summaryrefslogtreecommitdiffstats
path: root/src/lib/tlslite/Session.py
diff options
context:
space:
mode:
authorNarayan Desai <desai@mcs.anl.gov>2007-03-12 16:22:51 +0000
committerNarayan Desai <desai@mcs.anl.gov>2007-03-12 16:22:51 +0000
commit6e5e9c8e969207e68665f12665a54768090897e4 (patch)
treede198777d5041073db4634a24ca37efad2a1017f /src/lib/tlslite/Session.py
parentac3eb44f16bc14e41ed62169ca36e9992509d7d6 (diff)
downloadbcfg2-6e5e9c8e969207e68665f12665a54768090897e4.tar.gz
bcfg2-6e5e9c8e969207e68665f12665a54768090897e4.tar.bz2
bcfg2-6e5e9c8e969207e68665f12665a54768090897e4.zip
Merged in certs branch in preparation for 0.9.3pre2
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@2928 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/tlslite/Session.py')
-rwxr-xr-xsrc/lib/tlslite/Session.py131
1 files changed, 131 insertions, 0 deletions
diff --git a/src/lib/tlslite/Session.py b/src/lib/tlslite/Session.py
new file mode 100755
index 000000000..a951f4589
--- /dev/null
+++ b/src/lib/tlslite/Session.py
@@ -0,0 +1,131 @@
+"""Class representing a TLS session."""
+
+from utils.compat import *
+from mathtls import *
+from constants import *
+
+class Session:
+ """
+ This class represents a TLS session.
+
+ TLS distinguishes between connections and sessions. A new
+ handshake creates both a connection and a session. Data is
+ transmitted over the connection.
+
+ The session contains a more permanent record of the handshake. The
+ session can be inspected to determine handshake results. The
+ session can also be used to create a new connection through
+ "session resumption". If the client and server both support this,
+ they can create a new connection based on an old session without
+ the overhead of a full handshake.
+
+ The session for a L{tlslite.TLSConnection.TLSConnection} can be
+ retrieved from the connection's 'session' attribute.
+
+ @type srpUsername: str
+ @ivar srpUsername: The client's SRP username (or None).
+
+ @type sharedKeyUsername: str
+ @ivar sharedKeyUsername: The client's shared-key username (or
+ None).
+
+ @type clientCertChain: L{tlslite.X509CertChain.X509CertChain} or
+ L{cryptoIDlib.CertChain.CertChain}
+ @ivar clientCertChain: The client's certificate chain (or None).
+
+ @type serverCertChain: L{tlslite.X509CertChain.X509CertChain} or
+ L{cryptoIDlib.CertChain.CertChain}
+ @ivar serverCertChain: The server's certificate chain (or None).
+ """
+
+ def __init__(self):
+ self.masterSecret = createByteArraySequence([])
+ self.sessionID = createByteArraySequence([])
+ self.cipherSuite = 0
+ self.srpUsername = None
+ self.sharedKeyUsername = None
+ self.clientCertChain = None
+ self.serverCertChain = None
+ self.resumable = False
+ self.sharedKey = False
+
+ def _clone(self):
+ other = Session()
+ other.masterSecret = self.masterSecret
+ other.sessionID = self.sessionID
+ other.cipherSuite = self.cipherSuite
+ other.srpUsername = self.srpUsername
+ other.sharedKeyUsername = self.sharedKeyUsername
+ other.clientCertChain = self.clientCertChain
+ other.serverCertChain = self.serverCertChain
+ other.resumable = self.resumable
+ other.sharedKey = self.sharedKey
+ return other
+
+ def _calcMasterSecret(self, version, premasterSecret, clientRandom,
+ serverRandom):
+ if version == (3,0):
+ self.masterSecret = PRF_SSL(premasterSecret,
+ concatArrays(clientRandom, serverRandom), 48)
+ elif version in ((3,1), (3,2)):
+ self.masterSecret = PRF(premasterSecret, "master secret",
+ concatArrays(clientRandom, serverRandom), 48)
+ else:
+ raise AssertionError()
+
+ def valid(self):
+ """If this session can be used for session resumption.
+
+ @rtype: bool
+ @return: If this session can be used for session resumption.
+ """
+ return self.resumable or self.sharedKey
+
+ def _setResumable(self, boolean):
+ #Only let it be set if this isn't a shared key
+ if not self.sharedKey:
+ #Only let it be set to True if the sessionID is non-null
+ if (not boolean) or (boolean and self.sessionID):
+ self.resumable = boolean
+
+ def getCipherName(self):
+ """Get the name of the cipher used with this connection.
+
+ @rtype: str
+ @return: The name of the cipher used with this connection.
+ Either 'aes128', 'aes256', 'rc4', or '3des'.
+ """
+ if self.cipherSuite in CipherSuite.aes128Suites:
+ return "aes128"
+ elif self.cipherSuite in CipherSuite.aes256Suites:
+ return "aes256"
+ elif self.cipherSuite in CipherSuite.rc4Suites:
+ return "rc4"
+ elif self.cipherSuite in CipherSuite.tripleDESSuites:
+ return "3des"
+ else:
+ return None
+
+ def _createSharedKey(self, sharedKeyUsername, sharedKey):
+ if len(sharedKeyUsername)>16:
+ raise ValueError()
+ if len(sharedKey)>47:
+ raise ValueError()
+
+ self.sharedKeyUsername = sharedKeyUsername
+
+ self.sessionID = createByteArrayZeros(16)
+ for x in range(len(sharedKeyUsername)):
+ self.sessionID[x] = ord(sharedKeyUsername[x])
+
+ premasterSecret = createByteArrayZeros(48)
+ sharedKey = chr(len(sharedKey)) + sharedKey
+ for x in range(48):
+ premasterSecret[x] = ord(sharedKey[x % len(sharedKey)])
+
+ self.masterSecret = PRF(premasterSecret, "shared secret",
+ createByteArraySequence([]), 48)
+ self.sharedKey = True
+ return self
+
+