tlslite.recordlayer module¶
Implementation of the TLS Record Layer protocol
- class tlslite.recordlayer.ConnectionState¶
Bases:
object
Preserve the connection state for reading and writing data to records
- __init__()¶
Create an instance with empty encryption and MACing contexts
- getSeqNumBytes()¶
Return encoded sequence number and increment it.
- class tlslite.recordlayer.RecordLayer(sock)¶
Bases:
object
Implementation of TLS record layer protocol
- Variables:
version – the TLS version to use (tuple encoded as on the wire)
sock – underlying socket
client – whether the connection should use encryption
encryptThenMAC – use the encrypt-then-MAC mechanism for record integrity
handshake_finished – used in SSL2, True if handshake protocol is over
- __init__(sock)¶
- addPadding(data)¶
Add padding to data so that it is multiple of block size
- property blockSize¶
Return the size of block used by current symmetric cipher (R/O)
- calcPendingStates(cipherSuite, masterSecret, clientRandom, serverRandom, implementations)¶
Create pending states for encryption and decryption.
- calcSSL2PendingStates(cipherSuite, masterSecret, clientRandom, serverRandom, implementations)¶
Create the keys for encryption and decryption in SSLv2
While we could reuse calcPendingStates(), we need to provide the key-arg data for the server that needs to be passed up to handshake protocol.
- calculateMAC(mac, seqnumBytes, contentType, data)¶
Calculate the SSL/TLS version of a MAC
- changeReadState()¶
Change the cipher state to the pending one for read operations.
This should be done only once after a call to
calcPendingStates()
was performed and directly after receiving aChangeCipherSpec
message.
- changeWriteState()¶
Change the cipher state to the pending one for write operations.
This should be done only once after a call to
calcPendingStates()
was performed and directly after sending aChangeCipherSpec
message.
- getCipherImplementation()¶
Return the name of the implementation used for the connection
‘python’ for tlslite internal implementation, ‘openssl’ for M2crypto and ‘pycrypto’ for pycrypto :rtype: str :returns: Name of cipher implementation used, None if not initialised
- getCipherName()¶
Return the name of the bulk cipher used by this connection
- Return type:
str
- Returns:
The name of the cipher, like ‘aes128’, ‘rc4’, etc.
- isCBCMode()¶
Returns true if cipher uses CBC mode
- recvRecord()¶
Read, decrypt and check integrity of a single record
- Return type:
tuple
- Returns:
message header and decrypted message payload
- Raises:
TLSDecryptionFailed – when decryption of data failed
TLSBadRecordMAC – when record has bad MAC or padding
socket.error – when reading from socket was unsuccessful
- sendRecord(msg)¶
Encrypt, MAC and send arbitrary message as-is through socket.
Note that if the message was not fragmented to below 2**14 bytes it will be rejected by the other connection side.
- Parameters:
msg (ApplicationData, HandshakeMessage, etc.) – TLS message to send
- shutdown()¶
Clear read and write states
- property version¶
Return the TLS version used by record layer
- class tlslite.recordlayer.RecordSocket(sock)¶
Bases:
object
Socket wrapper for reading and writing TLS Records
- __init__(sock)¶
Assign socket to wrapper
- recv()¶
Read a single record from socket, handle SSLv2 and SSLv3 record layer
- Return type:
generator
- Returns:
generator that returns 0 or 1 in case the read would be blocking or a tuple containing record header (object) and record data (bytearray) read from socket
- Raises:
socket.error – In case of network error
TLSAbruptCloseError – When the socket was closed on the other side in middle of record receiving
TLSRecordOverflow – When the received record was longer than allowed by TLS
TLSIllegalParameterException – When the record header was malformed
- send(msg, padding=0)¶
Send the message through socket.
- Parameters:
msg (bytearray) – TLS message to send
padding (int) – amount of padding to specify for SSLv2
- Raises:
socket.error – when write to socket failed