Index: third_party/tlslite/tlslite/session.py |
diff --git a/third_party/tlslite/tlslite/session.py b/third_party/tlslite/tlslite/session.py |
index a951f4589429f554e5925f8bbb658a6e660e48e2..6aadf58e0541ecfb87d71c838d110bdb504f14b6 100644 |
--- a/third_party/tlslite/tlslite/session.py |
+++ b/third_party/tlslite/tlslite/session.py |
@@ -1,10 +1,16 @@ |
+# Authors: |
+# Trevor Perrin |
+# Dave Baggett (Arcode Corporation) - canonicalCipherName |
+# |
+# See the LICENSE file for legal information regarding use of this file. |
+ |
"""Class representing a TLS session.""" |
-from utils.compat import * |
-from mathtls import * |
-from constants import * |
+from .utils.compat import * |
+from .mathtls import * |
+from .constants import * |
-class Session: |
+class Session(object): |
""" |
This class represents a TLS session. |
@@ -25,29 +31,44 @@ class Session: |
@type srpUsername: str |
@ivar srpUsername: The client's SRP username (or None). |
- @type sharedKeyUsername: str |
- @ivar sharedKeyUsername: The client's shared-key username (or |
- None). |
- |
- @type clientCertChain: L{tlslite.X509CertChain.X509CertChain} or |
- L{cryptoIDlib.CertChain.CertChain} |
+ @type clientCertChain: L{tlslite.x509certchain.X509CertChain} |
@ivar clientCertChain: The client's certificate chain (or None). |
- @type serverCertChain: L{tlslite.X509CertChain.X509CertChain} or |
- L{cryptoIDlib.CertChain.CertChain} |
+ @type serverCertChain: L{tlslite.x509certchain.X509CertChain} |
@ivar serverCertChain: The server's certificate chain (or None). |
+ |
+ @type tackExt: L{tack.structures.TackExtension.TackExtension} |
+ @ivar tackExt: The server's TackExtension (or None). |
+ |
+ @type tackInHelloExt: L{bool} |
+ @ivar tackInHelloExt: True if a TACK was presented via TLS Extension. |
""" |
def __init__(self): |
- self.masterSecret = createByteArraySequence([]) |
- self.sessionID = createByteArraySequence([]) |
+ self.masterSecret = bytearray(0) |
+ self.sessionID = bytearray(0) |
self.cipherSuite = 0 |
- self.srpUsername = None |
- self.sharedKeyUsername = None |
+ self.srpUsername = "" |
self.clientCertChain = None |
self.serverCertChain = None |
+ self.tackExt = None |
+ self.tackInHelloExt = False |
+ self.serverName = "" |
self.resumable = False |
- self.sharedKey = False |
+ |
+ def create(self, masterSecret, sessionID, cipherSuite, |
+ srpUsername, clientCertChain, serverCertChain, |
+ tackExt, tackInHelloExt, serverName, resumable=True): |
+ self.masterSecret = masterSecret |
+ self.sessionID = sessionID |
+ self.cipherSuite = cipherSuite |
+ self.srpUsername = srpUsername |
+ self.clientCertChain = clientCertChain |
+ self.serverCertChain = serverCertChain |
+ self.tackExt = tackExt |
+ self.tackInHelloExt = tackInHelloExt |
+ self.serverName = serverName |
+ self.resumable = resumable |
def _clone(self): |
other = Session() |
@@ -55,77 +76,51 @@ class Session: |
other.sessionID = self.sessionID |
other.cipherSuite = self.cipherSuite |
other.srpUsername = self.srpUsername |
- other.sharedKeyUsername = self.sharedKeyUsername |
other.clientCertChain = self.clientCertChain |
other.serverCertChain = self.serverCertChain |
+ other.tackExt = self.tackExt |
+ other.tackInHelloExt = self.tackInHelloExt |
+ other.serverName = self.serverName |
other.resumable = self.resumable |
- other.sharedKey = self.sharedKey |
return other |
- def _calcMasterSecret(self, version, premasterSecret, clientRandom, |
- serverRandom): |
- if version == (3,0): |
- self.masterSecret = PRF_SSL(premasterSecret, |
- concatArrays(clientRandom, serverRandom), 48) |
- elif version in ((3,1), (3,2)): |
- self.masterSecret = PRF(premasterSecret, "master secret", |
- concatArrays(clientRandom, serverRandom), 48) |
- else: |
- raise AssertionError() |
- |
def valid(self): |
"""If this session can be used for session resumption. |
@rtype: bool |
@return: If this session can be used for session resumption. |
""" |
- return self.resumable or self.sharedKey |
+ return self.resumable and self.sessionID |
def _setResumable(self, boolean): |
- #Only let it be set if this isn't a shared key |
- if not self.sharedKey: |
- #Only let it be set to True if the sessionID is non-null |
- if (not boolean) or (boolean and self.sessionID): |
- self.resumable = boolean |
+ #Only let it be set to True if the sessionID is non-null |
+ if (not boolean) or (boolean and self.sessionID): |
+ self.resumable = boolean |
+ |
+ def getTackId(self): |
+ if self.tackExt and self.tackExt.tack: |
+ return self.tackExt.tack.getTackId() |
+ else: |
+ return None |
+ |
+ def getBreakSigs(self): |
+ if self.tackExt and self.tackExt.break_sigs: |
+ return self.tackExt.break_sigs |
+ else: |
+ return None |
def getCipherName(self): |
"""Get the name of the cipher used with this connection. |
@rtype: str |
@return: The name of the cipher used with this connection. |
- Either 'aes128', 'aes256', 'rc4', or '3des'. |
""" |
- if self.cipherSuite in CipherSuite.aes128Suites: |
- return "aes128" |
- elif self.cipherSuite in CipherSuite.aes256Suites: |
- return "aes256" |
- elif self.cipherSuite in CipherSuite.rc4Suites: |
- return "rc4" |
- elif self.cipherSuite in CipherSuite.tripleDESSuites: |
- return "3des" |
- else: |
- return None |
- |
- def _createSharedKey(self, sharedKeyUsername, sharedKey): |
- if len(sharedKeyUsername)>16: |
- raise ValueError() |
- if len(sharedKey)>47: |
- raise ValueError() |
- |
- self.sharedKeyUsername = sharedKeyUsername |
- |
- self.sessionID = createByteArrayZeros(16) |
- for x in range(len(sharedKeyUsername)): |
- self.sessionID[x] = ord(sharedKeyUsername[x]) |
- |
- premasterSecret = createByteArrayZeros(48) |
- sharedKey = chr(len(sharedKey)) + sharedKey |
- for x in range(48): |
- premasterSecret[x] = ord(sharedKey[x % len(sharedKey)]) |
- |
- self.masterSecret = PRF(premasterSecret, "shared secret", |
- createByteArraySequence([]), 48) |
- self.sharedKey = True |
- return self |
- |
+ return CipherSuite.canonicalCipherName(self.cipherSuite) |
+ |
+ def getMacName(self): |
+ """Get the name of the HMAC hash algo used with this connection. |
+ @rtype: str |
+ @return: The name of the HMAC hash algo used with this connection. |
+ """ |
+ return CipherSuite.canonicalMacName(self.cipherSuite) |