Configs Module

class mtf.network_port.tls.helpers.configs.TLSConfigurator

Configuration for TLS/DTLS.

args:

dst_address: The destination address (IP, port) tuple for the TLS/DTLS server or client.

src_address: The Source address (IP, port) tuple for the TLS/DTLS client (binding).

secure_version: The TLS/DTLS version to use.

max_secure_version: The maximum TLS/DTLS version to support.

min_secure_version: The minimum TLS/DTLS version to support.

psk_identity: The identity for PSK (Pre-Shared Key).

psk_identity_hint: Set the server PSK identity hint.

psk_key: The key for PSK.

certfile_path: The file path to the certificate file used by the DTLS/TLS server or client.

keyfile_path: The file path to the private key corresponding to the certificate

specified in certfile_path.

workflow_xml: XML Workflow path to set in Attacker.

time_out: The timeout value for the TLS/DTLS connection. (ms for TLS-Attacker / s for OpenSSL)

cafile: In which file we can find the trusted certificates for the certificate chain.

backlog: The backlog value for the socket.

buffer_size: The buffer size for socket data.

cipher_list: The list of ciphers to support.

options: Additional options for the TLS/DTLS context.

respect_client_extensions: Makes the server side to respect the proposed extensions from Client

set_callback: Enables the callback for messages sent and received with PyOpenSSL

finish_with_close_notify: Decides if the workflow ends with a Close Notify or not verify: The verify mode to be set.

curve_name: The elliptic curve to use for ECDHE key exchange.

server_name: The server name for SNI (Server Name Indication).

sni_callback: A callback function to handle server name indications.

ocsp_callback: Optional callback function for OCSP client/server validation.

ocsp_callback_data: Optional data for the OCSP client/server callback.

srtp_profiles: Optional SRTP profiles to use(DTLS).

alpn_protos: Optional list of ALPN protocols to advertise.

alpn_select_callback: Optional callback function for ALPN protocol selection.

client_ca_list: Optional list of client certificate authorities.

keylog_callback: Optional callback function to handle TLS key material logging.

keylog_file_path: Path to the key log file if the default key log callback is used.

record_version: The record version of TLS/DTLS, represented as a

tuple (major, minor) or as a ProtocolVersion enum.

tls_attacker_apps_path: The path to TLS-attacker applications

use_ocsp: Boolean flag to enable OCSP stapling.

ocsp_host: The host where the OCSP responder is running

(e.g., “localhost”, “127.0.0.1”, or “[::1]”).

ocsp_issuer_file: The file path to the issuer certificate to be used in OCSP queries.

ocsp_crt (Optional[str]): Path to the certificate being checked in the OCSP request.

ocsp_port (Optional[int]): The port where the OCSP responder is running.

Notes:

• If keylog_callback is not provided, a default callback will be used. This default callback writes keying material to the file specified by keylog_file_path.

• Make sure to select the right cipher that supports both PSK and ECDHE. For example: ‘ECDHE-PSK-CHACHA20-POLY1305’. More supported ciphers can be found by running the command: openssl ciphers -v PSK

• The list of supported curves can be found in the documentation or by running: openssl ecparam -list_curves

• Selecting an unsupported curve will raise a ValueError

dst_address: tuple | None

src_address: tuple | None

session_id: str | None

secure_version: Any | None

max_secure_version: int | None

min_secure_version: int | None

psk_identity_hint: bytes | None

psk_identity: bytes | None

psk_key: bytes | None

certfile_path: str | None

keyfile_path: str | None

workflow_xml: str | None

time_out: Any

cafile: str | None

backlog: int

buffer_size: int

cipher_list: Any

options: int | None

respect_client_extensions: bool | None

set_callback: bool | None

finish_with_close_notify: bool | None

verify: int | None

curve_name: str | None

server_name: str | None

sni_callback: Callable[[Connection], None] | None

ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None

ocsp_callback_data: Any | None

srtp_profiles: str | None

alpn_protos: List[bytes] | None

alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None

client_ca_list: Sequence[X509Name] | None

keylog_callback: Callable[[Connection, bytes], None] | None

keylog_file_path: str

record_version: ProtocolVersion | None

tls_attacker_apps_path: str | None

use_ocsp: bool

ocsp_host: str

ocsp_issuer_file: str | None

ocsp_crt: str | None

ocsp_port: int | None

__init__(dst_address: tuple | None = None, src_address: tuple | None = None, session_id: str | None = 'AABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABB', secure_version: Any | None = 7, max_secure_version: int | None = None, min_secure_version: int | None = None, psk_identity_hint: bytes | None = None, psk_identity: bytes | None = None, psk_key: bytes | None = None, certfile_path: str | None = None, keyfile_path: str | None = None, workflow_xml: str | None = None, time_out: Any = 10000, cafile: str | None = None, backlog: int = 5, buffer_size: int = 1024, cipher_list: Any = b'TLS_PSK_WITH_AES_256_CBC_SHA', options: int | None = None, respect_client_extensions: bool | None = True, set_callback: bool | None = False, finish_with_close_notify: bool | None = False, verify: int | None = None, curve_name: str | None = None, server_name: str | None = None, sni_callback: Callable[[Connection], None] | None = None, ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None = None, ocsp_callback_data: Any | None = None, srtp_profiles: str | None = None, alpn_protos: List[bytes] | None = None, alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None = None, client_ca_list: Sequence[X509Name] | None = None, keylog_callback: Callable[[Connection, bytes], None] | None = None, keylog_file_path: str = 'keylogfile.log', record_version: ProtocolVersion | None = ProtocolVersion.TLS10, tls_attacker_apps_path: str | None = None, use_ocsp: bool = False, ocsp_host: str = 'localhost', ocsp_issuer_file: str | None = None, ocsp_crt: str | None = None, ocsp_port: int | None = None) → None

class mtf.network_port.tls.helpers.configs.MsgMap

Maps TLS message types to their corresponding parsed data structures.

Attributes:

msg_map (dict): A mapping of TLS message types to their respective classes.

msg_map

class mtf.network_port.tls.helpers.configs.ConnectionConfig

Configuration for network connections.

Attributes:

target_ip (Optional[str]): The IP address of the target server.

target_port (Optional[int]): The port number of the target server.

source_ip (Optional[str]): The IP address of the source (local).

source_port (Optional[int]): The port number of the source (local).

timeout (float): Timeout duration for the connection in seconds.

target_ip: str | None

target_port: int | None

source_ip: str | None

source_port: int | None

timeout: float

__init__(target_ip: str | None, target_port: int | None, source_ip: str | None, source_port: int | None, timeout: float) → None

class mtf.network_port.tls.helpers.configs.SecurityConfig

Security configuration settings for TLS/DTLS communication.

Attributes:

psk_key (str): The pre-shared key used for authentication.

psk_identity (str): The identity associated with the pre-shared key.

psk_hint (Optional[str]): A hint for the pre-shared key, if applicable.

certfile_path (Optional[str]): Path to the certificate file for authentication.

keyfile_path (Optional[str]): Path to the private key file associated with the certificate.

psk_key: str

psk_identity: str

psk_hint: str | None

certfile_path: str | None

keyfile_path: str | None

__init__(psk_key: str, psk_identity: str, psk_hint: str | None, certfile_path: str | None, keyfile_path: str | None) → None

class mtf.network_port.tls.helpers.configs.ProtocolConfig

Protocol configuration for DTLS/TLS settings.

Attributes:

dtls_version (ProtocolVersion): The DTLS/TLS version to use.

cipher (Optional[Union[str, List[str]]]): The cipher suite(s) to be used.

send_handshake_messages_within_single_record (bool): Whether to send handshake messages within a single record.

tls_attacker_apps_path (Optional[str]): Path to TLS-Attacker applications if applicable.

dtls_version: ProtocolVersion

cipher: str | List[str] | None

send_handshake_messages_within_single_record: bool

tls_attacker_apps_path: str | None

__init__(dtls_version: ProtocolVersion, cipher: str | List[str] | None, send_handshake_messages_within_single_record: bool = False, tls_attacker_apps_path: str | None = None) → None