Windows/Crypto rework: CertTree, Kerberos PKINIT, Netlogon's Kerberos secure channel, better NTLM variants

[gpotter2]

This is a pretty big PR that changes many aspects related to the cryptography of Windows protocols. This is removes the Chain helper class, which was pretty much useless and replaces it with better alternatives. This PR:

• add CMS signing / check
• refactor (a lot) scapy/layers/tls/cert.py add add documentation
  • Chain wasn't as useful as it could be. We now have a CertTree class that serves as a certificate store (think like Windows), and properly links certificates against their issuer, to a list of root CAs
  • getchain() allows to find a chain of certificates towards one
  • verify() says if a certificate can be verified against the store
• support PKINIT in Kerberos
• Load KRB5CCNAME in SPNEGO.from_cli_arguments
• much better support of X509_AlgorithmIdentifier
• fix Kerberos handling in DCE/RPC passive sniffing
• improve Kerberos handling of the "DELEGATION"-related structures
• KerberosSSP now supports simply having a TGT, and can also be created from Ticketer using ssp()
• Improve DCE/RPC context handling (keeps the context IDs when re-binding to the same interface, etc.)
• Add support for Kerberos secure channels in MS-NRPC
• Add the ability to chose between WindowsNT, Windows2000 and Windows2003+ variants of NTLM when building packets
• add an ability to NOT send channel bindings in HTTP
• add doc regarding some existing Kerberos features (e.g. FAST)

[codecov]

Codecov Report

❌ Patch coverage is 59.09879% with 236 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.79%. Comparing base (e73137e) to head (7ea2540).

Files with missing lines	Patch %	Lines
scapy/layers/kerberos.py	21.98%	110 Missing ⚠️
scapy/layers/tls/cert.py	77.88%	48 Missing ⚠️
scapy/layers/msrpce/msnrpc.py	7.31%	38 Missing ⚠️
scapy/layers/msrpce/rpcclient.py	50.00%	24 Missing ⚠️
scapy/layers/ntlm.py	70.00%	12 Missing ⚠️
scapy/libs/rfc3961.py	81.81%	2 Missing ⚠️
scapy/asn1fields.py	88.88%	1 Missing ⚠️
scapy/layers/spnego.py	96.15%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4879      +/-   ##
==========================================
- Coverage   80.86%   80.79%   -0.07%     
==========================================
  Files         368      368              
  Lines       90271    90565     +294     
==========================================
+ Hits        72996    73174     +178     
- Misses      17275    17391     +116     

Files with missing lines	Coverage Δ
scapy/asn1/mib.py	91.66% <100.00%> (+0.05%)	⬆️
scapy/layers/dcerpc.py	90.10% <100.00%> (+0.04%)	⬆️
scapy/layers/http.py	83.68% <100.00%> (+0.02%)	⬆️
scapy/layers/smb.py	76.70% <ø> (-0.36%)	⬇️
scapy/layers/smbclient.py	73.05% <ø> (ø)
scapy/layers/x509.py	97.95% <100.00%> (+0.39%)	⬆️
scapy/modules/ticketer.py	41.56% <100.00%> (+0.41%)	⬆️
scapy/asn1fields.py	83.43% <88.88%> (-0.28%)	⬇️
scapy/layers/spnego.py	78.86% <96.15%> (+8.06%)	⬆️
scapy/libs/rfc3961.py	85.80% <81.81%> (-0.07%)	⬇️
... and 5 more

... and 6 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.