tlslite.keyexchange module¶
Handling of cryptographic operations for key exchange
-
class
tlslite.keyexchange.
ADHKeyExchange
(cipherSuite, clientHello, serverHello, dhParams=None, dhGroups=None)¶ Bases:
tlslite.keyexchange.KeyExchange
Handling of anonymous Diffie-Hellman Key exchange
FFDHE without signing serverKeyExchange useful for anonymous DH
-
__init__
(cipherSuite, clientHello, serverHello, dhParams=None, dhGroups=None)¶ Initialize KeyExchange. privateKey is the signing private key
-
makeClientKeyExchange
()¶ Create client key share for the key exchange
-
makeServerKeyExchange
()¶ Prepare server side of anonymous key exchange with selected parameters
-
processClientKeyExchange
(clientKeyExchange)¶ Use client provided parameters to establish premaster secret
-
processServerKeyExchange
(srvPublicKey, serverKeyExchange)¶ Process the server key exchange, return premaster secret.
-
-
class
tlslite.keyexchange.
AECDHKeyExchange
(cipherSuite, clientHello, serverHello, acceptedCurves, defaultCurve=23)¶ Bases:
tlslite.keyexchange.KeyExchange
Handling of anonymous Eliptic curve Diffie-Hellman Key exchange
ECDHE without signing serverKeyExchange useful for anonymous ECDH
-
__init__
(cipherSuite, clientHello, serverHello, acceptedCurves, defaultCurve=23)¶ Initialize KeyExchange. privateKey is the signing private key
-
makeClientKeyExchange
()¶ Make client key exchange for ECDHE
-
makeServerKeyExchange
(sigHash=None)¶ Create AECDHE version of Server Key Exchange
-
processClientKeyExchange
(clientKeyExchange)¶ Calculate premaster secret from previously generated SKE and CKE
-
processServerKeyExchange
(srvPublicKey, serverKeyExchange)¶ Process the server key exchange, return premaster secret
-
-
class
tlslite.keyexchange.
AuthenticatedKeyExchange
(cipherSuite, clientHello, serverHello, privateKey=None)¶ Bases:
tlslite.keyexchange.KeyExchange
Common methods for key exchanges that authenticate Server Key Exchange
Methods for signing Server Key Exchange message
-
makeServerKeyExchange
(sigHash=None)¶ Prepare server side of key exchange with selected parameters
-
-
class
tlslite.keyexchange.
DHE_RSAKeyExchange
(cipherSuite, clientHello, serverHello, privateKey, dhParams=None, dhGroups=None)¶ Bases:
tlslite.keyexchange.AuthenticatedKeyExchange
,tlslite.keyexchange.ADHKeyExchange
Handling of authenticated ephemeral Diffe-Hellman Key exchange.
-
__init__
(cipherSuite, clientHello, serverHello, privateKey, dhParams=None, dhGroups=None)¶ Create helper object for Diffie-Hellamn key exchange.
Parameters: dhParams (2-element tuple of int) – Diffie-Hellman parameters that will be used by server. First element of the tuple is the generator, the second is the prime. If not specified it will use a secure set (currently a 2048-bit safe prime).
-
-
class
tlslite.keyexchange.
ECDHE_RSAKeyExchange
(cipherSuite, clientHello, serverHello, privateKey, acceptedCurves, defaultCurve=23)¶ Bases:
tlslite.keyexchange.AuthenticatedKeyExchange
,tlslite.keyexchange.AECDHKeyExchange
Helper class for conducting ECDHE key exchange
-
__init__
(cipherSuite, clientHello, serverHello, privateKey, acceptedCurves, defaultCurve=23)¶ Initialize KeyExchange. privateKey is the signing private key
-
-
class
tlslite.keyexchange.
KeyExchange
(cipherSuite, clientHello, serverHello, privateKey=None)¶ Bases:
object
Common API for calculating Premaster secret
NOT stable, will get moved from this file
-
__init__
(cipherSuite, clientHello, serverHello, privateKey=None)¶ Initialize KeyExchange. privateKey is the signing private key
-
static
calcVerifyBytes
(version, handshakeHashes, signatureAlg, premasterSecret, clientRandom, serverRandom)¶ Calculate signed bytes for Certificate Verify
-
static
makeCertificateVerify
(version, handshakeHashes, validSigAlgs, privateKey, certificateRequest, premasterSecret, clientRandom, serverRandom)¶ Create a Certificate Verify message
Parameters: - version – protocol version in use
- handshakeHashes – the running hash of all handshake messages
- validSigAlgs – acceptable signature algorithms for client side, applicable only to TLSv1.2 (or later)
- certificateRequest – the server provided Certificate Request message
- premasterSecret – the premaster secret, needed only for SSLv3
- clientRandom – client provided random value, needed only for SSLv3
- serverRandom – server provided random value, needed only for SSLv3
-
makeClientKeyExchange
()¶ Create a ClientKeyExchange object
Returns a ClientKeyExchange for the second flight from client in the handshake.
-
makeServerKeyExchange
(sigHash=None)¶ Create a ServerKeyExchange object
Returns a ServerKeyExchange object for the server’s initial leg in the handshake. If the key exchange method does not send ServerKeyExchange (e.g. RSA), it returns None.
-
processClientKeyExchange
(clientKeyExchange)¶ Process ClientKeyExchange and return premaster secret
Processes the client’s ClientKeyExchange message and returns the premaster secret. Raises TLSLocalAlert on error.
-
processServerKeyExchange
(srvPublicKey, serverKeyExchange)¶ Process the server KEX and return premaster secret
-
signServerKeyExchange
(serverKeyExchange, sigHash=None)¶ Sign a server key exchange using default or specified algorithm
Parameters: sigHash (str) – name of the signature hash to be used for signing
-
static
verifyServerKeyExchange
(serverKeyExchange, publicKey, clientRandom, serverRandom, validSigAlgs)¶ Verify signature on the Server Key Exchange message
the only acceptable signature algorithms are specified by validSigAlgs
-
-
class
tlslite.keyexchange.
RSAKeyExchange
(cipherSuite, clientHello, serverHello, privateKey)¶ Bases:
tlslite.keyexchange.KeyExchange
Handling of RSA key exchange
NOT stable API, do NOT use
-
__init__
(cipherSuite, clientHello, serverHello, privateKey)¶ Initialize KeyExchange. privateKey is the signing private key
-
makeClientKeyExchange
()¶ Return a client key exchange with clients key share
-
makeServerKeyExchange
(sigHash=None)¶ Don’t create a server key exchange for RSA key exchange
-
processClientKeyExchange
(clientKeyExchange)¶ Decrypt client key exchange, return premaster secret
-
processServerKeyExchange
(srvPublicKey, serverKeyExchange)¶ Generate premaster secret for server
-
-
class
tlslite.keyexchange.
SRPKeyExchange
(cipherSuite, clientHello, serverHello, privateKey, verifierDB, srpUsername=None, password=None, settings=None)¶ Bases:
tlslite.keyexchange.KeyExchange
Helper class for conducting SRP key exchange
-
__init__
(cipherSuite, clientHello, serverHello, privateKey, verifierDB, srpUsername=None, password=None, settings=None)¶ Link Key Exchange options with verifierDB for SRP
-
makeClientKeyExchange
()¶ Create ClientKeyExchange
-
makeServerKeyExchange
(sigHash=None)¶ Create SRP version of Server Key Exchange
-
processClientKeyExchange
(clientKeyExchange)¶ Calculate premaster secret from Client Key Exchange and sent SKE
-
processServerKeyExchange
(srvPublicKey, serverKeyExchange)¶ Calculate premaster secret from ServerKeyExchange
-