Session.py - This is a Python class representing a TLS (Tra…

/gdata/tlslite/Session.py

http://radioappz.googlecode.com/ · Python · 131 lines · 101 code · 8 blank · 22 comment · 8 complexity · 9ec7230f0342c0de6bb977fbeeef8d16 MD5 · raw file


"""Class representing a TLS session."""

from utils.compat import *
from mathtls import *
from constants import *

class Session:
    """
    This class represents a TLS session.

    TLS distinguishes between connections and sessions.  A new
    handshake creates both a connection and a session.  Data is
    transmitted over the connection.

    The session contains a more permanent record of the handshake.  The
    session can be inspected to determine handshake results.  The
    session can also be used to create a new connection through
    "session resumption". If the client and server both support this,
    they can create a new connection based on an old session without
    the overhead of a full handshake.

    The session for a L{tlslite.TLSConnection.TLSConnection} can be
    retrieved from the connection's 'session' attribute.

    @type srpUsername: str
    @ivar srpUsername: The client's SRP username (or None).

    @type sharedKeyUsername: str
    @ivar sharedKeyUsername: The client's shared-key username (or
    None).

    @type clientCertChain: L{tlslite.X509CertChain.X509CertChain} or
    L{cryptoIDlib.CertChain.CertChain}
    @ivar clientCertChain: The client's certificate chain (or None).

    @type serverCertChain: L{tlslite.X509CertChain.X509CertChain} or
    L{cryptoIDlib.CertChain.CertChain}
    @ivar serverCertChain: The server's certificate chain (or None).
    """

    def __init__(self):
        self.masterSecret = createByteArraySequence([])
        self.sessionID = createByteArraySequence([])
        self.cipherSuite = 0
        self.srpUsername = None
        self.sharedKeyUsername = None
        self.clientCertChain = None
        self.serverCertChain = None
        self.resumable = False
        self.sharedKey = False

    def _clone(self):
        other = Session()
        other.masterSecret = self.masterSecret
        other.sessionID = self.sessionID
        other.cipherSuite = self.cipherSuite
        other.srpUsername = self.srpUsername
        other.sharedKeyUsername = self.sharedKeyUsername
        other.clientCertChain = self.clientCertChain
        other.serverCertChain = self.serverCertChain
        other.resumable = self.resumable
        other.sharedKey = self.sharedKey
        return other

    def _calcMasterSecret(self, version, premasterSecret, clientRandom,
                         serverRandom):
        if version == (3,0):
            self.masterSecret = PRF_SSL(premasterSecret,
                                concatArrays(clientRandom, serverRandom), 48)
        elif version in ((3,1), (3,2)):
            self.masterSecret = PRF(premasterSecret, "master secret",
                                concatArrays(clientRandom, serverRandom), 48)
        else:
            raise AssertionError()

    def valid(self):
        """If this session can be used for session resumption.

        @rtype: bool
        @return: If this session can be used for session resumption.
        """
        return self.resumable or self.sharedKey

    def _setResumable(self, boolean):
        #Only let it be set if this isn't a shared key
        if not self.sharedKey:
            #Only let it be set to True if the sessionID is non-null
            if (not boolean) or (boolean and self.sessionID):
                self.resumable = boolean

    def getCipherName(self):
        """Get the name of the cipher used with this connection.

        @rtype: str
        @return: The name of the cipher used with this connection.
        Either 'aes128', 'aes256', 'rc4', or '3des'.
        """
        if self.cipherSuite in CipherSuite.aes128Suites:
            return "aes128"
        elif self.cipherSuite in CipherSuite.aes256Suites:
            return "aes256"
        elif self.cipherSuite in CipherSuite.rc4Suites:
            return "rc4"
        elif self.cipherSuite in CipherSuite.tripleDESSuites:
            return "3des"
        else:
            return None

    def _createSharedKey(self, sharedKeyUsername, sharedKey):
        if len(sharedKeyUsername)>16:
            raise ValueError()
        if len(sharedKey)>47:
            raise ValueError()

        self.sharedKeyUsername = sharedKeyUsername

        self.sessionID = createByteArrayZeros(16)
        for x in range(len(sharedKeyUsername)):
            self.sessionID[x] = ord(sharedKeyUsername[x])

        premasterSecret = createByteArrayZeros(48)
        sharedKey = chr(len(sharedKey)) + sharedKey
        for x in range(48):
            premasterSecret[x] = ord(sharedKey[x % len(sharedKey)])

        self.masterSecret = PRF(premasterSecret, "shared secret",
                                createByteArraySequence([]), 48)
        self.sharedKey = True
        return self

Summary ✨

This is a Python class representing a TLS (Transport Layer Security) session. It encapsulates information about the handshake, such as the master secret, session ID, and cipher suite used in the connection. The class provides methods to calculate the master secret, check if the session can be reused for session resumption, and retrieve the cipher name used in the connection.

Tech Fingerprint

Standard Library: Math

Alerts (4)

'import *' Avoid to prevent namespace pollution; import specific names or use aliases
3 4 5
Complexity hotspot; line 88 (total complexity: 3)
88