Package tlslite :: Module keyexchange :: Class KeyExchange
[hide private]
[frames] | no frames]

type KeyExchange

source code

Known Subclasses:

Common API for calculating Premaster secret

NOT stable, will get moved from this file

Instance Methods [hide private]
 
__init__(self, cipherSuite, clientHello, serverHello, privateKey)
Initialize KeyExchange.
source code
 
makeClientKeyExchange(self)
Create a ClientKeyExchange object
source code
 
makeServerKeyExchange(self, sigHash=None)
Create a ServerKeyExchange object
source code
 
processClientKeyExchange(self, clientKeyExchange)
Process ClientKeyExchange and return premaster secret
source code
 
processServerKeyExchange(self, srvPublicKey, serverKeyExchange)
Process the server KEX and return premaster secret
source code
 
signServerKeyExchange(self, serverKeyExchange, sigHash=None)
Sign a server key best matching supported algorithms
source code
Static Methods [hide private]
 
calcVerifyBytes(version, handshakeHashes, signatureAlg, premasterSecret, clientRandom, serverRandom)
Calculate signed bytes for Certificate Verify
source code
 
makeCertificateVerify(version, handshakeHashes, validSigAlgs, privateKey, certificateRequest, premasterSecret, clientRandom, serverRandom)
Create a Certificate Verify message
source code
 
verifyServerKeyExchange(serverKeyExchange, publicKey, clientRandom, serverRandom, validSigAlgs)
Verify signature on the Server Key Exchange message
source code
Method Details [hide private]

__init__(self, cipherSuite, clientHello, serverHello, privateKey)
(Constructor)

source code 

Initialize KeyExchange. privateKey is the signing private key

Overrides: object.__init__

makeCertificateVerify(version, handshakeHashes, validSigAlgs, privateKey, certificateRequest, premasterSecret, clientRandom, serverRandom)
Static Method

source code 

Create a Certificate Verify message

Parameters:
  • version - protocol version in use
  • handshakeHashes - the running hash of all handshake messages
  • validSigAlgs - acceptable signature algorithms for client side, applicable only to TLSv1.2 (or later)
  • certificateRequest - the server provided Certificate Request message
  • premasterSecret - the premaster secret, needed only for SSLv3
  • clientRandom - client provided random value, needed only for SSLv3
  • serverRandom - server provided random value, needed only for SSLv3

makeClientKeyExchange(self)

source code 

Create a ClientKeyExchange object

Returns a ClientKeyExchange for the second flight from client in the handshake.

makeServerKeyExchange(self, sigHash=None)

source code 

Create a ServerKeyExchange object

Returns a ServerKeyExchange object for the server's initial leg in the handshake. If the key exchange method does not send ServerKeyExchange (e.g. RSA), it returns None.

processClientKeyExchange(self, clientKeyExchange)

source code 

Process ClientKeyExchange and return premaster secret

Processes the client's ClientKeyExchange message and returns the premaster secret. Raises TLSLocalAlert on error.

signServerKeyExchange(self, serverKeyExchange, sigHash=None)

source code 

Sign a server key best matching supported algorithms

Parameters:
  • sigHash (str) - name of the hash used for signing

verifyServerKeyExchange(serverKeyExchange, publicKey, clientRandom, serverRandom, validSigAlgs)
Static Method

source code 

Verify signature on the Server Key Exchange message

the only acceptable signature algorithms are specified by validSigAlgs