* TLS module major overhaul

* Clean TLS directory

* TLS 1.3 packets and basic client automaton (+ session fixes)

* Fix multiple key share entries

* Convergence py3

* Support features from cryptography v2.0

* Validate CertificateVerify signatures

* Small fix on TLS signature parsing

* Small fixes in TLS module

* Enhance Encrypted PMS support

* Convergence py3 - print

* Revert useless changes

* Strengthen crypto lib validation

Currently, only internal encryption and decryption were tested but the
implementation might not be the on it is supposed to be.

Add reference packets generated using Ubuntu-16.04, iproute2 and ping:
 # ip -V
 ip utility, iproute2-ss151103
 # uname -a
 Linux router-vm 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
 # ping -V
 ping utility, iputils-s20160308

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

In TLS, the AES-CCM test is commented out because CCM is not supported
by cryptography. But the combined_modes_ccm keyword is made to skip
these tests.

In IPsec, some IPv4 tests are located in the IPv6 section. Also add the
same combination of test for the AES-CCM as the other modes.

Also, there is some errors in the key material as the *MUST*
implementation uses a 16 bytes key and a 3 bytes nonce. Fix those
lengths.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

The ICV size is defined by the authentication algorithm in the SA.
it can be deduced from the payloadlen field but the padding len is
unknown aswell so there is no way to find both without the SA.

Assume everything in payloadlen is the ICV until the verification called
from the SA. Fill padding when possible.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

Pypy won't run crypto tests on Travis CI because the cryptography
module cannot be installed with the Pypy version used.

See
  - https://github.com/pyca/cryptography/issues/2968 (discussion)
  - https://github.com/pyca/cryptography/issues/1141 (older)

Change the cryptographic library used in the following layers:
 * IPSec
 * TLS
 * Dot11

Notes:
 * Fix the WEP key in regression.uts: Should be a 40 bits key (5 ASCII)
   and 24 bits nonce for 64 bits WEP. The key was 8 ASCII => 88 bits
   in total
 * AES-GCM and AES-CMAC algorithms are now native in cryptography: add
   tests in ipsec.uts
 * cryptography only supports Python 2.6+
 * Fix the docstring for the pad method

Removed:
 * MD2 and MD4 hash algorithms for RSA in tls/crypto/pkcs1.py
 * AES-XCBC-96 not supported by cryptography.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

* Corrected ICV length for AES-GCM and AES-CCM in IPSec layer. Added unit tests to the ipsec campaign.

* Added travis support for pycrypto 2.7a1 combined modes.

* Updated documentation for pycrypto installation.

When using scapy as a third party library, we do not "benefit" from the
loading routine that puts all symbols in the __builtin__ namespace. This
implies that all modules must be "importable" without any errors for
undefined symbols.

This patch fixes importing every scapy module individually. Some
circular imports were fixed (between inet6 and dhcp6).

Most errors were detected by using pylint with the right configuration
(scapy produces a *lot* of errors). Other errors were detected with the
following shell script:

    export PYTHONPATH=".:$PYTHONPATH"
    for f in $(find scapy/ -name '*.py'); do
        f=${f%/__init__.py}
        module=$(echo ${f%.py} | sed 's,/,.,g')
        python -c "import $module; print $module"
    done

Also, replace all implicit relative imports by absolute imports to avoid
surprises with some python versions.

Signed-off-by: Robin Jarry <robin.jarry@6wind.com>

--HG--
branch : ipsec

This patch adds a full implementation of the IPSec layer in
scapy/layers/ipsec.py. See the module's doc string for instructions.
In order to support encryption/decryption and authentication, the
pycrypto library is required. If not found, only the NULL/NULL
algorithms will be available.

(almost) complete test suite can be found in test/ipsec.uts and can
be launched with:

  ./bin/UTscapy -m scapy/layers/ipsec.py -t test/ipsec.uts -f text -F

Signed-off-by: Robin Jarry <robin.jarry@6wind.com>

--HG--
branch : ipsec