OLD | NEW |
---|---|
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Dave Baggett (Arcode Corporation) - canonicalCipherName | 3 # Dave Baggett (Arcode Corporation) - canonicalCipherName |
4 # | 4 # |
5 # See the LICENSE file for legal information regarding use of this file. | 5 # See the LICENSE file for legal information regarding use of this file. |
6 | 6 |
7 """Class representing a TLS session.""" | 7 """Class representing a TLS session.""" |
8 | 8 |
9 from .utils.compat import * | 9 from .utils.compat import * |
10 from .mathtls import * | 10 from .mathtls import * |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
44 @ivar tackInHelloExt: True if a TACK was presented via TLS Extension. | 44 @ivar tackInHelloExt: True if a TACK was presented via TLS Extension. |
45 """ | 45 """ |
46 | 46 |
47 def __init__(self): | 47 def __init__(self): |
48 self.masterSecret = bytearray(0) | 48 self.masterSecret = bytearray(0) |
49 self.sessionID = bytearray(0) | 49 self.sessionID = bytearray(0) |
50 self.cipherSuite = 0 | 50 self.cipherSuite = 0 |
51 self.srpUsername = "" | 51 self.srpUsername = "" |
52 self.clientCertChain = None | 52 self.clientCertChain = None |
53 self.serverCertChain = None | 53 self.serverCertChain = None |
54 self.clientRandom = b"" | |
55 self.serverRandom = b"" | |
54 self.tackExt = None | 56 self.tackExt = None |
55 self.tackInHelloExt = False | 57 self.tackInHelloExt = False |
56 self.serverName = "" | 58 self.serverName = "" |
57 self.resumable = False | 59 self.resumable = False |
58 | 60 |
59 def create(self, masterSecret, sessionID, cipherSuite, | 61 def create(self, masterSecret, sessionID, cipherSuite, |
60 srpUsername, clientCertChain, serverCertChain, | 62 srpUsername, clientCertChain, serverCertChain, clientRandom, |
61 tackExt, tackInHelloExt, serverName, resumable=True): | 63 serverRandom, tackExt, tackInHelloExt, serverName, resumable=True): |
62 self.masterSecret = masterSecret | 64 self.masterSecret = masterSecret |
63 self.sessionID = sessionID | 65 self.sessionID = sessionID |
64 self.cipherSuite = cipherSuite | 66 self.cipherSuite = cipherSuite |
65 self.srpUsername = srpUsername | 67 self.srpUsername = srpUsername |
66 self.clientCertChain = clientCertChain | 68 self.clientCertChain = clientCertChain |
67 self.serverCertChain = serverCertChain | 69 self.serverCertChain = serverCertChain |
70 self.clientRandom = clientRandom | |
71 self.serverRandom = serverRandom | |
davidben
2015/11/18 20:49:01
I don't think storing the client/server random on
nharper
2015/12/04 01:42:20
Moved to the TLSConnection class. The clientRandom
| |
68 self.tackExt = tackExt | 72 self.tackExt = tackExt |
69 self.tackInHelloExt = tackInHelloExt | 73 self.tackInHelloExt = tackInHelloExt |
70 self.serverName = serverName | 74 self.serverName = serverName |
71 self.resumable = resumable | 75 self.resumable = resumable |
72 | 76 |
73 def _clone(self): | 77 def _clone(self): |
74 other = Session() | 78 other = Session() |
75 other.masterSecret = self.masterSecret | 79 other.masterSecret = self.masterSecret |
76 other.sessionID = self.sessionID | 80 other.sessionID = self.sessionID |
77 other.cipherSuite = self.cipherSuite | 81 other.cipherSuite = self.cipherSuite |
78 other.srpUsername = self.srpUsername | 82 other.srpUsername = self.srpUsername |
79 other.clientCertChain = self.clientCertChain | 83 other.clientCertChain = self.clientCertChain |
80 other.serverCertChain = self.serverCertChain | 84 other.serverCertChain = self.serverCertChain |
85 other.clientRandom = self.clientRandom | |
86 other.serverRandom = self.serverRandom | |
81 other.tackExt = self.tackExt | 87 other.tackExt = self.tackExt |
82 other.tackInHelloExt = self.tackInHelloExt | 88 other.tackInHelloExt = self.tackInHelloExt |
83 other.serverName = self.serverName | 89 other.serverName = self.serverName |
84 other.resumable = self.resumable | 90 other.resumable = self.resumable |
85 return other | 91 return other |
86 | 92 |
87 def valid(self): | 93 def valid(self): |
88 """If this session can be used for session resumption. | 94 """If this session can be used for session resumption. |
89 | 95 |
90 @rtype: bool | 96 @rtype: bool |
(...skipping 26 matching lines...) Expand all Loading... | |
117 """ | 123 """ |
118 return CipherSuite.canonicalCipherName(self.cipherSuite) | 124 return CipherSuite.canonicalCipherName(self.cipherSuite) |
119 | 125 |
120 def getMacName(self): | 126 def getMacName(self): |
121 """Get the name of the HMAC hash algo used with this connection. | 127 """Get the name of the HMAC hash algo used with this connection. |
122 | 128 |
123 @rtype: str | 129 @rtype: str |
124 @return: The name of the HMAC hash algo used with this connection. | 130 @return: The name of the HMAC hash algo used with this connection. |
125 """ | 131 """ |
126 return CipherSuite.canonicalMacName(self.cipherSuite) | 132 return CipherSuite.canonicalMacName(self.cipherSuite) |
133 | |
134 def exportKeyingMaterial(self, version, label, context, use_context, length) : | |
135 """Returns the exported keying material as defined in RFC 5705.""" | |
davidben
2015/11/18 20:49:01
Ditto. The client and server random used in the ex
nharper
2015/12/04 01:42:20
Done.
| |
136 | |
137 seed = self.clientRandom + self.serverRandom | |
138 if use_context: | |
139 if len(context) > 65535: | |
140 raise ValueError("Context is too long") | |
141 seed += bytearray(2) | |
142 seed[len(seed) - 2] = len(context) >> 8 | |
143 seed[len(seed) - 1] = len(context) & 0xFF | |
144 seed += context | |
145 if version in ((3,1), (3,2)): | |
146 return PRF(self.masterSecret, label, seed, length) | |
147 elif version == (3,3): | |
148 return PRF_1_2(self.masterSecret, label, seed, length) | |
149 else: | |
150 raise AssertionError() | |
OLD | NEW |