prepare v2.0.0

Author: tintinweb

README.rst

@@ -18,10 +18,19 @@ decryption (RSA\_WITH\_\*), fuzzing and security scanning
 (*Renegotiation, Heartbleed, Poodle, Logjam/Freak, DROWN, various Buffer
 overflows, ...*).
 
+Compatibility
+-------------
+
+**!! v2.x breaks backwards compatibility to v1.2.x branch due to major interface refactoring introduced with tls1_3 support !!**
+
+see `Release Notes <https://github.com/tintinweb/scapy-ssl_tls/releases>`_ 
+
+
 Features
 --------
 
 -  Protocol Support
+-  TLS 1.3 draft 18
 -  TLS 1.2
 -  TLS 1.1
 -  TLS 1.0
@@ -75,6 +84,8 @@ Option 3: manual installation
     +                   "mgcp", "mobileip", "netbios", "netflow", "ntp", "ppp", "radius", "rip", "rtp","ssl_tls",
                         "sebek", "skinny", "smb", "snmp", "tftp", "x509", "bluetooth", "dhcp6", "llmnr", "sctp", "vrrp" ]
 
+
+
 verify installation:
 ''''''''''''''''''''
 
@@ -101,7 +112,6 @@ Troubleshooting
 
 **Q:** ``sessionctx_sniffer.py`` does not seem to detect ``SSL/TLS`` or
 does not show any sniffed ``SSL/TLS`` sessions.
-
 **A:** This is problem caused by the import magic in
 ``sessionctx_sniffer.py`` where the example might mix up imports from
 the projects directory with the ones installed with ``pip`` or via
@@ -110,14 +120,11 @@ the projects directory with the ones installed with ``pip`` or via
 scapy-ssl\_tls to use it directly from the project directory, or remove
 the ``from scapy_ssl_tls.ssl_tls import *`` import lines from the
 example.
-
 **Note:** This has been addressed with ``>=v1.2.3`` where the
 system-wide import has preference.
 
-
 **Q:** ``sessionctx_sniffer.py`` does not seem to dissect large
 ``SSL/TLS`` records properly.
-
 **A:** In order to fully reconstruct *sniffed* ``SSL/TLS`` records one
 needs to ``defragment`` the sniffed IP packets and ``reassemble`` them
 to TCP segments. Since TCP Stream reassembly is not an easy task

scapy_ssl_tls/ssl_tls.py

@@ -336,16 +336,16 @@ def __init__(self, entries):
 }
 TLSTypeBoolean = EnumStruct(TLS_TYPE_BOOLEAN)
 
-TLS_EC_POINT_FORMATS = registry.EC_POINT_FORMAT_REGISTRY
+TLS_EC_POINT_FORMATS = registry.TLS_EC_POINT_FORMAT_REGISTRY
 TLSEcPointFormat = EnumStruct(TLS_EC_POINT_FORMATS)
 # Fix inconsistency in casing
 TLSECPointFormat = TLSEcPointFormat
 DEFAULT_EC_POINT_FORMAT_LIST = [TLSECPointFormat.UNCOMPRESSED]
 
-TLS_EC_CURVE_TYPES = registry.EC_CURVE_TYPE_REGISTRY
+TLS_EC_CURVE_TYPES = registry.TLS_EC_CURVE_TYPE_REGISTRY
 TLSECCurveTypes = EnumStruct(TLS_EC_CURVE_TYPES)
 
-TLS_SUPPORTED_GROUPS = registry.SUPPORTED_GROUPS_REGISTRY
+TLS_SUPPORTED_GROUPS = registry.TLS_SUPPORTED_GROUPS_REGISTRY
 TLS_SUPPORTED_GROUPS.update({256: "ffdhe2048",
                              257: "ffdhe3072",
                              258: "ffdhe4096",

scapy_ssl_tls/ssl_tls_registry.py

@@ -1,6 +1,6 @@
 # -*- coding: UTF-8 -*-
 # Generator: fetch_iana_tls_registry.py
-# date:      2016-09-28
+# date:      2018-02-12
 # sources:   https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
 #            WARNING! THIS FILE IS AUTOGENERATED, DO NOT EDIT!
 
@@ -16,7 +16,7 @@
     0x40: 'ecdsa_sign',
     0x41: 'rsa_fixed_ecdh',
     0x42: 'ecdsa_fixed_ecdh',
-}
+    }
 TLS_CIPHER_SUITE_REGISTRY = {
     0x0000: 'NULL_WITH_NULL_NULL',
     0x0001: 'RSA_WITH_NULL_MD5',
@@ -337,21 +337,31 @@
     0xc0ad: 'ECDHE_ECDSA_WITH_AES_256_CCM',
     0xc0ae: 'ECDHE_ECDSA_WITH_AES_128_CCM_8',
     0xc0af: 'ECDHE_ECDSA_WITH_AES_256_CCM_8',
+    0xc0b0: 'ECCPWD_WITH_AES_128_GCM_SHA256',
+    0xc0b1: 'ECCPWD_WITH_AES_256_GCM_SHA384',
+    0xc0b2: 'ECCPWD_WITH_AES_128_CCM_SHA256',
+    0xc0b3: 'ECCPWD_WITH_AES_256_CCM_SHA384',
     0xcca8: 'ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
     0xcca9: 'ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
     0xccaa: 'DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
     0xccab: 'PSK_WITH_CHACHA20_POLY1305_SHA256',
     0xccac: 'ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256',
     0xccad: 'DHE_PSK_WITH_CHACHA20_POLY1305_SHA256',
     0xccae: 'RSA_PSK_WITH_CHACHA20_POLY1305_SHA256',
-}
+    0xd000: 'Unassigned',
+    0xd001: 'ECDHE_PSK_WITH_AES_128_GCM_SHA256',
+    0xd002: 'ECDHE_PSK_WITH_AES_256_GCM_SHA384',
+    0xd003: 'ECDHE_PSK_WITH_AES_128_CCM_8_SHA256',
+    0xd004: 'Unassigned',
+    0xd005: 'ECDHE_PSK_WITH_AES_128_CCM_SHA256',
+    }
 TLS_CONTENTTYPE_REGISTRY = {
     0x14: 'change_cipher_spec',
     0x15: 'alert',
     0x16: 'handshake',
     0x17: 'application_data',
     0x18: 'heartbeat',
-}
+    }
 TLS_ALERT_REGISTRY = {
     0x00: 'close_notify',
     0x0a: 'unexpected_message',
@@ -384,7 +394,7 @@
     0x71: 'bad_certificate_status_response',
     0x72: 'bad_certificate_hash_value',
     0x73: 'unknown_psk_identity',
-}
+    }
 TLS_HANDSHAKETYPE_REGISTRY = {
     0x00: 'hello_request',
     0x01: 'client_hello',
@@ -401,8 +411,8 @@
     0x15: 'certificate_url',
     0x16: 'certificate_status',
     0x17: 'supplemental_data',
-}
-SUPPORTED_GROUPS_REGISTRY = {
+    }
+TLS_SUPPORTED_GROUPS_REGISTRY = {
     0x00: 'Unassigned',
     0x01: 'sect163k1',
     0x02: 'sect163r1',
@@ -437,36 +447,38 @@
     0x1a: 'brainpoolP256r1',
     0x1b: 'brainpoolP384r1',
     0x1c: 'brainpoolP512r1',
-    0x1d: 'ecdh_x25519',
-    0x1e: 'ecdh_x448',
+    0x1d: 'x25519',
+    0x1e: 'x448',
     0xff00: 'Unassigned',
     0xff01: 'arbitrary_explicit_prime_curves',
     0xff02: 'arbitrary_explicit_char2_curves',
-}
-EC_POINT_FORMAT_REGISTRY = {
+    }
+TLS_EC_POINT_FORMAT_REGISTRY = {
     0x00: 'uncompressed',
     0x01: 'ansiX962_compressed_prime',
     0x02: 'ansiX962_compressed_char2',
-}
-EC_CURVE_TYPE_REGISTRY = {
+    }
+TLS_EC_CURVE_TYPE_REGISTRY = {
     0x00: 'Unassigned',
     0x01: 'explicit_prime',
     0x02: 'explicit_char2',
     0x03: 'named_curve',
-}
+    }
 TLS_SUPPLEMENTAL_DATA_FORMATS = {
     0x00: 'user_mapping_data',
     0x4002: 'authz_data',
-}
+    }
 TLS_USERMAPPINGTYPE_VALUES = {
     0x40: 'upn_domain_hint',
-}
+    }
 TLS_SIGNATUREALGORITHM_REGISTRY = {
     0x00: 'anonymous',
     0x01: 'rsa',
     0x02: 'dsa',
     0x03: 'ecdsa',
-}
+    0x07: 'ed25519',
+    0x08: 'ed448',
+    }
 TLS_HASHALGORITHM_REGISTRY = {
     0x00: 'none',
     0x01: 'md5',
@@ -475,7 +487,9 @@
     0x04: 'sha256',
     0x05: 'sha384',
     0x06: 'sha512',
-}
+    0x07: 'Unassigned',
+    0x08: 'Intrinsic',
+    }
 # Skipping: AttributeError("'NoneType' object has no attribute 'text'",)
 # Skipping: AttributeError("'NoneType' object has no attribute 'text'",)
 # Skipping: AttributeError("'NoneType' object has no attribute 'text'",)
@@ -493,7 +507,7 @@
 # Skipping: AttributeError("'NoneType' object has no attribute 'text'",)
 # Skipping: AttributeError("'NoneType' object has no attribute 'text'",)
 TLS_EXPORTER_LABEL_REGISTRY = {
-}
+    }
 TLS_AUTHORIZATION_DATA_FORMATS = {
     0x00: 'x509_attr_cert',
     0x01: 'saml_assertion',
@@ -502,31 +516,31 @@
     0x40: 'keynote_assertion_list',
     0x41: 'keynote_assertion_list_url',
     0x42: 'dtcp_authorization',
-}
+    }
 HEARTBEAT_MESSAGE_TYPES = {
     0x00: 'Reserved',
     0x01: 'heartbeat_request',
     0x02: 'heartbeat_response',
     0xff: 'Reserved',
-}
+    }
 HEARTBEAT_MODES = {
     0x00: 'Reserved',
     0x01: 'peer_allowed_to_send',
     0x02: 'peer_not_allowed_to_send',
     0xff: 'Reserved',
-}
+    }
 # Generator: fetch_iana_tls_registry.py
-# date:      2016-09-28
+# date:      2018-02-12
 # sources:   https://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml
 #            WARNING! THIS FILE IS AUTOGENERATED, DO NOT EDIT!
 
 TLS_COMPRESSION_METHOD_IDENTIFIERS = {
     0x00: 'NULL',
     0x01: 'DEFLATE',
     0x40: 'LZS',
-}
+    }
 # Generator: fetch_iana_tls_registry.py
-# date:      2016-09-28
+# date:      2018-02-12
 # sources:   https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
 #            WARNING! THIS FILE IS AUTOGENERATED, DO NOT EDIT!
 
@@ -559,32 +573,36 @@
     0x19: 'cached_info',
     0x23: 'SessionTicket_TLS',
     0xff01: 'renegotiation_info',
-}
+    }
 TLS_CERTIFICATE_TYPES = {
     0x00: 'X_509',
     0x01: 'OpenPGP',
     0x02: 'Raw_Public_Key',
-}
+    }
 TLS_CERTIFICATE_STATUS_TYPES = {
     0x00: 'Reserved',
     0x01: 'ocsp',
     0x02: 'ocsp_multi',
-}
+    }
 APPLICATION_LAYER_PROTOCOL_NEGOTIATION_PROTOCOL_IDS = {
     'c-webrtc': 'Confidential_WebRTC_Media_and_Data',
+    'coap': 'CoAP',
     'ftp': 'FTP',
     'h2': 'HTTP_2_over_TLS',
     'h2c': 'HTTP_2_over_TCP',
     'http/1.1': 'HTTP_1_1',
+    'imap': 'IMAP',
+    'managesieve': 'ManageSieve',
+    'pop3': 'POP3',
     'spdy/1': 'SPDY_1',
     'spdy/2': 'SPDY_2',
     'spdy/3': 'SPDY_3',
     'stun.nat-discovery': 'NAT_discovery_using_Session_Traversal_Utilities_for_NAT',
     'stun.turn': 'Traversal_Using_Relays_around_NAT',
     'webrtc': 'WebRTC_Media_and_Data',
-}
+    }
 TLS_CACHEDINFORMATIONTYPE_VALUES = {
     0x00: 'Reserved',
     0x01: 'cert',
     0x02: 'cert_req',
-}
+    }

setup.py

@@ -140,7 +140,7 @@ def read(fname):
 
 setup(
     name="scapy-ssl_tls",
-    version="1.3.0",
+    version="2.0.0",
     packages=["scapy_ssl_tls"],
     author="tintinweb",
     author_email="[email protected]",
@@ -149,7 +149,7 @@ def read(fname):
     license="GPLv2",
     keywords=["scapy", "ssl", "tls", "layer", "network", "dissect", "packets", "decrypt"],
     url="https://github.com/tintinweb/scapy-ssl_tls/",
-    download_url="https://github.com/tintinweb/scapy-ssl_tls/tarball/v1.3.0",
+    download_url="https://github.com/tintinweb/scapy-ssl_tls/tarball/v2.0.0",
     # generate rst from .md:  pandoc --from=markdown --to=rst README.md -o README.rst (fix diff section and footer)
     long_description=read("README.rst") if os.path.isfile("README.rst") else read("README.md"),
     install_requires=os_install_requires(),