tlslite.keyexchange module
Handling of cryptographic operations for key exchange
- class tlslite.keyexchange.ADHKeyExchange(cipherSuite, clientHello, serverHello, dhParams=None, dhGroups=None)[source]
Bases:
KeyExchange
Handling of anonymous Diffie-Hellman Key exchange
FFDHE without signing serverKeyExchange useful for anonymous DH
- __init__(cipherSuite, clientHello, serverHello, dhParams=None, dhGroups=None)[source]
Initialize KeyExchange. privateKey is the signing private key
- makeServerKeyExchange()[source]
Prepare server side of anonymous key exchange with selected parameters
- class tlslite.keyexchange.AECDHKeyExchange(cipherSuite, clientHello, serverHello, acceptedCurves, defaultCurve=23)[source]
Bases:
KeyExchange
Handling of anonymous Eliptic curve Diffie-Hellman Key exchange
ECDHE without signing serverKeyExchange useful for anonymous ECDH
- __init__(cipherSuite, clientHello, serverHello, acceptedCurves, defaultCurve=23)[source]
Initialize KeyExchange. privateKey is the signing private key
- class tlslite.keyexchange.AuthenticatedKeyExchange(cipherSuite, clientHello, serverHello, privateKey=None)[source]
Bases:
KeyExchange
Common methods for key exchanges that authenticate Server Key Exchange
Methods for signing Server Key Exchange message
- class tlslite.keyexchange.DHE_RSAKeyExchange(cipherSuite, clientHello, serverHello, privateKey, dhParams=None, dhGroups=None)[source]
Bases:
AuthenticatedKeyExchange
,ADHKeyExchange
Handling of authenticated ephemeral Diffe-Hellman Key exchange.
- __init__(cipherSuite, clientHello, serverHello, privateKey, dhParams=None, dhGroups=None)[source]
Create helper object for Diffie-Hellamn key exchange.
- Parameters:
dhParams (2-element tuple of int) – Diffie-Hellman parameters that will be used by server. First element of the tuple is the generator, the second is the prime. If not specified it will use a secure set (currently a 2048-bit safe prime).
- class tlslite.keyexchange.ECDHE_RSAKeyExchange(cipherSuite, clientHello, serverHello, privateKey, acceptedCurves, defaultCurve=23)[source]
Bases:
AuthenticatedKeyExchange
,AECDHKeyExchange
Helper class for conducting ECDHE key exchange
- class tlslite.keyexchange.ECDHKeyExchange(group, version)[source]
Bases:
RawDHKeyExchange
Implementation of the Elliptic Curve Diffie-Hellman key exchange.
- __init__(group, version)[source]
Set the parameters of the key exchange
Sets group on which the KEX will take part and protocol version used.
Calculate the shared key,
- class tlslite.keyexchange.FFDHKeyExchange(group, version, generator=None, prime=None)[source]
Bases:
RawDHKeyExchange
Implemenation of the Finite Field Diffie-Hellman key exchange.
- __init__(group, version, generator=None, prime=None)[source]
Set the parameters of the key exchange
Sets group on which the KEX will take part and protocol version used.
- calc_public_value(private)[source]
Calculate the public value for given private value.
- Return type:
Calculate the shared key.
- class tlslite.keyexchange.KeyExchange(cipherSuite, clientHello, serverHello, privateKey=None)[source]
Bases:
object
Common API for calculating Premaster secret
NOT stable, will get moved from this file
- __init__(cipherSuite, clientHello, serverHello, privateKey=None)[source]
Initialize KeyExchange. privateKey is the signing private key
- static calcVerifyBytes(version, handshakeHashes, signatureAlg, premasterSecret, clientRandom, serverRandom, prf_name=None, peer_tag=b'client', key_type='rsa')[source]
Calculate signed bytes for Certificate Verify
- static makeCertificateVerify(version, handshakeHashes, validSigAlgs, privateKey, certificateRequest, premasterSecret, clientRandom, serverRandom)[source]
Create a Certificate Verify message
- Parameters:
version – protocol version in use
handshakeHashes – the running hash of all handshake messages
validSigAlgs – acceptable signature algorithms for client side, applicable only to TLSv1.2 (or later)
certificateRequest – the server provided Certificate Request message
premasterSecret – the premaster secret, needed only for SSLv3
clientRandom – client provided random value, needed only for SSLv3
serverRandom – server provided random value, needed only for SSLv3
- makeClientKeyExchange()[source]
Create a ClientKeyExchange object
Returns a ClientKeyExchange for the second flight from client in the handshake.
- makeServerKeyExchange(sigHash=None)[source]
Create a ServerKeyExchange object
Returns a ServerKeyExchange object for the server’s initial leg in the handshake. If the key exchange method does not send ServerKeyExchange (e.g. RSA), it returns None.
- processClientKeyExchange(clientKeyExchange)[source]
Process ClientKeyExchange and return premaster secret
Processes the client’s ClientKeyExchange message and returns the premaster secret. Raises TLSLocalAlert on error.
- processServerKeyExchange(srvPublicKey, serverKeyExchange)[source]
Process the server KEX and return premaster secret
- class tlslite.keyexchange.RSAKeyExchange(cipherSuite, clientHello, serverHello, privateKey)[source]
Bases:
KeyExchange
Handling of RSA key exchange
NOT stable API, do NOT use
- __init__(cipherSuite, clientHello, serverHello, privateKey)[source]
Initialize KeyExchange. privateKey is the signing private key
- makeServerKeyExchange(sigHash=None)[source]
Don’t create a server key exchange for RSA key exchange
- class tlslite.keyexchange.RawDHKeyExchange(group, version)[source]
Bases:
object
Abstract class for performing Diffe-Hellman key exchange.
Provides a shared API for X25519, ECDHE and FFDHE key exchange.
- __init__(group, version)[source]
Set the parameters of the key exchange
Sets group on which the KEX will take part and protocol version used.
Calcualte the shared key given our private and remote share value
- class tlslite.keyexchange.SRPKeyExchange(cipherSuite, clientHello, serverHello, privateKey, verifierDB, srpUsername=None, password=None, settings=None)[source]
Bases:
KeyExchange
Helper class for conducting SRP key exchange
- __init__(cipherSuite, clientHello, serverHello, privateKey, verifierDB, srpUsername=None, password=None, settings=None)[source]
Link Key Exchange options with verifierDB for SRP