repeat=2)
+    TESTS = itertools.product(PROTOS, repeat=2)
     RESULTS = []
 
     TLS_FALLBACK_SCSV_SUPPORTED = False
     SSLV3_ENABLED = True
 
-
     for t in TESTS:
         print ("----------------")
         print ("TEST : %s" % repr(t))
         print ("----------------")
         print ("connecting..")
 
         # create tcp socket
-        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         s.connect(target)
         print ("connected.")
         # create TLS Handhsake / Client Hello packet
-        outer,inner = t
-        p = TLSRecord(version=outer)/TLSHandshake()/TLSClientHello(version=inner,
+        outer, inner = t
+        p = TLSRecord(version=outer) / TLSHandshake() / TLSClientHello(version=inner,
                                                                        compression_methods=range(0xff),
-                                                                       cipher_suites=range(0xff)+[0x5600],
+                                                                       cipher_suites=range(0xff) + [0x5600],
                                                                        )
         p.show()
         print ("sending TLS payload")
@@ -63,32 +62,35 @@
 
         if resp.haslayer(TLSAlert):
             v = resp[TLSRecord].version
-            if resp[TLSAlert].description==86:        # INAPPROPRIATE_FALLBACK
+            if resp[TLSAlert].description == 86:        # INAPPROPRIATE_FALLBACK
                 print ("[* ] SUCCESS - server honors TLS_FALLBACK_SCSV")
-                RESULTS.append((t,"resp: TLSAlert.INAPPROPRIATE_FALLBACK  %s"%TLS_VERSIONS.get(v,v)))
-                TLS_FALLBACK_SCSV_SUPPORTED=True      # we've caught the SCSV alert
+                RESULTS.append((t, "resp: TLSAlert.INAPPROPRIATE_FALLBACK  %s" % TLS_VERSIONS.get(v, v)))
+                TLS_FALLBACK_SCSV_SUPPORTED = True      # we've caught the SCSV alert
             else:
                 print ("[- ] UNKNOWN - server responds with unexpected alert")
-                a_descr=resp[TLSAlert].description
-                RESULTS.append((t,"resp: TLSAlert.%s"%TLS_ALERT_DESCRIPTIONS.get(a_descr,a_descr)))
+                a_descr = resp[TLSAlert].description
+                RESULTS.append((t, "resp: TLSAlert.%s" % TLS_ALERT_DESCRIPTIONS.get(a_descr, a_descr)))
 
         elif resp.haslayer(TLSServerHello):
             print ("[!!] FAILED - server allows downgrade to %s" % t[1])
             v_outer = resp[TLSRecord].version
             v = resp[TLSServerHello].version
-            RESULTS.append((t,"resp: TLSServerHello:            outer %s inner %s"%(TLS_VERSIONS.get(v_outer,v_outer),TLS_VERSIONS.get(v,v))))
-            if t[1]=="TLS_3_0":
-                SSLV3_ENABLED=False
+            RESULTS.append(
+                (t, "resp: TLSServerHello:            outer %s inner %s" %
+                 (TLS_VERSIONS.get(
+                     v_outer, v_outer), TLS_VERSIONS.get(
+                     v, v))))
+            if t[1] == "TLS_3_0":
+                SSLV3_ENABLED = False
         else:
             print ("[!!] UNKNOWN - unexpected response..")
-            RESULTS.append((t,"Unexpected response"))
+            RESULTS.append((t, "Unexpected response"))
 
     print ("-----------------------")
     print ("for: %s" % repr(target))
     print ("   record      hello   ")
-    for t,r in RESULTS:
+    for t, r in RESULTS:
         print ("%s  ... %s" % (t, r))
     print ("overall:")
     print ("    TLS_FALLBACK_SCSV_SUPPORTED   ...  %s" % repr(TLS_FALLBACK_SCSV_SUPPORTED))
     print ("    SSLv3_ENABLED                 ...  %s" % repr(SSLV3_ENABLED))
-

examples/client_hello_complex_invalid.py

@@ -18,34 +18,34 @@
 
 import socket
 
-if __name__=="__main__":
-    if len(sys.argv)<=2:
+if __name__ == "__main__":
+    if len(sys.argv) <= 2:
         print ("USAGE: <host> <port>")
         exit(1)
 
-    target = (sys.argv[1],int(sys.argv[2]))
+    target = (sys.argv[1], int(sys.argv[2]))
     # create tcp socket
-    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect(target)
 
     # create TLS Handhsake / Client Hello packet
-    p = TLSRecord(version='TLS_1_2')/ \
-            TLSHandshake()/ \
-                TLSClientHello(compression_methods= [TLSCompressionMethod.NULL,TLSCompressionMethod.DEFLATE]+range(255-2),
-                               cipher_suites= [TLSCipherSuite.NULL_WITH_NULL_NULL]+range(0xff-1),
-                               extensions=[
-                                       TLSExtension()/ \
-                                            TLSExtServerNameIndication(server_names= [TLSServerName(data="a"*500,length=16),
-                                                                                   TLSServerName(length=222)]),
-                                       TLSExtension()/ \
-                                            TLSExtServerNameIndication(server_names=[TLSServerName(length=2)])
-                                       ])
+    p = TLSRecord(version='TLS_1_2') / \
+        TLSHandshake() / \
+        TLSClientHello(compression_methods=[TLSCompressionMethod.NULL, TLSCompressionMethod.DEFLATE] + range(255 - 2),
+                       cipher_suites=[TLSCipherSuite.NULL_WITH_NULL_NULL] + range(0xff - 1),
+                       extensions=[
+            TLSExtension() /
+            TLSExtServerNameIndication(server_names=[TLSServerName(data="a" * 500, length=16),
+                                                     TLSServerName(length=222)]),
+            TLSExtension() /
+            TLSExtServerNameIndication(server_names=[TLSServerName(length=2)])
+        ])
 
     p.show()
 
     print ("sending TLS payload")
     s.sendall(str(p))
-    resp = s.recv(1024*8)
+    resp = s.recv(1024 * 8)
     print ("received, %s" % repr(resp))
 
     SSL(resp).show()

examples/client_hello_rsa.py

@@ -18,23 +18,23 @@
 
 import socket
 
-if __name__=="__main__":
-    if len(sys.argv)<=2:
+if __name__ == "__main__":
+    if len(sys.argv) <= 2:
         print ("USAGE: <host> <port>")
         exit(1)
 
-    target = (sys.argv[1],int(sys.argv[2]))
+    target = (sys.argv[1], int(sys.argv[2]))
     # create tcp socket
-    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect(target)
 
     # create TLS Handhsake / Client Hello packet
-    p = TLSRecord()/TLSHandshake()/TLSClientHello(cipher_suites=[TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA])
+    p = TLSRecord() / TLSHandshake() / TLSClientHello(cipher_suites=[TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA])
 
     p.show()
     print ("sending TLS payload")
     s.sendall(str(p))
-    resp=s.recv(1024*8)
+    resp = s.recv(1024 * 8)
     print ("received, %d --  %s" % (len(resp), repr(resp)))
     SSL(resp).show()
-    s.close()
+    s.close()

examples/client_hello_twice.py

@@ -18,31 +18,33 @@
 
 import socket
 
-if __name__=="__main__":
-    if len(sys.argv)<=2:
+if __name__ == "__main__":
+    if len(sys.argv) <= 2:
         print ("USAGE: <host> <port>")
         exit(1)
 
-    target = (sys.argv[1],int(sys.argv[2]))
+    target = (sys.argv[1], int(sys.argv[2]))
     # create tcp socket
-    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect(target)
 
     # create TLS Handhsake / Client Hello packet
-    p = TLSRecord(version="SSL_3_0")/TLSHandshake()/TLSClientHello(version="SSL_3_0",compression_methods=range(0xff), cipher_suites=range(0xff))
+    p = TLSRecord(version="SSL_3_0") / TLSHandshake() / TLSClientHello(version="SSL_3_0",
+                                                                       compression_methods=range(0xff),
+                                                                       cipher_suites=range(0xff))
 
     p.show()
 
     print ("sending TLS payload")
     s.sendall(str(p))
-    resp = s.recv(1024*8)
+    resp = s.recv(1024 * 8)
     print ("received, %s" % repr(resp))
     SSL(resp).show()
 
     print ("sending TLS payload")
     s.sendall(str(p))
-    resp = s.recv(1024*8)
+    resp = s.recv(1024 * 8)
     print ("received, %s" % repr(resp))
     SSL(resp).show()
 
-    s.close()
+    s.close()

examples/client_hello_valid.py

@@ -18,25 +18,25 @@
 
 import socket
 
-if __name__=="__main__":
-    if len(sys.argv)<=2:
+if __name__ == "__main__":
+    if len(sys.argv) <= 2:
         print ("USAGE: <host> <port>")
         exit(1)
 
-    target = (sys.argv[1],int(sys.argv[2]))
+    target = (sys.argv[1], int(sys.argv[2]))
 
     # create tcp socket
-    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect(target)
 
     # create TLS Handhsake / Client Hello packet
-    p = TLSRecord()/TLSHandshake()/TLSClientHello(compression_methods=range(0xff)[::-1], cipher_suites=range(0xff))
+    p = TLSRecord() / TLSHandshake() / TLSClientHello(compression_methods=range(0xff)[::-1], cipher_suites=range(0xff))
 
     p.show()
 
     print ("sending TLS payload")
     s.sendall(str(p))
-    resp = s.recv(1024*8)
+    resp = s.recv(1024 * 8)
     print ("received, %s" % repr(resp))
     SSL(resp).show()
 

examples/client_hello_valid_w_alpn.py

@@ -18,34 +18,33 @@
 
 import socket
 
-if __name__=="__main__":
-    if len(sys.argv)<=2:
+if __name__ == "__main__":
+    if len(sys.argv) <= 2:
         print ("USAGE: <host> <port>")
         exit(1)
 
-    target = (sys.argv[1],int(sys.argv[2]))
+    target = (sys.argv[1], int(sys.argv[2]))
 
     # create tcp socket
-    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect(target)
 
     # create TLS Handhsake / Client Hello packet
-    p = TLSRecord()/ \
-        TLSHandshake()/ \
+    p = TLSRecord() / \
+        TLSHandshake() / \
         TLSClientHello(compression_methods=range(0xff),
                        cipher_suites=range(0xff),
-                       extensions=[TLSExtension()/ \
-                                  TLSExtALPN(protocol_name_list= \
-                                                    [TLSALPNProtocol(data="http/1.1"),
-                                                     TLSALPNProtocol(data="http/1.3"),
-                                                     TLSALPNProtocol(data="\x00htt\x01%sp/1.1"),
-                                                     ])],)
+                       extensions=[TLSExtension() /
+                                   TLSExtALPN(protocol_name_list=[TLSALPNProtocol(data="http/1.1"),
+                                                                  TLSALPNProtocol(data="http/1.3"),
+                                                                  TLSALPNProtocol(data="\x00htt\x01%sp/1.1"),
+                                                                  ])],)
 
     p.show()
 
     print ("sending TLS payload")
     s.sendall(str(p))
-    resp = s.recv(1024*8)
+    resp = s.recv(1024 * 8)
     print ("received, %s" % repr(resp))
     SSL(resp).show()
-    s.close()
+    s.close()

examples/client_hello_with_session_ticket.py

@@ -29,7 +29,7 @@
     ticket = server_finished[TLSSessionTicket].ticket
     tls_socket.sendall(to_raw(TLSPlaintext(data="GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"), tls_ctx))
     tls_socket.recvall()
-    master_secret = tls_ctx.crypto.session.master_secret
+    master_secret = tls_ctx.master_secret
 
 print("First session context: %s" % tls_ctx)
 
@@ -38,7 +38,8 @@
     tls_ctx = tls_socket.tls_ctx
     tls_socket.tls_ctx.resume_session(master_secret)
 
-    pkt = TLSRecord() / TLSHandshake() / TLSClientHello(version=version, cipher_suites=[cipher],
+    pkt = TLSRecord() / TLSHandshake() / TLSClientHello(version=version,
+                                                        cipher_suites=[cipher],
                                                         extensions=[TLSExtension() / TLSExtSessionTicketTLS(data=ticket)])
     tls_socket.sendall(pkt)
     resp = tls_socket.recvall()
@@ -48,5 +49,3 @@
     tls_socket.recvall()
 
 print("Resumed session context: %s" % tls_ctx)
-
-

examples/client_rsa_mutual_auth.py

@@ -9,7 +9,7 @@
 
 from Crypto.Hash import SHA256
 
-basedir = os.path.abspath(os.path.join(os.path.dirname(__file__),"../"))
+basedir = os.path.abspath(os.path.join(os.path.dirname(__file__), "../"))
 try:
     # This import works from the project directory
     from scapy_ssl_tls.ssl_tls import *
@@ -30,13 +30,12 @@ def do_tls_mutual_auth(host):
     socket_ = socket.socket()
     tls_socket = TLSSocket(socket_, client=True)
     tls_socket.connect(host)
-    tls_socket.tls_ctx.rsa_load_keys_from_file(os.path.join(basedir,
-                                                            "tests/integration/keys/scapy-tls-client.key.pem"),
-                                                            client=True)
+    tls_socket.tls_ctx.client_ctx.load_rsa_keys_from_file(os.path.join(
+        basedir, "tests/integration/keys/scapy-tls-client.key.pem"))
 
     client_hello = TLSRecord(version=tls_version) / TLSHandshake() /\
-                   TLSClientHello(version=tls_version, compression_methods=[TLSCompressionMethod.NULL, ],
-                                  cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_128_CBC_SHA256, ])
+        TLSClientHello(version=tls_version, compression_methods=[TLSCompressionMethod.NULL, ],
+                       cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_128_CBC_SHA256, ])
     tls_socket.sendall(client_hello)
     server_hello = tls_socket.recvall()
     server_hello.show()
@@ -50,8 +49,8 @@ def do_tls_mutual_auth(host):
     sig = tls_socket.tls_ctx.get_client_signed_handshake_hash(SHA256.new())
     # sig = sig[:128] + chr(ord(sig[128]) ^ 0xff) + sig[129:]
     client_cert_verify = TLSRecord(version=tls_version) / TLSHandshake() / \
-                         TLSCertificateVerify(alg=sig_hash_alg,
-                                              sig=sig)
+        TLSCertificateVerify(alg=sig_hash_alg,
+                             sig=sig)
     tls_socket.sendall(client_cert_verify)
 
     client_ccs = TLSRecord(version=tls_version) / TLSChangeCipherSpec()
@@ -73,4 +72,3 @@ def do_tls_mutual_auth(host):
     else:
         server = ("127.0.0.1", 8443)
     do_tls_mutual_auth(server)
-