tlslite.recordlayer module

Implementation of the TLS Record Layer protocol

class tlslite.recordlayer.ConnectionState

Bases: object

Preserve the connection state for reading and writing data to records

__init__()

Create an instance with empty encryption and MACing contexts

getSeqNumBytes()

Return encoded sequence number and increment it.

class tlslite.recordlayer.RecordLayer(sock)

Bases: object

Implementation of TLS record layer protocol

Variables

  • version – the TLS version to use (tuple encoded as on the wire)

  • sock – underlying socket

  • client – whether the connection should use encryption

  • encryptThenMAC – use the encrypt-then-MAC mechanism for record integrity

  • handshake_finished – used in SSL2, True if handshake protocol is over

__init__(sock)

Initialize self. See help(type(self)) for accurate signature.

addPadding(data)

Add padding to data so that it is multiple of block size

property blockSize

Return the size of block used by current symmetric cipher (R/O)

calcPendingStates(cipherSuite, masterSecret, clientRandom, serverRandom, implementations)

Create pending states for encryption and decryption.

calcSSL2PendingStates(cipherSuite, masterSecret, clientRandom, serverRandom, implementations)

Create the keys for encryption and decryption in SSLv2

While we could reuse calcPendingStates(), we need to provide the key-arg data for the server that needs to be passed up to handshake protocol.

calculateMAC(mac, seqnumBytes, contentType, data)

Calculate the SSL/TLS version of a MAC

changeReadState()

Change the cipher state to the pending one for read operations.

This should be done only once after a call to calcPendingStates() was performed and directly after receiving a ChangeCipherSpec message.

changeWriteState()

Change the cipher state to the pending one for write operations.

This should be done only once after a call to calcPendingStates() was performed and directly after sending a ChangeCipherSpec message.

getCipherImplementation()

Return the name of the implementation used for the connection

‘python’ for tlslite internal implementation, ‘openssl’ for M2crypto and ‘pycrypto’ for pycrypto :rtype: str :returns: Name of cipher implementation used, None if not initialised

getCipherName()

Return the name of the bulk cipher used by this connection

Return type

str

Returns

The name of the cipher, like ‘aes128’, ‘rc4’, etc.

isCBCMode()

Returns true if cipher uses CBC mode

recvRecord()

Read, decrypt and check integrity of a single record

Return type

tuple

Returns

message header and decrypted message payload

Raises

  • TLSDecryptionFailed – when decryption of data failed

  • TLSBadRecordMAC – when record has bad MAC or padding

  • socket.error – when reading from socket was unsuccessful

sendRecord(msg)

Encrypt, MAC and send arbitrary message as-is through socket.

Note that if the message was not fragmented to below 2**14 bytes it will be rejected by the other connection side.

Parameters

msg (ApplicationData, HandshakeMessage, etc.) – TLS message to send

shutdown()

Clear read and write states

property version

Return the TLS version used by record layer

class tlslite.recordlayer.RecordSocket(sock)

Bases: object

Socket wrapper for reading and writing TLS Records

__init__(sock)

Assign socket to wrapper

recv()

Read a single record from socket, handle SSLv2 and SSLv3 record layer

Return type

generator

Returns

generator that returns 0 or 1 in case the read would be blocking or a tuple containing record header (object) and record data (bytearray) read from socket

Raises
send(msg, padding=0)

Send the message through socket.

Parameters

  • msg (bytearray) – TLS message to send

  • padding (int) – amount of padding to specify for SSLv2

Raises

socket.error – when write to socket failed