Session.py | searchcode

/gdata/tlslite/Session.py

http://radioappz.googlecode.com/
Python | 131 lines | 118 code | 2 blank | 11 comment | 0 complexity | 9ec7230f0342c0de6bb977fbeeef8d16 MD5 | raw file
  1"""Class representing a TLS session."""
  2
  3from utils.compat import *
  4from mathtls import *
  5from constants import *
  6
  7class Session:
  8    """
  9    This class represents a TLS session.
 10
 11    TLS distinguishes between connections and sessions.  A new
 12    handshake creates both a connection and a session.  Data is
 13    transmitted over the connection.
 14
 15    The session contains a more permanent record of the handshake.  The
 16    session can be inspected to determine handshake results.  The
 17    session can also be used to create a new connection through
 18    "session resumption". If the client and server both support this,
 19    they can create a new connection based on an old session without
 20    the overhead of a full handshake.
 21
 22    The session for a L{tlslite.TLSConnection.TLSConnection} can be
 23    retrieved from the connection's 'session' attribute.
 24
 25    @type srpUsername: str
 26    @ivar srpUsername: The client's SRP username (or None).
 27
 28    @type sharedKeyUsername: str
 29    @ivar sharedKeyUsername: The client's shared-key username (or
 30    None).
 31
 32    @type clientCertChain: L{tlslite.X509CertChain.X509CertChain} or
 33    L{cryptoIDlib.CertChain.CertChain}
 34    @ivar clientCertChain: The client's certificate chain (or None).
 35
 36    @type serverCertChain: L{tlslite.X509CertChain.X509CertChain} or
 37    L{cryptoIDlib.CertChain.CertChain}
 38    @ivar serverCertChain: The server's certificate chain (or None).
 39    """
 40
 41    def __init__(self):
 42        self.masterSecret = createByteArraySequence([])
 43        self.sessionID = createByteArraySequence([])
 44        self.cipherSuite = 0
 45        self.srpUsername = None
 46        self.sharedKeyUsername = None
 47        self.clientCertChain = None
 48        self.serverCertChain = None
 49        self.resumable = False
 50        self.sharedKey = False
 51
 52    def _clone(self):
 53        other = Session()
 54        other.masterSecret = self.masterSecret
 55        other.sessionID = self.sessionID
 56        other.cipherSuite = self.cipherSuite
 57        other.srpUsername = self.srpUsername
 58        other.sharedKeyUsername = self.sharedKeyUsername
 59        other.clientCertChain = self.clientCertChain
 60        other.serverCertChain = self.serverCertChain
 61        other.resumable = self.resumable
 62        other.sharedKey = self.sharedKey
 63        return other
 64
 65    def _calcMasterSecret(self, version, premasterSecret, clientRandom,
 66                         serverRandom):
 67        if version == (3,0):
 68            self.masterSecret = PRF_SSL(premasterSecret,
 69                                concatArrays(clientRandom, serverRandom), 48)
 70        elif version in ((3,1), (3,2)):
 71            self.masterSecret = PRF(premasterSecret, "master secret",
 72                                concatArrays(clientRandom, serverRandom), 48)
 73        else:
 74            raise AssertionError()
 75
 76    def valid(self):
 77        """If this session can be used for session resumption.
 78
 79        @rtype: bool
 80        @return: If this session can be used for session resumption.
 81        """
 82        return self.resumable or self.sharedKey
 83
 84    def _setResumable(self, boolean):
 85        #Only let it be set if this isn't a shared key
 86        if not self.sharedKey:
 87            #Only let it be set to True if the sessionID is non-null
 88            if (not boolean) or (boolean and self.sessionID):
 89                self.resumable = boolean
 90
 91    def getCipherName(self):
 92        """Get the name of the cipher used with this connection.
 93
 94        @rtype: str
 95        @return: The name of the cipher used with this connection.
 96        Either 'aes128', 'aes256', 'rc4', or '3des'.
 97        """
 98        if self.cipherSuite in CipherSuite.aes128Suites:
 99            return "aes128"
100        elif self.cipherSuite in CipherSuite.aes256Suites:
101            return "aes256"
102        elif self.cipherSuite in CipherSuite.rc4Suites:
103            return "rc4"
104        elif self.cipherSuite in CipherSuite.tripleDESSuites:
105            return "3des"
106        else:
107            return None
108
109    def _createSharedKey(self, sharedKeyUsername, sharedKey):
110        if len(sharedKeyUsername)>16:
111            raise ValueError()
112        if len(sharedKey)>47:
113            raise ValueError()
114
115        self.sharedKeyUsername = sharedKeyUsername
116
117        self.sessionID = createByteArrayZeros(16)
118        for x in range(len(sharedKeyUsername)):
119            self.sessionID[x] = ord(sharedKeyUsername[x])
120
121        premasterSecret = createByteArrayZeros(48)
122        sharedKey = chr(len(sharedKey)) + sharedKey
123        for x in range(48):
124            premasterSecret[x] = ord(sharedKey[x % len(sharedKey)])
125
126        self.masterSecret = PRF(premasterSecret, "shared secret",
127                                createByteArraySequence([]), 48)
128        self.sharedKey = True
129        return self
130
131