Tls Dtls Config Module

class mtf.network_port.tls.tls_dtls_config.TlsAttackerEnum

Base Enum class for TLS Attacker related enums.

load_enum()

class mtf.network_port.tls.tls_dtls_config.ProtocolVersion

Enum to represent ProtocolVersion with corresponding Java enum values.

SSL2

SSL3

TLS10

TLS11

TLS12

TLS13

TLS13_DRAFT14

TLS13_DRAFT15

TLS13_DRAFT16

TLS13_DRAFT17

TLS13_DRAFT18

TLS13_DRAFT19

TLS13_DRAFT20

TLS13_DRAFT21

TLS13_DRAFT22

TLS13_DRAFT23

TLS13_DRAFT24

TLS13_DRAFT25

TLS13_DRAFT26

TLS13_DRAFT27

TLS13_DRAFT28

DTLS10_DRAFT

DTLS10

DTLS12

GREASE_00

GREASE_01

GREASE_02

GREASE_03

GREASE_04

GREASE_05

GREASE_06

GREASE_07

GREASE_08

GREASE_09

GREASE_10

GREASE_11

GREASE_12

GREASE_13

GREASE_14

GREASE_15

class mtf.network_port.tls.tls_dtls_config.TokenBindingVersion

Enum to represent TokenBindingVersion with corresponding Java enum values.

DRAFT_1

DRAFT_2

DRAFT_3

DRAFT_4

DRAFT_5

DRAFT_6

DRAFT_7

DRAFT_8

DRAFT_9

DRAFT_10

DRAFT_11

DRAFT_12

DRAFT_13

DRAFT_14

DRAFT_15

DRAFT_16

DRAFT_17

DRAFT_18

class mtf.network_port.tls.tls_dtls_config.TokenBindingKeyParameters

Enum to represent TokenBindingKeyParameters with corresponding Java enum values.

RSA2048_PKCS1_5

RSA2048_PSS

ECDSAP256

class mtf.network_port.tls.tls_dtls_config.UserMappingExtensionHintType

Enum to represent UserMappingExtensionHintType with corresponding Java enum values.

UPN_DOMAIN_HINT

class mtf.network_port.tls.tls_dtls_config.AuthzDataFormat

Enum to represent AuthzDataFormat with corresponding Java enum values.

X509_ATTR_CERT

SAML_ASSERTION

X509_ATTR_CERT_URL

SAML_ASSERTION_URL

class mtf.network_port.tls.tls_dtls_config.SrtpProtectionProfile

Enum to represent SRTP protection profiles with their corresponding byte values.

SRTP_AES128_CM_HMAC_SHA1_80

SRTP_AES128_CM_HMAC_SHA1_32

SRTP_NULL_HMAC_SHA1_80

SRTP_NULL_HMAC_SHA1_32

SRTP_AEAD_AES_128_GCM

SRTP_AEAD_AES_256_GCM

DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM

DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM

SRTP_ARIA_128_CTR_HMAC_SHA1_80

SRTP_ARIA_128_CTR_HMAC_SHA1_32

SRTP_ARIA_256_CTR_HMAC_SHA1_80

SRTP_ARIA_256_CTR_HMAC_SHA1_32

SRTP_AEAD_ARIA_128_GCM

SRTP_AEAD_ARIA_256_GCM

class mtf.network_port.tls.tls_dtls_config.MaxFragmentLength

Enum to represent MaxFragmentLength with corresponding Java enum values.

TWO_9

TWO_10

TWO_11

TWO_12

class mtf.network_port.tls.tls_dtls_config.PskKeyExchangeMode

Enum to represent PskKeyExchangeMode with corresponding Java enum values.

PSK_KE

PSK_DHE_KE

class mtf.network_port.tls.tls_dtls_config.CertificateType

Enum to represent CertificateType with corresponding Java enum values.

X509

OPEN_PGP

RAW_PUBLIC_KEY

class mtf.network_port.tls.tls_dtls_config.HeartbeatMode

Enum to represent HeartbeatMode with corresponding Java enum values.

PEER_ALLOWED_TO_SEND

PEER_NOT_ALLOWED_TO_SEND

class mtf.network_port.tls.tls_dtls_config.SignatureAndHashAlgorithm

Enum to represent Signature and Hash Algorithm with corresponding Java enum values.

ANONYMOUS_NONE

ANONYMOUS_MD5

ANONYMOUS_SHA1

ANONYMOUS_SHA224

ANONYMOUS_SHA256

ANONYMOUS_SHA384

ANONYMOUS_SHA512

RSA_NONE

RSA_MD5

RSA_SHA1

RSA_SHA224

RSA_SHA256

RSA_SHA384

RSA_SHA512

DSA_NONE

DSA_MD5

DSA_SHA1

DSA_SHA224

DSA_SHA256

DSA_SHA384

DSA_SHA512

ECDSA_NONE

ECDSA_MD5

ECDSA_SHA1

ECDSA_SHA224

ECDSA_SHA256

ECDSA_SHA384

ECDSA_SHA512

SM2_SM3

ED25519

ED448

RSA_PSS_RSAE_SHA256

RSA_PSS_RSAE_SHA384

RSA_PSS_RSAE_SHA512

RSA_PSS_PSS_SHA256

RSA_PSS_PSS_SHA384

RSA_PSS_PSS_SHA512

GOSTR34102001_GOSTR3411

GOSTR34102012_256_GOSTR34112012_256

GOSTR34102012_512_GOSTR34112012_512

ECDSA_BRAINPOOL_P256R1_TLS13_SHA256

ECDSA_BRAINPOOL_P384R1_TLS13_SHA384

ECDSA_BRAINPOOL_P512R1_TLS13_SHA512

GREASE_00

GREASE_01

GREASE_02

GREASE_03

GREASE_04

GREASE_05

GREASE_06

GREASE_07

GREASE_08

GREASE_09

GREASE_10

GREASE_11

GREASE_12

GREASE_13

GREASE_14

GREASE_15

class mtf.network_port.tls.tls_dtls_config.ECPointFormat

Enum to represent ECPointFormat with corresponding Java enum values.

UNCOMPRESSED

ANSIX962_COMPRESSED_PRIME

ANSIX962_COMPRESSED_CHAR2

class mtf.network_port.tls.tls_dtls_config.NamedGroup

Enum to represent NamedGroup with corresponding Java enum values.

Each NamedGroup enum member contains: - byte_value: A byte representation of the group. - group_name: The name of the group as a string. - group_size: The size of the group, if applicable.

This enum interacts with the de.rub.nds.tlsattacker.core.constants.NamedGroup Java enum via JPype and can dynamically load the Java enum value corresponding to the Python enum member.

SECT163K1

SECT163R1

SECT163R2

SECT193R1

SECT193R2

SECT233K1

SECT233R1

SECT239K1

SECT283K1

SECT283R1

SECT409K1

SECT409R1

SECT571K1

SECT571R1

SECP160K1

SECP160R1

SECP160R2

SECP192K1

SECP192R1

SECP224K1

SECP224R1

SECP256K1

SECP256R1

SECP384R1

SECP521R1

BRAINPOOLP256R1

BRAINPOOLP384R1

BRAINPOOLP512R1

ECDH_X25519

ECDH_X448

CURVE_SM2

FFDHE2048

FFDHE3072

FFDHE4096

FFDHE6144

FFDHE8192

EXPLICIT_PRIME

EXPLICIT_CHAR2

GREASE_00

GREASE_01

GREASE_02

GREASE_03

GREASE_04

GREASE_05

GREASE_06

GREASE_07

GREASE_08

GREASE_09

GREASE_10

GREASE_11

GREASE_12

GREASE_13

GREASE_14

GREASE_15

__init__(byte_value, group_name, group_size)

Initializes a NamedGroup enum member.

Parameters:

byte_value: Byte representation of the group.
group_name: String name of the group.
group_size: Size of the group (or None for GREASE values).

class mtf.network_port.tls.tls_dtls_config.TlsMessage

Enum representing various TLS message types used in the TLS handshake process.

Each enum member corresponds to a fully qualified Java class name that represents a specific type of TLS message. These message types can be dynamically loaded and processed using jpype in the TlsAttacker framework.

Enum Members:

HELLO_VERIFY_REQUESTstr: Represents the HelloVerifyRequestMessage used in DTLS handshakes to verify the client’s IP address.
CHANGE_CIPHER_SPECstr: Represents the ChangeCipherSpecMessage, indicating that the sender is ready to begin using new cryptographic parameters.
CERTIFICATE_REQUESTstr: Represents the CertificateRequestMessage, sent by the server to request the client’s certificate.
SERVER_HELLO_DONEstr: Represents the ServerHelloDoneMessage, indicating the server has finished its part of the handshake.
SERVER_KEY_EXCHANGEstr: Represents the ServerKeyExchangeMessage, used to provide the server’s key-exchange parameters.
FINISHED_MESSAGEstr: Represents the FinishedMessage, indicating the completion of the handshake process.
ALERTstr: Represents the AlertMessage, used to signal errors or important notifications in the TLS session.
SERVER_HELLOstr: Represents the ServerHelloMessage, sent by the server to confirm selected handshake parameters.
CLIENT_HELLOstr: Represents the ClientHelloMessage, sent by the client to initiate the TLS handshake with proposed parameters.
CLIENT_KEY_EXCHANGEstr: Represents the ClientKeyExchangeMessage, used to securely exchange key material between the client and server.
CERTIFICATEstr: Represents the CertificateMessage, used to send the sender’s public key to the recipient for authentication.

HELLO_VERIFY_REQUEST

CHANGE_CIPHER_SPEC

CERTIFICATE_REQUEST

SERVER_HELLO_DONE

SERVER_KEY_EXCHANGE

FINISHED_MESSAGE

ALERT

SERVER_HELLO

CLIENT_HELLO

CLIENT_KEY_EXCHANGE

CERTIFICATE

EncryptedExtensionsMessage

ApplicationMessage

ResetConnectionAction

RenegotiationAction

NewSessionTicketMessage

class mtf.network_port.tls.tls_dtls_config.TlsExtensionType

Enum representing the different types of TLS extensions.

TLS extensions are used in the TLS handshake to negotiate various parameters between the client and server. Each extension type corresponds to a specific functionality that can be negotiated or enabled during the handshake.

Attributes:

SERVER_NAME (int): Server Name Indication (SNI) extension, value 0.

MAX_FRAGMENT_LENGTH (int): Maximum Fragment Length extension, value 1.

CLIENT_CERTIFICATE_URL (int): Client Certificate URL extension, value 2.

TRUSTED_CA_KEYS (int): Trusted CA Keys extension, value 3.

TRUNCATED_HMAC (int): Truncated HMAC extension, value 4.

STATUS_REQUEST (int): Certificate Status Request extension, value 5.

USER_MAPPING (int): User Mapping extension, value 6.

CLIENT_AUTHZ (int): Client Authorization extension, value 7.

SERVER_AUTHZ (int): Server Authorization extension, value 8.

CERT_TYPE (int): Certificate Type extension, value 9.

SUPPORTED_GROUPS (int): Supported Elliptic Curves extension, value 10.

EC_POINT_FORMATS (int): Supported EC Point Formats extension, value 11.

SRP (int): Secure Remote Password (SRP) extension, value 12.

SIGNATURE_ALGORITHMS (int): Signature Algorithms extension, value 13.

USE_SRTP (int): Use SRTP extension, value 14.

HEARTBEAT (int): Heartbeat extension, value 15.

ALPN (int): Application-Layer Protocol Negotiation (ALPN) extension, value 16.

STATUS_REQUEST_V2 (int): Status Request Version 2 extension, value 17.

SIGNED_CERTIFICATE_TIMESTAMP (int): Signed Certificate Timestamp extension, value 18.

CLIENT_CERT_TYPE (int): Client Certificate Type extension, value 19.

SERVER_CERT_TYPE (int): Server Certificate Type extension, value 20.

PADDING (int): Padding extension, value 21.

ENCRYPT_THEN_MAC (int): Encrypt-Then-MAC extension, value 22.

EXTENDED_MASTER_SECRET (int): Extended Master Secret extension, value 23.

TOKEN_BINDING (int): Token Binding extension, value 24.

CACHED_INFO (int): Cached Info extension, value 25.

COMPRESS_CERTIFICATE (int): Compress Certificate extension, value 27.

RECORD_SIZE_LIMIT (int): Record Size Limit extension, value 28.

PWD_PROTECT (int): Password Protect extension, value 29.

PWD_CLEAR (int): Password Clear extension, value 30.

PASSWORD_SALT (int): Password Salt extension, value 31.

SESSION_TICKET (int): Session Ticket extension, value 35.

EXTENDED_RANDOM (int): Extended Random extension, value 40.

PSK_IDENTITY (int): Pre-Shared Key Identity extension, value 41.

EARLY_DATA (int): Early Data extension, value 42.

SUPPORTED_VERSIONS (int): Supported Versions extension, value 43.

COOKIE (int): Cookie extension, value 44.

PSK_KEY_EXCHANGE_MODES (int): PSK Key Exchange Modes extension, value 45.

CERTIFICATE_AUTHORITIES (int): Certificate Authorities extension, value 47.

OID_FILTERS (int): OID Filters extension, value 48.

POST_HANDSHAKE_AUTH (int): Post-Handshake Authentication extension, value 49.

SIGNATURE_ALGORITHMS_CERT (int): Signature Algorithms for Certificates extension, value 50.

KEY_SHARE (int): Key Share extension, value 51.

TRANSPARENCY_INFO (int): Certificate Transparency extension, value 52.

CONNECTION_ID_DEPRECATED (int): Deprecated Connection ID extension, value 53.

CONNECTION_ID (int): Connection ID extension, value 54.

EXTERNAL_ID_HASH (int): External ID Hash extension, value 55.

EXTERNAL_SESSION_ID (int): External Session ID extension, value 56.

QUIC_TRANSPORT_PARAMETERS (int): QUIC Transport Parameters extension, value 57.

TICKET_REQUEST (int): Ticket Request extension, value 58.

DNSSEC_CHAIN (int): DNSSEC Chain extension, value 59.

NPN (int): Next Protocol Negotiation (NPN) extension, value 13172.

RENEGOTIATION_INFO (int): Renegotiation Info extension, value 65281.

ENCRYPTED_SERVER_NAME_INDICATION (int):: Encrypted Server Name Indication extension, value 65486.
ENCRYPTED_CLIENT_HELLO_DRAFT_07 (int):: Encrypted Client Hello Draft 07 extension, value 65282.
ENCRYPTED_CLIENT_HELLO_DRAFT_08 (int):: Encrypted Client Hello Draft 08 extension, value 65288.
ENCRYPTED_CLIENT_HELLO_DRAFT_09 (int):: Encrypted Client Hello Draft 09 extension, value 65289.
ENCRYPTED_CLIENT_HELLO_DRAFT_10 (int):: Encrypted Client Hello Draft 10 extension, value 65290.
ENCRYPTED_CLIENT_HELLO_DRAFT_11 (int):: Encrypted Client Hello Draft 11 extension, value 65291.
ENCRYPTED_CLIENT_HELLO_DRAFT_12 (int):: Encrypted Client Hello Draft 12 extension, value 65292.
ENCRYPTED_CLIENT_HELLO (int):: Encrypted Client Hello extension, value 65037.

SERVER_NAME

MAX_FRAGMENT_LENGTH

CLIENT_CERTIFICATE_URL

TRUSTED_CA_KEYS

TRUNCATED_HMAC

STATUS_REQUEST

USER_MAPPING

CLIENT_AUTHZ

SERVER_AUTHZ

CERT_TYPE

SUPPORTED_GROUPS

EC_POINT_FORMATS

SRP

SIGNATURE_ALGORITHMS

USE_SRTP

HEARTBEAT

ALPN

STATUS_REQUEST_V2

SIGNED_CERTIFICATE_TIMESTAMP

CLIENT_CERT_TYPE

SERVER_CERT_TYPE

PADDING

ENCRYPT_THEN_MAC

EXTENDED_MASTER_SECRET

TOKEN_BINDING

CACHED_INFO

COMPRESS_CERTIFICATE

RECORD_SIZE_LIMIT

PWD_PROTECT

PWD_CLEAR

PASSWORD_SALT

SESSION_TICKET

PSK_IDENTITY

EARLY_DATA

SUPPORTED_VERSIONS

COOKIE

PSK_KEY_EXCHANGE_MODES

CERTIFICATE_AUTHORITIES

OID_FILTERS

POST_HANDSHAKE_AUTH

SIGNATURE_ALGORITHMS_CERT

KEY_SHARE

TRANSPARENCY_INFO

CONNECTION_ID_DEPRECATED

CONNECTION_ID

EXTERNAL_ID_HASH

EXTERNAL_SESSION_ID

QUIC_TRANSPORT_PARAMETERS

TICKET_REQUEST

DNSSEC_CHAIN

NPN

RENEGOTIATION_INFO

ENCRYPTED_SERVER_NAME_INDICATION

ENCRYPTED_CLIENT_HELLO

class mtf.network_port.tls.tls_dtls_config.TLSConfigurator

Configuration for TLS/DTLS.

args:

dst_address: The destination address (IP, port) tuple for the TLS/DTLS server or client.

src_address: The Source address (IP, port) tuple for the TLS/DTLS client (binding).

secure_version: The TLS/DTLS version to use.

max_secure_version: The maximum TLS/DTLS version to support.

min_secure_version: The minimum TLS/DTLS version to support.

psk_identity: The identity for PSK (Pre-Shared Key).

psk_identity_hint: Set the server PSK identity hint.

psk_key: The key for PSK.

certfile_path: The file path to the certificate file used by the DTLS/TLS server or client.

keyfile_path: The file path to the private key corresponding to the certificate: specified in certfile_path.

time_out: The timeout value for the TLS/DTLS connection. (ms for TLS-Attacker / s for OpenSSL)

backlog: The backlog value for the socket.

buffer_size: The buffer size for socket data.

cipher_list: The list of ciphers to support.

options: Additional options for the TLS/DTLS context.

curve_name: The elliptic curve to use for ECDHE key exchange.

server_name: The server name for SNI (Server Name Indication).

sni_callback: A callback function to handle server name indications.

ocsp_callback: Optional callback function for OCSP client/server validation.

ocsp_callback_data: Optional data for the OCSP client/server callback.

srtp_profiles: Optional SRTP profiles to use(DTLS).

alpn_protos: Optional list of ALPN protocols to advertise.

alpn_select_callback: Optional callback function for ALPN protocol selection.

client_ca_list: Optional list of client certificate authorities.

keylog_callback: Optional callback function to handle TLS key material logging.

keylog_file_path: Path to the key log file if the default key log callback is used.

record_version: The record version of TLS/DTLS, represented as a: tuple (major, minor) or as a ProtocolVersion enum.

tls_attacker_apps_path: The path to TLS-attacker applications

Notes:

If keylog_callback is not provided, a default callback will be used. This default callback writes keying material to the file specified by keylog_file_path.
Make sure to select the right cipher that supports both PSK and ECDHE. For example: ‘ECDHE-PSK-CHACHA20-POLY1305’. More supported ciphers can be found by running the command: openssl ciphers -v PSK
The list of supported curves can be found in the documentation or by running: openssl ecparam -list_curves
Selecting an unsupported curve will raise a ValueError

dst_address: tuple | None

src_address: tuple | None

session_id: str | None

secure_version: Any | None

max_secure_version: int

min_secure_version: int

psk_identity_hint: bytes | None

psk_identity: bytes | None

psk_key: bytes | None

certfile_path: str | None

keyfile_path: str | None

time_out: Any

backlog: int

buffer_size: int

cipher_list: Any

options: int

curve_name: str | None

server_name: str | None

sni_callback: Callable[[Connection], None] | None

ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None

ocsp_callback_data: Any | None

srtp_profiles: str | None

alpn_protos: List[bytes] | None

alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None

client_ca_list: Sequence[X509Name] | None

keylog_callback: Callable[[Connection, bytes], None] | None

keylog_file_path: str

record_version: ProtocolVersion | None

tls_attacker_apps_path: str | None

__init__(dst_address: tuple | None = None, src_address: tuple | None = None, session_id: str | None = 'AABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABB', secure_version: Any | None = 7, max_secure_version: int | None = None, min_secure_version: int | None = None, psk_identity_hint: bytes | None = None, psk_identity: bytes | None = None, psk_key: bytes | None = None, certfile_path: str | None = None, keyfile_path: str | None = None, time_out: Any = 10000, backlog: int = 5, buffer_size: int = 1024, cipher_list: Any = b'TLS_PSK_WITH_AES_256_CBC_SHA', options: int | None = None, curve_name: str | None = None, server_name: str | None = None, sni_callback: Callable[[Connection], None] | None = None, ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None = None, ocsp_callback_data: Any | None = None, srtp_profiles: str | None = None, alpn_protos: List[bytes] | None = None, alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None = None, client_ca_list: Sequence[X509Name] | None = None, keylog_callback: Callable[[Connection, bytes], None] | None = None, keylog_file_path: str = 'keylogfile.log', record_version: ProtocolVersion | None = ProtocolVersion.TLS10, tls_attacker_apps_path: str | None = None) → None

class mtf.network_port.tls.tls_dtls_config.ClientHello

Represents a TLS ClientHello message, which is sent by the client to initiate a TLS handshake with the server.

Attributes:

protocol_version (bytes): The version of the TLS protocol proposed by the client.

unix_time (bytes): The current time in UNIX timestamp format (4 bytes).

random (bytes): A random value generated by the client (28 bytes).

session_id_length (int): The length of the session ID.

session_id (bytes): The current session ID (if a session resumption attempt is being made).

compression_length (int): The length of the compression methods list.

cipher_suite_length (int): The length of the cipher_suites list.

cipher_suites (list): The list of supported cipher suites by the client.

compressions (list): The list of supported compression methods by the client.

cookie (bytes): A stateless cookie (used in DTLS) for verifying the client identity.

cookie_length (int): The length of the cookie.

protocol_version: bytes

unix_time: bytes

random: bytes

session_id_length: int

session_id: bytes

compression_length: int

cipher_suite_length: int

cipher_suites: list

compressions: list

cookie: bytes

cookie_length: int

__init__(protocol_version: bytes, unix_time: bytes, random: bytes, session_id_length: int, session_id: bytes, compression_length: int, cipher_suite_length: int, cipher_suites: list, compressions: list, cookie: bytes, cookie_length: int) → None

class mtf.network_port.tls.tls_dtls_config.ServerHello

Represents a TLS ServerHello message, which is the server’s response to the client’s ClientHello in a TLS handshake.

Attributes:

protocol_version (bytes): The version of the TLS protocol selected by the server.

unix_time (bytes): The current time in UNIX timestamp format (4 bytes).

random (bytes): A random value generated by the server (28 bytes).

session_id_length (int): The length of the session ID.

session_id (bytes): The chosen or resumed session ID.

selected_cipher_suite (bytes): The cipher suite selected by the server.

selected_compression_method (bytes): The compression method selected by the server.

auto_set_hello_retry_mode_in_key_share (bool): Indicates if HelloRetryRequest mode should be set automatically in the key share (applicable in TLS 1.3).

protocol_version: bytes

unix_time: bytes

random: bytes

session_id_length: int

session_id: bytes

selected_cipher_suite: bytes

selected_compression_method: bytes

auto_set_hello_retry_mode_in_key_share: bool

__init__(protocol_version: bytes, unix_time: bytes, random: bytes, session_id_length: int, session_id: bytes, selected_cipher_suite: bytes, selected_compression_method: bytes, auto_set_hello_retry_mode_in_key_share: bool) → None

class mtf.network_port.tls.tls_dtls_config.HelloVerifyRequest

Represents a DTLS HelloVerifyRequest message, which is used to prevent Denial-of-Service attacks by verifying that the client can receive packets at the claimed source address.

Attributes:

protocol_version (bytes): The DTLS protocol version.

cookie_length (bytes): The length of the cookie.

cookie (bytes): The stateless cookie the client must echo in its next ClientHello.

protocol_version: bytes

cookie_length: bytes

cookie: bytes

__init__(protocol_version: bytes, cookie_length: bytes, cookie: bytes) → None

class mtf.network_port.tls.tls_dtls_config.PskClientKeyExchange

Represents the PSK (Pre-Shared Key) ClientKeyExchange message, which sends the identity of the pre-shared key the client wishes to use.

Attributes:

identity (int): The pre-shared key identity (an identifier for a known PSK).

identity_length (bytes): The length of the identity field.

identity: int

identity_length: bytes

__init__(identity: int, identity_length: bytes) → None

class mtf.network_port.tls.tls_dtls_config.PskServerKeyExchange

Represents the PSK (Pre-Shared Key) ServerKeyExchange message, which sends an optional identity hint to the client.

Attributes:

identity_hint (int): A hint for which pre-shared key the client should use.

identity_hint_length (bytes): The length of the identity hint field.

identity_hint: int

identity_hint_length: bytes

__init__(identity_hint: int, identity_hint_length: bytes) → None

class mtf.network_port.tls.tls_dtls_config.Alert

Represents a TLS Alert message, which indicates that a particular event or error has occurred during a TLS session.

Attributes:

level (bytes): The alert level (warning(1) or fatal(2)).

description (bytes): A single byte describing the alert type (e.g. close_notify, unexpected_message, etc.).

level: bytes

description: bytes

__init__(level: bytes, description: bytes) → None

class mtf.network_port.tls.tls_dtls_config.ChangeCipherSpec

Represents a TLS ChangeCipherSpec message, which notifies the receiving party that subsequent records will be protected under the newly negotiated CipherSpec and keys.

Attributes:: ccs_protocol_type (bytes): Indicates the type (usually a single byte with the value 1 to indicate a ChangeCipherSpec message).

ccs_protocol_type: bytes

__init__(ccs_protocol_type: bytes) → None

class mtf.network_port.tls.tls_dtls_config.Finished

Represents a TLS Finished message, which is sent to indicate that the handshake is complete. It contains a cryptographic hash of the handshake messages sent or received so far.

Attributes:: verify_data (bytes): A value computed from the handshake messages, used to verify that both parties have the same handshake state.

verify_data: bytes

__init__(verify_data: bytes) → None