tlslite.messages module¶
Classes representing TLS messages.
-
class
tlslite.messages.
Alert
¶ Bases:
object
-
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
__repr__
()¶ Return repr(self).
-
__str__
()¶ Return str(self).
-
create
(description, level=2)¶
-
descriptionName
¶
-
levelName
¶
-
parse
(p)¶
-
write
()¶
-
-
class
tlslite.messages.
ApplicationData
¶ Bases:
object
-
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
create
(bytes)¶
-
parse
(p)¶
-
splitFirstByte
()¶
-
write
()¶
-
-
class
tlslite.messages.
Certificate
(certificateType)¶ Bases:
tlslite.messages.HandshakeMsg
-
__init__
(certificateType)¶ Initialize self. See help(type(self)) for accurate signature.
-
create
(certChain)¶
-
parse
(p)¶
-
write
()¶
-
-
class
tlslite.messages.
CertificateRequest
(version)¶ Bases:
tlslite.messages.HandshakeMsg
-
__init__
(version)¶ Initialize self. See help(type(self)) for accurate signature.
-
create
(certificate_types, certificate_authorities, sig_algs=())¶
-
parse
(p)¶
-
write
()¶
-
-
class
tlslite.messages.
CertificateStatus
¶ Bases:
tlslite.messages.HandshakeMsg
Handling of the CertificateStatus message from RFC 6066.
Handling of the handshake protocol message that includes the OCSP staple.
Variables: - status_type (int) – type of response returned
- ocsp (bytearray) – OCSPResponse from RFC 2560
-
__init__
()¶ Create the objet, set its type.
-
create
(status_type, ocsp)¶ Set up message payload.
-
parse
(parser)¶ Deserialise the message from one the wire data.
-
write
()¶ Serialise the message.
-
class
tlslite.messages.
CertificateVerify
(version)¶ Bases:
tlslite.messages.HandshakeMsg
Serializer for TLS handshake protocol Certificate Verify message.
-
__init__
(version)¶ Create message.
Parameters: version – TLS protocol version in use
-
create
(signature, signatureAlgorithm=None)¶ Provide data for serialisation of message.
Parameters: - signature – signature carried in the message
- signatureAlgorithm – signature algorithm used to make the signature (TLSv1.2 only)
-
parse
(parser)¶ Deserialize message from parser.
Parameters: parser – parser with data to read
-
write
()¶ Serialize the data to bytearray.
Return type: bytearray
-
-
class
tlslite.messages.
ChangeCipherSpec
¶ Bases:
object
-
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
create
()¶
-
parse
(p)¶
-
write
()¶
-
-
class
tlslite.messages.
ClientFinished
¶ Bases:
tlslite.messages.SSL2Finished
Handling of SSLv2 CLIENT-FINISHED message.
Variables: verify_data (bytearray) – payload of the message, should be the CONNECTION-ID -
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
-
class
tlslite.messages.
ClientHello
(ssl2=False)¶ Bases:
tlslite.messages.HelloMessage
Class for handling the ClientHello SSLv2/SSLv3/TLS message.
Variables: - certificate_types (list) – list of supported certificate types (deprecated)
- srp_username (bytearray) – name of the user in SRP extension (deprecated)
- supports_npn (boolean) – NPN extension presence (deprecated)
- tack (boolean) – TACK extension presence (deprecated)
- server_name (bytearray) – first host_name (type 0) present in SNI extension (deprecated)
- extensions (list of
TLSExtension
) – list of TLS extensions parsed from wire or to send, seeTLSExtension
and child classes for exact examples
-
__init__
(ssl2=False)¶ Initialize object.
-
__repr__
()¶ Return machine readable representation of Client Hello.
Return type: str
-
__str__
()¶ Return human readable representation of Client Hello.
Return type: str
-
certificate_types
¶ Return the list of certificate types supported.
Deprecated since version 0.5: use extensions field to get the extension for inspection
-
create
(version, random, session_id, cipher_suites, certificate_types=None, srpUsername=None, tack=False, supports_npn=None, serverName=None, extensions=None)¶ Create a ClientHello message for sending.
Parameters: - version (tuple) – the highest supported TLS version encoded as two int tuple
- random (bytearray) – client provided random value, in old versions of TLS (before 1.2) the first 32 bits should include system time, also used as the “challenge” field in SSLv2
- session_id (bytearray) – ID of session, set when doing session resumption
- cipher_suites (list) – list of ciphersuites advertised as supported
- certificate_types (list) – list of supported certificate types, uses TLS extension for signalling, as such requires TLS1.0 to work
- srpUsername (bytearray) – utf-8 encoded username for SRP, TLS extension
- tack (boolean) – whatever to advertise support for TACK, TLS extension
- supports_npn (boolean) – whatever to advertise support for NPN, TLS extension
- serverName (bytearray) – the hostname to request in server name indication
extension, TLS extension. Note that SNI allows to set multiple
hostnames and values that are not hostnames, use
SNIExtension
together withextensions
to use it. - extensions (list of
TLSExtension
) – list of extensions to advertise
-
parse
(p)¶ Deserialise object from on the wire data.
-
server_name
¶ Return first host_name present in SNI extension.
Deprecated since version 0.5: use extensions field to get the extension for inspection
Return type: bytearray
-
srp_username
¶ Return username for the SRP.
Deprecated since version 0.5: use extensions field to get the extension for inspection
-
supports_npn
¶ Return whether client supports NPN extension.
Deprecated since version 0.5: use extensions field to get the extension for inspection
Return type: boolean
-
tack
¶ Return whether the client supports TACK.
Deprecated since version 0.5: use extensions field to get the extension for inspection
Return type: boolean
-
write
()¶ Serialise object to on the wire data.
-
class
tlslite.messages.
ClientKeyExchange
(cipherSuite, version=None)¶ Bases:
tlslite.messages.HandshakeMsg
Handling of TLS Handshake protocol ClientKeyExchange message.
Variables: - cipherSuite (int) – the cipher suite id used for the connection
- version (tuple(int, int)) – TLS protocol version used for the connection
- srp_A (int) – SRP protocol client answer value
- dh_Yc (int) – client Finite Field Diffie-Hellman protocol key share
- ecdh_Yc (bytearray) – encoded curve coordinates
- encryptedPreMasterSecret (bytearray) – client selected PremMaster secret encrypted with server public key (from certificate)
-
__init__
(cipherSuite, version=None)¶ Initialise ClientKeyExchange for reading or writing.
Parameters: - cipherSuite (int) – id of the ciphersuite selected by server
- version (tuple(int, int)) – protocol version selected by server
-
createDH
(dh_Yc)¶ Set the client FFDH key share.
returns self
Return type: ClientKeyExchange
-
createECDH
(ecdh_Yc)¶ Set the client ECDH key share.
returns self
Return type: ClientKeyExchange
-
createRSA
(encryptedPreMasterSecret)¶ Set the encrypted PreMaster Secret.
returns self
Return type: ClientKeyExchange
-
createSRP
(srp_A)¶ Set the SRP client answer.
returns self
Parameters: srp_A (int) – client SRP answer Return type: ClientKeyExchange
-
parse
(parser)¶ Deserialise the message from
Parser
,returns self
Return type: ClientKeyExchange
-
write
()¶ Serialise the object.
Return type: bytearray
-
class
tlslite.messages.
ClientMasterKey
¶ Bases:
tlslite.messages.HandshakeMsg
Handling of SSLv2 CLIENT-MASTER-KEY message.
Variables: - cipher (int) – negotiated cipher
- clear_key (bytearray) – the part of master secret key that is sent in clear for export cipher suites
- encrypted_key (bytearray) – (part of) master secret encrypted using server key
- key_argument (bytearray) – additional key argument for block ciphers
-
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
create
(cipher, clear_key, encrypted_key, key_argument)¶ Set values of the CLIENT-MASTER-KEY object.
-
parse
(parser)¶ Deserialise object from on the wire data.
-
write
()¶ Serialise the object to on the wire data.
-
class
tlslite.messages.
Finished
(version)¶ Bases:
tlslite.messages.HandshakeMsg
-
__init__
(version)¶ Initialize self. See help(type(self)) for accurate signature.
-
create
(verify_data)¶
-
parse
(p)¶
-
write
()¶
-
-
class
tlslite.messages.
HandshakeMsg
(handshakeType)¶ Bases:
object
-
__init__
(handshakeType)¶ Initialize self. See help(type(self)) for accurate signature.
-
postWrite
(w)¶
-
-
class
tlslite.messages.
HelloMessage
(*args, **kwargs)¶ Bases:
tlslite.messages.HandshakeMsg
Class for sharing code between
ClientHello
andServerHello
.-
__init__
(*args, **kwargs)¶ Initialize object.
-
addExtension
(ext)¶ Add extension to internal list of extensions.
Parameters: ext (TLSExtension) – extension object to add to list
-
getExtension
(extType)¶ Return extension of given type if present, None otherwise.
Return type: TLSExtension Raises: TLSInternalError – when there are multiple extensions of the same type
-
-
class
tlslite.messages.
Message
(contentType, data)¶ Bases:
object
Generic TLS message.
-
__init__
(contentType, data)¶ Initialize object with specified contentType and data.
Parameters: - contentType (int) – TLS record layer content type of associated data
- data (bytearray) – data
-
write
()¶ Return serialised object data.
-
-
class
tlslite.messages.
NextProtocol
¶ Bases:
tlslite.messages.HandshakeMsg
-
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
create
(next_proto)¶
-
parse
(p)¶
-
write
(trial=False)¶
-
-
class
tlslite.messages.
RecordHeader
(ssl2)¶ Bases:
object
Generic interface to SSLv2 and SSLv3 (and later) record headers.
-
__init__
(ssl2)¶ Define instance variables.
-
-
class
tlslite.messages.
RecordHeader2
¶ Bases:
tlslite.messages.RecordHeader
SSLv2 record header.
Variables: - padding (int) – number of bytes added at end of message to make it multiple of block cipher size
- securityEscape (boolean) – whether the record contains a security escape message
-
__init__
()¶ Define a SSLv2 style class.
-
create
(length, padding=0, securityEscape=False)¶ Set object’s values.
-
parse
(parser)¶ Deserialise object from Parser.
-
write
()¶ Serialise object to bytearray.
-
class
tlslite.messages.
RecordHeader3
¶ Bases:
tlslite.messages.RecordHeader
SSLv3 (and later) TLS record header.
-
__init__
()¶ Define a SSLv3 style class.
-
__repr__
()¶ Return repr(self).
-
__str__
()¶ Return str(self).
-
create
(version, type, length)¶ Set object values for writing (serialisation).
-
parse
(parser)¶ Deserialise object from Parser.
-
typeName
¶
-
write
()¶ Serialise object to bytearray.
-
-
class
tlslite.messages.
SSL2Finished
(msg_type)¶ Bases:
tlslite.messages.HandshakeMsg
Handling of the SSL2 FINISHED messages.
-
__init__
(msg_type)¶ Initialize self. See help(type(self)) for accurate signature.
-
create
(verify_data)¶ Set the message payload.
-
parse
(parser)¶ Deserialise the message from on the wire data.
-
write
()¶ Serialise the message to on the wire data.
-
-
class
tlslite.messages.
ServerFinished
¶ Bases:
tlslite.messages.SSL2Finished
Handling of SSLv2 SERVER-FINISHED message.
Variables: verify_data (bytearray) – payload of the message, should be SESSION-ID -
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
-
class
tlslite.messages.
ServerHello
¶ Bases:
tlslite.messages.HelloMessage
Handling of Server Hello messages.
Variables: - server_version (tuple) – protocol version encoded as two int tuple
- random (bytearray) – server random value
- session_id (bytearray) – session identifier for resumption
- cipher_suite (int) – server selected cipher_suite
- compression_method (int) – server selected compression method
- next_protos (list of bytearray) – list of advertised protocols in NPN extension
- next_protos_advertised (list of bytearray) – list of protocols advertised in NPN extension
- certificate_type (int) – certificate type selected by server
- extensions (list) – list of TLS extensions present in server_hello message,
see
TLSExtension
and child classes for exact examples
-
__init__
()¶ Initialise ServerHello object.
-
__repr__
()¶ Return repr(self).
-
__str__
()¶ Return str(self).
-
certificate_type
¶ Return the certificate type selected by server.
Return type: int
-
create
(version, random, session_id, cipher_suite, certificate_type=None, tackExt=None, next_protos_advertised=None, extensions=None)¶ Initialize the object for deserialisation.
-
next_protos
¶ Return the advertised protocols in NPN extension.
Return type: list of bytearrays
-
next_protos_advertised
¶ Return the advertised protocols in NPN extension.
Return type: list of bytearrays
-
parse
(p)¶
-
tackExt
¶ Return the TACK extension.
-
write
()¶
-
class
tlslite.messages.
ServerHello2
¶ Bases:
tlslite.messages.HandshakeMsg
SERVER-HELLO message from SSLv2.
Variables: - session_id_hit (int) – non zero if the client provided session ID was matched in server’s session cache
- certificate_type (int) – type of certificate sent
- server_version (tuple of ints) – protocol version selected by server
- certificate (bytearray) – certificate sent by server
- ciphers (array of int) – list of ciphers supported by server
- session_id (bytearray) – idendifier of negotiated session
-
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
create
(session_id_hit, certificate_type, server_version, certificate, ciphers, session_id)¶ Initialize fields of the SERVER-HELLO message.
-
parse
(parser)¶ Deserialise object from on the wire data.
-
write
()¶ Serialise object to on the wire data.
-
class
tlslite.messages.
ServerHelloDone
¶ Bases:
tlslite.messages.HandshakeMsg
-
__init__
()¶ Initialize self. See help(type(self)) for accurate signature.
-
__repr__
()¶ Human readable representation of object.
-
create
()¶
-
parse
(p)¶
-
write
()¶
-
-
class
tlslite.messages.
ServerKeyExchange
(cipherSuite, version)¶ Bases:
tlslite.messages.HandshakeMsg
Handling TLS Handshake protocol Server Key Exchange messages.
Variables: - cipherSuite (int) – id of ciphersuite selected in Server Hello message
- srp_N (int) – SRP protocol prime
- srp_N_len (int) – length of srp_N in bytes
- srp_g (int) – SRP protocol generator
- srp_g_len (int) – length of srp_g in bytes
- srp_s (bytearray) – SRP protocol salt value
- srp_B (int) – SRP protocol server public value
- srp_B_len (int) – length of srp_B in bytes
- dh_p (int) – FFDHE protocol prime
- dh_p_len (int) – length of dh_p in bytes
- dh_g (int) – FFDHE protocol generator
- dh_g_len (int) – length of dh_g in bytes
- dh_Ys (int) – FFDH protocol server key share
- dh_Ys_len (int) – length of dh_Ys in bytes
- curve_type (int) – Type of curve used (explicit, named, etc.)
- named_curve (int) – TLS ID of named curve
- ecdh_Ys (bytearray) – ECDH protocol encoded point key share
- signature (bytearray) – signature performed over the parameters by server
- hashAlg (int) – id of hash algorithm used for signature
- signAlg (int) – id of signature algorithm used for signature
-
__init__
(cipherSuite, version)¶ Initialise Server Key Exchange for reading or writing.
Parameters: cipherSuite (int) – id of ciphersuite selected by server
-
__repr__
()¶ Return repr(self).
-
createDH
(dh_p, dh_g, dh_Ys)¶ Set FFDH protocol parameters.
-
createECDH
(curve_type, named_curve=None, point=None)¶ Set ECDH protocol parameters.
-
createSRP
(srp_N, srp_g, srp_s, srp_B)¶ Set SRP protocol parameters.
-
hash
(clientRandom, serverRandom)¶ Calculate hash of parameters to sign.
Return type: bytearray
-
parse
(parser)¶ Deserialise message from
Parser
.Parameters: parser (Parser) – parser to read data from
-
write
()¶ Serialise complete message.
Return type: bytearray
-
writeParams
()¶ Serialise the key exchange parameters.
Return type: bytearray