1 """Class representing a TLS session."""
3 from utils.compat import *
5 from constants import *
9 This class represents a TLS session.
11 TLS distinguishes between connections and sessions. A new
12 handshake creates both a connection and a session. Data is
13 transmitted over the connection.
15 The session contains a more permanent record of the handshake. The
16 session can be inspected to determine handshake results. The
17 session can also be used to create a new connection through
18 "session resumption". If the client and server both support this,
19 they can create a new connection based on an old session without
20 the overhead of a full handshake.
22 The session for a L{tlslite.TLSConnection.TLSConnection} can be
23 retrieved from the connection's 'session' attribute.
25 @type srpUsername: str
26 @ivar srpUsername: The client's SRP username (or None).
28 @type sharedKeyUsername: str
29 @ivar sharedKeyUsername: The client's shared-key username (or
32 @type clientCertChain: L{tlslite.X509CertChain.X509CertChain} or
33 L{cryptoIDlib.CertChain.CertChain}
34 @ivar clientCertChain: The client's certificate chain (or None).
36 @type serverCertChain: L{tlslite.X509CertChain.X509CertChain} or
37 L{cryptoIDlib.CertChain.CertChain}
38 @ivar serverCertChain: The server's certificate chain (or None).
42 self.masterSecret = createByteArraySequence([])
43 self.sessionID = createByteArraySequence([])
45 self.srpUsername = None
46 self.sharedKeyUsername = None
47 self.clientCertChain = None
48 self.serverCertChain = None
49 self.resumable = False
50 self.sharedKey = False
54 other.masterSecret = self.masterSecret
55 other.sessionID = self.sessionID
56 other.cipherSuite = self.cipherSuite
57 other.srpUsername = self.srpUsername
58 other.sharedKeyUsername = self.sharedKeyUsername
59 other.clientCertChain = self.clientCertChain
60 other.serverCertChain = self.serverCertChain
61 other.resumable = self.resumable
62 other.sharedKey = self.sharedKey
65 def _calcMasterSecret(self, version, premasterSecret, clientRandom,
68 self.masterSecret = PRF_SSL(premasterSecret,
69 concatArrays(clientRandom, serverRandom), 48)
70 elif version in ((3,1), (3,2)):
71 self.masterSecret = PRF(premasterSecret, "master secret",
72 concatArrays(clientRandom, serverRandom), 48)
74 raise AssertionError()
77 """If this session can be used for session resumption.
80 @return: If this session can be used for session resumption.
82 return self.resumable or self.sharedKey
84 def _setResumable(self, boolean):
85 #Only let it be set if this isn't a shared key
86 if not self.sharedKey:
87 #Only let it be set to True if the sessionID is non-null
88 if (not boolean) or (boolean and self.sessionID):
89 self.resumable = boolean
91 def getCipherName(self):
92 """Get the name of the cipher used with this connection.
95 @return: The name of the cipher used with this connection.
96 Either 'aes128', 'aes256', 'rc4', or '3des'.
98 if self.cipherSuite in CipherSuite.aes128Suites:
100 elif self.cipherSuite in CipherSuite.aes256Suites:
102 elif self.cipherSuite in CipherSuite.rc4Suites:
104 elif self.cipherSuite in CipherSuite.tripleDESSuites:
109 def _createSharedKey(self, sharedKeyUsername, sharedKey):
110 if len(sharedKeyUsername)>16:
112 if len(sharedKey)>47:
115 self.sharedKeyUsername = sharedKeyUsername
117 self.sessionID = createByteArrayZeros(16)
118 for x in range(len(sharedKeyUsername)):
119 self.sessionID[x] = ord(sharedKeyUsername[x])
121 premasterSecret = createByteArrayZeros(48)
122 sharedKey = chr(len(sharedKey)) + sharedKey
124 premasterSecret[x] = ord(sharedKey[x % len(sharedKey)])
126 self.masterSecret = PRF(premasterSecret, "shared secret",
127 createByteArraySequence([]), 48)
128 self.sharedKey = True