tlslite.recordlayer module¶
Implementation of the TLS Record Layer protocol
-
class
tlslite.recordlayer.
ConnectionState
¶ Bases:
object
Preserve the connection state for reading and writing data to records
-
__init__
()¶ Create an instance with empty encryption and MACing contexts
-
getSeqNumBytes
()¶ Return encoded sequence number and increment it.
-
-
class
tlslite.recordlayer.
RecordLayer
(sock)¶ Bases:
object
Implementation of TLS record layer protocol
Variables: - version – the TLS version to use (tuple encoded as on the wire)
- sock – underlying socket
- client – whether the connection should use encryption
- encryptThenMAC – use the encrypt-then-MAC mechanism for record integrity
- handshake_finished – used in SSL2, True if handshake protocol is over
-
__init__
(sock)¶ Initialize self. See help(type(self)) for accurate signature.
-
addPadding
(data)¶ Add padding to data so that it is multiple of block size
-
blockSize
¶ Return the size of block used by current symmetric cipher (R/O)
-
calcPendingStates
(cipherSuite, masterSecret, clientRandom, serverRandom, implementations)¶ Create pending states for encryption and decryption.
-
calcSSL2PendingStates
(cipherSuite, masterSecret, clientRandom, serverRandom, implementations)¶ Create the keys for encryption and decryption in SSLv2
While we could reuse calcPendingStates(), we need to provide the key-arg data for the server that needs to be passed up to handshake protocol.
-
calculateMAC
(mac, seqnumBytes, contentType, data)¶ Calculate the SSL/TLS version of a MAC
-
changeReadState
()¶ Change the cipher state to the pending one for read operations.
This should be done only once after a call to
calcPendingStates()
was performed and directly after receiving aChangeCipherSpec
message.
-
changeWriteState
()¶ Change the cipher state to the pending one for write operations.
This should be done only once after a call to
calcPendingStates()
was performed and directly after sending aChangeCipherSpec
message.
-
getCipherImplementation
()¶ Return the name of the implementation used for the connection
‘python’ for tlslite internal implementation, ‘openssl’ for M2crypto and ‘pycrypto’ for pycrypto :rtype: str :returns: Name of cipher implementation used, None if not initialised
-
getCipherName
()¶ Return the name of the bulk cipher used by this connection
Return type: str Returns: The name of the cipher, like ‘aes128’, ‘rc4’, etc.
-
isCBCMode
()¶ Returns true if cipher uses CBC mode
-
recvRecord
()¶ Read, decrypt and check integrity of a single record
Return type: tuple
Returns: message header and decrypted message payload
Raises: - TLSDecryptionFailed – when decryption of data failed
- TLSBadRecordMAC – when record has bad MAC or padding
- socket.error – when reading from socket was unsuccessful
-
sendRecord
(msg)¶ Encrypt, MAC and send arbitrary message as-is through socket.
Note that if the message was not fragmented to below 2**14 bytes it will be rejected by the other connection side.
Parameters: msg (ApplicationData, HandshakeMessage, etc.) – TLS message to send
-
shutdown
()¶ Clear read and write states
-
version
¶ Return the TLS version used by record layer
-
class
tlslite.recordlayer.
RecordSocket
(sock)¶ Bases:
object
Socket wrapper for reading and writing TLS Records
-
__init__
(sock)¶ Assign socket to wrapper
-
recv
()¶ Read a single record from socket, handle SSLv2 and SSLv3 record layer
Return type: generator
Returns: generator that returns 0 or 1 in case the read would be blocking or a tuple containing record header (object) and record data (bytearray) read from socket
Raises: - socket.error – In case of network error
- TLSAbruptCloseError – When the socket was closed on the other side in middle of record receiving
- TLSRecordOverflow – When the received record was longer than allowed by TLS
- TLSIllegalParameterException – When the record header was malformed
-
send
(msg, padding=0)¶ Send the message through socket.
Parameters: - msg (bytearray) – TLS message to send
- padding (int) – amount of padding to specify for SSLv2
Raises: socket.error – when write to socket failed
-