tlslite.keyexchange module¶
Handling of cryptographic operations for key exchange
- class tlslite.keyexchange.ADHKeyExchange(cipherSuite, clientHello, serverHello, dhParams=None, dhGroups=None)¶
Bases:
KeyExchange
Handling of anonymous Diffie-Hellman Key exchange
FFDHE without signing serverKeyExchange useful for anonymous DH
- __init__(cipherSuite, clientHello, serverHello, dhParams=None, dhGroups=None)¶
Initialize KeyExchange. privateKey is the signing private key
- makeClientKeyExchange()¶
Create client key share for the key exchange
- makeServerKeyExchange()¶
Prepare server side of anonymous key exchange with selected parameters
- processClientKeyExchange(clientKeyExchange)¶
Use client provided parameters to establish premaster secret
- processServerKeyExchange(srvPublicKey, serverKeyExchange)¶
Process the server key exchange, return premaster secret.
- class tlslite.keyexchange.AECDHKeyExchange(cipherSuite, clientHello, serverHello, acceptedCurves, defaultCurve=23)¶
Bases:
KeyExchange
Handling of anonymous Eliptic curve Diffie-Hellman Key exchange
ECDHE without signing serverKeyExchange useful for anonymous ECDH
- __init__(cipherSuite, clientHello, serverHello, acceptedCurves, defaultCurve=23)¶
Initialize KeyExchange. privateKey is the signing private key
- makeClientKeyExchange()¶
Make client key exchange for ECDHE
- makeServerKeyExchange(sigHash=None)¶
Create AECDHE version of Server Key Exchange
- processClientKeyExchange(clientKeyExchange)¶
Calculate premaster secret from previously generated SKE and CKE
- processServerKeyExchange(srvPublicKey, serverKeyExchange)¶
Process the server key exchange, return premaster secret
- class tlslite.keyexchange.AuthenticatedKeyExchange(cipherSuite, clientHello, serverHello, privateKey=None)¶
Bases:
KeyExchange
Common methods for key exchanges that authenticate Server Key Exchange
Methods for signing Server Key Exchange message
- makeServerKeyExchange(sigHash=None)¶
Prepare server side of key exchange with selected parameters
- class tlslite.keyexchange.DHE_RSAKeyExchange(cipherSuite, clientHello, serverHello, privateKey, dhParams=None, dhGroups=None)¶
Bases:
AuthenticatedKeyExchange
,ADHKeyExchange
Handling of authenticated ephemeral Diffe-Hellman Key exchange.
- __init__(cipherSuite, clientHello, serverHello, privateKey, dhParams=None, dhGroups=None)¶
Create helper object for Diffie-Hellamn key exchange.
- Parameters:
dhParams (2-element tuple of int) – Diffie-Hellman parameters that will be used by server. First element of the tuple is the generator, the second is the prime. If not specified it will use a secure set (currently a 2048-bit safe prime).
- class tlslite.keyexchange.ECDHE_RSAKeyExchange(cipherSuite, clientHello, serverHello, privateKey, acceptedCurves, defaultCurve=23)¶
Bases:
AuthenticatedKeyExchange
,AECDHKeyExchange
Helper class for conducting ECDHE key exchange
- __init__(cipherSuite, clientHello, serverHello, privateKey, acceptedCurves, defaultCurve=23)¶
Initialize KeyExchange. privateKey is the signing private key
- class tlslite.keyexchange.KeyExchange(cipherSuite, clientHello, serverHello, privateKey=None)¶
Bases:
object
Common API for calculating Premaster secret
NOT stable, will get moved from this file
- __init__(cipherSuite, clientHello, serverHello, privateKey=None)¶
Initialize KeyExchange. privateKey is the signing private key
- static calcVerifyBytes(version, handshakeHashes, signatureAlg, premasterSecret, clientRandom, serverRandom)¶
Calculate signed bytes for Certificate Verify
- static makeCertificateVerify(version, handshakeHashes, validSigAlgs, privateKey, certificateRequest, premasterSecret, clientRandom, serverRandom)¶
Create a Certificate Verify message
- Parameters:
version – protocol version in use
handshakeHashes – the running hash of all handshake messages
validSigAlgs – acceptable signature algorithms for client side, applicable only to TLSv1.2 (or later)
certificateRequest – the server provided Certificate Request message
premasterSecret – the premaster secret, needed only for SSLv3
clientRandom – client provided random value, needed only for SSLv3
serverRandom – server provided random value, needed only for SSLv3
- makeClientKeyExchange()¶
Create a ClientKeyExchange object
Returns a ClientKeyExchange for the second flight from client in the handshake.
- makeServerKeyExchange(sigHash=None)¶
Create a ServerKeyExchange object
Returns a ServerKeyExchange object for the server’s initial leg in the handshake. If the key exchange method does not send ServerKeyExchange (e.g. RSA), it returns None.
- processClientKeyExchange(clientKeyExchange)¶
Process ClientKeyExchange and return premaster secret
Processes the client’s ClientKeyExchange message and returns the premaster secret. Raises TLSLocalAlert on error.
- processServerKeyExchange(srvPublicKey, serverKeyExchange)¶
Process the server KEX and return premaster secret
- signServerKeyExchange(serverKeyExchange, sigHash=None)¶
Sign a server key exchange using default or specified algorithm
- Parameters:
sigHash (str) – name of the signature hash to be used for signing
- static verifyServerKeyExchange(serverKeyExchange, publicKey, clientRandom, serverRandom, validSigAlgs)¶
Verify signature on the Server Key Exchange message
the only acceptable signature algorithms are specified by validSigAlgs
- class tlslite.keyexchange.RSAKeyExchange(cipherSuite, clientHello, serverHello, privateKey)¶
Bases:
KeyExchange
Handling of RSA key exchange
NOT stable API, do NOT use
- __init__(cipherSuite, clientHello, serverHello, privateKey)¶
Initialize KeyExchange. privateKey is the signing private key
- makeClientKeyExchange()¶
Return a client key exchange with clients key share
- makeServerKeyExchange(sigHash=None)¶
Don’t create a server key exchange for RSA key exchange
- processClientKeyExchange(clientKeyExchange)¶
Decrypt client key exchange, return premaster secret
- processServerKeyExchange(srvPublicKey, serverKeyExchange)¶
Generate premaster secret for server
- class tlslite.keyexchange.SRPKeyExchange(cipherSuite, clientHello, serverHello, privateKey, verifierDB, srpUsername=None, password=None, settings=None)¶
Bases:
KeyExchange
Helper class for conducting SRP key exchange
- __init__(cipherSuite, clientHello, serverHello, privateKey, verifierDB, srpUsername=None, password=None, settings=None)¶
Link Key Exchange options with verifierDB for SRP
- makeClientKeyExchange()¶
Create ClientKeyExchange
- makeServerKeyExchange(sigHash=None)¶
Create SRP version of Server Key Exchange
- processClientKeyExchange(clientKeyExchange)¶
Calculate premaster secret from Client Key Exchange and sent SKE
- processServerKeyExchange(srvPublicKey, serverKeyExchange)¶
Calculate premaster secret from ServerKeyExchange