Use a NSS Key Log file to decrypt a TLS session

[guedou]

This PR adds support for the NSS Key Log.

It allows Scapy to reuse the keys to decrypt TLS sessions.

Currently, it only supports TLS 1.2, but TLS 1.3 is on the road map (it will fix #3073).

A possible usage is:

from scapy.all import *

load_layer("tls")
conf.tls_session_enable = True
conf.tls_nss_filename = "tls12/s_client.tls12.keys.txt"
l = rdpcap("tls12/s_client.tls12.pcap")
print(l.nsummary())

[codecov]

Codecov Report

Merging #3374 (8ec40a2) into master (6247a95) will decrease coverage by 0.01%.
The diff coverage is 73.33%.

@@            Coverage Diff             @@
##           master    #3374      +/-   ##
==========================================
- Coverage   85.90%   85.89%   -0.02%     
==========================================
  Files         274      274              
  Lines       56684    56728      +44     
==========================================
+ Hits        48695    48725      +30     
- Misses       7989     8003      +14     

Impacted Files	Coverage Δ
scapy/layers/tls/session.py	83.14% <73.33%> (-0.61%)	⬇️
scapy/arch/windows/__init__.py	67.73% <0.00%> (-0.57%)	⬇️
scapy/contrib/automotive/gm/gmlan_scanner.py	86.14% <0.00%> (-0.28%)	⬇️
scapy/layers/tls/automaton_cli.py	70.96% <0.00%> (+0.13%)	⬆️

[guedou]

This PR is ready to be reviewed. I would like to get an opinion related to the size of the tls_nss_example.pcap file.

[gpotter2]

This looks good to me. The packet size is fine. Do you want to merge it now and do TLS 1.3 separately?

[guedou]

Let’s merge this now! I will add TLS1.3 later.

…

Sent from my iPhone

On 10 Oct 2021, at 11:48, gpotter2 ***@***.***> wrote:  @gpotter2 approved this pull request. This looks good to me. The packet size is fine. Do you want to merge it now and do TLS 1.3 separately? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[vadimszzz]

Thank you, this is very nice PoC but still not usable in real world. Doesn't work with multiple TLS connections. Holds only last connection keys with "dublicate warning".
@guedou, can you make working solution that will decrypt all TLS connections, not only the last, in this pcap for example: Archive.zip ? Wireshark works with it well. Take a look at pmercury code, it may be helpful: https://github.com/cisco/mercury/blob/main/python/pmercury/protocols/tls_decrypt.py 👍

@gpotter2 please do not merge anymore PRs that doesn't work.

[vadimszzz]

My .pcap traffic is TLS 1.3 that's not supported in your PR. Btw I'm waiting for full multiple-connection TLS 1.2 & 1.3 decryption as soon as you can 😔

[gpotter2]

I believe you are mistaken in believing that we owe you features in some way. Be assured that Scapy is provided with absolutely "no warranty".

[banls]

how get nsskeylog? use scapy