tlslite.recordlayer module

Implementation of the TLS Record Layer protocol

class tlslite.recordlayer.ConnectionState

Bases: object

Preserve the connection state for reading and writing data to records

__init__()

Create an instance with empty encryption and MACing contexts

getSeqNumBytes()

Return encoded sequence number and increment it.

class tlslite.recordlayer.RecordLayer(sock)

Bases: object

Implementation of TLS record layer protocol

Variables:
  • version – the TLS version to use (tuple encoded as on the wire)
  • sock – underlying socket
  • client – whether the connection should use encryption
  • encryptThenMAC – use the encrypt-then-MAC mechanism for record integrity
  • handshake_finished – used in SSL2, True if handshake protocol is over
__init__(sock)

Initialize self. See help(type(self)) for accurate signature.

addPadding(data)

Add padding to data so that it is multiple of block size

blockSize

Return the size of block used by current symmetric cipher (R/O)

calcPendingStates(cipherSuite, masterSecret, clientRandom, serverRandom, implementations)

Create pending states for encryption and decryption.

calcSSL2PendingStates(cipherSuite, masterSecret, clientRandom, serverRandom, implementations)

Create the keys for encryption and decryption in SSLv2

While we could reuse calcPendingStates(), we need to provide the key-arg data for the server that needs to be passed up to handshake protocol.

calculateMAC(mac, seqnumBytes, contentType, data)

Calculate the SSL/TLS version of a MAC

changeReadState()

Change the cipher state to the pending one for read operations.

This should be done only once after a call to calcPendingStates() was performed and directly after receiving a ChangeCipherSpec message.

changeWriteState()

Change the cipher state to the pending one for write operations.

This should be done only once after a call to calcPendingStates() was performed and directly after sending a ChangeCipherSpec message.

getCipherImplementation()

Return the name of the implementation used for the connection

‘python’ for tlslite internal implementation, ‘openssl’ for M2crypto and ‘pycrypto’ for pycrypto :rtype: str :returns: Name of cipher implementation used, None if not initialised

getCipherName()

Return the name of the bulk cipher used by this connection

Return type:str
Returns:The name of the cipher, like ‘aes128’, ‘rc4’, etc.
isCBCMode()

Returns true if cipher uses CBC mode

recvRecord()

Read, decrypt and check integrity of a single record

Return type:

tuple
Returns:

message header and decrypted message payload
Raises:
  • TLSDecryptionFailed – when decryption of data failed
  • TLSBadRecordMAC – when record has bad MAC or padding
  • socket.error – when reading from socket was unsuccessful
sendRecord(msg)

Encrypt, MAC and send arbitrary message as-is through socket.

Note that if the message was not fragmented to below 2**14 bytes it will be rejected by the other connection side.

Parameters:msg (ApplicationData, HandshakeMessage, etc.) – TLS message to send
shutdown()

Clear read and write states

version

Return the TLS version used by record layer

class tlslite.recordlayer.RecordSocket(sock)

Bases: object

Socket wrapper for reading and writing TLS Records

__init__(sock)

Assign socket to wrapper

recv()

Read a single record from socket, handle SSLv2 and SSLv3 record layer

Return type:

generator
Returns:

generator that returns 0 or 1 in case the read would be blocking or a tuple containing record header (object) and record data (bytearray) read from socket
Raises:
send(msg, padding=0)

Send the message through socket.

Parameters:
  • msg (bytearray) – TLS message to send
  • padding (int) – amount of padding to specify for SSLv2
Raises:

socket.error – when write to socket failed