Add TLS 1.3 support

scapy/automaton.py

@@ -855,6 +855,9 @@ def _do_iter(self):
                 if (len(self.recv_conditions[self.state.state]) == 0 and
                     len(self.ioevents[self.state.state]) == 0 and
                         len(self.timeout[self.state.state]) == 1):
+                    print("len(self.recv_conditions[self.state.state] : %d" % len(self.recv_conditions[self.state.state]))
+                    print("len(self.ioevents[self.state.state]) : %d" % len(self.ioevents[self.state.state]))
+                    print("len(self.timeout[self.state.state]) : %d" % len(self.timeout[self.state.state]))
                     raise self.Stuck("stuck in [%s]" % self.state.state,
                                      state=self.state.state, result=state_output)  # noqa: E501
 

scapy/layers/tls/automaton.py

@@ -138,20 +138,29 @@ def get_next_msg(self, socket_timeout=2, retry=2):
             # Remote peer is not willing to respond
             return
 
-        p = TLS(self.remain_in, tls_session=self.cur_session)
-        self.cur_session = p.tls_session
-        self.remain_in = b""
-        if isinstance(p, SSLv2) and not p.msg:
-            p.msg = Raw("")
-        if self.cur_session.tls_version is None or \
-           self.cur_session.tls_version < 0x0304:
-            self.buffer_in += p.msg
+        if (byte0 == 0x17 and
+                (self.cur_session.advertised_tls_version >= 0x0304 or
+                 self.cur_session.tls_version >= 0x0304)):
+            p = TLS13(self.remain_in, tls_session=self.cur_session)
+            self.remain_in = b""
+            self.buffer_in += p.inner.msg
         else:
-            if isinstance(p, TLS13):
-                self.buffer_in += p.inner.msg
-            else:
-                # should be TLS13ServerHello only
+
+            p = TLS(self.remain_in, tls_session=self.cur_session)
+            self.cur_session = p.tls_session
+            self.remain_in = b""
+            if isinstance(p, SSLv2) and not p.msg:
+                p.msg = Raw("")
+
+            if self.cur_session.tls_version is None or \
+               self.cur_session.tls_version < 0x0304:
                 self.buffer_in += p.msg
+            else:
+                if isinstance(p, TLS13):
+                    self.buffer_in += p.inner.msg
+                else:
+                    # should be TLS13ServerHello only
+                    self.buffer_in += p.msg
 
         while p.payload:
             if isinstance(p.payload, Raw):
@@ -174,8 +183,11 @@ def raise_on_packet(self, pkt_cls, state, get_next_msg=True):
         # Maybe we already parsed the expected packet, maybe not.
         if get_next_msg:
             self.get_next_msg()
+        from scapy.layers.tls.handshake import TLSClientHello
         if (not self.buffer_in or
-                not isinstance(self.buffer_in[0], pkt_cls)):
+                (not isinstance(self.buffer_in[0], pkt_cls) and
+                not (isinstance(self.buffer_in[0], TLSClientHello) and
+                self.cur_session.advertised_tls_version == 0x0304))):
             return
         self.cur_pkt = self.buffer_in[0]
         self.buffer_in = self.buffer_in[1:]
@@ -199,6 +211,7 @@ def add_record(self, is_sslv2=None, is_tls13=None):
         else:
             self.buffer_out.append(TLS(tls_session=self.cur_session))
 
+
     def add_msg(self, pkt):
         """
         Add a TLS message (e.g. TLSClientHello or TLSApplicationData)
@@ -217,6 +230,8 @@ def flush_records(self):
         """
         Send all buffered records and update the session accordingly.
         """
+        for p in self.buffer_out:
+            p.show()
         s = b"".join(p.raw_stateful() for p in self.buffer_out)
         self.socket.send(s)
         self.buffer_out = []