Remove dependency on not supported and buggy scapy-ssl_tls (issue #56).

Essencial parts of the library are moved into tls/ directory and are supposed for further truncation, fixes and migration to Python 3.
tempesta-tech · Dec 1, 2020 · 1eb244f · 1eb244f
1 parent f5c34fd
commit 1eb244f
Show file tree

Hide file tree

Showing 9 changed files with 5,016 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -72,7 +72,8 @@ deproxy server, and workload tests should use wrk client and nginx server.
 
 - Host for testing framework: `Python2`, `python2-paramiko`,
 `python-configparser`, `python-subprocess32`, `wrk`, `ab`, `python-scapy`,
-`python-cryptography`, `scapy-ssl_tls` (installed with `pip`), `h2spec`
+`python-cryptography`, `h2spec`, `pycryptodomex`, and `tinyec` (the last
+two can be installed using `pip install pycryptodomex tinyec`)
 - All hosts except previous one: `sftp-server`
 - Host for running TempestaFW: Linux kernel with Tempesta, TempestaFW sources,
 `systemtap`, `tcpdump`, `bc`

diff --git a/tls/handshake.py b/tls/handshake.py
@@ -4,9 +4,7 @@
 implementation. This tool emphasises flexibility in generation of TLS traffic,
 not performance.
 
-ScaPy is still not fully compatible with Python3, but I still use __future__
-module for easier migration to Python3.
-https://github.com/tintinweb/scapy-ssl_tls/issues/39
+We use __future__ module for easier migration to Python3.
 
 TLS 1.2 is specified in RFC 5246. See also these useful references:
  - https://wiki.osdev.org/SSL/TLS
@@ -19,13 +17,11 @@
 import socket
 import ssl # OpenSSL based API
 import struct
-# TODO #56: replace the unmaintained Scapy-TLS library with standard Scapy
-# routines and our own implementation.
-import scapy_ssl_tls.ssl_tls as tls
 from time import sleep
 
 from helpers import dmesg, tf_cfg
 from helpers.error import Error
+from scapy_ssl_tls import ssl_tls as tls
 
 __author__ = 'Tempesta Technologies, Inc.'
 __copyright__ = 'Copyright (C) 2018-2020 Tempesta Technologies, Inc.'

diff --git a/tls/scapy_ssl_tls/__init__.py b/tls/scapy_ssl_tls/__init__.py
@@ -0,0 +1,4 @@
+__all__ = ['pkcs7', 'ssl_tls_automata', 'ssl_tls_crypto', 'ssl_tls_keystore',
+           'ssl_tls', 'ssl_tls_registry']
+
+# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
diff --git a/tls/scapy_ssl_tls/pkcs7.py b/tls/scapy_ssl_tls/pkcs7.py
@@ -0,0 +1,66 @@
+#! /usr/bin/env python
+# -*- coding: UTF-8 -*-
+# Author : janglin <http://japrogbits.blogspot.co.at>
+# http://japrogbits.blogspot.co.at/2011/02/using-encrypted-data-between-python-and.html
+import binascii
+import StringIO
+
+
+class PKCS7Encoder(object):
+
+    """
+    RFC 2315: PKCS#7 page 21
+    Some content-encryption algorithms assume the
+    input length is a multiple of k octets, where k > 1, and
+    let the application define a method for handling inputs
+    whose lengths are not a multiple of k octets. For such
+    algorithms, the method shall be to pad the input at the
+    trailing end with k - (l mod k) octets all having value k -
+    (l mod k), where l is the length of the input. In other
+    words, the input is padded at the trailing end with one of
+    the following strings:
+
+             01 -- if l mod k = k-1
+            02 02 -- if l mod k = k-2
+                        .
+                        .
+                        .
+          k k ... k k -- if l mod k = 0
+
+    The padding can be removed unambiguously since all input is
+    padded and no padding string is a suffix of another. This
+    padding method is well-defined if and only if k < 256;
+    methods for larger k are an open issue for further study.
+    """
+
+    def __init__(self, k=16):
+        self.k = k
+
+    # @param text The padded text for which the padding is to be removed.
+    # @exception ValueError Raised when the input padding is missing or corrupt.
+    def decode(self, text):
+        """
+        Remove the PKCS#7 padding from a text string
+        """
+        nl = len(text)
+        val = int(binascii.hexlify(text[-1]), 16)
+        if val > self.k:
+            raise ValueError('Input is not padded or padding is corrupt')
+
+        l = nl - val
+        return text[:l]
+
+    # @param text The text to encode.
+    def encode(self, text):
+        """
+        Pad an input string according to PKCS#7
+        """
+        return text + self.get_padding(text)
+
+    def get_padding(self, text):
+        l = len(text)
+        output = StringIO.StringIO()
+        val = self.k - (l % self.k)
+        for _ in xrange(val):
+            output.write('%02x' % val)
+        return binascii.unhexlify(output.getvalue())