1
2
3
4 """Class representing a TLS session."""
5
6 from .utils.compat import *
7 from .mathtls import *
8 from .constants import *
9
11 """
12 This class represents a TLS session.
13
14 TLS distinguishes between connections and sessions. A new
15 handshake creates both a connection and a session. Data is
16 transmitted over the connection.
17
18 The session contains a more permanent record of the handshake. The
19 session can be inspected to determine handshake results. The
20 session can also be used to create a new connection through
21 "session resumption". If the client and server both support this,
22 they can create a new connection based on an old session without
23 the overhead of a full handshake.
24
25 The session for a L{tlslite.TLSConnection.TLSConnection} can be
26 retrieved from the connection's 'session' attribute.
27
28 @type srpUsername: str
29 @ivar srpUsername: The client's SRP username (or None).
30
31 @type clientCertChain: L{tlslite.x509certchain.X509CertChain}
32 @ivar clientCertChain: The client's certificate chain (or None).
33
34 @type serverCertChain: L{tlslite.x509certchain.X509CertChain}
35 @ivar serverCertChain: The server's certificate chain (or None).
36
37 @type tackExt: L{tack.structures.TackExtension.TackExtension}
38 @ivar tackExt: The server's TackExtension (or None).
39
40 @type tackInHelloExt: L{bool}
41 @ivar tackInHelloExt: True if a TACK was presented via TLS Extension.
42 """
43
45 self.masterSecret = createByteArraySequence([])
46 self.sessionID = createByteArraySequence([])
47 self.cipherSuite = 0
48 self.srpUsername = None
49 self.clientCertChain = None
50 self.serverCertChain = None
51 self.tackExt = None
52 self.tackInHelloExt = False
53 self.serverName = ""
54 self.resumable = False
55
56 - def create(self, masterSecret, sessionID, cipherSuite,
57 srpUsername, clientCertChain, serverCertChain,
58 tackExt, tackInHelloExt, serverName, resumable=True):
59 self.masterSecret = masterSecret
60 self.sessionID = sessionID
61 self.cipherSuite = cipherSuite
62 self.srpUsername = srpUsername
63 self.clientCertChain = clientCertChain
64 self.serverCertChain = serverCertChain
65 self.tackExt = tackExt
66 self.tackInHelloExt = tackInHelloExt
67 self.serverName = serverName
68 self.resumable = resumable
69
71 other = Session()
72 other.masterSecret = self.masterSecret
73 other.sessionID = self.sessionID
74 other.cipherSuite = self.cipherSuite
75 other.srpUsername = self.srpUsername
76 other.clientCertChain = self.clientCertChain
77 other.serverCertChain = self.serverCertChain
78 other.tackExt = self.tackExt
79 other.tackInHelloExt = self.tackInHelloExt
80 other.serverName = self.serverName
81 other.resumable = self.resumable
82 return other
83
85 """If this session can be used for session resumption.
86
87 @rtype: bool
88 @return: If this session can be used for session resumption.
89 """
90 return self.resumable and self.sessionID
91
93
94 if (not boolean) or (boolean and self.sessionID):
95 self.resumable = boolean
96
98 if self.tackExt and self.tackExt.tack:
99 return self.tackExt.tack.getTackId()
100 else:
101 return None
102
104 if self.tackExt and self.tackExt.break_sigs:
105 return self.tackExt.break_sigs
106 else:
107 return None
108
110 """Get the name of the cipher used with this connection.
111
112 @rtype: str
113 @return: The name of the cipher used with this connection.
114 Either 'aes128', 'aes256', 'rc4', or '3des'.
115 """
116 if self.cipherSuite in CipherSuite.aes128Suites:
117 return "aes128"
118 elif self.cipherSuite in CipherSuite.aes256Suites:
119 return "aes256"
120 elif self.cipherSuite in CipherSuite.rc4Suites:
121 return "rc4"
122 elif self.cipherSuite in CipherSuite.tripleDESSuites:
123 return "3des"
124 else:
125 return None
126