1
2
3
4
5
6
7 """Class representing a TLS session."""
8
9 from .utils.compat import *
10 from .mathtls import *
11 from .constants import *
12
14 """
15 This class represents a TLS session.
16
17 TLS distinguishes between connections and sessions. A new
18 handshake creates both a connection and a session. Data is
19 transmitted over the connection.
20
21 The session contains a more permanent record of the handshake. The
22 session can be inspected to determine handshake results. The
23 session can also be used to create a new connection through
24 "session resumption". If the client and server both support this,
25 they can create a new connection based on an old session without
26 the overhead of a full handshake.
27
28 The session for a L{tlslite.TLSConnection.TLSConnection} can be
29 retrieved from the connection's 'session' attribute.
30
31 @type srpUsername: str
32 @ivar srpUsername: The client's SRP username (or None).
33
34 @type clientCertChain: L{tlslite.x509certchain.X509CertChain}
35 @ivar clientCertChain: The client's certificate chain (or None).
36
37 @type serverCertChain: L{tlslite.x509certchain.X509CertChain}
38 @ivar serverCertChain: The server's certificate chain (or None).
39
40 @type tackExt: L{tack.structures.TackExtension.TackExtension}
41 @ivar tackExt: The server's TackExtension (or None).
42
43 @type tackInHelloExt: L{bool}
44 @ivar tackInHelloExt:True if a TACK was presented via TLS Extension.
45
46 @type encryptThenMAC: bool
47 @ivar encryptThenMAC: True if connection uses CBC cipher in
48 encrypt-then-MAC mode
49
50 @type appProto: bytearray
51 @ivar appProto: name of the negotiated application level protocol, None
52 if not negotiated
53 """
54
56 self.masterSecret = bytearray(0)
57 self.sessionID = bytearray(0)
58 self.cipherSuite = 0
59 self.srpUsername = ""
60 self.clientCertChain = None
61 self.serverCertChain = None
62 self.tackExt = None
63 self.tackInHelloExt = False
64 self.serverName = ""
65 self.resumable = False
66 self.encryptThenMAC = False
67 self.extendedMasterSecret = False
68 self.appProto = bytearray(0)
69
70 - def create(self, masterSecret, sessionID, cipherSuite,
71 srpUsername, clientCertChain, serverCertChain,
72 tackExt, tackInHelloExt, serverName, resumable=True,
73 encryptThenMAC=False, extendedMasterSecret=False,
74 appProto=bytearray(0)):
75 self.masterSecret = masterSecret
76 self.sessionID = sessionID
77 self.cipherSuite = cipherSuite
78 self.srpUsername = srpUsername
79 self.clientCertChain = clientCertChain
80 self.serverCertChain = serverCertChain
81 self.tackExt = tackExt
82 self.tackInHelloExt = tackInHelloExt
83 self.serverName = serverName
84 self.resumable = resumable
85 self.encryptThenMAC = encryptThenMAC
86 self.extendedMasterSecret = extendedMasterSecret
87 self.appProto = appProto
88
90 other = Session()
91 other.masterSecret = self.masterSecret
92 other.sessionID = self.sessionID
93 other.cipherSuite = self.cipherSuite
94 other.srpUsername = self.srpUsername
95 other.clientCertChain = self.clientCertChain
96 other.serverCertChain = self.serverCertChain
97 other.tackExt = self.tackExt
98 other.tackInHelloExt = self.tackInHelloExt
99 other.serverName = self.serverName
100 other.resumable = self.resumable
101 other.encryptThenMAC = self.encryptThenMAC
102 other.extendedMasterSecret = self.extendedMasterSecret
103 other.appProto = self.appProto
104 return other
105
107 """If this session can be used for session resumption.
108
109 @rtype: bool
110 @return: If this session can be used for session resumption.
111 """
112 return self.resumable and self.sessionID
113
115
116 if (not boolean) or (boolean and self.sessionID):
117 self.resumable = boolean
118
124
126 if self.tackExt and self.tackExt.break_sigs:
127 return self.tackExt.break_sigs
128 else:
129 return None
130
132 """Get the name of the cipher used with this connection.
133
134 @rtype: str
135 @return: The name of the cipher used with this connection.
136 """
137 return CipherSuite.canonicalCipherName(self.cipherSuite)
138
140 """Get the name of the HMAC hash algo used with this connection.
141
142 @rtype: str
143 @return: The name of the HMAC hash algo used with this connection.
144 """
145 return CipherSuite.canonicalMacName(self.cipherSuite)
146