Update tlslite to 0.4.6.

third_party/tlslite/tlslite/session.py

+# Authors: 
+#   Trevor Perrin
+#   Dave Baggett (Arcode Corporation) - canonicalCipherName
+#
+# See the LICENSE file for legal information regarding use of this file.
+
 """Class representing a TLS session."""
 
-from utils.compat import *
-from mathtls import *
-from constants import *
+from .utils.compat import *
+from .mathtls import *
+from .constants import *
 
-class Session:
+class Session(object):
     """
     This class represents a TLS session.
 
     TLS distinguishes between connections and sessions.  A new
     handshake creates both a connection and a session.  Data is
     transmitted over the connection.
 
     The session contains a more permanent record of the handshake.  The
     session can be inspected to determine handshake results.  The
     session can also be used to create a new connection through
     "session resumption". If the client and server both support this,
     they can create a new connection based on an old session without
     the overhead of a full handshake.
 
     The session for a L{tlslite.TLSConnection.TLSConnection} can be
     retrieved from the connection's 'session' attribute.
 
     @type srpUsername: str
     @ivar srpUsername: The client's SRP username (or None).
 
-    @type sharedKeyUsername: str
-    @ivar sharedKeyUsername: The client's shared-key username (or
-    None).
-
-    @type clientCertChain: L{tlslite.X509CertChain.X509CertChain} or
-    L{cryptoIDlib.CertChain.CertChain}
+    @type clientCertChain: L{tlslite.x509certchain.X509CertChain}
     @ivar clientCertChain: The client's certificate chain (or None).
 
-    @type serverCertChain: L{tlslite.X509CertChain.X509CertChain} or
-    L{cryptoIDlib.CertChain.CertChain}
+    @type serverCertChain: L{tlslite.x509certchain.X509CertChain}
     @ivar serverCertChain: The server's certificate chain (or None).
+
+    @type tackExt: L{tack.structures.TackExtension.TackExtension}
+    @ivar tackExt: The server's TackExtension (or None).
+
+    @type tackInHelloExt: L{bool}
+    @ivar tackInHelloExt: True if a TACK was presented via TLS Extension.
     """
 
     def __init__(self):
-        self.masterSecret = createByteArraySequence([])
-        self.sessionID = createByteArraySequence([])
+        self.masterSecret = bytearray(0)
+        self.sessionID = bytearray(0)
         self.cipherSuite = 0
-        self.srpUsername = None
-        self.sharedKeyUsername = None
+        self.srpUsername = ""
         self.clientCertChain = None
         self.serverCertChain = None
+        self.tackExt = None
+        self.tackInHelloExt = False
+        self.serverName = ""
         self.resumable = False
-        self.sharedKey = False
+
+    def create(self, masterSecret, sessionID, cipherSuite,
+            srpUsername, clientCertChain, serverCertChain, 
+            tackExt, tackInHelloExt, serverName, resumable=True):
+        self.masterSecret = masterSecret
+        self.sessionID = sessionID
+        self.cipherSuite = cipherSuite
+        self.srpUsername = srpUsername
+        self.clientCertChain = clientCertChain
+        self.serverCertChain = serverCertChain
+        self.tackExt = tackExt
+        self.tackInHelloExt = tackInHelloExt  
+        self.serverName = serverName
+        self.resumable = resumable
 
     def _clone(self):
         other = Session()
         other.masterSecret = self.masterSecret
         other.sessionID = self.sessionID
         other.cipherSuite = self.cipherSuite
         other.srpUsername = self.srpUsername
-        other.sharedKeyUsername = self.sharedKeyUsername
         other.clientCertChain = self.clientCertChain
         other.serverCertChain = self.serverCertChain
+        other.tackExt = self.tackExt
+        other.tackInHelloExt = self.tackInHelloExt
+        other.serverName = self.serverName
         other.resumable = self.resumable
-        other.sharedKey = self.sharedKey
         return other
 
-    def _calcMasterSecret(self, version, premasterSecret, clientRandom,
-                         serverRandom):
-        if version == (3,0):
-            self.masterSecret = PRF_SSL(premasterSecret,
-                                concatArrays(clientRandom, serverRandom), 48)
-        elif version in ((3,1), (3,2)):
-            self.masterSecret = PRF(premasterSecret, "master secret",
-                                concatArrays(clientRandom, serverRandom), 48)
-        else:
-            raise AssertionError()
-
     def valid(self):
         """If this session can be used for session resumption.
 
         @rtype: bool
         @return: If this session can be used for session resumption.
         """
-        return self.resumable or self.sharedKey
+        return self.resumable and self.sessionID
 
     def _setResumable(self, boolean):
-        #Only let it be set if this isn't a shared key
-        if not self.sharedKey:
-            #Only let it be set to True if the sessionID is non-null
-            if (not boolean) or (boolean and self.sessionID):
-                self.resumable = boolean
+        #Only let it be set to True if the sessionID is non-null
+        if (not boolean) or (boolean and self.sessionID):
+            self.resumable = boolean
+
+    def getTackId(self):
+        if self.tackExt and self.tackExt.tack:
+            return self.tackExt.tack.getTackId()
+        else:
+            return None
+        
+    def getBreakSigs(self):
+        if self.tackExt and self.tackExt.break_sigs:
+            return self.tackExt.break_sigs
+        else:
+            return None
 
     def getCipherName(self):
         """Get the name of the cipher used with this connection.
 
         @rtype: str
         @return: The name of the cipher used with this connection.
-        Either 'aes128', 'aes256', 'rc4', or '3des'.
         """
-        if self.cipherSuite in CipherSuite.aes128Suites:
-            return "aes128"
-        elif self.cipherSuite in CipherSuite.aes256Suites:
-            return "aes256"
-        elif self.cipherSuite in CipherSuite.rc4Suites:
-            return "rc4"
-        elif self.cipherSuite in CipherSuite.tripleDESSuites:
-            return "3des"
-        else:
-            return None
+        return CipherSuite.canonicalCipherName(self.cipherSuite)
+        
+    def getMacName(self):
+        """Get the name of the HMAC hash algo used with this connection.
 
-    def _createSharedKey(self, sharedKeyUsername, sharedKey):
-        if len(sharedKeyUsername)>16:
-            raise ValueError()
-        if len(sharedKey)>47:
-            raise ValueError()
-
-        self.sharedKeyUsername = sharedKeyUsername
-
-        self.sessionID = createByteArrayZeros(16)
-        for x in range(len(sharedKeyUsername)):
-            self.sessionID[x] = ord(sharedKeyUsername[x])
-
-        premasterSecret = createByteArrayZeros(48)
-        sharedKey = chr(len(sharedKey)) + sharedKey
-        for x in range(48):
-            premasterSecret[x] = ord(sharedKey[x % len(sharedKey)])
-
-        self.masterSecret = PRF(premasterSecret, "shared secret",
-                                createByteArraySequence([]), 48)
-        self.sharedKey = True
-        return self
-
-
+        @rtype: str
+        @return: The name of the HMAC hash algo used with this connection.
+        """
+        return CipherSuite.canonicalMacName(self.cipherSuite)