hdZddlZddlZddlmZmZmZmZmZm Z m Z m Z m Z m Z mZmZmZmZddlmZmZmZddlmZddlmZddlmZmZmZddlmZdd l m!Z!dd l"m#Z#dd l$m%Z%dd l&m'Z'dd l(m)Z)dZ*iddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/id0d1d2d3d4d5d6d7d8d9d:d;dd?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTZ+GdUdVeZ,GdWdXe,Z-ddYiZ.GdZd[eZ/Gd\d]e Z0Gd^d_eZ1Gd`dae-Z2Gdbdce-Z3Gdddee,Z4Gdfdge,Z5dhdidjdkdlZ6GdmdneZ7GdodpeZ8GdqdreZ9GdsdteZ:e7e8e9e:dlZ;Gdudve Z<Gdwdxe,Z=Gdydze,Z>Gd{d|eZ?Gd}d~eZ@ddiZAde@iZBGdde ZCGdde,ZDGdde,ZEGdde,ZFGdde,ZGdddZHGdde,ZIGdde,ZJdZKGdde,ZLGddeLZMddddZNGdde,ZOGdde,ZPGdde,ZQGddeZRGdde ZSGdde-ZTGdde,ZUGdde,ZVGdde,ZWGdde,ZXGdde,ZYGdde,ZZGdde,Z[Gdde,Z\e[e\e[dZ]Gdde,Z^Gdde,Z_Gdde,Z`e_e`dZaGdde,ZbdddZcGd„de,ZdGdĄde,ZeGdƄde-ZfGdȄde,ZgGdʄde,ZhGd̄de,ZiGd΄de,Zjide2de4de5de=de>deDdeEdeFdeGd eKd"eLd$eOd&ePd(eQd*eTd2eUd4eVeWejeXeZe[e^ebedegeheYefeie3dМZkGdфdeZlGdӄdeZmdS)z TLS handshake extensions. N) ByteEnumField ByteField EnumField FieldLenFieldFieldListFieldIntFieldMayEnd PacketFieldPacketListFieldShortEnumField ShortFieldStrFixedLenField StrLenField XStrLenField)PacketRawPadding)X509_Extensions) _tls_version)SigAndHashAlgsLenFieldSigAndHashAlgsField _tls_hash_sig)_GenericTLSSessionInheritance)_tls_named_groups)_tls_cipher_suites)AnsiColorTheme)raw)confs !tae¢z^ Ȩ3 server_namemax_fragment_lengthclient_certificate_urltrusted_ca_keystruncated_hmacstatus_request user_mapping client_authz server_authz cert_type supported_groups ec_point_formats signature_algorithms heartbeatalpnsigned_certificate_timestampclient_certificate_typeserver_certificate_typepaddingencrypt_then_macextended_master_secretrecord_size_limit#session_ticket)pre_shared_key*early_data_indication+supported_versions,cookie-psk_key_exchange_modes/certificate_authorities0 oid_filters1post_handshake_auth2signature_algorithms_cert3 key_sharet3next_protocol_negotiationrenegotiation_infoencrypted_server_name)cpeZdZdZdZeddeeddddedd d gZ d Z dS) TLS_Ext_Unknownza We put this here rather than in extensions.py in order to avoid circular imports... zTLS Extension - Scapy UnknowntypeNlen!Hvalfmt length_ofc|jSNripkts _/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/layers/tls/extensions.pyzTLS_Ext_Unknown.psw length_fromc|j=t|dz }|ddtjd|z|ddz}||zS)Nr&r"rj)ristructpack)selfppaytmp_lens ru post_buildzTLS_Ext_Unknown.post_buildrsM 8 !ffqjG"1" D'222QqrrU:A3wrx) __name__ __module__ __qualname____doc__namer _tls_extrr fields_descrrxrurgrggs +D!>&$99 =$%HHH;ub+>+>@@@AK rxrgceZdZdZ ddZdS) TLS_Ext_PrettyPacketListz Dummy extension used for server_name/ALPN/NPN for a lighter representation: the final field is showed as a 1-line list rather than as lots of packets. XXX Define a new condition for packet lists in Packet._show_or_dump? Fr$roTc B|rtn tj}||dd||jd|dd}|jddD]}|j} |j} | |j} ||zd| |jd|d d} | || } t| trQ| d d dt|t|zt|jzd zzz} || | | d z }|jd}|j} |j} | |j} ||zd| |jd|d d} | || } t| trQ| d d dt|t|zt|jzd zzz} || | | d z }|jr0||j|||d|z|jzz|d z }|r|st%|dS|S)z Reproduced from packet.py z###[ z]###z Nz 10= r&F)dumpindentlvl label_lvl first_call)rr color_themepunct layer_namerr field_name field_value getfieldvali2repr isinstancestrreplaceripayload _show_or_dump show_indentprint)r~rrrrrctsfncolvcolfvaluebegnreprvals rurz&TLS_Ext_PrettyPacketList._show_or_dumps"& ;^   4+;(y"((6*:*:*:*:!}}TY7777&9I9I9I9I K!#2#& 2 2A=D>D%%af--F%.___dd16llll%'XXc]]]]5DhhtV,,G'3'' B!//$sc)nn>A#hh?G>A!&kk?J?@?@8A1ABB TT44====1 1AA  R }~!!!&))!*S$$qv,,,, O((4(( gs # # >oodD3#i..:=c((;C:=af++;F;<;<4=-=>>G ttG}}}} -- < S ++f03sV|dFV7V0W6?E,SS SA  d  !HHHHHHrxN)Fr$roroT)rrrrrrrxrurrs: 017;''''''rxr host_namecjeZdZdZeddeedddeddd gZd Z dS) ServerNameHostNamenametypernamelenN servernamernroc|jSrq)rrss rurvzServerName.ss{rxryctSrqrr~rs ruguess_payload_classzServerName.guess_payload_classrx) rrrrr_tls_server_name_typesrrrrrrxrurrsw D =Q0FGG =DLIII;|R+B+BDDDEK rxrceZdZdZdS)ServerListFieldc^d|D}ddd|DzS)Ncg|] }|j Sr)r.0rs ru z*ServerListField.i2repr..s'''q|'''rx[%s], c34K|]}t|VdSrqreprrxs ru z)ServerListField.i2repr..(!7!7a$q''!7!7!7!7!7!7rxjoinr~rtrress rurzServerListField.i2reprs;''Q''' !7!73!7!7!77777rxNrrrrrrxrurr#88888rxrc"eZdZdZfdZxZS)ServerLenFieldzQ There is no length when there are no servernames (as in a ServerHello). cn|s |js|Stt||||Srq) servernamessuperraddfield)r~rtrrk __class__s rurzServerLenField.addfields< ? ^T**33CC@@@rx)rrrrr __classcell__rs@rurrsKAAAAAAAAArxrc eZdZdZeddeeedddded dd e dge d gZ dS) TLS_Ext_ServerNamezTLS Extension - Server NamerhrriNrc |dzS)Nr"r)rtrs rurvzTLS_Ext_ServerName.s a!erx)rnadjustservernameslenrc|jSrq)rrss rurvzTLS_Ext_ServerName.s 3;Mrxry) rrrrr rr rrrrrrrxrurrs (D!>&!X666--t}/C/CEEEFF!>"2D,9;;;"?="j/M/MOOO PKKKrxrc,eZdZdZeddeeeddedde edde e ddd d e d d d e ddde dd de dddd e dd dg Z dS)TLS_Ext_EncryptedServerNamez%TLS Extension - Encrypted Server NamerhreriNcipherkey_exchange_groupkey_exchange_len key_exchangeH)rnrmroc|jSrq)rrss rurvz$TLS_Ext_EncryptedServerName.s 8Lrxryrecord_digest_len record_digestrc|jSrq)rrss rurvz$TLS_Ext_EncryptedServerName. 8Mrxencrypted_sni_len encrypted_snic|jSrq)rrss rurvz$TLS_Ext_EncryptedServerName.rrx)rrrrr rr r rrrrrrrrxrurrs2 2D!>&&(;;6**UD11229Xt-?@@!>"6"355 =!3T+9sDDD<,L,LNNN =!4!%BBB<,M,MOOO =!4d+:EEE<,M,MOOOPKKKrxrc xeZdZdZeddeeeddedddd d d d gZ dS) TLS_Ext_MaxFragLenz#TLS Extension - Max Fragment Lengthrhr riN maxfraglenr&z2^9z2^10z2^11z2^12)r r"r$r& rrrrr rr r rrrrxrurrsm 0D!>&!X666**UD1122 =qe6<6<6<3>3>??@KKKrxrcVeZdZdZeddeeeddgZdS)TLS_Ext_ClientCertURLz&TLS Extension - Client Certificate URLrhr"riN rrrrr rr r rrrxrurrsD 3D!>&!X666**UD11224KKKrxr pre_agreed key_sha1_hash x509_namecert_sha1_hash)rr r"r$c4eZdZdZeddegZdZdS) TAPreAgreedzTrusted authority - pre_agreedidtyperctSrqrrs rurzTAPreAgreed.guess_payload_class rrxN)rrrrr_tls_trusted_authority_typesrrrrxrurrs? +D =1.JKKLKrxrcLeZdZdZeddeedddgZdZdS) TAKeySHA1Hashz!Trusted authority - key_sha1_hashrr idNr@ctSrqrrs rurz!TAKeySHA1Hash.guess_payload_classrrx rrrrrrrrrrrxrurrsS .D =1.JKK##D$335KrxrcneZdZdZdZeddeedddedd d gZ d Z dS) TAX509Namezm XXX Section 3.4 of RFC 4366. Implement a more specific DNField rather than current StrLenField. zTrusted authority - x509_namerr"dnlenNdnrroc|jSrq)rrss rurvzTAX509Name. srxryctSrqrrs rurzTAX509Name.guess_payload_class"rrx) rrrrrrrrrrrrrxrurrsz +D =1.JKK =$$???;tR5J5JKKKMKrxrcLeZdZdZeddeedddgZdZdS)TACertSHA1Hashz"Trusted authority - cert_sha1_hashrr$rNr@ctSrqrrs rurz"TACertSHA1Hash.guess_payload_class+rrxrrrxrur r &sS /D =1.JKK##D$335Krxr ceZdZdZdZdS) _TAListFieldz Specific version that selects the right Trusted Authority (previous TA*) class to be used for dissection based on idtype. c|t|d}|j}|tvr t|}||SNr)ordcls_tls_trusted_authority_clsr~rtmrrs rum2iz_TAListField.m2i;s;QqTh / / /,V4Cs1vv rxN)rrrrrrrxrurr5s- rxrc eZdZdZeddeeeddeddde dge d gZ dS) TLS_Ext_TrustedCAIndz%TLS Extension - Trusted CA Indicationrhr$riNtalentarc|jSrq)rrss rurvzTLS_Ext_TrustedCAInd.Is rxry) rrrrr rr r rrrrrrxrurrCs| 2D!>&!X666**UD1122 =$$???<b#,A,ACCCDKKKrxrcVeZdZdZeddeeeddgZdS)TLS_Ext_TruncatedHMACzTLS Extension - Truncated HMACrhr&riNrrrxrurrLsD +D!>&!X666**UD11224KKKrxrcReZdZdZedddedddgZd ZdS) ResponderIDzResponder ID structure respidlenNrespidrroc|jSrqr"rss rurvzResponderID.Vss}rxryctSrqrrs rurzResponderID.guess_payload_classXrrxrrrrrrrrrrxrur!r!Rse #D =dhGGG;x+D+DFFFGKrxr!ceZdZdZdZedddedgeded dd ed d e gZ d Z dS) OCSPStatusRequestzE This is the structure defined in RFC 6066, not in RFC 6960! zOCSPStatusRequest structurer"Nr#rc|jSrqr%rss rurvzOCSPStatusRequest.cs3=rxry reqextlenreqextroctSrqrrs rurz%OCSPStatusRequest.guess_payload_classgrrx) rrrrrrr r!r rrrrrxrur)r)\s )D =dhGGG"?8R/H/HJJJ =dhGGG;x_== ?K rxr)ocspceZdZdZdS)_StatusReqFieldc`|j}|j}|tvr t|}||Srq)styper_cert_status_req_clsrs rurz_StatusReqField.m2ips3h ) ) )&v.Cs1vv rxN)rrrrrrxrur0r0os#rxr0c eZdZdZeddeeeddedde e dge d gZ dS) TLS_Ext_CSRz*TLS Extension - Certificate Status Requestrhr(riNr2reqc|jdz S)Nr rrrss rurvzTLS_Ext_CSR.~s 37Q;rxry) rrrrr rr r r_cert_status_typer0rrrrxrur5r5xsz 7D!>&!X666**UD1122 =$0ABB"?5"c/F/FHHHIKKKrxr5c eZdZdZeddeeeddedddd e dge d d d gZ dS)TLS_Ext_UserMappingzTLS Extension - User Mappingrhr*riNumlenBumrlumtyperc|jSrq)r;rss rurvzTLS_Ext_UserMapping.s#)rxry) rrrrr rr r rrrrrrxrur:r:s )D!>&!X666**UD1122 =$C4HHH!>$"+)Ha"8"8.C.CEEEFKKKrxr:cZeZdZdZdZeddeeeddgZ dS)TLS_Ext_ClientAuthz XXX Unsupported zTLS Extension - Client Authzrhr,riN rrrrrr rr r rrrxrurArAJ )D!>&!X666**UD1122KKKrxrAcZeZdZdZdZeddeeeddgZ dS)TLS_Ext_ServerAuthzrBzTLS Extension - Server Authzrhr.riNrCrrxrurFrFrDrxrFzX.509OpenPGP)rr c eZdZdZeddeeeddeddde dd d ge d de d gZ dS)TLS_Ext_ClientCertTypez1TLS Extension - Certificate Type (client version)rhr0riN ctypeslenctypesrrr certtypesc|jSrq)rJrss rurvzTLS_Ext_ClientCertType.#-rxry) rrrrr rr r rrr_tls_cert_typesrrrxrurIrIs >D!>&!X666**UD1122 =dhGGG!>(QF"/- T0?#A#A.G.GIIIJKKKrxrIcneZdZdZeddeeeddedde gZ dS)TLS_Ext_ServerCertTypez1TLS Extension - Certificate Type (server version)rhr0riNctype) rrrrr rr r rrOrrrxrurQrQsV >D!>&!X666**UD1122 =$@@BKKKrxrQctjd|ddd}|dkrt}nt}||g|Ri|S)z We need to select the correct one on dissection. We use the length for that, as 1 for client version would imply an empty list. rjr"r&rr )r|unpackrQrI)rargskargsrrs ru_TLS_Ext_CertTypeDispatcherrWsW mD!AaC&))!,G!||$$ 3q !4 ! ! !5 ! !!rxc eZdZdZdZeddeeedde ddd e dged de d gZ dS) TLS_Ext_SupportedGroupsz This extension was known as 'Supported Elliptic Curves' before TLS 1.3 merged both group selection mechanisms for ECDH and FFDH. z TLS Extension - Supported Groupsrhr2riN groupslengroupsrngc|jSrq)rZrss rurvz TLS_Ext_SupportedGroups.rNrxry) rrrrrr rr r rrrrrrxrurYrYs .D!>&"h776**UD1122 =dhGGG!>(B"0.t1B#D#D.G.GIIIJKKKrxrYceZdZdS)TLS_Ext_SupportedEllipticCurvesN)rrrrrxrur_r_sDrxr_ uncompressedansiX962_compressed_primeansiX962_compressed_char2)rr r"c eZdZdZeddeeeddedddd e dd ge d de d gZ dS)TLS_Ext_SupportedPointFormatz&TLS Extension - Supported Point Formatrhr4riNecpllenr<ecplrlrncc|jSrq)rerss rurvz%TLS_Ext_SupportedPointFormat.s#+rxry) rrrrr rr r rrr_tls_ecpoint_formatrrrxrurdrds 3D!>&"h776**UD1122 =DcVLLL!>&1#"/-d0C#E#E.E.EGGGHKKKrxrdc eZdZdZeddeeeddeddde dge d de d gZ dS) TLS_Ext_SignatureAlgorithmsz$TLS Extension - Signature Algorithmsrhr6riN sig_algs_lensig_algsrhash_sigc|jSrqrlrss rurvz$TLS_Ext_SignatureAlgorithms. s?Orxry rrrrr rr r rrrrrrrxrurkrks 1D!>&"h776**UD1122)).$4>@@@&&z2'0yT1>(@(@3O3OQQQ RKKKrxrkc teZdZdZeddeeeddedddd d gZ dS) TLS_Ext_HeartbeatzTLS Extension - Heartbeatrhr8riNheartbeat_moder"peer_allowed_to_sendpeer_not_allowed_to_sendr r"rrrxrurtrtsm &D!>&$996**UD1122 =!11%;%?"A"ABBCKKKrxrtcTeZdZdZeddddeddd gZd ZdS) ProtocolNamez Protocol NameriNr<protocolrlroc|jSrqrrrss rurvzProtocolName.rwrxryctSrqrrs rurz ProtocolName.guess_payload_classrrxr'rrxrurzrzsg D =#LLL;z2+>+>@@@AKrxrzceZdZdZdS)ProtocolListFieldc^d|D}ddd|DzS)Ncg|] }|j Sr)r{rs rurz,ProtocolListField.i2repr..s%%%aqz%%%rxrrc34K|]}t|VdSrqrrs rurz+ProtocolListField.i2repr..rrxrrs rurzProtocolListField.i2reprs;%%1%%% !7!73!7!7!77777rxNrrrxrurrrrxrc eZdZdZeddeeeddeddde dge d gZ dS) TLS_Ext_ALPNz6TLS Extension - Application Layer Protocol Negotiationrhr:riN protocolslen protocolsrc|jSrq)rrss rurvzTLS_Ext_ALPN. s C&$996**UD1122 =MMM$$["l1L1LNNNOKKKrxrcdeZdZdZeddeedddeddd gZdS) TLS_Ext_PaddingzTLS Extension - PaddingrhrBriNrCrroc|jSrqrrrss rurvzTLS_Ext_Padding.rwrxry) rrrrr rrrrrrxrurrsa $D!>&$99 = BBB;y"+>+>@@@AKKKrxrcVeZdZdZeddeeeddgZdS)TLS_Ext_EncryptThenMACz TLS Extension - Encrypt-then-MACrhrDriNrrrxrurrsD -D!>&$996**UD11224KKKrxrcVeZdZdZeddeeeddgZdS)TLS_Ext_ExtendedMasterSecretz&TLS Extension - Extended Master SecretrhrFriNrrrxrurrsD 3D!>&$996**UD11224KKKrxrcheZdZdZdZeddeedddedd d gZ dS) TLS_Ext_SessionTicketz RFC 5077 updates RFC 4507 according to most implementations, which do not use another (useless) 'ticketlen' field after the global 'len' field. zTLS Extension - Session TicketrhrJriNticketrroc|jSrqrrrss rurvzTLS_Ext_SessionTicket.+rwrxry) rrrrrr rrrrrrxrurr"sm ,D!>&$99 =AAA;x+>+>@@@AKKKrxrcVeZdZdZeddeeeddgZdS)TLS_Ext_KeySharez'TLS Extension - Key Share (dummy class)rhr^riNrrrxrurr.sD 4D!>&$996**UD11224KKKrxrcVeZdZdZeddeeeddgZdS)TLS_Ext_PreSharedKeyz,TLS Extension - Pre Shared Key (dummy class)rhrLriNrrrxrurr4sD 9D!>&$996**UD11224KKKrxrcVeZdZdZeddeeeddgZdS)TLS_Ext_EarlyDataIndicationzTLS Extension - Early DatarhrNriNrrrxrurr:sD 'D!>&$996**UD11224KKKrxrcleZdZdZeddeeeddeddgZ dS)!TLS_Ext_EarlyDataIndicationTicket&TLS Extension - Ticket Early Data InforhrNriNmax_early_data_sizer rrrrr rr r rrrrxrurr@T 3D!>&$996**UD1122811557KKKrxr)r r&r.cVeZdZdZeddeeeddgZdS)TLS_Ext_SupportedVersionsz0TLS Extension - Supported Versions (dummy class)rhrPriNrrrxrurrLsD =D!>&$996**UD11224KKKrxrc eZdZdZeddeeeddedddd e dged de d gZ dS) TLS_Ext_SupportedVersion_CHz4TLS Extension - Supported Versions (for ClientHello)rhrPriN versionslenr<versionsrlversionc|jSrq)rrss rurvz$TLS_Ext_SupportedVersion_CH.[s#/rxry) rrrrr rr r rrrrrrxrurrRs AD!>&$996**UD1122 =#+5777!>*b"0.D1=#?#?.I.IKKK LKKKrxrcneZdZdZeddeeeddeddegZ dS)TLS_Ext_SupportedVersion_SHz4TLS Extension - Supported Versions (for ServerHello)rhrPriNr) rrrrr rr r rrrrxrurr^sV AD!>&$996**UD1122!>)T<@@BKKKrxrrxceZdZdZeddeeeddeddde dd d gZ d Z dS) TLS_Ext_CookiezTLS Extension - CookierhrRriN cookielenrSrroc|jSrq)rrss rurvzTLS_Ext_Cookie.os rxryc|d}||dkrtjd|_t|S)NrSrx )rosurandomrSrgbuild)r~fvals rurzTLS_Ext_Cookie.buildqsE)) <43;;*R..DK$$T***rx) rrrrr rr r rrrrrrxrurris #D!>&$996**UD1122 =dhGGG<",E,EGGGHK +++++rxrpsk_ke psk_dhe_kec eZdZdZeddeeeddedddd e dge d de d gZ dS) TLS_Ext_PSKKeyExchangeModesz&TLS Extension - PSK Key Exchange ModesrhrTriN kxmodeslenr<kxmodesrlkxmodec|jSrq)rrss rurvz$TLS_Ext_PSKKeyExchangeModes.s#.rxry) rrrrr rr r rrr_tls_psk_kx_modesrrrxrurr{s 3D!>&$996**UD1122 =t+4666!>)R"/-$0A#C#C.H.HJJJ KKKKrxrcleZdZdZeddeeeddeddgZ dS)TLS_Ext_TicketEarlyDataInforrh.riNrrrrrxrurrrrxrcjeZdZdZdZeddeedddedge d gZ dS) TLS_Ext_NPNzU Defined in RFC-draft-agl-tls-nextprotoneg-03. Deprecated in favour of ALPN. z)TLS Extension - Next Protocol Negotiationrhr`riNrrc|jSrqrrrss rurvzTLS_Ext_NPN.sCGrxry) rrrrrr rrrrzrrrxrurrsp 7D!>&&(;; = DDD$$["l1C1CEEEFKKKrxrcVeZdZdZeddeeeddgZdS)TLS_Ext_PostHandshakeAuthz#TLS Extension - Post Handshake AuthrhrZriNrrrxrurrsD 0D!>&$996**UD11224KKKrxrc eZdZdZeddeeeddeddde dge d de d gZ dS) TLS_Ext_SignatureAlgorithmsCertz)TLS Extension - Signature Algorithms Certrhr\riNrlrmrrnc|jSrqrprss rurvz(TLS_Ext_SignatureAlgorithmsCert.rqrxryrrrrxrurrs 6D!>&$996**UD1122)).$4>@@@&&z2'0yT1>(@(@3O3OQQQ RKKKrxrceZdZdZeddeeeddedddd e dd d gZ dS) TLS_Ext_RenegotiationInfoz(TLS Extension - Renegotiation IndicationrhrdriNreneg_conn_lenr<renegotiated_connectionrlroc|jSrq)rrss rurvz"TLS_Ext_RenegotiationInfo.s s7Irxry) rrrrr rr r rrrrrxrurrs 5D!>&&(;;6**UD1122 =!14S+DFFF;8"+I+IKKK LKKKrxrcleZdZdZeddeeeddeddgZdS)TLS_Ext_RecordSizeLimitz!TLS Extension - Record Size LimitrhrHriNrIrrrxrurrsT .D!>&$996**UD1122:1488:KKKrxr)rFrHrJrLrNrPrRrTrZr\r^r`rdrec$eZdZfdZdZxZS)_ExtensionsLenFieldc||j}||}||dkr|jj}||dkr|dfSt t |||S)z We try to compute a length, usually from a msglen parsed earlier. If we can not find any length, we consider 'extensions_present' (from RFC 5246) to be False. Nr) get_fieldrnrz tls_session tls_versionrrgetfield)r~rtrextrvrs rurz_ExtensionsLenField.getfieldsw mmDN++//#&& ?gkk+AyAJJ$w($//88a@@@rxc||j||j\}}|jj}d|j_|||}||j_|||}|dkr3|jj}||dkr|S|tj|j |zS|tj|j |zS)a There is a hack with the _ExtensionsField.i2len. It works only because we expect _ExtensionsField.i2m to return a string of the same size (if not of the same value) upon successive calls (e.g. through i2len here, then i2m when directly building the _ExtensionsField). XXX A proper way to do this would be to keep the extensions built from the i2len call here, instead of rebuilding them later on. NTrr) rngetfield_and_valrfrozeni2lenrrr|r}rm) r~rtrifldrtmprrs rurz_ExtensionsLenField.addfields 9~)00@@ To,)-&IIc4((),&KKQ''663AyAJJ  6;tx#;#;;;6;tx++++rx)rrrrrrrs@rurrsL A A A A A,,,,,,,rxrc.eZdZdZdZdZdZdZdZdS)_ExtensionsFieldr cP|dSt|||Sr)rii2m)r~rtrs rurz_ExtensionsField.i2lens( 91488C##$$$rxc||pd}|dkr|gfS||d|||d|fSr)rzr)r~rtrrs rurz_ExtensionsField.getfieldsU""3'',1 a<<b5L{DHHS!HWH+6666rxcD|dSt|tr`|jjsTd}|D]M}t|tr$|j|_||z };|t |z }N|Sdtt |S)Nrx)rrrr raw_statefulrrmap)r~rtrrrs rurz_ExtensionsField.i2ms 93 c8 9 9 ?) &&C!#'DEE&*-/S--///SXX xxC $$$rxcg}t|dkrtjd|ddd}tjd|ddd}t|t }|t uraddlm}m }|j r1|j tkr!||j t }n||j t }n|tur'ddlm} | |j t }n]|tur&t |j t }n.|t"ur%t$|j t }|||d|dz|j||dzd}t|dk|r'|t+j||S)Nr&rjr"r)_tls_ext_keyshare_cls_tls_ext_keyshare_hrr_cls)_tls_ext_presharedkey_cls)r)rir|rT _tls_ext_clsgetrgr"scapy.layers.tls.keyexchange_tls13rr random_bytes_tls_hello_retry_magicmsgtyperrr_tls_ext_supported_version_clsr_tls_ext_early_data_clsappendrr raw_layer) r~rtrrtrrrrrs rurz_ExtensionsField.m2i.s!ffkk dAbqbE**1-AmD!AaC&11!4G""1o66C&&&FFFFFFFF#R(,BBB377 _UUCC/33CKQQCC,,,XXXXXX/33CKQQ111488oVV333-11#+OO JJss1\gk\?HHH I I I'A+,,A;!ffkk<  * JJt~a(( ) ) ) rxN) rrrislist holds_packetsrrrrrrxrurrsZ FM%%% 777 % % %"""""rxr)nrrr| scapy.fieldsrrrrrrr r r r r rrr scapy.packetrrrscapy.layers.x509rscapy.layers.tls.basefieldsrscapy.layers.tls.keyexchangerrrscapy.layers.tls.sessionrscapy.layers.tls.crypto.groupsrscapy.layers.tls.crypto.suitesr scapy.themesr scapy.compatr scapy.configrrrrgrrrrrrrrrrrrrr rrrrr!r)r8r3r0r5r:rArFrOrIrQrWrYr_rirdrkrtrzrrrrrrrrrrrrrrrrrrrrrrrrrrrrrxrurs$    .---------------444444NNNNNNNNNNBBBBBB<<<<<<======''''''"1 & A}&  $&  '&   &   &   &  ~ &  ~&  ~&  {&  "&  "&  &&  +&  &&  0!& " +#& & $ +%& & )'& ( $)& * *+& , %-& . "/& 0 "1& 2 )3& 4 &5& 6 (7& 8 *9& : +;& < -=& > '?& @ -A& B +C& D /E& & H)+K& & & R32........b[)88888o888 A A A A A] A A APPPPP1PPPPPPPP":PPP*@@@@@@@@44444O444 $0#2#.#3 5 5 &F        V"-!.!+!/11     ?   DDDDD?DDD44444O444 &        K,-oIIIII/IIIFFFFF/FFF//),,JJJJJ_JJJBBBBB_BBB " " " J J J J Jo J J J     &=   )5577 HHHHH?HHH R R R R R/ R R RCCCCCCCC688888888 OOOOO+OOOAAAAAoAAA44444_444 44444?444 A A A A AO A A A44444444 44444?444 44444/444 77777777:?9;; 44444444 L L L L L/ L L LBBBBB/BBB&A%@"B"B + + + + +_ + + +!\22 K K K K K/ K K K77777/777FFFFF*FFF44444444 R R R R Ro R R RLLLLLLLL:::::o:::$%$%$($'$( $ ; $ & $&$&$.$+$0$/$'$l$ o!$",#$$3-+*1/$1/5&$13G$$$ N*,*,*,*,*,-*,*,*,Z@@@@@{@@@@@rx