tlslite-0.3.8/0000700000175000017500000000000011551723571012203 5ustar clintclinttlslite-0.3.8/make_release.py0000700000175000017500000000361610206510264015170 0ustar clintclint #When run on (my) windows box, this builds and cleans everything in #preparation for a release. import os import sys #Replace version strings if len(sys.argv)>1: oldVersion = sys.argv[1] newVersion = sys.argv[2] query = raw_input("Replace %s with %s?: " % (oldVersion, newVersion)) if query == "y": #First, scan through and make sure the replacement is possible for filename in ("setup.py", "tlslite\\__init__.py", "scripts\\tls.py", "scripts\\tlsdb.py"): s = open(filename, "rU").read() x = s.count(oldVersion) if filename.endswith("__init__.py"): if x != 2: print "Error, old version appears in %s %s times" % (filename, x) sys.exit() else: if x != 1: print "Error, old version appears in %s %s times" % (filename, x) sys.exit() #Then perform it for filename in ("setup.py", "tlslite\\__init__.py", "scripts\\tls.py", "scripts\\tlsdb.py"): os.system("copy %s .." % filename) #save a backup copy in case something goes awry s = open(filename, "r").read() f = open(filename, "w") f.write(s.replace(oldVersion, newVersion)) f.close() #Make windows installers os.system("del installers\*.exe") #Python 2.3 os.system("rmdir build /s /q") os.system("python23 setup.py bdist_wininst -o") os.system("copy dist\* installers") #Python 2.4 os.system("rmdir build /s /q") os.system("python24 setup.py bdist_wininst -o") os.system("copy dist\* installers") #Make documentation os.system("python23 c:\\devtools\\python23\\scripts\\epydoc.py --html -o docs tlslite") #Delete excess files os.system("del tlslite\\*.pyc") os.system("del tlslite\\utils\\*.pyc") os.system("del tlslite\\integration\\*.pyc") os.system("rmdir build /s /q") os.system("rmdir dist /s /q") tlslite-0.3.8/scripts/0000700000175000017500000000000010206516247013666 5ustar clintclinttlslite-0.3.8/scripts/tlsdb.py0000700000175000017500000001133110206510313015336 0ustar clintclint#! python import sys import os import socket import thread import math try: import cryptoIDlib cryptoIDlibLoaded = True except: cryptoIDlibLoaded = False if __name__ != "__main__": raise "This must be run as a command, not used as a module!" from tlslite.api import * if len(sys.argv) == 1 or (len(sys.argv)==2 and sys.argv[1].lower().endswith("help")): print "" print "Version: 0.3.8" print "" print "RNG: %s" % prngName print "" print "Modules:" if cryptlibpyLoaded: print " cryptlib_py : Loaded" else: print " cryptlib_py : Not Loaded" if m2cryptoLoaded: print " M2Crypto : Loaded" else: print " M2Crypto : Not Loaded" if pycryptoLoaded: print " pycrypto : Loaded" else: print " pycrypto : Not Loaded" if gmpyLoaded: print " GMPY : Loaded" else: print " GMPY : Not Loaded" if cryptoIDlibLoaded: print " cryptoIDlib : Loaded" else: print " cryptoIDlib : Not Loaded" print "" print "Commands:" print "" print " createsrp " print " createsharedkey " print "" print " add []" print " del " print " check []" print " list " sys.exit() cmd = sys.argv[1].lower() class Args: def __init__(self, argv): self.argv = argv def get(self, index): if len(self.argv)<=index: raise SyntaxError("Not enough arguments") return self.argv[index] def getLast(self, index): if len(self.argv)>index+1: raise SyntaxError("Too many arguments") return self.get(index) args = Args(sys.argv) def reformatDocString(s): lines = s.splitlines() newLines = [] for line in lines: newLines.append(" " + line.strip()) return "\n".join(newLines) try: if cmd == "help": command = args.getLast(2).lower() if command == "valid": print "" else: print "Bad command: '%s'" % command elif cmd == "createsrp": dbName = args.get(2) db = VerifierDB(dbName) db.create() elif cmd == "createsharedkey": dbName = args.getLast(2) db = SharedKeyDB(dbName) db.create() elif cmd == "add": dbName = args.get(2) username = args.get(3) password = args.get(4) try: db = VerifierDB(dbName) db.open() if username in db: print "User already in database!" sys.exit() bits = int(args.getLast(5)) N, g, salt, verifier = VerifierDB.makeVerifier(username, password, bits) db[username] = N, g, salt, verifier except ValueError: db = SharedKeyDB(dbName) db.open() if username in db: print "User already in database!" sys.exit() args.getLast(4) db[username] = password elif cmd == "del": dbName = args.get(2) username = args.getLast(3) try: db = VerifierDB(dbName) db.open() except ValueError: db = SharedKeyDB(dbName) db.open() del(db[username]) elif cmd == "check": dbName = args.get(2) username = args.get(3) if len(sys.argv)>=5: password = args.getLast(4) else: password = None try: db = VerifierDB(dbName) db.open() except ValueError: db = SharedKeyDB(dbName) db.open() try: db[username] print "Username exists" if password: if db.check(username, password): print "Password is correct" else: print "Password is wrong" except KeyError: print "Username does not exist" sys.exit() elif cmd == "list": dbName = args.get(2) try: db = VerifierDB(dbName) db.open() except ValueError: db = SharedKeyDB(dbName) db.open() if isinstance(db, VerifierDB): print "Verifier Database" def numBits(n): if n==0: return 0 return int(math.floor(math.log(n, 2))+1) for username in db.keys(): N, g, s, v = db[username] print numBits(N), username else: print "Shared Key Database" for username in db.keys(): print username else: print "Bad command: '%s'" % cmd except: raise tlslite-0.3.8/scripts/tls.py0000700000175000017500000011227210206543132015043 0ustar clintclint#! python import sys import os import os.path import socket import thread import time import httplib import BaseHTTPServer import SimpleHTTPServer try: from cryptoIDlib.api import * cryptoIDlibLoaded = True except: cryptoIDlibLoaded = False if __name__ != "__main__": raise "This must be run as a command, not used as a module!" #import tlslite #from tlslite.constants import AlertDescription, Fault #from tlslite.utils.jython_compat import formatExceptionTrace #from tlslite.X509 import X509, X509CertChain from tlslite.api import * def parsePrivateKey(s): try: return parsePEMKey(s, private=True) except Exception, e: print e return parseXMLKey(s, private=True) def clientTest(address, dir): #Split address into hostname/port tuple address = address.split(":") if len(address)==1: address.append("4443") address = ( address[0], int(address[1]) ) def connect(): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if hasattr(sock, 'settimeout'): #It's a python 2.3 feature sock.settimeout(5) sock.connect(address) c = TLSConnection(sock) return c test = 0 badFault = False print "Test 1 - good shared key" connection = connect() connection.handshakeClientSharedKey("shared", "key") connection.close() connection.sock.close() print "Test 2 - shared key faults" for fault in Fault.clientSharedKeyFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeClientSharedKey("shared", "key") print " Good Fault %s" % (Fault.faultNames[fault]) except TLSFaultError, e: print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) badFault = True connection.sock.close() print "Test 3 - good SRP" connection = connect() connection.handshakeClientSRP("test", "password") connection.close() print "Test 4 - SRP faults" for fault in Fault.clientSrpFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeClientSRP("test", "password") print " Good Fault %s" % (Fault.faultNames[fault]) except TLSFaultError, e: print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) badFault = True connection.sock.close() print "Test 5 - good SRP: unknown_srp_username idiom" def srpCallback(): return ("test", "password") connection = connect() connection.handshakeClientUnknown(srpCallback=srpCallback) connection.close() connection.sock.close() print "Test 6 - good SRP: with X.509 certificate" connection = connect() connection.handshakeClientSRP("test", "password") assert(isinstance(connection.session.serverCertChain, X509CertChain)) connection.close() connection.sock.close() print "Test 7 - X.509 with SRP faults" for fault in Fault.clientSrpFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeClientSRP("test", "password") print " Good Fault %s" % (Fault.faultNames[fault]) except TLSFaultError, e: print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) badFault = True connection.sock.close() if cryptoIDlibLoaded: print "Test 8 - good SRP: with cryptoID certificate chain" connection = connect() connection.handshakeClientSRP("test", "password") assert(isinstance(connection.session.serverCertChain, CertChain)) if not (connection.session.serverCertChain.validate()): print connection.session.serverCertChain.validate(listProblems=True) connection.close() connection.sock.close() print "Test 9 - CryptoID with SRP faults" for fault in Fault.clientSrpFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeClientSRP("test", "password") print " Good Fault %s" % (Fault.faultNames[fault]) except TLSFaultError, e: print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) badFault = True connection.sock.close() print "Test 10 - good X509" connection = connect() connection.handshakeClientCert() assert(isinstance(connection.session.serverCertChain, X509CertChain)) connection.close() connection.sock.close() print "Test 10.a - good X509, SSLv3" connection = connect() settings = HandshakeSettings() settings.minVersion = (3,0) settings.maxVersion = (3,0) connection.handshakeClientCert(settings=settings) assert(isinstance(connection.session.serverCertChain, X509CertChain)) connection.close() connection.sock.close() print "Test 11 - X.509 faults" for fault in Fault.clientNoAuthFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeClientCert() print " Good Fault %s" % (Fault.faultNames[fault]) except TLSFaultError, e: print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) badFault = True connection.sock.close() if cryptoIDlibLoaded: print "Test 12 - good cryptoID" connection = connect() connection.handshakeClientCert() assert(isinstance(connection.session.serverCertChain, CertChain)) assert(connection.session.serverCertChain.validate()) connection.close() connection.sock.close() print "Test 13 - cryptoID faults" for fault in Fault.clientNoAuthFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeClientCert() print " Good Fault %s" % (Fault.faultNames[fault]) except TLSFaultError, e: print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) badFault = True connection.sock.close() print "Test 14 - good mutual X509" x509Cert = X509().parse(open(os.path.join(dir, "clientX509Cert.pem")).read()) x509Chain = X509CertChain([x509Cert]) s = open(os.path.join(dir, "clientX509Key.pem")).read() x509Key = parsePEMKey(s, private=True) connection = connect() connection.handshakeClientCert(x509Chain, x509Key) assert(isinstance(connection.session.serverCertChain, X509CertChain)) connection.close() connection.sock.close() print "Test 14.a - good mutual X509, SSLv3" connection = connect() settings = HandshakeSettings() settings.minVersion = (3,0) settings.maxVersion = (3,0) connection.handshakeClientCert(x509Chain, x509Key, settings=settings) assert(isinstance(connection.session.serverCertChain, X509CertChain)) connection.close() connection.sock.close() print "Test 15 - mutual X.509 faults" for fault in Fault.clientCertFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeClientCert(x509Chain, x509Key) print " Good Fault %s" % (Fault.faultNames[fault]) except TLSFaultError, e: print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) badFault = True connection.sock.close() if cryptoIDlibLoaded: print "Test 16 - good mutual cryptoID" cryptoIDChain = CertChain().parse(open(os.path.join(dir, "serverCryptoIDChain.xml"), "r").read()) cryptoIDKey = parseXMLKey(open(os.path.join(dir, "serverCryptoIDKey.xml"), "r").read(), private=True) connection = connect() connection.handshakeClientCert(cryptoIDChain, cryptoIDKey) assert(isinstance(connection.session.serverCertChain, CertChain)) assert(connection.session.serverCertChain.validate()) connection.close() connection.sock.close() print "Test 17 - mutual cryptoID faults" for fault in Fault.clientCertFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeClientCert(cryptoIDChain, cryptoIDKey) print " Good Fault %s" % (Fault.faultNames[fault]) except TLSFaultError, e: print " BAD FAULT %s: %s" % (Fault.faultNames[fault], str(e)) badFault = True connection.sock.close() print "Test 18 - good SRP, prepare to resume..." connection = connect() connection.handshakeClientSRP("test", "password") connection.close() connection.sock.close() session = connection.session print "Test 19 - resumption" connection = connect() connection.handshakeClientSRP("test", "garbage", session=session) #Don't close! -- see below print "Test 20 - invalidated resumption" connection.sock.close() #Close the socket without a close_notify! connection = connect() try: connection.handshakeClientSRP("test", "garbage", session=session) assert() except TLSRemoteAlert, alert: if alert.description != AlertDescription.bad_record_mac: raise connection.sock.close() print "Test 21 - HTTPS test X.509" address = address[0], address[1]+1 if hasattr(socket, "timeout"): timeoutEx = socket.timeout else: timeoutEx = socket.error while 1: try: time.sleep(2) htmlBody = open(os.path.join(dir, "index.html")).read() fingerprint = None for y in range(2): h = HTTPTLSConnection(\ address[0], address[1], x509Fingerprint=fingerprint) for x in range(3): h.request("GET", "/index.html") r = h.getresponse() assert(r.status == 200) s = r.read() assert(s == htmlBody) fingerprint = h.tlsSession.serverCertChain.getFingerprint() assert(fingerprint) time.sleep(2) break except timeoutEx: print "timeout, retrying..." pass if cryptoIDlibLoaded: print "Test 21a - HTTPS test SRP+cryptoID" address = address[0], address[1]+1 if hasattr(socket, "timeout"): timeoutEx = socket.timeout else: timeoutEx = socket.error while 1: try: time.sleep(2) #Time to generate key and cryptoID htmlBody = open(os.path.join(dir, "index.html")).read() fingerprint = None protocol = None for y in range(2): h = HTTPTLSConnection(\ address[0], address[1], username="test", password="password", cryptoID=fingerprint, protocol=protocol) for x in range(3): h.request("GET", "/index.html") r = h.getresponse() assert(r.status == 200) s = r.read() assert(s == htmlBody) fingerprint = h.tlsSession.serverCertChain.cryptoID assert(fingerprint) protocol = "urn:whatever" time.sleep(2) break except timeoutEx: print "timeout, retrying..." pass address = address[0], address[1]+1 implementations = [] if cryptlibpyLoaded: implementations.append("cryptlib") if m2cryptoLoaded: implementations.append("openssl") if pycryptoLoaded: implementations.append("pycrypto") implementations.append("python") print "Test 22 - different ciphers" for implementation in implementations: for cipher in ["aes128", "aes256", "rc4"]: print "Test 22:", connection = connect() settings = HandshakeSettings() settings.cipherNames = [cipher] settings.cipherImplementations = [implementation, "python"] connection.handshakeClientSharedKey("shared", "key", settings=settings) print ("%s %s" % (connection.getCipherName(), connection.getCipherImplementation())) connection.write("hello") h = connection.read(min=5, max=5) assert(h == "hello") connection.close() connection.sock.close() print "Test 23 - throughput test" for implementation in implementations: for cipher in ["aes128", "aes256", "3des", "rc4"]: if cipher == "3des" and implementation not in ("openssl", "cryptlib", "pycrypto"): continue print "Test 23:", connection = connect() settings = HandshakeSettings() settings.cipherNames = [cipher] settings.cipherImplementations = [implementation, "python"] connection.handshakeClientSharedKey("shared", "key", settings=settings) print ("%s %s:" % (connection.getCipherName(), connection.getCipherImplementation())), startTime = time.clock() connection.write("hello"*10000) h = connection.read(min=50000, max=50000) stopTime = time.clock() print "100K exchanged at rate of %d bytes/sec" % int(100000/(stopTime-startTime)) assert(h == "hello"*10000) connection.close() connection.sock.close() print "Test 24 - Internet servers test" try: i = IMAP4_TLS("cyrus.andrew.cmu.edu") i.login("anonymous", "anonymous@anonymous.net") i.logout() print "Test 24: IMAP4 good" p = POP3_TLS("pop.gmail.com") p.quit() print "Test 24: POP3 good" except socket.error, e: print "Non-critical error: socket error trying to reach internet server: ", e if not badFault: print "Test succeeded" else: print "Test failed" def serverTest(address, dir): #Split address into hostname/port tuple address = address.split(":") if len(address)==1: address.append("4443") address = ( address[0], int(address[1]) ) #Connect to server lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) lsock.bind(address) lsock.listen(5) def connect(): return TLSConnection(lsock.accept()[0]) print "Test 1 - good shared key" sharedKeyDB = SharedKeyDB() sharedKeyDB["shared"] = "key" sharedKeyDB["shared2"] = "key2" connection = connect() connection.handshakeServer(sharedKeyDB=sharedKeyDB) connection.close() connection.sock.close() print "Test 2 - shared key faults" for fault in Fault.clientSharedKeyFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeServer(sharedKeyDB=sharedKeyDB) assert() except: pass connection.sock.close() print "Test 3 - good SRP" #verifierDB = tlslite.VerifierDB(os.path.join(dir, "verifierDB")) #verifierDB.open() verifierDB = VerifierDB() verifierDB.create() entry = VerifierDB.makeVerifier("test", "password", 1536) verifierDB["test"] = entry connection = connect() connection.handshakeServer(verifierDB=verifierDB) connection.close() connection.sock.close() print "Test 4 - SRP faults" for fault in Fault.clientSrpFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeServer(verifierDB=verifierDB) assert() except: pass connection.sock.close() print "Test 5 - good SRP: unknown_srp_username idiom" connection = connect() connection.handshakeServer(verifierDB=verifierDB) connection.close() connection.sock.close() print "Test 6 - good SRP: with X.509 cert" x509Cert = X509().parse(open(os.path.join(dir, "serverX509Cert.pem")).read()) x509Chain = X509CertChain([x509Cert]) s = open(os.path.join(dir, "serverX509Key.pem")).read() x509Key = parsePEMKey(s, private=True) connection = connect() connection.handshakeServer(verifierDB=verifierDB, \ certChain=x509Chain, privateKey=x509Key) connection.close() connection.sock.close() print "Test 7 - X.509 with SRP faults" for fault in Fault.clientSrpFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeServer(verifierDB=verifierDB, \ certChain=x509Chain, privateKey=x509Key) assert() except: pass connection.sock.close() if cryptoIDlibLoaded: print "Test 8 - good SRP: with cryptoID certs" cryptoIDChain = CertChain().parse(open(os.path.join(dir, "serverCryptoIDChain.xml"), "r").read()) cryptoIDKey = parseXMLKey(open(os.path.join(dir, "serverCryptoIDKey.xml"), "r").read(), private=True) connection = connect() connection.handshakeServer(verifierDB=verifierDB, \ certChain=cryptoIDChain, privateKey=cryptoIDKey) connection.close() connection.sock.close() print "Test 9 - cryptoID with SRP faults" for fault in Fault.clientSrpFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeServer(verifierDB=verifierDB, \ certChain=cryptoIDChain, privateKey=cryptoIDKey) assert() except: pass connection.sock.close() print "Test 10 - good X.509" connection = connect() connection.handshakeServer(certChain=x509Chain, privateKey=x509Key) connection.close() connection.sock.close() print "Test 10.a - good X.509, SSL v3" connection = connect() settings = HandshakeSettings() settings.minVersion = (3,0) settings.maxVersion = (3,0) connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, settings=settings) connection.close() connection.sock.close() print "Test 11 - X.509 faults" for fault in Fault.clientNoAuthFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeServer(certChain=x509Chain, privateKey=x509Key) assert() except: pass connection.sock.close() if cryptoIDlibLoaded: print "Test 12 - good cryptoID" connection = connect() connection.handshakeServer(certChain=cryptoIDChain, privateKey=cryptoIDKey) connection.close() connection.sock.close() print "Test 13 - cryptoID faults" for fault in Fault.clientNoAuthFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeServer(certChain=cryptoIDChain, privateKey=cryptoIDKey) assert() except: pass connection.sock.close() print "Test 14 - good mutual X.509" connection = connect() connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert=True) assert(isinstance(connection.session.serverCertChain, X509CertChain)) connection.close() connection.sock.close() print "Test 14a - good mutual X.509, SSLv3" connection = connect() settings = HandshakeSettings() settings.minVersion = (3,0) settings.maxVersion = (3,0) connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert=True, settings=settings) assert(isinstance(connection.session.serverCertChain, X509CertChain)) connection.close() connection.sock.close() print "Test 15 - mutual X.509 faults" for fault in Fault.clientCertFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeServer(certChain=x509Chain, privateKey=x509Key, reqCert=True) assert() except: pass connection.sock.close() if cryptoIDlibLoaded: print "Test 16 - good mutual cryptoID" connection = connect() connection.handshakeServer(certChain=cryptoIDChain, privateKey=cryptoIDKey, reqCert=True) assert(isinstance(connection.session.serverCertChain, CertChain)) assert(connection.session.serverCertChain.validate()) connection.close() connection.sock.close() print "Test 17 - mutual cryptoID faults" for fault in Fault.clientCertFaults + Fault.genericFaults: connection = connect() connection.fault = fault try: connection.handshakeServer(certChain=cryptoIDChain, privateKey=cryptoIDKey, reqCert=True) assert() except: pass connection.sock.close() print "Test 18 - good SRP, prepare to resume" sessionCache = SessionCache() connection = connect() connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) connection.close() connection.sock.close() print "Test 19 - resumption" connection = connect() connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) #Don't close! -- see next test print "Test 20 - invalidated resumption" try: connection.read(min=1, max=1) assert() #Client is going to close the socket without a close_notify except TLSAbruptCloseError, e: pass connection = connect() try: connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) except TLSLocalAlert, alert: if alert.description != AlertDescription.bad_record_mac: raise connection.sock.close() print "Test 21 - HTTPS test X.509" #Close the current listening socket lsock.close() #Create and run an HTTP Server using TLSSocketServerMixIn class MyHTTPServer(TLSSocketServerMixIn, BaseHTTPServer.HTTPServer): def handshake(self, tlsConnection): tlsConnection.handshakeServer(certChain=x509Chain, privateKey=x509Key) return True cd = os.getcwd() os.chdir(dir) address = address[0], address[1]+1 httpd = MyHTTPServer(address, SimpleHTTPServer.SimpleHTTPRequestHandler) for x in range(6): httpd.handle_request() httpd.server_close() cd = os.chdir(cd) if cryptoIDlibLoaded: print "Test 21a - HTTPS test SRP+cryptoID" #Create and run an HTTP Server using TLSSocketServerMixIn class MyHTTPServer(TLSSocketServerMixIn, BaseHTTPServer.HTTPServer): def handshake(self, tlsConnection): tlsConnection.handshakeServer(certChain=cryptoIDChain, privateKey=cryptoIDKey, verifierDB=verifierDB) return True cd = os.getcwd() os.chdir(dir) address = address[0], address[1]+1 httpd = MyHTTPServer(address, SimpleHTTPServer.SimpleHTTPRequestHandler) for x in range(6): httpd.handle_request() httpd.server_close() cd = os.chdir(cd) #Re-connect the listening socket lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) address = address[0], address[1]+1 lsock.bind(address) lsock.listen(5) def connect(): return TLSConnection(lsock.accept()[0]) implementations = [] if cryptlibpyLoaded: implementations.append("cryptlib") if m2cryptoLoaded: implementations.append("openssl") if pycryptoLoaded: implementations.append("pycrypto") implementations.append("python") print "Test 22 - different ciphers" for implementation in ["python"] * len(implementations): for cipher in ["aes128", "aes256", "rc4"]: print "Test 22:", connection = connect() settings = HandshakeSettings() settings.cipherNames = [cipher] settings.cipherImplementations = [implementation, "python"] connection.handshakeServer(sharedKeyDB=sharedKeyDB, settings=settings) print connection.getCipherName(), connection.getCipherImplementation() h = connection.read(min=5, max=5) assert(h == "hello") connection.write(h) connection.close() connection.sock.close() print "Test 23 - throughput test" for implementation in implementations: for cipher in ["aes128", "aes256", "3des", "rc4"]: if cipher == "3des" and implementation not in ("openssl", "cryptlib", "pycrypto"): continue print "Test 23:", connection = connect() settings = HandshakeSettings() settings.cipherNames = [cipher] settings.cipherImplementations = [implementation, "python"] connection.handshakeServer(sharedKeyDB=sharedKeyDB, settings=settings) print connection.getCipherName(), connection.getCipherImplementation() h = connection.read(min=50000, max=50000) assert(h == "hello"*10000) connection.write(h) connection.close() connection.sock.close() print "Test succeeded" if len(sys.argv) == 1 or (len(sys.argv)==2 and sys.argv[1].lower().endswith("help")): print "" print "Version: 0.3.8" print "" print "RNG: %s" % prngName print "" print "Modules:" if cryptlibpyLoaded: print " cryptlib_py : Loaded" else: print " cryptlib_py : Not Loaded" if m2cryptoLoaded: print " M2Crypto : Loaded" else: print " M2Crypto : Not Loaded" if pycryptoLoaded: print " pycrypto : Loaded" else: print " pycrypto : Not Loaded" if gmpyLoaded: print " GMPY : Loaded" else: print " GMPY : Not Loaded" if cryptoIDlibLoaded: print " cryptoIDlib : Loaded" else: print " cryptoIDlib : Not Loaded" print "" print "Commands:" print "" print " clientcert [ ]" print " clientsharedkey " print " clientsrp " print " clienttest " print "" print " serversrp " print " servercert [req]" print " serversrpcert " print " serversharedkey " print " servertest " sys.exit() cmd = sys.argv[1].lower() class Args: def __init__(self, argv): self.argv = argv def get(self, index): if len(self.argv)<=index: raise SyntaxError("Not enough arguments") return self.argv[index] def getLast(self, index): if len(self.argv)>index+1: raise SyntaxError("Too many arguments") return self.get(index) args = Args(sys.argv) def reformatDocString(s): lines = s.splitlines() newLines = [] for line in lines: newLines.append(" " + line.strip()) return "\n".join(newLines) try: if cmd == "clienttest": address = args.get(2) dir = args.getLast(3) clientTest(address, dir) sys.exit() elif cmd.startswith("client"): address = args.get(2) #Split address into hostname/port tuple address = address.split(":") if len(address)==1: address.append("4443") address = ( address[0], int(address[1]) ) def connect(): #Connect to server sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if hasattr(sock, "settimeout"): sock.settimeout(5) sock.connect(address) #Instantiate TLSConnections return TLSConnection(sock) try: if cmd == "clientsrp": username = args.get(3) password = args.getLast(4) connection = connect() start = time.clock() connection.handshakeClientSRP(username, password) elif cmd == "clientsharedkey": username = args.get(3) password = args.getLast(4) connection = connect() start = time.clock() connection.handshakeClientSharedKey(username, password) elif cmd == "clientcert": certChain = None privateKey = None if len(sys.argv) > 3: certFilename = args.get(3) keyFilename = args.getLast(4) s1 = open(certFilename, "rb").read() s2 = open(keyFilename, "rb").read() #Try to create cryptoID cert chain if cryptoIDlibLoaded: try: certChain = CertChain().parse(s1) privateKey = parsePrivateKey(s2) except: certChain = None privateKey = None #Try to create X.509 cert chain if not certChain: x509 = X509() x509.parse(s1) certChain = X509CertChain([x509]) privateKey = parsePrivateKey(s2) connection = connect() start = time.clock() connection.handshakeClientCert(certChain, privateKey) else: raise SyntaxError("Unknown command") except TLSLocalAlert, a: if a.description == AlertDescription.bad_record_mac: if cmd == "clientsharedkey": print "Bad sharedkey password" else: raise elif a.description == AlertDescription.user_canceled: print str(a) else: raise sys.exit() except TLSRemoteAlert, a: if a.description == AlertDescription.unknown_srp_username: if cmd == "clientsrp": print "Unknown username" else: raise elif a.description == AlertDescription.bad_record_mac: if cmd == "clientsrp": print "Bad username or password" else: raise elif a.description == AlertDescription.handshake_failure: print "Unable to negotiate mutually acceptable parameters" else: raise sys.exit() stop = time.clock() print "Handshake success" print " Handshake time: %.4f seconds" % (stop - start) print " Version: %s.%s" % connection.version print " Cipher: %s %s" % (connection.getCipherName(), connection.getCipherImplementation()) if connection.session.srpUsername: print " Client SRP username: %s" % connection.session.srpUsername if connection.session.sharedKeyUsername: print " Client shared key username: %s" % connection.session.sharedKeyUsername if connection.session.clientCertChain: print " Client fingerprint: %s" % connection.session.clientCertChain.getFingerprint() if connection.session.serverCertChain: print " Server fingerprint: %s" % connection.session.serverCertChain.getFingerprint() connection.close() connection.sock.close() elif cmd.startswith("server"): address = args.get(2) #Split address into hostname/port tuple address = address.split(":") if len(address)==1: address.append("4443") address = ( address[0], int(address[1]) ) verifierDBFilename = None sharedKeyDBFilename = None certFilename = None keyFilename = None sharedKeyDB = None reqCert = False if cmd == "serversrp": verifierDBFilename = args.getLast(3) elif cmd == "servercert": certFilename = args.get(3) keyFilename = args.get(4) if len(sys.argv)>=6: req = args.getLast(5) if req.lower() != "req": raise SyntaxError() reqCert = True elif cmd == "serversrpcert": verifierDBFilename = args.get(3) certFilename = args.get(4) keyFilename = args.getLast(5) elif cmd == "serversharedkey": sharedKeyDBFilename = args.getLast(3) elif cmd == "servertest": address = args.get(2) dir = args.getLast(3) serverTest(address, dir) sys.exit() verifierDB = None if verifierDBFilename: verifierDB = VerifierDB(verifierDBFilename) verifierDB.open() sharedKeyDB = None if sharedKeyDBFilename: sharedKeyDB = SharedKeyDB(sharedKeyDBFilename) sharedKeyDB.open() certChain = None privateKey = None if certFilename: s1 = open(certFilename, "rb").read() s2 = open(keyFilename, "rb").read() #Try to create cryptoID cert chain if cryptoIDlibLoaded: try: certChain = CertChain().parse(s1) privateKey = parsePrivateKey(s2) except: certChain = None privateKey = None #Try to create X.509 cert chain if not certChain: x509 = X509() x509.parse(s1) certChain = X509CertChain([x509]) privateKey = parsePrivateKey(s2) #Create handler function - performs handshake, then echos all bytes received def handler(sock): try: connection = TLSConnection(sock) settings = HandshakeSettings() connection.handshakeServer(sharedKeyDB=sharedKeyDB, verifierDB=verifierDB, \ certChain=certChain, privateKey=privateKey, \ reqCert=reqCert, settings=settings) print "Handshake success" print " Version: %s.%s" % connection.version print " Cipher: %s %s" % (connection.getCipherName(), connection.getCipherImplementation()) if connection.session.srpUsername: print " Client SRP username: %s" % connection.session.srpUsername if connection.session.sharedKeyUsername: print " Client shared key username: %s" % connection.session.sharedKeyUsername if connection.session.clientCertChain: print " Client fingerprint: %s" % connection.session.clientCertChain.getFingerprint() if connection.session.serverCertChain: print " Server fingerprint: %s" % connection.session.serverCertChain.getFingerprint() s = "" while 1: newS = connection.read() if not newS: break s += newS if s[-1]=='\n': connection.write(s) s = "" except TLSLocalAlert, a: if a.description == AlertDescription.unknown_srp_username: print "Unknown SRP username" elif a.description == AlertDescription.bad_record_mac: if cmd == "serversrp" or cmd == "serversrpcert": print "Bad SRP password for:", connection.allegedSrpUsername else: raise elif a.description == AlertDescription.handshake_failure: print "Unable to negotiate mutually acceptable parameters" else: raise except TLSRemoteAlert, a: if a.description == AlertDescription.bad_record_mac: if cmd == "serversharedkey": print "Bad sharedkey password for:", connection.allegedSharedKeyUsername else: raise elif a.description == AlertDescription.user_canceled: print "Handshake cancelled" elif a.description == AlertDescription.handshake_failure: print "Unable to negotiate mutually acceptable parameters" elif a.description == AlertDescription.close_notify: pass else: raise #Run multi-threaded server sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.bind(address) sock.listen(5) while 1: (newsock, cliAddress) = sock.accept() thread.start_new_thread(handler, (newsock,)) else: print "Bad command: '%s'" % cmd except TLSRemoteAlert, a: print str(a) raise tlslite-0.3.8/test/0000700000175000017500000000000010206516251013151 5ustar clintclinttlslite-0.3.8/test/test.txt0000700000175000017500000000165010076625254014707 0ustar clintclint mwvyukly7i05mdtoml8s2Kesk1Kozv4Yh8Kq2QPiWkDFX/EM7sx9Y3cr6FJnpeTTka1gzwUGifBUGIuTytD4vrI44K5Y+0VZbD77cKQgIzh3g6WvPV/PNRDZ3NdWh/nCfE3L0fgYuOPqlyLT1L+bZH+JPdZubizzrP7JZxk6cf0= Aw== GddTHww90lze7vnmxGUyJBvyGI3GzSpZa/XHJCtQZGAg5VLXfSIU5ekx/A278Pt4mEeQIoDWbFK4rsHt9yLUH4XvjdSdbTjMSUOF7MNraW+BbrqH3OCA/T91HbdOijYyAvakyob5uwf3wwFlFUZ20WC3jXDybNjimImHHeXb2ys=

wdIkgfQQ+HldVlNmwVjNotSuYOYoUy7mnIVz0yf+Y3Sgg8rD9/5tQSgsBD4poxTxWUm0kegah9ZK8hjtpDeLvQ==

zMlpMLRa+BZXU4R9TkLc+Jo85ZnnyZpe95W2uFdMUSHKAiRO1j/pcvPZFjcrdb2K4fI4ntfGj83O04XGEdvDQQ== gTbDAU1gpaY+OYzvK5CJFzh0QJlwN3SZva5NN2/+7PhrAoctT/7zgMVyrX7GbLig5jEjC/ARr+Qx9rtJGCUH0w== iIZGIHg8pWQ6N62o3tc9+xF97maahmbp+mPPJY+INhaGrBg0jtVGTKKQuXoc+SkHQUwlvzqEX96J4lkutpKCKw== XmTSYkIsPdz7ZhfySnPDSGTMd+gb39neAPrI8WoE981h89hJYXS0EVFiWRRs1kduFw7g21oM+WfGLNABlbyCbA== tlslite-0.3.8/test/verifierDB0000700000175000017500000006000010122503025015104 0ustar clintclinta g эh^icrGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/DGSlD21YFCjcynLtKCZ7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq6CkYqZYvC5O4Vfl5k+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/uAFna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S+zeGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb+7aUtcgD2J965DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cw== Ag== e/YxmpqCa8zeEqSR9kUUJA== hyytZmE9AyoleRAOH9zC9n5s7LBIOQmsCI4Agnv9SYTlqT7hPkefNr8d9jwe3rSjjN1asfZgBvIdBsoEUiLfV7uG70U4IiVbEuU4q7C43T880YBgZE4FDAVmJGaQjvG2ZT8BqFQ5XhaTxnHwC8M8dpQcB2l+i2HjLTzK/8IOE/NlTZUR3126ycYMDCu/NtGtwTAy3BqwrqdBlLaUfbCjEpvpX5YmozjYfDtYdKDZMGi8jbsjDoqCMSjaux7/dMv/V4TWbNAIvoud/WMH21dBwnhPGvudATW0CfaaYHwqmsIM3KNn+8lLLAKINsesrWabmxCQvozBhHgOFRy6bNswig==alice7q8Kua2zjdacM/gK+o/F6GByYYd1/zwLnqIxTJwlZXbWdN90luqB0zg7SBPWksbg4NXY4lC5i+SOSVwdYIna0V3H17RhVNa2zo70rWmxXUmCVZspe88YhcUp9WZmDlfsaO28PAVybMAv1Mv0l26qmv1ROP6DdkNbn8YdL8DrBuM= Ag== TM0a3EJSmuWsB0QdCW45Mg== IUCCkPsN81En/ZgBf1fJ5Hp0VI3AlAwyXvLPmcM6ic2tYBPUfMMiwdROLQBYhxf0FtVM2QAjEfl6lrswZb+v3MdXuU+1kie9MJKezJCMTPeBr2sx6SUq7uYFJH2oGz4Nu8tu0h7Qcn1/TIQE0AzCgf6XEuxcQ+Rrd77vPFbDBD4=testverifier--Reserved--type g эh^tlslite-0.3.8/test/serverX509Key.pem0000700000175000017500000000156710016012473016231 0ustar clintclint-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDf7GIdMhGG92vnyngDqgELrEyU9nX2FI1/nyzgDd/w5FXgg5dH cG9JyA4jdaozjtaSRDX9Lk6AqIMwqaaiYQSCe2OX0ACofr9TO0TrOgqXLPbTTALr I1rJ+lwmLIGSvnEMycLM/PR7a1Jw4OEbH6vq7LcCie0Lm3JQCqR55ayuTQIDAQAB AoGAE8QQ8RTPWUOT4dUMfP5Ps1EVPXz38q3jw6UwV+LBpsjxD61t+B9jo3amUNj9 Gin8pNKilWO2CENXuT7wd5rqw9OHpk5R1BHeSMzCCiqHkrVHzlOnchMnlYvFhA3K 8z4pSdljAQLoW1Az4uVwepS625wdv7ZPOSW0+ozwftL5fsECQQD3fKf64Vx1qTZT F+w7+q49+JztEQMef3Lu1wcDwcFZ1+wvvFbSky+7OU1URu10jXujLDXowfIkm5jF S8fuefG9AkEA56A6k31y5wpmldRF/geJIjbqxHhQEvGzYkvSlsKxWWxMmldtAlwQ aMEpJ6Vfk2yoaxHSKJVfm3lgUY7e3GlP0QJAckRQ/sncucq19WmfPhZBKwXF1sM7 EHLB6zrG11o3XrcOKwAnijRBHo2Xgaj57A2DH1TDU0Nw/KwGvll950LQdQJAZf/N S73mp4+Q9VHxMJio7wQ4BiTlPjJpyFOTfQhniPWEFkOBoZRhNYA6W1cb65Ph5qSG Y5DD9XdRzxiXU4CcwQJBAOu91/L0ujuh3j/V824bEdGpENoB923qsGa0BOA9PAWk s7wW6mKStbzcBIBExX91tdSxtYvAUXikA2J6D7Xmge0= -----END RSA PRIVATE KEY----- tlslite-0.3.8/test/twistedclient.py0000700000175000017500000000112310025505421016401 0ustar clintclint from tlslite.api import * import socket s = socket.socket() s.connect( ("localhost", 1079) ) """ #Only use this for Echo2 s.send("000\r\n") while 1: val= s.recv(100) print val, if val.endswith("000\r\n"): break s.send("STARTTLS\r\n") """ connection = TLSConnection(s) #connection.handshakeClientNoAuth() connection.handshakeClientSRP("test", "password") connection.send("abc\r\n") print connection.recv(100), print connection.recv(100), connection.send("def\r\n") print connection.recv(100), connection.close() connection.sock.close()tlslite-0.3.8/test/clientCryptoIDKey.xml0000700000175000017500000000165010062002276017242 0ustar clintclint 0P1JB0+Rp+h+wjzyox1RsZtarpaFWCyLYy3SXhTrIOpebu3Ojx2A1iFzzblaUsjVhgRxNmEpBRe31QKKsIhmRCHJwhPkHkf6JsLCTVnM6LpZnvlsSRs0SW/8Rk4xVotESs5jz7dA0nHJi5WcqA2SffgEJ3KPPVNAFsCv4NYMQzU= Aw== ItThgTftm/wVIF99xdo4SESPHRkWOVzB5dz4ZQN8hXxlEnz3woTqzlrookmPDcwjllYS3mWG1i6eo4BscsFmYGMxFH7uBNOWAnxkE+tPRTcRbihDFBAnrR4nZxD/W9+pa/yaiaBhbZVUzuldlAPR4xr0UdD3AyuUuxahRpqBiV0=

5KUm5qeX3XtAPtZP2xbuaiEpggt3YXaYR+RMi1/18TDcIKXPtqTshUkSzo2uipkgayQGOVnfy/XIaEIgExMLGw==

6f4gM6hpdPrXmZOF+tpbBc/ghc5ZWM+icyuPXNU5XBrmwh7GPlNUbIOfTt2BbA4K6yY2U2tKgc3r0KYZI+//7w== mG4Z7xplPlIq1I7f52Se8WtxAVz6QPm62pgzB5VOoMs9axk1JG3zA4YMibPJsbtq8hgEJjvqh/kwRYFqt2IHZw== m/7AInBGTfyPu7eupzw8roqVromQ5d/Boh0KPeN7kryZ1r8u1DeNna0U3z5WSAlcnMQkN5zcVolH4G67bUqqnw== laETO0Mg9RXvXaJLhTO4ZGQbBIQO+6a0rd9lP/cXscmh34s8QpxAbQoRviV9migvVyuCNd8aQcTSMwmJO59AWQ== tlslite-0.3.8/test/index.html0000700000175000017500000013626310016012473015160 0ustar clintclint Trevor Perrin

Trevor Perrin

Email: trevp at trevp.net
PGP Key: 8035 47B9 D1F9 C148 619A 7948 D8C0 0F11 2F2F F9E3

I'm a programmer, here are some projects I'm involved in.

My current interest is cryptographic key management and alternatives to PKI.

CryptoIDs

Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
Schema: XML Schema for <certChain> (.xsd)
Code: CryptoIDlib Python and Java library and command-line tool v0.1.8 (.zip, readme.txt)

PKI isn't working for person-to-person communications. Few people use secure email, voice, instant-messaging, or anything else.

CryptoIDs are an alternative. The idea is for people to exchange small, user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. These could be passed around and stored in address books as if they were phone numbers or postal addresses.

The cryptoID for each user would correspond to that user's root key. The user would keep his root key in a safe place - his employer or some commercial service might hold it for him. The rootholder would operate an online service which would issue short-lived subkey certificates or validation signatures to the user.

CryptoIDs, then, are about combining fingerprint-based public-key distribution with certificate-based private-key management. The first paper above presents the cryptoID fingerprint and certificate formats, which are designed specifically for this. CryptoIDlib lets you test-drive these formats.

The second paper presents private-key management protocols for use with online servers. Support for these is being added to cryptoIDlib.

TLS Lite

Code: tls_lite python library v0.1.8 (.zip, readme.txt)

TLS Lite is a free python library that implements SSL 3.0 and TLS 1.0. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure Python, however it can access OpenSSL or cryptlib for faster crypto operations.

TLS/SRP

Internet-Draft: Using SRP for TLS Authentication (.txt, .html)

SRP is the best way to do password authentication across a network. TLS (aka SSL v3.1) is the best way to do channel security. What could go better together?

This draft modifies the TLS handshake to use SRP. This combination of password-based mutual authentication and the TLS record layer is ideal for protecting protocols like POP3 and HTTP.

DSS

Requirements: DSS Use Case Requirements Analysis (.pdf, .doc)
Specification Working Draft: Digital Signature Service Core Protocol and Elements (.pdf, .doc)
Schema Working Draft: oasis-dss-1.0-core-schema-wd-10 (.xsd)
Somewhat Related Paper: Delegated Cryptography, Online Trusted Third Parties, and PKI (.pdf, .html)
(presented at the 1st Annual PKI Research Workshop)

The OASIS Digital Signature Service Technical Committee is designing protocols for signing, verifying, and time-stamping of XML documents and other data. The idea is to perform these operations on servers, thus freeing clients from having to manage private keys, calculate certificate paths, and so on.

Also listed is a paper arguing for the server-based approach vs. client-side PKI.

CryptoURLs

Draft of potential Internet-Draft: The "crypto" URL scheme (.txt, .html)

CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. The resulting URLs are self-authenticating, like SFS file names or Cryptographically Generated Addresses. These could be useful in:

  • web pages:
  • a page could link to software binaries and include their hash
  • a portal could provide secure introductions to a community of sites
  • XML documents (e.g. extending an XML-DSIG over external references)
  • protocols (e.g. HTTP Redirects or LDAP Referrals)
  • software configuration (you could configure a client with the address and fingerprint of a server in one step)
    • YURLs are another approach to self-authenticating URLs.

    CryptlibConverter

    Code: Version 5 for cryptlib 3.1 (.zip, readme.txt)

    This is a python script that generates java, python, and C# wrappers for cryptlib. A set of wrappers for cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.

    CryptoIDs

    Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
    Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
    Schema: XML Schema for <certChain> (.xsd)
    Code: CryptoIDlib Python and Java library and command-line tool v0.1.8 (.zip, readme.txt)

    PKI isn't working for person-to-person communications. Few people use secure email, voice, instant-messaging, or anything else.

    CryptoIDs are an alternative. The idea is for people to exchange small, user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. These could be passed around and stored in address books as if they were phone numbers or postal addresses.

    The cryptoID for each user would correspond to that user's root key. The user would keep his root key in a safe place - his employer or some commercial service might hold it for him. The rootholder would operate an online service which would issue short-lived subkey certificates or validation signatures to the user.

    CryptoIDs, then, are about combining fingerprint-based public-key distribution with certificate-based private-key management. The first paper above presents the cryptoID fingerprint and certificate formats, which are designed specifically for this. CryptoIDlib lets you test-drive these formats.

    The second paper presents private-key management protocols for use with online servers. Support for these is being added to cryptoIDlib.

    TLS Lite

    Code: tls_lite python library v0.1.8 (.zip, readme.txt)

    TLS Lite is a free python library that implements SSL 3.0 and TLS 1.0. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure Python, however it can access OpenSSL or cryptlib for faster crypto operations.

    TLS/SRP

    Internet-Draft: Using SRP for TLS Authentication (.txt, .html)

    SRP is the best way to do password authentication across a network. TLS (aka SSL v3.1) is the best way to do channel security. What could go better together?

    This draft modifies the TLS handshake to use SRP. This combination of password-based mutual authentication and the TLS record layer is ideal for protecting protocols like POP3 and HTTP.

    DSS

    Requirements: DSS Use Case Requirements Analysis (.pdf, .doc)
    Specification Working Draft: Digital Signature Service Core Protocol and Elements (.pdf, .doc)
    Schema Working Draft: oasis-dss-1.0-core-schema-wd-10 (.xsd)
    Somewhat Related Paper: Delegated Cryptography, Online Trusted Third Parties, and PKI (.pdf, .html)
    (presented at the 1st Annual PKI Research Workshop)

    The OASIS Digital Signature Service Technical Committee is designing protocols for signing, verifying, and time-stamping of XML documents and other data. The idea is to perform these operations on servers, thus freeing clients from having to manage private keys, calculate certificate paths, and so on.

    Also listed is a paper arguing for the server-based approach vs. client-side PKI.

    CryptoURLs

    Draft of potential Internet-Draft: The "crypto" URL scheme (.txt, .html)

    CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. The resulting URLs are self-authenticating, like SFS file names or Cryptographically Generated Addresses. These could be useful in:

  • web pages:
  • a page could link to software binaries and include their hash
  • a portal could provide secure introductions to a community of sites
  • XML documents (e.g. extending an XML-DSIG over external references)
  • protocols (e.g. HTTP Redirects or LDAP Referrals)
  • software configuration (you could configure a client with the address and fingerprint of a server in one step)
    • YURLs are another approach to self-authenticating URLs.

    CryptlibConverter

    Code: Version 5 for cryptlib 3.1 (.zip, readme.txt)

    This is a python script that generates java, python, and C# wrappers for cryptlib. A set of wrappers for cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.

    CryptoIDs

    Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
    Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
    Schema: XML Schema for <certChain> (.xsd)
    Code: CryptoIDlib Python and Java library and command-line tool v0.1.8 (.zip, readme.txt)

    PKI isn't working for person-to-person communications. Few people use secure email, voice, instant-messaging, or anything else.

    CryptoIDs are an alternative. The idea is for people to exchange small, user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. These could be passed around and stored in address books as if they were phone numbers or postal addresses.

    The cryptoID for each user would correspond to that user's root key. The user would keep his root key in a safe place - his employer or some commercial service might hold it for him. The rootholder would operate an online service which would issue short-lived subkey certificates or validation signatures to the user.

    CryptoIDs, then, are about combining fingerprint-based public-key distribution with certificate-based private-key management. The first paper above presents the cryptoID fingerprint and certificate formats, which are designed specifically for this. CryptoIDlib lets you test-drive these formats.

    The second paper presents private-key management protocols for use with online servers. Support for these is being added to cryptoIDlib.

    TLS Lite

    Code: tls_lite python library v0.1.8 (.zip, readme.txt)

    TLS Lite is a free python library that implements SSL 3.0 and TLS 1.0. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure Python, however it can access OpenSSL or cryptlib for faster crypto operations.

    TLS/SRP

    Internet-Draft: Using SRP for TLS Authentication (.txt, .html)

    SRP is the best way to do password authentication across a network. TLS (aka SSL v3.1) is the best way to do channel security. What could go better together?

    This draft modifies the TLS handshake to use SRP. This combination of password-based mutual authentication and the TLS record layer is ideal for protecting protocols like POP3 and HTTP.

    DSS

    Requirements: DSS Use Case Requirements Analysis (.pdf, .doc)
    Specification Working Draft: Digital Signature Service Core Protocol and Elements (.pdf, .doc)
    Schema Working Draft: oasis-dss-1.0-core-schema-wd-10 (.xsd)
    Somewhat Related Paper: Delegated Cryptography, Online Trusted Third Parties, and PKI (.pdf, .html)
    (presented at the 1st Annual PKI Research Workshop)

    The OASIS Digital Signature Service Technical Committee is designing protocols for signing, verifying, and time-stamping of XML documents and other data. The idea is to perform these operations on servers, thus freeing clients from having to manage private keys, calculate certificate paths, and so on.

    Also listed is a paper arguing for the server-based approach vs. client-side PKI.

    CryptoURLs

    Draft of potential Internet-Draft: The "crypto" URL scheme (.txt, .html)

    CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. The resulting URLs are self-authenticating, like SFS file names or Cryptographically Generated Addresses. These could be useful in:

  • web pages:
  • a page could link to software binaries and include their hash
  • a portal could provide secure introductions to a community of sites
  • XML documents (e.g. extending an XML-DSIG over external references)
  • protocols (e.g. HTTP Redirects or LDAP Referrals)
  • software configuration (you could configure a client with the address and fingerprint of a server in one step)
    • YURLs are another approach to self-authenticating URLs.

    CryptlibConverter

    Code: Version 5 for cryptlib 3.1 (.zip, readme.txt)

    This is a python script that generates java, python, and C# wrappers for cryptlib. A set of wrappers for cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.

    CryptoIDs

    Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
    Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
    Schema: XML Schema for <certChain> (.xsd)
    Code: CryptoIDlib Python and Java library and command-line tool v0.1.8 (.zip, readme.txt)

    PKI isn't working for person-to-person communications. Few people use secure email, voice, instant-messaging, or anything else.

    CryptoIDs are an alternative. The idea is for people to exchange small, user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. These could be passed around and stored in address books as if they were phone numbers or postal addresses.

    The cryptoID for each user would correspond to that user's root key. The user would keep his root key in a safe place - his employer or some commercial service might hold it for him. The rootholder would operate an online service which would issue short-lived subkey certificates or validation signatures to the user.

    CryptoIDs, then, are about combining fingerprint-based public-key distribution with certificate-based private-key management. The first paper above presents the cryptoID fingerprint and certificate formats, which are designed specifically for this. CryptoIDlib lets you test-drive these formats.

    The second paper presents private-key management protocols for use with online servers. Support for these is being added to cryptoIDlib.

    TLS Lite

    Code: tls_lite python library v0.1.8 (.zip, readme.txt)

    TLS Lite is a free python library that implements SSL 3.0 and TLS 1.0. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure Python, however it can access OpenSSL or cryptlib for faster crypto operations.

    TLS/SRP

    Internet-Draft: Using SRP for TLS Authentication (.txt, .html)

    SRP is the best way to do password authentication across a network. TLS (aka SSL v3.1) is the best way to do channel security. What could go better together?

    This draft modifies the TLS handshake to use SRP. This combination of password-based mutual authentication and the TLS record layer is ideal for protecting protocols like POP3 and HTTP.

    DSS

    Requirements: DSS Use Case Requirements Analysis (.pdf, .doc)
    Specification Working Draft: Digital Signature Service Core Protocol and Elements (.pdf, .doc)
    Schema Working Draft: oasis-dss-1.0-core-schema-wd-10 (.xsd)
    Somewhat Related Paper: Delegated Cryptography, Online Trusted Third Parties, and PKI (.pdf, .html)
    (presented at the 1st Annual PKI Research Workshop)

    The OASIS Digital Signature Service Technical Committee is designing protocols for signing, verifying, and time-stamping of XML documents and other data. The idea is to perform these operations on servers, thus freeing clients from having to manage private keys, calculate certificate paths, and so on.

    Also listed is a paper arguing for the server-based approach vs. client-side PKI.

    CryptoURLs

    Draft of potential Internet-Draft: The "crypto" URL scheme (.txt, .html)

    CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. The resulting URLs are self-authenticating, like SFS file names or Cryptographically Generated Addresses. These could be useful in:

  • web pages:
  • a page could link to software binaries and include their hash
  • a portal could provide secure introductions to a community of sites
  • XML documents (e.g. extending an XML-DSIG over external references)
  • protocols (e.g. HTTP Redirects or LDAP Referrals)
  • software configuration (you could configure a client with the address and fingerprint of a server in one step)
    • YURLs are another approach to self-authenticating URLs.

    CryptlibConverter

    Code: Version 5 for cryptlib 3.1 (.zip, readme.txt)

    This is a python script that generates java, python, and C# wrappers for cryptlib. A set of wrappers for cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.

    CryptoIDs

    Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
    Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
    Schema: XML Schema for <certChain> (.xsd)
    Code: CryptoIDlib Python and Java library and command-line tool v0.1.8 (.zip, readme.txt)

    PKI isn't working for person-to-person communications. Few people use secure email, voice, instant-messaging, or anything else.

    CryptoIDs are an alternative. The idea is for people to exchange small, user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. These could be passed around and stored in address books as if they were phone numbers or postal addresses.

    The cryptoID for each user would correspond to that user's root key. The user would keep his root key in a safe place - his employer or some commercial service might hold it for him. The rootholder would operate an online service which would issue short-lived subkey certificates or validation signatures to the user.

    CryptoIDs, then, are about combining fingerprint-based public-key distribution with certificate-based private-key management. The first paper above presents the cryptoID fingerprint and certificate formats, which are designed specifically for this. CryptoIDlib lets you test-drive these formats.

    The second paper presents private-key management protocols for use with online servers. Support for these is being added to cryptoIDlib.

    TLS Lite

    Code: tls_lite python library v0.1.8 (.zip, readme.txt)

    TLS Lite is a free python library that implements SSL 3.0 and TLS 1.0. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure Python, however it can access OpenSSL or cryptlib for faster crypto operations.

    TLS/SRP

    Internet-Draft: Using SRP for TLS Authentication (.txt, .html)

    SRP is the best way to do password authentication across a network. TLS (aka SSL v3.1) is the best way to do channel security. What could go better together?

    This draft modifies the TLS handshake to use SRP. This combination of password-based mutual authentication and the TLS record layer is ideal for protecting protocols like POP3 and HTTP.

    DSS

    Requirements: DSS Use Case Requirements Analysis (.pdf, .doc)
    Specification Working Draft: Digital Signature Service Core Protocol and Elements (.pdf, .doc)
    Schema Working Draft: oasis-dss-1.0-core-schema-wd-10 (.xsd)
    Somewhat Related Paper: Delegated Cryptography, Online Trusted Third Parties, and PKI (.pdf, .html)
    (presented at the 1st Annual PKI Research Workshop)

    The OASIS Digital Signature Service Technical Committee is designing protocols for signing, verifying, and time-stamping of XML documents and other data. The idea is to perform these operations on servers, thus freeing clients from having to manage private keys, calculate certificate paths, and so on.

    Also listed is a paper arguing for the server-based approach vs. client-side PKI.

    CryptoURLs

    Draft of potential Internet-Draft: The "crypto" URL scheme (.txt, .html)

    CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. The resulting URLs are self-authenticating, like SFS file names or Cryptographically Generated Addresses. These could be useful in:

  • web pages:
  • a page could link to software binaries and include their hash
  • a portal could provide secure introductions to a community of sites
  • XML documents (e.g. extending an XML-DSIG over external references)
  • protocols (e.g. HTTP Redirects or LDAP Referrals)
  • software configuration (you could configure a client with the address and fingerprint of a server in one step)
    • YURLs are another approach to self-authenticating URLs.

    CryptlibConverter

    Code: Version 5 for cryptlib 3.1 (.zip, readme.txt)

    This is a python script that generates java, python, and C# wrappers for cryptlib. A set of wrappers for cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.

    CryptoIDs

    Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
    Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
    Schema: XML Schema for <certChain> (.xsd)
    Code: CryptoIDlib Python and Java library and command-line tool v0.1.8 (.zip, readme.txt)

    PKI isn't working for person-to-person communications. Few people use secure email, voice, instant-messaging, or anything else.

    CryptoIDs are an alternative. The idea is for people to exchange small, user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. These could be passed around and stored in address books as if they were phone numbers or postal addresses.

    The cryptoID for each user would correspond to that user's root key. The user would keep his root key in a safe place - his employer or some commercial service might hold it for him. The rootholder would operate an online service which would issue short-lived subkey certificates or validation signatures to the user.

    CryptoIDs, then, are about combining fingerprint-based public-key distribution with certificate-based private-key management. The first paper above presents the cryptoID fingerprint and certificate formats, which are designed specifically for this. CryptoIDlib lets you test-drive these formats.

    The second paper presents private-key management protocols for use with online servers. Support for these is being added to cryptoIDlib.

    TLS Lite

    Code: tls_lite python library v0.1.8 (.zip, readme.txt)

    TLS Lite is a free python library that implements SSL 3.0 and TLS 1.0. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure Python, however it can access OpenSSL or cryptlib for faster crypto operations.

    TLS/SRP

    Internet-Draft: Using SRP for TLS Authentication (.txt, .html)

    SRP is the best way to do password authentication across a network. TLS (aka SSL v3.1) is the best way to do channel security. What could go better together?

    This draft modifies the TLS handshake to use SRP. This combination of password-based mutual authentication and the TLS record layer is ideal for protecting protocols like POP3 and HTTP.

    DSS

    Requirements: DSS Use Case Requirements Analysis (.pdf, .doc)
    Specification Working Draft: Digital Signature Service Core Protocol and Elements (.pdf, .doc)
    Schema Working Draft: oasis-dss-1.0-core-schema-wd-10 (.xsd)
    Somewhat Related Paper: Delegated Cryptography, Online Trusted Third Parties, and PKI (.pdf, .html)
    (presented at the 1st Annual PKI Research Workshop)

    The OASIS Digital Signature Service Technical Committee is designing protocols for signing, verifying, and time-stamping of XML documents and other data. The idea is to perform these operations on servers, thus freeing clients from having to manage private keys, calculate certificate paths, and so on.

    Also listed is a paper arguing for the server-based approach vs. client-side PKI.

    CryptoURLs

    Draft of potential Internet-Draft: The "crypto" URL scheme (.txt, .html)

    CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. The resulting URLs are self-authenticating, like SFS file names or Cryptographically Generated Addresses. These could be useful in:

  • web pages:
  • a page could link to software binaries and include their hash
  • a portal could provide secure introductions to a community of sites
  • XML documents (e.g. extending an XML-DSIG over external references)
  • protocols (e.g. HTTP Redirects or LDAP Referrals)
  • software configuration (you could configure a client with the address and fingerprint of a server in one step)
    • YURLs are another approach to self-authenticating URLs.

    CryptlibConverter

    Code: Version 5 for cryptlib 3.1 (.zip, readme.txt)

    This is a python script that generates java, python, and C# wrappers for cryptlib. A set of wrappers for cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.

    CryptoIDs

    Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
    Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
    Schema: XML Schema for <certChain> (.xsd)
    Code: CryptoIDlib Python and Java library and command-line tool v0.1.8 (.zip, readme.txt)

    PKI isn't working for person-to-person communications. Few people use secure email, voice, instant-messaging, or anything else.

    CryptoIDs are an alternative. The idea is for people to exchange small, user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. These could be passed around and stored in address books as if they were phone numbers or postal addresses.

    The cryptoID for each user would correspond to that user's root key. The user would keep his root key in a safe place - his employer or some commercial service might hold it for him. The rootholder would operate an online service which would issue short-lived subkey certificates or validation signatures to the user.

    CryptoIDs, then, are about combining fingerprint-based public-key distribution with certificate-based private-key management. The first paper above presents the cryptoID fingerprint and certificate formats, which are designed specifically for this. CryptoIDlib lets you test-drive these formats.

    The second paper presents private-key management protocols for use with online servers. Support for these is being added to cryptoIDlib.

    TLS Lite

    Code: tls_lite python library v0.1.8 (.zip, readme.txt)

    TLS Lite is a free python library that implements SSL 3.0 and TLS 1.0. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure Python, however it can access OpenSSL or cryptlib for faster crypto operations.

    TLS/SRP

    Internet-Draft: Using SRP for TLS Authentication (.txt, .html)

    SRP is the best way to do password authentication across a network. TLS (aka SSL v3.1) is the best way to do channel security. What could go better together?

    This draft modifies the TLS handshake to use SRP. This combination of password-based mutual authentication and the TLS record layer is ideal for protecting protocols like POP3 and HTTP.

    DSS

    Requirements: DSS Use Case Requirements Analysis (.pdf, .doc)
    Specification Working Draft: Digital Signature Service Core Protocol and Elements (.pdf, .doc)
    Schema Working Draft: oasis-dss-1.0-core-schema-wd-10 (.xsd)
    Somewhat Related Paper: Delegated Cryptography, Online Trusted Third Parties, and PKI (.pdf, .html)
    (presented at the 1st Annual PKI Research Workshop)

    The OASIS Digital Signature Service Technical Committee is designing protocols for signing, verifying, and time-stamping of XML documents and other data. The idea is to perform these operations on servers, thus freeing clients from having to manage private keys, calculate certificate paths, and so on.

    Also listed is a paper arguing for the server-based approach vs. client-side PKI.

    CryptoURLs

    Draft of potential Internet-Draft: The "crypto" URL scheme (.txt, .html)

    CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. The resulting URLs are self-authenticating, like SFS file names or Cryptographically Generated Addresses. These could be useful in:

  • web pages:
  • a page could link to software binaries and include their hash
  • a portal could provide secure introductions to a community of sites
  • XML documents (e.g. extending an XML-DSIG over external references)
  • protocols (e.g. HTTP Redirects or LDAP Referrals)
  • software configuration (you could configure a client with the address and fingerprint of a server in one step)
    • YURLs are another approach to self-authenticating URLs.

    CryptlibConverter

    Code: Version 5 for cryptlib 3.1 (.zip, readme.txt)

    This is a python script that generates java, python, and C# wrappers for cryptlib. A set of wrappers for cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.

    CryptoIDs

    Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
    Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
    Schema: XML Schema for <certChain> (.xsd)
    Code: CryptoIDlib Python and Java library and command-line tool v0.1.8 (.zip, readme.txt)

    PKI isn't working for person-to-person communications. Few people use secure email, voice, instant-messaging, or anything else.

    CryptoIDs are an alternative. The idea is for people to exchange small, user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. These could be passed around and stored in address books as if they were phone numbers or postal addresses.

    The cryptoID for each user would correspond to that user's root key. The user would keep his root key in a safe place - his employer or some commercial service might hold it for him. The rootholder would operate an online service which would issue short-lived subkey certificates or validation signatures to the user.

    CryptoIDs, then, are about combining fingerprint-based public-key distribution with certificate-based private-key management. The first paper above presents the cryptoID fingerprint and certificate formats, which are designed specifically for this. CryptoIDlib lets you test-drive these formats.

    The second paper presents private-key management protocols for use with online servers. Support for these is being added to cryptoIDlib.

    tlslite-0.3.8/test/clientX509Cert.pem0000700000175000017500000000171510016012471016337 0ustar clintclint-----BEGIN CERTIFICATE----- MIICoDCCAgmgAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJBVTET MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMB4XDTA0MDIwNjA2NDkxM1oXDTA0MDMwNzA2NDkxM1owRTELMAkGA1UE BhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp ZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2LHLqDM7 BpltKQGLJsh5bcQdk3cB0tHSJn4wjH2kg5Hy3WWOfnTljkVZ7PXrVp69feJkhgNR dD5bP1SVvPnF/ft77SVfM0nQDT2FKEH9Ez+1ZScZB3UkZFGxKM+WwALP/ve9LqLO 5+4l0CJ4vt3q1E3WBJNolpzAY05Y34Gyv3UCAwEAAaOBnzCBnDAdBgNVHQ4EFgQU zir4m5L6TMX16qGLDzzTSSEsMwQwbQYDVR0jBGYwZIAUzir4m5L6TMX16qGLDzzT SSEsMwShSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCAQAwDAYDVR0TBAUwAwEB /zANBgkqhkiG9w0BAQQFAAOBgQBWiYArf5Z0hMDB7TeHONS6NYFktMndJnctOTGV lmBV4I9Eg+TeYGIGfGkkZMm/zS2gfPRY12KyXVEL7+aBzguF/vPV+8nb5ByHlMu+ K+4j3YnbkwMQ8QLZwwHOjc2quyMnm1hVKPPTpEWhXGK86lbbinidHgSe8cNKqjjg xor7mA== -----END CERTIFICATE----- tlslite-0.3.8/test/serverX509Cert.pem0000700000175000017500000000171510016012473016371 0ustar clintclint-----BEGIN CERTIFICATE----- MIICoDCCAgmgAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJBVTET MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMB4XDTA0MDIwNjA2NDUyN1oXDTA0MDMwNzA2NDUyN1owRTELMAkGA1UE BhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp ZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3+xiHTIR hvdr58p4A6oBC6xMlPZ19hSNf58s4A3f8ORV4IOXR3BvScgOI3WqM47WkkQ1/S5O gKiDMKmmomEEgntjl9AAqH6/UztE6zoKlyz200wC6yNayfpcJiyBkr5xDMnCzPz0 e2tScODhGx+r6uy3AontC5tyUAqkeeWsrk0CAwEAAaOBnzCBnDAdBgNVHQ4EFgQU 1HnCXw1pdREsK8PJSHN2zS2YTfgwbQYDVR0jBGYwZIAU1HnCXw1pdREsK8PJSHN2 zS2YTfihSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCAQAwDAYDVR0TBAUwAwEB /zANBgkqhkiG9w0BAQQFAAOBgQAgu4Su/NpL1ZQt6HUbi0deyx2yiPO9x2s2EHPz r8Gu7M/JORKi9vtLiYfjfjTGKLTXTCpRvqL8rRc13QRGi4cTsAFxwQjDKukoidOx BWl4mMvw+pLJoAIcacdJAgSrFQeVUy8eVdvxqktDq+KdxZIn4z+vah+ZLuyozdsv idQlIQ== -----END CERTIFICATE----- tlslite-0.3.8/test/serverCryptoIDChain.xml0000700000175000017500000000123210062002741017555 0ustar clintclint 8PABXXCcJCBGo9Yy8rGJg01md+Y= 18531525 uJRX5oHWOjaQEvoGmshObJSWEVotPAvIfdtNWc4cI56sNhNcKMSLSEvZF/294hpvDl8SQB6Y/DyGcCFv5ShYOL7mfje+7Iq64ck604jeea9rE848NMfwq9MgHDpXq1Cx9NtbcOLilrb2z0rCvNihI4Qb/wrI/tYLlU5fXwOoUGM= Aw== tlslite-0.3.8/test/httpsserver.py0000700000175000017500000000166610027232764016135 0ustar clintclintfrom SocketServer import * from BaseHTTPServer import * from SimpleHTTPServer import * from tlslite.api import * s = open("./serverX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./serverX509Key.pem").read() privateKey = parsePEMKey(s, private=True) sessionCache = SessionCache() class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn, HTTPServer): def handshake(self, tlsConnection): try: tlsConnection.handshakeServer(certChain=certChain, privateKey=privateKey, sessionCache=sessionCache) tlsConnection.ignoreAbruptClose = True return True except TLSError, error: print "Handshake failure:", str(error) return False httpd = MyHTTPServer(('localhost', 443), SimpleHTTPRequestHandler) httpd.serve_forever()tlslite-0.3.8/test/serverCryptoIDKey.xml0000700000175000017500000000165010062002307017265 0ustar clintclint uJRX5oHWOjaQEvoGmshObJSWEVotPAvIfdtNWc4cI56sNhNcKMSLSEvZF/294hpvDl8SQB6Y/DyGcCFv5ShYOL7mfje+7Iq64ck604jeea9rE848NMfwq9MgHDpXq1Cx9NtbcOLilrb2z0rCvNihI4Qb/wrI/tYLlU5fXwOoUGM= Aw== HsNj+8BOXwkYAymrxHa3vMNuWDmyNKyhak83jvevW0Ucs63ksXYXNrdO2VT0+wRn17qDCq/EKgoWaAWSpjFkCSwsTV9UTOLNmxd+OZ1KePURiZo9EPTlzcufbyAW6t01gx6MFuKfBo9Ayuk/Na3dVt6s2vOVYvaJvjqnWpuv/Oc=

    wOJPKhX4RqJLyHBJ7JMnM1hwWixWE0Bn1KFDiFyjmIFU8mNkLKvGBkrTvegkcwwiRvOf3H5fyWiUHeO3YJopLQ==

    9Ppe0a8m80bzc9Uv7Ix8valp1qF4901xOMI98XGGiO+NMa+DZnypVSc6FV9WUmT4BRs9eMpNRWiL0I+H/O45zw== gJbfcWP62cGH2vWGnbdvd5BK5sg5Yirv4xYtBZMXuwDjTEJCyHKEBDHifprC911sL00VPamVMPBivpfPlbwbcw== o1GUi8oZ94SiTTjKnbL908ZGjxZQpN5LeywpS6EEW0peIR+s7v3GOMTRY5TkNu36rhIo+zGI2PBdNbUFU0l73w== XJ1sKQDEzji46Xfg08m2y66COjLNguW5DW7SNVKEbsS9f6C4Wpt2bA806pqn/6lTiv4h2DSGTKh/RzH6Ztdmdg== tlslite-0.3.8/test/clientX509Key.pem0000700000175000017500000000156710016012471016177 0ustar clintclint-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDYscuoMzsGmW0pAYsmyHltxB2TdwHS0dImfjCMfaSDkfLdZY5+ dOWORVns9etWnr194mSGA1F0Pls/VJW8+cX9+3vtJV8zSdANPYUoQf0TP7VlJxkH dSRkUbEoz5bAAs/+970uos7n7iXQIni+3erUTdYEk2iWnMBjTljfgbK/dQIDAQAB AoGAJHoJZk75aKr7DSQNYIHuruOMdv5ZeDuJvKERWxTrVJqE32/xBKh42/IgqRrc esBN9ZregRCd7YtxoL+EVUNWaJNVx2mNmezEznrc9zhcYUrgeaVdFO2yBF1889zO gCOVwrO8uDgeyj6IKa25H6c1N13ih/o7ZzEgWbGG+ylU1yECQQDv4ZSJ4EjSh/Fl aHdz3wbBa/HKGTjC8iRy476Cyg2Fm8MZUe9Yy3udOrb5ZnS2MTpIXt5AF3h2TfYV VoFXIorjAkEA50FcJmzT8sNMrPaV8vn+9W2Lu4U7C+K/O2g1iXMaZms5PC5zV5aV CKXZWUX1fq2RaOzlbQrpgiolhXpeh8FjxwJBAOFHzSQfSsTNfttp3KUpU0LbiVvv i+spVSnA0O4rq79KpVNmK44Mq67hsW1P11QzrzTAQ6GVaUBRv0YS061td1kCQHnP wtN2tboFR6lABkJDjxoGRvlSt4SOPr7zKGgrWjeiuTZLHXSAnCY+/hr5L9Q3ZwXG 6x6iBdgLjVIe4BZQNtcCQQDXGv/gWinCNTN3MPWfTW/RGzuMYVmyBFais0/VrgdH h1dLpztmpQqfyH/zrBXQ9qL/zR4ojS6XYneO/U18WpEe -----END RSA PRIVATE KEY----- tlslite-0.3.8/test/clientCryptoIDChain.xml0000700000175000017500000000122710062003041017523 0ustar clintclint I3xggvcPVOmIBsOzO87lCPNA4Rg= 19155 0P1JB0+Rp+h+wjzyox1RsZtarpaFWCyLYy3SXhTrIOpebu3Ojx2A1iFzzblaUsjVhgRxNmEpBRe31QKKsIhmRCHJwhPkHkf6JsLCTVnM6LpZnvlsSRs0SW/8Rk4xVotESs5jz7dA0nHJi5WcqA2SffgEJ3KPPVNAFsCv4NYMQzU= Aw== tlslite-0.3.8/test/twistedserver.py0000700000175000017500000000355210025505376016452 0ustar clintclint from twisted.internet.protocol import Protocol, Factory from twisted.internet import reactor from twisted.protocols.policies import WrappingFactory from twisted.protocols.basic import LineReceiver from twisted.python import log from twisted.python.failure import Failure import sys from tlslite.api import * s = open("./serverX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./serverX509Key.pem").read() privateKey = parsePEMKey(s, private=True) verifierDB = VerifierDB("verifierDB") verifierDB.open() class Echo(LineReceiver): def connectionMade(self): self.transport.write("Welcome to the echo server!\r\n") def lineReceived(self, line): self.transport.write(line + "\r\n") class Echo1(Echo): def connectionMade(self): if not self.transport.tlsStarted: self.transport.setServerHandshakeOp(certChain=certChain, privateKey=privateKey, verifierDB=verifierDB) else: Echo.connectionMade(self) def connectionLost(self, reason): pass #Handle any TLS exceptions here class Echo2(Echo): def lineReceived(self, data): if data == "STARTTLS": self.transport.setServerHandshakeOp(certChain=certChain, privateKey=privateKey, verifierDB=verifierDB) else: Echo.lineReceived(self, data) def connectionLost(self, reason): pass #Handle any TLS exceptions here factory = Factory() factory.protocol = Echo1 #factory.protocol = Echo2 wrappingFactory = WrappingFactory(factory) wrappingFactory.protocol = TLSTwistedProtocolWrapper log.startLogging(sys.stdout) reactor.listenTCP(1079, wrappingFactory) reactor.run() tlslite-0.3.8/readme.txt0000700000175000017500000007307410206512512014202 0ustar clintclint tlslite version 0.3.8 February 21, 2005 Trevor Perrin http://trevp.net/tlslite/ ============================================================================ Table of Contents ================== 1 Introduction 2 License/Acknowledgements 3 Installation 4 Getting Started with the Command-Line Tools 5 Getting Started with the Library 6 Using TLS Lite with httplib 7 Using TLS Lite with xmlrpclib 8 Using TLS Lite with poplib or imaplib 9 Using TLS Lite with smtplib 10 Using TLS Lite with SocketServer 11 Using TLS Lite with asyncore 12 Using TLS Lite with Twisted 13 SECURITY CONSIDERATIONS 14 History 15 References 1 Introduction =============== TLS Lite is a free python library that implements SSL v3, TLS v1, and TLS v1.1 [0]. TLS Lite supports non-traditional authentication methods such as SRP [1], shared keys [2], and cryptoIDs [3], in addition to X.509 certificates. TLS Lite is pure python, however it can access OpenSSL [4], cryptlib [5], pycrypto [9], and GMPY [10] for faster crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, SocketServer, asyncore, and Twisted. API documentation is available in the 'docs' directory. If you have questions or feedback, feel free to contact me. 2 Licenses/Acknowledgements ============================ All code here is public domain. Thanks to Bram Cohen for his public domain Rijndael implementation. Thanks to Edward Loper for Epydoc, which generated the API docs. 3 Installation =============== Requirements: Python 2.2 or greater is required. Options: - If you have cryptoIDlib [8], you can use cryptoID certificate chains for authentication. CryptoIDlib is the sister library to TLS Lite; it was written by the same author, and has a similar interface. - If you have the M2Crypto [6] interface to OpenSSL, this will be used for fast RSA operations and fast ciphers. - If you have the cryptlib_py [7] interface to cryptlib, this will be used for random number generation and fast ciphers. If TLS Lite can't find an OS-level random-number generator (i.e. /dev/urandom on UNIX or CryptoAPI on Windows), then you must MUST install cryptlib. - If you have pycrypto [9], this will be used for fast ciphers and fast RSA operations. - If you have the GMPY [10] interface to GMP, this will be used for fast RSA and SRP operations. - These modules don't need to be present at installation - you can install them any time. On Windows: Run the installer in the 'installers' directory. *OR* Run 'setup.py install' (this only works if your system has a compiler available). Anywhere else: - Run 'python setup.py install' Test the Installation: - The 'tls.py' script should have been copied onto your path. If not, you may have to copy it there manually. - From the distribution's ./test subdirectory, run: tls.py servertest localhost:4443 . - While the test server is waiting, run: tls.py clienttest localhost:4443 . If both say "Test succeeded" at the end, you're ready to go. (WARNING: Be careful running these (or any) scripts from the distribution's root directory. Depending on your path, the scripts may load the local copy of the library instead of the installed version, with unpredictable results). 4 Getting Started with the Command-Line Tools ============================================== tlslite comes with two command-line scripts: 'tlsdb.py' and 'tls.py'. They can be run with no arguments to see a list of commands. 'tlsdb.py' lets you manage shared key or verifier databases. These databases store usernames associated with either shared keys, or SRP password verifiers. These databases are used by a TLS server when authenticating clients with shared keys or SRP. 'tls.py' lets you run test clients and servers. It can be used for testing other TLS implementations, or as example code for using tlslite. To run an SRP server, try something like: tlsdb.py createsrp verifierDB tlsdb.py add verifierDB alice abra123cadabra 1024 tlsdb.py add verifierDB bob swordfish 2048 tls.py serversrp localhost:443 verifierDB Then you can try connecting to the server with: tls.py clientsrp localhost:443 alice abra123cadabra 5 Getting Started with the Library =================================== Using the library is simple. Whether you're writing a client or server, there are six steps: 1) Create a socket and connect it to the other party. 2) Construct a TLSConnection instance with the socket. 3) Call a handshake function on TLSConnection to perform the TLS handshake. 4) Check the results to make sure you're talking to the right party. 5) Use the TLSConnection to exchange data. 6) Call close() on the TLSConnection when you're done. TLS Lite also integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, SocketServer, asyncore, and Twisted. When used with these, some of the steps are performed for you. See the sections following this one for details. 5 Step 1 - create a socket --------------------------- Below demonstrates a socket connection to Amazon's secure site. It's a good idea to set the timeout value, so if the other side fails to respond you won't end up waiting forever. from socket import * sock = socket(AF_INET, SOCK_STREAM) sock.connect( ("www.amazon.com", 443) ) sock.settimeout(10) #Only on python 2.3 or greater 5 Step 2 - construct a TLSConnection ------------------------------------- from tlslite.api import * connection = TLSConnection(sock) 5 Step 3 - call a handshake function (client) ---------------------------------------------- If you're a client, there's several different handshake functions you can call, depending on how you want to authenticate: connection.handshakeClientCert() connection.handshakeClientCert(certChain, privateKey) connection.handshakeClientSRP("alice", "abra123cadabra") connection.handshakeClientSharedKey("alice", "PaVBVZkYqAjCQCu6UBL2xgsnZhw") connection.handshakeClientUnknown(srpCallback, certCallback) The ClientCert function without arguments is used when connecting to a site like Amazon, which doesn't require client authentication. The server will authenticate with a certificate chain. The ClientCert function can also be used to do client authentication with an X.509 or cryptoID certificate chain. To use cryptoID chains, you'll need the cryptoIDlib library [8]. To use X.509 chains, you'll need some way of creating these, such as OpenSSL (see http://www.openssl.org/docs/HOWTO/ for details). Below are examples of loading cryptoID and X.509 certificate chains: #Load cryptoID certChain and privateKey. Requires cryptoIDlib. from cryptoIDlib.CertChain import CertChain s = open("./test/clientCryptoIDChain.xml").read() certChain = CertChain() certChain.parse(s) s = open("./test/clientCryptoIDKey.xml").read() privateKey = parseXMLKey(s, private=True) #Load X.509 certChain and privateKey. s = open("./test/clientX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./test/clientX509Key.pem").read() privateKey = parsePEMKey(s, private=True) The SRP and SharedKey functions both do mutual authentication with a username and password. The difference is this: SRP is slow but safer when using low- entropy passwords, since the SRP protocol is not vulnerable to offline dictionary attacks. Using shared keys is faster, but it's only safe when used with high-entropy secrets. In general, you should prefer SRP for human- memorable passwords, and use shared keys only when your performance needs outweigh the inconvenience of handling large random strings. [WARNING: shared keys and SRP are internet-drafts; these protocols may change, which means future versions of tlslite may not be compatible with this one. This is less likely with SRP, more likely with shared-keys.] The Unknown function is used when you're not sure if the server requires client authentication. If the server requests SRP or certificate-based authentication, the appropriate callback will be triggered, and you should return a tuple containing either a (username, password) or (certChain, privateKey), as appropriate. Alternatively, you can return None, which will cancel the handshake from an SRP callback, or cause it to continue without client authentication (if the server is willing) from a certificate callback. If you want more control over the handshake, you can pass in a HandshakeSettings instance. For example, if you're performing SRP, but you only want to use SRP parameters of at least 2048 bits, and you only want to use the AES-256 cipher, and you only want to allow TLS (version 3.1), not SSL (version 3.0), you can do: settings = HandshakeSettings() settings.minKeySize = 2048 settings.cipherNames = ["aes256"] settings.minVersion = (3,1) connection.handshakeClientSRP("alice", "abra123cadabra", settings=settings) Finally, every TLSConnection has a session object. You can try to resume a previous session by passing in the session object from the old session. If the server remembers this old session and supports resumption, the handshake will finish more quickly. Otherwise, the full handshake will be done. For example: connection.handshakeClientSRP("alice", "abra123cadabra") . . oldSession = connection.session connection2.handshakeClientSRP("alice", "abra123cadabra", session= oldSession) 5 Step 3 - call a handshake function (server) ---------------------------------------------- If you're a server, there's only one handshake function, but you can pass it several different parameters, depending on which types of authentication you're willing to perform. To perform SRP authentication, you have to pass in a database of password verifiers. The VerifierDB class manages an in-memory or on-disk verifier database. #On-disk database (use no-arg constructor if you want an in-memory DB) verifierDB = VerifierDB("./test/verifierDB") #Open the pre-existing database (can also 'create()' a new one) verifierDB.open() #Add to the database verifier = VerifierDB.makeVerifier("alice", "abra123cadabra", 2048) verifierDB["alice"] = verifier #Perform a handshake using the database connection.handshakeServer(verifierDB=verifierDB) To perform shared key authentication, you have to pass in a database of shared keys. The SharedKeyDB class manages an in-memory or on-disk shared key database. sharedKeyDB = SharedKeyDB("./test/sharedkeyDB") sharedKeyDB.open() sharedKeyDB["alice"] = "PaVBVZkYqAjCQCu6UBL2xgsnZhw" connection.handshakeServer(sharedKeyDB=sharedKeyDB) To perform authentication with a certificate and private key, the server must load these as described in the previous section, then pass them in. If the server sets the reqCert boolean to True, a certificate chain will be requested from the client. connection.handshakeServer(certChain=certChain, privateKey=privateKey, reqCert=True) You can pass in any combination of a verifier database, a shared key database, and a certificate chain/private key. The client will use one of them to authenticate. In the case of SRP and a certificate chain/private key, they both may be used. You can also pass in a HandshakeSettings object, as described in the last section, for finer control over handshaking details. Finally, the server can maintain a SessionCache, which will allow clients to use session resumption: sessionCache = SessionCache() connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) It should be noted that the session cache, and the verifier and shared key databases, are all thread-safe. 5 Step 4 - check the results ----------------------------- If the handshake completes without raising an exception, authentication results will be stored in the connection's session object. The following variables will be populated if applicable, or else set to None: connection.session.srpUsername #string connection.session.sharedKeyUsername #string connection.session.clientCertChain #X509CertChain or #cryptoIDlib.CertChain.CertChain connection.session.serverCertChain #X509CertChain or #cryptoIDlib.CertChain.CertChain Both types of certificate chain object support the getFingerprint() function, but with a difference. X.509 objects return the end-entity fingerprint, and ignore the other certificates. CryptoID fingerprints (aka "cryptoIDs") are based on the root cryptoID certificate, so you have to call validate() on the CertChain to be sure you're really talking to the cryptoID. X.509 certificate chain objects may also be validated against a list of trusted root certificates. See the API documentation for details. To save yourself the trouble of inspecting fingerprints after the handshake, you can pass a Checker object into the handshake function. The checker will be called if the handshake completes successfully. If the other party's certificate chain isn't approved by the checker, a subclass of TLSAuthenticationError will be raised. For example, to perform a handshake with a server based on its X.509 fingerprint, do: try: checker = Checker(\ x509Fingerprint='e049ff930af76d43ff4c658b268786f4df1296f2') connection.handshakeClientCert(checker=checker) except TLSAuthenticationError: print "Authentication failure" If the handshake fails for any reason, an exception will be raised. If the socket timed out or was unexpectedly closed, a socket.error or TLSAbruptCloseError will be raised. Otherwise, either a TLSLocalAlert or TLSRemoteAlert will be raised, depending on whether the local or remote implementation signalled the error. The exception object has a 'description' member which identifies the error based on the codes in RFC 2246. A TLSLocalAlert also has a 'message' string that may have more details. Example of handling a remote alert: try: [...] except TLSRemoteAlert, alert: if alert.description == AlertDescription.unknown_srp_username: print "Unknown user." [...] Figuring out what went wrong based on the alert may require some interpretation, particularly with remote alerts where you don't have an error string, and where the remote implementation may not be signalling alerts properly. Many alerts signal an implementation error, and so should rarely be seen in normal operation (unexpected_message, decode_error, illegal_parameter, internal_error, etc.). Others alerts are more likely to occur. Below are some common alerts and their probable causes, and whether they are signalled by the client or server. Client bad_record_mac: - bad shared key password Client handshake failure: - SRP parameters are not recognized by client Client user_canceled: - The client might have returned None from an SRP callback. Client insufficient_security: - SRP parameters are too small Client protocol_version: - Client doesn't support the server's protocol version Server protocol_version: - Server doesn't support the client's protocol version Server bad_record_mac: - bad SRP username or password Server unknown_srp_username - bad SRP username (bad_record_mac could be used for the same thing) Server handshake_failure: - bad shared key username - no matching cipher suites 5 Step 5 - exchange data ------------------------- Now that you have a connection, you can call read() and write() as if it were a socket.SSL object. You can also call send(), sendall(), recv(), and makefile() as if it were a socket. These calls may raise TLSLocalAlert, TLSRemoteAlert, socket.error, or TLSAbruptCloseError, just like the handshake functions. Once the TLS connection is closed by the other side, calls to read() or recv() will return an empty string. If the socket is closed by the other side without first closing the TLS connection, calls to read() or recv() will return a TLSAbruptCloseError, and calls to write() or send() will return a socket.error. 5 Step 6 - close the connection -------------------------------- When you're finished sending data, you should call close() to close the connection down. When the connection is closed properly, the socket stays open and can be used for exchanging non-secure data, the session object can be used for session resumption, and the connection object can be re-used by calling another handshake function. If an exception is raised, the connection will be automatically closed; you don't need to call close(). Furthermore, you will probably not be able to re- use the socket, the connection object, or the session object, and you shouldn't even try. By default, calling close() will leave the socket open. If you set the connection's closeSocket flag to True, the connection will take ownership of the socket, and close it when the connection is closed. 6 Using TLS Lite with httplib ============================== TLS Lite comes with an HTTPTLSConnection class that extends httplib to work over SSL/TLS connections. Depending on how you construct it, it will do different types of authentication. #No authentication whatsoever h = HTTPTLSConnection("www.amazon.com", 443) h.request("GET", "") r = h.getresponse() [...] #Authenticate server based on its X.509 fingerprint h = HTTPTLSConnection("www.amazon.com", 443, x509Fingerprint="e049ff930af76d43ff4c658b268786f4df1296f2") [...] #Authenticate server based on its X.509 chain (requires cryptlib_py [7]) h = HTTPTLSConnection("www.amazon.com", 443, x509TrustList=[verisignCert], x509CommonName="www.amazon.com") [...] #Authenticate server based on its cryptoID h = HTTPTLSConnection("localhost", 443, cryptoID="dmqb6.fq345.cxk6g.5fha3") [...] #Mutually authenticate with SRP h = HTTPTLSConnection("localhost", 443, username="alice", password="abra123cadabra") [...] #Mutually authenticate with a shared key h = HTTPTLSConnection("localhost", 443, username="alice", sharedKey="PaVBVZkYqAjCQCu6UBL2xgsnZhw") [...] #Mutually authenticate with SRP, *AND* authenticate the server based #on its cryptoID h = HTTPTLSConnection("localhost", 443, username="alice", password="abra123cadabra", cryptoID="dmqb6.fq345.cxk6g.5fha3") [...] 7 Using TLS Lite with xmlrpclib ================================ TLS Lite comes with an XMLRPCTransport class that extends xmlrpclib to work over SSL/TLS connections. This class accepts the same parameters as HTTPTLSConnection (see previous section), and behaves similarly. Depending on how you construct it, it will do different types of authentication. from tlslite.api import XMLRPCTransport from xmlrpclib import ServerProxy #No authentication whatsoever transport = XMLRPCTransport() server = ServerProxy("https://localhost", transport) server.someFunc(2, 3) [...] #Authenticate server based on its X.509 fingerprint transport = XMLRPCTransport(\ x509Fingerprint="e049ff930af76d43ff4c658b268786f4df1296f2") [...] 8 Using TLS Lite with poplib or imaplib ======================================== TLS Lite comes with POP3_TLS and IMAP4_TLS classes that extend poplib and imaplib to work over SSL/TLS connections. These classes can be constructed with the same parameters as HTTPTLSConnection (see previous section), and behave similarly. #To connect to a POP3 server over SSL and display its fingerprint: from tlslite.api import * p = POP3_TLS("---------.net") print p.sock.session.serverCertChain.getFingerprint() [...] #To connect to an IMAP server once you know its fingerprint: from tlslite.api import * i = IMAP4_TLS("cyrus.andrew.cmu.edu", x509Fingerprint="00c14371227b3b677ddb9c4901e6f2aee18d3e45") [...] 9 Using TLS Lite with smtplib ============================== TLS Lite comes with an SMTP_TLS class that extends smtplib to work over SSL/TLS connections. This class accepts the same parameters as HTTPTLSConnection (see previous section), and behaves similarly. Depending on how you call starttls(), it will do different types of authentication. #To connect to an SMTP server once you know its fingerprint: from tlslite.api import * s = SMTP_TLS("----------.net") s.starttls(x509Fingerprint="7e39be84a2e3a7ad071752e3001d931bf82c32dc") [...] 10 Using TLS Lite with SocketServer ==================================== You can use TLS Lite to implement servers using Python's SocketServer framework. TLS Lite comes with a TLSSocketServerMixIn class. You can combine this with a TCPServer such as HTTPServer. To combine them, define a new class that inherits from both of them (with the mix-in first). Then implement the handshake() method, doing some sort of server handshake on the connection argument. If the handshake method returns True, the RequestHandler will be triggered. Below is a complete example of a threaded HTTPS server. from SocketServer import * from BaseHTTPServer import * from SimpleHTTPServer import * from tlslite.api import * s = open("./serverX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./serverX509Key.pem").read() privateKey = parsePEMKey(s, private=True) sessionCache = SessionCache() class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn, HTTPServer): def handshake(self, tlsConnection): try: tlsConnection.handshakeServer(certChain=certChain, privateKey=privateKey, sessionCache=sessionCache) tlsConnection.ignoreAbruptClose = True return True except TLSError, error: print "Handshake failure:", str(error) return False httpd = MyHTTPServer(('localhost', 443), SimpleHTTPRequestHandler) httpd.serve_forever() 11 Using TLS Lite with asyncore ================================ TLS Lite can be used with subclasses of asyncore.dispatcher. See the comments in TLSAsyncDispatcherMixIn.py for details. This is still experimental, and may not work with all asyncore.dispatcher subclasses. Below is an example of combining Medusa's http_channel with TLSAsyncDispatcherMixIn: class http_tls_channel(TLSAsyncDispatcherMixIn, http_server.http_channel): ac_in_buffer_size = 16384 def __init__ (self, server, conn, addr): http_server.http_channel.__init__(self, server, conn, addr) TLSAsyncDispatcherMixIn.__init__(self, conn) self.tlsConnection.ignoreAbruptClose = True self.setServerHandshakeOp(certChain=certChain, privateKey=privateKey) 12 Using TLS Lite with Twisted =============================== TLS Lite can be used with Twisted protocols. Below is a complete example of using TLS Lite with a Twisted echo server. There are two server implementations below. Echo is the original protocol, which is oblivious to TLS. Echo1 subclasses Echo and negotiates TLS when the client connects. Echo2 subclasses Echo and negotiates TLS when the client sends "STARTTLS". from twisted.internet.protocol import Protocol, Factory from twisted.internet import reactor from twisted.protocols.policies import WrappingFactory from twisted.protocols.basic import LineReceiver from twisted.python import log from twisted.python.failure import Failure import sys from tlslite.api import * s = open("./serverX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./serverX509Key.pem").read() privateKey = parsePEMKey(s, private=True) verifierDB = VerifierDB("verifierDB") verifierDB.open() class Echo(LineReceiver): def connectionMade(self): self.transport.write("Welcome to the echo server!\r\n") def lineReceived(self, line): self.transport.write(line + "\r\n") class Echo1(Echo): def connectionMade(self): if not self.transport.tlsStarted: self.transport.setServerHandshakeOp(certChain=certChain, privateKey=privateKey, verifierDB=verifierDB) else: Echo.connectionMade(self) def connectionLost(self, reason): pass #Handle any TLS exceptions here class Echo2(Echo): def lineReceived(self, data): if data == "STARTTLS": self.transport.setServerHandshakeOp(certChain=certChain, privateKey=privateKey, verifierDB=verifierDB) else: Echo.lineReceived(self, data) def connectionLost(self, reason): pass #Handle any TLS exceptions here factory = Factory() factory.protocol = Echo1 #factory.protocol = Echo2 wrappingFactory = WrappingFactory(factory) wrappingFactory.protocol = TLSTwistedProtocolWrapper log.startLogging(sys.stdout) reactor.listenTCP(1079, wrappingFactory) reactor.run() 13 Security Considerations =========================== TLS Lite is beta-quality code. It hasn't received much security analysis. Use at your own risk. 14 History =========== 0.3.8 - 2/21/2005 - Added support for poplib, imaplib, and smtplib - Added python 2.4 windows installer - Fixed occassional timing problems with test suite 0.3.7 - 10/05/2004 - Added support for Python 2.2 - Cleaned up compatibility code, and docs, a bit 0.3.6 - 9/28/2004 - Fixed script installation on UNIX - Give better error message on old Python versions 0.3.5 - 9/16/2004 - TLS 1.1 support - os.urandom() support - Fixed win32prng on some systems 0.3.4 - 9/12/2004 - Updated for TLS/SRP draft 8 - Bugfix: was setting _versioncheck on SRP 1st hello, causing problems with GnuTLS (which was offering TLS 1.1) - Removed _versioncheck checking, since it could cause interop problems - Minor bugfix: when cryptlib_py and and cryptoIDlib present, cryptlib was complaining about being initialized twice 0.3.3 - 6/10/2004 - Updated for TLS/SRP draft 7 - Updated test cryptoID cert chains for cryptoIDlib 0.3.1 0.3.2 - 5/21/2004 - fixed bug when handling multiple handshake messages per record (e.g. IIS) 0.3.1 - 4/21/2004 - added xmlrpclib integration - fixed hanging bug in Twisted integration - fixed win32prng to work on a wider range of win32 sytems - fixed import problem with cryptoIDlib - fixed port allocation problem when test scripts are run on some UNIXes - made tolerant of buggy IE sending wrong version in premaster secret 0.3.0 - 3/20/2004 - added API docs thanks to epydoc - added X.509 path validation via cryptlib - much cleaning/tweaking/re-factoring/minor fixes 0.2.7 - 3/12/2004 - changed Twisted error handling to use connectionLost() - added ignoreAbruptClose 0.2.6 - 3/11/2004 - added Twisted errorHandler - added TLSAbruptCloseError - added 'integration' subdirectory 0.2.5 - 3/10/2004 - improved asynchronous support a bit - added first-draft of Twisted support 0.2.4 - 3/5/2004 - cleaned up asyncore support - added proof-of-concept for Twisted 0.2.3 - 3/4/2004 - added pycrypto RSA support - added asyncore support 0.2.2 - 3/1/2004 - added GMPY support - added pycrypto support - added support for PEM-encoded private keys, in pure python 0.2.1 - 2/23/2004 - improved PRNG use (cryptlib, or /dev/random, or CryptoAPI) - added RSA blinding, to avoid timing attacks - don't install local copy of M2Crypto, too problematic 0.2.0 - 2/19/2004 - changed VerifierDB to take per-user parameters - renamed tls_lite -> tlslite 0.1.9 - 2/16/2004 - added post-handshake 'Checker' - made compatible with Python 2.2 - made more forgiving of abrupt closure, since everyone does it: if the socket is closed while sending/recv'ing close_notify, just ignore it. 0.1.8 - 2/12/2004 - TLSConnections now emulate sockets, including makefile() - HTTPTLSConnection and TLSMixIn simplified as a result 0.1.7 - 2/11/2004 - fixed httplib.HTTPTLSConnection with multiple requests - fixed SocketServer to handle close_notify - changed handshakeClientNoAuth() to ignore CertificateRequests - changed handshakeClient() to ignore non-resumable session arguments 0.1.6 - 2/10/2004 - fixed httplib support 0.1.5 - 2/09/2004 - added support for httplib and SocketServer - added support for SSLv3 - added support for 3DES - cleaned up read()/write() behavior - improved HMAC speed 0.1.4 - 2/06/2004 - fixed dumb bug in tls.py 0.1.3 - 2/05/2004 - change read() to only return requested number of bytes - added support for shared-key and in-memory databases - added support for PEM-encoded X.509 certificates - added support for SSLv2 ClientHello - fixed shutdown/re-handshaking behavior - cleaned up handling of missing_srp_username - renamed readString()/writeString() -> read()/write() - added documentation 0.1.2 - 2/04/2004 - added clienttest/servertest functions - improved OpenSSL cipher wrappers speed - fixed server when it has a key, but client selects plain SRP - fixed server to postpone errors until it has read client's messages - fixed ServerHello to only include extension data if necessary 0.1.1 - 2/02/2004 - fixed close_notify behavior - fixed handling of empty application data packets - fixed socket reads to not consume extra bytes - added testing functions to tls.py 0.1.0 - 2/01/2004 - first release 15 References ============== [0] http://www.ietf.org/html.charters/tls-charter.html [1] http://www.trevp.net/tls_srp/draft-ietf-tls-srp-07.html [2] http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt [3] http://www.trevp.net/cryptoID/ [4] http://www.openssl.org/ [5] http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ [6] http://sandbox.rulemaker.net/ngps/m2/ [7] http://trevp.net/cryptlibConverter/ [8] http://www.trevp.net/cryptoID/ [9] http://www.amk.ca/python/code/crypto.html [10] http://gmpy.sourceforge.net/ tlslite-0.3.8/tlslite/0000700000175000017500000000000010206516251013652 5ustar clintclinttlslite-0.3.8/tlslite/mathtls.py0000700000175000017500000002657710130676033015725 0ustar clintclint"""Miscellaneous helper functions.""" from utils.compat import * from utils.cryptomath import * import hmac import md5 import sha #1024, 1536, 2048, 3072, 4096, 6144, and 8192 bit groups] goodGroupParameters = [(2,0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3),\ (2,0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB),\ (2,0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73),\ (2,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF),\ (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF),\ (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF),\ (5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF)] def P_hash(hashModule, secret, seed, length): bytes = createByteArrayZeros(length) secret = bytesToString(secret) seed = bytesToString(seed) A = seed index = 0 while 1: A = hmac.HMAC(secret, A, hashModule).digest() output = hmac.HMAC(secret, A+seed, hashModule).digest() for c in output: if index >= length: return bytes bytes[index] = ord(c) index += 1 return bytes def PRF(secret, label, seed, length): #Split the secret into left and right halves S1 = secret[ : int(math.ceil(len(secret)/2.0))] S2 = secret[ int(math.floor(len(secret)/2.0)) : ] #Run the left half through P_MD5 and the right half through P_SHA1 p_md5 = P_hash(md5, S1, concatArrays(stringToBytes(label), seed), length) p_sha1 = P_hash(sha, S2, concatArrays(stringToBytes(label), seed), length) #XOR the output values and return the result for x in range(length): p_md5[x] ^= p_sha1[x] return p_md5 def PRF_SSL(secret, seed, length): secretStr = bytesToString(secret) seedStr = bytesToString(seed) bytes = createByteArrayZeros(length) index = 0 for x in range(26): A = chr(ord('A')+x) * (x+1) # 'A', 'BB', 'CCC', etc.. input = secretStr + sha.sha(A + secretStr + seedStr).digest() output = md5.md5(input).digest() for c in output: if index >= length: return bytes bytes[index] = ord(c) index += 1 return bytes def makeX(salt, username, password): if len(username)>=256: raise ValueError("username too long") if len(salt)>=256: raise ValueError("salt too long") return stringToNumber(sha.sha(salt + sha.sha(username + ":" + password)\ .digest()).digest()) #This function is used by VerifierDB.makeVerifier def makeVerifier(username, password, bits): bitsIndex = {1024:0, 1536:1, 2048:2, 3072:3, 4096:4, 6144:5, 8192:6}[bits] g,N = goodGroupParameters[bitsIndex] salt = bytesToString(getRandomBytes(16)) x = makeX(salt, username, password) verifier = powMod(g, x, N) return N, g, salt, verifier def PAD(n, x): nLength = len(numberToString(n)) s = numberToString(x) if len(s) < nLength: s = ("\0" * (nLength-len(s))) + s return s def makeU(N, A, B): return stringToNumber(sha.sha(PAD(N, A) + PAD(N, B)).digest()) def makeK(N, g): return stringToNumber(sha.sha(numberToString(N) + PAD(N, g)).digest()) """ MAC_SSL Modified from Python HMAC by Trevor """ class MAC_SSL: """MAC_SSL class. This supports the API for Cryptographic Hash Functions (PEP 247). """ def __init__(self, key, msg = None, digestmod = None): """Create a new MAC_SSL object. key: key for the keyed hash object. msg: Initial input for the hash, if provided. digestmod: A module supporting PEP 247. Defaults to the md5 module. """ if digestmod is None: import md5 digestmod = md5 if key == None: #TREVNEW - for faster copying return #TREVNEW self.digestmod = digestmod self.outer = digestmod.new() self.inner = digestmod.new() self.digest_size = digestmod.digest_size ipad = "\x36" * 40 opad = "\x5C" * 40 self.inner.update(key) self.inner.update(ipad) self.outer.update(key) self.outer.update(opad) if msg is not None: self.update(msg) def update(self, msg): """Update this hashing object with the string msg. """ self.inner.update(msg) def copy(self): """Return a separate copy of this hashing object. An update to this copy won't affect the original object. """ other = MAC_SSL(None) #TREVNEW - for faster copying other.digest_size = self.digest_size #TREVNEW other.digestmod = self.digestmod other.inner = self.inner.copy() other.outer = self.outer.copy() return other def digest(self): """Return the hash value of this hashing object. This returns a string containing 8-bit data. The object is not altered in any way by this function; you can continue updating the object after calling this function. """ h = self.outer.copy() h.update(self.inner.digest()) return h.digest() def hexdigest(self): """Like digest(), but returns a string of hexadecimal digits instead. """ return "".join([hex(ord(x))[2:].zfill(2) for x in tuple(self.digest())]) tlslite-0.3.8/tlslite/X509.py0000700000175000017500000001027710026720667014713 0ustar clintclint"""Class representing an X.509 certificate.""" from utils.ASN1Parser import ASN1Parser from utils.cryptomath import * from utils.keyfactory import _createPublicRSAKey class X509: """This class represents an X.509 certificate. @type bytes: L{array.array} of unsigned bytes @ivar bytes: The DER-encoded ASN.1 certificate @type publicKey: L{tlslite.utils.RSAKey.RSAKey} @ivar publicKey: The subject public key from the certificate. """ def __init__(self): self.bytes = createByteArraySequence([]) self.publicKey = None def parse(self, s): """Parse a PEM-encoded X.509 certificate. @type s: str @param s: A PEM-encoded X.509 certificate (i.e. a base64-encoded certificate wrapped with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" tags). """ start = s.find("-----BEGIN CERTIFICATE-----") end = s.find("-----END CERTIFICATE-----") if start == -1: raise SyntaxError("Missing PEM prefix") if end == -1: raise SyntaxError("Missing PEM postfix") s = s[start+len("-----BEGIN CERTIFICATE-----") : end] bytes = base64ToBytes(s) self.parseBinary(bytes) return self def parseBinary(self, bytes): """Parse a DER-encoded X.509 certificate. @type bytes: str or L{array.array} of unsigned bytes @param bytes: A DER-encoded X.509 certificate. """ if isinstance(bytes, type("")): bytes = stringToBytes(bytes) self.bytes = bytes p = ASN1Parser(bytes) #Get the tbsCertificate tbsCertificateP = p.getChild(0) #Is the optional version field present? #This determines which index the key is at. if tbsCertificateP.value[0]==0xA0: subjectPublicKeyInfoIndex = 6 else: subjectPublicKeyInfoIndex = 5 #Get the subjectPublicKeyInfo subjectPublicKeyInfoP = tbsCertificateP.getChild(\ subjectPublicKeyInfoIndex) #Get the algorithm algorithmP = subjectPublicKeyInfoP.getChild(0) rsaOID = algorithmP.value if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]: raise SyntaxError("Unrecognized AlgorithmIdentifier") #Get the subjectPublicKey subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1) #Adjust for BIT STRING encapsulation if (subjectPublicKeyP.value[0] !=0): raise SyntaxError() subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:]) #Get the modulus and exponent modulusP = subjectPublicKeyP.getChild(0) publicExponentP = subjectPublicKeyP.getChild(1) #Decode them into numbers n = bytesToNumber(modulusP.value) e = bytesToNumber(publicExponentP.value) #Create a public key instance self.publicKey = _createPublicRSAKey(n, e) def getFingerprint(self): """Get the hex-encoded fingerprint of this certificate. @rtype: str @return: A hex-encoded fingerprint. """ return sha.sha(self.bytes).hexdigest() def getCommonName(self): """Get the Subject's Common Name from the certificate. The cryptlib_py module must be installed in order to use this function. @rtype: str or None @return: The CN component of the certificate's subject DN, if present. """ import cryptlib_py import array c = cryptlib_py.cryptImportCert(self.bytes, cryptlib_py.CRYPT_UNUSED) name = cryptlib_py.CRYPT_CERTINFO_COMMONNAME try: try: length = cryptlib_py.cryptGetAttributeString(c, name, None) returnVal = array.array('B', [0] * length) cryptlib_py.cryptGetAttributeString(c, name, returnVal) returnVal = returnVal.tostring() except cryptlib_py.CryptException, e: if e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND: returnVal = None return returnVal finally: cryptlib_py.cryptDestroyCert(c) def writeBytes(self): return self.bytes tlslite-0.3.8/tlslite/Checker.py0000700000175000017500000001423510076624155015610 0ustar clintclint"""Class for post-handshake certificate checking.""" from utils.cryptomath import hashAndBase64 from X509 import X509 from X509CertChain import X509CertChain from errors import * class Checker: """This class is passed to a handshake function to check the other party's certificate chain. If a handshake function completes successfully, but the Checker judges the other party's certificate chain to be missing or inadequate, a subclass of L{tlslite.errors.TLSAuthenticationError} will be raised. Currently, the Checker can check either an X.509 or a cryptoID chain (for the latter, cryptoIDlib must be installed). """ def __init__(self, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, checkResumedSession=False): """Create a new Checker instance. You must pass in one of these argument combinations: - cryptoID[, protocol] (requires cryptoIDlib) - x509Fingerprint - x509TrustList[, x509CommonName] (requires cryptlib_py) @type cryptoID: str @param cryptoID: A cryptoID which the other party's certificate chain must match. The cryptoIDlib module must be installed. Mutually exclusive with all of the 'x509...' arguments. @type protocol: str @param protocol: A cryptoID protocol URI which the other party's certificate chain must match. Requires the 'cryptoID' argument. @type x509Fingerprint: str @param x509Fingerprint: A hex-encoded X.509 end-entity fingerprint which the other party's end-entity certificate must match. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments. @type x509TrustList: list of L{tlslite.X509.X509} @param x509TrustList: A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. @type x509CommonName: str @param x509CommonName: The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument. @type checkResumedSession: bool @param checkResumedSession: If resumed sessions should be checked. This defaults to False, on the theory that if the session was checked once, we don't need to bother re-checking it. """ if cryptoID and (x509Fingerprint or x509TrustList): raise ValueError() if x509Fingerprint and x509TrustList: raise ValueError() if x509CommonName and not x509TrustList: raise ValueError() if protocol and not cryptoID: raise ValueError() if cryptoID: import cryptoIDlib #So we raise an error here if x509TrustList: import cryptlib_py #So we raise an error here self.cryptoID = cryptoID self.protocol = protocol self.x509Fingerprint = x509Fingerprint self.x509TrustList = x509TrustList self.x509CommonName = x509CommonName self.checkResumedSession = checkResumedSession def __call__(self, connection): """Check a TLSConnection. When a Checker is passed to a handshake function, this will be called at the end of the function. @type connection: L{tlslite.TLSConnection.TLSConnection} @param connection: The TLSConnection to examine. @raise tlslite.errors.TLSAuthenticationError: If the other party's certificate chain is missing or bad. """ if not self.checkResumedSession and connection.resumed: return if self.cryptoID or self.x509Fingerprint or self.x509TrustList: if connection._client: chain = connection.session.serverCertChain else: chain = connection.session.clientCertChain if self.x509Fingerprint or self.x509TrustList: if isinstance(chain, X509CertChain): if self.x509Fingerprint: if chain.getFingerprint() != self.x509Fingerprint: raise TLSFingerprintError(\ "X.509 fingerprint mismatch: %s, %s" % \ (chain.getFingerprint(), self.x509Fingerprint)) else: #self.x509TrustList if not chain.validate(self.x509TrustList): raise TLSValidationError("X.509 validation failure") if self.x509CommonName and \ (chain.getCommonName() != self.x509CommonName): raise TLSAuthorizationError(\ "X.509 Common Name mismatch: %s, %s" % \ (chain.getCommonName(), self.x509CommonName)) elif chain: raise TLSAuthenticationTypeError() else: raise TLSNoAuthenticationError() elif self.cryptoID: import cryptoIDlib.CertChain if isinstance(chain, cryptoIDlib.CertChain.CertChain): if chain.cryptoID != self.cryptoID: raise TLSFingerprintError(\ "cryptoID mismatch: %s, %s" % \ (chain.cryptoID, self.cryptoID)) if self.protocol: if not chain.checkProtocol(self.protocol): raise TLSAuthorizationError(\ "cryptoID protocol mismatch") if not chain.validate(): raise TLSValidationError("cryptoID validation failure") elif chain: raise TLSAuthenticationTypeError() else: raise TLSNoAuthenticationError() tlslite-0.3.8/tlslite/SessionCache.py0000700000175000017500000000661610027154175016613 0ustar clintclint"""Class for caching TLS sessions.""" import thread import time class SessionCache: """This class is used by the server to cache TLS sessions. Caching sessions allows the client to use TLS session resumption and avoid the expense of a full handshake. To use this class, simply pass a SessionCache instance into the server handshake function. This class is thread-safe. """ #References to these instances #are also held by the caller, who may change the 'resumable' #flag, so the SessionCache must return the same instances #it was passed in. def __init__(self, maxEntries=10000, maxAge=14400): """Create a new SessionCache. @type maxEntries: int @param maxEntries: The maximum size of the cache. When this limit is reached, the oldest sessions will be deleted as necessary to make room for new ones. The default is 10000. @type maxAge: int @param maxAge: The number of seconds before a session expires from the cache. The default is 14400 (i.e. 4 hours).""" self.lock = thread.allocate_lock() # Maps sessionIDs to sessions self.entriesDict = {} #Circular list of (sessionID, timestamp) pairs self.entriesList = [(None,None)] * maxEntries self.firstIndex = 0 self.lastIndex = 0 self.maxAge = maxAge def __getitem__(self, sessionID): self.lock.acquire() try: self._purge() #Delete old items, so we're assured of a new one session = self.entriesDict[sessionID] #When we add sessions they're resumable, but it's possible #for the session to be invalidated later on (if a fatal alert #is returned), so we have to check for resumability before #returning the session. if session.valid(): return session else: raise KeyError() finally: self.lock.release() def __setitem__(self, sessionID, session): self.lock.acquire() try: #Add the new element self.entriesDict[sessionID] = session self.entriesList[self.lastIndex] = (sessionID, time.time()) self.lastIndex = (self.lastIndex+1) % len(self.entriesList) #If the cache is full, we delete the oldest element to make an #empty space if self.lastIndex == self.firstIndex: del(self.entriesDict[self.entriesList[self.firstIndex][0]]) self.firstIndex = (self.firstIndex+1) % len(self.entriesList) finally: self.lock.release() #Delete expired items def _purge(self): currentTime = time.time() #Search through the circular list, deleting expired elements until #we reach a non-expired element. Since elements in list are #ordered in time, we can break once we reach the first non-expired #element index = self.firstIndex while index != self.lastIndex: if currentTime - self.entriesList[index][1] > self.maxAge: del(self.entriesDict[self.entriesList[index][0]]) index = (index+1) % len(self.entriesList) else: break self.firstIndex = index def _test(): import doctest, SessionCache return doctest.testmod(SessionCache) if __name__ == "__main__": _test() tlslite-0.3.8/tlslite/__init__.py0000700000175000017500000000215110206510660015763 0ustar clintclint""" TLS Lite is a free python library that implements SSL v3, TLS v1, and TLS v1.1. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, SocketServer, asyncore, and Twisted. To use, do:: from tlslite.api import * Then use the L{tlslite.TLSConnection.TLSConnection} class with a socket, or use one of the integration classes in L{tlslite.integration}. @version: 0.3.8 """ __version__ = "0.3.8" __all__ = ["api", "BaseDB", "Checker", "constants", "errors", "FileObject", "HandshakeSettings", "mathtls", "messages", "Session", "SessionCache", "SharedKeyDB", "TLSConnection", "TLSRecordLayer", "VerifierDB", "X509", "X509CertChain", "integration", "utils"] tlslite-0.3.8/tlslite/SharedKeyDB.py0000700000175000017500000000357210130676061016325 0ustar clintclint"""Class for storing shared keys.""" from utils.cryptomath import * from utils.compat import * from mathtls import * from Session import Session from BaseDB import BaseDB class SharedKeyDB(BaseDB): """This class represent an in-memory or on-disk database of shared keys. A SharedKeyDB can be passed to a server handshake function to authenticate a client based on one of the shared keys. This class is thread-safe. """ def __init__(self, filename=None): """Create a new SharedKeyDB. @type filename: str @param filename: Filename for an on-disk database, or None for an in-memory database. If the filename already exists, follow this with a call to open(). To create a new on-disk database, follow this with a call to create(). """ BaseDB.__init__(self, filename, "shared key") def _getItem(self, username, valueStr): session = Session() session._createSharedKey(username, valueStr) return session def __setitem__(self, username, sharedKey): """Add a shared key to the database. @type username: str @param username: The username to associate the shared key with. Must be less than or equal to 16 characters in length, and must not already be in the database. @type sharedKey: str @param sharedKey: The shared key to add. Must be less than 48 characters in length. """ BaseDB.__setitem__(self, username, sharedKey) def _setItem(self, username, value): if len(username)>16: raise ValueError("username too long") if len(value)>=48: raise ValueError("shared key too long") return value def _checkItem(self, value, username, param): newSession = self._getItem(username, param) return value.masterSecret == newSession.masterSecrettlslite-0.3.8/tlslite/X509CertChain.py0000700000175000017500000001531510026721506016463 0ustar clintclint"""Class representing an X.509 certificate chain.""" from utils import cryptomath class X509CertChain: """This class represents a chain of X.509 certificates. @type x509List: list @ivar x509List: A list of L{tlslite.X509.X509} instances, starting with the end-entity certificate and with every subsequent certificate certifying the previous. """ def __init__(self, x509List=None): """Create a new X509CertChain. @type x509List: list @param x509List: A list of L{tlslite.X509.X509} instances, starting with the end-entity certificate and with every subsequent certificate certifying the previous. """ if x509List: self.x509List = x509List else: self.x509List = [] def getNumCerts(self): """Get the number of certificates in this chain. @rtype: int """ return len(self.x509List) def getEndEntityPublicKey(self): """Get the public key from the end-entity certificate. @rtype: L{tlslite.utils.RSAKey.RSAKey} """ if self.getNumCerts() == 0: raise AssertionError() return self.x509List[0].publicKey def getFingerprint(self): """Get the hex-encoded fingerprint of the end-entity certificate. @rtype: str @return: A hex-encoded fingerprint. """ if self.getNumCerts() == 0: raise AssertionError() return self.x509List[0].getFingerprint() def getCommonName(self): """Get the Subject's Common Name from the end-entity certificate. The cryptlib_py module must be installed in order to use this function. @rtype: str or None @return: The CN component of the certificate's subject DN, if present. """ if self.getNumCerts() == 0: raise AssertionError() return self.x509List[0].getCommonName() def validate(self, x509TrustList): """Check the validity of the certificate chain. This checks that every certificate in the chain validates with the subsequent one, until some certificate validates with (or is identical to) one of the passed-in root certificates. The cryptlib_py module must be installed in order to use this function. @type x509TrustList: list of L{tlslite.X509.X509} @param x509TrustList: A list of trusted root certificates. The certificate chain must extend to one of these certificates to be considered valid. """ import cryptlib_py c1 = None c2 = None lastC = None rootC = None try: rootFingerprints = [c.getFingerprint() for c in x509TrustList] #Check that every certificate in the chain validates with the #next one for cert1, cert2 in zip(self.x509List, self.x509List[1:]): #If we come upon a root certificate, we're done. if cert1.getFingerprint() in rootFingerprints: return True c1 = cryptlib_py.cryptImportCert(cert1.writeBytes(), cryptlib_py.CRYPT_UNUSED) c2 = cryptlib_py.cryptImportCert(cert2.writeBytes(), cryptlib_py.CRYPT_UNUSED) try: cryptlib_py.cryptCheckCert(c1, c2) except: return False cryptlib_py.cryptDestroyCert(c1) c1 = None cryptlib_py.cryptDestroyCert(c2) c2 = None #If the last certificate is one of the root certificates, we're #done. if self.x509List[-1].getFingerprint() in rootFingerprints: return True #Otherwise, find a root certificate that the last certificate #chains to, and validate them. lastC = cryptlib_py.cryptImportCert(self.x509List[-1].writeBytes(), cryptlib_py.CRYPT_UNUSED) for rootCert in x509TrustList: rootC = cryptlib_py.cryptImportCert(rootCert.writeBytes(), cryptlib_py.CRYPT_UNUSED) if self._checkChaining(lastC, rootC): try: cryptlib_py.cryptCheckCert(lastC, rootC) return True except: return False return False finally: if not (c1 is None): cryptlib_py.cryptDestroyCert(c1) if not (c2 is None): cryptlib_py.cryptDestroyCert(c2) if not (lastC is None): cryptlib_py.cryptDestroyCert(lastC) if not (rootC is None): cryptlib_py.cryptDestroyCert(rootC) def _checkChaining(self, lastC, rootC): import cryptlib_py import array def compareNames(name): try: length = cryptlib_py.cryptGetAttributeString(lastC, name, None) lastName = array.array('B', [0] * length) cryptlib_py.cryptGetAttributeString(lastC, name, lastName) lastName = lastName.tostring() except cryptlib_py.CryptException, e: if e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND: lastName = None try: length = cryptlib_py.cryptGetAttributeString(rootC, name, None) rootName = array.array('B', [0] * length) cryptlib_py.cryptGetAttributeString(rootC, name, rootName) rootName = rootName.tostring() except cryptlib_py.CryptException, e: if e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND: rootName = None return lastName == rootName cryptlib_py.cryptSetAttribute(lastC, cryptlib_py.CRYPT_CERTINFO_ISSUERNAME, cryptlib_py.CRYPT_UNUSED) if not compareNames(cryptlib_py.CRYPT_CERTINFO_COUNTRYNAME): return False if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): return False if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): return False if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): return False if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): return False return Truetlslite-0.3.8/tlslite/FileObject.py0000700000175000017500000001522710025502224016236 0ustar clintclint"""Class returned by TLSConnection.makefile().""" class FileObject: """This class provides a file object interface to a L{tlslite.TLSConnection.TLSConnection}. Call makefile() on a TLSConnection to create a FileObject instance. This class was copied, with minor modifications, from the _fileobject class in socket.py. Note that fileno() is not implemented.""" default_bufsize = 16384 #TREV: changed from 8192 def __init__(self, sock, mode='rb', bufsize=-1): self._sock = sock self.mode = mode # Not actually used in this version if bufsize < 0: bufsize = self.default_bufsize self.bufsize = bufsize self.softspace = False if bufsize == 0: self._rbufsize = 1 elif bufsize == 1: self._rbufsize = self.default_bufsize else: self._rbufsize = bufsize self._wbufsize = bufsize self._rbuf = "" # A string self._wbuf = [] # A list of strings def _getclosed(self): return self._sock is not None closed = property(_getclosed, doc="True if the file is closed") def close(self): try: if self._sock: for result in self._sock._decrefAsync(): #TREV pass finally: self._sock = None def __del__(self): try: self.close() except: # close() may fail if __init__ didn't complete pass def flush(self): if self._wbuf: buffer = "".join(self._wbuf) self._wbuf = [] self._sock.sendall(buffer) #def fileno(self): # raise NotImplementedError() #TREV def write(self, data): data = str(data) # XXX Should really reject non-string non-buffers if not data: return self._wbuf.append(data) if (self._wbufsize == 0 or self._wbufsize == 1 and '\n' in data or self._get_wbuf_len() >= self._wbufsize): self.flush() def writelines(self, list): # XXX We could do better here for very long lists # XXX Should really reject non-string non-buffers self._wbuf.extend(filter(None, map(str, list))) if (self._wbufsize <= 1 or self._get_wbuf_len() >= self._wbufsize): self.flush() def _get_wbuf_len(self): buf_len = 0 for x in self._wbuf: buf_len += len(x) return buf_len def read(self, size=-1): data = self._rbuf if size < 0: # Read until EOF buffers = [] if data: buffers.append(data) self._rbuf = "" if self._rbufsize <= 1: recv_size = self.default_bufsize else: recv_size = self._rbufsize while True: data = self._sock.recv(recv_size) if not data: break buffers.append(data) return "".join(buffers) else: # Read until size bytes or EOF seen, whichever comes first buf_len = len(data) if buf_len >= size: self._rbuf = data[size:] return data[:size] buffers = [] if data: buffers.append(data) self._rbuf = "" while True: left = size - buf_len recv_size = max(self._rbufsize, left) data = self._sock.recv(recv_size) if not data: break buffers.append(data) n = len(data) if n >= left: self._rbuf = data[left:] buffers[-1] = data[:left] break buf_len += n return "".join(buffers) def readline(self, size=-1): data = self._rbuf if size < 0: # Read until \n or EOF, whichever comes first if self._rbufsize <= 1: # Speed up unbuffered case assert data == "" buffers = [] recv = self._sock.recv while data != "\n": data = recv(1) if not data: break buffers.append(data) return "".join(buffers) nl = data.find('\n') if nl >= 0: nl += 1 self._rbuf = data[nl:] return data[:nl] buffers = [] if data: buffers.append(data) self._rbuf = "" while True: data = self._sock.recv(self._rbufsize) if not data: break buffers.append(data) nl = data.find('\n') if nl >= 0: nl += 1 self._rbuf = data[nl:] buffers[-1] = data[:nl] break return "".join(buffers) else: # Read until size bytes or \n or EOF seen, whichever comes first nl = data.find('\n', 0, size) if nl >= 0: nl += 1 self._rbuf = data[nl:] return data[:nl] buf_len = len(data) if buf_len >= size: self._rbuf = data[size:] return data[:size] buffers = [] if data: buffers.append(data) self._rbuf = "" while True: data = self._sock.recv(self._rbufsize) if not data: break buffers.append(data) left = size - buf_len nl = data.find('\n', 0, left) if nl >= 0: nl += 1 self._rbuf = data[nl:] buffers[-1] = data[:nl] break n = len(data) if n >= left: self._rbuf = data[left:] buffers[-1] = data[:left] break buf_len += n return "".join(buffers) def readlines(self, sizehint=0): total = 0 list = [] while True: line = self.readline() if not line: break list.append(line) total += len(line) if sizehint and total >= sizehint: break return list # Iterator protocols def __iter__(self): return self def next(self): line = self.readline() if not line: raise StopIteration return line tlslite-0.3.8/tlslite/api.py0000700000175000017500000000562510206517761015017 0ustar clintclint"""Import this module for easy access to TLS Lite objects. The TLS Lite API consists of classes, functions, and variables spread throughout this package. Instead of importing them individually with:: from tlslite.TLSConnection import TLSConnection from tlslite.HandshakeSettings import HandshakeSettings from tlslite.errors import * . . It's easier to do:: from tlslite.api import * This imports all the important objects (TLSConnection, Checker, HandshakeSettings, etc.) into the global namespace. In particular, it imports:: from constants import AlertLevel, AlertDescription, Fault from errors import * from Checker import Checker from HandshakeSettings import HandshakeSettings from Session import Session from SessionCache import SessionCache from SharedKeyDB import SharedKeyDB from TLSConnection import TLSConnection from VerifierDB import VerifierDB from X509 import X509 from X509CertChain import X509CertChain from integration.HTTPTLSConnection import HTTPTLSConnection from integration.POP3_TLS import POP3_TLS from integration.IMAP4_TLS import IMAP4_TLS from integration.SMTP_TLS import SMTP_TLS from integration.XMLRPCTransport import XMLRPCTransport from integration.TLSSocketServerMixIn import TLSSocketServerMixIn from integration.TLSAsyncDispatcherMixIn import TLSAsyncDispatcherMixIn from integration.TLSTwistedProtocolWrapper import TLSTwistedProtocolWrapper from utils.cryptomath import cryptlibpyLoaded, m2cryptoLoaded, gmpyLoaded, pycryptoLoaded, prngName from utils.keyfactory import generateRSAKey, parsePEMKey, parseXMLKey, parseAsPublicKey, parsePrivateKey """ from constants import AlertLevel, AlertDescription, Fault from errors import * from Checker import Checker from HandshakeSettings import HandshakeSettings from Session import Session from SessionCache import SessionCache from SharedKeyDB import SharedKeyDB from TLSConnection import TLSConnection from VerifierDB import VerifierDB from X509 import X509 from X509CertChain import X509CertChain from integration.HTTPTLSConnection import HTTPTLSConnection from integration.TLSSocketServerMixIn import TLSSocketServerMixIn from integration.TLSAsyncDispatcherMixIn import TLSAsyncDispatcherMixIn from integration.POP3_TLS import POP3_TLS from integration.IMAP4_TLS import IMAP4_TLS from integration.SMTP_TLS import SMTP_TLS from integration.XMLRPCTransport import XMLRPCTransport try: import twisted del(twisted) from integration.TLSTwistedProtocolWrapper import TLSTwistedProtocolWrapper except ImportError: pass from utils.cryptomath import cryptlibpyLoaded, m2cryptoLoaded, gmpyLoaded, \ pycryptoLoaded, prngName from utils.keyfactory import generateRSAKey, parsePEMKey, parseXMLKey, \ parseAsPublicKey, parsePrivateKey tlslite-0.3.8/tlslite/integration/0000700000175000017500000000000010206516252016176 5ustar clintclinttlslite-0.3.8/tlslite/integration/POP3_TLS.py0000700000175000017500000001251510206511711020015 0ustar clintclint"""TLS Lite + poplib.""" import socket from poplib import POP3 from tlslite.TLSConnection import TLSConnection from tlslite.integration.ClientHelper import ClientHelper # POP TLS PORT POP3_TLS_PORT = 995 class POP3_TLS(POP3, ClientHelper): """This class extends L{poplib.POP3} with TLS support.""" def __init__(self, host, port = POP3_TLS_PORT, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None): """Create a new POP3_TLS. For client authentication, use one of these argument combinations: - username, password (SRP) - username, sharedKey (shared-key) - certChain, privateKey (certificate) For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations: - cryptoID[, protocol] (requires cryptoIDlib) - x509Fingerprint - x509TrustList[, x509CommonName] (requires cryptlib_py) Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys. The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in L{tlslite.TLSConnection.TLSConnection} for details on which exceptions might be raised. @type host: str @param host: Server to connect to. @type port: int @param port: Port to connect to. @type username: str @param username: SRP or shared-key username. Requires the 'password' or 'sharedKey' argument. @type password: str @param password: SRP password for mutual authentication. Requires the 'username' argument. @type sharedKey: str @param sharedKey: Shared key for mutual authentication. Requires the 'username' argument. @type certChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @param certChain: Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments. @type privateKey: L{tlslite.utils.RSAKey.RSAKey} @param privateKey: Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments. @type cryptoID: str @param cryptoID: cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments. @type protocol: str @param protocol: cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument. @type x509Fingerprint: str @param x509Fingerprint: Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments. @type x509TrustList: list of L{tlslite.X509.X509} @param x509TrustList: A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. @type x509CommonName: str @param x509CommonName: The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. """ self.host = host self.port = port msg = "getaddrinfo returns an empty list" self.sock = None for res in socket.getaddrinfo(self.host, self.port, 0, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res try: self.sock = socket.socket(af, socktype, proto) self.sock.connect(sa) except socket.error, msg: if self.sock: self.sock.close() self.sock = None continue break if not self.sock: raise socket.error, msg ### New code below (all else copied from poplib) ClientHelper.__init__(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings) self.sock = TLSConnection(self.sock) self.sock.closeSocket = True ClientHelper._handshake(self, self.sock) ### self.file = self.sock.makefile('rb') self._debugging = 0 self.welcome = self._getresp()tlslite-0.3.8/tlslite/integration/XMLRPCTransport.py0000700000175000017500000001324710204011347021475 0ustar clintclint"""TLS Lite + xmlrpclib.""" import xmlrpclib import httplib from tlslite.integration.HTTPTLSConnection import HTTPTLSConnection from tlslite.integration.ClientHelper import ClientHelper class XMLRPCTransport(xmlrpclib.Transport, ClientHelper): """Handles an HTTPS transaction to an XML-RPC server.""" def __init__(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None): """Create a new XMLRPCTransport. An instance of this class can be passed to L{xmlrpclib.ServerProxy} to use TLS with XML-RPC calls:: from tlslite.api import XMLRPCTransport from xmlrpclib import ServerProxy transport = XMLRPCTransport(user="alice", password="abra123") server = ServerProxy("https://localhost", transport) For client authentication, use one of these argument combinations: - username, password (SRP) - username, sharedKey (shared-key) - certChain, privateKey (certificate) For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations: - cryptoID[, protocol] (requires cryptoIDlib) - x509Fingerprint - x509TrustList[, x509CommonName] (requires cryptlib_py) Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys. The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Thus you should be prepared to handle TLS-specific exceptions when calling methods of L{xmlrpclib.ServerProxy}. See the client handshake functions in L{tlslite.TLSConnection.TLSConnection} for details on which exceptions might be raised. @type username: str @param username: SRP or shared-key username. Requires the 'password' or 'sharedKey' argument. @type password: str @param password: SRP password for mutual authentication. Requires the 'username' argument. @type sharedKey: str @param sharedKey: Shared key for mutual authentication. Requires the 'username' argument. @type certChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @param certChain: Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments. @type privateKey: L{tlslite.utils.RSAKey.RSAKey} @param privateKey: Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments. @type cryptoID: str @param cryptoID: cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments. @type protocol: str @param protocol: cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument. @type x509Fingerprint: str @param x509Fingerprint: Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments. @type x509TrustList: list of L{tlslite.X509.X509} @param x509TrustList: A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. @type x509CommonName: str @param x509CommonName: The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. """ ClientHelper.__init__(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings) def make_connection(self, host): # create a HTTPS connection object from a host descriptor host, extra_headers, x509 = self.get_host_info(host) http = HTTPTLSConnection(host, None, self.username, self.password, self.sharedKey, self.certChain, self.privateKey, self.checker.cryptoID, self.checker.protocol, self.checker.x509Fingerprint, self.checker.x509TrustList, self.checker.x509CommonName, self.settings) http2 = httplib.HTTP() http2._setup(http) return http2tlslite-0.3.8/tlslite/integration/TLSSocketServerMixIn.py0000700000175000017500000000422410026001322022507 0ustar clintclint"""TLS Lite + SocketServer.""" from tlslite.TLSConnection import TLSConnection class TLSSocketServerMixIn: """ This class can be mixed in with any L{SocketServer.TCPServer} to add TLS support. To use this class, define a new class that inherits from it and some L{SocketServer.TCPServer} (with the mix-in first). Then implement the handshake() method, doing some sort of server handshake on the connection argument. If the handshake method returns True, the RequestHandler will be triggered. Below is a complete example of a threaded HTTPS server:: from SocketServer import * from BaseHTTPServer import * from SimpleHTTPServer import * from tlslite.api import * s = open("./serverX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./serverX509Key.pem").read() privateKey = parsePEMKey(s, private=True) sessionCache = SessionCache() class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn, HTTPServer): def handshake(self, tlsConnection): try: tlsConnection.handshakeServer(certChain=certChain, privateKey=privateKey, sessionCache=sessionCache) tlsConnection.ignoreAbruptClose = True return True except TLSError, error: print "Handshake failure:", str(error) return False httpd = MyHTTPServer(('localhost', 443), SimpleHTTPRequestHandler) httpd.serve_forever() """ def finish_request(self, sock, client_address): tlsConnection = TLSConnection(sock) if self.handshake(tlsConnection) == True: self.RequestHandlerClass(tlsConnection, client_address, self) tlsConnection.close() #Implement this method to do some form of handshaking. Return True #if the handshake finishes properly and the request is authorized. def handshake(self, tlsConnection): raise NotImplementedError()tlslite-0.3.8/tlslite/integration/__init__.py0000700000175000017500000000071210206512760020312 0ustar clintclint"""Classes for integrating TLS Lite with other packages.""" __all__ = ["AsyncStateMachine", "HTTPTLSConnection", "POP3_TLS", "IMAP4_TLS", "SMTP_TLS", "XMLRPCTransport", "TLSSocketServerMixIn", "TLSAsyncDispatcherMixIn", "TLSTwistedProtocolWrapper"] try: import twisted del twisted except ImportError: del __all__[__all__.index("TLSTwistedProtocolWrapper")] tlslite-0.3.8/tlslite/integration/ClientHelper.py0000700000175000017500000001554510206512126021137 0ustar clintclint""" A helper class for using TLS Lite with stdlib clients (httplib, xmlrpclib, imaplib, poplib). """ from tlslite.Checker import Checker class ClientHelper: """This is a helper class used to integrate TLS Lite with various TLS clients (e.g. poplib, smtplib, httplib, etc.)""" def __init__(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings = None): """ For client authentication, use one of these argument combinations: - username, password (SRP) - username, sharedKey (shared-key) - certChain, privateKey (certificate) For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations: - cryptoID[, protocol] (requires cryptoIDlib) - x509Fingerprint - x509TrustList[, x509CommonName] (requires cryptlib_py) Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys. The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Then you should be prepared to handle TLS-specific exceptions. See the client handshake functions in L{tlslite.TLSConnection.TLSConnection} for details on which exceptions might be raised. @type username: str @param username: SRP or shared-key username. Requires the 'password' or 'sharedKey' argument. @type password: str @param password: SRP password for mutual authentication. Requires the 'username' argument. @type sharedKey: str @param sharedKey: Shared key for mutual authentication. Requires the 'username' argument. @type certChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @param certChain: Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments. @type privateKey: L{tlslite.utils.RSAKey.RSAKey} @param privateKey: Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments. @type cryptoID: str @param cryptoID: cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments. @type protocol: str @param protocol: cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument. @type x509Fingerprint: str @param x509Fingerprint: Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments. @type x509TrustList: list of L{tlslite.X509.X509} @param x509TrustList: A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. @type x509CommonName: str @param x509CommonName: The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. """ self.username = None self.password = None self.sharedKey = None self.certChain = None self.privateKey = None self.checker = None #SRP Authentication if username and password and not \ (sharedKey or certChain or privateKey): self.username = username self.password = password #Shared Key Authentication elif username and sharedKey and not \ (password or certChain or privateKey): self.username = username self.sharedKey = sharedKey #Certificate Chain Authentication elif certChain and privateKey and not \ (username or password or sharedKey): self.certChain = certChain self.privateKey = privateKey #No Authentication elif not password and not username and not \ sharedKey and not certChain and not privateKey: pass else: raise ValueError("Bad parameters") #Authenticate the server based on its cryptoID or fingerprint if sharedKey and (cryptoID or protocol or x509Fingerprint): raise ValueError("Can't use shared keys with other forms of"\ "authentication") self.checker = Checker(cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName) self.settings = settings self.tlsSession = None def _handshake(self, tlsConnection): if self.username and self.password: tlsConnection.handshakeClientSRP(username=self.username, password=self.password, checker=self.checker, settings=self.settings, session=self.tlsSession) elif self.username and self.sharedKey: tlsConnection.handshakeClientSharedKey(username=self.username, sharedKey=self.sharedKey, settings=self.settings) else: tlsConnection.handshakeClientCert(certChain=self.certChain, privateKey=self.privateKey, checker=self.checker, settings=self.settings, session=self.tlsSession) self.tlsSession = tlsConnection.sessiontlslite-0.3.8/tlslite/integration/IntegrationHelper.py0000700000175000017500000000345710204000134022170 0ustar clintclint class IntegrationHelper: def __init__(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings = None): self.username = None self.password = None self.sharedKey = None self.certChain = None self.privateKey = None self.checker = None #SRP Authentication if username and password and not \ (sharedKey or certChain or privateKey): self.username = username self.password = password #Shared Key Authentication elif username and sharedKey and not \ (password or certChain or privateKey): self.username = username self.sharedKey = sharedKey #Certificate Chain Authentication elif certChain and privateKey and not \ (username or password or sharedKey): self.certChain = certChain self.privateKey = privateKey #No Authentication elif not password and not username and not \ sharedKey and not certChain and not privateKey: pass else: raise ValueError("Bad parameters") #Authenticate the server based on its cryptoID or fingerprint if sharedKey and (cryptoID or protocol or x509Fingerprint): raise ValueError("Can't use shared keys with other forms of"\ "authentication") self.checker = Checker(cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName) self.settings = settingstlslite-0.3.8/tlslite/integration/SMTP_TLS.py0000700000175000017500000001116610206511721020061 0ustar clintclint"""TLS Lite + smtplib.""" from smtplib import SMTP from tlslite.TLSConnection import TLSConnection from tlslite.integration.ClientHelper import ClientHelper class SMTP_TLS(SMTP): """This class extends L{smtplib.SMTP} with TLS support.""" def starttls(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None): """Puts the connection to the SMTP server into TLS mode. If the server supports TLS, this will encrypt the rest of the SMTP session. For client authentication, use one of these argument combinations: - username, password (SRP) - username, sharedKey (shared-key) - certChain, privateKey (certificate) For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations: - cryptoID[, protocol] (requires cryptoIDlib) - x509Fingerprint - x509TrustList[, x509CommonName] (requires cryptlib_py) Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys. The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in L{tlslite.TLSConnection.TLSConnection} for details on which exceptions might be raised. @type username: str @param username: SRP or shared-key username. Requires the 'password' or 'sharedKey' argument. @type password: str @param password: SRP password for mutual authentication. Requires the 'username' argument. @type sharedKey: str @param sharedKey: Shared key for mutual authentication. Requires the 'username' argument. @type certChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @param certChain: Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments. @type privateKey: L{tlslite.utils.RSAKey.RSAKey} @param privateKey: Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments. @type cryptoID: str @param cryptoID: cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments. @type protocol: str @param protocol: cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument. @type x509Fingerprint: str @param x509Fingerprint: Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments. @type x509TrustList: list of L{tlslite.X509.X509} @param x509TrustList: A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. @type x509CommonName: str @param x509CommonName: The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. """ (resp, reply) = self.docmd("STARTTLS") if resp == 220: helper = ClientHelper( username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings) conn = TLSConnection(self.sock) conn.closeSocket = True helper._handshake(conn) self.sock = conn self.file = conn.makefile('rb') return (resp, reply)tlslite-0.3.8/tlslite/integration/IMAP4_TLS.py0000700000175000017500000001201410206511714020103 0ustar clintclint"""TLS Lite + imaplib.""" import socket from imaplib import IMAP4 from tlslite.TLSConnection import TLSConnection from tlslite.integration.ClientHelper import ClientHelper # IMAP TLS PORT IMAP4_TLS_PORT = 993 class IMAP4_TLS(IMAP4, ClientHelper): """This class extends L{imaplib.IMAP4} with TLS support.""" def __init__(self, host = '', port = IMAP4_TLS_PORT, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None): """Create a new IMAP4_TLS. For client authentication, use one of these argument combinations: - username, password (SRP) - username, sharedKey (shared-key) - certChain, privateKey (certificate) For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations: - cryptoID[, protocol] (requires cryptoIDlib) - x509Fingerprint - x509TrustList[, x509CommonName] (requires cryptlib_py) Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys. The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in L{tlslite.TLSConnection.TLSConnection} for details on which exceptions might be raised. @type host: str @param host: Server to connect to. @type port: int @param port: Port to connect to. @type username: str @param username: SRP or shared-key username. Requires the 'password' or 'sharedKey' argument. @type password: str @param password: SRP password for mutual authentication. Requires the 'username' argument. @type sharedKey: str @param sharedKey: Shared key for mutual authentication. Requires the 'username' argument. @type certChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @param certChain: Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments. @type privateKey: L{tlslite.utils.RSAKey.RSAKey} @param privateKey: Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments. @type cryptoID: str @param cryptoID: cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments. @type protocol: str @param protocol: cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument. @type x509Fingerprint: str @param x509Fingerprint: Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments. @type x509TrustList: list of L{tlslite.X509.X509} @param x509TrustList: A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. @type x509CommonName: str @param x509CommonName: The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. """ ClientHelper.__init__(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings) IMAP4.__init__(self, host, port) def open(self, host = '', port = IMAP4_TLS_PORT): """Setup connection to remote server on "host:port". This connection will be used by the routines: read, readline, send, shutdown. """ self.host = host self.port = port self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.sock.connect((host, port)) self.sock = TLSConnection(self.sock) self.sock.closeSocket = True ClientHelper._handshake(self, self.sock) self.file = self.sock.makefile('rb')tlslite-0.3.8/tlslite/integration/TLSTwistedProtocolWrapper.py0000700000175000017500000001555310041647702023657 0ustar clintclint"""TLS Lite + Twisted.""" from twisted.protocols.policies import ProtocolWrapper, WrappingFactory from twisted.python.failure import Failure from AsyncStateMachine import AsyncStateMachine from tlslite.TLSConnection import TLSConnection from tlslite.errors import * import socket import errno #The TLSConnection is created around a "fake socket" that #plugs it into the underlying Twisted transport class _FakeSocket: def __init__(self, wrapper): self.wrapper = wrapper self.data = "" def send(self, data): ProtocolWrapper.write(self.wrapper, data) return len(data) def recv(self, numBytes): if self.data == "": raise socket.error, (errno.EWOULDBLOCK, "") returnData = self.data[:numBytes] self.data = self.data[numBytes:] return returnData class TLSTwistedProtocolWrapper(ProtocolWrapper, AsyncStateMachine): """This class can wrap Twisted protocols to add TLS support. Below is a complete example of using TLS Lite with a Twisted echo server. There are two server implementations below. Echo is the original protocol, which is oblivious to TLS. Echo1 subclasses Echo and negotiates TLS when the client connects. Echo2 subclasses Echo and negotiates TLS when the client sends "STARTTLS":: from twisted.internet.protocol import Protocol, Factory from twisted.internet import reactor from twisted.protocols.policies import WrappingFactory from twisted.protocols.basic import LineReceiver from twisted.python import log from twisted.python.failure import Failure import sys from tlslite.api import * s = open("./serverX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./serverX509Key.pem").read() privateKey = parsePEMKey(s, private=True) verifierDB = VerifierDB("verifierDB") verifierDB.open() class Echo(LineReceiver): def connectionMade(self): self.transport.write("Welcome to the echo server!\\r\\n") def lineReceived(self, line): self.transport.write(line + "\\r\\n") class Echo1(Echo): def connectionMade(self): if not self.transport.tlsStarted: self.transport.setServerHandshakeOp(certChain=certChain, privateKey=privateKey, verifierDB=verifierDB) else: Echo.connectionMade(self) def connectionLost(self, reason): pass #Handle any TLS exceptions here class Echo2(Echo): def lineReceived(self, data): if data == "STARTTLS": self.transport.setServerHandshakeOp(certChain=certChain, privateKey=privateKey, verifierDB=verifierDB) else: Echo.lineReceived(self, data) def connectionLost(self, reason): pass #Handle any TLS exceptions here factory = Factory() factory.protocol = Echo1 #factory.protocol = Echo2 wrappingFactory = WrappingFactory(factory) wrappingFactory.protocol = TLSTwistedProtocolWrapper log.startLogging(sys.stdout) reactor.listenTCP(1079, wrappingFactory) reactor.run() This class works as follows: Data comes in and is given to the AsyncStateMachine for handling. AsyncStateMachine will forward events to this class, and we'll pass them on to the ProtocolHandler, which will proxy them to the wrapped protocol. The wrapped protocol may then call back into this class, and these calls will be proxied into the AsyncStateMachine. The call graph looks like this: - self.dataReceived - AsyncStateMachine.inReadEvent - self.out(Connect|Close|Read)Event - ProtocolWrapper.(connectionMade|loseConnection|dataReceived) - self.(loseConnection|write|writeSequence) - AsyncStateMachine.(setCloseOp|setWriteOp) """ #WARNING: IF YOU COPY-AND-PASTE THE ABOVE CODE, BE SURE TO REMOVE #THE EXTRA ESCAPING AROUND "\\r\\n" def __init__(self, factory, wrappedProtocol): ProtocolWrapper.__init__(self, factory, wrappedProtocol) AsyncStateMachine.__init__(self) self.fakeSocket = _FakeSocket(self) self.tlsConnection = TLSConnection(self.fakeSocket) self.tlsStarted = False self.connectionLostCalled = False def connectionMade(self): try: ProtocolWrapper.connectionMade(self) except TLSError, e: self.connectionLost(Failure(e)) ProtocolWrapper.loseConnection(self) def dataReceived(self, data): try: if not self.tlsStarted: ProtocolWrapper.dataReceived(self, data) else: self.fakeSocket.data += data while self.fakeSocket.data: AsyncStateMachine.inReadEvent(self) except TLSError, e: self.connectionLost(Failure(e)) ProtocolWrapper.loseConnection(self) def connectionLost(self, reason): if not self.connectionLostCalled: ProtocolWrapper.connectionLost(self, reason) self.connectionLostCalled = True def outConnectEvent(self): ProtocolWrapper.connectionMade(self) def outCloseEvent(self): ProtocolWrapper.loseConnection(self) def outReadEvent(self, data): if data == "": ProtocolWrapper.loseConnection(self) else: ProtocolWrapper.dataReceived(self, data) def setServerHandshakeOp(self, **args): self.tlsStarted = True AsyncStateMachine.setServerHandshakeOp(self, **args) def loseConnection(self): if not self.tlsStarted: ProtocolWrapper.loseConnection(self) else: AsyncStateMachine.setCloseOp(self) def write(self, data): if not self.tlsStarted: ProtocolWrapper.write(self, data) else: #Because of the FakeSocket, write operations are guaranteed to #terminate immediately. AsyncStateMachine.setWriteOp(self, data) def writeSequence(self, seq): if not self.tlsStarted: ProtocolWrapper.writeSequence(self, seq) else: #Because of the FakeSocket, write operations are guaranteed to #terminate immediately. AsyncStateMachine.setWriteOp(self, "".join(seq))tlslite-0.3.8/tlslite/integration/AsyncStateMachine.py0000700000175000017500000001603610041606141022116 0ustar clintclint""" A state machine for using TLS Lite with asynchronous I/O. """ class AsyncStateMachine: """ This is an abstract class that's used to integrate TLS Lite with asyncore and Twisted. This class signals wantsReadsEvent() and wantsWriteEvent(). When the underlying socket has become readable or writeable, the event should be passed to this class by calling inReadEvent() or inWriteEvent(). This class will then try to read or write through the socket, and will update its state appropriately. This class will forward higher-level events to its subclass. For example, when a complete TLS record has been received, outReadEvent() will be called with the decrypted data. """ def __init__(self): self._clear() def _clear(self): #These store the various asynchronous operations (i.e. #generators). Only one of them, at most, is ever active at a #time. self.handshaker = None self.closer = None self.reader = None self.writer = None #This stores the result from the last call to the #currently active operation. If 0 it indicates that the #operation wants to read, if 1 it indicates that the #operation wants to write. If None, there is no active #operation. self.result = None def _checkAssert(self, maxActive=1): #This checks that only one operation, at most, is #active, and that self.result is set appropriately. activeOps = 0 if self.handshaker: activeOps += 1 if self.closer: activeOps += 1 if self.reader: activeOps += 1 if self.writer: activeOps += 1 if self.result == None: if activeOps != 0: raise AssertionError() elif self.result in (0,1): if activeOps != 1: raise AssertionError() else: raise AssertionError() if activeOps > maxActive: raise AssertionError() def wantsReadEvent(self): """If the state machine wants to read. If an operation is active, this returns whether or not the operation wants to read from the socket. If an operation is not active, this returns None. @rtype: bool or None @return: If the state machine wants to read. """ if self.result != None: return self.result == 0 return None def wantsWriteEvent(self): """If the state machine wants to write. If an operation is active, this returns whether or not the operation wants to write to the socket. If an operation is not active, this returns None. @rtype: bool or None @return: If the state machine wants to write. """ if self.result != None: return self.result == 1 return None def outConnectEvent(self): """Called when a handshake operation completes. May be overridden in subclass. """ pass def outCloseEvent(self): """Called when a close operation completes. May be overridden in subclass. """ pass def outReadEvent(self, readBuffer): """Called when a read operation completes. May be overridden in subclass.""" pass def outWriteEvent(self): """Called when a write operation completes. May be overridden in subclass.""" pass def inReadEvent(self): """Tell the state machine it can read from the socket.""" try: self._checkAssert() if self.handshaker: self._doHandshakeOp() elif self.closer: self._doCloseOp() elif self.reader: self._doReadOp() elif self.writer: self._doWriteOp() else: self.reader = self.tlsConnection.readAsync(16384) self._doReadOp() except: self._clear() raise def inWriteEvent(self): """Tell the state machine it can write to the socket.""" try: self._checkAssert() if self.handshaker: self._doHandshakeOp() elif self.closer: self._doCloseOp() elif self.reader: self._doReadOp() elif self.writer: self._doWriteOp() else: self.outWriteEvent() except: self._clear() raise def _doHandshakeOp(self): try: self.result = self.handshaker.next() except StopIteration: self.handshaker = None self.result = None self.outConnectEvent() def _doCloseOp(self): try: self.result = self.closer.next() except StopIteration: self.closer = None self.result = None self.outCloseEvent() def _doReadOp(self): self.result = self.reader.next() if not self.result in (0,1): readBuffer = self.result self.reader = None self.result = None self.outReadEvent(readBuffer) def _doWriteOp(self): try: self.result = self.writer.next() except StopIteration: self.writer = None self.result = None def setHandshakeOp(self, handshaker): """Start a handshake operation. @type handshaker: generator @param handshaker: A generator created by using one of the asynchronous handshake functions (i.e. handshakeServerAsync, or handshakeClientxxx(..., async=True). """ try: self._checkAssert(0) self.handshaker = handshaker self._doHandshakeOp() except: self._clear() raise def setServerHandshakeOp(self, **args): """Start a handshake operation. The arguments passed to this function will be forwarded to L{tlslite.TLSConnection.TLSConnection.handshakeServerAsync}. """ handshaker = self.tlsConnection.handshakeServerAsync(**args) self.setHandshakeOp(handshaker) def setCloseOp(self): """Start a close operation. """ try: self._checkAssert(0) self.closer = self.tlsConnection.closeAsync() self._doCloseOp() except: self._clear() raise def setWriteOp(self, writeBuffer): """Start a write operation. @type writeBuffer: str @param writeBuffer: The string to transmit. """ try: self._checkAssert(0) self.writer = self.tlsConnection.writeAsync(writeBuffer) self._doWriteOp() except: self._clear() raise tlslite-0.3.8/tlslite/integration/HTTPTLSConnection.py0000700000175000017500000001477710204012152021741 0ustar clintclint"""TLS Lite + httplib.""" import socket import httplib from tlslite.TLSConnection import TLSConnection from tlslite.integration.ClientHelper import ClientHelper class HTTPBaseTLSConnection(httplib.HTTPConnection): """This abstract class provides a framework for adding TLS support to httplib.""" default_port = 443 def __init__(self, host, port=None, strict=None): if strict == None: #Python 2.2 doesn't support strict httplib.HTTPConnection.__init__(self, host, port) else: httplib.HTTPConnection.__init__(self, host, port, strict) def connect(self): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if hasattr(sock, 'settimeout'): sock.settimeout(10) sock.connect((self.host, self.port)) #Use a TLSConnection to emulate a socket self.sock = TLSConnection(sock) #When httplib closes this, close the socket self.sock.closeSocket = True self._handshake(self.sock) def _handshake(self, tlsConnection): """Called to perform some sort of handshake. This method must be overridden in a subclass to do some type of handshake. This method will be called after the socket has been connected but before any data has been sent. If this method does not raise an exception, the TLS connection will be considered valid. This method may (or may not) be called every time an HTTP request is performed, depending on whether the underlying HTTP connection is persistent. @type tlsConnection: L{tlslite.TLSConnection.TLSConnection} @param tlsConnection: The connection to perform the handshake on. """ raise NotImplementedError() class HTTPTLSConnection(HTTPBaseTLSConnection, ClientHelper): """This class extends L{HTTPBaseTLSConnection} to support the common types of handshaking.""" def __init__(self, host, port=None, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings = None): """Create a new HTTPTLSConnection. For client authentication, use one of these argument combinations: - username, password (SRP) - username, sharedKey (shared-key) - certChain, privateKey (certificate) For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations: - cryptoID[, protocol] (requires cryptoIDlib) - x509Fingerprint - x509TrustList[, x509CommonName] (requires cryptlib_py) Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys. The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Thus you should be prepared to handle TLS-specific exceptions when calling methods inherited from L{httplib.HTTPConnection} such as request(), connect(), and send(). See the client handshake functions in L{tlslite.TLSConnection.TLSConnection} for details on which exceptions might be raised. @type host: str @param host: Server to connect to. @type port: int @param port: Port to connect to. @type username: str @param username: SRP or shared-key username. Requires the 'password' or 'sharedKey' argument. @type password: str @param password: SRP password for mutual authentication. Requires the 'username' argument. @type sharedKey: str @param sharedKey: Shared key for mutual authentication. Requires the 'username' argument. @type certChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @param certChain: Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments. @type privateKey: L{tlslite.utils.RSAKey.RSAKey} @param privateKey: Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments. @type cryptoID: str @param cryptoID: cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments. @type protocol: str @param protocol: cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument. @type x509Fingerprint: str @param x509Fingerprint: Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments. @type x509TrustList: list of L{tlslite.X509.X509} @param x509TrustList: A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. @type x509CommonName: str @param x509CommonName: The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. """ HTTPBaseTLSConnection.__init__(self, host, port) ClientHelper.__init__(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings) def _handshake(self, tlsConnection): ClientHelper._handshake(self, tlsConnection)tlslite-0.3.8/tlslite/integration/TLSAsyncDispatcherMixIn.py0000700000175000017500000001140610025502510023160 0ustar clintclint"""TLS Lite + asyncore.""" import asyncore from tlslite.TLSConnection import TLSConnection from AsyncStateMachine import AsyncStateMachine class TLSAsyncDispatcherMixIn(AsyncStateMachine): """This class can be "mixed in" with an L{asyncore.dispatcher} to add TLS support. This class essentially sits between the dispatcher and the select loop, intercepting events and only calling the dispatcher when applicable. In the case of handle_read(), a read operation will be activated, and when it completes, the bytes will be placed in a buffer where the dispatcher can retrieve them by calling recv(), and the dispatcher's handle_read() will be called. In the case of handle_write(), the dispatcher's handle_write() will be called, and when it calls send(), a write operation will be activated. To use this class, you must combine it with an asyncore.dispatcher, and pass in a handshake operation with setServerHandshakeOp(). Below is an example of using this class with medusa. This class is mixed in with http_channel to create http_tls_channel. Note: 1. the mix-in is listed first in the inheritance list 2. the input buffer size must be at least 16K, otherwise the dispatcher might not read all the bytes from the TLS layer, leaving some bytes in limbo. 3. IE seems to have a problem receiving a whole HTTP response in a single TLS record, so HTML pages containing '\\r\\n\\r\\n' won't be displayed on IE. Add the following text into 'start_medusa.py', in the 'HTTP Server' section:: from tlslite.api import * s = open("./serverX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./serverX509Key.pem").read() privateKey = parsePEMKey(s, private=True) class http_tls_channel(TLSAsyncDispatcherMixIn, http_server.http_channel): ac_in_buffer_size = 16384 def __init__ (self, server, conn, addr): http_server.http_channel.__init__(self, server, conn, addr) TLSAsyncDispatcherMixIn.__init__(self, conn) self.tlsConnection.ignoreAbruptClose = True self.setServerHandshakeOp(certChain=certChain, privateKey=privateKey) hs.channel_class = http_tls_channel If the TLS layer raises an exception, the exception will be caught in asyncore.dispatcher, which will call close() on this class. The TLS layer always closes the TLS connection before raising an exception, so the close operation will complete right away, causing asyncore.dispatcher.close() to be called, which closes the socket and removes this instance from the asyncore loop. """ def __init__(self, sock=None): AsyncStateMachine.__init__(self) if sock: self.tlsConnection = TLSConnection(sock) #Calculate the sibling I'm being mixed in with. #This is necessary since we override functions #like readable(), handle_read(), etc., but we #also want to call the sibling's versions. for cl in self.__class__.__bases__: if cl != TLSAsyncDispatcherMixIn and cl != AsyncStateMachine: self.siblingClass = cl break else: raise AssertionError() def readable(self): result = self.wantsReadEvent() if result != None: return result return self.siblingClass.readable(self) def writable(self): result = self.wantsWriteEvent() if result != None: return result return self.siblingClass.writable(self) def handle_read(self): self.inReadEvent() def handle_write(self): self.inWriteEvent() def outConnectEvent(self): self.siblingClass.handle_connect(self) def outCloseEvent(self): asyncore.dispatcher.close(self) def outReadEvent(self, readBuffer): self.readBuffer = readBuffer self.siblingClass.handle_read(self) def outWriteEvent(self): self.siblingClass.handle_write(self) def recv(self, bufferSize=16384): if bufferSize < 16384 or self.readBuffer == None: raise AssertionError() returnValue = self.readBuffer self.readBuffer = None return returnValue def send(self, writeBuffer): self.setWriteOp(writeBuffer) return len(writeBuffer) def close(self): if hasattr(self, "tlsConnection"): self.setCloseOp() else: asyncore.dispatcher.close(self)tlslite-0.3.8/tlslite/Session.py0000700000175000017500000001117510130676052015661 0ustar clintclint"""Class representing a TLS session.""" from utils.compat import * from mathtls import * from constants import * class Session: """ This class represents a TLS session. TLS distinguishes between connections and sessions. A new handshake creates both a connection and a session. Data is transmitted over the connection. The session contains a more permanent record of the handshake. The session can be inspected to determine handshake results. The session can also be used to create a new connection through "session resumption". If the client and server both support this, they can create a new connection based on an old session without the overhead of a full handshake. The session for a L{tlslite.TLSConnection.TLSConnection} can be retrieved from the connection's 'session' attribute. @type srpUsername: str @ivar srpUsername: The client's SRP username (or None). @type sharedKeyUsername: str @ivar sharedKeyUsername: The client's shared-key username (or None). @type clientCertChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @ivar clientCertChain: The client's certificate chain (or None). @type serverCertChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @ivar serverCertChain: The server's certificate chain (or None). """ def __init__(self): self.masterSecret = createByteArraySequence([]) self.sessionID = createByteArraySequence([]) self.cipherSuite = 0 self.srpUsername = None self.sharedKeyUsername = None self.clientCertChain = None self.serverCertChain = None self.resumable = False self.sharedKey = False def _clone(self): other = Session() other.masterSecret = self.masterSecret other.sessionID = self.sessionID other.cipherSuite = self.cipherSuite other.srpUsername = self.srpUsername other.sharedKeyUsername = self.sharedKeyUsername other.clientCertChain = self.clientCertChain other.serverCertChain = self.serverCertChain other.resumable = self.resumable other.sharedKey = self.sharedKey return other def _calcMasterSecret(self, version, premasterSecret, clientRandom, serverRandom): if version == (3,0): self.masterSecret = PRF_SSL(premasterSecret, concatArrays(clientRandom, serverRandom), 48) elif version in ((3,1), (3,2)): self.masterSecret = PRF(premasterSecret, "master secret", concatArrays(clientRandom, serverRandom), 48) else: raise AssertionError() def valid(self): """If this session can be used for session resumption. @rtype: bool @return: If this session can be used for session resumption. """ return self.resumable or self.sharedKey def _setResumable(self, boolean): #Only let it be set if this isn't a shared key if not self.sharedKey: #Only let it be set to True if the sessionID is non-null if (not boolean) or (boolean and self.sessionID): self.resumable = boolean def getCipherName(self): """Get the name of the cipher used with this connection. @rtype: str @return: The name of the cipher used with this connection. Either 'aes128', 'aes256', 'rc4', or '3des'. """ if self.cipherSuite in CipherSuite.aes128Suites: return "aes128" elif self.cipherSuite in CipherSuite.aes256Suites: return "aes256" elif self.cipherSuite in CipherSuite.rc4Suites: return "rc4" elif self.cipherSuite in CipherSuite.tripleDESSuites: return "3des" else: return None def _createSharedKey(self, sharedKeyUsername, sharedKey): if len(sharedKeyUsername)>16: raise ValueError() if len(sharedKey)>47: raise ValueError() self.sharedKeyUsername = sharedKeyUsername self.sessionID = createByteArrayZeros(16) for x in range(len(sharedKeyUsername)): self.sessionID[x] = ord(sharedKeyUsername[x]) premasterSecret = createByteArrayZeros(48) sharedKey = chr(len(sharedKey)) + sharedKey for x in range(48): premasterSecret[x] = ord(sharedKey[x % len(sharedKey)]) self.masterSecret = PRF(premasterSecret, "shared secret", createByteArraySequence([]), 48) self.sharedKey = True return self tlslite-0.3.8/tlslite/HandshakeSettings.py0000700000175000017500000001433410122477701017646 0ustar clintclint"""Class for setting handshake parameters.""" from constants import CertificateType from utils import cryptomath from utils import cipherfactory class HandshakeSettings: """This class encapsulates various parameters that can be used with a TLS handshake. @sort: minKeySize, maxKeySize, cipherNames, certificateTypes, minVersion, maxVersion @type minKeySize: int @ivar minKeySize: The minimum bit length for asymmetric keys. If the other party tries to use SRP, RSA, or Diffie-Hellman parameters smaller than this length, an alert will be signalled. The default is 1023. @type maxKeySize: int @ivar maxKeySize: The maximum bit length for asymmetric keys. If the other party tries to use SRP, RSA, or Diffie-Hellman parameters larger than this length, an alert will be signalled. The default is 8193. @type cipherNames: list @ivar cipherNames: The allowed ciphers, in order of preference. The allowed values in this list are 'aes256', 'aes128', '3des', and 'rc4'. If these settings are used with a client handshake, they determine the order of the ciphersuites offered in the ClientHello message. If these settings are used with a server handshake, the server will choose whichever ciphersuite matches the earliest entry in this list. NOTE: If '3des' is used in this list, but TLS Lite can't find an add-on library that supports 3DES, then '3des' will be silently removed. The default value is ['aes256', 'aes128', '3des', 'rc4']. @type certificateTypes: list @ivar certificateTypes: The allowed certificate types, in order of preference. The allowed values in this list are 'x509' and 'cryptoID'. This list is only used with a client handshake. The client will advertise to the server which certificate types are supported, and will check that the server uses one of the appropriate types. NOTE: If 'cryptoID' is used in this list, but cryptoIDlib is not installed, then 'cryptoID' will be silently removed. @type minVersion: tuple @ivar minVersion: The minimum allowed SSL/TLS version. This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to use a lower version, a protocol_version alert will be signalled. The default is (3,0). @type maxVersion: tuple @ivar maxVersion: The maximum allowed SSL/TLS version. This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to use a higher version, a protocol_version alert will be signalled. The default is (3,2). (WARNING: Some servers may (improperly) reject clients which offer support for TLS 1.1. In this case, try lowering maxVersion to (3,1)). """ def __init__(self): self.minKeySize = 1023 self.maxKeySize = 8193 self.cipherNames = ["aes256", "aes128", "3des", "rc4"] self.cipherImplementations = ["cryptlib", "openssl", "pycrypto", "python"] self.certificateTypes = ["x509", "cryptoID"] self.minVersion = (3,0) self.maxVersion = (3,2) #Filters out options that are not supported def _filter(self): other = HandshakeSettings() other.minKeySize = self.minKeySize other.maxKeySize = self.maxKeySize other.cipherNames = self.cipherNames other.cipherImplementations = self.cipherImplementations other.certificateTypes = self.certificateTypes other.minVersion = self.minVersion other.maxVersion = self.maxVersion if not cipherfactory.tripleDESPresent: other.cipherNames = [e for e in self.cipherNames if e != "3des"] if len(other.cipherNames)==0: raise ValueError("No supported ciphers") try: import cryptoIDlib except ImportError: other.certificateTypes = [e for e in self.certificateTypes \ if e != "cryptoID"] if len(other.certificateTypes)==0: raise ValueError("No supported certificate types") if not cryptomath.cryptlibpyLoaded: other.cipherImplementations = [e for e in \ self.cipherImplementations if e != "cryptlib"] if not cryptomath.m2cryptoLoaded: other.cipherImplementations = [e for e in \ other.cipherImplementations if e != "openssl"] if not cryptomath.pycryptoLoaded: other.cipherImplementations = [e for e in \ other.cipherImplementations if e != "pycrypto"] if len(other.cipherImplementations)==0: raise ValueError("No supported cipher implementations") if other.minKeySize<512: raise ValueError("minKeySize too small") if other.minKeySize>16384: raise ValueError("minKeySize too large") if other.maxKeySize<512: raise ValueError("maxKeySize too small") if other.maxKeySize>16384: raise ValueError("maxKeySize too large") for s in other.cipherNames: if s not in ("aes256", "aes128", "rc4", "3des"): raise ValueError("Unknown cipher name: '%s'" % s) for s in other.cipherImplementations: if s not in ("cryptlib", "openssl", "python", "pycrypto"): raise ValueError("Unknown cipher implementation: '%s'" % s) for s in other.certificateTypes: if s not in ("x509", "cryptoID"): raise ValueError("Unknown certificate type: '%s'" % s) if other.minVersion > other.maxVersion: raise ValueError("Versions set incorrectly") if not other.minVersion in ((3,0), (3,1), (3,2)): raise ValueError("minVersion set incorrectly") if not other.maxVersion in ((3,0), (3,1), (3,2)): raise ValueError("maxVersion set incorrectly") return other def _getCertificateTypes(self): l = [] for ct in self.certificateTypes: if ct == "x509": l.append(CertificateType.x509) elif ct == "cryptoID": l.append(CertificateType.cryptoID) else: raise AssertionError() return l tlslite-0.3.8/tlslite/messages.py0000700000175000017500000004377510130676044016061 0ustar clintclint"""Classes representing TLS messages.""" from utils.compat import * from utils.cryptomath import * from errors import * from utils.codec import * from constants import * from X509 import X509 from X509CertChain import X509CertChain import sha import md5 class RecordHeader3: def __init__(self): self.type = 0 self.version = (0,0) self.length = 0 self.ssl2 = False def create(self, version, type, length): self.type = type self.version = version self.length = length return self def write(self): w = Writer(5) w.add(self.type, 1) w.add(self.version[0], 1) w.add(self.version[1], 1) w.add(self.length, 2) return w.bytes def parse(self, p): self.type = p.get(1) self.version = (p.get(1), p.get(1)) self.length = p.get(2) self.ssl2 = False return self class RecordHeader2: def __init__(self): self.type = 0 self.version = (0,0) self.length = 0 self.ssl2 = True def parse(self, p): if p.get(1)!=128: raise SyntaxError() self.type = ContentType.handshake self.version = (2,0) #We don't support 2-byte-length-headers; could be a problem self.length = p.get(1) return self class Msg: def preWrite(self, trial): if trial: w = Writer() else: length = self.write(True) w = Writer(length) return w def postWrite(self, w, trial): if trial: return w.index else: return w.bytes class Alert(Msg): def __init__(self): self.contentType = ContentType.alert self.level = 0 self.description = 0 def create(self, description, level=AlertLevel.fatal): self.level = level self.description = description return self def parse(self, p): p.setLengthCheck(2) self.level = p.get(1) self.description = p.get(1) p.stopLengthCheck() return self def write(self): w = Writer(2) w.add(self.level, 1) w.add(self.description, 1) return w.bytes class HandshakeMsg(Msg): def preWrite(self, handshakeType, trial): if trial: w = Writer() w.add(handshakeType, 1) w.add(0, 3) else: length = self.write(True) w = Writer(length) w.add(handshakeType, 1) w.add(length-4, 3) return w class ClientHello(HandshakeMsg): def __init__(self, ssl2=False): self.contentType = ContentType.handshake self.ssl2 = ssl2 self.client_version = (0,0) self.random = createByteArrayZeros(32) self.session_id = createByteArraySequence([]) self.cipher_suites = [] # a list of 16-bit values self.certificate_types = [CertificateType.x509] self.compression_methods = [] # a list of 8-bit values self.srp_username = None # a string def create(self, version, random, session_id, cipher_suites, certificate_types=None, srp_username=None): self.client_version = version self.random = random self.session_id = session_id self.cipher_suites = cipher_suites self.certificate_types = certificate_types self.compression_methods = [0] self.srp_username = srp_username return self def parse(self, p): if self.ssl2: self.client_version = (p.get(1), p.get(1)) cipherSpecsLength = p.get(2) sessionIDLength = p.get(2) randomLength = p.get(2) self.cipher_suites = p.getFixList(3, int(cipherSpecsLength/3)) self.session_id = p.getFixBytes(sessionIDLength) self.random = p.getFixBytes(randomLength) if len(self.random) < 32: zeroBytes = 32-len(self.random) self.random = createByteArrayZeros(zeroBytes) + self.random self.compression_methods = [0]#Fake this value #We're not doing a stopLengthCheck() for SSLv2, oh well.. else: p.startLengthCheck(3) self.client_version = (p.get(1), p.get(1)) self.random = p.getFixBytes(32) self.session_id = p.getVarBytes(1) self.cipher_suites = p.getVarList(2, 2) self.compression_methods = p.getVarList(1, 1) if not p.atLengthCheck(): totalExtLength = p.get(2) soFar = 0 while soFar != totalExtLength: extType = p.get(2) extLength = p.get(2) if extType == 6: self.srp_username = bytesToString(p.getVarBytes(1)) elif extType == 7: self.certificate_types = p.getVarList(1, 1) else: p.getFixBytes(extLength) soFar += 4 + extLength p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.client_hello, trial) w.add(self.client_version[0], 1) w.add(self.client_version[1], 1) w.addFixSeq(self.random, 1) w.addVarSeq(self.session_id, 1, 1) w.addVarSeq(self.cipher_suites, 2, 2) w.addVarSeq(self.compression_methods, 1, 1) extLength = 0 if self.certificate_types and self.certificate_types != \ [CertificateType.x509]: extLength += 5 + len(self.certificate_types) if self.srp_username: extLength += 5 + len(self.srp_username) if extLength > 0: w.add(extLength, 2) if self.certificate_types and self.certificate_types != \ [CertificateType.x509]: w.add(7, 2) w.add(len(self.certificate_types)+1, 2) w.addVarSeq(self.certificate_types, 1, 1) if self.srp_username: w.add(6, 2) w.add(len(self.srp_username)+1, 2) w.addVarSeq(stringToBytes(self.srp_username), 1, 1) return HandshakeMsg.postWrite(self, w, trial) class ServerHello(HandshakeMsg): def __init__(self): self.contentType = ContentType.handshake self.server_version = (0,0) self.random = createByteArrayZeros(32) self.session_id = createByteArraySequence([]) self.cipher_suite = 0 self.certificate_type = CertificateType.x509 self.compression_method = 0 def create(self, version, random, session_id, cipher_suite, certificate_type): self.server_version = version self.random = random self.session_id = session_id self.cipher_suite = cipher_suite self.certificate_type = certificate_type self.compression_method = 0 return self def parse(self, p): p.startLengthCheck(3) self.server_version = (p.get(1), p.get(1)) self.random = p.getFixBytes(32) self.session_id = p.getVarBytes(1) self.cipher_suite = p.get(2) self.compression_method = p.get(1) if not p.atLengthCheck(): totalExtLength = p.get(2) soFar = 0 while soFar != totalExtLength: extType = p.get(2) extLength = p.get(2) if extType == 7: self.certificate_type = p.get(1) else: p.getFixBytes(extLength) soFar += 4 + extLength p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.server_hello, trial) w.add(self.server_version[0], 1) w.add(self.server_version[1], 1) w.addFixSeq(self.random, 1) w.addVarSeq(self.session_id, 1, 1) w.add(self.cipher_suite, 2) w.add(self.compression_method, 1) extLength = 0 if self.certificate_type and self.certificate_type != \ CertificateType.x509: extLength += 5 if extLength != 0: w.add(extLength, 2) if self.certificate_type and self.certificate_type != \ CertificateType.x509: w.add(7, 2) w.add(1, 2) w.add(self.certificate_type, 1) return HandshakeMsg.postWrite(self, w, trial) class Certificate(HandshakeMsg): def __init__(self, certificateType): self.certificateType = certificateType self.contentType = ContentType.handshake self.certChain = None def create(self, certChain): self.certChain = certChain return self def parse(self, p): p.startLengthCheck(3) if self.certificateType == CertificateType.x509: chainLength = p.get(3) index = 0 certificate_list = [] while index != chainLength: certBytes = p.getVarBytes(3) x509 = X509() x509.parseBinary(certBytes) certificate_list.append(x509) index += len(certBytes)+3 if certificate_list: self.certChain = X509CertChain(certificate_list) elif self.certificateType == CertificateType.cryptoID: s = bytesToString(p.getVarBytes(2)) if s: try: import cryptoIDlib.CertChain except ImportError: raise SyntaxError(\ "cryptoID cert chain received, cryptoIDlib not present") self.certChain = cryptoIDlib.CertChain.CertChain().parse(s) else: raise AssertionError() p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.certificate, trial) if self.certificateType == CertificateType.x509: chainLength = 0 if self.certChain: certificate_list = self.certChain.x509List else: certificate_list = [] #determine length for cert in certificate_list: bytes = cert.writeBytes() chainLength += len(bytes)+3 #add bytes w.add(chainLength, 3) for cert in certificate_list: bytes = cert.writeBytes() w.addVarSeq(bytes, 1, 3) elif self.certificateType == CertificateType.cryptoID: if self.certChain: bytes = stringToBytes(self.certChain.write()) else: bytes = createByteArraySequence([]) w.addVarSeq(bytes, 1, 2) else: raise AssertionError() return HandshakeMsg.postWrite(self, w, trial) class CertificateRequest(HandshakeMsg): def __init__(self): self.contentType = ContentType.handshake self.certificate_types = [] #treat as opaque bytes for now self.certificate_authorities = createByteArraySequence([]) def create(self, certificate_types, certificate_authorities): self.certificate_types = certificate_types self.certificate_authorities = certificate_authorities return self def parse(self, p): p.startLengthCheck(3) self.certificate_types = p.getVarList(1, 1) self.certificate_authorities = p.getVarBytes(2) p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.certificate_request, trial) w.addVarSeq(self.certificate_types, 1, 1) w.addVarSeq(self.certificate_authorities, 1, 2) return HandshakeMsg.postWrite(self, w, trial) class ServerKeyExchange(HandshakeMsg): def __init__(self, cipherSuite): self.cipherSuite = cipherSuite self.contentType = ContentType.handshake self.srp_N = 0L self.srp_g = 0L self.srp_s = createByteArraySequence([]) self.srp_B = 0L self.signature = createByteArraySequence([]) def createSRP(self, srp_N, srp_g, srp_s, srp_B): self.srp_N = srp_N self.srp_g = srp_g self.srp_s = srp_s self.srp_B = srp_B return self def parse(self, p): p.startLengthCheck(3) self.srp_N = bytesToNumber(p.getVarBytes(2)) self.srp_g = bytesToNumber(p.getVarBytes(2)) self.srp_s = p.getVarBytes(1) self.srp_B = bytesToNumber(p.getVarBytes(2)) if self.cipherSuite in CipherSuite.srpRsaSuites: self.signature = p.getVarBytes(2) p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.server_key_exchange, trial) w.addVarSeq(numberToBytes(self.srp_N), 1, 2) w.addVarSeq(numberToBytes(self.srp_g), 1, 2) w.addVarSeq(self.srp_s, 1, 1) w.addVarSeq(numberToBytes(self.srp_B), 1, 2) if self.cipherSuite in CipherSuite.srpRsaSuites: w.addVarSeq(self.signature, 1, 2) return HandshakeMsg.postWrite(self, w, trial) def hash(self, clientRandom, serverRandom): oldCipherSuite = self.cipherSuite self.cipherSuite = None try: bytes = clientRandom + serverRandom + self.write()[4:] s = bytesToString(bytes) return stringToBytes(md5.md5(s).digest() + sha.sha(s).digest()) finally: self.cipherSuite = oldCipherSuite class ServerHelloDone(HandshakeMsg): def __init__(self): self.contentType = ContentType.handshake def create(self): return self def parse(self, p): p.startLengthCheck(3) p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.server_hello_done, trial) return HandshakeMsg.postWrite(self, w, trial) class ClientKeyExchange(HandshakeMsg): def __init__(self, cipherSuite, version=None): self.cipherSuite = cipherSuite self.version = version self.contentType = ContentType.handshake self.srp_A = 0 self.encryptedPreMasterSecret = createByteArraySequence([]) def createSRP(self, srp_A): self.srp_A = srp_A return self def createRSA(self, encryptedPreMasterSecret): self.encryptedPreMasterSecret = encryptedPreMasterSecret return self def parse(self, p): p.startLengthCheck(3) if self.cipherSuite in CipherSuite.srpSuites + \ CipherSuite.srpRsaSuites: self.srp_A = bytesToNumber(p.getVarBytes(2)) elif self.cipherSuite in CipherSuite.rsaSuites: if self.version in ((3,1), (3,2)): self.encryptedPreMasterSecret = p.getVarBytes(2) elif self.version == (3,0): self.encryptedPreMasterSecret = \ p.getFixBytes(len(p.bytes)-p.index) else: raise AssertionError() else: raise AssertionError() p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.client_key_exchange, trial) if self.cipherSuite in CipherSuite.srpSuites + \ CipherSuite.srpRsaSuites: w.addVarSeq(numberToBytes(self.srp_A), 1, 2) elif self.cipherSuite in CipherSuite.rsaSuites: if self.version in ((3,1), (3,2)): w.addVarSeq(self.encryptedPreMasterSecret, 1, 2) elif self.version == (3,0): w.addFixSeq(self.encryptedPreMasterSecret, 1) else: raise AssertionError() else: raise AssertionError() return HandshakeMsg.postWrite(self, w, trial) class CertificateVerify(HandshakeMsg): def __init__(self): self.contentType = ContentType.handshake self.signature = createByteArraySequence([]) def create(self, signature): self.signature = signature return self def parse(self, p): p.startLengthCheck(3) self.signature = p.getVarBytes(2) p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.certificate_verify, trial) w.addVarSeq(self.signature, 1, 2) return HandshakeMsg.postWrite(self, w, trial) class ChangeCipherSpec(Msg): def __init__(self): self.contentType = ContentType.change_cipher_spec self.type = 1 def create(self): self.type = 1 return self def parse(self, p): p.setLengthCheck(1) self.type = p.get(1) p.stopLengthCheck() return self def write(self, trial=False): w = Msg.preWrite(self, trial) w.add(self.type,1) return Msg.postWrite(self, w, trial) class Finished(HandshakeMsg): def __init__(self, version): self.contentType = ContentType.handshake self.version = version self.verify_data = createByteArraySequence([]) def create(self, verify_data): self.verify_data = verify_data return self def parse(self, p): p.startLengthCheck(3) if self.version == (3,0): self.verify_data = p.getFixBytes(36) elif self.version in ((3,1), (3,2)): self.verify_data = p.getFixBytes(12) else: raise AssertionError() p.stopLengthCheck() return self def write(self, trial=False): w = HandshakeMsg.preWrite(self, HandshakeType.finished, trial) w.addFixSeq(self.verify_data, 1) return HandshakeMsg.postWrite(self, w, trial) class ApplicationData(Msg): def __init__(self): self.contentType = ContentType.application_data self.bytes = createByteArraySequence([]) def create(self, bytes): self.bytes = bytes return self def parse(self, p): self.bytes = p.bytes return self def write(self): return self.bytestlslite-0.3.8/tlslite/errors.py0000700000175000017500000001324310025523106015542 0ustar clintclint"""Exception classes. @sort: TLSError, TLSAbruptCloseError, TLSAlert, TLSLocalAlert, TLSRemoteAlert, TLSAuthenticationError, TLSNoAuthenticationError, TLSAuthenticationTypeError, TLSFingerprintError, TLSAuthorizationError, TLSValidationError, TLSFaultError """ from constants import AlertDescription, AlertLevel class TLSError(Exception): """Base class for all TLS Lite exceptions.""" pass class TLSAbruptCloseError(TLSError): """The socket was closed without a proper TLS shutdown. The TLS specification mandates that an alert of some sort must be sent before the underlying socket is closed. If the socket is closed without this, it could signify that an attacker is trying to truncate the connection. It could also signify a misbehaving TLS implementation, or a random network failure. """ pass class TLSAlert(TLSError): """A TLS alert has been signalled.""" pass _descriptionStr = {\ AlertDescription.close_notify: "close_notify",\ AlertDescription.unexpected_message: "unexpected_message",\ AlertDescription.bad_record_mac: "bad_record_mac",\ AlertDescription.decryption_failed: "decryption_failed",\ AlertDescription.record_overflow: "record_overflow",\ AlertDescription.decompression_failure: "decompression_failure",\ AlertDescription.handshake_failure: "handshake_failure",\ AlertDescription.no_certificate: "no certificate",\ AlertDescription.bad_certificate: "bad_certificate",\ AlertDescription.unsupported_certificate: "unsupported_certificate",\ AlertDescription.certificate_revoked: "certificate_revoked",\ AlertDescription.certificate_expired: "certificate_expired",\ AlertDescription.certificate_unknown: "certificate_unknown",\ AlertDescription.illegal_parameter: "illegal_parameter",\ AlertDescription.unknown_ca: "unknown_ca",\ AlertDescription.access_denied: "access_denied",\ AlertDescription.decode_error: "decode_error",\ AlertDescription.decrypt_error: "decrypt_error",\ AlertDescription.export_restriction: "export_restriction",\ AlertDescription.protocol_version: "protocol_version",\ AlertDescription.insufficient_security: "insufficient_security",\ AlertDescription.internal_error: "internal_error",\ AlertDescription.user_canceled: "user_canceled",\ AlertDescription.no_renegotiation: "no_renegotiation",\ AlertDescription.unknown_srp_username: "unknown_srp_username",\ AlertDescription.missing_srp_username: "missing_srp_username"} class TLSLocalAlert(TLSAlert): """A TLS alert has been signalled by the local implementation. @type description: int @ivar description: Set to one of the constants in L{tlslite.constants.AlertDescription} @type level: int @ivar level: Set to one of the constants in L{tlslite.constants.AlertLevel} @type message: str @ivar message: Description of what went wrong. """ def __init__(self, alert, message=None): self.description = alert.description self.level = alert.level self.message = message def __str__(self): alertStr = TLSAlert._descriptionStr.get(self.description) if alertStr == None: alertStr = str(self.description) if self.message: return alertStr + ": " + self.message else: return alertStr class TLSRemoteAlert(TLSAlert): """A TLS alert has been signalled by the remote implementation. @type description: int @ivar description: Set to one of the constants in L{tlslite.constants.AlertDescription} @type level: int @ivar level: Set to one of the constants in L{tlslite.constants.AlertLevel} """ def __init__(self, alert): self.description = alert.description self.level = alert.level def __str__(self): alertStr = TLSAlert._descriptionStr.get(self.description) if alertStr == None: alertStr = str(self.description) return alertStr class TLSAuthenticationError(TLSError): """The handshake succeeded, but the other party's authentication was inadequate. This exception will only be raised when a L{tlslite.Checker.Checker} has been passed to a handshake function. The Checker will be invoked once the handshake completes, and if the Checker objects to how the other party authenticated, a subclass of this exception will be raised. """ pass class TLSNoAuthenticationError(TLSAuthenticationError): """The Checker was expecting the other party to authenticate with a certificate chain, but this did not occur.""" pass class TLSAuthenticationTypeError(TLSAuthenticationError): """The Checker was expecting the other party to authenticate with a different type of certificate chain.""" pass class TLSFingerprintError(TLSAuthenticationError): """The Checker was expecting the other party to authenticate with a certificate chain that matches a different fingerprint.""" pass class TLSAuthorizationError(TLSAuthenticationError): """The Checker was expecting the other party to authenticate with a certificate chain that has a different authorization.""" pass class TLSValidationError(TLSAuthenticationError): """The Checker has determined that the other party's certificate chain is invalid.""" pass class TLSFaultError(TLSError): """The other party responded incorrectly to an induced fault. This exception will only occur during fault testing, when a TLSConnection's fault variable is set to induce some sort of faulty behavior, and the other party doesn't respond appropriately. """ pass tlslite-0.3.8/tlslite/VerifierDB.py0000700000175000017500000000604010130676116016213 0ustar clintclint"""Class for storing SRP password verifiers.""" from utils.cryptomath import * from utils.compat import * import mathtls from BaseDB import BaseDB class VerifierDB(BaseDB): """This class represent an in-memory or on-disk database of SRP password verifiers. A VerifierDB can be passed to a server handshake to authenticate a client based on one of the verifiers. This class is thread-safe. """ def __init__(self, filename=None): """Create a new VerifierDB instance. @type filename: str @param filename: Filename for an on-disk database, or None for an in-memory database. If the filename already exists, follow this with a call to open(). To create a new on-disk database, follow this with a call to create(). """ BaseDB.__init__(self, filename, "verifier") def _getItem(self, username, valueStr): (N, g, salt, verifier) = valueStr.split(" ") N = base64ToNumber(N) g = base64ToNumber(g) salt = base64ToString(salt) verifier = base64ToNumber(verifier) return (N, g, salt, verifier) def __setitem__(self, username, verifierEntry): """Add a verifier entry to the database. @type username: str @param username: The username to associate the verifier with. Must be less than 256 characters in length. Must not already be in the database. @type verifierEntry: tuple @param verifierEntry: The verifier entry to add. Use L{tlslite.VerifierDB.VerifierDB.makeVerifier} to create a verifier entry. """ BaseDB.__setitem__(self, username, verifierEntry) def _setItem(self, username, value): if len(username)>=256: raise ValueError("username too long") N, g, salt, verifier = value N = numberToBase64(N) g = numberToBase64(g) salt = stringToBase64(salt) verifier = numberToBase64(verifier) valueStr = " ".join( (N, g, salt, verifier) ) return valueStr def _checkItem(self, value, username, param): (N, g, salt, verifier) = value x = mathtls.makeX(salt, username, param) v = powMod(g, x, N) return (verifier == v) def makeVerifier(username, password, bits): """Create a verifier entry which can be stored in a VerifierDB. @type username: str @param username: The username for this verifier. Must be less than 256 characters in length. @type password: str @param password: The password for this verifier. @type bits: int @param bits: This values specifies which SRP group parameters to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144, 8192). Larger values are more secure but slower. 2048 is a good compromise between safety and speed. @rtype: tuple @return: A tuple which may be stored in a VerifierDB. """ return mathtls.makeVerifier(username, password, bits) makeVerifier = staticmethod(makeVerifier)tlslite-0.3.8/tlslite/BaseDB.py0000700000175000017500000000666410027143547015330 0ustar clintclint"""Base class for SharedKeyDB and VerifierDB.""" import anydbm import thread class BaseDB: def __init__(self, filename, type): self.type = type self.filename = filename if self.filename: self.db = None else: self.db = {} self.lock = thread.allocate_lock() def create(self): """Create a new on-disk database. @raise anydbm.error: If there's a problem creating the database. """ if self.filename: self.db = anydbm.open(self.filename, "n") #raises anydbm.error self.db["--Reserved--type"] = self.type self.db.sync() else: self.db = {} def open(self): """Open a pre-existing on-disk database. @raise anydbm.error: If there's a problem opening the database. @raise ValueError: If the database is not of the right type. """ if not self.filename: raise ValueError("Can only open on-disk databases") self.db = anydbm.open(self.filename, "w") #raises anydbm.error try: if self.db["--Reserved--type"] != self.type: raise ValueError("Not a %s database" % self.type) except KeyError: raise ValueError("Not a recognized database") def __getitem__(self, username): if self.db == None: raise AssertionError("DB not open") self.lock.acquire() try: valueStr = self.db[username] finally: self.lock.release() return self._getItem(username, valueStr) def __setitem__(self, username, value): if self.db == None: raise AssertionError("DB not open") valueStr = self._setItem(username, value) self.lock.acquire() try: self.db[username] = valueStr if self.filename: self.db.sync() finally: self.lock.release() def __delitem__(self, username): if self.db == None: raise AssertionError("DB not open") self.lock.acquire() try: del(self.db[username]) if self.filename: self.db.sync() finally: self.lock.release() def __contains__(self, username): """Check if the database contains the specified username. @type username: str @param username: The username to check for. @rtype: bool @return: True if the database contains the username, False otherwise. """ if self.db == None: raise AssertionError("DB not open") self.lock.acquire() try: return self.db.has_key(username) finally: self.lock.release() def check(self, username, param): value = self.__getitem__(username) return self._checkItem(value, username, param) def keys(self): """Return a list of usernames in the database. @rtype: list @return: The usernames in the database. """ if self.db == None: raise AssertionError("DB not open") self.lock.acquire() try: usernames = self.db.keys() finally: self.lock.release() usernames = [u for u in usernames if not u.startswith("--Reserved--")] return usernamestlslite-0.3.8/tlslite/TLSRecordLayer.py0000700000175000017500000012576410206541675017054 0ustar clintclint"""Helper class for TLSConnection.""" from __future__ import generators from utils.compat import * from utils.cryptomath import * from utils.cipherfactory import createAES, createRC4, createTripleDES from utils.codec import * from errors import * from messages import * from mathtls import * from constants import * from utils.cryptomath import getRandomBytes from utils import hmac from FileObject import FileObject import sha import md5 import socket import errno import traceback class _ConnectionState: def __init__(self): self.macContext = None self.encContext = None self.seqnum = 0 def getSeqNumStr(self): w = Writer(8) w.add(self.seqnum, 8) seqnumStr = bytesToString(w.bytes) self.seqnum += 1 return seqnumStr class TLSRecordLayer: """ This class handles data transmission for a TLS connection. Its only subclass is L{tlslite.TLSConnection.TLSConnection}. We've separated the code in this class from TLSConnection to make things more readable. @type sock: socket.socket @ivar sock: The underlying socket object. @type session: L{tlslite.Session.Session} @ivar session: The session corresponding to this connection. Due to TLS session resumption, multiple connections can correspond to the same underlying session. @type version: tuple @ivar version: The TLS version being used for this connection. (3,0) means SSL 3.0, and (3,1) means TLS 1.0. @type closed: bool @ivar closed: If this connection is closed. @type resumed: bool @ivar resumed: If this connection is based on a resumed session. @type allegedSharedKeyUsername: str or None @ivar allegedSharedKeyUsername: This is set to the shared-key username asserted by the client, whether the handshake succeeded or not. If the handshake fails, this can be inspected to determine if a guessing attack is in progress against a particular user account. @type allegedSrpUsername: str or None @ivar allegedSrpUsername: This is set to the SRP username asserted by the client, whether the handshake succeeded or not. If the handshake fails, this can be inspected to determine if a guessing attack is in progress against a particular user account. @type closeSocket: bool @ivar closeSocket: If the socket should be closed when the connection is closed (writable). If you set this to True, TLS Lite will assume the responsibility of closing the socket when the TLS Connection is shutdown (either through an error or through the user calling close()). The default is False. @type ignoreAbruptClose: bool @ivar ignoreAbruptClose: If an abrupt close of the socket should raise an error (writable). If you set this to True, TLS Lite will not raise a L{tlslite.errors.TLSAbruptCloseError} exception if the underlying socket is unexpectedly closed. Such an unexpected closure could be caused by an attacker. However, it also occurs with some incorrect TLS implementations. You should set this to True only if you're not worried about an attacker truncating the connection, and only if necessary to avoid spurious errors. The default is False. @sort: __init__, read, readAsync, write, writeAsync, close, closeAsync, getCipherImplementation, getCipherName """ def __init__(self, sock): self.sock = sock #My session object (Session instance; read-only) self.session = None #Am I a client or server? self._client = None #Buffers for processing messages self._handshakeBuffer = [] self._readBuffer = "" #Handshake digests self._handshake_md5 = md5.md5() self._handshake_sha = sha.sha() #TLS Protocol Version self.version = (0,0) #read-only self._versionCheck = False #Once we choose a version, this is True #Current and Pending connection states self._writeState = _ConnectionState() self._readState = _ConnectionState() self._pendingWriteState = _ConnectionState() self._pendingReadState = _ConnectionState() #Is the connection open? self.closed = True #read-only self._refCount = 0 #Used to trigger closure #Is this a resumed (or shared-key) session? self.resumed = False #read-only #What username did the client claim in his handshake? self.allegedSharedKeyUsername = None self.allegedSrpUsername = None #On a call to close(), do we close the socket? (writeable) self.closeSocket = False #If the socket is abruptly closed, do we ignore it #and pretend the connection was shut down properly? (writeable) self.ignoreAbruptClose = False #Fault we will induce, for testing purposes self.fault = None #********************************************************* # Public Functions START #********************************************************* def read(self, max=None, min=1): """Read some data from the TLS connection. This function will block until at least 'min' bytes are available (or the connection is closed). If an exception is raised, the connection will have been automatically closed. @type max: int @param max: The maximum number of bytes to return. @type min: int @param min: The minimum number of bytes to return @rtype: str @return: A string of no more than 'max' bytes, and no fewer than 'min' (unless the connection has been closed, in which case fewer than 'min' bytes may be returned). @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. @raise tlslite.errors.TLSAlert: If a TLS alert is signalled. """ for result in self.readAsync(max, min): pass return result def readAsync(self, max=None, min=1): """Start a read operation on the TLS connection. This function returns a generator which behaves similarly to read(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or a string if the read operation has completed. @rtype: iterable @return: A generator; see above for details. """ try: while len(self._readBuffer)= len(s): break if endIndex > len(s): endIndex = len(s) block = stringToBytes(s[startIndex : endIndex]) applicationData = ApplicationData().create(block) for result in self._sendMsg(applicationData, skipEmptyFrag): yield result skipEmptyFrag = True #only send an empy fragment on 1st message index += 1 except: self._shutdown(False) raise def close(self): """Close the TLS connection. This function will block until it has exchanged close_notify alerts with the other party. After doing so, it will shut down the TLS connection. Further attempts to read through this connection will return "". Further attempts to write through this connection will raise ValueError. If makefile() has been called on this connection, the connection will be not be closed until the connection object and all file objects have been closed. Even if an exception is raised, the connection will have been closed. @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. @raise tlslite.errors.TLSAlert: If a TLS alert is signalled. """ if not self.closed: for result in self._decrefAsync(): pass def closeAsync(self): """Start a close operation on the TLS connection. This function returns a generator which behaves similarly to close(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the close operation has completed. @rtype: iterable @return: A generator; see above for details. """ if not self.closed: for result in self._decrefAsync(): yield result def _decrefAsync(self): self._refCount -= 1 if self._refCount == 0 and not self.closed: try: for result in self._sendMsg(Alert().create(\ AlertDescription.close_notify, AlertLevel.warning)): yield result alert = None while not alert: for result in self._getMsg((ContentType.alert, \ ContentType.application_data)): if result in (0,1): yield result if result.contentType == ContentType.alert: alert = result if alert.description == AlertDescription.close_notify: self._shutdown(True) else: raise TLSRemoteAlert(alert) except (socket.error, TLSAbruptCloseError): #If the other side closes the socket, that's okay self._shutdown(True) except: self._shutdown(False) raise def getCipherName(self): """Get the name of the cipher used with this connection. @rtype: str @return: The name of the cipher used with this connection. Either 'aes128', 'aes256', 'rc4', or '3des'. """ if not self._writeState.encContext: return None return self._writeState.encContext.name def getCipherImplementation(self): """Get the name of the cipher implementation used with this connection. @rtype: str @return: The name of the cipher implementation used with this connection. Either 'python', 'cryptlib', 'openssl', or 'pycrypto'. """ if not self._writeState.encContext: return None return self._writeState.encContext.implementation #Emulate a socket, somewhat - def send(self, s): """Send data to the TLS connection (socket emulation). @raise socket.error: If a socket error occurs. """ self.write(s) return len(s) def sendall(self, s): """Send data to the TLS connection (socket emulation). @raise socket.error: If a socket error occurs. """ self.write(s) def recv(self, bufsize): """Get some data from the TLS connection (socket emulation). @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. @raise tlslite.errors.TLSAlert: If a TLS alert is signalled. """ return self.read(bufsize) def makefile(self, mode='r', bufsize=-1): """Create a file object for the TLS connection (socket emulation). @rtype: L{tlslite.FileObject.FileObject} """ self._refCount += 1 return FileObject(self, mode, bufsize) def getsockname(self): """Return the socket's own address (socket emulation).""" return self.sock.getsockname() def getpeername(self): """Return the remote address to which the socket is connected (socket emulation).""" return self.sock.getpeername() def settimeout(self, value): """Set a timeout on blocking socket operations (socket emulation).""" return self.sock.settimeout(value) def gettimeout(self): """Return the timeout associated with socket operations (socket emulation).""" return self.sock.gettimeout() def setsockopt(self, level, optname, value): """Set the value of the given socket option (socket emulation).""" return self.sock.setsockopt(level, optname, value) #********************************************************* # Public Functions END #********************************************************* def _shutdown(self, resumable): self._writeState = _ConnectionState() self._readState = _ConnectionState() #Don't do this: self._readBuffer = "" self.version = (0,0) self._versionCheck = False self.closed = True if self.closeSocket: self.sock.close() #Even if resumable is False, we'll never toggle this on if not resumable and self.session: self.session.resumable = False def _sendError(self, alertDescription, errorStr=None): alert = Alert().create(alertDescription, AlertLevel.fatal) for result in self._sendMsg(alert): yield result self._shutdown(False) raise TLSLocalAlert(alert, errorStr) def _sendMsgs(self, msgs): skipEmptyFrag = False for msg in msgs: for result in self._sendMsg(msg, skipEmptyFrag): yield result skipEmptyFrag = True def _sendMsg(self, msg, skipEmptyFrag=False): bytes = msg.write() contentType = msg.contentType #Whenever we're connected and asked to send a message, #we first send an empty Application Data message. This prevents #an attacker from launching a chosen-plaintext attack based on #knowing the next IV. if not self.closed and not skipEmptyFrag and self.version == (3,1): if self._writeState.encContext: if self._writeState.encContext.isBlockCipher: for result in self._sendMsg(ApplicationData(), skipEmptyFrag=True): yield result #Update handshake hashes if contentType == ContentType.handshake: bytesStr = bytesToString(bytes) self._handshake_md5.update(bytesStr) self._handshake_sha.update(bytesStr) #Calculate MAC if self._writeState.macContext: seqnumStr = self._writeState.getSeqNumStr() bytesStr = bytesToString(bytes) mac = self._writeState.macContext.copy() mac.update(seqnumStr) mac.update(chr(contentType)) if self.version == (3,0): mac.update( chr( int(len(bytes)/256) ) ) mac.update( chr( int(len(bytes)%256) ) ) elif self.version in ((3,1), (3,2)): mac.update(chr(self.version[0])) mac.update(chr(self.version[1])) mac.update( chr( int(len(bytes)/256) ) ) mac.update( chr( int(len(bytes)%256) ) ) else: raise AssertionError() mac.update(bytesStr) macString = mac.digest() macBytes = stringToBytes(macString) if self.fault == Fault.badMAC: macBytes[0] = (macBytes[0]+1) % 256 #Encrypt for Block or Stream Cipher if self._writeState.encContext: #Add padding and encrypt (for Block Cipher): if self._writeState.encContext.isBlockCipher: #Add TLS 1.1 fixed block if self.version == (3,2): bytes = self.fixedIVBlock + bytes #Add padding: bytes = bytes + (macBytes + paddingBytes) currentLength = len(bytes) + len(macBytes) + 1 blockLength = self._writeState.encContext.block_size paddingLength = blockLength-(currentLength % blockLength) paddingBytes = createByteArraySequence([paddingLength] * \ (paddingLength+1)) if self.fault == Fault.badPadding: paddingBytes[0] = (paddingBytes[0]+1) % 256 endBytes = concatArrays(macBytes, paddingBytes) bytes = concatArrays(bytes, endBytes) #Encrypt plaintext = stringToBytes(bytes) ciphertext = self._writeState.encContext.encrypt(plaintext) bytes = stringToBytes(ciphertext) #Encrypt (for Stream Cipher) else: bytes = concatArrays(bytes, macBytes) plaintext = bytesToString(bytes) ciphertext = self._writeState.encContext.encrypt(plaintext) bytes = stringToBytes(ciphertext) #Add record header and send r = RecordHeader3().create(self.version, contentType, len(bytes)) s = bytesToString(concatArrays(r.write(), bytes)) while 1: try: bytesSent = self.sock.send(s) #Might raise socket.error except socket.error, why: if why[0] == errno.EWOULDBLOCK: yield 1 continue else: raise if bytesSent == len(s): return s = s[bytesSent:] yield 1 def _getMsg(self, expectedType, secondaryType=None, constructorType=None): try: if not isinstance(expectedType, tuple): expectedType = (expectedType,) #Spin in a loop, until we've got a non-empty record of a type we #expect. The loop will be repeated if: # - we receive a renegotiation attempt; we send no_renegotiation, # then try again # - we receive an empty application-data fragment; we try again while 1: for result in self._getNextRecord(): if result in (0,1): yield result recordHeader, p = result #If this is an empty application-data fragment, try again if recordHeader.type == ContentType.application_data: if p.index == len(p.bytes): continue #If we received an unexpected record type... if recordHeader.type not in expectedType: #If we received an alert... if recordHeader.type == ContentType.alert: alert = Alert().parse(p) #We either received a fatal error, a warning, or a #close_notify. In any case, we're going to close the #connection. In the latter two cases we respond with #a close_notify, but ignore any socket errors, since #the other side might have already closed the socket. if alert.level == AlertLevel.warning or \ alert.description == AlertDescription.close_notify: #If the sendMsg() call fails because the socket has #already been closed, we will be forgiving and not #report the error nor invalidate the "resumability" #of the session. try: alertMsg = Alert() alertMsg.create(AlertDescription.close_notify, AlertLevel.warning) for result in self._sendMsg(alertMsg): yield result except socket.error: pass if alert.description == \ AlertDescription.close_notify: self._shutdown(True) elif alert.level == AlertLevel.warning: self._shutdown(False) else: #Fatal alert: self._shutdown(False) #Raise the alert as an exception raise TLSRemoteAlert(alert) #If we received a renegotiation attempt... if recordHeader.type == ContentType.handshake: subType = p.get(1) reneg = False if self._client: if subType == HandshakeType.hello_request: reneg = True else: if subType == HandshakeType.client_hello: reneg = True #Send no_renegotiation, then try again if reneg: alertMsg = Alert() alertMsg.create(AlertDescription.no_renegotiation, AlertLevel.warning) for result in self._sendMsg(alertMsg): yield result continue #Otherwise: this is an unexpected record, but neither an #alert nor renegotiation for result in self._sendError(\ AlertDescription.unexpected_message, "received type=%d" % recordHeader.type): yield result break #Parse based on content_type if recordHeader.type == ContentType.change_cipher_spec: yield ChangeCipherSpec().parse(p) elif recordHeader.type == ContentType.alert: yield Alert().parse(p) elif recordHeader.type == ContentType.application_data: yield ApplicationData().parse(p) elif recordHeader.type == ContentType.handshake: #Convert secondaryType to tuple, if it isn't already if not isinstance(secondaryType, tuple): secondaryType = (secondaryType,) #If it's a handshake message, check handshake header if recordHeader.ssl2: subType = p.get(1) if subType != HandshakeType.client_hello: for result in self._sendError(\ AlertDescription.unexpected_message, "Can only handle SSLv2 ClientHello messages"): yield result if HandshakeType.client_hello not in secondaryType: for result in self._sendError(\ AlertDescription.unexpected_message): yield result subType = HandshakeType.client_hello else: subType = p.get(1) if subType not in secondaryType: for result in self._sendError(\ AlertDescription.unexpected_message, "Expecting %s, got %s" % (str(secondaryType), subType)): yield result #Update handshake hashes sToHash = bytesToString(p.bytes) self._handshake_md5.update(sToHash) self._handshake_sha.update(sToHash) #Parse based on handshake type if subType == HandshakeType.client_hello: yield ClientHello(recordHeader.ssl2).parse(p) elif subType == HandshakeType.server_hello: yield ServerHello().parse(p) elif subType == HandshakeType.certificate: yield Certificate(constructorType).parse(p) elif subType == HandshakeType.certificate_request: yield CertificateRequest().parse(p) elif subType == HandshakeType.certificate_verify: yield CertificateVerify().parse(p) elif subType == HandshakeType.server_key_exchange: yield ServerKeyExchange(constructorType).parse(p) elif subType == HandshakeType.server_hello_done: yield ServerHelloDone().parse(p) elif subType == HandshakeType.client_key_exchange: yield ClientKeyExchange(constructorType, \ self.version).parse(p) elif subType == HandshakeType.finished: yield Finished(self.version).parse(p) else: raise AssertionError() #If an exception was raised by a Parser or Message instance: except SyntaxError, e: for result in self._sendError(AlertDescription.decode_error, formatExceptionTrace(e)): yield result #Returns next record or next handshake message def _getNextRecord(self): #If there's a handshake message waiting, return it if self._handshakeBuffer: recordHeader, bytes = self._handshakeBuffer[0] self._handshakeBuffer = self._handshakeBuffer[1:] yield (recordHeader, Parser(bytes)) return #Otherwise... #Read the next record header bytes = createByteArraySequence([]) recordHeaderLength = 1 ssl2 = False while 1: try: s = self.sock.recv(recordHeaderLength-len(bytes)) except socket.error, why: if why[0] == errno.EWOULDBLOCK: yield 0 continue else: raise #If the connection was abruptly closed, raise an error if len(s)==0: raise TLSAbruptCloseError() bytes += stringToBytes(s) if len(bytes)==1: if bytes[0] in ContentType.all: ssl2 = False recordHeaderLength = 5 elif bytes[0] == 128: ssl2 = True recordHeaderLength = 2 else: raise SyntaxError() if len(bytes) == recordHeaderLength: break #Parse the record header if ssl2: r = RecordHeader2().parse(Parser(bytes)) else: r = RecordHeader3().parse(Parser(bytes)) #Check the record header fields if r.length > 18432: for result in self._sendError(AlertDescription.record_overflow): yield result #Read the record contents bytes = createByteArraySequence([]) while 1: try: s = self.sock.recv(r.length - len(bytes)) except socket.error, why: if why[0] == errno.EWOULDBLOCK: yield 0 continue else: raise #If the connection is closed, raise a socket error if len(s)==0: raise TLSAbruptCloseError() bytes += stringToBytes(s) if len(bytes) == r.length: break #Check the record header fields (2) #We do this after reading the contents from the socket, so that #if there's an error, we at least don't leave extra bytes in the #socket.. # # THIS CHECK HAS NO SECURITY RELEVANCE (?), BUT COULD HURT INTEROP. # SO WE LEAVE IT OUT FOR NOW. # #if self._versionCheck and r.version != self.version: # for result in self._sendError(AlertDescription.protocol_version, # "Version in header field: %s, should be %s" % (str(r.version), # str(self.version))): # yield result #Decrypt the record for result in self._decryptRecord(r.type, bytes): if result in (0,1): yield result else: break bytes = result p = Parser(bytes) #If it doesn't contain handshake messages, we can just return it if r.type != ContentType.handshake: yield (r, p) #If it's an SSLv2 ClientHello, we can return it as well elif r.ssl2: yield (r, p) else: #Otherwise, we loop through and add the handshake messages to the #handshake buffer while 1: if p.index == len(bytes): #If we're at the end if not self._handshakeBuffer: for result in self._sendError(\ AlertDescription.decode_error, \ "Received empty handshake record"): yield result break #There needs to be at least 4 bytes to get a header if p.index+4 > len(bytes): for result in self._sendError(\ AlertDescription.decode_error, "A record has a partial handshake message (1)"): yield result p.get(1) # skip handshake type msgLength = p.get(3) if p.index+msgLength > len(bytes): for result in self._sendError(\ AlertDescription.decode_error, "A record has a partial handshake message (2)"): yield result handshakePair = (r, bytes[p.index-4 : p.index+msgLength]) self._handshakeBuffer.append(handshakePair) p.index += msgLength #We've moved at least one handshake message into the #handshakeBuffer, return the first one recordHeader, bytes = self._handshakeBuffer[0] self._handshakeBuffer = self._handshakeBuffer[1:] yield (recordHeader, Parser(bytes)) def _decryptRecord(self, recordType, bytes): if self._readState.encContext: #Decrypt if it's a block cipher if self._readState.encContext.isBlockCipher: blockLength = self._readState.encContext.block_size if len(bytes) % blockLength != 0: for result in self._sendError(\ AlertDescription.decryption_failed, "Encrypted data not a multiple of blocksize"): yield result ciphertext = bytesToString(bytes) plaintext = self._readState.encContext.decrypt(ciphertext) if self.version == (3,2): #For TLS 1.1, remove explicit IV plaintext = plaintext[self._readState.encContext.block_size : ] bytes = stringToBytes(plaintext) #Check padding paddingGood = True paddingLength = bytes[-1] if (paddingLength+1) > len(bytes): paddingGood=False totalPaddingLength = 0 else: if self.version == (3,0): totalPaddingLength = paddingLength+1 elif self.version in ((3,1), (3,2)): totalPaddingLength = paddingLength+1 paddingBytes = bytes[-totalPaddingLength:-1] for byte in paddingBytes: if byte != paddingLength: paddingGood = False totalPaddingLength = 0 else: raise AssertionError() #Decrypt if it's a stream cipher else: paddingGood = True ciphertext = bytesToString(bytes) plaintext = self._readState.encContext.decrypt(ciphertext) bytes = stringToBytes(plaintext) totalPaddingLength = 0 #Check MAC macGood = True macLength = self._readState.macContext.digest_size endLength = macLength + totalPaddingLength if endLength > len(bytes): macGood = False else: #Read MAC startIndex = len(bytes) - endLength endIndex = startIndex + macLength checkBytes = bytes[startIndex : endIndex] #Calculate MAC seqnumStr = self._readState.getSeqNumStr() bytes = bytes[:-endLength] bytesStr = bytesToString(bytes) mac = self._readState.macContext.copy() mac.update(seqnumStr) mac.update(chr(recordType)) if self.version == (3,0): mac.update( chr( int(len(bytes)/256) ) ) mac.update( chr( int(len(bytes)%256) ) ) elif self.version in ((3,1), (3,2)): mac.update(chr(self.version[0])) mac.update(chr(self.version[1])) mac.update( chr( int(len(bytes)/256) ) ) mac.update( chr( int(len(bytes)%256) ) ) else: raise AssertionError() mac.update(bytesStr) macString = mac.digest() macBytes = stringToBytes(macString) #Compare MACs if macBytes != checkBytes: macGood = False if not (paddingGood and macGood): for result in self._sendError(AlertDescription.bad_record_mac, "MAC failure (or padding failure)"): yield result yield bytes def _handshakeStart(self, client): self._client = client self._handshake_md5 = md5.md5() self._handshake_sha = sha.sha() self._handshakeBuffer = [] self.allegedSharedKeyUsername = None self.allegedSrpUsername = None self._refCount = 1 def _handshakeDone(self, resumed): self.resumed = resumed self.closed = False def _calcPendingStates(self, clientRandom, serverRandom, implementations): if self.session.cipherSuite in CipherSuite.aes128Suites: macLength = 20 keyLength = 16 ivLength = 16 createCipherFunc = createAES elif self.session.cipherSuite in CipherSuite.aes256Suites: macLength = 20 keyLength = 32 ivLength = 16 createCipherFunc = createAES elif self.session.cipherSuite in CipherSuite.rc4Suites: macLength = 20 keyLength = 16 ivLength = 0 createCipherFunc = createRC4 elif self.session.cipherSuite in CipherSuite.tripleDESSuites: macLength = 20 keyLength = 24 ivLength = 8 createCipherFunc = createTripleDES else: raise AssertionError() if self.version == (3,0): createMACFunc = MAC_SSL elif self.version in ((3,1), (3,2)): createMACFunc = hmac.HMAC outputLength = (macLength*2) + (keyLength*2) + (ivLength*2) #Calculate Keying Material from Master Secret if self.version == (3,0): keyBlock = PRF_SSL(self.session.masterSecret, concatArrays(serverRandom, clientRandom), outputLength) elif self.version in ((3,1), (3,2)): keyBlock = PRF(self.session.masterSecret, "key expansion", concatArrays(serverRandom,clientRandom), outputLength) else: raise AssertionError() #Slice up Keying Material clientPendingState = _ConnectionState() serverPendingState = _ConnectionState() p = Parser(keyBlock) clientMACBlock = bytesToString(p.getFixBytes(macLength)) serverMACBlock = bytesToString(p.getFixBytes(macLength)) clientKeyBlock = bytesToString(p.getFixBytes(keyLength)) serverKeyBlock = bytesToString(p.getFixBytes(keyLength)) clientIVBlock = bytesToString(p.getFixBytes(ivLength)) serverIVBlock = bytesToString(p.getFixBytes(ivLength)) clientPendingState.macContext = createMACFunc(clientMACBlock, digestmod=sha) serverPendingState.macContext = createMACFunc(serverMACBlock, digestmod=sha) clientPendingState.encContext = createCipherFunc(clientKeyBlock, clientIVBlock, implementations) serverPendingState.encContext = createCipherFunc(serverKeyBlock, serverIVBlock, implementations) #Assign new connection states to pending states if self._client: self._pendingWriteState = clientPendingState self._pendingReadState = serverPendingState else: self._pendingWriteState = serverPendingState self._pendingReadState = clientPendingState if self.version == (3,2) and ivLength: #Choose fixedIVBlock for TLS 1.1 (this is encrypted with the CBC #residue to create the IV for each sent block) self.fixedIVBlock = getRandomBytes(ivLength) def _changeWriteState(self): self._writeState = self._pendingWriteState self._pendingWriteState = _ConnectionState() def _changeReadState(self): self._readState = self._pendingReadState self._pendingReadState = _ConnectionState() def _sendFinished(self): #Send ChangeCipherSpec for result in self._sendMsg(ChangeCipherSpec()): yield result #Switch to pending write state self._changeWriteState() #Calculate verification data verifyData = self._calcFinished(True) if self.fault == Fault.badFinished: verifyData[0] = (verifyData[0]+1)%256 #Send Finished message under new state finished = Finished(self.version).create(verifyData) for result in self._sendMsg(finished): yield result def _getFinished(self): #Get and check ChangeCipherSpec for result in self._getMsg(ContentType.change_cipher_spec): if result in (0,1): yield result changeCipherSpec = result if changeCipherSpec.type != 1: for result in self._sendError(AlertDescription.illegal_parameter, "ChangeCipherSpec type incorrect"): yield result #Switch to pending read state self._changeReadState() #Calculate verification data verifyData = self._calcFinished(False) #Get and check Finished message under new state for result in self._getMsg(ContentType.handshake, HandshakeType.finished): if result in (0,1): yield result finished = result if finished.verify_data != verifyData: for result in self._sendError(AlertDescription.decrypt_error, "Finished message is incorrect"): yield result def _calcFinished(self, send=True): if self.version == (3,0): if (self._client and send) or (not self._client and not send): senderStr = "\x43\x4C\x4E\x54" else: senderStr = "\x53\x52\x56\x52" verifyData = self._calcSSLHandshakeHash(self.session.masterSecret, senderStr) return verifyData elif self.version in ((3,1), (3,2)): if (self._client and send) or (not self._client and not send): label = "client finished" else: label = "server finished" handshakeHashes = stringToBytes(self._handshake_md5.digest() + \ self._handshake_sha.digest()) verifyData = PRF(self.session.masterSecret, label, handshakeHashes, 12) return verifyData else: raise AssertionError() #Used for Finished messages and CertificateVerify messages in SSL v3 def _calcSSLHandshakeHash(self, masterSecret, label): masterSecretStr = bytesToString(masterSecret) imac_md5 = self._handshake_md5.copy() imac_sha = self._handshake_sha.copy() imac_md5.update(label + masterSecretStr + '\x36'*48) imac_sha.update(label + masterSecretStr + '\x36'*40) md5Str = md5.md5(masterSecretStr + ('\x5c'*48) + \ imac_md5.digest()).digest() shaStr = sha.sha(masterSecretStr + ('\x5c'*40) + \ imac_sha.digest()).digest() return stringToBytes(md5Str + shaStr) tlslite-0.3.8/tlslite/utils/0000700000175000017500000000000010206544771015022 5ustar clintclinttlslite-0.3.8/tlslite/utils/OpenSSL_AES.py0000700000175000017500000000343610025510520017340 0ustar clintclint"""OpenSSL/M2Crypto AES implementation.""" from cryptomath import * from AES import * if m2cryptoLoaded: def new(key, mode, IV): return OpenSSL_AES(key, mode, IV) class OpenSSL_AES(AES): def __init__(self, key, mode, IV): AES.__init__(self, key, mode, IV, "openssl") self.key = key self.IV = IV def _createContext(self, encrypt): context = m2.cipher_ctx_new() if len(self.key)==16: cipherType = m2.aes_128_cbc() if len(self.key)==24: cipherType = m2.aes_192_cbc() if len(self.key)==32: cipherType = m2.aes_256_cbc() m2.cipher_init(context, cipherType, self.key, self.IV, encrypt) return context def encrypt(self, plaintext): AES.encrypt(self, plaintext) context = self._createContext(1) ciphertext = m2.cipher_update(context, plaintext) m2.cipher_ctx_free(context) self.IV = ciphertext[-self.block_size:] return ciphertext def decrypt(self, ciphertext): AES.decrypt(self, ciphertext) context = self._createContext(0) #I think M2Crypto has a bug - it fails to decrypt and return the last block passed in. #To work around this, we append sixteen zeros to the string, below: plaintext = m2.cipher_update(context, ciphertext+('\0'*16)) #If this bug is ever fixed, then plaintext will end up having a garbage #plaintext block on the end. That's okay - the below code will discard it. plaintext = plaintext[:len(ciphertext)] m2.cipher_ctx_free(context) self.IV = ciphertext[-self.block_size:] return plaintext tlslite-0.3.8/tlslite/utils/keyfactory.py0000700000175000017500000002112710130676203017552 0ustar clintclint"""Factory functions for asymmetric cryptography. @sort: generateRSAKey, parseXMLKey, parsePEMKey, parseAsPublicKey, parseAsPrivateKey """ from compat import * from RSAKey import RSAKey from Python_RSAKey import Python_RSAKey import cryptomath if cryptomath.m2cryptoLoaded: from OpenSSL_RSAKey import OpenSSL_RSAKey if cryptomath.pycryptoLoaded: from PyCrypto_RSAKey import PyCrypto_RSAKey # ************************************************************************** # Factory Functions for RSA Keys # ************************************************************************** def generateRSAKey(bits, implementations=["openssl", "python"]): """Generate an RSA key with the specified bit length. @type bits: int @param bits: Desired bit length of the new key's modulus. @rtype: L{tlslite.utils.RSAKey.RSAKey} @return: A new RSA private key. """ for implementation in implementations: if implementation == "openssl" and cryptomath.m2cryptoLoaded: return OpenSSL_RSAKey.generate(bits) elif implementation == "python": return Python_RSAKey.generate(bits) raise ValueError("No acceptable implementations") def parseXMLKey(s, private=False, public=False, implementations=["python"]): """Parse an XML-format key. The XML format used here is specific to tlslite and cryptoIDlib. The format can store the public component of a key, or the public and private components. For example:: 4a5yzB8oGNlHo866CAspAC47M4Fvx58zwK8pou... Aw== 4a5yzB8oGNlHo866CAspAC47M4Fvx58zwK8pou... Aw== JZ0TIgUxWXmL8KJ0VqyG1V0J3ern9pqIoB0xmy...

    5PreIj6z6ldIGL1V4+1C36dQFHNCQHJvW52GXc... /E/wDit8YXPCxx126zTq2ilQ3IcW54NJYyNjiZ... mKc+wX8inDowEH45Qp4slRo1YveBgExKPROu6... qDVKtBz9lk0shL5PR3ickXDgkwS576zbl2ztB... j6E8EA7dNsTImaXexAmLA1DoeArsYeFAInr... @type s: str @param s: A string containing an XML public or private key. @type private: bool @param private: If True, a L{SyntaxError} will be raised if the private key component is not present. @type public: bool @param public: If True, the private key component (if present) will be discarded, so this function will always return a public key. @rtype: L{tlslite.utils.RSAKey.RSAKey} @return: An RSA key. @raise SyntaxError: If the key is not properly formatted. """ for implementation in implementations: if implementation == "python": key = Python_RSAKey.parseXML(s) break else: raise ValueError("No acceptable implementations") return _parseKeyHelper(key, private, public) #Parse as an OpenSSL or Python key def parsePEMKey(s, private=False, public=False, passwordCallback=None, implementations=["openssl", "python"]): """Parse a PEM-format key. The PEM format is used by OpenSSL and other tools. The format is typically used to store both the public and private components of a key. For example:: -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDYscuoMzsGmW0pAYsmyHltxB2TdwHS0dImfjCMfaSDkfLdZY5+ dOWORVns9etWnr194mSGA1F0Pls/VJW8+cX9+3vtJV8zSdANPYUoQf0TP7VlJxkH dSRkUbEoz5bAAs/+970uos7n7iXQIni+3erUTdYEk2iWnMBjTljfgbK/dQIDAQAB AoGAJHoJZk75aKr7DSQNYIHuruOMdv5ZeDuJvKERWxTrVJqE32/xBKh42/IgqRrc esBN9ZregRCd7YtxoL+EVUNWaJNVx2mNmezEznrc9zhcYUrgeaVdFO2yBF1889zO gCOVwrO8uDgeyj6IKa25H6c1N13ih/o7ZzEgWbGG+ylU1yECQQDv4ZSJ4EjSh/Fl aHdz3wbBa/HKGTjC8iRy476Cyg2Fm8MZUe9Yy3udOrb5ZnS2MTpIXt5AF3h2TfYV VoFXIorjAkEA50FcJmzT8sNMrPaV8vn+9W2Lu4U7C+K/O2g1iXMaZms5PC5zV5aV CKXZWUX1fq2RaOzlbQrpgiolhXpeh8FjxwJBAOFHzSQfSsTNfttp3KUpU0LbiVvv i+spVSnA0O4rq79KpVNmK44Mq67hsW1P11QzrzTAQ6GVaUBRv0YS061td1kCQHnP wtN2tboFR6lABkJDjxoGRvlSt4SOPr7zKGgrWjeiuTZLHXSAnCY+/hr5L9Q3ZwXG 6x6iBdgLjVIe4BZQNtcCQQDXGv/gWinCNTN3MPWfTW/RGzuMYVmyBFais0/VrgdH h1dLpztmpQqfyH/zrBXQ9qL/zR4ojS6XYneO/U18WpEe -----END RSA PRIVATE KEY----- To generate a key like this with OpenSSL, run:: openssl genrsa 2048 > key.pem This format also supports password-encrypted private keys. TLS Lite can only handle password-encrypted private keys when OpenSSL and M2Crypto are installed. In this case, passwordCallback will be invoked to query the user for the password. @type s: str @param s: A string containing a PEM-encoded public or private key. @type private: bool @param private: If True, a L{SyntaxError} will be raised if the private key component is not present. @type public: bool @param public: If True, the private key component (if present) will be discarded, so this function will always return a public key. @type passwordCallback: callable @param passwordCallback: This function will be called, with no arguments, if the PEM-encoded private key is password-encrypted. The callback should return the password string. If the password is incorrect, SyntaxError will be raised. If no callback is passed and the key is password-encrypted, a prompt will be displayed at the console. @rtype: L{tlslite.utils.RSAKey.RSAKey} @return: An RSA key. @raise SyntaxError: If the key is not properly formatted. """ for implementation in implementations: if implementation == "openssl" and cryptomath.m2cryptoLoaded: key = OpenSSL_RSAKey.parse(s, passwordCallback) break elif implementation == "python": key = Python_RSAKey.parsePEM(s) break else: raise ValueError("No acceptable implementations") return _parseKeyHelper(key, private, public) def _parseKeyHelper(key, private, public): if private: if not key.hasPrivateKey(): raise SyntaxError("Not a private key!") if public: return _createPublicKey(key) if private: if hasattr(key, "d"): return _createPrivateKey(key) else: return key return key def parseAsPublicKey(s): """Parse an XML or PEM-formatted public key. @type s: str @param s: A string containing an XML or PEM-encoded public or private key. @rtype: L{tlslite.utils.RSAKey.RSAKey} @return: An RSA public key. @raise SyntaxError: If the key is not properly formatted. """ try: return parsePEMKey(s, public=True) except: return parseXMLKey(s, public=True) def parsePrivateKey(s): """Parse an XML or PEM-formatted private key. @type s: str @param s: A string containing an XML or PEM-encoded private key. @rtype: L{tlslite.utils.RSAKey.RSAKey} @return: An RSA private key. @raise SyntaxError: If the key is not properly formatted. """ try: return parsePEMKey(s, private=True) except: return parseXMLKey(s, private=True) def _createPublicKey(key): """ Create a new public key. Discard any private component, and return the most efficient key possible. """ if not isinstance(key, RSAKey): raise AssertionError() return _createPublicRSAKey(key.n, key.e) def _createPrivateKey(key): """ Create a new private key. Return the most efficient key possible. """ if not isinstance(key, RSAKey): raise AssertionError() if not key.hasPrivateKey(): raise AssertionError() return _createPrivateRSAKey(key.n, key.e, key.d, key.p, key.q, key.dP, key.dQ, key.qInv) def _createPublicRSAKey(n, e, implementations = ["openssl", "pycrypto", "python"]): for implementation in implementations: if implementation == "openssl" and cryptomath.m2cryptoLoaded: return OpenSSL_RSAKey(n, e) elif implementation == "pycrypto" and cryptomath.pycryptoLoaded: return PyCrypto_RSAKey(n, e) elif implementation == "python": return Python_RSAKey(n, e) raise ValueError("No acceptable implementations") def _createPrivateRSAKey(n, e, d, p, q, dP, dQ, qInv, implementations = ["pycrypto", "python"]): for implementation in implementations: if implementation == "pycrypto" and cryptomath.pycryptoLoaded: return PyCrypto_RSAKey(n, e, d, p, q, dP, dQ, qInv) elif implementation == "python": return Python_RSAKey(n, e, d, p, q, dP, dQ, qInv) raise ValueError("No acceptable implementations") tlslite-0.3.8/tlslite/utils/compat.py0000700000175000017500000000773410130701741016661 0ustar clintclint"""Miscellaneous functions to mask Python version differences.""" import sys import os if sys.version_info < (2,2): raise AssertionError("Python 2.2 or later required") if sys.version_info < (2,3): def enumerate(collection): return zip(range(len(collection)), collection) class Set: def __init__(self, seq=None): self.values = {} if seq: for e in seq: self.values[e] = None def add(self, e): self.values[e] = None def discard(self, e): if e in self.values.keys(): del(self.values[e]) def union(self, s): ret = Set() for e in self.values.keys(): ret.values[e] = None for e in s.values.keys(): ret.values[e] = None return ret def issubset(self, other): for e in self.values.keys(): if e not in other.values.keys(): return False return True def __nonzero__( self): return len(self.values.keys()) def __contains__(self, e): return e in self.values.keys() def __iter__(self): return iter(set.values.keys()) if os.name != "java": import array def createByteArraySequence(seq): return array.array('B', seq) def createByteArrayZeros(howMany): return array.array('B', [0] * howMany) def concatArrays(a1, a2): return a1+a2 def bytesToString(bytes): return bytes.tostring() def stringToBytes(s): bytes = createByteArrayZeros(0) bytes.fromstring(s) return bytes import math def numBits(n): if n==0: return 0 s = "%x" % n return ((len(s)-1)*4) + \ {'0':0, '1':1, '2':2, '3':2, '4':3, '5':3, '6':3, '7':3, '8':4, '9':4, 'a':4, 'b':4, 'c':4, 'd':4, 'e':4, 'f':4, }[s[0]] return int(math.floor(math.log(n, 2))+1) BaseException = Exception import sys import traceback def formatExceptionTrace(e): newStr = "".join(traceback.format_exception(sys.exc_type, sys.exc_value, sys.exc_traceback)) return newStr else: #Jython 2.1 is missing lots of python 2.3 stuff, #which we have to emulate here: #NOTE: JYTHON SUPPORT NO LONGER WORKS, DUE TO USE OF GENERATORS. #THIS CODE IS LEFT IN SO THAT ONE JYTHON UPDATES TO 2.2, IT HAS A #CHANCE OF WORKING AGAIN. import java import jarray def createByteArraySequence(seq): if isinstance(seq, type("")): #If it's a string, convert seq = [ord(c) for c in seq] return jarray.array(seq, 'h') #use short instead of bytes, cause bytes are signed def createByteArrayZeros(howMany): return jarray.zeros(howMany, 'h') #use short instead of bytes, cause bytes are signed def concatArrays(a1, a2): l = list(a1)+list(a2) return createByteArraySequence(l) #WAY TOO SLOW - MUST BE REPLACED------------ def bytesToString(bytes): return "".join([chr(b) for b in bytes]) def stringToBytes(s): bytes = createByteArrayZeros(len(s)) for count, c in enumerate(s): bytes[count] = ord(c) return bytes #WAY TOO SLOW - MUST BE REPLACED------------ def numBits(n): if n==0: return 0 n= 1L * n; #convert to long, if it isn't already return n.__tojava__(java.math.BigInteger).bitLength() #Adjust the string to an array of bytes def stringToJavaByteArray(s): bytes = jarray.zeros(len(s), 'b') for count, c in enumerate(s): x = ord(c) if x >= 128: x -= 256 bytes[count] = x return bytes BaseException = java.lang.Exception import sys import traceback def formatExceptionTrace(e): newStr = "".join(traceback.format_exception(sys.exc_type, sys.exc_value, sys.exc_traceback)) return newStrtlslite-0.3.8/tlslite/utils/PyCrypto_RC4.py0000700000175000017500000000102110025510264017617 0ustar clintclint"""PyCrypto RC4 implementation.""" from cryptomath import * from RC4 import * if pycryptoLoaded: import Crypto.Cipher.ARC4 def new(key): return PyCrypto_RC4(key) class PyCrypto_RC4(RC4): def __init__(self, key): RC4.__init__(self, key, "pycrypto") self.context = Crypto.Cipher.ARC4.new(key) def encrypt(self, plaintext): return self.context.encrypt(plaintext) def decrypt(self, ciphertext): return self.context.decrypt(ciphertext)tlslite-0.3.8/tlslite/utils/win32prng.c0000700000175000017500000000225610130673244017021 0ustar clintclint #include "Python.h" #define _WIN32_WINNT 0x0400 /* Needed for CryptoAPI on some systems */ #include static PyObject* getRandomBytes(PyObject *self, PyObject *args) { int howMany; HCRYPTPROV hCryptProv; unsigned char* bytes = NULL; PyObject* returnVal = NULL; /* Read Arguments */ if (!PyArg_ParseTuple(args, "i", &howMany)) return(NULL); /* Get Context */ if(CryptAcquireContext( &hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == 0) return Py_BuildValue("s#", NULL, 0); /* Allocate bytes */ bytes = malloc(howMany); /* Get random data */ if(CryptGenRandom( hCryptProv, howMany, bytes) == 0) returnVal = Py_BuildValue("s#", NULL, 0); else returnVal = Py_BuildValue("s#", bytes, howMany); free(bytes); CryptReleaseContext(hCryptProv, 0); return returnVal; } /* List of functions exported by this module */ static struct PyMethodDef win32prng_functions[] = { {"getRandomBytes", (PyCFunction)getRandomBytes, METH_VARARGS}, {NULL, NULL} /* Sentinel */ }; /* Initialize this module. */ DL_EXPORT(void) initwin32prng(void) { Py_InitModule("win32prng", win32prng_functions); } tlslite-0.3.8/tlslite/utils/RSAKey.py0000700000175000017500000002057710027164144016501 0ustar clintclint"""Abstract class for RSA.""" from cryptomath import * class RSAKey: """This is an abstract base class for RSA keys. Particular implementations of RSA keys, such as L{OpenSSL_RSAKey.OpenSSL_RSAKey}, L{Python_RSAKey.Python_RSAKey}, and L{PyCrypto_RSAKey.PyCrypto_RSAKey}, inherit from this. To create or parse an RSA key, don't use one of these classes directly. Instead, use the factory functions in L{tlslite.utils.keyfactory}. """ def __init__(self, n=0, e=0): """Create a new RSA key. If n and e are passed in, the new key will be initialized. @type n: int @param n: RSA modulus. @type e: int @param e: RSA public exponent. """ raise NotImplementedError() def __len__(self): """Return the length of this key in bits. @rtype: int """ return numBits(self.n) def hasPrivateKey(self): """Return whether or not this key has a private component. @rtype: bool """ raise NotImplementedError() def hash(self): """Return the cryptoID value corresponding to this key. @rtype: str """ raise NotImplementedError() def getSigningAlgorithm(self): """Return the cryptoID sigAlgo value corresponding to this key. @rtype: str """ return "pkcs1-sha1" def hashAndSign(self, bytes): """Hash and sign the passed-in bytes. This requires the key to have a private component. It performs a PKCS1-SHA1 signature on the passed-in data. @type bytes: str or L{array.array} of unsigned bytes @param bytes: The value which will be hashed and signed. @rtype: L{array.array} of unsigned bytes. @return: A PKCS1-SHA1 signature on the passed-in data. """ if not isinstance(bytes, type("")): bytes = bytesToString(bytes) hashBytes = stringToBytes(sha.sha(bytes).digest()) prefixedHashBytes = self._addPKCS1SHA1Prefix(hashBytes) sigBytes = self.sign(prefixedHashBytes) return sigBytes def hashAndVerify(self, sigBytes, bytes): """Hash and verify the passed-in bytes with the signature. This verifies a PKCS1-SHA1 signature on the passed-in data. @type sigBytes: L{array.array} of unsigned bytes @param sigBytes: A PKCS1-SHA1 signature. @type bytes: str or L{array.array} of unsigned bytes @param bytes: The value which will be hashed and verified. @rtype: bool @return: Whether the signature matches the passed-in data. """ if not isinstance(bytes, type("")): bytes = bytesToString(bytes) hashBytes = stringToBytes(sha.sha(bytes).digest()) prefixedHashBytes = self._addPKCS1SHA1Prefix(hashBytes) return self.verify(sigBytes, prefixedHashBytes) def sign(self, bytes): """Sign the passed-in bytes. This requires the key to have a private component. It performs a PKCS1 signature on the passed-in data. @type bytes: L{array.array} of unsigned bytes @param bytes: The value which will be signed. @rtype: L{array.array} of unsigned bytes. @return: A PKCS1 signature on the passed-in data. """ if not self.hasPrivateKey(): raise AssertionError() paddedBytes = self._addPKCS1Padding(bytes, 1) m = bytesToNumber(paddedBytes) if m >= self.n: raise ValueError() c = self._rawPrivateKeyOp(m) sigBytes = numberToBytes(c) return sigBytes def verify(self, sigBytes, bytes): """Verify the passed-in bytes with the signature. This verifies a PKCS1 signature on the passed-in data. @type sigBytes: L{array.array} of unsigned bytes @param sigBytes: A PKCS1 signature. @type bytes: L{array.array} of unsigned bytes @param bytes: The value which will be verified. @rtype: bool @return: Whether the signature matches the passed-in data. """ paddedBytes = self._addPKCS1Padding(bytes, 1) c = bytesToNumber(sigBytes) if c >= self.n: return False m = self._rawPublicKeyOp(c) checkBytes = numberToBytes(m) return checkBytes == paddedBytes def encrypt(self, bytes): """Encrypt the passed-in bytes. This performs PKCS1 encryption of the passed-in data. @type bytes: L{array.array} of unsigned bytes @param bytes: The value which will be encrypted. @rtype: L{array.array} of unsigned bytes. @return: A PKCS1 encryption of the passed-in data. """ paddedBytes = self._addPKCS1Padding(bytes, 2) m = bytesToNumber(paddedBytes) if m >= self.n: raise ValueError() c = self._rawPublicKeyOp(m) encBytes = numberToBytes(c) return encBytes def decrypt(self, encBytes): """Decrypt the passed-in bytes. This requires the key to have a private component. It performs PKCS1 decryption of the passed-in data. @type encBytes: L{array.array} of unsigned bytes @param encBytes: The value which will be decrypted. @rtype: L{array.array} of unsigned bytes or None. @return: A PKCS1 decryption of the passed-in data or None if the data is not properly formatted. """ if not self.hasPrivateKey(): raise AssertionError() c = bytesToNumber(encBytes) if c >= self.n: return None m = self._rawPrivateKeyOp(c) decBytes = numberToBytes(m) if (len(decBytes) != numBytes(self.n)-1): #Check first byte return None if decBytes[0] != 2: #Check second byte return None for x in range(len(decBytes)-1): #Scan through for zero separator if decBytes[x]== 0: break else: return None return decBytes[x+1:] #Return everything after the separator def _rawPrivateKeyOp(self, m): raise NotImplementedError() def _rawPublicKeyOp(self, c): raise NotImplementedError() def acceptsPassword(self): """Return True if the write() method accepts a password for use in encrypting the private key. @rtype: bool """ raise NotImplementedError() def write(self, password=None): """Return a string containing the key. @rtype: str @return: A string describing the key, in whichever format (PEM or XML) is native to the implementation. """ raise NotImplementedError() def writeXMLPublicKey(self, indent=''): """Return a string containing the key. @rtype: str @return: A string describing the public key, in XML format. """ return Python_RSAKey(self.n, self.e).write(indent) def generate(bits): """Generate a new key with the specified bit length. @rtype: L{tlslite.utils.RSAKey.RSAKey} """ raise NotImplementedError() generate = staticmethod(generate) # ************************************************************************** # Helper Functions for RSA Keys # ************************************************************************** def _addPKCS1SHA1Prefix(self, bytes): prefixBytes = createByteArraySequence(\ [48,33,48,9,6,5,43,14,3,2,26,5,0,4,20]) prefixedBytes = prefixBytes + bytes return prefixedBytes def _addPKCS1Padding(self, bytes, blockType): padLength = (numBytes(self.n) - (len(bytes)+3)) if blockType == 1: #Signature padding pad = [0xFF] * padLength elif blockType == 2: #Encryption padding pad = createByteArraySequence([]) while len(pad) < padLength: padBytes = getRandomBytes(padLength * 2) pad = [b for b in padBytes if b != 0] pad = pad[:padLength] else: raise AssertionError() #NOTE: To be proper, we should add [0,blockType]. However, #the zero is lost when the returned padding is converted #to a number, so we don't even bother with it. Also, #adding it would cause a misalignment in verify() padding = createByteArraySequence([blockType] + pad + [0]) paddedBytes = padding + bytes return paddedBytes tlslite-0.3.8/tlslite/utils/hmac.py0000700000175000017500000000632610025511254016303 0ustar clintclint"""HMAC (Keyed-Hashing for Message Authentication) Python module. Implements the HMAC algorithm as described by RFC 2104. (This file is modified from the standard library version to do faster copying) """ def _strxor(s1, s2): """Utility method. XOR the two strings s1 and s2 (must have same length). """ return "".join(map(lambda x, y: chr(ord(x) ^ ord(y)), s1, s2)) # The size of the digests returned by HMAC depends on the underlying # hashing module used. digest_size = None class HMAC: """RFC2104 HMAC class. This supports the API for Cryptographic Hash Functions (PEP 247). """ def __init__(self, key, msg = None, digestmod = None): """Create a new HMAC object. key: key for the keyed hash object. msg: Initial input for the hash, if provided. digestmod: A module supporting PEP 247. Defaults to the md5 module. """ if digestmod is None: import md5 digestmod = md5 if key == None: #TREVNEW - for faster copying return #TREVNEW self.digestmod = digestmod self.outer = digestmod.new() self.inner = digestmod.new() self.digest_size = digestmod.digest_size blocksize = 64 ipad = "\x36" * blocksize opad = "\x5C" * blocksize if len(key) > blocksize: key = digestmod.new(key).digest() key = key + chr(0) * (blocksize - len(key)) self.outer.update(_strxor(key, opad)) self.inner.update(_strxor(key, ipad)) if msg is not None: self.update(msg) ## def clear(self): ## raise NotImplementedError, "clear() method not available in HMAC." def update(self, msg): """Update this hashing object with the string msg. """ self.inner.update(msg) def copy(self): """Return a separate copy of this hashing object. An update to this copy won't affect the original object. """ other = HMAC(None) #TREVNEW - for faster copying other.digest_size = self.digest_size #TREVNEW other.digestmod = self.digestmod other.inner = self.inner.copy() other.outer = self.outer.copy() return other def digest(self): """Return the hash value of this hashing object. This returns a string containing 8-bit data. The object is not altered in any way by this function; you can continue updating the object after calling this function. """ h = self.outer.copy() h.update(self.inner.digest()) return h.digest() def hexdigest(self): """Like digest(), but returns a string of hexadecimal digits instead. """ return "".join([hex(ord(x))[2:].zfill(2) for x in tuple(self.digest())]) def new(key, msg = None, digestmod = None): """Create a new hashing object and return it. key: The starting key for the hash. msg: if available, will immediately be hashed into the object's starting state. You can now feed arbitrary strings into the object using its update() method, and can ask for the hash value at any time by calling its digest() method. """ return HMAC(key, msg, digestmod) tlslite-0.3.8/tlslite/utils/dateFuncs.py0000700000175000017500000000420510016012501017270 0ustar clintclint import os #Functions for manipulating datetime objects #CCYY-MM-DDThh:mm:ssZ def parseDateClass(s): year, month, day = s.split("-") day, tail = day[:2], day[2:] hour, minute, second = tail[1:].split(":") second = second[:2] year, month, day = int(year), int(month), int(day) hour, minute, second = int(hour), int(minute), int(second) return createDateClass(year, month, day, hour, minute, second) if os.name != "java": from datetime import datetime, timedelta #Helper functions for working with a date/time class def createDateClass(year, month, day, hour, minute, second): return datetime(year, month, day, hour, minute, second) def printDateClass(d): #Split off fractional seconds, append 'Z' return d.isoformat().split(".")[0]+"Z" def getNow(): return datetime.utcnow() def getHoursFromNow(hours): return datetime.utcnow() + timedelta(hours=hours) def getMinutesFromNow(minutes): return datetime.utcnow() + timedelta(minutes=minutes) def isDateClassExpired(d): return d < datetime.utcnow() def isDateClassBefore(d1, d2): return d1 < d2 else: #Jython 2.1 is missing lots of python 2.3 stuff, #which we have to emulate here: import java import jarray def createDateClass(year, month, day, hour, minute, second): c = java.util.Calendar.getInstance() c.setTimeZone(java.util.TimeZone.getTimeZone("UTC")) c.set(year, month-1, day, hour, minute, second) return c def printDateClass(d): return "%04d-%02d-%02dT%02d:%02d:%02dZ" % \ (d.get(d.YEAR), d.get(d.MONTH)+1, d.get(d.DATE), \ d.get(d.HOUR_OF_DAY), d.get(d.MINUTE), d.get(d.SECOND)) def getNow(): c = java.util.Calendar.getInstance() c.setTimeZone(java.util.TimeZone.getTimeZone("UTC")) c.get(c.HOUR) #force refresh? return c def getHoursFromNow(hours): d = getNow() d.add(d.HOUR, hours) return d def isDateClassExpired(d): n = getNow() return d.before(n) def isDateClassBefore(d1, d2): return d1.before(d2) tlslite-0.3.8/tlslite/utils/__init__.py0000700000175000017500000000143410130676125017133 0ustar clintclint"""Toolkit for crypto and other stuff.""" __all__ = ["AES", "ASN1Parser", "cipherfactory", "codec", "Cryptlib_AES", "Cryptlib_RC4", "Cryptlib_TripleDES", "cryptomath: cryptomath module", "dateFuncs", "hmac", "JCE_RSAKey", "compat", "keyfactory", "OpenSSL_AES", "OpenSSL_RC4", "OpenSSL_RSAKey", "OpenSSL_TripleDES", "PyCrypto_AES", "PyCrypto_RC4", "PyCrypto_RSAKey", "PyCrypto_TripleDES", "Python_AES", "Python_RC4", "Python_RSAKey", "RC4", "rijndael", "RSAKey", "TripleDES", "xmltools"] tlslite-0.3.8/tlslite/utils/Cryptlib_AES.py0000700000175000017500000000252410025507713017654 0ustar clintclint"""Cryptlib AES implementation.""" from cryptomath import * from AES import * if cryptlibpyLoaded: def new(key, mode, IV): return Cryptlib_AES(key, mode, IV) class Cryptlib_AES(AES): def __init__(self, key, mode, IV): AES.__init__(self, key, mode, IV, "cryptlib") self.context = cryptlib_py.cryptCreateContext(cryptlib_py.CRYPT_UNUSED, cryptlib_py.CRYPT_ALGO_AES) cryptlib_py.cryptSetAttribute(self.context, cryptlib_py.CRYPT_CTXINFO_MODE, cryptlib_py.CRYPT_MODE_CBC) cryptlib_py.cryptSetAttribute(self.context, cryptlib_py.CRYPT_CTXINFO_KEYSIZE, len(key)) cryptlib_py.cryptSetAttributeString(self.context, cryptlib_py.CRYPT_CTXINFO_KEY, key) cryptlib_py.cryptSetAttributeString(self.context, cryptlib_py.CRYPT_CTXINFO_IV, IV) def __del__(self): cryptlib_py.cryptDestroyContext(self.context) def encrypt(self, plaintext): AES.encrypt(self, plaintext) bytes = stringToBytes(plaintext) cryptlib_py.cryptEncrypt(self.context, bytes) return bytesToString(bytes) def decrypt(self, ciphertext): AES.decrypt(self, ciphertext) bytes = stringToBytes(ciphertext) cryptlib_py.cryptDecrypt(self.context, bytes) return bytesToString(bytes) tlslite-0.3.8/tlslite/utils/PyCrypto_AES.py0000700000175000017500000000110110025510254017635 0ustar clintclint"""PyCrypto AES implementation.""" from cryptomath import * from AES import * if pycryptoLoaded: import Crypto.Cipher.AES def new(key, mode, IV): return PyCrypto_AES(key, mode, IV) class PyCrypto_AES(AES): def __init__(self, key, mode, IV): AES.__init__(self, key, mode, IV, "pycrypto") self.context = Crypto.Cipher.AES.new(key, mode, IV) def encrypt(self, plaintext): return self.context.encrypt(plaintext) def decrypt(self, ciphertext): return self.context.decrypt(ciphertext)tlslite-0.3.8/tlslite/utils/cryptomath.py0000700000175000017500000002644710130676175017606 0ustar clintclint"""cryptomath module This module has basic math/crypto code.""" import os import math import base64 import binascii import sha from compat import * # ************************************************************************** # Load Optional Modules # ************************************************************************** # Try to load M2Crypto/OpenSSL try: from M2Crypto import m2 m2cryptoLoaded = True except ImportError: m2cryptoLoaded = False # Try to load cryptlib try: import cryptlib_py try: cryptlib_py.cryptInit() except cryptlib_py.CryptException, e: #If tlslite and cryptoIDlib are both present, #they might each try to re-initialize this, #so we're tolerant of that. if e[0] != cryptlib_py.CRYPT_ERROR_INITED: raise cryptlibpyLoaded = True except ImportError: cryptlibpyLoaded = False #Try to load GMPY try: import gmpy gmpyLoaded = True except ImportError: gmpyLoaded = False #Try to load pycrypto try: import Crypto.Cipher.AES pycryptoLoaded = True except ImportError: pycryptoLoaded = False # ************************************************************************** # PRNG Functions # ************************************************************************** # Get os.urandom PRNG try: os.urandom(1) def getRandomBytes(howMany): return stringToBytes(os.urandom(howMany)) prngName = "os.urandom" except: # Else get cryptlib PRNG if cryptlibpyLoaded: def getRandomBytes(howMany): randomKey = cryptlib_py.cryptCreateContext(cryptlib_py.CRYPT_UNUSED, cryptlib_py.CRYPT_ALGO_AES) cryptlib_py.cryptSetAttribute(randomKey, cryptlib_py.CRYPT_CTXINFO_MODE, cryptlib_py.CRYPT_MODE_OFB) cryptlib_py.cryptGenerateKey(randomKey) bytes = createByteArrayZeros(howMany) cryptlib_py.cryptEncrypt(randomKey, bytes) return bytes prngName = "cryptlib" else: #Else get UNIX /dev/urandom PRNG try: devRandomFile = open("/dev/urandom", "rb") def getRandomBytes(howMany): return stringToBytes(devRandomFile.read(howMany)) prngName = "/dev/urandom" except IOError: #Else get Win32 CryptoAPI PRNG try: import win32prng def getRandomBytes(howMany): s = win32prng.getRandomBytes(howMany) if len(s) != howMany: raise AssertionError() return stringToBytes(s) prngName ="CryptoAPI" except ImportError: #Else no PRNG :-( def getRandomBytes(howMany): raise NotImplementedError("No Random Number Generator "\ "available.") prngName = "None" # ************************************************************************** # Converter Functions # ************************************************************************** def bytesToNumber(bytes): total = 0L multiplier = 1L for count in range(len(bytes)-1, -1, -1): byte = bytes[count] total += multiplier * byte multiplier *= 256 return total def numberToBytes(n): howManyBytes = numBytes(n) bytes = createByteArrayZeros(howManyBytes) for count in range(howManyBytes-1, -1, -1): bytes[count] = int(n % 256) n >>= 8 return bytes def bytesToBase64(bytes): s = bytesToString(bytes) return stringToBase64(s) def base64ToBytes(s): s = base64ToString(s) return stringToBytes(s) def numberToBase64(n): bytes = numberToBytes(n) return bytesToBase64(bytes) def base64ToNumber(s): bytes = base64ToBytes(s) return bytesToNumber(bytes) def stringToNumber(s): bytes = stringToBytes(s) return bytesToNumber(bytes) def numberToString(s): bytes = numberToBytes(s) return bytesToString(bytes) def base64ToString(s): try: return base64.decodestring(s) except binascii.Error, e: raise SyntaxError(e) except binascii.Incomplete, e: raise SyntaxError(e) def stringToBase64(s): return base64.encodestring(s).replace("\n", "") def mpiToNumber(mpi): #mpi is an openssl-format bignum string if (ord(mpi[4]) & 0x80) !=0: #Make sure this is a positive number raise AssertionError() bytes = stringToBytes(mpi[4:]) return bytesToNumber(bytes) def numberToMPI(n): bytes = numberToBytes(n) ext = 0 #If the high-order bit is going to be set, #add an extra byte of zeros if (numBits(n) & 0x7)==0: ext = 1 length = numBytes(n) + ext bytes = concatArrays(createByteArrayZeros(4+ext), bytes) bytes[0] = (length >> 24) & 0xFF bytes[1] = (length >> 16) & 0xFF bytes[2] = (length >> 8) & 0xFF bytes[3] = length & 0xFF return bytesToString(bytes) # ************************************************************************** # Misc. Utility Functions # ************************************************************************** def numBytes(n): if n==0: return 0 bits = numBits(n) return int(math.ceil(bits / 8.0)) def hashAndBase64(s): return stringToBase64(sha.sha(s).digest()) def getBase64Nonce(numChars=22): #defaults to an 132 bit nonce bytes = getRandomBytes(numChars) bytesStr = "".join([chr(b) for b in bytes]) return stringToBase64(bytesStr)[:numChars] # ************************************************************************** # Big Number Math # ************************************************************************** def getRandomNumber(low, high): if low >= high: raise AssertionError() howManyBits = numBits(high) howManyBytes = numBytes(high) lastBits = howManyBits % 8 while 1: bytes = getRandomBytes(howManyBytes) if lastBits: bytes[0] = bytes[0] % (1 << lastBits) n = bytesToNumber(bytes) if n >= low and n < high: return n def gcd(a,b): a, b = max(a,b), min(a,b) while b: a, b = b, a % b return a def lcm(a, b): #This will break when python division changes, but we can't use // cause #of Jython return (a * b) / gcd(a, b) #Returns inverse of a mod b, zero if none #Uses Extended Euclidean Algorithm def invMod(a, b): c, d = a, b uc, ud = 1, 0 while c != 0: #This will break when python division changes, but we can't use // #cause of Jython q = d / c c, d = d-(q*c), c uc, ud = ud - (q * uc), uc if d == 1: return ud % b return 0 if gmpyLoaded: def powMod(base, power, modulus): base = gmpy.mpz(base) power = gmpy.mpz(power) modulus = gmpy.mpz(modulus) result = pow(base, power, modulus) return long(result) else: #Copied from Bryan G. Olson's post to comp.lang.python #Does left-to-right instead of pow()'s right-to-left, #thus about 30% faster than the python built-in with small bases def powMod(base, power, modulus): nBitScan = 5 """ Return base**power mod modulus, using multi bit scanning with nBitScan bits at a time.""" #TREV - Added support for negative exponents negativeResult = False if (power < 0): power *= -1 negativeResult = True exp2 = 2**nBitScan mask = exp2 - 1 # Break power into a list of digits of nBitScan bits. # The list is recursive so easy to read in reverse direction. nibbles = None while power: nibbles = int(power & mask), nibbles power = power >> nBitScan # Make a table of powers of base up to 2**nBitScan - 1 lowPowers = [1] for i in xrange(1, exp2): lowPowers.append((lowPowers[i-1] * base) % modulus) # To exponentiate by the first nibble, look it up in the table nib, nibbles = nibbles prod = lowPowers[nib] # For the rest, square nBitScan times, then multiply by # base^nibble while nibbles: nib, nibbles = nibbles for i in xrange(nBitScan): prod = (prod * prod) % modulus if nib: prod = (prod * lowPowers[nib]) % modulus #TREV - Added support for negative exponents if negativeResult: prodInv = invMod(prod, modulus) #Check to make sure the inverse is correct if (prod * prodInv) % modulus != 1: raise AssertionError() return prodInv return prod #Pre-calculate a sieve of the ~100 primes < 1000: def makeSieve(n): sieve = range(n) for count in range(2, int(math.sqrt(n))): if sieve[count] == 0: continue x = sieve[count] * 2 while x < len(sieve): sieve[x] = 0 x += sieve[count] sieve = [x for x in sieve[2:] if x] return sieve sieve = makeSieve(1000) def isPrime(n, iterations=5, display=False): #Trial division with sieve for x in sieve: if x >= n: return True if n % x == 0: return False #Passed trial division, proceed to Rabin-Miller #Rabin-Miller implemented per Ferguson & Schneier #Compute s, t for Rabin-Miller if display: print "*", s, t = n-1, 0 while s % 2 == 0: s, t = s/2, t+1 #Repeat Rabin-Miller x times a = 2 #Use 2 as a base for first iteration speedup, per HAC for count in range(iterations): v = powMod(a, s, n) if v==1: continue i = 0 while v != n-1: if i == t-1: return False else: v, i = powMod(v, 2, n), i+1 a = getRandomNumber(2, n) return True def getRandomPrime(bits, display=False): if bits < 10: raise AssertionError() #The 1.5 ensures the 2 MSBs are set #Thus, when used for p,q in RSA, n will have its MSB set # #Since 30 is lcm(2,3,5), we'll set our test numbers to #29 % 30 and keep them there low = (2L ** (bits-1)) * 3/2 high = 2L ** bits - 30 p = getRandomNumber(low, high) p += 29 - (p % 30) while 1: if display: print ".", p += 30 if p >= high: p = getRandomNumber(low, high) p += 29 - (p % 30) if isPrime(p, display=display): return p #Unused at the moment... def getRandomSafePrime(bits, display=False): if bits < 10: raise AssertionError() #The 1.5 ensures the 2 MSBs are set #Thus, when used for p,q in RSA, n will have its MSB set # #Since 30 is lcm(2,3,5), we'll set our test numbers to #29 % 30 and keep them there low = (2 ** (bits-2)) * 3/2 high = (2 ** (bits-1)) - 30 q = getRandomNumber(low, high) q += 29 - (q % 30) while 1: if display: print ".", q += 30 if (q >= high): q = getRandomNumber(low, high) q += 29 - (q % 30) #Ideas from Tom Wu's SRP code #Do trial division on p and q before Rabin-Miller if isPrime(q, 0, display=display): p = (2 * q) + 1 if isPrime(p, display=display): if isPrime(q, display=display): return p tlslite-0.3.8/tlslite/utils/PyCrypto_RSAKey.py0000700000175000017500000000342610026002742020336 0ustar clintclint"""PyCrypto RSA implementation.""" from cryptomath import * from RSAKey import * from Python_RSAKey import Python_RSAKey if pycryptoLoaded: from Crypto.PublicKey import RSA class PyCrypto_RSAKey(RSAKey): def __init__(self, n=0, e=0, d=0, p=0, q=0, dP=0, dQ=0, qInv=0): if not d: self.rsa = RSA.construct( (n, e) ) else: self.rsa = RSA.construct( (n, e, d, p, q) ) def __getattr__(self, name): return getattr(self.rsa, name) def hasPrivateKey(self): return self.rsa.has_private() def hash(self): return Python_RSAKey(self.n, self.e).hash() def _rawPrivateKeyOp(self, m): s = numberToString(m) byteLength = numBytes(self.n) if len(s)== byteLength: pass elif len(s) == byteLength-1: s = '\0' + s else: raise AssertionError() c = stringToNumber(self.rsa.decrypt((s,))) return c def _rawPublicKeyOp(self, c): s = numberToString(c) byteLength = numBytes(self.n) if len(s)== byteLength: pass elif len(s) == byteLength-1: s = '\0' + s else: raise AssertionError() m = stringToNumber(self.rsa.encrypt(s, None)[0]) return m def writeXMLPublicKey(self, indent=''): return Python_RSAKey(self.n, self.e).write(indent) def generate(bits): key = PyCrypto_RSAKey() def f(numBytes): return bytesToString(getRandomBytes(numBytes)) key.rsa = RSA.generate(bits, f) return key generate = staticmethod(generate) tlslite-0.3.8/tlslite/utils/TripleDES.py0000700000175000017500000000140010130676221017155 0ustar clintclint"""Abstract class for 3DES.""" from compat import * #For True class TripleDES: def __init__(self, key, mode, IV, implementation): if len(key) != 24: raise ValueError() if mode != 2: raise ValueError() if len(IV) != 8: raise ValueError() self.isBlockCipher = True self.block_size = 8 self.implementation = implementation self.name = "3des" #CBC-Mode encryption, returns ciphertext #WARNING: *MAY* modify the input as well def encrypt(self, plaintext): assert(len(plaintext) % 8 == 0) #CBC-Mode decryption, returns plaintext #WARNING: *MAY* modify the input as well def decrypt(self, ciphertext): assert(len(ciphertext) % 8 == 0) tlslite-0.3.8/tlslite/utils/entropy.c0000700000175000017500000001127510043077535016675 0ustar clintclint #include "Python.h" #ifdef MS_WINDOWS /* The following #define is not needed on VC6 with the Platform SDK, and it may not be needed on VC7, I'm not sure. I don't think it hurts anything.*/ #define _WIN32_WINNT 0x0400 #include typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTA)(HCRYPTPROV *phProv,\ LPCSTR pszContainer, LPCSTR pszProvider, DWORD dwProvType,\ DWORD dwFlags ); typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV hProv, DWORD dwLen,\ BYTE *pbBuffer ); typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV hProv,\ DWORD dwFlags); static PyObject* entropy(PyObject *self, PyObject *args) { int howMany = 0; HINSTANCE hAdvAPI32 = NULL; CRYPTACQUIRECONTEXTA pCryptAcquireContextA = NULL; CRYPTGENRANDOM pCryptGenRandom = NULL; CRYPTRELEASECONTEXT pCryptReleaseContext = NULL; HCRYPTPROV hCryptProv = 0; unsigned char* bytes = NULL; PyObject* returnVal = NULL; /* Read arguments */ if (!PyArg_ParseTuple(args, "i", &howMany)) return(NULL); /* Obtain handle to the DLL containing CryptoAPI This should not fail */ if( (hAdvAPI32 = GetModuleHandle("advapi32.dll")) == NULL) { PyErr_Format(PyExc_SystemError, "Advapi32.dll not found"); return NULL; } /* Obtain pointers to the CryptoAPI functions This will fail on some early version of Win95 */ pCryptAcquireContextA = (CRYPTACQUIRECONTEXTA)GetProcAddress(hAdvAPI32,\ "CryptAcquireContextA"); pCryptGenRandom = (CRYPTGENRANDOM)GetProcAddress(hAdvAPI32,\ "CryptGenRandom"); pCryptReleaseContext = (CRYPTRELEASECONTEXT) GetProcAddress(hAdvAPI32,\ "CryptReleaseContext"); if (pCryptAcquireContextA == NULL || pCryptGenRandom == NULL || pCryptReleaseContext == NULL) { PyErr_Format(PyExc_NotImplementedError, "CryptoAPI not available on this version of Windows"); return NULL; } /* Allocate bytes */ if ((bytes = (unsigned char*)PyMem_Malloc(howMany)) == NULL) return PyErr_NoMemory(); /* Acquire context */ if(!pCryptAcquireContextA(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { PyErr_Format(PyExc_SystemError, "CryptAcquireContext failed, error %d", GetLastError()); PyMem_Free(bytes); return NULL; } /* Get random data */ if(!pCryptGenRandom(hCryptProv, howMany, bytes)) { PyErr_Format(PyExc_SystemError, "CryptGenRandom failed, error %d", GetLastError()); PyMem_Free(bytes); CryptReleaseContext(hCryptProv, 0); return NULL; } /* Build return value */ returnVal = Py_BuildValue("s#", bytes, howMany); PyMem_Free(bytes); /* Release context */ if (!pCryptReleaseContext(hCryptProv, 0)) { PyErr_Format(PyExc_SystemError, "CryptReleaseContext failed, error %d", GetLastError()); return NULL; } return returnVal; } #elif defined(HAVE_UNISTD_H) && defined(HAVE_FCNTL_H) #include #include static PyObject* entropy(PyObject *self, PyObject *args) { int howMany; int fd; unsigned char* bytes = NULL; PyObject* returnVal = NULL; /* Read arguments */ if (!PyArg_ParseTuple(args, "i", &howMany)) return(NULL); /* Allocate bytes */ if ((bytes = (unsigned char*)PyMem_Malloc(howMany)) == NULL) return PyErr_NoMemory(); /* Open device */ if ((fd = open("/dev/urandom", O_RDONLY, 0)) == -1) { PyErr_Format(PyExc_NotImplementedError, "No entropy source found"); PyMem_Free(bytes); return NULL; } /* Get random data */ if (read(fd, bytes, howMany) < howMany) { PyErr_Format(PyExc_SystemError, "Reading from /dev/urandom failed"); PyMem_Free(bytes); close(fd); return NULL; } /* Build return value */ returnVal = Py_BuildValue("s#", bytes, howMany); PyMem_Free(bytes); /* Close device */ close(fd); return returnVal; } #else static PyObject* entropy(PyObject *self, PyObject *args) { PyErr_Format(PyExc_NotImplementedError, "Function not supported"); return NULL; } #endif /* List of functions exported by this module */ static struct PyMethodDef entropy_functions[] = { {"entropy", (PyCFunction)entropy, METH_VARARGS, "Return a string of random bytes produced by a platform-specific\nentropy source."}, {NULL, NULL} /* Sentinel */ }; /* Initialize this module. */ PyMODINIT_FUNC initentropy(void) { Py_InitModule("entropy", entropy_functions); }tlslite-0.3.8/tlslite/utils/OpenSSL_TripleDES.py0000700000175000017500000000320210025510541020515 0ustar clintclint"""OpenSSL/M2Crypto 3DES implementation.""" from cryptomath import * from TripleDES import * if m2cryptoLoaded: def new(key, mode, IV): return OpenSSL_TripleDES(key, mode, IV) class OpenSSL_TripleDES(TripleDES): def __init__(self, key, mode, IV): TripleDES.__init__(self, key, mode, IV, "openssl") self.key = key self.IV = IV def _createContext(self, encrypt): context = m2.cipher_ctx_new() cipherType = m2.des_ede3_cbc() m2.cipher_init(context, cipherType, self.key, self.IV, encrypt) return context def encrypt(self, plaintext): TripleDES.encrypt(self, plaintext) context = self._createContext(1) ciphertext = m2.cipher_update(context, plaintext) m2.cipher_ctx_free(context) self.IV = ciphertext[-self.block_size:] return ciphertext def decrypt(self, ciphertext): TripleDES.decrypt(self, ciphertext) context = self._createContext(0) #I think M2Crypto has a bug - it fails to decrypt and return the last block passed in. #To work around this, we append sixteen zeros to the string, below: plaintext = m2.cipher_update(context, ciphertext+('\0'*16)) #If this bug is ever fixed, then plaintext will end up having a garbage #plaintext block on the end. That's okay - the below code will ignore it. plaintext = plaintext[:len(ciphertext)] m2.cipher_ctx_free(context) self.IV = ciphertext[-self.block_size:] return plaintexttlslite-0.3.8/tlslite/utils/rijndael.py0000700000175000017500000002611510016012503017152 0ustar clintclint""" A pure python (slow) implementation of rijndael with a decent interface To include - from rijndael import rijndael To do a key setup - r = rijndael(key, block_size = 16) key must be a string of length 16, 24, or 32 blocksize must be 16, 24, or 32. Default is 16 To use - ciphertext = r.encrypt(plaintext) plaintext = r.decrypt(ciphertext) If any strings are of the wrong length a ValueError is thrown """ # ported from the Java reference code by Bram Cohen, bram@gawth.com, April 2001 # this code is public domain, unless someone makes # an intellectual property claim against the reference # code, in which case it can be made public domain by # deleting all the comments and renaming all the variables import copy import string #----------------------- #TREV - ADDED BECAUSE THERE'S WARNINGS ABOUT INT OVERFLOW BEHAVIOR CHANGING IN #2.4..... import os if os.name != "java": import exceptions if hasattr(exceptions, "FutureWarning"): import warnings warnings.filterwarnings("ignore", category=FutureWarning, append=1) #----------------------- shifts = [[[0, 0], [1, 3], [2, 2], [3, 1]], [[0, 0], [1, 5], [2, 4], [3, 3]], [[0, 0], [1, 7], [3, 5], [4, 4]]] # [keysize][block_size] num_rounds = {16: {16: 10, 24: 12, 32: 14}, 24: {16: 12, 24: 12, 32: 14}, 32: {16: 14, 24: 14, 32: 14}} A = [[1, 1, 1, 1, 1, 0, 0, 0], [0, 1, 1, 1, 1, 1, 0, 0], [0, 0, 1, 1, 1, 1, 1, 0], [0, 0, 0, 1, 1, 1, 1, 1], [1, 0, 0, 0, 1, 1, 1, 1], [1, 1, 0, 0, 0, 1, 1, 1], [1, 1, 1, 0, 0, 0, 1, 1], [1, 1, 1, 1, 0, 0, 0, 1]] # produce log and alog tables, needed for multiplying in the # field GF(2^m) (generator = 3) alog = [1] for i in xrange(255): j = (alog[-1] << 1) ^ alog[-1] if j & 0x100 != 0: j ^= 0x11B alog.append(j) log = [0] * 256 for i in xrange(1, 255): log[alog[i]] = i # multiply two elements of GF(2^m) def mul(a, b): if a == 0 or b == 0: return 0 return alog[(log[a & 0xFF] + log[b & 0xFF]) % 255] # substitution box based on F^{-1}(x) box = [[0] * 8 for i in xrange(256)] box[1][7] = 1 for i in xrange(2, 256): j = alog[255 - log[i]] for t in xrange(8): box[i][t] = (j >> (7 - t)) & 0x01 B = [0, 1, 1, 0, 0, 0, 1, 1] # affine transform: box[i] <- B + A*box[i] cox = [[0] * 8 for i in xrange(256)] for i in xrange(256): for t in xrange(8): cox[i][t] = B[t] for j in xrange(8): cox[i][t] ^= A[t][j] * box[i][j] # S-boxes and inverse S-boxes S = [0] * 256 Si = [0] * 256 for i in xrange(256): S[i] = cox[i][0] << 7 for t in xrange(1, 8): S[i] ^= cox[i][t] << (7-t) Si[S[i] & 0xFF] = i # T-boxes G = [[2, 1, 1, 3], [3, 2, 1, 1], [1, 3, 2, 1], [1, 1, 3, 2]] AA = [[0] * 8 for i in xrange(4)] for i in xrange(4): for j in xrange(4): AA[i][j] = G[i][j] AA[i][i+4] = 1 for i in xrange(4): pivot = AA[i][i] if pivot == 0: t = i + 1 while AA[t][i] == 0 and t < 4: t += 1 assert t != 4, 'G matrix must be invertible' for j in xrange(8): AA[i][j], AA[t][j] = AA[t][j], AA[i][j] pivot = AA[i][i] for j in xrange(8): if AA[i][j] != 0: AA[i][j] = alog[(255 + log[AA[i][j] & 0xFF] - log[pivot & 0xFF]) % 255] for t in xrange(4): if i != t: for j in xrange(i+1, 8): AA[t][j] ^= mul(AA[i][j], AA[t][i]) AA[t][i] = 0 iG = [[0] * 4 for i in xrange(4)] for i in xrange(4): for j in xrange(4): iG[i][j] = AA[i][j + 4] def mul4(a, bs): if a == 0: return 0 r = 0 for b in bs: r <<= 8 if b != 0: r = r | mul(a, b) return r T1 = [] T2 = [] T3 = [] T4 = [] T5 = [] T6 = [] T7 = [] T8 = [] U1 = [] U2 = [] U3 = [] U4 = [] for t in xrange(256): s = S[t] T1.append(mul4(s, G[0])) T2.append(mul4(s, G[1])) T3.append(mul4(s, G[2])) T4.append(mul4(s, G[3])) s = Si[t] T5.append(mul4(s, iG[0])) T6.append(mul4(s, iG[1])) T7.append(mul4(s, iG[2])) T8.append(mul4(s, iG[3])) U1.append(mul4(t, iG[0])) U2.append(mul4(t, iG[1])) U3.append(mul4(t, iG[2])) U4.append(mul4(t, iG[3])) # round constants rcon = [1] r = 1 for t in xrange(1, 30): r = mul(2, r) rcon.append(r) del A del AA del pivot del B del G del box del log del alog del i del j del r del s del t del mul del mul4 del cox del iG class rijndael: def __init__(self, key, block_size = 16): if block_size != 16 and block_size != 24 and block_size != 32: raise ValueError('Invalid block size: ' + str(block_size)) if len(key) != 16 and len(key) != 24 and len(key) != 32: raise ValueError('Invalid key size: ' + str(len(key))) self.block_size = block_size ROUNDS = num_rounds[len(key)][block_size] BC = block_size / 4 # encryption round keys Ke = [[0] * BC for i in xrange(ROUNDS + 1)] # decryption round keys Kd = [[0] * BC for i in xrange(ROUNDS + 1)] ROUND_KEY_COUNT = (ROUNDS + 1) * BC KC = len(key) / 4 # copy user material bytes into temporary ints tk = [] for i in xrange(0, KC): tk.append((ord(key[i * 4]) << 24) | (ord(key[i * 4 + 1]) << 16) | (ord(key[i * 4 + 2]) << 8) | ord(key[i * 4 + 3])) # copy values into round key arrays t = 0 j = 0 while j < KC and t < ROUND_KEY_COUNT: Ke[t / BC][t % BC] = tk[j] Kd[ROUNDS - (t / BC)][t % BC] = tk[j] j += 1 t += 1 tt = 0 rconpointer = 0 while t < ROUND_KEY_COUNT: # extrapolate using phi (the round key evolution function) tt = tk[KC - 1] tk[0] ^= (S[(tt >> 16) & 0xFF] & 0xFF) << 24 ^ \ (S[(tt >> 8) & 0xFF] & 0xFF) << 16 ^ \ (S[ tt & 0xFF] & 0xFF) << 8 ^ \ (S[(tt >> 24) & 0xFF] & 0xFF) ^ \ (rcon[rconpointer] & 0xFF) << 24 rconpointer += 1 if KC != 8: for i in xrange(1, KC): tk[i] ^= tk[i-1] else: for i in xrange(1, KC / 2): tk[i] ^= tk[i-1] tt = tk[KC / 2 - 1] tk[KC / 2] ^= (S[ tt & 0xFF] & 0xFF) ^ \ (S[(tt >> 8) & 0xFF] & 0xFF) << 8 ^ \ (S[(tt >> 16) & 0xFF] & 0xFF) << 16 ^ \ (S[(tt >> 24) & 0xFF] & 0xFF) << 24 for i in xrange(KC / 2 + 1, KC): tk[i] ^= tk[i-1] # copy values into round key arrays j = 0 while j < KC and t < ROUND_KEY_COUNT: Ke[t / BC][t % BC] = tk[j] Kd[ROUNDS - (t / BC)][t % BC] = tk[j] j += 1 t += 1 # inverse MixColumn where needed for r in xrange(1, ROUNDS): for j in xrange(BC): tt = Kd[r][j] Kd[r][j] = U1[(tt >> 24) & 0xFF] ^ \ U2[(tt >> 16) & 0xFF] ^ \ U3[(tt >> 8) & 0xFF] ^ \ U4[ tt & 0xFF] self.Ke = Ke self.Kd = Kd def encrypt(self, plaintext): if len(plaintext) != self.block_size: raise ValueError('wrong block length, expected ' + str(self.block_size) + ' got ' + str(len(plaintext))) Ke = self.Ke BC = self.block_size / 4 ROUNDS = len(Ke) - 1 if BC == 4: SC = 0 elif BC == 6: SC = 1 else: SC = 2 s1 = shifts[SC][1][0] s2 = shifts[SC][2][0] s3 = shifts[SC][3][0] a = [0] * BC # temporary work array t = [] # plaintext to ints + key for i in xrange(BC): t.append((ord(plaintext[i * 4 ]) << 24 | ord(plaintext[i * 4 + 1]) << 16 | ord(plaintext[i * 4 + 2]) << 8 | ord(plaintext[i * 4 + 3]) ) ^ Ke[0][i]) # apply round transforms for r in xrange(1, ROUNDS): for i in xrange(BC): a[i] = (T1[(t[ i ] >> 24) & 0xFF] ^ T2[(t[(i + s1) % BC] >> 16) & 0xFF] ^ T3[(t[(i + s2) % BC] >> 8) & 0xFF] ^ T4[ t[(i + s3) % BC] & 0xFF] ) ^ Ke[r][i] t = copy.copy(a) # last round is special result = [] for i in xrange(BC): tt = Ke[ROUNDS][i] result.append((S[(t[ i ] >> 24) & 0xFF] ^ (tt >> 24)) & 0xFF) result.append((S[(t[(i + s1) % BC] >> 16) & 0xFF] ^ (tt >> 16)) & 0xFF) result.append((S[(t[(i + s2) % BC] >> 8) & 0xFF] ^ (tt >> 8)) & 0xFF) result.append((S[ t[(i + s3) % BC] & 0xFF] ^ tt ) & 0xFF) return string.join(map(chr, result), '') def decrypt(self, ciphertext): if len(ciphertext) != self.block_size: raise ValueError('wrong block length, expected ' + str(self.block_size) + ' got ' + str(len(plaintext))) Kd = self.Kd BC = self.block_size / 4 ROUNDS = len(Kd) - 1 if BC == 4: SC = 0 elif BC == 6: SC = 1 else: SC = 2 s1 = shifts[SC][1][1] s2 = shifts[SC][2][1] s3 = shifts[SC][3][1] a = [0] * BC # temporary work array t = [0] * BC # ciphertext to ints + key for i in xrange(BC): t[i] = (ord(ciphertext[i * 4 ]) << 24 | ord(ciphertext[i * 4 + 1]) << 16 | ord(ciphertext[i * 4 + 2]) << 8 | ord(ciphertext[i * 4 + 3]) ) ^ Kd[0][i] # apply round transforms for r in xrange(1, ROUNDS): for i in xrange(BC): a[i] = (T5[(t[ i ] >> 24) & 0xFF] ^ T6[(t[(i + s1) % BC] >> 16) & 0xFF] ^ T7[(t[(i + s2) % BC] >> 8) & 0xFF] ^ T8[ t[(i + s3) % BC] & 0xFF] ) ^ Kd[r][i] t = copy.copy(a) # last round is special result = [] for i in xrange(BC): tt = Kd[ROUNDS][i] result.append((Si[(t[ i ] >> 24) & 0xFF] ^ (tt >> 24)) & 0xFF) result.append((Si[(t[(i + s1) % BC] >> 16) & 0xFF] ^ (tt >> 16)) & 0xFF) result.append((Si[(t[(i + s2) % BC] >> 8) & 0xFF] ^ (tt >> 8)) & 0xFF) result.append((Si[ t[(i + s3) % BC] & 0xFF] ^ tt ) & 0xFF) return string.join(map(chr, result), '') def encrypt(key, block): return rijndael(key, len(block)).encrypt(block) def decrypt(key, block): return rijndael(key, len(block)).decrypt(block) def test(): def t(kl, bl): b = 'b' * bl r = rijndael('a' * kl, bl) assert r.decrypt(r.encrypt(b)) == b t(16, 16) t(16, 24) t(16, 32) t(24, 16) t(24, 24) t(24, 32) t(32, 16) t(32, 24) t(32, 32) tlslite-0.3.8/tlslite/utils/jython_compat.py0000700000175000017500000001222610206534007020247 0ustar clintclint"""Miscellaneous functions to mask Python/Jython differences.""" import os import sha if os.name != "java": BaseException = Exception from sets import Set import array import math def createByteArraySequence(seq): return array.array('B', seq) def createByteArrayZeros(howMany): return array.array('B', [0] * howMany) def concatArrays(a1, a2): return a1+a2 def bytesToString(bytes): return bytes.tostring() def stringToBytes(s): bytes = createByteArrayZeros(0) bytes.fromstring(s) return bytes def numBits(n): if n==0: return 0 return int(math.floor(math.log(n, 2))+1) class CertChainBase: pass class SelfTestBase: pass class ReportFuncBase: pass #Helper functions for working with sets (from Python 2.3) def iterSet(set): return iter(set) def getListFromSet(set): return list(set) #Factory function for getting a SHA1 object def getSHA1(s): return sha.sha(s) import sys import traceback def formatExceptionTrace(e): newStr = "".join(traceback.format_exception(sys.exc_type, sys.exc_value, sys.exc_traceback)) return newStr else: #Jython 2.1 is missing lots of python 2.3 stuff, #which we have to emulate here: import java import jarray BaseException = java.lang.Exception def createByteArraySequence(seq): if isinstance(seq, type("")): #If it's a string, convert seq = [ord(c) for c in seq] return jarray.array(seq, 'h') #use short instead of bytes, cause bytes are signed def createByteArrayZeros(howMany): return jarray.zeros(howMany, 'h') #use short instead of bytes, cause bytes are signed def concatArrays(a1, a2): l = list(a1)+list(a2) return createByteArraySequence(l) #WAY TOO SLOW - MUST BE REPLACED------------ def bytesToString(bytes): return "".join([chr(b) for b in bytes]) def stringToBytes(s): bytes = createByteArrayZeros(len(s)) for count, c in enumerate(s): bytes[count] = ord(c) return bytes #WAY TOO SLOW - MUST BE REPLACED------------ def numBits(n): if n==0: return 0 n= 1L * n; #convert to long, if it isn't already return n.__tojava__(java.math.BigInteger).bitLength() #This properly creates static methods for Jython class staticmethod: def __init__(self, anycallable): self.__call__ = anycallable #Properties are not supported for Jython class property: def __init__(self, anycallable): pass #True and False have to be specially defined False = 0 True = 1 class StopIteration(Exception): pass def enumerate(collection): return zip(range(len(collection)), collection) class Set: def __init__(self, seq=None): self.values = {} if seq: for e in seq: self.values[e] = None def add(self, e): self.values[e] = None def discard(self, e): if e in self.values.keys(): del(self.values[e]) def union(self, s): ret = Set() for e in self.values.keys(): ret.values[e] = None for e in s.values.keys(): ret.values[e] = None return ret def issubset(self, other): for e in self.values.keys(): if e not in other.values.keys(): return False return True def __nonzero__( self): return len(self.values.keys()) def __contains__(self, e): return e in self.values.keys() def iterSet(set): return set.values.keys() def getListFromSet(set): return set.values.keys() """ class JCE_SHA1: def __init__(self, s=None): self.md = java.security.MessageDigest.getInstance("SHA1") if s: self.update(s) def update(self, s): self.md.update(s) def copy(self): sha1 = JCE_SHA1() sha1.md = self.md.clone() return sha1 def digest(self): digest = self.md.digest() bytes = jarray.zeros(20, 'h') for count in xrange(20): x = digest[count] if x < 0: x += 256 bytes[count] = x return bytes """ #Factory function for getting a SHA1 object #The JCE_SHA1 class is way too slow... #the sha.sha object we use instead is broken in the jython 2.1 #release, and needs to be patched def getSHA1(s): #return JCE_SHA1(s) return sha.sha(s) #Adjust the string to an array of bytes def stringToJavaByteArray(s): bytes = jarray.zeros(len(s), 'b') for count, c in enumerate(s): x = ord(c) if x >= 128: x -= 256 bytes[count] = x return bytes import sys import traceback def formatExceptionTrace(e): newStr = "".join(traceback.format_exception(sys.exc_type, sys.exc_value, sys.exc_traceback)) return newStr tlslite-0.3.8/tlslite/utils/OpenSSL_RSAKey.py0000700000175000017500000001162610027165661020044 0ustar clintclint"""OpenSSL/M2Crypto RSA implementation.""" from cryptomath import * from RSAKey import * from Python_RSAKey import Python_RSAKey #copied from M2Crypto.util.py, so when we load the local copy of m2 #we can still use it def password_callback(v, prompt1='Enter private key passphrase:', prompt2='Verify passphrase:'): from getpass import getpass while 1: try: p1=getpass(prompt1) if v: p2=getpass(prompt2) if p1==p2: break else: break except KeyboardInterrupt: return None return p1 if m2cryptoLoaded: class OpenSSL_RSAKey(RSAKey): def __init__(self, n=0, e=0): self.rsa = None self._hasPrivateKey = False if (n and not e) or (e and not n): raise AssertionError() if n and e: self.rsa = m2.rsa_new() m2.rsa_set_n(self.rsa, numberToMPI(n)) m2.rsa_set_e(self.rsa, numberToMPI(e)) def __del__(self): if self.rsa: m2.rsa_free(self.rsa) def __getattr__(self, name): if name == 'e': if not self.rsa: return 0 return mpiToNumber(m2.rsa_get_e(self.rsa)) elif name == 'n': if not self.rsa: return 0 return mpiToNumber(m2.rsa_get_n(self.rsa)) else: raise AttributeError def hasPrivateKey(self): return self._hasPrivateKey def hash(self): return Python_RSAKey(self.n, self.e).hash() def _rawPrivateKeyOp(self, m): s = numberToString(m) byteLength = numBytes(self.n) if len(s)== byteLength: pass elif len(s) == byteLength-1: s = '\0' + s else: raise AssertionError() c = stringToNumber(m2.rsa_private_encrypt(self.rsa, s, m2.no_padding)) return c def _rawPublicKeyOp(self, c): s = numberToString(c) byteLength = numBytes(self.n) if len(s)== byteLength: pass elif len(s) == byteLength-1: s = '\0' + s else: raise AssertionError() m = stringToNumber(m2.rsa_public_decrypt(self.rsa, s, m2.no_padding)) return m def acceptsPassword(self): return True def write(self, password=None): bio = m2.bio_new(m2.bio_s_mem()) if self._hasPrivateKey: if password: def f(v): return password m2.rsa_write_key(self.rsa, bio, m2.des_ede_cbc(), f) else: def f(): pass m2.rsa_write_key_no_cipher(self.rsa, bio, f) else: if password: raise AssertionError() m2.rsa_write_pub_key(self.rsa, bio) s = m2.bio_read(bio, m2.bio_ctrl_pending(bio)) m2.bio_free(bio) return s def writeXMLPublicKey(self, indent=''): return Python_RSAKey(self.n, self.e).write(indent) def generate(bits): key = OpenSSL_RSAKey() def f():pass key.rsa = m2.rsa_generate_key(bits, 3, f) key._hasPrivateKey = True return key generate = staticmethod(generate) def parse(s, passwordCallback=None): if s.startswith("-----BEGIN "): if passwordCallback==None: callback = password_callback else: def f(v, prompt1=None, prompt2=None): return passwordCallback() callback = f bio = m2.bio_new(m2.bio_s_mem()) try: m2.bio_write(bio, s) key = OpenSSL_RSAKey() if s.startswith("-----BEGIN RSA PRIVATE KEY-----"): def f():pass key.rsa = m2.rsa_read_key(bio, callback) if key.rsa == None: raise SyntaxError() key._hasPrivateKey = True elif s.startswith("-----BEGIN PUBLIC KEY-----"): key.rsa = m2.rsa_read_pub_key(bio) if key.rsa == None: raise SyntaxError() key._hasPrivateKey = False else: raise SyntaxError() return key finally: m2.bio_free(bio) else: raise SyntaxError() parse = staticmethod(parse) tlslite-0.3.8/tlslite/utils/RC4.py0000700000175000017500000000071210130676211015756 0ustar clintclint"""Abstract class for RC4.""" from compat import * #For False class RC4: def __init__(self, keyBytes, implementation): if len(keyBytes) < 16 or len(keyBytes) > 256: raise ValueError() self.isBlockCipher = False self.name = "rc4" self.implementation = implementation def encrypt(self, plaintext): raise NotImplementedError() def decrypt(self, ciphertext): raise NotImplementedError()tlslite-0.3.8/tlslite/utils/Cryptlib_RC4.py0000700000175000017500000000164210025507724017636 0ustar clintclint"""Cryptlib RC4 implementation.""" from cryptomath import * from RC4 import RC4 if cryptlibpyLoaded: def new(key): return Cryptlib_RC4(key) class Cryptlib_RC4(RC4): def __init__(self, key): RC4.__init__(self, key, "cryptlib") self.context = cryptlib_py.cryptCreateContext(cryptlib_py.CRYPT_UNUSED, cryptlib_py.CRYPT_ALGO_RC4) cryptlib_py.cryptSetAttribute(self.context, cryptlib_py.CRYPT_CTXINFO_KEYSIZE, len(key)) cryptlib_py.cryptSetAttributeString(self.context, cryptlib_py.CRYPT_CTXINFO_KEY, key) def __del__(self): cryptlib_py.cryptDestroyContext(self.context) def encrypt(self, plaintext): bytes = stringToBytes(plaintext) cryptlib_py.cryptEncrypt(self.context, bytes) return bytesToString(bytes) def decrypt(self, ciphertext): return self.encrypt(ciphertext)tlslite-0.3.8/tlslite/utils/Python_RSAKey.py0000700000175000017500000001703310026003077020027 0ustar clintclint"""Pure-Python RSA implementation.""" from cryptomath import * import xmltools from ASN1Parser import ASN1Parser from RSAKey import * class Python_RSAKey(RSAKey): def __init__(self, n=0, e=0, d=0, p=0, q=0, dP=0, dQ=0, qInv=0): if (n and not e) or (e and not n): raise AssertionError() self.n = n self.e = e self.d = d self.p = p self.q = q self.dP = dP self.dQ = dQ self.qInv = qInv self.blinder = 0 self.unblinder = 0 def hasPrivateKey(self): return self.d != 0 def hash(self): s = self.writeXMLPublicKey('\t\t') return hashAndBase64(s.strip()) def _rawPrivateKeyOp(self, m): #Create blinding values, on the first pass: if not self.blinder: self.unblinder = getRandomNumber(2, self.n) self.blinder = powMod(invMod(self.unblinder, self.n), self.e, self.n) #Blind the input m = (m * self.blinder) % self.n #Perform the RSA operation c = self._rawPrivateKeyOpHelper(m) #Unblind the output c = (c * self.unblinder) % self.n #Update blinding values self.blinder = (self.blinder * self.blinder) % self.n self.unblinder = (self.unblinder * self.unblinder) % self.n #Return the output return c def _rawPrivateKeyOpHelper(self, m): #Non-CRT version #c = powMod(m, self.d, self.n) #CRT version (~3x faster) s1 = powMod(m, self.dP, self.p) s2 = powMod(m, self.dQ, self.q) h = ((s1 - s2) * self.qInv) % self.p c = s2 + self.q * h return c def _rawPublicKeyOp(self, c): m = powMod(c, self.e, self.n) return m def acceptsPassword(self): return False def write(self, indent=''): if self.d: s = indent+'\n' else: s = indent+'\n' s += indent+'\t%s\n' % numberToBase64(self.n) s += indent+'\t%s\n' % numberToBase64(self.e) if self.d: s += indent+'\t%s\n' % numberToBase64(self.d) s += indent+'\t

    %s

    \n' % numberToBase64(self.p) s += indent+'\t%s\n' % numberToBase64(self.q) s += indent+'\t%s\n' % numberToBase64(self.dP) s += indent+'\t%s\n' % numberToBase64(self.dQ) s += indent+'\t%s\n' % numberToBase64(self.qInv) s += indent+'    ' else: s += indent+'' #Only add \n if part of a larger structure if indent != '': s += '\n' return s def writeXMLPublicKey(self, indent=''): return Python_RSAKey(self.n, self.e).write(indent) def generate(bits): key = Python_RSAKey() p = getRandomPrime(bits/2, False) q = getRandomPrime(bits/2, False) t = lcm(p-1, q-1) key.n = p * q key.e = 3L #Needed to be long, for Java key.d = invMod(key.e, t) key.p = p key.q = q key.dP = key.d % (p-1) key.dQ = key.d % (q-1) key.qInv = invMod(q, p) return key generate = staticmethod(generate) def parsePEM(s, passwordCallback=None): """Parse a string containing a or , or PEM-encoded key.""" start = s.find("-----BEGIN PRIVATE KEY-----") if start != -1: end = s.find("-----END PRIVATE KEY-----") if end == -1: raise SyntaxError("Missing PEM Postfix") s = s[start+len("-----BEGIN PRIVATE KEY -----") : end] bytes = base64ToBytes(s) return Python_RSAKey._parsePKCS8(bytes) else: start = s.find("-----BEGIN RSA PRIVATE KEY-----") if start != -1: end = s.find("-----END RSA PRIVATE KEY-----") if end == -1: raise SyntaxError("Missing PEM Postfix") s = s[start+len("-----BEGIN RSA PRIVATE KEY -----") : end] bytes = base64ToBytes(s) return Python_RSAKey._parseSSLeay(bytes) raise SyntaxError("Missing PEM Prefix") parsePEM = staticmethod(parsePEM) def parseXML(s): element = xmltools.parseAndStripWhitespace(s) return Python_RSAKey._parseXML(element) parseXML = staticmethod(parseXML) def _parsePKCS8(bytes): p = ASN1Parser(bytes) version = p.getChild(0).value[0] if version != 0: raise SyntaxError("Unrecognized PKCS8 version") rsaOID = p.getChild(1).value if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]: raise SyntaxError("Unrecognized AlgorithmIdentifier") #Get the privateKey privateKeyP = p.getChild(2) #Adjust for OCTET STRING encapsulation privateKeyP = ASN1Parser(privateKeyP.value) return Python_RSAKey._parseASN1PrivateKey(privateKeyP) _parsePKCS8 = staticmethod(_parsePKCS8) def _parseSSLeay(bytes): privateKeyP = ASN1Parser(bytes) return Python_RSAKey._parseASN1PrivateKey(privateKeyP) _parseSSLeay = staticmethod(_parseSSLeay) def _parseASN1PrivateKey(privateKeyP): version = privateKeyP.getChild(0).value[0] if version != 0: raise SyntaxError("Unrecognized RSAPrivateKey version") n = bytesToNumber(privateKeyP.getChild(1).value) e = bytesToNumber(privateKeyP.getChild(2).value) d = bytesToNumber(privateKeyP.getChild(3).value) p = bytesToNumber(privateKeyP.getChild(4).value) q = bytesToNumber(privateKeyP.getChild(5).value) dP = bytesToNumber(privateKeyP.getChild(6).value) dQ = bytesToNumber(privateKeyP.getChild(7).value) qInv = bytesToNumber(privateKeyP.getChild(8).value) return Python_RSAKey(n, e, d, p, q, dP, dQ, qInv) _parseASN1PrivateKey = staticmethod(_parseASN1PrivateKey) def _parseXML(element): try: xmltools.checkName(element, "privateKey") except SyntaxError: xmltools.checkName(element, "publicKey") #Parse attributes xmltools.getReqAttribute(element, "xmlns", "http://trevp.net/rsa\Z") xmltools.checkNoMoreAttributes(element) #Parse public values ( and ) n = base64ToNumber(xmltools.getText(xmltools.getChild(element, 0, "n"), xmltools.base64RegEx)) e = base64ToNumber(xmltools.getText(xmltools.getChild(element, 1, "e"), xmltools.base64RegEx)) d = 0 p = 0 q = 0 dP = 0 dQ = 0 qInv = 0 #Parse private values, if present if element.childNodes.length>=3: d = base64ToNumber(xmltools.getText(xmltools.getChild(element, 2, "d"), xmltools.base64RegEx)) p = base64ToNumber(xmltools.getText(xmltools.getChild(element, 3, "p"), xmltools.base64RegEx)) q = base64ToNumber(xmltools.getText(xmltools.getChild(element, 4, "q"), xmltools.base64RegEx)) dP = base64ToNumber(xmltools.getText(xmltools.getChild(element, 5, "dP"), xmltools.base64RegEx)) dQ = base64ToNumber(xmltools.getText(xmltools.getChild(element, 6, "dQ"), xmltools.base64RegEx)) qInv = base64ToNumber(xmltools.getText(xmltools.getLastChild(element, 7, "qInv"), xmltools.base64RegEx)) return Python_RSAKey(n, e, d, p, q, dP, dQ, qInv) _parseXML = staticmethod(_parseXML) tlslite-0.3.8/tlslite/utils/cipherfactory.py0000700000175000017500000000615110025512501020225 0ustar clintclint"""Factory functions for symmetric cryptography.""" import os import Python_AES import Python_RC4 import cryptomath tripleDESPresent = False if cryptomath.m2cryptoLoaded: import OpenSSL_AES import OpenSSL_RC4 import OpenSSL_TripleDES tripleDESPresent = True if cryptomath.cryptlibpyLoaded: import Cryptlib_AES import Cryptlib_RC4 import Cryptlib_TripleDES tripleDESPresent = True if cryptomath.pycryptoLoaded: import PyCrypto_AES import PyCrypto_RC4 import PyCrypto_TripleDES tripleDESPresent = True # ************************************************************************** # Factory Functions for AES # ************************************************************************** def createAES(key, IV, implList=None): """Create a new AES object. @type key: str @param key: A 16, 24, or 32 byte string. @type IV: str @param IV: A 16 byte string @rtype: L{tlslite.utils.AES} @return: An AES object. """ if implList == None: implList = ["cryptlib", "openssl", "pycrypto", "python"] for impl in implList: if impl == "cryptlib" and cryptomath.cryptlibpyLoaded: return Cryptlib_AES.new(key, 2, IV) elif impl == "openssl" and cryptomath.m2cryptoLoaded: return OpenSSL_AES.new(key, 2, IV) elif impl == "pycrypto" and cryptomath.pycryptoLoaded: return PyCrypto_AES.new(key, 2, IV) elif impl == "python": return Python_AES.new(key, 2, IV) raise NotImplementedError() def createRC4(key, IV, implList=None): """Create a new RC4 object. @type key: str @param key: A 16 to 32 byte string. @type IV: object @param IV: Ignored, whatever it is. @rtype: L{tlslite.utils.RC4} @return: An RC4 object. """ if implList == None: implList = ["cryptlib", "openssl", "pycrypto", "python"] if len(IV) != 0: raise AssertionError() for impl in implList: if impl == "cryptlib" and cryptomath.cryptlibpyLoaded: return Cryptlib_RC4.new(key) elif impl == "openssl" and cryptomath.m2cryptoLoaded: return OpenSSL_RC4.new(key) elif impl == "pycrypto" and cryptomath.pycryptoLoaded: return PyCrypto_RC4.new(key) elif impl == "python": return Python_RC4.new(key) raise NotImplementedError() #Create a new TripleDES instance def createTripleDES(key, IV, implList=None): """Create a new 3DES object. @type key: str @param key: A 24 byte string. @type IV: str @param IV: An 8 byte string @rtype: L{tlslite.utils.TripleDES} @return: A 3DES object. """ if implList == None: implList = ["cryptlib", "openssl", "pycrypto"] for impl in implList: if impl == "cryptlib" and cryptomath.cryptlibpyLoaded: return Cryptlib_TripleDES.new(key, 2, IV) elif impl == "openssl" and cryptomath.m2cryptoLoaded: return OpenSSL_TripleDES.new(key, 2, IV) elif impl == "pycrypto" and cryptomath.pycryptoLoaded: return PyCrypto_TripleDES.new(key, 2, IV) raise NotImplementedError()tlslite-0.3.8/tlslite/utils/AES.py0000700000175000017500000000167610130676147016020 0ustar clintclint"""Abstract class for AES.""" class AES: def __init__(self, key, mode, IV, implementation): if len(key) not in (16, 24, 32): raise AssertionError() if mode != 2: raise AssertionError() if len(IV) != 16: raise AssertionError() self.isBlockCipher = True self.block_size = 16 self.implementation = implementation if len(key)==16: self.name = "aes128" elif len(key)==24: self.name = "aes192" elif len(key)==32: self.name = "aes256" else: raise AssertionError() #CBC-Mode encryption, returns ciphertext #WARNING: *MAY* modify the input as well def encrypt(self, plaintext): assert(len(plaintext) % 16 == 0) #CBC-Mode decryption, returns plaintext #WARNING: *MAY* modify the input as well def decrypt(self, ciphertext): assert(len(ciphertext) % 16 == 0)tlslite-0.3.8/tlslite/utils/PyCrypto_TripleDES.py0000700000175000017500000000114210025510304021021 0ustar clintclint"""PyCrypto 3DES implementation.""" from cryptomath import * from TripleDES import * if pycryptoLoaded: import Crypto.Cipher.DES3 def new(key, mode, IV): return PyCrypto_TripleDES(key, mode, IV) class PyCrypto_TripleDES(TripleDES): def __init__(self, key, mode, IV): TripleDES.__init__(self, key, mode, IV, "pycrypto") self.context = Crypto.Cipher.DES3.new(key, mode, IV) def encrypt(self, plaintext): return self.context.encrypt(plaintext) def decrypt(self, ciphertext): return self.context.decrypt(ciphertext)tlslite-0.3.8/tlslite/utils/xmltools.py0000700000175000017500000001627610130676227017272 0ustar clintclint"""Helper functions for XML. This module has misc. helper functions for working with XML DOM nodes.""" import re from compat import * import os if os.name != "java": from xml.dom import minidom from xml.sax import saxutils def parseDocument(s): return minidom.parseString(s) else: from javax.xml.parsers import * import java builder = DocumentBuilderFactory.newInstance().newDocumentBuilder() def parseDocument(s): stream = java.io.ByteArrayInputStream(java.lang.String(s).getBytes()) return builder.parse(stream) def parseAndStripWhitespace(s): try: element = parseDocument(s).documentElement except BaseException, e: raise SyntaxError(str(e)) stripWhitespace(element) return element #Goes through a DOM tree and removes whitespace besides child elements, #as long as this whitespace is correctly tab-ified def stripWhitespace(element, tab=0): element.normalize() lastSpacer = "\n" + ("\t"*tab) spacer = lastSpacer + "\t" #Zero children aren't allowed (i.e. ) #This makes writing output simpler, and matches Canonical XML if element.childNodes.length==0: #DON'T DO len(element.childNodes) - doesn't work in Jython raise SyntaxError("Empty XML elements not allowed") #If there's a single child, it must be text context if element.childNodes.length==1: if element.firstChild.nodeType == element.firstChild.TEXT_NODE: #If it's an empty element, remove if element.firstChild.data == lastSpacer: element.removeChild(element.firstChild) return #If not text content, give an error elif element.firstChild.nodeType == element.firstChild.ELEMENT_NODE: raise SyntaxError("Bad whitespace under '%s'" % element.tagName) else: raise SyntaxError("Unexpected node type in XML document") #Otherwise there's multiple child element child = element.firstChild while child: if child.nodeType == child.ELEMENT_NODE: stripWhitespace(child, tab+1) child = child.nextSibling elif child.nodeType == child.TEXT_NODE: if child == element.lastChild: if child.data != lastSpacer: raise SyntaxError("Bad whitespace under '%s'" % element.tagName) elif child.data != spacer: raise SyntaxError("Bad whitespace under '%s'" % element.tagName) next = child.nextSibling element.removeChild(child) child = next else: raise SyntaxError("Unexpected node type in XML document") def checkName(element, name): if element.nodeType != element.ELEMENT_NODE: raise SyntaxError("Missing element: '%s'" % name) if name == None: return if element.tagName != name: raise SyntaxError("Wrong element name: should be '%s', is '%s'" % (name, element.tagName)) def getChild(element, index, name=None): if element.nodeType != element.ELEMENT_NODE: raise SyntaxError("Wrong node type in getChild()") child = element.childNodes.item(index) if child == None: raise SyntaxError("Missing child: '%s'" % name) checkName(child, name) return child def getChildIter(element, index): class ChildIter: def __init__(self, element, index): self.element = element self.index = index def next(self): if self.index < len(self.element.childNodes): retVal = self.element.childNodes.item(self.index) self.index += 1 else: retVal = None return retVal def checkEnd(self): if self.index != len(self.element.childNodes): raise SyntaxError("Too many elements under: '%s'" % self.element.tagName) return ChildIter(element, index) def getChildOrNone(element, index): if element.nodeType != element.ELEMENT_NODE: raise SyntaxError("Wrong node type in getChild()") child = element.childNodes.item(index) return child def getLastChild(element, index, name=None): if element.nodeType != element.ELEMENT_NODE: raise SyntaxError("Wrong node type in getLastChild()") child = element.childNodes.item(index) if child == None: raise SyntaxError("Missing child: '%s'" % name) if child != element.lastChild: raise SyntaxError("Too many elements under: '%s'" % element.tagName) checkName(child, name) return child #Regular expressions for syntax-checking attribute and element content nsRegEx = "http://trevp.net/cryptoID\Z" cryptoIDRegEx = "([a-km-z3-9]{5}\.){3}[a-km-z3-9]{5}\Z" urlRegEx = "http(s)?://.{1,100}\Z" sha1Base64RegEx = "[A-Za-z0-9+/]{27}=\Z" base64RegEx = "[A-Za-z0-9+/]+={0,4}\Z" certsListRegEx = "(0)?(1)?(2)?(3)?(4)?(5)?(6)?(7)?(8)?(9)?\Z" keyRegEx = "[A-Z]\Z" keysListRegEx = "(A)?(B)?(C)?(D)?(E)?(F)?(G)?(H)?(I)?(J)?(K)?(L)?(M)?(N)?(O)?(P)?(Q)?(R)?(S)?(T)?(U)?(V)?(W)?(X)?(Y)?(Z)?\Z" dateTimeRegEx = "\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ\Z" shortStringRegEx = ".{1,100}\Z" exprRegEx = "[a-zA-Z0-9 ,()]{1,200}\Z" notAfterDeltaRegEx = "0|([1-9][0-9]{0,8})\Z" #A number from 0 to (1 billion)-1 booleanRegEx = "(true)|(false)" def getReqAttribute(element, attrName, regEx=""): if element.nodeType != element.ELEMENT_NODE: raise SyntaxError("Wrong node type in getReqAttribute()") value = element.getAttribute(attrName) if not value: raise SyntaxError("Missing Attribute: " + attrName) if not re.match(regEx, value): raise SyntaxError("Bad Attribute Value for '%s': '%s' " % (attrName, value)) element.removeAttribute(attrName) return str(value) #de-unicode it; this is needed for bsddb, for example def getAttribute(element, attrName, regEx=""): if element.nodeType != element.ELEMENT_NODE: raise SyntaxError("Wrong node type in getAttribute()") value = element.getAttribute(attrName) if value: if not re.match(regEx, value): raise SyntaxError("Bad Attribute Value for '%s': '%s' " % (attrName, value)) element.removeAttribute(attrName) return str(value) #de-unicode it; this is needed for bsddb, for example def checkNoMoreAttributes(element): if element.nodeType != element.ELEMENT_NODE: raise SyntaxError("Wrong node type in checkNoMoreAttributes()") if element.attributes.length!=0: raise SyntaxError("Extra attributes on '%s'" % element.tagName) def getText(element, regEx=""): textNode = element.firstChild if textNode == None: raise SyntaxError("Empty element '%s'" % element.tagName) if textNode.nodeType != textNode.TEXT_NODE: raise SyntaxError("Non-text node: '%s'" % element.tagName) if not re.match(regEx, textNode.data): raise SyntaxError("Bad Text Value for '%s': '%s' " % (element.tagName, textNode.data)) return str(textNode.data) #de-unicode it; this is needed for bsddb, for example #Function for adding tabs to a string def indent(s, steps, ch="\t"): tabs = ch*steps if s[-1] != "\n": s = tabs + s.replace("\n", "\n"+tabs) else: s = tabs + s.replace("\n", "\n"+tabs) s = s[ : -len(tabs)] return s def escape(s): return saxutils.escape(s) tlslite-0.3.8/tlslite/utils/Cryptlib_TripleDES.py0000700000175000017500000000260010025507703021031 0ustar clintclint"""Cryptlib 3DES implementation.""" from cryptomath import * from TripleDES import * if cryptlibpyLoaded: def new(key, mode, IV): return Cryptlib_TripleDES(key, mode, IV) class Cryptlib_TripleDES(TripleDES): def __init__(self, key, mode, IV): TripleDES.__init__(self, key, mode, IV, "cryptlib") self.context = cryptlib_py.cryptCreateContext(cryptlib_py.CRYPT_UNUSED, cryptlib_py.CRYPT_ALGO_3DES) cryptlib_py.cryptSetAttribute(self.context, cryptlib_py.CRYPT_CTXINFO_MODE, cryptlib_py.CRYPT_MODE_CBC) cryptlib_py.cryptSetAttribute(self.context, cryptlib_py.CRYPT_CTXINFO_KEYSIZE, len(key)) cryptlib_py.cryptSetAttributeString(self.context, cryptlib_py.CRYPT_CTXINFO_KEY, key) cryptlib_py.cryptSetAttributeString(self.context, cryptlib_py.CRYPT_CTXINFO_IV, IV) def __del__(self): cryptlib_py.cryptDestroyContext(self.context) def encrypt(self, plaintext): TripleDES.encrypt(self, plaintext) bytes = stringToBytes(plaintext) cryptlib_py.cryptEncrypt(self.context, bytes) return bytesToString(bytes) def decrypt(self, ciphertext): TripleDES.decrypt(self, ciphertext) bytes = stringToBytes(ciphertext) cryptlib_py.cryptDecrypt(self.context, bytes) return bytesToString(bytes)tlslite-0.3.8/tlslite/utils/Python_RC4.py0000700000175000017500000000176610025510402017321 0ustar clintclint"""Pure-Python RC4 implementation.""" from RC4 import RC4 from cryptomath import * def new(key): return Python_RC4(key) class Python_RC4(RC4): def __init__(self, key): RC4.__init__(self, key, "python") keyBytes = stringToBytes(key) S = [i for i in range(256)] j = 0 for i in range(256): j = (j + S[i] + keyBytes[i % len(keyBytes)]) % 256 S[i], S[j] = S[j], S[i] self.S = S self.i = 0 self.j = 0 def encrypt(self, plaintext): plaintextBytes = stringToBytes(plaintext) S = self.S i = self.i j = self.j for x in range(len(plaintextBytes)): i = (i + 1) % 256 j = (j + S[i]) % 256 S[i], S[j] = S[j], S[i] t = (S[i] + S[j]) % 256 plaintextBytes[x] ^= S[t] self.i = i self.j = j return bytesToString(plaintextBytes) def decrypt(self, ciphertext): return self.encrypt(ciphertext) tlslite-0.3.8/tlslite/utils/ASN1Parser.py0000700000175000017500000000170010130676160017246 0ustar clintclint"""Class for parsing ASN.1""" from compat import * from codec import * #Takes a byte array which has a DER TLV field at its head class ASN1Parser: def __init__(self, bytes): p = Parser(bytes) p.get(1) #skip Type #Get Length self.length = self._getASN1Length(p) #Get Value self.value = p.getFixBytes(self.length) #Assuming this is a sequence... def getChild(self, which): p = Parser(self.value) for x in range(which+1): markIndex = p.index p.get(1) #skip Type length = self._getASN1Length(p) p.getFixBytes(length) return ASN1Parser(p.bytes[markIndex : p.index]) #Decode the ASN.1 DER length field def _getASN1Length(self, p): firstLength = p.get(1) if firstLength<=127: return firstLength else: lengthLength = firstLength & 0x7F return p.get(lengthLength) tlslite-0.3.8/tlslite/utils/Python_AES.py0000700000175000017500000000411110025510371017331 0ustar clintclint"""Pure-Python AES implementation.""" from cryptomath import * from AES import * from rijndael import rijndael def new(key, mode, IV): return Python_AES(key, mode, IV) class Python_AES(AES): def __init__(self, key, mode, IV): AES.__init__(self, key, mode, IV, "python") self.rijndael = rijndael(key, 16) self.IV = IV def encrypt(self, plaintext): AES.encrypt(self, plaintext) plaintextBytes = stringToBytes(plaintext) chainBytes = stringToBytes(self.IV) #CBC Mode: For each block... for x in range(len(plaintextBytes)/16): #XOR with the chaining block blockBytes = plaintextBytes[x*16 : (x*16)+16] for y in range(16): blockBytes[y] ^= chainBytes[y] blockString = bytesToString(blockBytes) #Encrypt it encryptedBytes = stringToBytes(self.rijndael.encrypt(blockString)) #Overwrite the input with the output for y in range(16): plaintextBytes[(x*16)+y] = encryptedBytes[y] #Set the next chaining block chainBytes = encryptedBytes self.IV = bytesToString(chainBytes) return bytesToString(plaintextBytes) def decrypt(self, ciphertext): AES.decrypt(self, ciphertext) ciphertextBytes = stringToBytes(ciphertext) chainBytes = stringToBytes(self.IV) #CBC Mode: For each block... for x in range(len(ciphertextBytes)/16): #Decrypt it blockBytes = ciphertextBytes[x*16 : (x*16)+16] blockString = bytesToString(blockBytes) decryptedBytes = stringToBytes(self.rijndael.decrypt(blockString)) #XOR with the chaining block and overwrite the input with output for y in range(16): decryptedBytes[y] ^= chainBytes[y] ciphertextBytes[(x*16)+y] = decryptedBytes[y] #Set the next chaining block chainBytes = blockBytes self.IV = bytesToString(chainBytes) return bytesToString(ciphertextBytes) tlslite-0.3.8/tlslite/utils/OpenSSL_RC4.py0000700000175000017500000000111310025510111017302 0ustar clintclint"""OpenSSL/M2Crypto RC4 implementation.""" from cryptomath import * from RC4 import RC4 if m2cryptoLoaded: def new(key): return OpenSSL_RC4(key) class OpenSSL_RC4(RC4): def __init__(self, key): RC4.__init__(self, key, "openssl") self.rc4 = m2.rc4_new() m2.rc4_set_key(self.rc4, key) def __del__(self): m2.rc4_free(self.rc4) def encrypt(self, plaintext): return m2.rc4_update(self.rc4, plaintext) def decrypt(self, ciphertext): return self.encrypt(ciphertext) tlslite-0.3.8/tlslite/utils/codec.py0000700000175000017500000000532310130676166016457 0ustar clintclint"""Classes for reading/writing binary data (such as TLS records).""" from compat import * class Writer: def __init__(self, length=0): #If length is zero, then this is just a "trial run" to determine length self.index = 0 self.bytes = createByteArrayZeros(length) def add(self, x, length): if self.bytes: newIndex = self.index+length-1 while newIndex >= self.index: self.bytes[newIndex] = x & 0xFF x >>= 8 newIndex -= 1 self.index += length def addFixSeq(self, seq, length): if self.bytes: for e in seq: self.add(e, length) else: self.index += len(seq)*length def addVarSeq(self, seq, length, lengthLength): if self.bytes: self.add(len(seq)*length, lengthLength) for e in seq: self.add(e, length) else: self.index += lengthLength + (len(seq)*length) class Parser: def __init__(self, bytes): self.bytes = bytes self.index = 0 def get(self, length): if self.index + length > len(self.bytes): raise SyntaxError() x = 0 for count in range(length): x <<= 8 x |= self.bytes[self.index] self.index += 1 return x def getFixBytes(self, lengthBytes): bytes = self.bytes[self.index : self.index+lengthBytes] self.index += lengthBytes return bytes def getVarBytes(self, lengthLength): lengthBytes = self.get(lengthLength) return self.getFixBytes(lengthBytes) def getFixList(self, length, lengthList): l = [0] * lengthList for x in range(lengthList): l[x] = self.get(length) return l def getVarList(self, length, lengthLength): lengthList = self.get(lengthLength) if lengthList % length != 0: raise SyntaxError() lengthList = int(lengthList/length) l = [0] * lengthList for x in range(lengthList): l[x] = self.get(length) return l def startLengthCheck(self, lengthLength): self.lengthCheck = self.get(lengthLength) self.indexCheck = self.index def setLengthCheck(self, length): self.lengthCheck = length self.indexCheck = self.index def stopLengthCheck(self): if (self.index - self.indexCheck) != self.lengthCheck: raise SyntaxError() def atLengthCheck(self): if (self.index - self.indexCheck) < self.lengthCheck: return False elif (self.index - self.indexCheck) == self.lengthCheck: return True else: raise SyntaxError()tlslite-0.3.8/tlslite/TLSConnection.py0000700000175000017500000021131310130704331016704 0ustar clintclint""" MAIN CLASS FOR TLS LITE (START HERE!). """ from __future__ import generators import socket from utils.compat import formatExceptionTrace from TLSRecordLayer import TLSRecordLayer from Session import Session from constants import * from utils.cryptomath import getRandomBytes from errors import * from messages import * from mathtls import * from HandshakeSettings import HandshakeSettings class TLSConnection(TLSRecordLayer): """ This class wraps a socket and provides TLS handshaking and data transfer. To use this class, create a new instance, passing a connected socket into the constructor. Then call some handshake function. If the handshake completes without raising an exception, then a TLS connection has been negotiated. You can transfer data over this connection as if it were a socket. This class provides both synchronous and asynchronous versions of its key functions. The synchronous versions should be used when writing single-or multi-threaded code using blocking sockets. The asynchronous versions should be used when performing asynchronous, event-based I/O with non-blocking sockets. Asynchronous I/O is a complicated subject; typically, you should not use the asynchronous functions directly, but should use some framework like asyncore or Twisted which TLS Lite integrates with (see L{tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn} or L{tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper}). """ def __init__(self, sock): """Create a new TLSConnection instance. @param sock: The socket data will be transmitted on. The socket should already be connected. It may be in blocking or non-blocking mode. @type sock: L{socket.socket} """ TLSRecordLayer.__init__(self, sock) def handshakeClientSRP(self, username, password, session=None, settings=None, checker=None, async=False): """Perform an SRP handshake in the role of client. This function performs a TLS/SRP handshake. SRP mutually authenticates both parties to each other using only a username and password. This function may also perform a combined SRP and server-certificate handshake, if the server chooses to authenticate itself with a certificate chain in addition to doing SRP. TLS/SRP is non-standard. Most TLS implementations don't support it. See U{http://www.ietf.org/html.charters/tls-charter.html} or U{http://trevp.net/tlssrp/} for the latest information on TLS/SRP. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open). @type username: str @param username: The SRP username. @type password: str @param password: The SRP password. @type session: L{tlslite.Session.Session} @param session: A TLS session to attempt to resume. This session must be an SRP session performed with the same username and password as were passed in. If the resumption does not succeed, a full SRP handshake will be performed. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. @type checker: L{tlslite.Checker.Checker} @param checker: A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully. @type async: bool @param async: If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed. @rtype: None or an iterable @return: If 'async' is True, a generator object will be returned. @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. @raise tlslite.errors.TLSAlert: If a TLS alert is signalled. @raise tlslite.errors.TLSAuthenticationError: If the checker doesn't like the other party's authentication credentials. """ handshaker = self._handshakeClientAsync(srpParams=(username, password), session=session, settings=settings, checker=checker) if async: return handshaker for result in handshaker: pass def handshakeClientCert(self, certChain=None, privateKey=None, session=None, settings=None, checker=None, async=False): """Perform a certificate-based handshake in the role of client. This function performs an SSL or TLS handshake. The server will authenticate itself using an X.509 or cryptoID certificate chain. If the handshake succeeds, the server's certificate chain will be stored in the session's serverCertChain attribute. Unless a checker object is passed in, this function does no validation or checking of the server's certificate chain. If the server requests client authentication, the client will send the passed-in certificate chain, and use the passed-in private key to authenticate itself. If no certificate chain and private key were passed in, the client will attempt to proceed without client authentication. The server may or may not allow this. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open). @type certChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @param certChain: The certificate chain to be used if the server requests client authentication. @type privateKey: L{tlslite.utils.RSAKey.RSAKey} @param privateKey: The private key to be used if the server requests client authentication. @type session: L{tlslite.Session.Session} @param session: A TLS session to attempt to resume. If the resumption does not succeed, a full handshake will be performed. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. @type checker: L{tlslite.Checker.Checker} @param checker: A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully. @type async: bool @param async: If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed. @rtype: None or an iterable @return: If 'async' is True, a generator object will be returned. @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. @raise tlslite.errors.TLSAlert: If a TLS alert is signalled. @raise tlslite.errors.TLSAuthenticationError: If the checker doesn't like the other party's authentication credentials. """ handshaker = self._handshakeClientAsync(certParams=(certChain, privateKey), session=session, settings=settings, checker=checker) if async: return handshaker for result in handshaker: pass def handshakeClientUnknown(self, srpCallback=None, certCallback=None, session=None, settings=None, checker=None, async=False): """Perform a to-be-determined type of handshake in the role of client. This function performs an SSL or TLS handshake. If the server requests client certificate authentication, the certCallback will be invoked and should return a (certChain, privateKey) pair. If the callback returns None, the library will attempt to proceed without client authentication. The server may or may not allow this. If the server requests SRP authentication, the srpCallback will be invoked and should return a (username, password) pair. If the callback returns None, the local implementation will signal a user_canceled error alert. After the handshake completes, the client can inspect the connection's session attribute to determine what type of authentication was performed. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open). @type srpCallback: callable @param srpCallback: The callback to be used if the server requests SRP authentication. If None, the client will not offer support for SRP ciphersuites. @type certCallback: callable @param certCallback: The callback to be used if the server requests client certificate authentication. @type session: L{tlslite.Session.Session} @param session: A TLS session to attempt to resume. If the resumption does not succeed, a full handshake will be performed. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. @type checker: L{tlslite.Checker.Checker} @param checker: A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully. @type async: bool @param async: If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed. @rtype: None or an iterable @return: If 'async' is True, a generator object will be returned. @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. @raise tlslite.errors.TLSAlert: If a TLS alert is signalled. @raise tlslite.errors.TLSAuthenticationError: If the checker doesn't like the other party's authentication credentials. """ handshaker = self._handshakeClientAsync(unknownParams=(srpCallback, certCallback), session=session, settings=settings, checker=checker) if async: return handshaker for result in handshaker: pass def handshakeClientSharedKey(self, username, sharedKey, settings=None, checker=None, async=False): """Perform a shared-key handshake in the role of client. This function performs a shared-key handshake. Using shared symmetric keys of high entropy (128 bits or greater) mutually authenticates both parties to each other. TLS with shared-keys is non-standard. Most TLS implementations don't support it. See U{http://www.ietf.org/html.charters/tls-charter.html} for the latest information on TLS with shared-keys. If the shared-keys Internet-Draft changes or is superceded, TLS Lite will track those changes, so the shared-key support in later versions of TLS Lite may become incompatible with this version. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open). @type username: str @param username: The shared-key username. @type sharedKey: str @param sharedKey: The shared key. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client. @type checker: L{tlslite.Checker.Checker} @param checker: A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully. @type async: bool @param async: If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed. @rtype: None or an iterable @return: If 'async' is True, a generator object will be returned. @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. @raise tlslite.errors.TLSAlert: If a TLS alert is signalled. @raise tlslite.errors.TLSAuthenticationError: If the checker doesn't like the other party's authentication credentials. """ handshaker = self._handshakeClientAsync(sharedKeyParams=(username, sharedKey), settings=settings, checker=checker) if async: return handshaker for result in handshaker: pass def _handshakeClientAsync(self, srpParams=(), certParams=(), unknownParams=(), sharedKeyParams=(), session=None, settings=None, checker=None, recursive=False): handshaker = self._handshakeClientAsyncHelper(srpParams=srpParams, certParams=certParams, unknownParams=unknownParams, sharedKeyParams=sharedKeyParams, session=session, settings=settings, recursive=recursive) for result in self._handshakeWrapperAsync(handshaker, checker): yield result def _handshakeClientAsyncHelper(self, srpParams, certParams, unknownParams, sharedKeyParams, session, settings, recursive): if not recursive: self._handshakeStart(client=True) #Unpack parameters srpUsername = None # srpParams password = None # srpParams clientCertChain = None # certParams privateKey = None # certParams srpCallback = None # unknownParams certCallback = None # unknownParams #session # sharedKeyParams (or session) #settings # settings if srpParams: srpUsername, password = srpParams elif certParams: clientCertChain, privateKey = certParams elif unknownParams: srpCallback, certCallback = unknownParams elif sharedKeyParams: session = Session()._createSharedKey(*sharedKeyParams) if not settings: settings = HandshakeSettings() settings = settings._filter() #Validate parameters if srpUsername and not password: raise ValueError("Caller passed a username but no password") if password and not srpUsername: raise ValueError("Caller passed a password but no username") if clientCertChain and not privateKey: raise ValueError("Caller passed a certChain but no privateKey") if privateKey and not clientCertChain: raise ValueError("Caller passed a privateKey but no certChain") if clientCertChain: foundType = False try: import cryptoIDlib.CertChain if isinstance(clientCertChain, cryptoIDlib.CertChain.CertChain): if "cryptoID" not in settings.certificateTypes: raise ValueError("Client certificate doesn't "\ "match Handshake Settings") settings.certificateTypes = ["cryptoID"] foundType = True except ImportError: pass if not foundType and isinstance(clientCertChain, X509CertChain): if "x509" not in settings.certificateTypes: raise ValueError("Client certificate doesn't match "\ "Handshake Settings") settings.certificateTypes = ["x509"] foundType = True if not foundType: raise ValueError("Unrecognized certificate type") if session: if not session.valid(): session = None #ignore non-resumable sessions... elif session.resumable and \ (session.srpUsername != srpUsername): raise ValueError("Session username doesn't match") #Add Faults to parameters if srpUsername and self.fault == Fault.badUsername: srpUsername += "GARBAGE" if password and self.fault == Fault.badPassword: password += "GARBAGE" if sharedKeyParams: identifier = sharedKeyParams[0] sharedKey = sharedKeyParams[1] if self.fault == Fault.badIdentifier: identifier += "GARBAGE" session = Session()._createSharedKey(identifier, sharedKey) elif self.fault == Fault.badSharedKey: sharedKey += "GARBAGE" session = Session()._createSharedKey(identifier, sharedKey) #Initialize locals serverCertChain = None cipherSuite = 0 certificateType = CertificateType.x509 premasterSecret = None #Get client nonce clientRandom = getRandomBytes(32) #Initialize acceptable ciphersuites cipherSuites = [] if srpParams: cipherSuites += CipherSuite.getSrpRsaSuites(settings.cipherNames) cipherSuites += CipherSuite.getSrpSuites(settings.cipherNames) elif certParams: cipherSuites += CipherSuite.getRsaSuites(settings.cipherNames) elif unknownParams: if srpCallback: cipherSuites += \ CipherSuite.getSrpRsaSuites(settings.cipherNames) cipherSuites += \ CipherSuite.getSrpSuites(settings.cipherNames) cipherSuites += CipherSuite.getRsaSuites(settings.cipherNames) elif sharedKeyParams: cipherSuites += CipherSuite.getRsaSuites(settings.cipherNames) else: cipherSuites += CipherSuite.getRsaSuites(settings.cipherNames) #Initialize acceptable certificate types certificateTypes = settings._getCertificateTypes() #Tentatively set the version to the client's minimum version. #We'll use this for the ClientHello, and if an error occurs #parsing the Server Hello, we'll use this version for the response self.version = settings.maxVersion #Either send ClientHello (with a resumable session)... if session: #If it's a resumable (i.e. not a shared-key session), then its #ciphersuite must be one of the acceptable ciphersuites if (not sharedKeyParams) and \ session.cipherSuite not in cipherSuites: raise ValueError("Session's cipher suite not consistent "\ "with parameters") else: clientHello = ClientHello() clientHello.create(settings.maxVersion, clientRandom, session.sessionID, cipherSuites, certificateTypes, session.srpUsername) #Or send ClientHello (without) else: clientHello = ClientHello() clientHello.create(settings.maxVersion, clientRandom, createByteArraySequence([]), cipherSuites, certificateTypes, srpUsername) for result in self._sendMsg(clientHello): yield result #Get ServerHello (or missing_srp_username) for result in self._getMsg((ContentType.handshake, ContentType.alert), HandshakeType.server_hello): if result in (0,1): yield result else: break msg = result if isinstance(msg, ServerHello): serverHello = msg elif isinstance(msg, Alert): alert = msg #If it's not a missing_srp_username, re-raise if alert.description != AlertDescription.missing_srp_username: self._shutdown(False) raise TLSRemoteAlert(alert) #If we're not in SRP callback mode, we won't have offered SRP #without a username, so we shouldn't get this alert if not srpCallback: for result in self._sendError(\ AlertDescription.unexpected_message): yield result srpParams = srpCallback() #If the callback returns None, cancel the handshake if srpParams == None: for result in self._sendError(AlertDescription.user_canceled): yield result #Recursively perform handshake for result in self._handshakeClientAsyncHelper(srpParams, None, None, None, None, settings, True): yield result return #Get the server version. Do this before anything else, so any #error alerts will use the server's version self.version = serverHello.server_version #Future responses from server must use this version self._versionCheck = True #Check ServerHello if serverHello.server_version < settings.minVersion: for result in self._sendError(\ AlertDescription.protocol_version, "Too old version: %s" % str(serverHello.server_version)): yield result if serverHello.server_version > settings.maxVersion: for result in self._sendError(\ AlertDescription.protocol_version, "Too new version: %s" % str(serverHello.server_version)): yield result if serverHello.cipher_suite not in cipherSuites: for result in self._sendError(\ AlertDescription.illegal_parameter, "Server responded with incorrect ciphersuite"): yield result if serverHello.certificate_type not in certificateTypes: for result in self._sendError(\ AlertDescription.illegal_parameter, "Server responded with incorrect certificate type"): yield result if serverHello.compression_method != 0: for result in self._sendError(\ AlertDescription.illegal_parameter, "Server responded with incorrect compression method"): yield result #Get the server nonce serverRandom = serverHello.random #If the server agrees to resume if session and session.sessionID and \ serverHello.session_id == session.sessionID: #If a shared-key, we're flexible about suites; otherwise the #server-chosen suite has to match the session's suite if sharedKeyParams: session.cipherSuite = serverHello.cipher_suite elif serverHello.cipher_suite != session.cipherSuite: for result in self._sendError(\ AlertDescription.illegal_parameter,\ "Server's ciphersuite doesn't match session"): yield result #Set the session for this connection self.session = session #Calculate pending connection states self._calcPendingStates(clientRandom, serverRandom, settings.cipherImplementations) #Exchange ChangeCipherSpec and Finished messages for result in self._getFinished(): yield result for result in self._sendFinished(): yield result #Mark the connection as open self._handshakeDone(resumed=True) #If server DOES NOT agree to resume else: if sharedKeyParams: for result in self._sendError(\ AlertDescription.user_canceled, "Was expecting a shared-key resumption"): yield result #We've already validated these cipherSuite = serverHello.cipher_suite certificateType = serverHello.certificate_type #If the server chose an SRP suite... if cipherSuite in CipherSuite.srpSuites: #Get ServerKeyExchange, ServerHelloDone for result in self._getMsg(ContentType.handshake, HandshakeType.server_key_exchange, cipherSuite): if result in (0,1): yield result else: break serverKeyExchange = result for result in self._getMsg(ContentType.handshake, HandshakeType.server_hello_done): if result in (0,1): yield result else: break serverHelloDone = result #If the server chose an SRP+RSA suite... elif cipherSuite in CipherSuite.srpRsaSuites: #Get Certificate, ServerKeyExchange, ServerHelloDone for result in self._getMsg(ContentType.handshake, HandshakeType.certificate, certificateType): if result in (0,1): yield result else: break serverCertificate = result for result in self._getMsg(ContentType.handshake, HandshakeType.server_key_exchange, cipherSuite): if result in (0,1): yield result else: break serverKeyExchange = result for result in self._getMsg(ContentType.handshake, HandshakeType.server_hello_done): if result in (0,1): yield result else: break serverHelloDone = result #If the server chose an RSA suite... elif cipherSuite in CipherSuite.rsaSuites: #Get Certificate[, CertificateRequest], ServerHelloDone for result in self._getMsg(ContentType.handshake, HandshakeType.certificate, certificateType): if result in (0,1): yield result else: break serverCertificate = result for result in self._getMsg(ContentType.handshake, (HandshakeType.server_hello_done, HandshakeType.certificate_request)): if result in (0,1): yield result else: break msg = result certificateRequest = None if isinstance(msg, CertificateRequest): certificateRequest = msg for result in self._getMsg(ContentType.handshake, HandshakeType.server_hello_done): if result in (0,1): yield result else: break serverHelloDone = result elif isinstance(msg, ServerHelloDone): serverHelloDone = msg else: raise AssertionError() #Calculate SRP premaster secret, if server chose an SRP or #SRP+RSA suite if cipherSuite in CipherSuite.srpSuites + \ CipherSuite.srpRsaSuites: #Get and check the server's group parameters and B value N = serverKeyExchange.srp_N g = serverKeyExchange.srp_g s = serverKeyExchange.srp_s B = serverKeyExchange.srp_B if (g,N) not in goodGroupParameters: for result in self._sendError(\ AlertDescription.untrusted_srp_parameters, "Unknown group parameters"): yield result if numBits(N) < settings.minKeySize: for result in self._sendError(\ AlertDescription.untrusted_srp_parameters, "N value is too small: %d" % numBits(N)): yield result if numBits(N) > settings.maxKeySize: for result in self._sendError(\ AlertDescription.untrusted_srp_parameters, "N value is too large: %d" % numBits(N)): yield result if B % N == 0: for result in self._sendError(\ AlertDescription.illegal_parameter, "Suspicious B value"): yield result #Check the server's signature, if server chose an #SRP+RSA suite if cipherSuite in CipherSuite.srpRsaSuites: #Hash ServerKeyExchange/ServerSRPParams hashBytes = serverKeyExchange.hash(clientRandom, serverRandom) #Extract signature bytes from ServerKeyExchange sigBytes = serverKeyExchange.signature if len(sigBytes) == 0: for result in self._sendError(\ AlertDescription.illegal_parameter, "Server sent an SRP ServerKeyExchange "\ "message without a signature"): yield result #Get server's public key from the Certificate message for result in self._getKeyFromChain(serverCertificate, settings): if result in (0,1): yield result else: break publicKey, serverCertChain = result #Verify signature if not publicKey.verify(sigBytes, hashBytes): for result in self._sendError(\ AlertDescription.decrypt_error, "Signature failed to verify"): yield result #Calculate client's ephemeral DH values (a, A) a = bytesToNumber(getRandomBytes(32)) A = powMod(g, a, N) #Calculate client's static DH values (x, v) x = makeX(bytesToString(s), srpUsername, password) v = powMod(g, x, N) #Calculate u u = makeU(N, A, B) #Calculate premaster secret k = makeK(N, g) S = powMod((B - (k*v)) % N, a+(u*x), N) if self.fault == Fault.badA: A = N S = 0 premasterSecret = numberToBytes(S) #Send ClientKeyExchange for result in self._sendMsg(\ ClientKeyExchange(cipherSuite).createSRP(A)): yield result #Calculate RSA premaster secret, if server chose an RSA suite elif cipherSuite in CipherSuite.rsaSuites: #Handle the presence of a CertificateRequest if certificateRequest: if unknownParams and certCallback: certParamsNew = certCallback() if certParamsNew: clientCertChain, privateKey = certParamsNew #Get server's public key from the Certificate message for result in self._getKeyFromChain(serverCertificate, settings): if result in (0,1): yield result else: break publicKey, serverCertChain = result #Calculate premaster secret premasterSecret = getRandomBytes(48) premasterSecret[0] = settings.maxVersion[0] premasterSecret[1] = settings.maxVersion[1] if self.fault == Fault.badPremasterPadding: premasterSecret[0] = 5 if self.fault == Fault.shortPremasterSecret: premasterSecret = premasterSecret[:-1] #Encrypt premaster secret to server's public key encryptedPreMasterSecret = publicKey.encrypt(premasterSecret) #If client authentication was requested, send Certificate #message, either with certificates or empty if certificateRequest: clientCertificate = Certificate(certificateType) if clientCertChain: #Check to make sure we have the same type of #certificates the server requested wrongType = False if certificateType == CertificateType.x509: if not isinstance(clientCertChain, X509CertChain): wrongType = True elif certificateType == CertificateType.cryptoID: if not isinstance(clientCertChain, cryptoIDlib.CertChain.CertChain): wrongType = True if wrongType: for result in self._sendError(\ AlertDescription.handshake_failure, "Client certificate is of wrong type"): yield result clientCertificate.create(clientCertChain) for result in self._sendMsg(clientCertificate): yield result else: #The server didn't request client auth, so we #zeroize these so the clientCertChain won't be #stored in the session. privateKey = None clientCertChain = None #Send ClientKeyExchange clientKeyExchange = ClientKeyExchange(cipherSuite, self.version) clientKeyExchange.createRSA(encryptedPreMasterSecret) for result in self._sendMsg(clientKeyExchange): yield result #If client authentication was requested and we have a #private key, send CertificateVerify if certificateRequest and privateKey: if self.version == (3,0): #Create a temporary session object, just for the #purpose of creating the CertificateVerify session = Session() session._calcMasterSecret(self.version, premasterSecret, clientRandom, serverRandom) verifyBytes = self._calcSSLHandshakeHash(\ session.masterSecret, "") elif self.version in ((3,1), (3,2)): verifyBytes = stringToBytes(\ self._handshake_md5.digest() + \ self._handshake_sha.digest()) if self.fault == Fault.badVerifyMessage: verifyBytes[0] = ((verifyBytes[0]+1) % 256) signedBytes = privateKey.sign(verifyBytes) certificateVerify = CertificateVerify() certificateVerify.create(signedBytes) for result in self._sendMsg(certificateVerify): yield result #Create the session object self.session = Session() self.session._calcMasterSecret(self.version, premasterSecret, clientRandom, serverRandom) self.session.sessionID = serverHello.session_id self.session.cipherSuite = cipherSuite self.session.srpUsername = srpUsername self.session.clientCertChain = clientCertChain self.session.serverCertChain = serverCertChain #Calculate pending connection states self._calcPendingStates(clientRandom, serverRandom, settings.cipherImplementations) #Exchange ChangeCipherSpec and Finished messages for result in self._sendFinished(): yield result for result in self._getFinished(): yield result #Mark the connection as open self.session._setResumable(True) self._handshakeDone(resumed=False) def handshakeServer(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None): """Perform a handshake in the role of server. This function performs an SSL or TLS handshake. Depending on the arguments and the behavior of the client, this function can perform a shared-key, SRP, or certificate-based handshake. It can also perform a combined SRP and server-certificate handshake. Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. This function does not send a Hello Request message before performing the handshake, so if re-handshaking is required, the server must signal the client to begin the re-handshake through some other means. If the function completes without raising an exception, the TLS connection will be open and available for data transfer. If an exception is raised, the connection will have been automatically closed (if it was ever open). @type sharedKeyDB: L{tlslite.SharedKeyDB.SharedKeyDB} @param sharedKeyDB: A database of shared symmetric keys associated with usernames. If the client performs a shared-key handshake, the session's sharedKeyUsername attribute will be set. @type verifierDB: L{tlslite.VerifierDB.VerifierDB} @param verifierDB: A database of SRP password verifiers associated with usernames. If the client performs an SRP handshake, the session's srpUsername attribute will be set. @type certChain: L{tlslite.X509CertChain.X509CertChain} or L{cryptoIDlib.CertChain.CertChain} @param certChain: The certificate chain to be used if the client requests server certificate authentication. @type privateKey: L{tlslite.utils.RSAKey.RSAKey} @param privateKey: The private key to be used if the client requests server certificate authentication. @type reqCert: bool @param reqCert: Whether to request client certificate authentication. This only applies if the client chooses server certificate authentication; if the client chooses SRP or shared-key authentication, this will be ignored. If the client performs a client certificate authentication, the sessions's clientCertChain attribute will be set. @type sessionCache: L{tlslite.SessionCache.SessionCache} @param sessionCache: An in-memory cache of resumable sessions. The client can resume sessions from this cache. Alternatively, if the client performs a full handshake, a new session will be added to the cache. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} @param settings: Various settings which can be used to control the ciphersuites and SSL/TLS version chosen by the server. @type checker: L{tlslite.Checker.Checker} @param checker: A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully. @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. @raise tlslite.errors.TLSAlert: If a TLS alert is signalled. @raise tlslite.errors.TLSAuthenticationError: If the checker doesn't like the other party's authentication credentials. """ for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, settings, checker): pass def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None): """Start a server handshake operation on the TLS connection. This function returns a generator which behaves similarly to handshakeServer(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or it will raise StopIteration if the handshake operation is complete. @rtype: iterable @return: A generator; see above for details. """ handshaker = self._handshakeServerAsyncHelper(\ sharedKeyDB=sharedKeyDB, verifierDB=verifierDB, certChain=certChain, privateKey=privateKey, reqCert=reqCert, sessionCache=sessionCache, settings=settings) for result in self._handshakeWrapperAsync(handshaker, checker): yield result def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, settings): self._handshakeStart(client=False) if (not sharedKeyDB) and (not verifierDB) and (not certChain): raise ValueError("Caller passed no authentication credentials") if certChain and not privateKey: raise ValueError("Caller passed a certChain but no privateKey") if privateKey and not certChain: raise ValueError("Caller passed a privateKey but no certChain") if not settings: settings = HandshakeSettings() settings = settings._filter() #Initialize acceptable cipher suites cipherSuites = [] if verifierDB: if certChain: cipherSuites += \ CipherSuite.getSrpRsaSuites(settings.cipherNames) cipherSuites += CipherSuite.getSrpSuites(settings.cipherNames) if sharedKeyDB or certChain: cipherSuites += CipherSuite.getRsaSuites(settings.cipherNames) #Initialize acceptable certificate type certificateType = None if certChain: try: import cryptoIDlib.CertChain if isinstance(certChain, cryptoIDlib.CertChain.CertChain): certificateType = CertificateType.cryptoID except ImportError: pass if isinstance(certChain, X509CertChain): certificateType = CertificateType.x509 if certificateType == None: raise ValueError("Unrecognized certificate type") #Initialize locals clientCertChain = None serverCertChain = None #We may set certChain to this later postFinishedError = None #Tentatively set version to most-desirable version, so if an error #occurs parsing the ClientHello, this is what we'll use for the #error alert self.version = settings.maxVersion #Get ClientHello for result in self._getMsg(ContentType.handshake, HandshakeType.client_hello): if result in (0,1): yield result else: break clientHello = result #If client's version is too low, reject it if clientHello.client_version < settings.minVersion: self.version = settings.minVersion for result in self._sendError(\ AlertDescription.protocol_version, "Too old version: %s" % str(clientHello.client_version)): yield result #If client's version is too high, propose my highest version elif clientHello.client_version > settings.maxVersion: self.version = settings.maxVersion else: #Set the version to the client's version self.version = clientHello.client_version #Get the client nonce; create server nonce clientRandom = clientHello.random serverRandom = getRandomBytes(32) #Calculate the first cipher suite intersection. #This is the 'privileged' ciphersuite. We'll use it if we're #doing a shared-key resumption or a new negotiation. In fact, #the only time we won't use it is if we're resuming a non-sharedkey #session, in which case we use the ciphersuite from the session. # #Given the current ciphersuite ordering, this means we prefer SRP #over non-SRP. for cipherSuite in cipherSuites: if cipherSuite in clientHello.cipher_suites: break else: for result in self._sendError(\ AlertDescription.handshake_failure): yield result #If resumption was requested... if clientHello.session_id and (sharedKeyDB or sessionCache): session = None #Check in the sharedKeys container if sharedKeyDB and len(clientHello.session_id)==16: try: #Trim off zero padding, if any for x in range(16): if clientHello.session_id[x]==0: break self.allegedSharedKeyUsername = bytesToString(\ clientHello.session_id[:x]) session = sharedKeyDB[self.allegedSharedKeyUsername] if not session.sharedKey: raise AssertionError() #use privileged ciphersuite session.cipherSuite = cipherSuite except KeyError: pass #Then check in the session cache if sessionCache and not session: try: session = sessionCache[bytesToString(\ clientHello.session_id)] if session.sharedKey: raise AssertionError() if not session.resumable: raise AssertionError() #Check for consistency with ClientHello if session.cipherSuite not in cipherSuites: for result in self._sendError(\ AlertDescription.handshake_failure): yield result if session.cipherSuite not in clientHello.cipher_suites: for result in self._sendError(\ AlertDescription.handshake_failure): yield result if clientHello.srp_username: if clientHello.srp_username != session.srpUsername: for result in self._sendError(\ AlertDescription.handshake_failure): yield result except KeyError: pass #If a session is found.. if session: #Set the session self.session = session #Send ServerHello serverHello = ServerHello() serverHello.create(self.version, serverRandom, session.sessionID, session.cipherSuite, certificateType) for result in self._sendMsg(serverHello): yield result #From here on, the client's messages must have the right version self._versionCheck = True #Calculate pending connection states self._calcPendingStates(clientRandom, serverRandom, settings.cipherImplementations) #Exchange ChangeCipherSpec and Finished messages for result in self._sendFinished(): yield result for result in self._getFinished(): yield result #Mark the connection as open self._handshakeDone(resumed=True) return #If not a resumption... #TRICKY: we might have chosen an RSA suite that was only deemed #acceptable because of the shared-key resumption. If the shared- #key resumption failed, because the identifier wasn't recognized, #we might fall through to here, where we have an RSA suite #chosen, but no certificate. if cipherSuite in CipherSuite.rsaSuites and not certChain: for result in self._sendError(\ AlertDescription.handshake_failure): yield result #If an RSA suite is chosen, check for certificate type intersection #(We do this check down here because if the mismatch occurs but the # client is using a shared-key session, it's okay) if cipherSuite in CipherSuite.rsaSuites + \ CipherSuite.srpRsaSuites: if certificateType not in clientHello.certificate_types: for result in self._sendError(\ AlertDescription.handshake_failure, "the client doesn't support my certificate type"): yield result #Move certChain -> serverCertChain, now that we're using it serverCertChain = certChain #Create sessionID if sessionCache: sessionID = getRandomBytes(32) else: sessionID = createByteArraySequence([]) #If we've selected an SRP suite, exchange keys and calculate #premaster secret: if cipherSuite in CipherSuite.srpSuites + CipherSuite.srpRsaSuites: #If there's no SRP username... if not clientHello.srp_username: #Ask the client to re-send ClientHello with one for result in self._sendMsg(Alert().create(\ AlertDescription.missing_srp_username, AlertLevel.warning)): yield result #Get ClientHello for result in self._getMsg(ContentType.handshake, HandshakeType.client_hello): if result in (0,1): yield result else: break clientHello = result #Check ClientHello #If client's version is too low, reject it (COPIED CODE; BAD!) if clientHello.client_version < settings.minVersion: self.version = settings.minVersion for result in self._sendError(\ AlertDescription.protocol_version, "Too old version: %s" % str(clientHello.client_version)): yield result #If client's version is too high, propose my highest version elif clientHello.client_version > settings.maxVersion: self.version = settings.maxVersion else: #Set the version to the client's version self.version = clientHello.client_version #Recalculate the privileged cipher suite, making sure to #pick an SRP suite cipherSuites = [c for c in cipherSuites if c in \ CipherSuite.srpSuites + \ CipherSuite.srpRsaSuites] for cipherSuite in cipherSuites: if cipherSuite in clientHello.cipher_suites: break else: for result in self._sendError(\ AlertDescription.handshake_failure): yield result #Get the client nonce; create server nonce clientRandom = clientHello.random serverRandom = getRandomBytes(32) #The username better be there, this time if not clientHello.srp_username: for result in self._sendError(\ AlertDescription.illegal_parameter, "Client resent a hello, but without the SRP"\ " username"): yield result #Get username self.allegedSrpUsername = clientHello.srp_username #Get parameters from username try: entry = verifierDB[self.allegedSrpUsername] except KeyError: for result in self._sendError(\ AlertDescription.unknown_srp_username): yield result (N, g, s, v) = entry #Calculate server's ephemeral DH values (b, B) b = bytesToNumber(getRandomBytes(32)) k = makeK(N, g) B = (powMod(g, b, N) + (k*v)) % N #Create ServerKeyExchange, signing it if necessary serverKeyExchange = ServerKeyExchange(cipherSuite) serverKeyExchange.createSRP(N, g, stringToBytes(s), B) if cipherSuite in CipherSuite.srpRsaSuites: hashBytes = serverKeyExchange.hash(clientRandom, serverRandom) serverKeyExchange.signature = privateKey.sign(hashBytes) #Send ServerHello[, Certificate], ServerKeyExchange, #ServerHelloDone msgs = [] serverHello = ServerHello() serverHello.create(self.version, serverRandom, sessionID, cipherSuite, certificateType) msgs.append(serverHello) if cipherSuite in CipherSuite.srpRsaSuites: certificateMsg = Certificate(certificateType) certificateMsg.create(serverCertChain) msgs.append(certificateMsg) msgs.append(serverKeyExchange) msgs.append(ServerHelloDone()) for result in self._sendMsgs(msgs): yield result #From here on, the client's messages must have the right version self._versionCheck = True #Get and check ClientKeyExchange for result in self._getMsg(ContentType.handshake, HandshakeType.client_key_exchange, cipherSuite): if result in (0,1): yield result else: break clientKeyExchange = result A = clientKeyExchange.srp_A if A % N == 0: postFinishedError = (AlertDescription.illegal_parameter, "Suspicious A value") #Calculate u u = makeU(N, A, B) #Calculate premaster secret S = powMod((A * powMod(v,u,N)) % N, b, N) premasterSecret = numberToBytes(S) #If we've selected an RSA suite, exchange keys and calculate #premaster secret: elif cipherSuite in CipherSuite.rsaSuites: #Send ServerHello, Certificate[, CertificateRequest], #ServerHelloDone msgs = [] msgs.append(ServerHello().create(self.version, serverRandom, sessionID, cipherSuite, certificateType)) msgs.append(Certificate(certificateType).create(serverCertChain)) if reqCert: msgs.append(CertificateRequest()) msgs.append(ServerHelloDone()) for result in self._sendMsgs(msgs): yield result #From here on, the client's messages must have the right version self._versionCheck = True #Get [Certificate,] (if was requested) if reqCert: if self.version == (3,0): for result in self._getMsg((ContentType.handshake, ContentType.alert), HandshakeType.certificate, certificateType): if result in (0,1): yield result else: break msg = result if isinstance(msg, Alert): #If it's not a no_certificate alert, re-raise alert = msg if alert.description != \ AlertDescription.no_certificate: self._shutdown(False) raise TLSRemoteAlert(alert) elif isinstance(msg, Certificate): clientCertificate = msg if clientCertificate.certChain and \ clientCertificate.certChain.getNumCerts()!=0: clientCertChain = clientCertificate.certChain else: raise AssertionError() elif self.version in ((3,1), (3,2)): for result in self._getMsg(ContentType.handshake, HandshakeType.certificate, certificateType): if result in (0,1): yield result else: break clientCertificate = result if clientCertificate.certChain and \ clientCertificate.certChain.getNumCerts()!=0: clientCertChain = clientCertificate.certChain else: raise AssertionError() #Get ClientKeyExchange for result in self._getMsg(ContentType.handshake, HandshakeType.client_key_exchange, cipherSuite): if result in (0,1): yield result else: break clientKeyExchange = result #Decrypt ClientKeyExchange premasterSecret = privateKey.decrypt(\ clientKeyExchange.encryptedPreMasterSecret) randomPreMasterSecret = getRandomBytes(48) versionCheck = (premasterSecret[0], premasterSecret[1]) if not premasterSecret: premasterSecret = randomPreMasterSecret elif len(premasterSecret)!=48: premasterSecret = randomPreMasterSecret elif versionCheck != clientHello.client_version: if versionCheck != self.version: #Tolerate buggy IE clients premasterSecret = randomPreMasterSecret #Get and check CertificateVerify, if relevant if clientCertChain: if self.version == (3,0): #Create a temporary session object, just for the purpose #of checking the CertificateVerify session = Session() session._calcMasterSecret(self.version, premasterSecret, clientRandom, serverRandom) verifyBytes = self._calcSSLHandshakeHash(\ session.masterSecret, "") elif self.version in ((3,1), (3,2)): verifyBytes = stringToBytes(self._handshake_md5.digest() +\ self._handshake_sha.digest()) for result in self._getMsg(ContentType.handshake, HandshakeType.certificate_verify): if result in (0,1): yield result else: break certificateVerify = result publicKey = clientCertChain.getEndEntityPublicKey() if len(publicKey) < settings.minKeySize: postFinishedError = (AlertDescription.handshake_failure, "Client's public key too small: %d" % len(publicKey)) if len(publicKey) > settings.maxKeySize: postFinishedError = (AlertDescription.handshake_failure, "Client's public key too large: %d" % len(publicKey)) if not publicKey.verify(certificateVerify.signature, verifyBytes): postFinishedError = (AlertDescription.decrypt_error, "Signature failed to verify") #Create the session object self.session = Session() self.session._calcMasterSecret(self.version, premasterSecret, clientRandom, serverRandom) self.session.sessionID = sessionID self.session.cipherSuite = cipherSuite self.session.srpUsername = self.allegedSrpUsername self.session.clientCertChain = clientCertChain self.session.serverCertChain = serverCertChain #Calculate pending connection states self._calcPendingStates(clientRandom, serverRandom, settings.cipherImplementations) #Exchange ChangeCipherSpec and Finished messages for result in self._getFinished(): yield result #If we were holding a post-finished error until receiving the client #finished message, send it now. We delay the call until this point #because calling sendError() throws an exception, and our caller might #shut down the socket upon receiving the exception. If he did, and the #client was still sending its ChangeCipherSpec or Finished messages, it #would cause a socket error on the client side. This is a lot of #consideration to show to misbehaving clients, but this would also #cause problems with fault-testing. if postFinishedError: for result in self._sendError(*postFinishedError): yield result for result in self._sendFinished(): yield result #Add the session object to the session cache if sessionCache and sessionID: sessionCache[bytesToString(sessionID)] = self.session #Mark the connection as open self.session._setResumable(True) self._handshakeDone(resumed=False) def _handshakeWrapperAsync(self, handshaker, checker): if not self.fault: try: for result in handshaker: yield result if checker: try: checker(self) except TLSAuthenticationError: alert = Alert().create(AlertDescription.close_notify, AlertLevel.fatal) for result in self._sendMsg(alert): yield result raise except: self._shutdown(False) raise else: try: for result in handshaker: yield result if checker: try: checker(self) except TLSAuthenticationError: alert = Alert().create(AlertDescription.close_notify, AlertLevel.fatal) for result in self._sendMsg(alert): yield result raise except socket.error, e: raise TLSFaultError("socket error!") except TLSAbruptCloseError, e: raise TLSFaultError("abrupt close error!") except TLSAlert, alert: if alert.description not in Fault.faultAlerts[self.fault]: raise TLSFaultError(str(alert)) else: pass except: self._shutdown(False) raise else: raise TLSFaultError("No error!") def _getKeyFromChain(self, certificate, settings): #Get and check cert chain from the Certificate message certChain = certificate.certChain if not certChain or certChain.getNumCerts() == 0: for result in self._sendError(AlertDescription.illegal_parameter, "Other party sent a Certificate message without "\ "certificates"): yield result #Get and check public key from the cert chain publicKey = certChain.getEndEntityPublicKey() if len(publicKey) < settings.minKeySize: for result in self._sendError(AlertDescription.handshake_failure, "Other party's public key too small: %d" % len(publicKey)): yield result if len(publicKey) > settings.maxKeySize: for result in self._sendError(AlertDescription.handshake_failure, "Other party's public key too large: %d" % len(publicKey)): yield result yield publicKey, certChain tlslite-0.3.8/tlslite/constants.py0000700000175000017500000001646410062004507016252 0ustar clintclint"""Constants used in various places.""" class CertificateType: x509 = 0 openpgp = 1 cryptoID = 2 class HandshakeType: hello_request = 0 client_hello = 1 server_hello = 2 certificate = 11 server_key_exchange = 12 certificate_request = 13 server_hello_done = 14 certificate_verify = 15 client_key_exchange = 16 finished = 20 class ContentType: change_cipher_spec = 20 alert = 21 handshake = 22 application_data = 23 all = (20,21,22,23) class AlertLevel: warning = 1 fatal = 2 class AlertDescription: """ @cvar bad_record_mac: A TLS record failed to decrypt properly. If this occurs during a shared-key or SRP handshake it most likely indicates a bad password. It may also indicate an implementation error, or some tampering with the data in transit. This alert will be signalled by the server if the SRP password is bad. It may also be signalled by the server if the SRP username is unknown to the server, but it doesn't wish to reveal that fact. This alert will be signalled by the client if the shared-key username is bad. @cvar handshake_failure: A problem occurred while handshaking. This typically indicates a lack of common ciphersuites between client and server, or some other disagreement (about SRP parameters or key sizes, for example). @cvar protocol_version: The other party's SSL/TLS version was unacceptable. This indicates that the client and server couldn't agree on which version of SSL or TLS to use. @cvar user_canceled: The handshake is being cancelled for some reason. """ close_notify = 0 unexpected_message = 10 bad_record_mac = 20 decryption_failed = 21 record_overflow = 22 decompression_failure = 30 handshake_failure = 40 no_certificate = 41 #SSLv3 bad_certificate = 42 unsupported_certificate = 43 certificate_revoked = 44 certificate_expired = 45 certificate_unknown = 46 illegal_parameter = 47 unknown_ca = 48 access_denied = 49 decode_error = 50 decrypt_error = 51 export_restriction = 60 protocol_version = 70 insufficient_security = 71 internal_error = 80 user_canceled = 90 no_renegotiation = 100 unknown_srp_username = 120 missing_srp_username = 121 untrusted_srp_parameters = 122 class CipherSuite: TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0x0050 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0053 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0056 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0051 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0054 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0057 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 TLS_RSA_WITH_RC4_128_SHA = 0x0005 srpSuites = [] srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) def getSrpSuites(ciphers): suites = [] for cipher in ciphers: if cipher == "aes128": suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA) elif cipher == "aes256": suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA) elif cipher == "3des": suites.append(CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) return suites getSrpSuites = staticmethod(getSrpSuites) srpRsaSuites = [] srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) def getSrpRsaSuites(ciphers): suites = [] for cipher in ciphers: if cipher == "aes128": suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) elif cipher == "aes256": suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) elif cipher == "3des": suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) return suites getSrpRsaSuites = staticmethod(getSrpRsaSuites) rsaSuites = [] rsaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) rsaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) rsaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) rsaSuites.append(TLS_RSA_WITH_RC4_128_SHA) def getRsaSuites(ciphers): suites = [] for cipher in ciphers: if cipher == "aes128": suites.append(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA) elif cipher == "aes256": suites.append(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA) elif cipher == "rc4": suites.append(CipherSuite.TLS_RSA_WITH_RC4_128_SHA) elif cipher == "3des": suites.append(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA) return suites getRsaSuites = staticmethod(getRsaSuites) tripleDESSuites = [] tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) aes128Suites = [] aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) aes256Suites = [] aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) rc4Suites = [] rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) class Fault: badUsername = 101 badPassword = 102 badA = 103 clientSrpFaults = range(101,104) badVerifyMessage = 601 clientCertFaults = range(601,602) badPremasterPadding = 501 shortPremasterSecret = 502 clientNoAuthFaults = range(501,503) badIdentifier = 401 badSharedKey = 402 clientSharedKeyFaults = range(401,403) badB = 201 serverFaults = range(201,202) badFinished = 300 badMAC = 301 badPadding = 302 genericFaults = range(300,303) faultAlerts = {\ badUsername: (AlertDescription.unknown_srp_username, \ AlertDescription.bad_record_mac),\ badPassword: (AlertDescription.bad_record_mac,),\ badA: (AlertDescription.illegal_parameter,),\ badIdentifier: (AlertDescription.handshake_failure,),\ badSharedKey: (AlertDescription.bad_record_mac,),\ badPremasterPadding: (AlertDescription.bad_record_mac,),\ shortPremasterSecret: (AlertDescription.bad_record_mac,),\ badVerifyMessage: (AlertDescription.decrypt_error,),\ badFinished: (AlertDescription.decrypt_error,),\ badMAC: (AlertDescription.bad_record_mac,),\ badPadding: (AlertDescription.bad_record_mac,) } faultNames = {\ badUsername: "bad username",\ badPassword: "bad password",\ badA: "bad A",\ badIdentifier: "bad identifier",\ badSharedKey: "bad sharedkey",\ badPremasterPadding: "bad premaster padding",\ shortPremasterSecret: "short premaster secret",\ badVerifyMessage: "bad verify message",\ badFinished: "bad finished message",\ badMAC: "bad MAC",\ badPadding: "bad padding" } tlslite-0.3.8/docs/0000700000175000017500000000000010206516226013124 5ustar clintclinttlslite-0.3.8/docs/private/0000700000175000017500000000000010206544755014606 5ustar clintclinttlslite-0.3.8/docs/private/tlslite.messages.ServerKeyExchange-class.html0000700000175000017500000001452210206544645025453 0ustar clintclint tlslite.messages.ServerKeyExchange
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ServerKeyExchange
    [show private | hide private]
    [frames | no frames]

    Class ServerKeyExchange

         Msg --+    
           |    
HandshakeMsg --+
               |
              ServerKeyExchange

    Method Summary
      __init__(self, cipherSuite)
      createSRP(self, srp_N, srp_g, srp_s, srp_B)
      hash(self, clientRandom, serverRandom)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.HandshakeSettings-module.html0000700000175000017500000000170510206544651024631 0ustar clintclint tlslite.HandshakeSettings
    HandshakeSettings
    Classes
    HandshakeSettings

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.constants.CertificateType-class.html0000700000175000017500000001766210206544647025374 0ustar clintclint tlslite.constants.CertificateType
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class CertificateType
    [show private | hide private]
    [frames | no frames]

    Class CertificateType

    Class Variable Summary
    int cryptoID = 2                                                                     
    int openpgp = 1                                                                     
    int x509 = 0                                                                     

    Class Variable Details

    cryptoID

    Type:
    int
    Value:
    2                                                                     

    openpgp

    Type:
    int
    Value:
    1                                                                     

    x509

    Type:
    int
    Value:
    0                                                                     

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.Cryptlib_AES-module.html0000700000175000017500000000217710206544651024645 0ustar clintclint tlslite.utils.Cryptlib_AES
    Cryptlib_AES
    Classes
    Cryptlib_AES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.messages.ApplicationData-class.html0000700000175000017500000001257610206544645025135 0ustar clintclint tlslite.messages.ApplicationData
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ApplicationData
    [show private | hide private]
    [frames | no frames]

    Class ApplicationData

    Msg --+
      |
     ApplicationData

    Method Summary
      __init__(self)
      create(self, bytes)
      parse(self, p)
      write(self)
        Inherited from Msg
      postWrite(self, w, trial)
      preWrite(self, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.RSAKey.RSAKey-class.html0000700000175000017500000005725710206544647023633 0ustar clintclint tlslite.utils.RSAKey.RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module RSAKey :: Class RSAKey
    [show private | hide private]
    [frames | no frames]

    Class RSAKey

    Known Subclasses:
    OpenSSL_RSAKey, PyCrypto_RSAKey, Python_RSAKey

    This is an abstract base class for RSA keys.

    Particular implementations of RSA keys, such as OpenSSL_RSAKey.OpenSSL_RSAKey, Python_RSAKey.Python_RSAKey, and PyCrypto_RSAKey.PyCrypto_RSAKey, inherit from this.

    To create or parse an RSA key, don't use one of these classes directly. Instead, use the factory functions in tlslite.utils.keyfactory.
    Method Summary
      __init__(self, n, e)
    Create a new RSA key.
    int __len__(self)
    Return the length of this key in bits.
    bool acceptsPassword(self)
    Return True if the write() method accepts a password for use in encrypting the private key.
    array.array of unsigned bytes or None. decrypt(self, encBytes)
    Decrypt the passed-in bytes.
    array.array of unsigned bytes. encrypt(self, bytes)
    Encrypt the passed-in bytes.
    tlslite.utils.RSAKey.RSAKey generate(bits)
    Generate a new key with the specified bit length. (Static method)
    str getSigningAlgorithm(self)
    Return the cryptoID sigAlgo value corresponding to this key.
    str hash(self)
    Return the cryptoID <keyHash> value corresponding to this key.
    array.array of unsigned bytes. hashAndSign(self, bytes)
    Hash and sign the passed-in bytes.
    bool hashAndVerify(self, sigBytes, bytes)
    Hash and verify the passed-in bytes with the signature.
    bool hasPrivateKey(self)
    Return whether or not this key has a private component.
    array.array of unsigned bytes. sign(self, bytes)
    Sign the passed-in bytes.
    bool verify(self, sigBytes, bytes)
    Verify the passed-in bytes with the signature.
    str write(self, password)
    Return a string containing the key.
    str writeXMLPublicKey(self, indent)
    Return a string containing the key.
      _addPKCS1Padding(self, bytes, blockType)
      _addPKCS1SHA1Prefix(self, bytes)
      _rawPrivateKeyOp(self, m)
      _rawPublicKeyOp(self, c)

    Instance Method Details

    __init__(self, n=0, e=0)
    (Constructor)

    Create a new RSA key.

    If n and e are passed in, the new key will be initialized.
    Parameters:
    n - RSA modulus.
               (type=int)
    e - RSA public exponent.
               (type=int)

    __len__(self)
    (Length operator)

    Return the length of this key in bits.
    Returns:
    int

    acceptsPassword(self)

    Return True if the write() method accepts a password for use in encrypting the private key.
    Returns:
    bool

    decrypt(self, encBytes)

    Decrypt the passed-in bytes.

    This requires the key to have a private component. It performs PKCS1 decryption of the passed-in data.
    Parameters:
    encBytes - The value which will be decrypted.
               (type=array.array of unsigned bytes)
    Returns:
    A PKCS1 decryption of the passed-in data or None if the data is not properly formatted.
               (type=array.array of unsigned bytes or None.)

    encrypt(self, bytes)

    Encrypt the passed-in bytes.

    This performs PKCS1 encryption of the passed-in data.
    Parameters:
    bytes - The value which will be encrypted.
               (type=array.array of unsigned bytes)
    Returns:
    A PKCS1 encryption of the passed-in data.
               (type=array.array of unsigned bytes.)

    getSigningAlgorithm(self)

    Return the cryptoID sigAlgo value corresponding to this key.
    Returns:
    str

    hash(self)

    Return the cryptoID <keyHash> value corresponding to this key.
    Returns:
    str

    hashAndSign(self, bytes)

    Hash and sign the passed-in bytes.

    This requires the key to have a private component. It performs a PKCS1-SHA1 signature on the passed-in data.
    Parameters:
    bytes - The value which will be hashed and signed.
               (type=str or array.array of unsigned bytes)
    Returns:
    A PKCS1-SHA1 signature on the passed-in data.
               (type=array.array of unsigned bytes.)

    hashAndVerify(self, sigBytes, bytes)

    Hash and verify the passed-in bytes with the signature.

    This verifies a PKCS1-SHA1 signature on the passed-in data.
    Parameters:
    sigBytes - A PKCS1-SHA1 signature.
               (type=array.array of unsigned bytes)
    bytes - The value which will be hashed and verified.
               (type=str or array.array of unsigned bytes)
    Returns:
    Whether the signature matches the passed-in data.
               (type=bool)

    hasPrivateKey(self)

    Return whether or not this key has a private component.
    Returns:
    bool

    sign(self, bytes)

    Sign the passed-in bytes.

    This requires the key to have a private component. It performs a PKCS1 signature on the passed-in data.
    Parameters:
    bytes - The value which will be signed.
               (type=array.array of unsigned bytes)
    Returns:
    A PKCS1 signature on the passed-in data.
               (type=array.array of unsigned bytes.)

    verify(self, sigBytes, bytes)

    Verify the passed-in bytes with the signature.

    This verifies a PKCS1 signature on the passed-in data.
    Parameters:
    sigBytes - A PKCS1 signature.
               (type=array.array of unsigned bytes)
    bytes - The value which will be verified.
               (type=array.array of unsigned bytes)
    Returns:
    Whether the signature matches the passed-in data.
               (type=bool)

    write(self, password=None)

    Return a string containing the key.
    Returns:
    A string describing the key, in whichever format (PEM or XML) is native to the implementation.
               (type=str)

    writeXMLPublicKey(self, indent='')

    Return a string containing the key.
    Returns:
    A string describing the public key, in XML format.
               (type=str)

    Static Method Details

    generate(bits)

    Generate a new key with the specified bit length.
    Returns:
    tlslite.utils.RSAKey.RSAKey

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration-module.html0000700000175000017500000001151110206544646022762 0ustar clintclint tlslite.integration
       Home       Trees       Index       Help   
    Package tlslite :: Package integration
    [show private | hide private]
    [frames | no frames]

    Package tlslite.integration

    Classes for integrating TLS Lite with other packages.
    Submodules

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Python_RC4.Python_RC4-class.html0000700000175000017500000001070210206544647025301 0ustar clintclint tlslite.utils.Python_RC4.Python_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_RC4 :: Class Python_RC4
    [show private | hide private]
    [frames | no frames]

    Class Python_RC4

    RC4 --+
      |
     Python_RC4

    Method Summary
      __init__(self, key)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.Checker.Checker-class.html0000700000175000017500000002310010206544646023163 0ustar clintclint tlslite.Checker.Checker
       Home       Trees       Index       Help   
    Package tlslite :: Module Checker :: Class Checker
    [show private | hide private]
    [frames | no frames]

    Class Checker

    This class is passed to a handshake function to check the other party's certificate chain.

    If a handshake function completes successfully, but the Checker judges the other party's certificate chain to be missing or inadequate, a subclass of tlslite.errors.TLSAuthenticationError will be raised.

    Currently, the Checker can check either an X.509 or a cryptoID chain (for the latter, cryptoIDlib must be installed).
    Method Summary
      __init__(self, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, checkResumedSession)
    Create a new Checker instance.
      __call__(self, connection)
    Check a TLSConnection.

    Method Details

    __init__(self, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, checkResumedSession=False)
    (Constructor)

    Create a new Checker instance.

    You must pass in one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)
    Parameters:
    cryptoID - A cryptoID which the other party's certificate chain must match. The cryptoIDlib module must be installed. Mutually exclusive with all of the 'x509...' arguments.
               (type=str)
    protocol - A cryptoID protocol URI which the other party's certificate chain must match. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - A hex-encoded X.509 end-entity fingerprint which the other party's end-entity certificate must match. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    checkResumedSession - If resumed sessions should be checked. This defaults to False, on the theory that if the session was checked once, we don't need to bother re-checking it.
               (type=bool)

    __call__(self, connection)
    (Call operator)

    Check a TLSConnection.

    When a Checker is passed to a handshake function, this will be called at the end of the function.
    Parameters:
    connection - The TLSConnection to examine.
               (type=tlslite.TLSConnection.TLSConnection)
    Raises:
    tlslite.errors.TLSAuthenticationError - If the other party's certificate chain is missing or bad.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.integration.IMAP4_TLS-module.html0000700000175000017500000000223310206544651025075 0ustar clintclint tlslite.integration.IMAP4_TLS
    IMAP4_TLS
    Classes
    IMAP4_TLS

    Variables
    IMAP4_TLS_PORT

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.Python_RSAKey-module.html0000700000175000017500000000674010206544650024240 0ustar clintclint tlslite.utils.Python_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_RSAKey
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Python_RSAKey

    Pure-Python RSA implementation.
    Classes
    Python_RSAKey  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.TripleDES-module.html0000700000175000017500000000667110206544645023403 0ustar clintclint tlslite.utils.TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module TripleDES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.TripleDES

    Abstract class for 3DES.
    Classes
    TripleDES  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils-module.html0000700000175000017500000000651210206544651022363 0ustar clintclint tlslite.utils
    utils
    Modules
    AES
    ASN1Parser
    cipherfactory
    codec
    compat
    Cryptlib_AES
    Cryptlib_RC4
    Cryptlib_TripleDES
    cryptomath
    dateFuncs
    hmac
    jython_compat
    keyfactory
    OpenSSL_AES
    OpenSSL_RC4
    OpenSSL_RSAKey
    OpenSSL_TripleDES
    PyCrypto_AES
    PyCrypto_RC4
    PyCrypto_RSAKey
    PyCrypto_TripleDES
    Python_AES
    Python_RC4
    Python_RSAKey
    RC4
    rijndael
    RSAKey
    TripleDES
    xmltools

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.HandshakeSettings.HandshakeSettings-class.html0000700000175000017500000002371510206544646027305 0ustar clintclint tlslite.HandshakeSettings.HandshakeSettings
       Home       Trees       Index       Help   
    Package tlslite :: Module HandshakeSettings :: Class HandshakeSettings
    [show private | hide private]
    [frames | no frames]

    Class HandshakeSettings

    This class encapsulates various parameters that can be used with a TLS handshake.
    Method Summary
      __init__(self)
      _filter(self)
      _getCertificateTypes(self)

    Instance Variable Summary
    int minKeySize: The minimum bit length for asymmetric keys.
    int maxKeySize: The maximum bit length for asymmetric keys.
    list cipherNames: The allowed ciphers, in order of preference.
    list certificateTypes: The allowed certificate types, in order of preference.
    tuple minVersion: The minimum allowed SSL/TLS version.
    tuple maxVersion: The maximum allowed SSL/TLS version.

    Instance Variable Details

    minKeySize

    The minimum bit length for asymmetric keys.

    If the other party tries to use SRP, RSA, or Diffie-Hellman parameters smaller than this length, an alert will be signalled. The default is 1023.
    Type:
    int

    maxKeySize

    The maximum bit length for asymmetric keys.

    If the other party tries to use SRP, RSA, or Diffie-Hellman parameters larger than this length, an alert will be signalled. The default is 8193.
    Type:
    int

    cipherNames

    The allowed ciphers, in order of preference.

    The allowed values in this list are 'aes256', 'aes128', '3des', and 'rc4'. If these settings are used with a client handshake, they determine the order of the ciphersuites offered in the ClientHello message.

    If these settings are used with a server handshake, the server will choose whichever ciphersuite matches the earliest entry in this list.

    NOTE: If '3des' is used in this list, but TLS Lite can't find an add-on library that supports 3DES, then '3des' will be silently removed.

    The default value is ['aes256', 'aes128', '3des', 'rc4'].
    Type:
    list

    certificateTypes

    The allowed certificate types, in order of preference.

    The allowed values in this list are 'x509' and 'cryptoID'. This list is only used with a client handshake. The client will advertise to the server which certificate types are supported, and will check that the server uses one of the appropriate types.

    NOTE: If 'cryptoID' is used in this list, but cryptoIDlib is not installed, then 'cryptoID' will be silently removed.
    Type:
    list

    minVersion

    The minimum allowed SSL/TLS version.

    This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to use a lower version, a protocol_version alert will be signalled. The default is (3,0).
    Type:
    tuple

    maxVersion

    The maximum allowed SSL/TLS version.

    This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to use a higher version, a protocol_version alert will be signalled. The default is (3,2). (WARNING: Some servers may (improperly) reject clients which offer support for TLS 1.1. In this case, try lowering maxVersion to (3,1)).
    Type:
    tuple

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.hmac-module.html0000700000175000017500000001773010206544650022512 0ustar clintclint tlslite.utils.hmac
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module hmac
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.hmac

    HMAC (Keyed-Hashing for Message Authentication) Python module.

    Implements the HMAC algorithm as described by RFC 2104.

    (This file is modified from the standard library version to do faster copying)
    Classes
    HMAC RFC2104 HMAC class.

    Function Summary
      new(key, msg, digestmod)
    Create a new hashing object and return it.
      _strxor(s1, s2)
    Utility method.

    Variable Summary
    NoneType digest_size = None                                                                  

    Function Details

    new(key, msg=None, digestmod=None)

    Create a new hashing object and return it.

    key: The starting key for the hash. msg: if available, will immediately be hashed into the object's starting state.

    You can now feed arbitrary strings into the object using its update() method, and can ask for the hash value at any time by calling its digest() method.

    _strxor(s1, s2)

    Utility method. XOR the two strings s1 and s2 (must have same length).

    Variable Details

    digest_size

    Type:
    NoneType
    Value:
    None                                                                  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.POP3_TLS-module.html0000700000175000017500000001303410206544647024227 0ustar clintclint tlslite.integration.POP3_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module POP3_TLS
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.POP3_TLS

    TLS Lite + poplib.
    Classes
    POP3_TLS This class extends poplib.POP3 with TLS support.

    Variable Summary
    int POP3_TLS_PORT = 995                                                                   

    Variable Details

    POP3_TLS_PORT

    Type:
    int
    Value:
    995                                                                   

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/imaplib.IMAP4-class.html0000700000175000017500000014635510206544645021044 0ustar clintclint imaplib.IMAP4
       Home       Trees       Index       Help   
    Module imaplib :: Class IMAP4
    [show private | hide private]
    [frames | no frames]

    Class IMAP4

    Known Subclasses:
    IMAP4_TLS
    IMAP4 client class.

Instantiate with: IMAP4([host[, port]])

        host - host's name (default: localhost);
        port - port number (default: standard IMAP4 port).

All IMAP4rev1 commands are supported by methods of the same
name (in lower-case).

All arguments to commands are converted to strings, except for
AUTHENTICATE, and the last argument to APPEND which is passed as
an IMAP4 literal.  If necessary (the string contains any
non-printing characters or white-space and isn't enclosed with
either parentheses or double quotes) each string is quoted.
However, the 'password' argument to the LOGIN command is always
quoted.  If you want to avoid having an argument string quoted
(eg: the 'flags' argument to STORE) then enclose the string in
parentheses (eg: "(\Deleted)").

Each command returns a tuple: (type, [data, ...]) where 'type'
is usually 'OK' or 'NO', and 'data' is either the text from the
tagged response, or untagged results from command. Each 'data'
is either a string, or a tuple. If a tuple, then the first part
is the header of the response, and the second part contains
the data (ie: 'literal' value).

Errors raise the exception class <instance>.error("<reason>").
IMAP4 server errors raise <instance>.abort("<reason>"),
which is a sub-class of 'error'. Mailbox status changes
from READ-WRITE to READ-ONLY raise the exception class
<instance>.readonly("<reason>"), which is a sub-class of 'abort'.

"error" exceptions imply a program error.
"abort" exceptions imply the connection should be reset, and
        the command re-tried.
"readonly" exceptions imply the command should be re-tried.

Note: to use this module, you must read the RFCs pertaining
to the IMAP4 protocol, as the semantics of the arguments to
each IMAP4 command are left to the invoker, not to mention
the results.
    Method Summary
      __init__(self, host, port)
      __getattr__(self, attr)
      append(self, mailbox, flags, date_time, message)
    Append message to named mailbox.
      authenticate(self, mechanism, authobject)
    Authenticate command - requires response processing.
      check(self)
    Checkpoint mailbox on server.
      close(self)
    Close currently selected mailbox.
      copy(self, message_set, new_mailbox)
    Copy 'message_set' messages onto end of 'new_mailbox'.
      create(self, mailbox)
    Create new mailbox.
      delete(self, mailbox)
    Delete old mailbox.
      expunge(self)
    Permanently remove deleted items from selected mailbox.
      fetch(self, message_set, message_parts)
    Fetch (parts of) messages.
      getacl(self, mailbox)
    Get the ACLs for a mailbox.
      getquota(self, root)
    Get the quota root's resource usage and limits.
      getquotaroot(self, mailbox)
    Get the list of quota roots for the named mailbox.
      list(self, directory, pattern)
    List mailbox names in directory matching pattern.
      login(self, user, password)
    Identify client using plaintext password.
      login_cram_md5(self, user, password)
    Force use of CRAM-MD5 authentication.
      logout(self)
    Shutdown connection to server.
      lsub(self, directory, pattern)
    List 'subscribed' mailbox names in directory matching pattern.
      namespace(self)
    Returns IMAP namespaces ala rfc2342
      noop(self)
    Send NOOP command.
      open(self, host, port)
    Setup connection to remote server on "host:port" (default: localhost:standard IMAP4 port).
      partial(self, message_num, message_part, start, length)
    Fetch truncated part of a message.
      print_log(self)
      proxyauth(self, user)
    Assume authentication as "user".
      read(self, size)
    Read 'size' bytes from remote.
      readline(self)
    Read line from remote.
      recent(self)
    Return most recent 'RECENT' responses if any exist, else prompt server for an update using the 'NOOP' command.
      rename(self, oldmailbox, newmailbox)
    Rename old mailbox name to new.
      response(self, code)
    Return data for response 'code' if received, or None.
      search(self, charset, *criteria)
    Search mailbox for matching messages.
      select(self, mailbox, readonly)
    Select a mailbox.
      send(self, data)
    Send data to remote.
      setacl(self, mailbox, who, what)
    Set a mailbox acl.
      setquota(self, root, limits)
    Set the quota root's resource limits.
      shutdown(self)
    Close I/O established in "open".
      socket(self)
    Return socket instance used to connect to IMAP4 server.
      sort(self, sort_criteria, charset, *search_criteria)
    IMAP4rev1 extension SORT command.
      status(self, mailbox, names)
    Request named status conditions for mailbox.
      store(self, message_set, command, flags)
    Alters flag dispositions for messages in mailbox.
      subscribe(self, mailbox)
    Subscribe to new mailbox.
      uid(self, command, *args)
    Execute "command arg ..." with messages identified by UID, rather than message number.
      unsubscribe(self, mailbox)
    Unsubscribe from old mailbox.
      xatom(self, name, *args)
    Allow simple extension commands notified by server in CAPABILITY response.
      _append_untagged(self, typ, dat)
      _check_bye(self)
      _checkquote(self, arg)
      _command(self, name, *args)
      _command_complete(self, name, tag)
      _CRAM_MD5_AUTH(self, challenge)
    Authobject to use with CRAM-MD5 authentication.
      _dump_ur(self, dict)
      _get_line(self)
      _get_response(self)
      _get_tagged_response(self, tag)
      _log(self, line)
      _match(self, cre, s)
      _mesg(self, s, secs)
      _new_tag(self)
      _quote(self, arg)
      _simple_command(self, name, *args)
      _untagged_response(self, typ, dat, name)

    Class Variable Summary
    SRE_Pattern mustquote = [^\w!#\$%&'\*\+,\.:;<=>\?\^`\|~-]
    classobj abort = imaplib.abort
    classobj error = imaplib.error
    classobj readonly = imaplib.readonly

    Method Details

    append(self, mailbox, flags, date_time, message) 

    Append message to named mailbox.

(typ, [data]) = <instance>.append(mailbox, flags, date_time, message)

        All args except `message' can be None.

    authenticate(self, mechanism, authobject) 

    Authenticate command - requires response processing.

'mechanism' specifies which authentication mechanism is to
be used - it must appear in <instance>.capabilities in the
form AUTH=<mechanism>.

'authobject' must be a callable object:

        data = authobject(response)

It will be called to process server continuation responses.
It should return data that will be encoded and sent to server.
It should return None if the client abort response '*' should
be sent instead.

    check(self)

    Checkpoint mailbox on server.

    (typ, [data]) = <instance>.check()

    close(self)

    Close currently selected mailbox.

    Deleted messages are removed from writable mailbox. This is the recommended command before 'LOGOUT'.

    (typ, [data]) = <instance>.close()

    copy(self, message_set, new_mailbox)

    Copy 'message_set' messages onto end of 'new_mailbox'.

    (typ, [data]) = <instance>.copy(message_set, new_mailbox)

    create(self, mailbox)

    Create new mailbox.

    (typ, [data]) = <instance>.create(mailbox)

    delete(self, mailbox)

    Delete old mailbox.

    (typ, [data]) = <instance>.delete(mailbox)

    expunge(self)

    Permanently remove deleted items from selected mailbox.

    Generates 'EXPUNGE' response for each deleted message.

    (typ, [data]) = <instance>.expunge()

    'data' is list of 'EXPUNGE'd message numbers in order received.

    fetch(self, message_set, message_parts)

    Fetch (parts of) messages.

    (typ, [data, ...]) = <instance>.fetch(message_set, message_parts)

    'message_parts' should be a string of selected parts enclosed in parentheses, eg: "(UID BODY[TEXT])".

    'data' are tuples of message part envelope and data.

    getacl(self, mailbox)

    Get the ACLs for a mailbox.

    (typ, [data]) = <instance>.getacl(mailbox)

    getquota(self, root)

    Get the quota root's resource usage and limits.

    Part of the IMAP4 QUOTA extension defined in rfc2087.

    (typ, [data]) = <instance>.getquota(root)

    getquotaroot(self, mailbox)

    Get the list of quota roots for the named mailbox.

    (typ, [[QUOTAROOT responses...], [QUOTA responses]]) = <instance>.getquotaroot(mailbox)

    list(self, directory='""', pattern='*')

    List mailbox names in directory matching pattern.

    (typ, [data]) = <instance>.list(directory='""', pattern='*')

    'data' is list of LIST responses.

    login(self, user, password)

    Identify client using plaintext password.

    (typ, [data]) = <instance>.login(user, password)

    NB: 'password' will be quoted.

    login_cram_md5(self, user, password)

    Force use of CRAM-MD5 authentication.

    (typ, [data]) = <instance>.login_cram_md5(user, password)

    logout(self)

    Shutdown connection to server.

    (typ, [data]) = <instance>.logout()

    Returns server 'BYE' response.

    lsub(self, directory='""', pattern='*')

    List 'subscribed' mailbox names in directory matching pattern.

    (typ, [data, ...]) = <instance>.lsub(directory='""', pattern='*')

    'data' are tuples of message part envelope and data.

    namespace(self)

    Returns IMAP namespaces ala rfc2342

    (typ, [data, ...]) = <instance>.namespace()

    noop(self)

    Send NOOP command.

    (typ, [data]) = <instance>.noop()

    open(self, host='', port=143) 

    Setup connection to remote server on "host:port"
    (default: localhost:standard IMAP4 port).
This connection will be used by the routines:
    read, readline, send, shutdown.

    partial(self, message_num, message_part, start, length)

    Fetch truncated part of a message.

    (typ, [data, ...]) = <instance>.partial(message_num, message_part, start, length)

    'data' is tuple of message part envelope and data.

    proxyauth(self, user)

    Assume authentication as "user".

    Allows an authorised administrator to proxy into any user's mailbox.

    (typ, [data]) = <instance>.proxyauth(user)

    read(self, size)

    Read 'size' bytes from remote.

    readline(self)

    Read line from remote.

    recent(self)

    Return most recent 'RECENT' responses if any exist, else prompt server for an update using the 'NOOP' command.

    (typ, [data]) = <instance>.recent()

    'data' is None if no new messages, else list of RECENT responses, most recent last.

    rename(self, oldmailbox, newmailbox)

    Rename old mailbox name to new.

    (typ, [data]) = <instance>.rename(oldmailbox, newmailbox)

    response(self, code)

    Return data for response 'code' if received, or None.

    Old value for response 'code' is cleared.

    (code, [data]) = <instance>.response(code)

    search(self, charset, *criteria)

    Search mailbox for matching messages.

    (typ, [data]) = <instance>.search(charset, criterion, ...)

    'data' is space separated list of matching message numbers.

    select(self, mailbox='INBOX', readonly=None)

    Select a mailbox.

    Flush all untagged responses.

    (typ, [data]) = <instance>.select(mailbox='INBOX', readonly=None)

    'data' is count of messages in mailbox ('EXISTS' response).

    send(self, data)

    Send data to remote.

    setacl(self, mailbox, who, what)

    Set a mailbox acl.

    (typ, [data]) = <instance>.create(mailbox, who, what)

    setquota(self, root, limits)

    Set the quota root's resource limits.

    (typ, [data]) = <instance>.setquota(root, limits)

    shutdown(self)

    Close I/O established in "open".

    socket(self)

    Return socket instance used to connect to IMAP4 server.

    socket = <instance>.socket()

    sort(self, sort_criteria, charset, *search_criteria)

    IMAP4rev1 extension SORT command.

    (typ, [data]) = <instance>.sort(sort_criteria, charset, search_criteria, ...)

    status(self, mailbox, names)

    Request named status conditions for mailbox.

    (typ, [data]) = <instance>.status(mailbox, names)

    store(self, message_set, command, flags)

    Alters flag dispositions for messages in mailbox.

    (typ, [data]) = <instance>.store(message_set, command, flags)

    subscribe(self, mailbox)

    Subscribe to new mailbox.

    (typ, [data]) = <instance>.subscribe(mailbox)

    uid(self, command, *args) 

    Execute "command arg ..." with messages identified by UID,
        rather than message number.

(typ, [data]) = <instance>.uid(command, arg1, arg2, ...)

Returns response appropriate to 'command'.

    unsubscribe(self, mailbox)

    Unsubscribe from old mailbox.

    (typ, [data]) = <instance>.unsubscribe(mailbox)

    xatom(self, name, *args) 

    Allow simple extension commands
        notified by server in CAPABILITY response.

Assumes command is legal in current state.

(typ, [data]) = <instance>.xatom(name, arg, ...)

Returns response appropriate to extension command `name'.

    _CRAM_MD5_AUTH(self, challenge)

    Authobject to use with CRAM-MD5 authentication.

    Class Variable Details

    mustquote

    Type:
    SRE_Pattern
    Value:
    [^\w!#\$%&'\*\+,\.:;<=>\?\^`\|~-]

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.ASN1Parser-module.html0000700000175000017500000000670010206544646023461 0ustar clintclint tlslite.utils.ASN1Parser
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module ASN1Parser
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.ASN1Parser

    Class for parsing ASN.1
    Classes
    ASN1Parser  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.codec-module.html0000700000175000017500000000710610206544650022653 0ustar clintclint tlslite.utils.codec
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module codec
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.codec

    Classes for reading/writing binary data (such as TLS records).
    Classes
    Parser  
    Writer  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.constants.HandshakeType-class.html0000700000175000017500000004442410206544647025034 0ustar clintclint tlslite.constants.HandshakeType
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class HandshakeType
    [show private | hide private]
    [frames | no frames]

    Class HandshakeType

    Class Variable Summary
    int certificate = 11                                                                    
    int certificate_request = 13                                                                    
    int certificate_verify = 15                                                                    
    int client_hello = 1                                                                     
    int client_key_exchange = 16                                                                    
    int finished = 20                                                                    
    int hello_request = 0                                                                     
    int server_hello = 2                                                                     
    int server_hello_done = 14                                                                    
    int server_key_exchange = 12                                                                    

    Class Variable Details

    certificate

    Type:
    int
    Value:
    11                                                                    

    certificate_request

    Type:
    int
    Value:
    13                                                                    

    certificate_verify

    Type:
    int
    Value:
    15                                                                    

    client_hello

    Type:
    int
    Value:
    1                                                                     

    client_key_exchange

    Type:
    int
    Value:
    16                                                                    

    finished

    Type:
    int
    Value:
    20                                                                    

    hello_request

    Type:
    int
    Value:
    0                                                                     

    server_hello

    Type:
    int
    Value:
    2                                                                     

    server_hello_done

    Type:
    int
    Value:
    14                                                                    

    server_key_exchange

    Type:
    int
    Value:
    12                                                                    

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.ChangeCipherSpec-class.html0000700000175000017500000001260410206544645025223 0ustar clintclint tlslite.messages.ChangeCipherSpec
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ChangeCipherSpec
    [show private | hide private]
    [frames | no frames]

    Class ChangeCipherSpec

    Msg --+
      |
     ChangeCipherSpec

    Method Summary
      __init__(self)
      create(self)
      parse(self, p)
      write(self, trial)
        Inherited from Msg
      postWrite(self, w, trial)
      preWrite(self, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/smtplib.SMTP-class.html0000700000175000017500000010741110206544645021040 0ustar clintclint smtplib.SMTP
       Home       Trees       Index       Help   
    Module smtplib :: Class SMTP
    [show private | hide private]
    [frames | no frames]

    Class SMTP

    Known Subclasses:
    SMTP_TLS
    This class manages a connection to an SMTP or ESMTP server.
SMTP Objects:
    SMTP objects have the following attributes:
        helo_resp
            This is the message given by the server in response to the
            most recent HELO command.

        ehlo_resp
            This is the message given by the server in response to the
            most recent EHLO command. This is usually multiline.

        does_esmtp
            This is a True value _after you do an EHLO command_, if the
            server supports ESMTP.

        esmtp_features
            This is a dictionary, which, if the server supports ESMTP,
            will _after you do an EHLO command_, contain the names of the
            SMTP service extensions this server supports, and their
            parameters (if any).

            Note, all extension names are mapped to lower case in the
            dictionary.

    See each method's docstrings for details.  In general, there is a
    method of the same name to perform each SMTP command.  There is also a
    method called 'sendmail' that will do an entire mail transaction.
    Method Summary
      __init__(self, host, port, local_hostname)
    Initialize a new instance.
      close(self)
    Close the connection to the SMTP server.
      connect(self, host, port)
    Connect to a host on a given port.
      data(self, msg)
    SMTP 'DATA' command -- sends message data to server.
      docmd(self, cmd, args)
    Send a command, and return its response code.
      ehlo(self, name)
    SMTP 'ehlo' command.
      expn(self, address)
    SMTP 'verify' command -- checks for address validity.
      getreply(self)
    Get a reply from the server.
      has_extn(self, opt)
    Does the server support a given SMTP service extension?
      helo(self, name)
    SMTP 'helo' command.
      help(self, args)
    SMTP 'help' command.
      login(self, user, password)
    Log in on an SMTP server that requires authentication.
      mail(self, sender, options)
    SMTP 'mail' command -- begins mail xfer session.
      noop(self)
    SMTP 'noop' command -- doesn't do anything :>
      putcmd(self, cmd, args)
    Send a command to the server.
      quit(self)
    Terminate the SMTP session.
      rcpt(self, recip, options)
    SMTP 'rcpt' command -- indicates 1 recipient for this mail.
      rset(self)
    SMTP 'rset' command -- resets session.
      send(self, str)
    Send `str' to the server.
      sendmail(self, from_addr, to_addrs, msg, mail_options, rcpt_options)
    This command performs an entire mail transaction.
      set_debuglevel(self, debuglevel)
    Set the debug output level.
      starttls(self, keyfile, certfile)
    Puts the connection to the SMTP server into TLS mode.
      verify(self, address)
    SMTP 'verify' command -- checks for address validity.
      vrfy(self, address)
    SMTP 'verify' command -- checks for address validity.

    Class Variable Summary
    int debuglevel = 0                                                                     
    int does_esmtp = 0                                                                     
    NoneType ehlo_resp = None                                                                  
    NoneType file = None                                                                  
    NoneType helo_resp = None                                                                  

    Method Details

    __init__(self, host='', port=0, local_hostname=None)
    (Constructor)

    Initialize a new instance.

    If specified, `host' is the name of the remote host to which to connect. If specified, `port' specifies the port to which to connect. By default, smtplib.SMTP_PORT is used. An SMTPConnectError is raised if the specified `host' doesn't respond correctly. If specified, `local_hostname` is used as the FQDN of the local host. By default, the local hostname is found using socket.getfqdn().

    close(self)

    Close the connection to the SMTP server.

    connect(self, host='localhost', port=0)

    Connect to a host on a given port.

    If the hostname ends with a colon (`:') followed by a number, and there is no port specified, that suffix will be stripped off and the number interpreted as the port number to use.

    Note: This method is automatically invoked by __init__, if a host is specified during instantiation.

    data(self, msg)

    SMTP 'DATA' command -- sends message data to server.

    Automatically quotes lines beginning with a period per rfc821. Raises SMTPDataError if there is an unexpected reply to the DATA command; the return value from this method is the final response code received when the all data is sent.

    docmd(self, cmd, args='')

    Send a command, and return its response code.

    ehlo(self, name='')

    SMTP 'ehlo' command. Hostname to send for this command defaults to the FQDN of the local host.

    expn(self, address)

    SMTP 'verify' command -- checks for address validity.

    getreply(self)

    Get a reply from the server.

    Returns a tuple consisting of:
    • server response code (e.g. '250', or such, if all goes well) Note: returns -1 if it can't read response code.
    • server response string corresponding to response code (multiline responses are converted to a single, multiline string).
    Raises SMTPServerDisconnected if end-of-file is reached.

    has_extn(self, opt)

    Does the server support a given SMTP service extension?

    helo(self, name='')

    SMTP 'helo' command. Hostname to send for this command defaults to the FQDN of the local host.

    help(self, args='')

    SMTP 'help' command. Returns help text from server.

    login(self, user, password) 

    Log in on an SMTP server that requires authentication.

The arguments are:
    - user:     The user name to authenticate with.
    - password: The password for the authentication.

If there has been no previous EHLO or HELO command this session, this
method tries ESMTP EHLO first.

This method will return normally if the authentication was successful.

This method may raise the following exceptions:

 SMTPHeloError            The server didn't reply properly to
                          the helo greeting.
 SMTPAuthenticationError  The server didn't accept the username/
                          password combination.
 SMTPException            No suitable authentication method was
                          found.

    mail(self, sender, options=[])

    SMTP 'mail' command -- begins mail xfer session.

    noop(self)

    SMTP 'noop' command -- doesn't do anything :>

    putcmd(self, cmd, args='')

    Send a command to the server.

    quit(self)

    Terminate the SMTP session.

    rcpt(self, recip, options=[])

    SMTP 'rcpt' command -- indicates 1 recipient for this mail.

    rset(self)

    SMTP 'rset' command -- resets session.

    send(self, str)

    Send `str' to the server.

    sendmail(self, from_addr, to_addrs, msg, mail_options=[], rcpt_options=[]) 

    This command performs an entire mail transaction.

The arguments are:
    - from_addr    : The address sending this mail.
    - to_addrs     : A list of addresses to send this mail to.  A bare
                     string will be treated as a list with 1 address.
    - msg          : The message to send.
    - mail_options : List of ESMTP options (such as 8bitmime) for the
                     mail command.
    - rcpt_options : List of ESMTP options (such as DSN commands) for
                     all the rcpt commands.

If there has been no previous EHLO or HELO command this session, this
method tries ESMTP EHLO first.  If the server does ESMTP, message size
and each of the specified options will be passed to it.  If EHLO
fails, HELO will be tried and ESMTP options suppressed.

This method will return normally if the mail is accepted for at least
one recipient.  It returns a dictionary, with one entry for each
recipient that was refused.  Each entry contains a tuple of the SMTP
error code and the accompanying error message sent by the server.

This method may raise the following exceptions:

 SMTPHeloError          The server didn't reply properly to
                        the helo greeting.
 SMTPRecipientsRefused  The server rejected ALL recipients
                        (no mail was sent).
 SMTPSenderRefused      The server didn't accept the from_addr.
 SMTPDataError          The server replied with an unexpected
                        error code (other than a refusal of
                        a recipient).

Note: the connection will be open even after an exception is raised.

Example:

 >>> import smtplib
 >>> s=smtplib.SMTP("localhost")
 >>> tolist=["one@one.org","two@two.org","three@three.org","four@four.org"]
 >>> msg = '''\
 ... From: Me@my.org
 ... Subject: testin'...
 ...
 ... This is a test '''
 >>> s.sendmail("me@my.org",tolist,msg)
 { "three@three.org" : ( 550 ,"User unknown" ) }
 >>> s.quit()

In the above example, the message was accepted for delivery to three
of the four addresses, and one was rejected, with the error code
550.  If all addresses are accepted, then the method will return an
empty dictionary.

    set_debuglevel(self, debuglevel)

    Set the debug output level.

    A non-false value results in debug messages for connection and for all messages sent to and received from the server.

    starttls(self, keyfile=None, certfile=None)

    Puts the connection to the SMTP server into TLS mode.

    If the server supports TLS, this will encrypt the rest of the SMTP session. If you provide the keyfile and certfile parameters, the identity of the SMTP server and client can be checked. This, however, depends on whether the socket module really checks the certificates.

    verify(self, address)

    SMTP 'verify' command -- checks for address validity.

    vrfy(self, address)

    SMTP 'verify' command -- checks for address validity.

    Class Variable Details

    debuglevel

    Type:
    int
    Value:
    0                                                                     

    does_esmtp

    Type:
    int
    Value:
    0                                                                     

    ehlo_resp

    Type:
    NoneType
    Value:
    None                                                                  

    file

    Type:
    NoneType
    Value:
    None                                                                  

    helo_resp

    Type:
    NoneType
    Value:
    None                                                                  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.Finished-class.html0000700000175000017500000001340610206544646023623 0ustar clintclint tlslite.messages.Finished
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class Finished
    [show private | hide private]
    [frames | no frames]

    Class Finished

         Msg --+    
           |    
HandshakeMsg --+
               |
              Finished

    Method Summary
      __init__(self, version)
      create(self, verify_data)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.X509CertChain-module.html0000700000175000017500000000165110206544651023450 0ustar clintclint tlslite.X509CertChain
    X509CertChain
    Classes
    X509CertChain

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.mathtls-module.html0000700000175000017500000000352310206544651022676 0ustar clintclint tlslite.mathtls
    mathtls
    Classes
    MAC_SSL

    Functions
    makeK
    makeU
    makeVerifier
    makeX
    P_hash
    PAD
    PRF
    PRF_SSL

    Variables
    goodGroupParameters

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.PyCrypto_AES.PyCrypto_AES-class.html0000700000175000017500000001107610206544647026166 0ustar clintclint tlslite.utils.PyCrypto_AES.PyCrypto_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_AES :: Class PyCrypto_AES
    [show private | hide private]
    [frames | no frames]

    Class PyCrypto_AES

    AES --+
      |
     PyCrypto_AES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Cryptlib_RC4-module.html0000700000175000017500000000772410206544645024050 0ustar clintclint tlslite.utils.Cryptlib_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Cryptlib_RC4

    Cryptlib RC4 implementation.
    Classes
    Cryptlib_RC4  

    Function Summary
      new(key)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.TLSConnection-module.html0000700000175000017500000000670710206544645023133 0ustar clintclint tlslite.TLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSConnection
    [show private | hide private]
    [frames | no frames]

    Module tlslite.TLSConnection

    MAIN CLASS FOR TLS LITE (START HERE!).
    Classes
    TLSConnection This class wraps a socket and provides TLS handshaking and data transfer.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages-module.html0000700000175000017500000001270410206544645022252 0ustar clintclint tlslite.messages
       Home       Trees       Index       Help   
    Package tlslite :: Module messages
    [show private | hide private]
    [frames | no frames]

    Module tlslite.messages

    Classes representing TLS messages.
    Classes
    Alert  
    ApplicationData  
    Certificate  
    CertificateRequest  
    CertificateVerify  
    ChangeCipherSpec  
    ClientHello  
    ClientKeyExchange  
    Finished  
    HandshakeMsg  
    Msg  
    RecordHeader2  
    RecordHeader3  
    ServerHello  
    ServerHelloDone  
    ServerKeyExchange  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.jython_compat-module.html0000700000175000017500000001533610206544646024465 0ustar clintclint tlslite.utils.jython_compat
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module jython_compat
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.jython_compat

    Miscellaneous functions to mask Python/Jython differences.
    Classes
    CertChainBase  
    ReportFuncBase  
    SelfTestBase  

    Function Summary
      bytesToString(bytes)
      concatArrays(a1, a2)
      createByteArraySequence(seq)
      createByteArrayZeros(howMany)
      formatExceptionTrace(e)
      getListFromSet(set)
      getSHA1(s)
      iterSet(set)
      numBits(n)
      stringToBytes(s)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.codec.Writer-class.html0000700000175000017500000001141410206544645023747 0ustar clintclint tlslite.utils.codec.Writer
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module codec :: Class Writer
    [show private | hide private]
    [frames | no frames]

    Class Writer

    Method Summary
      __init__(self, length)
      add(self, x, length)
      addFixSeq(self, seq, length)
      addVarSeq(self, seq, length, lengthLength)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.mathtls.MAC_SSL-class.html0000700000175000017500000001733410206544645023063 0ustar clintclint tlslite.mathtls.MAC_SSL
       Home       Trees       Index       Help   
    Package tlslite :: Module mathtls :: Class MAC_SSL
    [show private | hide private]
    [frames | no frames]

    Class MAC_SSL

    MAC_SSL class.

    This supports the API for Cryptographic Hash Functions (PEP 247).
    Method Summary
      __init__(self, key, msg, digestmod)
    Create a new MAC_SSL object.
      copy(self)
    Return a separate copy of this hashing object.
      digest(self)
    Return the hash value of this hashing object.
      hexdigest(self)
    Like digest(), but returns a string of hexadecimal digits instead.
      update(self, msg)
    Update this hashing object with the string msg.

    Method Details

    __init__(self, key, msg=None, digestmod=None)
    (Constructor)

    Create a new MAC_SSL object.

    key: key for the keyed hash object. msg: Initial input for the hash, if provided. digestmod: A module supporting PEP 247. Defaults to the md5 module.

    copy(self)

    Return a separate copy of this hashing object.

    An update to this copy won't affect the original object.

    digest(self)

    Return the hash value of this hashing object.

    This returns a string containing 8-bit data. The object is not altered in any way by this function; you can continue updating the object after calling this function.

    hexdigest(self)

    Like digest(), but returns a string of hexadecimal digits instead.

    update(self, msg)

    Update this hashing object with the string msg.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.cipherfactory-module.html0000700000175000017500000002347510206544647024455 0ustar clintclint tlslite.utils.cipherfactory
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module cipherfactory
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.cipherfactory

    Factory functions for symmetric cryptography.
    Function Summary
    tlslite.utils.AES createAES(key, IV, implList)
    Create a new AES object.
    tlslite.utils.RC4 createRC4(key, IV, implList)
    Create a new RC4 object.
    tlslite.utils.TripleDES createTripleDES(key, IV, implList)
    Create a new 3DES object.

    Variable Summary
    bool tripleDESPresent = True

    Function Details

    createAES(key, IV, implList=None)

    Create a new AES object.
    Parameters:
    key - A 16, 24, or 32 byte string.
               (type=str)
    IV - A 16 byte string
               (type=str)
    Returns:
    An AES object.
               (type=tlslite.utils.AES)

    createRC4(key, IV, implList=None)

    Create a new RC4 object.
    Parameters:
    key - A 16 to 32 byte string.
               (type=str)
    IV - Ignored, whatever it is.
               (type=object)
    Returns:
    An RC4 object.
               (type=tlslite.utils.RC4)

    createTripleDES(key, IV, implList=None)

    Create a new 3DES object.
    Parameters:
    key - A 24 byte string.
               (type=str)
    IV - An 8 byte string
               (type=str)
    Returns:
    A 3DES object.
               (type=tlslite.utils.TripleDES)

    Variable Details

    tripleDESPresent

    Type:
    bool
    Value:
    True

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.cryptomath-module.html0000700000175000017500000003152410206544646023776 0ustar clintclint tlslite.utils.cryptomath
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module cryptomath
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.cryptomath

    cryptomath module

    This module has basic math/crypto code.
    Function Summary
      base64ToBytes(s)
      base64ToNumber(s)
      base64ToString(s)
      bytesToBase64(bytes)
      bytesToNumber(bytes)
      gcd(a, b)
      getBase64Nonce(numChars)
      getRandomBytes(howMany)
      getRandomNumber(low, high)
      getRandomPrime(bits, display)
      getRandomSafePrime(bits, display)
      hashAndBase64(s)
      invMod(a, b)
      isPrime(n, iterations, display)
      lcm(a, b)
      makeSieve(n)
      mpiToNumber(mpi)
      numberToBase64(n)
      numberToBytes(n)
      numberToMPI(n)
      numberToString(s)
      numBytes(n)
      powMod(base, power, modulus)
      stringToBase64(s)
      stringToNumber(s)

    Variable Summary
    list sieve = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41,...

    Variable Details

    sieve

    Type:
    list
    Value:
    [2, 3, 5, 7, 11, 13, 17, 19, 23]

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.errors.TLSFaultError-class.html0000700000175000017500000001146210206544650024242 0ustar clintclint tlslite.errors.TLSFaultError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSFaultError
    [show private | hide private]
    [frames | no frames]

    Class TLSFaultError

    Exception --+    
            |    
     TLSError --+
                |
               TLSFaultError

    The other party responded incorrectly to an induced fault.

    This exception will only occur during fault testing, when a TLSConnection's fault variable is set to induce some sort of faulty behavior, and the other party doesn't respond appropriately.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.hmac-module.html0000700000175000017500000000255610206544651023276 0ustar clintclint tlslite.utils.hmac
    hmac
    Classes
    HMAC

    Functions
    _strxor
    new

    Variables
    digest_size

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.jython_compat.CertChainBase-class.html0000700000175000017500000000616310206544647026736 0ustar clintclint tlslite.utils.jython_compat.CertChainBase
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module jython_compat :: Class CertChainBase
    [show private | hide private]
    [frames | no frames]

    Class CertChainBase

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Cryptlib_AES.Cryptlib_AES-class.html0000700000175000017500000001147710206544647026171 0ustar clintclint tlslite.utils.Cryptlib_AES.Cryptlib_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_AES :: Class Cryptlib_AES
    [show private | hide private]
    [frames | no frames]

    Class Cryptlib_AES

    AES --+
      |
     Cryptlib_AES

    Method Summary
      __init__(self, key, mode, IV)
      __del__(self)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.PyCrypto_RC4.PyCrypto_RC4-class.html0000700000175000017500000001073010206544645026120 0ustar clintclint tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_RC4 :: Class PyCrypto_RC4
    [show private | hide private]
    [frames | no frames]

    Class PyCrypto_RC4

    RC4 --+
      |
     PyCrypto_RC4

    Method Summary
      __init__(self, key)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.Python_RSAKey-module.html0000700000175000017500000000170110206544651025014 0ustar clintclint tlslite.utils.Python_RSAKey
    Python_RSAKey
    Classes
    Python_RSAKey

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.compat-module.html0000700000175000017500000001236710206544647023074 0ustar clintclint tlslite.utils.compat
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module compat
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.compat

    Miscellaneous functions to mask Python version differences.
    Function Summary
      bytesToString(bytes)
      concatArrays(a1, a2)
      createByteArraySequence(seq)
      createByteArrayZeros(howMany)
      formatExceptionTrace(e)
      numBits(n)
      stringToBytes(s)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.messages-module.html0000700000175000017500000000444410206544651023034 0ustar clintclint tlslite.messages
    messages
    Classes
    Alert
    ApplicationData
    Certificate
    CertificateRequest
    CertificateVerify
    ChangeCipherSpec
    ClientHello
    ClientKeyExchange
    Finished
    HandshakeMsg
    Msg
    RecordHeader2
    RecordHeader3
    ServerHello
    ServerHelloDone
    ServerKeyExchange

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.mathtls-module.html0000700000175000017500000002306310206544646022120 0ustar clintclint tlslite.mathtls
       Home       Trees       Index       Help   
    Package tlslite :: Module mathtls
    [show private | hide private]
    [frames | no frames]

    Module tlslite.mathtls

    Miscellaneous helper functions.
    Classes
    MAC_SSL MAC_SSL class.

    Function Summary
      makeK(N, g)
      makeU(N, A, B)
      makeVerifier(username, password, bits)
      makeX(salt, username, password)
      P_hash(hashModule, secret, seed, length)
      PAD(n, x)
      PRF(secret, label, seed, length)
      PRF_SSL(secret, seed, length)

    Variable Summary
    list goodGroupParameters = [(2, 16760943441033506134513952376...

    Variable Details

    goodGroupParameters

    Type:
    list
    Value:
    [(2,
  16760943441033506134513952376435009026013552532981390455742093030980\
0865859473551531551523800013916573891864789934747039010546328480848979\
5166376737766056103746694262147761978284926913845194532182537027880222\
3320568363583162691335715494191412998548952262990254076836840948224829\
0641036967659389658897350067939L),
 (2,
  14869981859231282928165073536194095211524576625963800746148189668102\
...

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection-class.html0000700000175000017500000004216010206544646031743 0ustar clintclint tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module HTTPTLSConnection :: Class HTTPBaseTLSConnection
    [show private | hide private]
    [frames | no frames]

    Class HTTPBaseTLSConnection

    HTTPConnection --+
                 |
                HTTPBaseTLSConnection

    Known Subclasses:
    HTTPTLSConnection
    This abstract class provides a framework for adding TLS support to httplib.
    Method Summary
      __init__(self, host, port, strict)
      connect(self)
    Connect to the host and port specified in __init__.
      _handshake(self, tlsConnection)
    Called to perform some sort of handshake.
        Inherited from HTTPConnection
      close(self)
    Close the connection to the HTTP server.
      endheaders(self)
    Indicate that the last header line has been sent to the server.
      getresponse(self)
    Get the response from the server.
      putheader(self, header, value)
    Send a request header line to the server.
      putrequest(self, method, url, skip_host)
    Send a request to the server.
      request(self, method, url, body, headers)
    Send a complete request to the server.
      send(self, str)
    Send `str' to the server.
      set_debuglevel(self, level)
      _output(self, s)
    Add a line of output to the current request buffer.
      _send_output(self)
    Send the currently buffered request and clear the buffer.
      _send_request(self, method, url, body, headers)
      _set_hostport(self, host, port)

    Class Variable Summary
    int default_port = 443                                                                   
        Inherited from HTTPConnection
    int auto_open = 1                                                                     
    int debuglevel = 0                                                                     
    int strict = 0                                                                     
    int _http_vsn = 11                                                                    
    str _http_vsn_str = 'HTTP/1.1'

    Method Details

    connect(self)

    Connect to the host and port specified in __init__.
    Overrides:
    httplib.HTTPConnection.connect (inherited documentation)

    _handshake(self, tlsConnection)

    Called to perform some sort of handshake.

    This method must be overridden in a subclass to do some type of handshake. This method will be called after the socket has been connected but before any data has been sent. If this method does not raise an exception, the TLS connection will be considered valid.

    This method may (or may not) be called every time an HTTP request is performed, depending on whether the underlying HTTP connection is persistent.
    Parameters:
    tlsConnection - The connection to perform the handshake on.
               (type=tlslite.TLSConnection.TLSConnection)

    Class Variable Details

    default_port

    Type:
    int
    Value:
    443                                                                   

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.HTTPTLSConnection.HTTPTLSConnection-class.html0000700000175000017500000006053010206544646031151 0ustar clintclint tlslite.integration.HTTPTLSConnection.HTTPTLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module HTTPTLSConnection :: Class HTTPTLSConnection
    [show private | hide private]
    [frames | no frames]

    Class HTTPTLSConnection

       HTTPConnection --+    
                    |    
HTTPBaseTLSConnection --+
                        |
         ClientHelper --+
                        |
                       HTTPTLSConnection

    This class extends HTTPBaseTLSConnection to support the common types of handshaking.
    Method Summary
      __init__(self, host, port, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Create a new HTTPTLSConnection.
      _handshake(self, tlsConnection)
    Called to perform some sort of handshake.
        Inherited from HTTPBaseTLSConnection
      connect(self)
    Connect to the host and port specified in __init__.
        Inherited from HTTPConnection
      close(self)
    Close the connection to the HTTP server.
      endheaders(self)
    Indicate that the last header line has been sent to the server.
      getresponse(self)
    Get the response from the server.
      putheader(self, header, value)
    Send a request header line to the server.
      putrequest(self, method, url, skip_host)
    Send a request to the server.
      request(self, method, url, body, headers)
    Send a complete request to the server.
      send(self, str)
    Send `str' to the server.
      set_debuglevel(self, level)
      _output(self, s)
    Add a line of output to the current request buffer.
      _send_output(self)
    Send the currently buffered request and clear the buffer.
      _send_request(self, method, url, body, headers)
      _set_hostport(self, host, port)

    Class Variable Summary
        Inherited from HTTPBaseTLSConnection
    int default_port = 443                                                                   
        Inherited from HTTPConnection
    int auto_open = 1                                                                     
    int debuglevel = 0                                                                     
    int strict = 0                                                                     
    int _http_vsn = 11                                                                    
    str _http_vsn_str = 'HTTP/1.1'

    Method Details

    __init__(self, host, port=None, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    Create a new HTTPTLSConnection.

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Thus you should be prepared to handle TLS-specific exceptions when calling methods inherited from httplib.HTTPConnection such as request(), connect(), and send(). See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    host - Server to connect to.
               (type=str)
    port - Port to connect to.
               (type=int)
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection.__init__

    _handshake(self, tlsConnection)

    Called to perform some sort of handshake.

    This method must be overridden in a subclass to do some type of handshake. This method will be called after the socket has been connected but before any data has been sent. If this method does not raise an exception, the TLS connection will be considered valid.

    This method may (or may not) be called every time an HTTP request is performed, depending on whether the underlying HTTP connection is persistent.
    Parameters:
    tlsConnection - The connection to perform the handshake on.
               (type=tlslite.TLSConnection.TLSConnection)
    Overrides:
    tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection._handshake (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.HandshakeMsg-class.html0000700000175000017500000001222010206544650024413 0ustar clintclint tlslite.messages.HandshakeMsg
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class HandshakeMsg
    [show private | hide private]
    [frames | no frames]

    Class HandshakeMsg

    Msg --+
      |
     HandshakeMsg

    Known Subclasses:
    Certificate, CertificateRequest, CertificateVerify, ClientHello, ClientKeyExchange, Finished, ServerHello, ServerHelloDone, ServerKeyExchange
    Method Summary
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.Session-module.html0000700000175000017500000000655310206544647022075 0ustar clintclint tlslite.Session
       Home       Trees       Index       Help   
    Package tlslite :: Module Session
    [show private | hide private]
    [frames | no frames]

    Module tlslite.Session

    Class representing a TLS session.
    Classes
    Session This class represents a TLS session.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.VerifierDB.VerifierDB-class.html0000700000175000017500000003207710206544647024233 0ustar clintclint tlslite.VerifierDB.VerifierDB
       Home       Trees       Index       Help   
    Package tlslite :: Module VerifierDB :: Class VerifierDB
    [show private | hide private]
    [frames | no frames]

    Class VerifierDB

    BaseDB --+
         |
        VerifierDB

    This class represent an in-memory or on-disk database of SRP password verifiers.

    A VerifierDB can be passed to a server handshake to authenticate a client based on one of the verifiers.

    This class is thread-safe.
    Method Summary
      __init__(self, filename)
    Create a new VerifierDB instance.
      __setitem__(self, username, verifierEntry)
    Add a verifier entry to the database.
    tuple makeVerifier(username, password, bits)
    Create a verifier entry which can be stored in a VerifierDB. (Static method)
      _checkItem(self, value, username, param)
      _getItem(self, username, valueStr)
      _setItem(self, username, value)
        Inherited from BaseDB
    bool __contains__(self, username)
    Check if the database contains the specified username.
      __delitem__(self, username)
      __getitem__(self, username)
      check(self, username, param)
      create(self)
    Create a new on-disk database.
    list keys(self)
    Return a list of usernames in the database.
      open(self)
    Open a pre-existing on-disk database.

    Instance Method Details

    __init__(self, filename=None)
    (Constructor)

    Create a new VerifierDB instance.
    Parameters:
    filename - Filename for an on-disk database, or None for an in-memory database. If the filename already exists, follow this with a call to open(). To create a new on-disk database, follow this with a call to create().
               (type=str)
    Overrides:
    tlslite.BaseDB.BaseDB.__init__

    __setitem__(self, username, verifierEntry)
    (Index assignment operator)

    Add a verifier entry to the database.
    Parameters:
    username - The username to associate the verifier with. Must be less than 256 characters in length. Must not already be in the database.
               (type=str)
    verifierEntry - The verifier entry to add. Use tlslite.VerifierDB.VerifierDB.makeVerifier to create a verifier entry.
               (type=tuple)
    Overrides:
    tlslite.BaseDB.BaseDB.__setitem__

    Static Method Details

    makeVerifier(username, password, bits)

    Create a verifier entry which can be stored in a VerifierDB.
    Parameters:
    username - The username for this verifier. Must be less than 256 characters in length.
               (type=str)
    password - The password for this verifier.
               (type=str)
    bits - This values specifies which SRP group parameters to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144, 8192). Larger values are more secure but slower. 2048 is a good compromise between safety and speed.
               (type=int)
    Returns:
    A tuple which may be stored in a VerifierDB.
               (type=tuple)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.ClientKeyExchange-class.html0000700000175000017500000001430410206544646025422 0ustar clintclint tlslite.messages.ClientKeyExchange
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ClientKeyExchange
    [show private | hide private]
    [frames | no frames]

    Class ClientKeyExchange

         Msg --+    
           |    
HandshakeMsg --+
               |
              ClientKeyExchange

    Method Summary
      __init__(self, cipherSuite, version)
      createRSA(self, encryptedPreMasterSecret)
      createSRP(self, srp_A)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.errors-module.html0000700000175000017500000000377010206544651022542 0ustar clintclint tlslite.errors
    errors
    Exceptions
    TLSAbruptCloseError
    TLSAlert
    TLSAuthenticationError
    TLSAuthenticationTypeError
    TLSAuthorizationError
    TLSError
    TLSFaultError
    TLSFingerprintError
    TLSLocalAlert
    TLSNoAuthenticationError
    TLSRemoteAlert
    TLSValidationError

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.X509CertChain-module.html0000700000175000017500000000667010206544647022700 0ustar clintclint tlslite.X509CertChain
       Home       Trees       Index       Help   
    Package tlslite :: Module X509CertChain
    [show private | hide private]
    [frames | no frames]

    Module tlslite.X509CertChain

    Class representing an X.509 certificate chain.
    Classes
    X509CertChain This class represents a chain of X.509 certificates.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.BaseDB.BaseDB-class.html0000700000175000017500000002224710206544647022427 0ustar clintclint tlslite.BaseDB.BaseDB
       Home       Trees       Index       Help   
    Package tlslite :: Module BaseDB :: Class BaseDB
    [show private | hide private]
    [frames | no frames]

    Class BaseDB

    Known Subclasses:
    SharedKeyDB, VerifierDB
    Method Summary
      __init__(self, filename, type)
    bool __contains__(self, username)
    Check if the database contains the specified username.
      __delitem__(self, username)
      __getitem__(self, username)
      __setitem__(self, username, value)
      check(self, username, param)
      create(self)
    Create a new on-disk database.
    list keys(self)
    Return a list of usernames in the database.
      open(self)
    Open a pre-existing on-disk database.

    Method Details

    __contains__(self, username)
    (In operator)

    Check if the database contains the specified username.
    Parameters:
    username - The username to check for.
               (type=str)
    Returns:
    True if the database contains the username, False otherwise.
               (type=bool)

    create(self)

    Create a new on-disk database.
    Raises:
    anydbm.error - If there's a problem creating the database.

    keys(self)

    Return a list of usernames in the database.
    Returns:
    The usernames in the database.
               (type=list)

    open(self)

    Open a pre-existing on-disk database.
    Raises:
    anydbm.error - If there's a problem opening the database.
    ValueError - If the database is not of the right type.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.Python_RC4-module.html0000700000175000017500000000215710206544651024314 0ustar clintclint tlslite.utils.Python_RC4
    Python_RC4
    Classes
    Python_RC4

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.errors.TLSAuthorizationError-class.html0000700000175000017500000001161010206544645026026 0ustar clintclint tlslite.errors.TLSAuthorizationError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAuthorizationError
    [show private | hide private]
    [frames | no frames]

    Class TLSAuthorizationError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSAuthorizationError

    The Checker was expecting the other party to authenticate with a certificate chain that has a different authorization.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.TLSSocketServerMixIn-module.html0000700000175000017500000000722210206544650026727 0ustar clintclint tlslite.integration.TLSSocketServerMixIn
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSSocketServerMixIn
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.TLSSocketServerMixIn

    TLS Lite + SocketServer.
    Classes
    TLSSocketServerMixIn This class can be mixed in with any SocketServer.TCPServer to add TLS support.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.OpenSSL_RC4.OpenSSL_RC4-class.html0000700000175000017500000001131610206544647025307 0ustar clintclint tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_RC4 :: Class OpenSSL_RC4
    [show private | hide private]
    [frames | no frames]

    Class OpenSSL_RC4

    RC4 --+
      |
     OpenSSL_RC4

    Method Summary
      __init__(self, key)
      __del__(self)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.Alert-class.html0000700000175000017500000001257510206544647023150 0ustar clintclint tlslite.messages.Alert
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class Alert
    [show private | hide private]
    [frames | no frames]

    Class Alert

    Msg --+
      |
     Alert

    Method Summary
      __init__(self)
      create(self, description, level)
      parse(self, p)
      write(self)
        Inherited from Msg
      postWrite(self, w, trial)
      preWrite(self, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.constants-module.html0000700000175000017500000000270710206544651023241 0ustar clintclint tlslite.constants
    constants
    Classes
    AlertDescription
    AlertLevel
    CertificateType
    CipherSuite
    ContentType
    Fault
    HandshakeType

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.utils.PyCrypto_RSAKey-module.html0000700000175000017500000000171710206544651025333 0ustar clintclint tlslite.utils.PyCrypto_RSAKey
    PyCrypto_RSAKey
    Classes
    PyCrypto_RSAKey

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.integration.IntegrationHelper.IntegrationHelper-class.html0000700000175000017500000001046510206544647031656 0ustar clintclint tlslite.integration.IntegrationHelper.IntegrationHelper
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module IntegrationHelper :: Class IntegrationHelper
    [show private | hide private]
    [frames | no frames]

    Class IntegrationHelper

    Method Summary
      __init__(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.errors.TLSAbruptCloseError-class.html0000700000175000017500000001171110206544650025407 0ustar clintclint tlslite.errors.TLSAbruptCloseError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAbruptCloseError
    [show private | hide private]
    [frames | no frames]

    Class TLSAbruptCloseError

    Exception --+    
            |    
     TLSError --+
                |
               TLSAbruptCloseError

    The socket was closed without a proper TLS shutdown.

    The TLS specification mandates that an alert of some sort must be sent before the underlying socket is closed. If the socket is closed without this, it could signify that an attacker is trying to truncate the connection. It could also signify a misbehaving TLS implementation, or a random network failure.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Cryptlib_TripleDES-module.html0000700000175000017500000001015310206544647025243 0ustar clintclint tlslite.utils.Cryptlib_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_TripleDES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Cryptlib_TripleDES

    Cryptlib 3DES implementation.
    Classes
    Cryptlib_TripleDES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.OpenSSL_TripleDES-module.html0000700000175000017500000000224710206544651025521 0ustar clintclint tlslite.utils.OpenSSL_TripleDES
    OpenSSL_TripleDES
    Classes
    OpenSSL_TripleDES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.errors.TLSFingerprintError-class.html0000700000175000017500000001157610206544646025471 0ustar clintclint tlslite.errors.TLSFingerprintError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSFingerprintError
    [show private | hide private]
    [frames | no frames]

    Class TLSFingerprintError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSFingerprintError

    The Checker was expecting the other party to authenticate with a certificate chain that matches a different fingerprint.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.errors.TLSRemoteAlert-class.html0000700000175000017500000002007210206544645024401 0ustar clintclint tlslite.errors.TLSRemoteAlert
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSRemoteAlert
    [show private | hide private]
    [frames | no frames]

    Class TLSRemoteAlert

    Exception --+        
            |        
     TLSError --+    
                |    
         TLSAlert --+
                    |
                   TLSRemoteAlert

    A TLS alert has been signalled by the remote implementation.
    Method Summary
      __init__(self, alert)
      __str__(self)
        Inherited from Exception
      __getitem__(...)

    Instance Variable Summary
    int description: Set to one of the constants in tlslite.constants.AlertDescription
    int level: Set to one of the constants in tlslite.constants.AlertLevel

    Class Variable Summary
        Inherited from TLSAlert
    dict _descriptionStr = {0: 'close_notify', 10: 'unexpected_me...

    Instance Variable Details

    description

    Set to one of the constants in tlslite.constants.AlertDescription
    Type:
    int

    level

    Set to one of the constants in tlslite.constants.AlertLevel
    Type:
    int

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.SMTP_TLS.SMTP_TLS-class.html0000700000175000017500000005753010206544646025425 0ustar clintclint tlslite.integration.SMTP_TLS.SMTP_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module SMTP_TLS :: Class SMTP_TLS
    [show private | hide private]
    [frames | no frames]

    Class SMTP_TLS

    SMTP --+
       |
      SMTP_TLS

    This class extends smtplib.SMTP with TLS support.
    Method Summary
      starttls(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Puts the connection to the SMTP server into TLS mode.
        Inherited from SMTP
      __init__(self, host, port, local_hostname)
    Initialize a new instance.
      close(self)
    Close the connection to the SMTP server.
      connect(self, host, port)
    Connect to a host on a given port.
      data(self, msg)
    SMTP 'DATA' command -- sends message data to server.
      docmd(self, cmd, args)
    Send a command, and return its response code.
      ehlo(self, name)
    SMTP 'ehlo' command.
      expn(self, address)
    SMTP 'verify' command -- checks for address validity.
      getreply(self)
    Get a reply from the server.
      has_extn(self, opt)
    Does the server support a given SMTP service extension?
      helo(self, name)
    SMTP 'helo' command.
      help(self, args)
    SMTP 'help' command.
      login(self, user, password)
    Log in on an SMTP server that requires authentication.
      mail(self, sender, options)
    SMTP 'mail' command -- begins mail xfer session.
      noop(self)
    SMTP 'noop' command -- doesn't do anything :>
      putcmd(self, cmd, args)
    Send a command to the server.
      quit(self)
    Terminate the SMTP session.
      rcpt(self, recip, options)
    SMTP 'rcpt' command -- indicates 1 recipient for this mail.
      rset(self)
    SMTP 'rset' command -- resets session.
      send(self, str)
    Send `str' to the server.
      sendmail(self, from_addr, to_addrs, msg, mail_options, rcpt_options)
    This command performs an entire mail transaction.
      set_debuglevel(self, debuglevel)
    Set the debug output level.
      verify(self, address)
    SMTP 'verify' command -- checks for address validity.
      vrfy(self, address)
    SMTP 'verify' command -- checks for address validity.

    Class Variable Summary
        Inherited from SMTP
    int debuglevel = 0                                                                     
    int does_esmtp = 0                                                                     
    NoneType ehlo_resp = None                                                                  
    NoneType file = None                                                                  
    NoneType helo_resp = None                                                                  

    Method Details

    starttls(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)

    Puts the connection to the SMTP server into TLS mode.

    If the server supports TLS, this will encrypt the rest of the SMTP session.

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    smtplib.SMTP.starttls

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.jython_compat.SelfTestBase-class.html0000700000175000017500000000615710206544645026630 0ustar clintclint tlslite.utils.jython_compat.SelfTestBase
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module jython_compat :: Class SelfTestBase
    [show private | hide private]
    [frames | no frames]

    Class SelfTestBase

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/epydoc.css0000700000175000017500000001055410130703477016605 0ustar clintclint /* Body color */ body { background: #ffffff; color: #000000; } /* Tables */ table.summary, table.details, table.index { background: #e8f0f8; color: #000000; } tr.summary, tr.details, tr.index { background: #70b0f0; color: #000000; text-align: left; font-size: 120%; } tr.group { background: #c0e0f8; color: #000000; text-align: left; font-size: 120%; font-style: italic; } /* Documentation page titles */ h2.module { margin-top: 0.2em; } h2.class { margin-top: 0.2em; } /* Headings */ h1.heading { font-size: +140%; font-style: italic; font-weight: bold; } h2.heading { font-size: +125%; font-style: italic; font-weight: bold; } h3.heading { font-size: +110%; font-style: italic; font-weight: normal; } /* Base tree */ pre.base-tree { font-size: 80%; margin: 0; } /* Details Sections */ table.func-details { background: #e8f0f8; color: #000000; border: 2px groove #c0d0d0; padding: 0 1em 0 1em; margin: 0.4em 0 0 0; } h3.func-detail { background: transparent; color: #000000; margin: 0 0 1em 0; } table.var-details { background: #e8f0f8; color: #000000; border: 2px groove #c0d0d0; padding: 0 1em 0 1em; margin: 0.4em 0 0 0; } h3.var-details { background: transparent; color: #000000; margin: 0 0 1em 0; } /* Function signatures */ .sig { background: transparent; color: #000000; font-weight: bold; } .sig-name { background: transparent; color: #006080; } .sig-arg, .sig-kwarg, .sig-vararg { background: transparent; color: #008060; } .sig-default { background: transparent; color: #602000; } .summary-sig { background: transparent; color: #000000; } .summary-sig-name { background: transparent; color: #204080; } .summary-sig-arg, .summary-sig-kwarg, .summary-sig-vararg { background: transparent; color: #008060; } /* Doctest blocks */ .py-src { background: transparent; color: #000000; } .py-prompt { background: transparent; color: #005050; font-weight: bold;} .py-string { background: transparent; color: #006030; } .py-comment { background: transparent; color: #003060; } .py-keyword { background: transparent; color: #600000; } .py-output { background: transparent; color: #404040; } pre.doctestblock { background: #f4faff; color: #000000; padding: .5em; margin: 1em; border: 1px solid #708890; } table pre.doctestblock { background: #dce4ec; color: #000000; padding: .5em; margin: 1em; border: 1px solid #708890; } /* Variable values */ pre.variable { background: #dce4ec; color: #000000; padding: .5em; margin: 0; border: 1px solid #708890; } .variable-linewrap { background: transparent; color: #604000; } .variable-ellipsis { background: transparent; color: #604000; } .variable-quote { background: transparent; color: #604000; } .re { background: transparent; color: #000000; } .re-char { background: transparent; color: #006030; } .re-op { background: transparent; color: #600000; } .re-group { background: transparent; color: #003060; } .re-ref { background: transparent; color: #404040; } /* Navigation bar */ table.navbar { background: #a0c0ff; color: #0000ff; border: 2px groove #c0d0d0; } th.navbar { background: #a0c0ff; color: #0000ff; } th.navselect { background: #70b0ff; color: #000000; } .nomargin { margin: 0; } /* Links */ a:link { background: transparent; color: #0000ff; } a:visited { background: transparent; color: #204080; } a.navbar:link { background: transparent; color: #0000ff; text-decoration: none; } a.navbar:visited { background: transparent; color: #204080; text-decoration: none; } tlslite-0.3.8/docs/private/tlslite.constants.CipherSuite-class.html0000700000175000017500000006324210206544650024521 0ustar clintclint tlslite.constants.CipherSuite
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class CipherSuite
    [show private | hide private]
    [frames | no frames]

    Class CipherSuite

    Method Summary
      getRsaSuites(ciphers)
    (Static method)
      getSrpRsaSuites(ciphers)
    (Static method)
      getSrpSuites(ciphers)
    (Static method)

    Class Variable Summary
    list aes128Suites = [83, 84, 47]
    list aes256Suites = [86, 87, 53]
    list rc4Suites = [5]
    list rsaSuites = [10, 47, 53, 5]
    list srpRsaSuites = [81, 84, 87]
    list srpSuites = [80, 83, 86]
    int TLS_RSA_WITH_3DES_EDE_CBC_SHA = 10                                                                    
    int TLS_RSA_WITH_AES_128_CBC_SHA = 47                                                                    
    int TLS_RSA_WITH_AES_256_CBC_SHA = 53                                                                    
    int TLS_RSA_WITH_RC4_128_SHA = 5                                                                     
    int TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 81                                                                    
    int TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 84                                                                    
    int TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 87                                                                    
    int TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 80                                                                    
    int TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 83                                                                    
    int TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 86                                                                    
    list tripleDESSuites = [80, 81, 10]

    Class Variable Details

    aes128Suites

    Type:
    list
    Value:
    [83, 84, 47]

    aes256Suites

    Type:
    list
    Value:
    [86, 87, 53]

    rc4Suites

    Type:
    list
    Value:
    [5]

    rsaSuites

    Type:
    list
    Value:
    [10, 47, 53, 5]

    srpRsaSuites

    Type:
    list
    Value:
    [81, 84, 87]

    srpSuites

    Type:
    list
    Value:
    [80, 83, 86]

    TLS_RSA_WITH_3DES_EDE_CBC_SHA

    Type:
    int
    Value:
    10                                                                    

    TLS_RSA_WITH_AES_128_CBC_SHA

    Type:
    int
    Value:
    47                                                                    

    TLS_RSA_WITH_AES_256_CBC_SHA

    Type:
    int
    Value:
    53                                                                    

    TLS_RSA_WITH_RC4_128_SHA

    Type:
    int
    Value:
    5                                                                     

    TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA

    Type:
    int
    Value:
    81                                                                    

    TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA

    Type:
    int
    Value:
    84                                                                    

    TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA

    Type:
    int
    Value:
    87                                                                    

    TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA

    Type:
    int
    Value:
    80                                                                    

    TLS_SRP_SHA_WITH_AES_128_CBC_SHA

    Type:
    int
    Value:
    83                                                                    

    TLS_SRP_SHA_WITH_AES_256_CBC_SHA

    Type:
    int
    Value:
    86                                                                    

    tripleDESSuites

    Type:
    list
    Value:
    [80, 81, 10]

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.integration.POP3_TLS-module.html0000700000175000017500000000222110206544651025001 0ustar clintclint tlslite.integration.POP3_TLS
    POP3_TLS
    Classes
    POP3_TLS

    Variables
    POP3_TLS_PORT

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.TLSRecordLayer.TLSRecordLayer-class.html0000700000175000017500000011006110206544647025653 0ustar clintclint tlslite.TLSRecordLayer.TLSRecordLayer
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSRecordLayer :: Class TLSRecordLayer
    [show private | hide private]
    [frames | no frames]

    Class TLSRecordLayer

    Known Subclasses:
    TLSConnection

    This class handles data transmission for a TLS connection.

    Its only subclass is tlslite.TLSConnection.TLSConnection. We've separated the code in this class from TLSConnection to make things more readable.
    Method Summary
      __init__(self, sock)
    str read(self, max, min)
    Read some data from the TLS connection.
    iterable readAsync(self, max, min)
    Start a read operation on the TLS connection.
      write(self, s)
    Write some data to the TLS connection.
    iterable writeAsync(self, s)
    Start a write operation on the TLS connection.
      close(self)
    Close the TLS connection.
    iterable closeAsync(self)
    Start a close operation on the TLS connection.
    str getCipherImplementation(self)
    Get the name of the cipher implementation used with this connection.
    str getCipherName(self)
    Get the name of the cipher used with this connection.
      getpeername(self)
    Return the remote address to which the socket is connected (socket emulation).
      getsockname(self)
    Return the socket's own address (socket emulation).
      gettimeout(self)
    Return the timeout associated with socket operations (socket emulation).
    tlslite.FileObject.FileObject makefile(self, mode, bufsize)
    Create a file object for the TLS connection (socket emulation).
      recv(self, bufsize)
    Get some data from the TLS connection (socket emulation).
      send(self, s)
    Send data to the TLS connection (socket emulation).
      sendall(self, s)
    Send data to the TLS connection (socket emulation).
      setsockopt(self, level, optname, value)
    Set the value of the given socket option (socket emulation).
      settimeout(self, value)
    Set a timeout on blocking socket operations (socket emulation).
      _calcFinished(self, send)
      _calcPendingStates(self, clientRandom, serverRandom, implementations)
      _calcSSLHandshakeHash(self, masterSecret, label)
      _changeReadState(self)
      _changeWriteState(self)
      _decrefAsync(self)
      _decryptRecord(self, recordType, bytes)
      _getFinished(self)
      _getMsg(self, expectedType, secondaryType, constructorType)
      _getNextRecord(self)
      _handshakeDone(self, resumed)
      _handshakeStart(self, client)
      _sendError(self, alertDescription, errorStr)
      _sendFinished(self)
      _sendMsg(self, msg, skipEmptyFrag)
      _sendMsgs(self, msgs)
      _shutdown(self, resumable)

    Instance Variable Summary
    str or None allegedSharedKeyUsername: This is set to the shared-key username asserted by the client, whether the handshake succeeded or not.
    str or None allegedSrpUsername: This is set to the SRP username asserted by the client, whether the handshake succeeded or not.
    bool closed: If this connection is closed.
    bool closeSocket: If the socket should be closed when the connection is closed (writable).
    bool ignoreAbruptClose: If an abrupt close of the socket should raise an error (writable).
    bool resumed: If this connection is based on a resumed session.
    tlslite.Session.Session session: The session corresponding to this connection.
    socket.socket sock: The underlying socket object.
    tuple version: The TLS version being used for this connection.

    Method Details

    read(self, max=None, min=1)

    Read some data from the TLS connection.

    This function will block until at least 'min' bytes are available (or the connection is closed).

    If an exception is raised, the connection will have been automatically closed.
    Parameters:
    max - The maximum number of bytes to return.
               (type=int)
    min - The minimum number of bytes to return
               (type=int)
    Returns:
    A string of no more than 'max' bytes, and no fewer than 'min' (unless the connection has been closed, in which case fewer than 'min' bytes may be returned).
               (type=str)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.

    readAsync(self, max=None, min=1)

    Start a read operation on the TLS connection.

    This function returns a generator which behaves similarly to read(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or a string if the read operation has completed.
    Returns:
    A generator; see above for details.
               (type=iterable)

    write(self, s)

    Write some data to the TLS connection.

    This function will block until all the data has been sent.

    If an exception is raised, the connection will have been automatically closed.
    Parameters:
    s - The data to transmit to the other party.
               (type=str)
    Raises:
    socket.error - If a socket error occurs.

    writeAsync(self, s)

    Start a write operation on the TLS connection.

    This function returns a generator which behaves similarly to write(). Successive invocations of the generator will return 1 if it is waiting to write to the socket, or will raise StopIteration if the write operation has completed.
    Returns:
    A generator; see above for details.
               (type=iterable)

    close(self)

    Close the TLS connection.

    This function will block until it has exchanged close_notify alerts with the other party. After doing so, it will shut down the TLS connection. Further attempts to read through this connection will return "". Further attempts to write through this connection will raise ValueError.

    If makefile() has been called on this connection, the connection will be not be closed until the connection object and all file objects have been closed.

    Even if an exception is raised, the connection will have been closed.
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.

    closeAsync(self)

    Start a close operation on the TLS connection.

    This function returns a generator which behaves similarly to close(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the close operation has completed.
    Returns:
    A generator; see above for details.
               (type=iterable)

    getCipherImplementation(self)

    Get the name of the cipher implementation used with this connection.
    Returns:
    The name of the cipher implementation used with this connection. Either 'python', 'cryptlib', 'openssl', or 'pycrypto'.
               (type=str)

    getCipherName(self)

    Get the name of the cipher used with this connection.
    Returns:
    The name of the cipher used with this connection. Either 'aes128', 'aes256', 'rc4', or '3des'.
               (type=str)

    getpeername(self)

    Return the remote address to which the socket is connected (socket emulation).

    getsockname(self)

    Return the socket's own address (socket emulation).

    gettimeout(self)

    Return the timeout associated with socket operations (socket emulation).

    makefile(self, mode='r', bufsize=-1)

    Create a file object for the TLS connection (socket emulation).
    Returns:
    tlslite.FileObject.FileObject

    recv(self, bufsize)

    Get some data from the TLS connection (socket emulation).
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.

    send(self, s)

    Send data to the TLS connection (socket emulation).
    Raises:
    socket.error - If a socket error occurs.

    sendall(self, s)

    Send data to the TLS connection (socket emulation).
    Raises:
    socket.error - If a socket error occurs.

    setsockopt(self, level, optname, value)

    Set the value of the given socket option (socket emulation).

    settimeout(self, value)

    Set a timeout on blocking socket operations (socket emulation).

    Instance Variable Details

    allegedSharedKeyUsername

    This is set to the shared-key username asserted by the client, whether the handshake succeeded or not. If the handshake fails, this can be inspected to determine if a guessing attack is in progress against a particular user account.
    Type:
    str or None

    allegedSrpUsername

    This is set to the SRP username asserted by the client, whether the handshake succeeded or not. If the handshake fails, this can be inspected to determine if a guessing attack is in progress against a particular user account.
    Type:
    str or None

    closed

    If this connection is closed.
    Type:
    bool

    closeSocket

    If the socket should be closed when the connection is closed (writable).

    If you set this to True, TLS Lite will assume the responsibility of closing the socket when the TLS Connection is shutdown (either through an error or through the user calling close()). The default is False.
    Type:
    bool

    ignoreAbruptClose

    If an abrupt close of the socket should raise an error (writable).

    If you set this to True, TLS Lite will not raise a tlslite.errors.TLSAbruptCloseError exception if the underlying socket is unexpectedly closed. Such an unexpected closure could be caused by an attacker. However, it also occurs with some incorrect TLS implementations.

    You should set this to True only if you're not worried about an attacker truncating the connection, and only if necessary to avoid spurious errors. The default is False.
    Type:
    bool

    resumed

    If this connection is based on a resumed session.
    Type:
    bool

    session

    The session corresponding to this connection.

    Due to TLS session resumption, multiple connections can correspond to the same underlying session.
    Type:
    tlslite.Session.Session

    sock

    The underlying socket object.
    Type:
    socket.socket

    version

    The TLS version being used for this connection.

    (3,0) means SSL 3.0, and (3,1) means TLS 1.0.
    Type:
    tuple

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.PyCrypto_AES-module.html0000700000175000017500000001007210206544645024057 0ustar clintclint tlslite.utils.PyCrypto_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.PyCrypto_AES

    PyCrypto AES implementation.
    Classes
    PyCrypto_AES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.BaseDB-module.html0000700000175000017500000000157010206544651022302 0ustar clintclint tlslite.BaseDB
    BaseDB
    Classes
    BaseDB

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.integration.TLSSocketServerMixIn-module.html0000700000175000017500000000201210206544651027503 0ustar clintclint tlslite.integration.TLSSocketServerMixIn
    TLSSocketServerMixIn
    Classes
    TLSSocketServerMixIn

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.errors.TLSAlert-class.html0000700000175000017500000001710610206544647023233 0ustar clintclint tlslite.errors.TLSAlert
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAlert
    [show private | hide private]
    [frames | no frames]

    Class TLSAlert

    Exception --+    
            |    
     TLSError --+
                |
               TLSAlert

    Known Subclasses:
    TLSLocalAlert, TLSRemoteAlert
    A TLS alert has been signalled.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

    Class Variable Summary
    dict _descriptionStr = {0: 'close_notify', 10: 'unexpected_me...

    Class Variable Details

    _descriptionStr

    Type:
    dict
    Value:
    {0: 'close_notify',
 10: 'unexpected_message',
 20: 'bad_record_mac',
 21: 'decryption_failed',
 22: 'record_overflow',
 30: 'decompression_failure',
 40: 'handshake_failure',
 41: 'no certificate',
...

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite-module.html0000700000175000017500000000472510206544651021230 0ustar clintclint tlslite
    tlslite
    Modules
    api
    BaseDB
    Checker
    constants
    errors
    FileObject
    HandshakeSettings
    integration
    mathtls
    messages
    Session
    SessionCache
    SharedKeyDB
    TLSConnection
    TLSRecordLayer
    utils
    VerifierDB
    X509
    X509CertChain

    Variables
    __version__

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey-class.html0000700000175000017500000003664510206544647027353 0ustar clintclint tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_RSAKey :: Class PyCrypto_RSAKey
    [show private | hide private]
    [frames | no frames]

    Class PyCrypto_RSAKey

    RSAKey --+
         |
        PyCrypto_RSAKey

    Method Summary
      __init__(self, n, e)
    Create a new RSA key.
      __getattr__(self, name)
      generate(bits)
    (Static method)
    str hash(self)
    Return the cryptoID <keyHash> value corresponding to this key.
    bool hasPrivateKey(self)
    Return whether or not this key has a private component.
    str writeXMLPublicKey(self, indent)
    Return a string containing the key.
      _rawPrivateKeyOp(self, m)
      _rawPublicKeyOp(self, c)
        Inherited from RSAKey
    int __len__(self)
    Return the length of this key in bits.
    bool acceptsPassword(self)
    Return True if the write() method accepts a password for use in encrypting the private key.
    array.array of unsigned bytes or None. decrypt(self, encBytes)
    Decrypt the passed-in bytes.
    array.array of unsigned bytes. encrypt(self, bytes)
    Encrypt the passed-in bytes.
    str getSigningAlgorithm(self)
    Return the cryptoID sigAlgo value corresponding to this key.
    array.array of unsigned bytes. hashAndSign(self, bytes)
    Hash and sign the passed-in bytes.
    bool hashAndVerify(self, sigBytes, bytes)
    Hash and verify the passed-in bytes with the signature.
    array.array of unsigned bytes. sign(self, bytes)
    Sign the passed-in bytes.
    bool verify(self, sigBytes, bytes)
    Verify the passed-in bytes with the signature.
    str write(self, password)
    Return a string containing the key.
      _addPKCS1Padding(self, bytes, blockType)
      _addPKCS1SHA1Prefix(self, bytes)

    Instance Method Details

    __init__(self, n=0, e=0, d=0, p=0, q=0, dP=0, dQ=0, qInv=0)
    (Constructor)

    Create a new RSA key.

    If n and e are passed in, the new key will be initialized.
    Parameters:
    n - RSA modulus.
               (type=int)
    e - RSA public exponent.
               (type=int)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.__init__ (inherited documentation)

    hash(self)

    Return the cryptoID <keyHash> value corresponding to this key.
    Returns:
    str
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hash (inherited documentation)

    hasPrivateKey(self)

    Return whether or not this key has a private component.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hasPrivateKey (inherited documentation)

    writeXMLPublicKey(self, indent='')

    Return a string containing the key.
    Returns:
    A string describing the public key, in XML format.
               (type=str)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.writeXMLPublicKey (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.SMTP_TLS-module.html0000700000175000017500000000710310206544647024271 0ustar clintclint tlslite.integration.SMTP_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module SMTP_TLS
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.SMTP_TLS

    TLS Lite + smtplib.
    Classes
    SMTP_TLS This class extends smtplib.SMTP with TLS support.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.IMAP4_TLS.IMAP4_TLS-class.html0000700000175000017500000011305610206544647025500 0ustar clintclint tlslite.integration.IMAP4_TLS.IMAP4_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module IMAP4_TLS :: Class IMAP4_TLS
    [show private | hide private]
    [frames | no frames]

    Class IMAP4_TLS

           IMAP4 --+
               |
ClientHelper --+
               |
              IMAP4_TLS

    This class extends imaplib.IMAP4 with TLS support.
    Method Summary
      __init__(self, host, port, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Create a new IMAP4_TLS.
      open(self, host, port)
    Setup connection to remote server on "host:port".
        Inherited from IMAP4
      __getattr__(self, attr)
      append(self, mailbox, flags, date_time, message)
    Append message to named mailbox.
      authenticate(self, mechanism, authobject)
    Authenticate command - requires response processing.
      check(self)
    Checkpoint mailbox on server.
      close(self)
    Close currently selected mailbox.
      copy(self, message_set, new_mailbox)
    Copy 'message_set' messages onto end of 'new_mailbox'.
      create(self, mailbox)
    Create new mailbox.
      delete(self, mailbox)
    Delete old mailbox.
      expunge(self)
    Permanently remove deleted items from selected mailbox.
      fetch(self, message_set, message_parts)
    Fetch (parts of) messages.
      getacl(self, mailbox)
    Get the ACLs for a mailbox.
      getquota(self, root)
    Get the quota root's resource usage and limits.
      getquotaroot(self, mailbox)
    Get the list of quota roots for the named mailbox.
      list(self, directory, pattern)
    List mailbox names in directory matching pattern.
      login(self, user, password)
    Identify client using plaintext password.
      login_cram_md5(self, user, password)
    Force use of CRAM-MD5 authentication.
      logout(self)
    Shutdown connection to server.
      lsub(self, directory, pattern)
    List 'subscribed' mailbox names in directory matching pattern.
      namespace(self)
    Returns IMAP namespaces ala rfc2342
      noop(self)
    Send NOOP command.
      partial(self, message_num, message_part, start, length)
    Fetch truncated part of a message.
      print_log(self)
      proxyauth(self, user)
    Assume authentication as "user".
      read(self, size)
    Read 'size' bytes from remote.
      readline(self)
    Read line from remote.
      recent(self)
    Return most recent 'RECENT' responses if any exist, else prompt server for an update using the 'NOOP' command.
      rename(self, oldmailbox, newmailbox)
    Rename old mailbox name to new.
      response(self, code)
    Return data for response 'code' if received, or None.
      search(self, charset, *criteria)
    Search mailbox for matching messages.
      select(self, mailbox, readonly)
    Select a mailbox.
      send(self, data)
    Send data to remote.
      setacl(self, mailbox, who, what)
    Set a mailbox acl.
      setquota(self, root, limits)
    Set the quota root's resource limits.
      shutdown(self)
    Close I/O established in "open".
      socket(self)
    Return socket instance used to connect to IMAP4 server.
      sort(self, sort_criteria, charset, *search_criteria)
    IMAP4rev1 extension SORT command.
      status(self, mailbox, names)
    Request named status conditions for mailbox.
      store(self, message_set, command, flags)
    Alters flag dispositions for messages in mailbox.
      subscribe(self, mailbox)
    Subscribe to new mailbox.
      uid(self, command, *args)
    Execute "command arg ..." with messages identified by UID, rather than message number.
      unsubscribe(self, mailbox)
    Unsubscribe from old mailbox.
      xatom(self, name, *args)
    Allow simple extension commands notified by server in CAPABILITY response.
      _append_untagged(self, typ, dat)
      _check_bye(self)
      _checkquote(self, arg)
      _command(self, name, *args)
      _command_complete(self, name, tag)
      _CRAM_MD5_AUTH(self, challenge)
    Authobject to use with CRAM-MD5 authentication.
      _dump_ur(self, dict)
      _get_line(self)
      _get_response(self)
      _get_tagged_response(self, tag)
      _log(self, line)
      _match(self, cre, s)
      _mesg(self, s, secs)
      _new_tag(self)
      _quote(self, arg)
      _simple_command(self, name, *args)
      _untagged_response(self, typ, dat, name)
        Inherited from ClientHelper
      _handshake(self, tlsConnection)

    Class Variable Summary
        Inherited from IMAP4
    SRE_Pattern mustquote = [^\w!#\$%&'\*\+,\.:;<=>\?\^`\|~-]

    Method Details

    __init__(self, host='', port=993, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    Create a new IMAP4_TLS.

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    host - Server to connect to.
               (type=str)
    port - Port to connect to.
               (type=int)
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    imaplib.IMAP4.__init__

    open(self, host='', port=993)

    Setup connection to remote server on "host:port".

    This connection will be used by the routines: read, readline, send, shutdown.
    Overrides:
    imaplib.IMAP4.open

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Python_RC4-module.html0000700000175000017500000000770710206544645023542 0ustar clintclint tlslite.utils.Python_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Python_RC4

    Pure-Python RC4 implementation.
    Classes
    Python_RC4  

    Function Summary
      new(key)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.SessionCache-module.html0000700000175000017500000000760110206544646023013 0ustar clintclint tlslite.SessionCache
       Home       Trees       Index       Help   
    Package tlslite :: Module SessionCache
    [show private | hide private]
    [frames | no frames]

    Module tlslite.SessionCache

    Class for caching TLS sessions.
    Classes
    SessionCache This class is used by the server to cache TLS sessions.

    Function Summary
      _test()

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.TLSRecordLayer-module.html0000700000175000017500000000713610206544645023244 0ustar clintclint tlslite.TLSRecordLayer
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSRecordLayer
    [show private | hide private]
    [frames | no frames]

    Module tlslite.TLSRecordLayer

    Helper class for TLSConnection.
    Classes
    TLSRecordLayer This class handles data transmission for a TLS connection.
    _ConnectionState  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.codec-module.html0000700000175000017500000000174010206544651023435 0ustar clintclint tlslite.utils.codec
    codec
    Classes
    Parser
    Writer

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.Session-module.html0000700000175000017500000000157710206544651022654 0ustar clintclint tlslite.Session
    Session
    Classes
    Session

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.utils.RSAKey-module.html0000700000175000017500000000162010206544651023453 0ustar clintclint tlslite.utils.RSAKey
    RSAKey
    Classes
    RSAKey

    [show private | hide private] tlslite-0.3.8/docs/private/toc-everything.html0000700000175000017500000006316510206544651020454 0ustar clintclint Everything
    Everything
    All Classes
    tlslite.BaseDB.BaseDB
    tlslite.Checker.Checker
    tlslite.constants.AlertDescription
    tlslite.constants.AlertLevel
    tlslite.constants.CertificateType
    tlslite.constants.CipherSuite
    tlslite.constants.ContentType
    tlslite.constants.Fault
    tlslite.constants.HandshakeType
    tlslite.FileObject.FileObject
    tlslite.HandshakeSettings.HandshakeSettings
    tlslite.integration.AsyncStateMachine.AsyncStateMachine
    tlslite.integration.ClientHelper.ClientHelper
    tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    tlslite.integration.HTTPTLSConnection.HTTPTLSConnection
    tlslite.integration.IMAP4_TLS.IMAP4_TLS
    tlslite.integration.IntegrationHelper.IntegrationHelper
    tlslite.integration.POP3_TLS.POP3_TLS
    tlslite.integration.SMTP_TLS.SMTP_TLS
    tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn
    tlslite.integration.TLSTwistedProtocolWrapper._FakeSocket
    tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    tlslite.integration.XMLRPCTransport.XMLRPCTransport
    tlslite.mathtls.MAC_SSL
    tlslite.messages.Alert
    tlslite.messages.ApplicationData
    tlslite.messages.Certificate
    tlslite.messages.CertificateRequest
    tlslite.messages.CertificateVerify
    tlslite.messages.ChangeCipherSpec
    tlslite.messages.ClientHello
    tlslite.messages.ClientKeyExchange
    tlslite.messages.Finished
    tlslite.messages.HandshakeMsg
    tlslite.messages.Msg
    tlslite.messages.RecordHeader2
    tlslite.messages.RecordHeader3
    tlslite.messages.ServerHello
    tlslite.messages.ServerHelloDone
    tlslite.messages.ServerKeyExchange
    tlslite.Session.Session
    tlslite.SessionCache.SessionCache
    tlslite.SharedKeyDB.SharedKeyDB
    tlslite.TLSConnection.TLSConnection
    tlslite.TLSRecordLayer._ConnectionState
    tlslite.TLSRecordLayer.TLSRecordLayer
    tlslite.utils.AES.AES
    tlslite.utils.ASN1Parser.ASN1Parser
    tlslite.utils.codec.Parser
    tlslite.utils.codec.Writer
    tlslite.utils.Cryptlib_AES.Cryptlib_AES
    tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    tlslite.utils.hmac.HMAC
    tlslite.utils.jython_compat.CertChainBase
    tlslite.utils.jython_compat.ReportFuncBase
    tlslite.utils.jython_compat.SelfTestBase
    tlslite.utils.OpenSSL_AES.OpenSSL_AES
    tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    tlslite.utils.PyCrypto_AES.PyCrypto_AES
    tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
    tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
    tlslite.utils.Python_AES.Python_AES
    tlslite.utils.Python_RC4.Python_RC4
    tlslite.utils.Python_RSAKey.Python_RSAKey
    tlslite.utils.RC4.RC4
    tlslite.utils.rijndael.rijndael
    tlslite.utils.RSAKey.RSAKey
    tlslite.utils.TripleDES.TripleDES
    tlslite.VerifierDB.VerifierDB
    tlslite.X509.X509
    tlslite.X509CertChain.X509CertChain

    All Exceptions
    tlslite.errors.TLSAbruptCloseError
    tlslite.errors.TLSAlert
    tlslite.errors.TLSAuthenticationError
    tlslite.errors.TLSAuthenticationTypeError
    tlslite.errors.TLSAuthorizationError
    tlslite.errors.TLSError
    tlslite.errors.TLSFaultError
    tlslite.errors.TLSFingerprintError
    tlslite.errors.TLSLocalAlert
    tlslite.errors.TLSNoAuthenticationError
    tlslite.errors.TLSRemoteAlert
    tlslite.errors.TLSValidationError

    All Functions
    _createPrivateKey
    _createPrivateRSAKey
    _createPublicKey
    _createPublicRSAKey
    _parseKeyHelper
    _strxor
    _test
    base64ToBytes
    base64ToNumber
    base64ToString
    bytesToBase64
    bytesToNumber
    bytesToString
    bytesToString
    checkName
    checkNoMoreAttributes
    concatArrays
    concatArrays
    createAES
    createByteArraySequence
    createByteArraySequence
    createByteArrayZeros
    createByteArrayZeros
    createDateClass
    createRC4
    createTripleDES
    decrypt
    encrypt
    escape
    formatExceptionTrace
    formatExceptionTrace
    gcd
    generateRSAKey
    getAttribute
    getBase64Nonce
    getChild
    getChildIter
    getChildOrNone
    getHoursFromNow
    getLastChild
    getListFromSet
    getMinutesFromNow
    getNow
    getRandomBytes
    getRandomNumber
    getRandomPrime
    getRandomSafePrime
    getReqAttribute
    getSHA1
    getText
    hashAndBase64
    indent
    invMod
    isDateClassBefore
    isDateClassExpired
    isPrime
    iterSet
    lcm
    makeK
    makeSieve
    makeU
    makeVerifier
    makeX
    mpiToNumber
    new
    new
    new
    new
    new
    new
    new
    new
    new
    new
    new
    new
    numberToBase64
    numberToBytes
    numberToMPI
    numberToString
    numBits
    numBits
    numBytes
    P_hash
    PAD
    parseAndStripWhitespace
    parseAsPublicKey
    parseDateClass
    parseDocument
    parsePEMKey
    parsePrivateKey
    parseXMLKey
    password_callback
    powMod
    PRF
    PRF_SSL
    printDateClass
    stringToBase64
    stringToBytes
    stringToBytes
    stringToNumber
    stripWhitespace
    test

    All Variables
    __version__
    base64RegEx
    booleanRegEx
    certsListRegEx
    cryptoIDRegEx
    dateTimeRegEx
    digest_size
    exprRegEx
    goodGroupParameters
    IMAP4_TLS_PORT
    keyRegEx
    keysListRegEx
    nsRegEx
    num_rounds
    POP3_TLS_PORT
    rcon
    S
    sha1Base64RegEx
    shifts
    shortStringRegEx
    Si
    sieve
    T1
    T2
    T3
    T4
    T5
    T6
    T7
    T8
    tripleDESPresent
    U1
    U2
    U3
    U4
    urlRegEx

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.messages.RecordHeader3-class.html0000700000175000017500000001077410206544647024512 0ustar clintclint tlslite.messages.RecordHeader3
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class RecordHeader3
    [show private | hide private]
    [frames | no frames]

    Class RecordHeader3

    Method Summary
      __init__(self)
      create(self, version, type, length)
      parse(self, p)
      write(self)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.Cryptlib_TripleDES-module.html0000700000175000017500000000225710206544651026027 0ustar clintclint tlslite.utils.Cryptlib_TripleDES
    Cryptlib_TripleDES
    Classes
    Cryptlib_TripleDES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.FileObject-module.html0000700000175000017500000000162410206544651023230 0ustar clintclint tlslite.FileObject
    FileObject
    Classes
    FileObject

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.integration.TLSAsyncDispatcherMixIn-module.html0000700000175000017500000000203710206544651030157 0ustar clintclint tlslite.integration.TLSAsyncDispatcherMixIn
    TLSAsyncDispatcherMixIn
    Classes
    TLSAsyncDispatcherMixIn

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.constants.Fault-class.html0000700000175000017500000007066510206544647023365 0ustar clintclint tlslite.constants.Fault
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class Fault
    [show private | hide private]
    [frames | no frames]

    Class Fault

    Class Variable Summary
    int badA = 103                                                                   
    int badB = 201                                                                   
    int badFinished = 300                                                                   
    int badIdentifier = 401                                                                   
    int badMAC = 301                                                                   
    int badPadding = 302                                                                   
    int badPassword = 102                                                                   
    int badPremasterPadding = 501                                                                   
    int badSharedKey = 402                                                                   
    int badUsername = 101                                                                   
    int badVerifyMessage = 601                                                                   
    list clientCertFaults = [601]
    list clientNoAuthFaults = [501, 502]
    list clientSharedKeyFaults = [401, 402]
    list clientSrpFaults = [101, 102, 103]
    dict faultAlerts = {101: (120, 20), 102: (20,), 103: (47,), 3...
    dict faultNames = {101: 'bad username', 102: 'bad password', ...
    list genericFaults = [300, 301, 302]
    list serverFaults = [201]
    int shortPremasterSecret = 502                                                                   

    Class Variable Details

    badA

    Type:
    int
    Value:
    103                                                                   

    badB

    Type:
    int
    Value:
    201                                                                   

    badFinished

    Type:
    int
    Value:
    300                                                                   

    badIdentifier

    Type:
    int
    Value:
    401                                                                   

    badMAC

    Type:
    int
    Value:
    301                                                                   

    badPadding

    Type:
    int
    Value:
    302                                                                   

    badPassword

    Type:
    int
    Value:
    102                                                                   

    badPremasterPadding

    Type:
    int
    Value:
    501                                                                   

    badSharedKey

    Type:
    int
    Value:
    402                                                                   

    badUsername

    Type:
    int
    Value:
    101                                                                   

    badVerifyMessage

    Type:
    int
    Value:
    601                                                                   

    clientCertFaults

    Type:
    list
    Value:
    [601]

    clientNoAuthFaults

    Type:
    list
    Value:
    [501, 502]

    clientSharedKeyFaults

    Type:
    list
    Value:
    [401, 402]

    clientSrpFaults

    Type:
    list
    Value:
    [101, 102, 103]

    faultAlerts

    Type:
    dict
    Value:
    {101: (120, 20),
 102: (20,),
 103: (47,),
 300: (51,),
 301: (20,),
 302: (20,),
 401: (40,),
 402: (20,),
...

    faultNames

    Type:
    dict
    Value:
    {101: 'bad username',
 102: 'bad password',
 103: 'bad A',
 300: 'bad finished message',
 301: 'bad MAC',
 302: 'bad padding',
 401: 'bad identifier',
 402: 'bad sharedkey',
...

    genericFaults

    Type:
    list
    Value:
    [300, 301, 302]

    serverFaults

    Type:
    list
    Value:
    [201]

    shortPremasterSecret

    Type:
    int
    Value:
    502                                                                   

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.PyCrypto_TripleDES-module.html0000700000175000017500000001015310206544645025242 0ustar clintclint tlslite.utils.PyCrypto_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_TripleDES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.PyCrypto_TripleDES

    PyCrypto 3DES implementation.
    Classes
    PyCrypto_TripleDES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Cryptlib_AES-module.html0000700000175000017500000001007210206544646024057 0ustar clintclint tlslite.utils.Cryptlib_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Cryptlib_AES

    Cryptlib AES implementation.
    Classes
    Cryptlib_AES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/index.html0000700000175000017500000000057410206544651016607 0ustar clintclint API Documentation tlslite-0.3.8/docs/private/frames.html0000700000175000017500000000057410206544651016755 0ustar clintclint API Documentation tlslite-0.3.8/docs/private/tlslite.utils.jython_compat.ReportFuncBase-class.html0000700000175000017500000000616710206544645027167 0ustar clintclint tlslite.utils.jython_compat.ReportFuncBase
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module jython_compat :: Class ReportFuncBase
    [show private | hide private]
    [frames | no frames]

    Class ReportFuncBase

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.errors.TLSError-class.html0000700000175000017500000001156010206544646023252 0ustar clintclint tlslite.errors.TLSError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSError
    [show private | hide private]
    [frames | no frames]

    Class TLSError

    Exception --+
            |
           TLSError

    Known Subclasses:
    TLSAbruptCloseError, TLSAlert, TLSAuthenticationError, TLSFaultError
    Base class for all TLS Lite exceptions.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.XMLRPCTransport-module.html0000700000175000017500000000707410206544646025714 0ustar clintclint tlslite.integration.XMLRPCTransport
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module XMLRPCTransport
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.XMLRPCTransport

    TLS Lite + xmlrpclib.
    Classes
    XMLRPCTransport Handles an HTTPS transaction to an XML-RPC server.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.SessionCache.SessionCache-class.html0000700000175000017500000001457010206544646025204 0ustar clintclint tlslite.SessionCache.SessionCache
       Home       Trees       Index       Help   
    Package tlslite :: Module SessionCache :: Class SessionCache
    [show private | hide private]
    [frames | no frames]

    Class SessionCache

    This class is used by the server to cache TLS sessions.

    Caching sessions allows the client to use TLS session resumption and avoid the expense of a full handshake. To use this class, simply pass a SessionCache instance into the server handshake function.

    This class is thread-safe.
    Method Summary
      __init__(self, maxEntries, maxAge)
    Create a new SessionCache.
      __getitem__(self, sessionID)
      __setitem__(self, sessionID, session)
      _purge(self)

    Method Details

    __init__(self, maxEntries=10000, maxAge=14400)
    (Constructor)

    Create a new SessionCache.
    Parameters:
    maxEntries - The maximum size of the cache. When this limit is reached, the oldest sessions will be deleted as necessary to make room for new ones. The default is 10000.
               (type=int)
    maxAge - The number of seconds before a session expires from the cache. The default is 14400 (i.e. 4 hours).
               (type=int)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.rijndael-module.html0000700000175000017500000011421310206544647023372 0ustar clintclint tlslite.utils.rijndael
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module rijndael
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.rijndael

    A pure python (slow) implementation of rijndael with a decent interface

    To include -

    from rijndael import rijndael

    To do a key setup -

    r = rijndael(key, block_size = 16)

    key must be a string of length 16, 24, or 32 blocksize must be 16, 24, or 32. Default is 16

    To use -

    ciphertext = r.encrypt(plaintext) plaintext = r.decrypt(ciphertext)

    If any strings are of the wrong length a ValueError is thrown
    Classes
    rijndael  

    Function Summary
      decrypt(key, block)
      encrypt(key, block)
      test()

    Variable Summary
    dict num_rounds = {16: {16: 10, 24: 12, 32: 14}, 24: {16: 12,...
    list rcon = [1, 2, 4, 8, 16, 32, 64, 128, 27, 54, 108, 216, 1...
    list S = [99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, ...
    list shifts = [[[0, 0], [1, 3], [2, 2], [3, 1]], [[0, 0], [1,...
    list Si = [82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 15...
    list T1 = [-966564955, -126059388, -294160487, -159679603, -8...
    list T2 = [-1513725085, -2064089988, -1712425097, -1913226373...
    list T3 = [1671808611, 2089089148, 2006576759, 2072901243, -2...
    list T4 = [1667474886, 2088535288, 2004326894, 2071694838, -2...
    list T5 = [1374988112, 2118214995, 437757123, 975658646, 1001...
    list T6 = [1347548327, 1400783205, -1021700188, -1774573730, ...
    list T7 = [-1487908364, 1699970625, -1530717673, 1586903591, ...
    list T8 = [-190361519, 1097159550, 396673818, 660510266, -141...
    list U1 = [0, 235474187, 470948374, 303765277, 941896748, 908...
    list U2 = [0, 185469197, 370938394, 487725847, 741876788, 657...
    list U3 = [0, 218828297, 437656594, 387781147, 875313188, 958...
    list U4 = [0, 151849742, 303699484, 454499602, 607398968, 758...

    Variable Details

    num_rounds

    Type:
    dict
    Value:
    {16: {16: 10, 24: 12, 32: 14},
 24: {16: 12, 24: 12, 32: 14},
 32: {16: 14, 24: 14, 32: 14}}

    rcon

    Type:
    list
    Value:
    [1, 2, 4, 8, 16, 32, 64, 128, 27]

    S

    Type:
    list
    Value:
    [99, 124, 119, 123, 242, 107, 111, 197, 48]

    shifts

    Type:
    list
    Value:
    [[[0, 0], [1, 3], [2, 2], [3, 1]],
 [[0, 0], [1, 5], [2, 4], [3, 3]],
 [[0, 0], [1, 7], [3, 5], [4, 4]]]

    Si

    Type:
    list
    Value:
    [82, 9, 106, 213, 48, 54, 165, 56, 191]

    T1

    Type:
    list
    Value:
    [-966564955,
 -126059388,
 -294160487,
 -159679603,
 -855539,
 -697603139,
 -563122255,
 -1849309868,
...

    T2

    Type:
    list
    Value:
    [-1513725085,
 -2064089988,
 -1712425097,
 -1913226373,
 234877682,
 -1110021269,
 -1310822545,
 1418839493,
...

    T3

    Type:
    list
    Value:
    [1671808611,
 2089089148,
 2006576759,
 2072901243,
 -233963534,
 1807603307,
 1873927791,
 -984313403,
...

    T4

    Type:
    list
    Value:
    [1667474886,
 2088535288,
 2004326894,
 2071694838,
 -219017729,
 1802223062,
 1869591006,
 -976923503,
...

    T5

    Type:
    list
    Value:
    [1374988112,
 2118214995,
 437757123,
 975658646,
 1001089995,
 530400753,
 -1392879445,
 1273168787,
...

    T6

    Type:
    list
    Value:
    [1347548327,
 1400783205,
 -1021700188,
 -1774573730,
 -885281941,
 -249586363,
 -1414727080,
 -1823743229,
...

    T7

    Type:
    list
    Value:
    [-1487908364,
 1699970625,
 -1530717673,
 1586903591,
 1808481195,
 1173430173,
 1487645946,
 59984867,
...

    T8

    Type:
    list
    Value:
    [-190361519,
 1097159550,
 396673818,
 660510266,
 -1418998981,
 -1656360673,
 -94852180,
 -486304949,
...

    U1

    Type:
    list
    Value:
    [0,
 235474187,
 470948374,
 303765277,
 941896748,
 908933415,
 607530554,
 708780849,
...

    U2

    Type:
    list
    Value:
    [0,
 185469197,
 370938394,
 487725847,
 741876788,
 657861945,
 975451694,
 824852259,
...

    U3

    Type:
    list
    Value:
    [0,
 218828297,
 437656594,
 387781147,
 875313188,
 958871085,
 775562294,
 590424639,
...

    U4

    Type:
    list
    Value:
    [0,
 151849742,
 303699484,
 454499602,
 607398968,
 758720310,
 908999204,
 1059270954,
...

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.IMAP4_TLS-module.html0000700000175000017500000001305610206544646024323 0ustar clintclint tlslite.integration.IMAP4_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module IMAP4_TLS
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.IMAP4_TLS

    TLS Lite + imaplib.
    Classes
    IMAP4_TLS This class extends imaplib.IMAP4 with TLS support.

    Variable Summary
    int IMAP4_TLS_PORT = 993                                                                   

    Variable Details

    IMAP4_TLS_PORT

    Type:
    int
    Value:
    993                                                                   

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/imaplib.error-class.html0000700000175000017500000001055010206544645021346 0ustar clintclint imaplib.error
       Home       Trees       Index       Help   
    Module imaplib :: Class error
    [show private | hide private]
    [frames | no frames]

    Class error

    Exception --+
            |
           error

    Known Subclasses:
    abort
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.TLSAsyncDispatcherMixIn-module.html0000700000175000017500000000725610206544647027411 0ustar clintclint tlslite.integration.TLSAsyncDispatcherMixIn
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSAsyncDispatcherMixIn
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.TLSAsyncDispatcherMixIn

    TLS Lite + asyncore.
    Classes
    TLSAsyncDispatcherMixIn This class can be "mixed in" with an asyncore.dispatcher to add TLS support.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.cryptomath-module.html0000700000175000017500000000737310206544651024562 0ustar clintclint tlslite.utils.cryptomath
    cryptomath
    Functions
    base64ToBytes
    base64ToNumber
    base64ToString
    bytesToBase64
    bytesToNumber
    gcd
    getBase64Nonce
    getRandomBytes
    getRandomNumber
    getRandomPrime
    getRandomSafePrime
    hashAndBase64
    invMod
    isPrime
    lcm
    makeSieve
    mpiToNumber
    numberToBase64
    numberToBytes
    numberToMPI
    numberToString
    numBytes
    powMod
    stringToBase64
    stringToNumber

    Variables
    sieve

    [show private | hide private] tlslite-0.3.8/docs/private/help.html0000700000175000017500000002343210206544651016426 0ustar clintclint Help
       Home       Trees       Index       Help   
    [show private | hide private]
    [frames | no frames]

    API Documentation

    This document contains the API (Application Programming Interface) documentation for this project. Documentation for the Python objects defined by the project is divided into separate pages for each package, module, and class. The API documentation also includes two pages containing information about the project as a whole: a trees page, and an index page.

    Object Documentation

    Each Package Documentation page contains:

    • A description of the package.
    • A list of the modules and sub-packages contained by the package.
    • A summary of the classes defined by the package.
    • A summary of the functions defined by the package.
    • A summary of the variables defined by the package.
    • A detailed description of each function defined by the package.
    • A detailed description of each variable defined by the package.

    Each Module Documentation page contains:

    • A description of the module.
    • A summary of the classes defined by the module.
    • A summary of the functions defined by the module.
    • A summary of the variables defined by the module.
    • A detailed description of each function defined by the module.
    • A detailed description of each variable defined by the module.

    Each Class Documentation page contains:

    • A class inheritance diagram.
    • A list of known subclasses.
    • A description of the class.
    • A summary of the methods defined by the class.
    • A summary of the instance variables defined by the class.
    • A summary of the class (static) variables defined by the class.
    • A detailed description of each method defined by the class.
    • A detailed description of each instance variable defined by the class.
    • A detailed description of each class (static) variable defined by the class.

    Project Documentation

    The Trees page contains the module and class hierarchies:

    • The module hierarchy lists every package and module, with modules grouped into packages. At the top level, and within each package, modules and sub-packages are listed alphabetically.
    • The class hierarchy lists every class, grouped by base class. If a class has more than one base class, then it will be listed under each base class. At the top level, and under each base class, classes are listed alphabetically.

    The Index page contains indices of terms and identifiers:

    • The term index lists every term indexed by any object's documentation. For each term, the index provides links to each place where the term is indexed.
    • The identifier index lists the (short) name of every package, module, class, method, function, variable, and parameter. For each identifier, the index provides a short description, and a link to its documentation.

    The Table of Contents

    The table of contents occupies the two frames on the left side of the window. The upper-left frame displays the project contents, and the lower-left frame displays the module contents:

    Project
    Contents
    ...    		 API
    Documentation
    Frame
    Module
    Contents
     
    ...
     

    The project contents frame contains a list of all packages and modules that are defined by the project. Clicking on an entry will display its contents in the module contents frame. Clicking on a special entry, labeled "Everything," will display the contents of the entire project.

    The module contents frame contains a list of every submodule, class, type, exception, function, and variable defined by a module or package. Clicking on an entry will display its documentation in the API documentation frame. Clicking on the name of the module, at the top of the frame, will display the documentation for the module itself.

    The "frames" and "no frames" buttons below the top navigation bar can be used to control whether the table of contents is displayed or not.

    The Navigation Bar

    A navigation bar is located at the top and bottom of every page. It indicates what type of page you are currently viewing, and allows you to go to related pages. The following table describes the labels on the navigation bar. Note that not some labels (such as [Parent]) are not displayed on all pages.

    Label Highlighted when... Links to...
    [Parent] (never highlighted) the parent of the current package
    [Package] viewing a package the package containing the current object
    [Module] viewing a module the module containing the current object
    [Class] viewing a class the class containing the current object
    [Trees] viewing the trees page the trees page
    [Index] viewing the index page the index page
    [Help] viewing the help page the help page

    The "show private" and "hide private" buttons below the top navigation bar can be used to control whether documentation for private objects is displayed. Private objects are usually defined as objects whose (short) names begin with a single underscore, but do not end with an underscore. For example, "_x", "__pprint", and "epydoc.epytext._tokenize" are private objects; but "re.sub", "__init__", and "type_" are not. However, if a module defines the "__all__" variable, then its contents are used to decide which objects are private.

    A timestamp below the bottom navigation bar indicates when each page was last updated.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:57 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.api-module.html0000700000175000017500000001136410206544645021215 0ustar clintclint tlslite.api
       Home       Trees       Index       Help   
    Package tlslite :: Module api
    [show private | hide private]
    [frames | no frames]

    Module tlslite.api

    Import this module for easy access to TLS Lite objects.

    The TLS Lite API consists of classes, functions, and variables spread throughout this package. Instead of importing them individually with: 
       from tlslite.TLSConnection import TLSConnection
   from tlslite.HandshakeSettings import HandshakeSettings
   from tlslite.errors import *
   .
   .
    It's easier to do: 
       from tlslite.api import *
    This imports all the important objects (TLSConnection, Checker, HandshakeSettings, etc.) into the global namespace. In particular, it imports: 
       from constants import AlertLevel, AlertDescription, Fault
   from errors import *
   from Checker import Checker
   from HandshakeSettings import HandshakeSettings
   from Session import Session
   from SessionCache import SessionCache
   from SharedKeyDB import SharedKeyDB
   from TLSConnection import TLSConnection
   from VerifierDB import VerifierDB
   from X509 import X509
   from X509CertChain import X509CertChain

   from integration.HTTPTLSConnection import HTTPTLSConnection
   from integration.POP3_TLS import POP3_TLS
   from integration.IMAP4_TLS import IMAP4_TLS
   from integration.SMTP_TLS import SMTP_TLS
   from integration.XMLRPCTransport import XMLRPCTransport
   from integration.TLSSocketServerMixIn import TLSSocketServerMixIn
   from integration.TLSAsyncDispatcherMixIn import TLSAsyncDispatcherMixIn
   from integration.TLSTwistedProtocolWrapper import TLSTwistedProtocolWrapper
   from utils.cryptomath import cryptlibpyLoaded, m2cryptoLoaded,
                                gmpyLoaded, pycryptoLoaded, prngName
   from utils.keyfactory import generateRSAKey, parsePEMKey, parseXMLKey,
                                parseAsPublicKey, parsePrivateKey
       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.ASN1Parser.ASN1Parser-class.html0000700000175000017500000001047010206544646025156 0ustar clintclint tlslite.utils.ASN1Parser.ASN1Parser
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module ASN1Parser :: Class ASN1Parser
    [show private | hide private]
    [frames | no frames]

    Class ASN1Parser

    Method Summary
      __init__(self, bytes)
      getChild(self, which)
      _getASN1Length(self, p)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.OpenSSL_AES-module.html0000700000175000017500000000216710206544651024337 0ustar clintclint tlslite.utils.OpenSSL_AES
    OpenSSL_AES
    Classes
    OpenSSL_AES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.constants-module.html0000700000175000017500000001026710206544647022463 0ustar clintclint tlslite.constants
       Home       Trees       Index       Help   
    Package tlslite :: Module constants
    [show private | hide private]
    [frames | no frames]

    Module tlslite.constants

    Constants used in various places.
    Classes
    AlertDescription  
    AlertLevel  
    CertificateType  
    CipherSuite  
    ContentType  
    Fault  
    HandshakeType  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Python_AES.Python_AES-class.html0000700000175000017500000001105010206544646025335 0ustar clintclint tlslite.utils.Python_AES.Python_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_AES :: Class Python_AES
    [show private | hide private]
    [frames | no frames]

    Class Python_AES

    AES --+
      |
     Python_AES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.api-module.html0000700000175000017500000000126210206544651021771 0ustar clintclint tlslite.api
    api
    [show private | hide private] tlslite-0.3.8/docs/private/httplib.HTTPConnection-class.html0000700000175000017500000005373010206544646023055 0ustar clintclint httplib.HTTPConnection
       Home       Trees       Index       Help   
    Module httplib :: Class HTTPConnection
    [show private | hide private]
    [frames | no frames]

    Class HTTPConnection

    Known Subclasses:
    HTTPBaseTLSConnection
    Method Summary
      __init__(self, host, port, strict)
      close(self)
    Close the connection to the HTTP server.
      connect(self)
    Connect to the host and port specified in __init__.
      endheaders(self)
    Indicate that the last header line has been sent to the server.
      getresponse(self)
    Get the response from the server.
      putheader(self, header, value)
    Send a request header line to the server.
      putrequest(self, method, url, skip_host)
    Send a request to the server.
      request(self, method, url, body, headers)
    Send a complete request to the server.
      send(self, str)
    Send `str' to the server.
      set_debuglevel(self, level)
      _output(self, s)
    Add a line of output to the current request buffer.
      _send_output(self)
    Send the currently buffered request and clear the buffer.
      _send_request(self, method, url, body, headers)
      _set_hostport(self, host, port)

    Class Variable Summary
    int auto_open = 1                                                                     
    int debuglevel = 0                                                                     
    int default_port = 80                                                                    
    classobj response_class = httplib.HTTPResponse
    int strict = 0                                                                     
    int _http_vsn = 11                                                                    
    str _http_vsn_str = 'HTTP/1.1'

    Method Details

    close(self)

    Close the connection to the HTTP server.

    connect(self)

    Connect to the host and port specified in __init__.

    endheaders(self)

    Indicate that the last header line has been sent to the server.

    getresponse(self)

    Get the response from the server.

    putheader(self, header, value)

    Send a request header line to the server.

    For example: h.putheader('Accept', 'text/html')

    putrequest(self, method, url, skip_host=0)

    Send a request to the server.

    `method' specifies an HTTP request method, e.g. 'GET'. `url' specifies the object being requested, e.g. '/index.html'.

    request(self, method, url, body=None, headers={})

    Send a complete request to the server.

    send(self, str)

    Send `str' to the server.

    _output(self, s)

    Add a line of output to the current request buffer.

    Assumes that the line does *not* end with \r\n.

    _send_output(self)

    Send the currently buffered request and clear the buffer.

    Appends an extra \r\n to the buffer.

    Class Variable Details

    auto_open

    Type:
    int
    Value:
    1                                                                     

    debuglevel

    Type:
    int
    Value:
    0                                                                     

    default_port

    Type:
    int
    Value:
    80                                                                    

    strict

    Type:
    int
    Value:
    0                                                                     

    _http_vsn

    Type:
    int
    Value:
    11                                                                    

    _http_vsn_str

    Type:
    str
    Value:
    'HTTP/1.1'

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.integration.TLSTwistedProtocolWrapper-module.html0000700000175000017500000000226110206544651030633 0ustar clintclint tlslite.integration.TLSTwistedProtocolWrapper
    TLSTwistedProtocolWrapper
    Classes
    _FakeSocket
    TLSTwistedProtocolWrapper

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.X509.X509-class.html0000700000175000017500000002367110206544646021402 0ustar clintclint tlslite.X509.X509
       Home       Trees       Index       Help   
    Package tlslite :: Module X509 :: Class X509
    [show private | hide private]
    [frames | no frames]

    Class X509

    This class represents an X.509 certificate.
    Method Summary
      __init__(self)
    str or None getCommonName(self)
    Get the Subject's Common Name from the certificate.
    str getFingerprint(self)
    Get the hex-encoded fingerprint of this certificate.
      parse(self, s)
    Parse a PEM-encoded X.509 certificate.
      parseBinary(self, bytes)
    Parse a DER-encoded X.509 certificate.
      writeBytes(self)

    Instance Variable Summary
    array.array of unsigned bytes bytes: The DER-encoded ASN.1 certificate
    tlslite.utils.RSAKey.RSAKey publicKey: The subject public key from the certificate.

    Method Details

    getCommonName(self)

    Get the Subject's Common Name from the certificate.

    The cryptlib_py module must be installed in order to use this function.
    Returns:
    The CN component of the certificate's subject DN, if present.
               (type=str or None)

    getFingerprint(self)

    Get the hex-encoded fingerprint of this certificate.
    Returns:
    A hex-encoded fingerprint.
               (type=str)

    parse(self, s)

    Parse a PEM-encoded X.509 certificate.
    Parameters:
    s - A PEM-encoded X.509 certificate (i.e. a base64-encoded certificate wrapped with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" tags).
               (type=str)

    parseBinary(self, bytes)

    Parse a DER-encoded X.509 certificate.
    Parameters:
    bytes - A DER-encoded X.509 certificate.
               (type=str or array.array of unsigned bytes)

    Instance Variable Details

    bytes

    The DER-encoded ASN.1 certificate
    Type:
    array.array of unsigned bytes

    publicKey

    The subject public key from the certificate.
    Type:
    tlslite.utils.RSAKey.RSAKey

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.TLSTwistedProtocolWrapper-module.html0000700000175000017500000000750510206544646030062 0ustar clintclint tlslite.integration.TLSTwistedProtocolWrapper
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSTwistedProtocolWrapper
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.TLSTwistedProtocolWrapper

    TLS Lite + Twisted.
    Classes
    TLSTwistedProtocolWrapper This class can wrap Twisted protocols to add TLS support.
    _FakeSocket  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.Checker-module.html0000700000175000017500000000666010206544650022007 0ustar clintclint tlslite.Checker
       Home       Trees       Index       Help   
    Package tlslite :: Module Checker
    [show private | hide private]
    [frames | no frames]

    Module tlslite.Checker

    Class for post-handshake certificate checking.
    Classes
    Checker This class is passed to a handshake function to check the other party's certificate chain.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.codec.Parser-class.html0000700000175000017500000001475510206544646023743 0ustar clintclint tlslite.utils.codec.Parser
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module codec :: Class Parser
    [show private | hide private]
    [frames | no frames]

    Class Parser

    Method Summary
      __init__(self, bytes)
      atLengthCheck(self)
      get(self, length)
      getFixBytes(self, lengthBytes)
      getFixList(self, length, lengthList)
      getVarBytes(self, lengthLength)
      getVarList(self, length, lengthLength)
      setLengthCheck(self, length)
      startLengthCheck(self, lengthLength)
      stopLengthCheck(self)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/poplib.POP3-class.html0000700000175000017500000004752410206544645020621 0ustar clintclint poplib.POP3
       Home       Trees       Index       Help   
    Module poplib :: Class POP3
    [show private | hide private]
    [frames | no frames]

    Class POP3

    Known Subclasses:
    POP3_TLS
    This class supports both the minimal and optional command sets.
Arguments can be strings or integers (where appropriate)
(e.g.: retr(1) and retr('1') both work equally well.

Minimal Command Set:
        USER name               user(name)
        PASS string             pass_(string)
        STAT                    stat()
        LIST [msg]              list(msg = None)
        RETR msg                retr(msg)
        DELE msg                dele(msg)
        NOOP                    noop()
        RSET                    rset()
        QUIT                    quit()

Optional Commands (some servers support these):
        RPOP name               rpop(name)
        APOP name digest        apop(name, digest)
        TOP msg n               top(msg, n)
        UIDL [msg]              uidl(msg = None)

Raises one exception: 'error_proto'.

Instantiate with:
        POP3(hostname, port=110)

NB:     the POP protocol locks the mailbox from user
        authorization until QUIT, so be sure to get in, suck
        the messages, and quit, each time you access the
        mailbox.

        POP is a line-based protocol, which means large mail
        messages consume lots of python cycles reading them
        line-by-line.

        If it's available on your mail server, use IMAP4
        instead, it doesn't suffer from the two problems
        above.
    Method Summary
      __init__(self, host, port)
      apop(self, user, secret)
    Authorisation - only possible if server has supplied a timestamp in initial greeting.
      dele(self, which)
    Delete message number 'which'.
      getwelcome(self)
      list(self, which)
    Request listing, return result.
      noop(self)
    Does nothing.
      pass_(self, pswd)
    Send password, return response
      quit(self)
    Signoff: commit changes on server, unlock mailbox, close connection.
      retr(self, which)
    Retrieve whole message number 'which'.
      rpop(self, user)
    Not sure what this does.
      rset(self)
    Not sure what this does.
      set_debuglevel(self, level)
      stat(self)
    Get mailbox status.
      top(self, which, howmuch)
    Retrieve message header of message number 'which' and first 'howmuch' lines of message body.
      uidl(self, which)
    Return message digest (unique id) list.
      user(self, user)
    Send user name, return response
      _getline(self)
      _getlongresp(self)
      _getresp(self)
      _longcmd(self, line)
      _putcmd(self, line)
      _putline(self, line)
      _shortcmd(self, line)

    Class Variable Summary
    SRE_Pattern timestamp = \+OK.*(<[^>]+>)

    Method Details

    apop(self, user, secret) 

    Authorisation

- only possible if server has supplied a timestamp in initial greeting.

Args:
        user    - mailbox user;
        secret  - secret shared between client and server.

NB: mailbox is locked by server from here to 'quit()'

    dele(self, which)

    Delete message number 'which'.

    Result is 'response'.

    list(self, which=None)

    Request listing, return result.

    Result without a message number argument is in form ['response', ['mesg_num octets', ...]].

    Result when a message number argument is given is a single response: the "scan listing" for that message.

    noop(self)

    Does nothing.

    One supposes the response indicates the server is alive.

    pass_(self, pswd)

    Send password, return response

    (response includes message count, mailbox size).

    NB: mailbox is locked by server from here to 'quit()'

    quit(self)

    Signoff: commit changes on server, unlock mailbox, close connection.

    retr(self, which)

    Retrieve whole message number 'which'.

    Result is in form ['response', ['line', ...], octets].

    rpop(self, user)

    Not sure what this does.

    rset(self)

    Not sure what this does.

    stat(self)

    Get mailbox status.

    Result is tuple of 2 ints (message count, mailbox size)

    top(self, which, howmuch)

    Retrieve message header of message number 'which' and first 'howmuch' lines of message body.

    Result is in form ['response', ['line', ...], octets].

    uidl(self, which=None)

    Return message digest (unique id) list.

    If 'which', result contains unique id for that message in the form 'response mesgnum uid', otherwise result is the list ['response', ['mesgnum uid', ...], octets]

    user(self, user)

    Send user name, return response

    (should indicate password required).

    Class Variable Details

    timestamp

    Type:
    SRE_Pattern
    Value:
    \+OK.*(<[^>]+>)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.BaseDB-module.html0000700000175000017500000000651610206544647021531 0ustar clintclint tlslite.BaseDB
       Home       Trees       Index       Help   
    Package tlslite :: Module BaseDB
    [show private | hide private]
    [frames | no frames]

    Module tlslite.BaseDB

    Base class for SharedKeyDB and VerifierDB.
    Classes
    BaseDB  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.constants.AlertDescription-class.html0000700000175000017500000012554610206544650025556 0ustar clintclint tlslite.constants.AlertDescription
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class AlertDescription
    [show private | hide private]
    [frames | no frames]

    Class AlertDescription

    Class Variable Summary
    int access_denied = 49                                                                    
    int bad_certificate = 42                                                                    
    int bad_record_mac: A TLS record failed to decrypt properly.
    int certificate_expired = 45                                                                    
    int certificate_revoked = 44                                                                    
    int certificate_unknown = 46                                                                    
    int close_notify = 0                                                                     
    int decode_error = 50                                                                    
    int decompression_failure = 30                                                                    
    int decrypt_error = 51                                                                    
    int decryption_failed = 21                                                                    
    int export_restriction = 60                                                                    
    int handshake_failure: A problem occurred while handshaking.
    int illegal_parameter = 47                                                                    
    int insufficient_security = 71                                                                    
    int internal_error = 80                                                                    
    int missing_srp_username = 121                                                                   
    int no_certificate = 41                                                                    
    int no_renegotiation = 100                                                                   
    int protocol_version: The other party's SSL/TLS version was unacceptable.
    int record_overflow = 22                                                                    
    int unexpected_message = 10                                                                    
    int unknown_ca = 48                                                                    
    int unknown_srp_username = 120                                                                   
    int unsupported_certificate = 43                                                                    
    int untrusted_srp_parameters = 122                                                                   
    int user_canceled: The handshake is being cancelled for some reason.

    Class Variable Details

    access_denied

    Type:
    int
    Value:
    49                                                                    

    bad_certificate

    Type:
    int
    Value:
    42                                                                    

    bad_record_mac

    A TLS record failed to decrypt properly.

    If this occurs during a shared-key or SRP handshake it most likely indicates a bad password. It may also indicate an implementation error, or some tampering with the data in transit.

    This alert will be signalled by the server if the SRP password is bad. It may also be signalled by the server if the SRP username is unknown to the server, but it doesn't wish to reveal that fact.

    This alert will be signalled by the client if the shared-key username is bad.
    Type:
    int
    Value:
    20                                                                    

    certificate_expired

    Type:
    int
    Value:
    45                                                                    

    certificate_revoked

    Type:
    int
    Value:
    44                                                                    

    certificate_unknown

    Type:
    int
    Value:
    46                                                                    

    close_notify

    Type:
    int
    Value:
    0                                                                     

    decode_error

    Type:
    int
    Value:
    50                                                                    

    decompression_failure

    Type:
    int
    Value:
    30                                                                    

    decrypt_error

    Type:
    int
    Value:
    51                                                                    

    decryption_failed

    Type:
    int
    Value:
    21                                                                    

    export_restriction

    Type:
    int
    Value:
    60                                                                    

    handshake_failure

    A problem occurred while handshaking.

    This typically indicates a lack of common ciphersuites between client and server, or some other disagreement (about SRP parameters or key sizes, for example).
    Type:
    int
    Value:
    40                                                                    

    illegal_parameter

    Type:
    int
    Value:
    47                                                                    

    insufficient_security

    Type:
    int
    Value:
    71                                                                    

    internal_error

    Type:
    int
    Value:
    80                                                                    

    missing_srp_username

    Type:
    int
    Value:
    121                                                                   

    no_certificate

    Type:
    int
    Value:
    41                                                                    

    no_renegotiation

    Type:
    int
    Value:
    100                                                                   

    protocol_version

    The other party's SSL/TLS version was unacceptable.

    This indicates that the client and server couldn't agree on which version of SSL or TLS to use.
    Type:
    int
    Value:
    70                                                                    

    record_overflow

    Type:
    int
    Value:
    22                                                                    

    unexpected_message

    Type:
    int
    Value:
    10                                                                    

    unknown_ca

    Type:
    int
    Value:
    48                                                                    

    unknown_srp_username

    Type:
    int
    Value:
    120                                                                   

    unsupported_certificate

    Type:
    int
    Value:
    43                                                                    

    untrusted_srp_parameters

    Type:
    int
    Value:
    122                                                                   

    user_canceled

    The handshake is being cancelled for some reason.
    Type:
    int
    Value:
    90                                                                    

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.Cryptlib_RC4-module.html0000700000175000017500000000217710206544651024625 0ustar clintclint tlslite.utils.Cryptlib_RC4
    Cryptlib_RC4
    Classes
    Cryptlib_RC4

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.TLSConnection.TLSConnection-class.html0000700000175000017500000016325610206544650025433 0ustar clintclint tlslite.TLSConnection.TLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSConnection :: Class TLSConnection
    [show private | hide private]
    [frames | no frames]

    Class TLSConnection

    TLSRecordLayer --+
                 |
                TLSConnection

    This class wraps a socket and provides TLS handshaking and data transfer.

    To use this class, create a new instance, passing a connected socket into the constructor. Then call some handshake function. If the handshake completes without raising an exception, then a TLS connection has been negotiated. You can transfer data over this connection as if it were a socket.

    This class provides both synchronous and asynchronous versions of its key functions. The synchronous versions should be used when writing single-or multi-threaded code using blocking sockets. The asynchronous versions should be used when performing asynchronous, event-based I/O with non-blocking sockets.

    Asynchronous I/O is a complicated subject; typically, you should not use the asynchronous functions directly, but should use some framework like asyncore or Twisted which TLS Lite integrates with (see tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn or tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper).
    Method Summary
      __init__(self, sock)
    Create a new TLSConnection instance.
    None or an iterable handshakeClientCert(self, certChain, privateKey, session, settings, checker, async)
    Perform a certificate-based handshake in the role of client.
    None or an iterable handshakeClientSharedKey(self, username, sharedKey, settings, checker, async)
    Perform a shared-key handshake in the role of client.
    None or an iterable handshakeClientSRP(self, username, password, session, settings, checker, async)
    Perform an SRP handshake in the role of client.
    None or an iterable handshakeClientUnknown(self, srpCallback, certCallback, session, settings, checker, async)
    Perform a to-be-determined type of handshake in the role of client.
      handshakeServer(self, sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, settings, checker)
    Perform a handshake in the role of server.
    iterable handshakeServerAsync(self, sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, settings, checker)
    Start a server handshake operation on the TLS connection.
      _getKeyFromChain(self, certificate, settings)
      _handshakeClientAsync(self, srpParams, certParams, unknownParams, sharedKeyParams, session, settings, checker, recursive)
      _handshakeClientAsyncHelper(self, srpParams, certParams, unknownParams, sharedKeyParams, session, settings, recursive)
      _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, settings)
      _handshakeWrapperAsync(self, handshaker, checker)
        Inherited from TLSRecordLayer
      close(self)
    Close the TLS connection.
    iterable closeAsync(self)
    Start a close operation on the TLS connection.
    str getCipherImplementation(self)
    Get the name of the cipher implementation used with this connection.
    str getCipherName(self)
    Get the name of the cipher used with this connection.
      getpeername(self)
    Return the remote address to which the socket is connected (socket emulation).
      getsockname(self)
    Return the socket's own address (socket emulation).
      gettimeout(self)
    Return the timeout associated with socket operations (socket emulation).
    tlslite.FileObject.FileObject makefile(self, mode, bufsize)
    Create a file object for the TLS connection (socket emulation).
    str read(self, max, min)
    Read some data from the TLS connection.
    iterable readAsync(self, max, min)
    Start a read operation on the TLS connection.
      recv(self, bufsize)
    Get some data from the TLS connection (socket emulation).
      send(self, s)
    Send data to the TLS connection (socket emulation).
      sendall(self, s)
    Send data to the TLS connection (socket emulation).
      setsockopt(self, level, optname, value)
    Set the value of the given socket option (socket emulation).
      settimeout(self, value)
    Set a timeout on blocking socket operations (socket emulation).
      write(self, s)
    Write some data to the TLS connection.
    iterable writeAsync(self, s)
    Start a write operation on the TLS connection.
      _calcFinished(self, send)
      _calcPendingStates(self, clientRandom, serverRandom, implementations)
      _calcSSLHandshakeHash(self, masterSecret, label)
      _changeReadState(self)
      _changeWriteState(self)
      _decrefAsync(self)
      _decryptRecord(self, recordType, bytes)
      _getFinished(self)
      _getMsg(self, expectedType, secondaryType, constructorType)
      _getNextRecord(self)
      _handshakeDone(self, resumed)
      _handshakeStart(self, client)
      _sendError(self, alertDescription, errorStr)
      _sendFinished(self)
      _sendMsg(self, msg, skipEmptyFrag)
      _sendMsgs(self, msgs)
      _shutdown(self, resumable)

    Instance Variable Summary
        Inherited from TLSRecordLayer
    str or None allegedSharedKeyUsername: This is set to the shared-key username asserted by the client, whether the handshake succeeded or not.
    str or None allegedSrpUsername: This is set to the SRP username asserted by the client, whether the handshake succeeded or not.
    bool closed: If this connection is closed.
    bool closeSocket: If the socket should be closed when the connection is closed (writable).
    bool ignoreAbruptClose: If an abrupt close of the socket should raise an error (writable).
    bool resumed: If this connection is based on a resumed session.
    tlslite.Session.Session session: The session corresponding to this connection.
    socket.socket sock: The underlying socket object.
    tuple version: The TLS version being used for this connection.

    Method Details

    __init__(self, sock)
    (Constructor)

    Create a new TLSConnection instance.
    Parameters:
    sock - The socket data will be transmitted on. The socket should already be connected. It may be in blocking or non-blocking mode.
               (type=socket.socket)
    Overrides:
    tlslite.TLSRecordLayer.TLSRecordLayer.__init__

    handshakeClientCert(self, certChain=None, privateKey=None, session=None, settings=None, checker=None, async=False)

    Perform a certificate-based handshake in the role of client.

    This function performs an SSL or TLS handshake. The server will authenticate itself using an X.509 or cryptoID certificate chain. If the handshake succeeds, the server's certificate chain will be stored in the session's serverCertChain attribute. Unless a checker object is passed in, this function does no validation or checking of the server's certificate chain.

    If the server requests client authentication, the client will send the passed-in certificate chain, and use the passed-in private key to authenticate itself. If no certificate chain and private key were passed in, the client will attempt to proceed without client authentication. The server may or may not allow this.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    certChain - The certificate chain to be used if the server requests client authentication.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - The private key to be used if the server requests client authentication.
               (type=tlslite.utils.RSAKey.RSAKey)
    session - A TLS session to attempt to resume. If the resumption does not succeed, a full handshake will be performed.
               (type=tlslite.Session.Session)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    async - If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed.
               (type=bool)
    Returns:
    If 'async' is True, a generator object will be returned.
               (type=None or an iterable)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeClientSharedKey(self, username, sharedKey, settings=None, checker=None, async=False)

    Perform a shared-key handshake in the role of client.

    This function performs a shared-key handshake. Using shared symmetric keys of high entropy (128 bits or greater) mutually authenticates both parties to each other.

    TLS with shared-keys is non-standard. Most TLS implementations don't support it. See http://www.ietf.org/html.charters/tls-charter.html for the latest information on TLS with shared-keys. If the shared-keys Internet-Draft changes or is superceded, TLS Lite will track those changes, so the shared-key support in later versions of TLS Lite may become incompatible with this version.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    username - The shared-key username.
               (type=str)
    sharedKey - The shared key.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    async - If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed.
               (type=bool)
    Returns:
    If 'async' is True, a generator object will be returned.
               (type=None or an iterable)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeClientSRP(self, username, password, session=None, settings=None, checker=None, async=False)

    Perform an SRP handshake in the role of client.

    This function performs a TLS/SRP handshake. SRP mutually authenticates both parties to each other using only a username and password. This function may also perform a combined SRP and server-certificate handshake, if the server chooses to authenticate itself with a certificate chain in addition to doing SRP.

    TLS/SRP is non-standard. Most TLS implementations don't support it. See http://www.ietf.org/html.charters/tls-charter.html or http://trevp.net/tlssrp/ for the latest information on TLS/SRP.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    username - The SRP username.
               (type=str)
    password - The SRP password.
               (type=str)
    session - A TLS session to attempt to resume. This session must be an SRP session performed with the same username and password as were passed in. If the resumption does not succeed, a full SRP handshake will be performed.
               (type=tlslite.Session.Session)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    async - If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed.
               (type=bool)
    Returns:
    If 'async' is True, a generator object will be returned.
               (type=None or an iterable)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeClientUnknown(self, srpCallback=None, certCallback=None, session=None, settings=None, checker=None, async=False)

    Perform a to-be-determined type of handshake in the role of client.

    This function performs an SSL or TLS handshake. If the server requests client certificate authentication, the certCallback will be invoked and should return a (certChain, privateKey) pair. If the callback returns None, the library will attempt to proceed without client authentication. The server may or may not allow this.

    If the server requests SRP authentication, the srpCallback will be invoked and should return a (username, password) pair. If the callback returns None, the local implementation will signal a user_canceled error alert.

    After the handshake completes, the client can inspect the connection's session attribute to determine what type of authentication was performed.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    srpCallback - The callback to be used if the server requests SRP authentication. If None, the client will not offer support for SRP ciphersuites.
               (type=callable)
    certCallback - The callback to be used if the server requests client certificate authentication.
               (type=callable)
    session - A TLS session to attempt to resume. If the resumption does not succeed, a full handshake will be performed.
               (type=tlslite.Session.Session)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    async - If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed.
               (type=bool)
    Returns:
    If 'async' is True, a generator object will be returned.
               (type=None or an iterable)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeServer(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None)

    Perform a handshake in the role of server.

    This function performs an SSL or TLS handshake. Depending on the arguments and the behavior of the client, this function can perform a shared-key, SRP, or certificate-based handshake. It can also perform a combined SRP and server-certificate handshake.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. This function does not send a Hello Request message before performing the handshake, so if re-handshaking is required, the server must signal the client to begin the re-handshake through some other means.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    sharedKeyDB - A database of shared symmetric keys associated with usernames. If the client performs a shared-key handshake, the session's sharedKeyUsername attribute will be set.
               (type=tlslite.SharedKeyDB.SharedKeyDB)
    verifierDB - A database of SRP password verifiers associated with usernames. If the client performs an SRP handshake, the session's srpUsername attribute will be set.
               (type=tlslite.VerifierDB.VerifierDB)
    certChain - The certificate chain to be used if the client requests server certificate authentication.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - The private key to be used if the client requests server certificate authentication.
               (type=tlslite.utils.RSAKey.RSAKey)
    reqCert - Whether to request client certificate authentication. This only applies if the client chooses server certificate authentication; if the client chooses SRP or shared-key authentication, this will be ignored. If the client performs a client certificate authentication, the sessions's clientCertChain attribute will be set.
               (type=bool)
    sessionCache - An in-memory cache of resumable sessions. The client can resume sessions from this cache. Alternatively, if the client performs a full handshake, a new session will be added to the cache.
               (type=tlslite.SessionCache.SessionCache)
    settings - Various settings which can be used to control the ciphersuites and SSL/TLS version chosen by the server.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None)

    Start a server handshake operation on the TLS connection.

    This function returns a generator which behaves similarly to handshakeServer(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or it will raise StopIteration if the handshake operation is complete.
    Returns:
    A generator; see above for details.
               (type=iterable)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.AsyncStateMachine-module.html0000700000175000017500000000722610206544647026335 0ustar clintclint tlslite.integration.AsyncStateMachine
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module AsyncStateMachine
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.AsyncStateMachine

    A state machine for using TLS Lite with asynchronous I/O.
    Classes
    AsyncStateMachine This is an abstract class that's used to integrate TLS Lite with asyncore and Twisted.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.OpenSSL_TripleDES-module.html0000700000175000017500000001015310206544650024730 0ustar clintclint tlslite.utils.OpenSSL_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_TripleDES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.OpenSSL_TripleDES

    OpenSSL/M2Crypto 3DES implementation.
    Classes
    OpenSSL_TripleDES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.OpenSSL_AES.OpenSSL_AES-class.html0000700000175000017500000001157110206544645025350 0ustar clintclint tlslite.utils.OpenSSL_AES.OpenSSL_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_AES :: Class OpenSSL_AES
    [show private | hide private]
    [frames | no frames]

    Class OpenSSL_AES

    AES --+
      |
     OpenSSL_AES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)
      _createContext(self, encrypt)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.errors.TLSAuthenticationTypeError-class.html0000700000175000017500000001162510206544647027017 0ustar clintclint tlslite.errors.TLSAuthenticationTypeError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAuthenticationTypeError
    [show private | hide private]
    [frames | no frames]

    Class TLSAuthenticationTypeError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSAuthenticationTypeError

    The Checker was expecting the other party to authenticate with a different type of certificate chain.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.integration-module.html0000700000175000017500000000372610206544651023552 0ustar clintclint tlslite.integration
    integration
    Modules
    AsyncStateMachine
    ClientHelper
    HTTPTLSConnection
    IMAP4_TLS
    IntegrationHelper
    POP3_TLS
    SMTP_TLS
    TLSAsyncDispatcherMixIn
    TLSSocketServerMixIn
    TLSTwistedProtocolWrapper
    XMLRPCTransport

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.messages.ServerHelloDone-class.html0000700000175000017500000001327610206544647025140 0ustar clintclint tlslite.messages.ServerHelloDone
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ServerHelloDone
    [show private | hide private]
    [frames | no frames]

    Class ServerHelloDone

         Msg --+    
           |    
HandshakeMsg --+
               |
              ServerHelloDone

    Method Summary
      __init__(self)
      create(self)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.HandshakeSettings-module.html0000700000175000017500000000676010206544647024061 0ustar clintclint tlslite.HandshakeSettings
       Home       Trees       Index       Help   
    Package tlslite :: Module HandshakeSettings
    [show private | hide private]
    [frames | no frames]

    Module tlslite.HandshakeSettings

    Class for setting handshake parameters.
    Classes
    HandshakeSettings This class encapsulates various parameters that can be used with a TLS handshake.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.RC4-module.html0000700000175000017500000000157310206544651022754 0ustar clintclint tlslite.utils.RC4
    RC4
    Classes
    RC4

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.errors.TLSValidationError-class.html0000700000175000017500000001151710206544646025267 0ustar clintclint tlslite.errors.TLSValidationError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSValidationError
    [show private | hide private]
    [frames | no frames]

    Class TLSValidationError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSValidationError

    The Checker has determined that the other party's certificate chain is invalid.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/imaplib.readonly-class.html0000700000175000017500000001074610206544645022041 0ustar clintclint imaplib.readonly
       Home       Trees       Index       Help   
    Module imaplib :: Class readonly
    [show private | hide private]
    [frames | no frames]

    Class readonly

    Exception --+        
            |        
        error --+    
                |    
            abort --+
                    |
                   readonly

    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.constants.ContentType-class.html0000700000175000017500000002427610206544647024563 0ustar clintclint tlslite.constants.ContentType
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class ContentType
    [show private | hide private]
    [frames | no frames]

    Class ContentType

    Class Variable Summary
    int alert = 21                                                                    
    tuple all = (20, 21, 22, 23)
    int application_data = 23                                                                    
    int change_cipher_spec = 20                                                                    
    int handshake = 22                                                                    

    Class Variable Details

    alert

    Type:
    int
    Value:
    21                                                                    

    all

    Type:
    tuple
    Value:
    (20, 21, 22, 23)

    application_data

    Type:
    int
    Value:
    23                                                                    

    change_cipher_spec

    Type:
    int
    Value:
    20                                                                    

    handshake

    Type:
    int
    Value:
    22                                                                    

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/trees.html0000700000175000017500000007137210206544651016626 0ustar clintclint Module and Class Hierarchies
       Home       Trees       Index       Help   
    [show private | hide private]
    [frames | no frames]

    Module Hierarchy

    Class Hierarchy

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:57 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.ASN1Parser-module.html0000700000175000017500000000165410206544651024243 0ustar clintclint tlslite.utils.ASN1Parser
    ASN1Parser
    Classes
    ASN1Parser

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.integration.IntegrationHelper-module.html0000700000175000017500000000170410206544651027166 0ustar clintclint tlslite.integration.IntegrationHelper
    IntegrationHelper
    Classes
    IntegrationHelper

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite-module.html0000700000175000017500000003227210206544646020447 0ustar clintclint tlslite
       Home       Trees       Index       Help   
    Package tlslite
    [show private | hide private]
    [frames | no frames]

    Package tlslite

    TLS Lite is a free python library that implements SSL v3, TLS v1, and TLS v1.1. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, SocketServer, asyncore, and Twisted.

    To use, do: 
       from tlslite.api import *
    Then use the tlslite.TLSConnection.TLSConnection class with a socket, or use one of the integration classes in tlslite.integration.

    Version: 0.3.8

    Submodules

    Variable Summary
    str __version__ = '0.3.8'

    Variable Details

    __version__

    Type:
    str
    Value:
    '0.3.8'

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.SharedKeyDB-module.html0000700000175000017500000000665310206544647022540 0ustar clintclint tlslite.SharedKeyDB
       Home       Trees       Index       Help   
    Package tlslite :: Module SharedKeyDB
    [show private | hide private]
    [frames | no frames]

    Module tlslite.SharedKeyDB

    Class for storing shared keys.
    Classes
    SharedKeyDB This class represent an in-memory or on-disk database of shared keys.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.OpenSSL_RC4-module.html0000700000175000017500000000772410206544645023543 0ustar clintclint tlslite.utils.OpenSSL_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.OpenSSL_RC4

    OpenSSL/M2Crypto RC4 implementation.
    Classes
    OpenSSL_RC4  

    Function Summary
      new(key)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils-module.html0000700000175000017500000001577010206544646021612 0ustar clintclint tlslite.utils
       Home       Trees       Index       Help   
    Package tlslite :: Package utils
    [show private | hide private]
    [frames | no frames]

    Package tlslite.utils

    Toolkit for crypto and other stuff.
    Submodules

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.X509-module.html0000700000175000017500000000654110206544650021106 0ustar clintclint tlslite.X509
       Home       Trees       Index       Help   
    Package tlslite :: Module X509
    [show private | hide private]
    [frames | no frames]

    Module tlslite.X509

    Class representing an X.509 certificate.
    Classes
    X509 This class represents an X.509 certificate.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.VerifierDB-module.html0000700000175000017500000000162410206544651023203 0ustar clintclint tlslite.VerifierDB
    VerifierDB
    Classes
    VerifierDB

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.errors-module.html0000700000175000017500000001341710206544650021755 0ustar clintclint tlslite.errors
       Home       Trees       Index       Help   
    Package tlslite :: Module errors
    [show private | hide private]
    [frames | no frames]

    Module tlslite.errors

    Exception classes.
    Exceptions
    TLSError Base class for all TLS Lite exceptions.
    TLSAbruptCloseError The socket was closed without a proper TLS shutdown.
    TLSAlert A TLS alert has been signalled.
    TLSLocalAlert A TLS alert has been signalled by the local implementation.
    TLSRemoteAlert A TLS alert has been signalled by the remote implementation.
    TLSAuthenticationError The handshake succeeded, but the other party's authentication was inadequate.
    TLSNoAuthenticationError The Checker was expecting the other party to authenticate with a certificate chain, but this did not occur.
    TLSAuthenticationTypeError The Checker was expecting the other party to authenticate with a different type of certificate chain.
    TLSFingerprintError The Checker was expecting the other party to authenticate with a certificate chain that matches a different fingerprint.
    TLSAuthorizationError The Checker was expecting the other party to authenticate with a certificate chain that has a different authorization.
    TLSValidationError The Checker has determined that the other party's certificate chain is invalid.
    TLSFaultError The other party responded incorrectly to an induced fault.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.HTTPTLSConnection-module.html0000700000175000017500000000773510206544647026161 0ustar clintclint tlslite.integration.HTTPTLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module HTTPTLSConnection
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.HTTPTLSConnection

    TLS Lite + httplib.
    Classes
    HTTPBaseTLSConnection This abstract class provides a framework for adding TLS support to httplib.
    HTTPTLSConnection This class extends HTTPBaseTLSConnection to support the common types of handshaking.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.CertificateVerify-class.html0000700000175000017500000001340310206544645025475 0ustar clintclint tlslite.messages.CertificateVerify
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class CertificateVerify
    [show private | hide private]
    [frames | no frames]

    Class CertificateVerify

         Msg --+    
           |    
HandshakeMsg --+
               |
              CertificateVerify

    Method Summary
      __init__(self)
      create(self, signature)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    ././@LongLink0000000000000000000000000000015200000000000011563 Lustar rootroottlslite-0.3.8/docs/private/tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn-class.htmltlslite-0.3.8/docs/private/tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn-class0000700000175000017500000004453010206544647032675 0ustar clintclint tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSAsyncDispatcherMixIn :: Class TLSAsyncDispatcherMixIn
    [show private | hide private]
    [frames | no frames]

    Class TLSAsyncDispatcherMixIn

    AsyncStateMachine --+
                    |
                   TLSAsyncDispatcherMixIn

    This class can be "mixed in" with an asyncore.dispatcher to add TLS support.

    This class essentially sits between the dispatcher and the select loop, intercepting events and only calling the dispatcher when applicable.

    In the case of handle_read(), a read operation will be activated, and when it completes, the bytes will be placed in a buffer where the dispatcher can retrieve them by calling recv(), and the dispatcher's handle_read() will be called.

    In the case of handle_write(), the dispatcher's handle_write() will be called, and when it calls send(), a write operation will be activated.

    To use this class, you must combine it with an asyncore.dispatcher, and pass in a handshake operation with setServerHandshakeOp().

    Below is an example of using this class with medusa. This class is mixed in with http_channel to create http_tls_channel. Note:
    1. the mix-in is listed first in the inheritance list
    2. the input buffer size must be at least 16K, otherwise the dispatcher might not read all the bytes from the TLS layer, leaving some bytes in limbo.
    3. IE seems to have a problem receiving a whole HTTP response in a single TLS record, so HTML pages containing '\r\n\r\n' won't be displayed on IE.
    Add the following text into 'start_medusa.py', in the 'HTTP Server' section: 
       from tlslite.api import *
   s = open("./serverX509Cert.pem").read()
   x509 = X509()
   x509.parse(s)
   certChain = X509CertChain([x509])

   s = open("./serverX509Key.pem").read()
   privateKey = parsePEMKey(s, private=True)

   class http_tls_channel(TLSAsyncDispatcherMixIn,
                          http_server.http_channel):
       ac_in_buffer_size = 16384

       def __init__ (self, server, conn, addr):
           http_server.http_channel.__init__(self, server, conn, addr)
           TLSAsyncDispatcherMixIn.__init__(self, conn)
           self.tlsConnection.ignoreAbruptClose = True
           self.setServerHandshakeOp(certChain=certChain,
                                     privateKey=privateKey)

   hs.channel_class = http_tls_channel
    If the TLS layer raises an exception, the exception will be caught in asyncore.dispatcher, which will call close() on this class. The TLS layer always closes the TLS connection before raising an exception, so the close operation will complete right away, causing asyncore.dispatcher.close() to be called, which closes the socket and removes this instance from the asyncore loop.
    Method Summary
      __init__(self, sock)
      close(self)
      handle_read(self)
      handle_write(self)
      outCloseEvent(self)
    Called when a close operation completes.
      outConnectEvent(self)
    Called when a handshake operation completes.
      outReadEvent(self, readBuffer)
    Called when a read operation completes.
      outWriteEvent(self)
    Called when a write operation completes.
      readable(self)
      recv(self, bufferSize)
      send(self, writeBuffer)
      writable(self)
        Inherited from AsyncStateMachine
      inReadEvent(self)
    Tell the state machine it can read from the socket.
      inWriteEvent(self)
    Tell the state machine it can write to the socket.
      setCloseOp(self)
    Start a close operation.
      setHandshakeOp(self, handshaker)
    Start a handshake operation.
      setServerHandshakeOp(self, **args)
    Start a handshake operation.
      setWriteOp(self, writeBuffer)
    Start a write operation.
    bool or None wantsReadEvent(self)
    If the state machine wants to read.
    bool or None wantsWriteEvent(self)
    If the state machine wants to write.
      _checkAssert(self, maxActive)
      _clear(self)
      _doCloseOp(self)
      _doHandshakeOp(self)
      _doReadOp(self)
      _doWriteOp(self)

    Method Details

    outCloseEvent(self)

    Called when a close operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outCloseEvent (inherited documentation)

    outConnectEvent(self)

    Called when a handshake operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outConnectEvent (inherited documentation)

    outReadEvent(self, readBuffer)

    Called when a read operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outReadEvent (inherited documentation)

    outWriteEvent(self)

    Called when a write operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outWriteEvent (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.TLSRecordLayer-module.html0000700000175000017500000000204710206544651024020 0ustar clintclint tlslite.TLSRecordLayer
    TLSRecordLayer
    Classes
    _ConnectionState
    TLSRecordLayer

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.SessionCache-module.html0000700000175000017500000000216010206544651023565 0ustar clintclint tlslite.SessionCache
    SessionCache
    Classes
    SessionCache

    Functions
    _test

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.TLSRecordLayer._ConnectionState-class.html0000700000175000017500000000746010206544647026324 0ustar clintclint tlslite.TLSRecordLayer._ConnectionState
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSRecordLayer :: Class _ConnectionState
    [show private | hide private]
    [frames | no frames]

    Class _ConnectionState

    Method Summary
      __init__(self)
      getSeqNumStr(self)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.OpenSSL_RC4-module.html0000700000175000017500000000216710206544651024317 0ustar clintclint tlslite.utils.OpenSSL_RC4
    OpenSSL_RC4
    Classes
    OpenSSL_RC4

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.rijndael.rijndael-class.html0000700000175000017500000001053110206544645024775 0ustar clintclint tlslite.utils.rijndael.rijndael
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module rijndael :: Class rijndael
    [show private | hide private]
    [frames | no frames]

    Class rijndael

    Method Summary
      __init__(self, key, block_size)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.keyfactory-module.html0000700000175000017500000004543110206544646023766 0ustar clintclint tlslite.utils.keyfactory
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module keyfactory
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.keyfactory

    Factory functions for asymmetric cryptography.
    Function Summary
    tlslite.utils.RSAKey.RSAKey generateRSAKey(bits, implementations)
    Generate an RSA key with the specified bit length.
    tlslite.utils.RSAKey.RSAKey parseXMLKey(s, private, public, implementations)
    Parse an XML-format key.
    tlslite.utils.RSAKey.RSAKey parsePEMKey(s, private, public, passwordCallback, implementations)
    Parse a PEM-format key.
    tlslite.utils.RSAKey.RSAKey parseAsPublicKey(s)
    Parse an XML or PEM-formatted public key.
    tlslite.utils.RSAKey.RSAKey parsePrivateKey(s)
    Parse an XML or PEM-formatted private key.
      _createPrivateKey(key)
    Create a new private key.
      _createPrivateRSAKey(n, e, d, p, q, dP, dQ, qInv, implementations)
      _createPublicKey(key)
    Create a new public key.
      _createPublicRSAKey(n, e, implementations)
      _parseKeyHelper(key, private, public)

    Function Details

    generateRSAKey(bits, implementations=['openssl', 'python'])

    Generate an RSA key with the specified bit length.
    Parameters:
    bits - Desired bit length of the new key's modulus.
               (type=int)
    Returns:
    A new RSA private key.
               (type=tlslite.utils.RSAKey.RSAKey)

    parseXMLKey(s, private=False, public=False, implementations=['python'])

    Parse an XML-format key.

    The XML format used here is specific to tlslite and cryptoIDlib. The format can store the public component of a key, or the public and private components. For example: 
       <publicKey xmlns="http://trevp.net/rsa">
       <n>4a5yzB8oGNlHo866CAspAC47M4Fvx58zwK8pou...
       <e>Aw==</e>
   </publicKey>

   <privateKey xmlns="http://trevp.net/rsa">
       <n>4a5yzB8oGNlHo866CAspAC47M4Fvx58zwK8pou...
       <e>Aw==</e>
       <d>JZ0TIgUxWXmL8KJ0VqyG1V0J3ern9pqIoB0xmy...
       <p>5PreIj6z6ldIGL1V4+1C36dQFHNCQHJvW52GXc...
       <q>/E/wDit8YXPCxx126zTq2ilQ3IcW54NJYyNjiZ...
       <dP>mKc+wX8inDowEH45Qp4slRo1YveBgExKPROu6...
       <dQ>qDVKtBz9lk0shL5PR3ickXDgkwS576zbl2ztB...
       <qInv>j6E8EA7dNsTImaXexAmLA1DoeArsYeFAInr...
   </privateKey>
    Parameters:
    s - A string containing an XML public or private key.
               (type=str)
    private - If True, a SyntaxError will be raised if the private key component is not present.
               (type=bool)
    public - If True, the private key component (if present) will be discarded, so this function will always return a public key.
               (type=bool)
    Returns:
    An RSA key.
               (type=tlslite.utils.RSAKey.RSAKey)
    Raises:
    SyntaxError - If the key is not properly formatted.

    parsePEMKey(s, private=False, public=False, passwordCallback=None, implementations=['openssl', 'python'])

    Parse a PEM-format key.

    The PEM format is used by OpenSSL and other tools. The format is typically used to store both the public and private components of a key. For example: 
      -----BEGIN RSA PRIVATE KEY-----
   MIICXQIBAAKBgQDYscuoMzsGmW0pAYsmyHltxB2TdwHS0dImfjCMfaSDkfLdZY5+
   dOWORVns9etWnr194mSGA1F0Pls/VJW8+cX9+3vtJV8zSdANPYUoQf0TP7VlJxkH
   dSRkUbEoz5bAAs/+970uos7n7iXQIni+3erUTdYEk2iWnMBjTljfgbK/dQIDAQAB
   AoGAJHoJZk75aKr7DSQNYIHuruOMdv5ZeDuJvKERWxTrVJqE32/xBKh42/IgqRrc
   esBN9ZregRCd7YtxoL+EVUNWaJNVx2mNmezEznrc9zhcYUrgeaVdFO2yBF1889zO
   gCOVwrO8uDgeyj6IKa25H6c1N13ih/o7ZzEgWbGG+ylU1yECQQDv4ZSJ4EjSh/Fl
   aHdz3wbBa/HKGTjC8iRy476Cyg2Fm8MZUe9Yy3udOrb5ZnS2MTpIXt5AF3h2TfYV
   VoFXIorjAkEA50FcJmzT8sNMrPaV8vn+9W2Lu4U7C+K/O2g1iXMaZms5PC5zV5aV
   CKXZWUX1fq2RaOzlbQrpgiolhXpeh8FjxwJBAOFHzSQfSsTNfttp3KUpU0LbiVvv
   i+spVSnA0O4rq79KpVNmK44Mq67hsW1P11QzrzTAQ6GVaUBRv0YS061td1kCQHnP
   wtN2tboFR6lABkJDjxoGRvlSt4SOPr7zKGgrWjeiuTZLHXSAnCY+/hr5L9Q3ZwXG
   6x6iBdgLjVIe4BZQNtcCQQDXGv/gWinCNTN3MPWfTW/RGzuMYVmyBFais0/VrgdH
   h1dLpztmpQqfyH/zrBXQ9qL/zR4ojS6XYneO/U18WpEe
   -----END RSA PRIVATE KEY-----
    To generate a key like this with OpenSSL, run: 
       openssl genrsa 2048 > key.pem
    This format also supports password-encrypted private keys. TLS Lite can only handle password-encrypted private keys when OpenSSL and M2Crypto are installed. In this case, passwordCallback will be invoked to query the user for the password.
    Parameters:
    s - A string containing a PEM-encoded public or private key.
               (type=str)
    private - If True, a SyntaxError will be raised if the private key component is not present.
               (type=bool)
    public - If True, the private key component (if present) will be discarded, so this function will always return a public key.
               (type=bool)
    passwordCallback - This function will be called, with no arguments, if the PEM-encoded private key is password-encrypted. The callback should return the password string. If the password is incorrect, SyntaxError will be raised. If no callback is passed and the key is password-encrypted, a prompt will be displayed at the console.
               (type=callable)
    Returns:
    An RSA key.
               (type=tlslite.utils.RSAKey.RSAKey)
    Raises:
    SyntaxError - If the key is not properly formatted.

    parseAsPublicKey(s)

    Parse an XML or PEM-formatted public key.
    Parameters:
    s - A string containing an XML or PEM-encoded public or private key.
               (type=str)
    Returns:
    An RSA public key.
               (type=tlslite.utils.RSAKey.RSAKey)
    Raises:
    SyntaxError - If the key is not properly formatted.

    parsePrivateKey(s)

    Parse an XML or PEM-formatted private key.
    Parameters:
    s - A string containing an XML or PEM-encoded private key.
               (type=str)
    Returns:
    An RSA private key.
               (type=tlslite.utils.RSAKey.RSAKey)
    Raises:
    SyntaxError - If the key is not properly formatted.

    _createPrivateKey(key)

    Create a new private key. Return the most efficient key possible.

    _createPublicKey(key)

    Create a new public key. Discard any private component, and return the most efficient key possible.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.errors.TLSNoAuthenticationError-class.html0000700000175000017500000001161710206544647026453 0ustar clintclint tlslite.errors.TLSNoAuthenticationError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSNoAuthenticationError
    [show private | hide private]
    [frames | no frames]

    Class TLSNoAuthenticationError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSNoAuthenticationError

    The Checker was expecting the other party to authenticate with a certificate chain, but this did not occur.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.integration.HTTPTLSConnection-module.html0000700000175000017500000000217210206544651026725 0ustar clintclint tlslite.integration.HTTPTLSConnection
    HTTPTLSConnection
    Classes
    HTTPBaseTLSConnection
    HTTPTLSConnection

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.messages.RecordHeader2-class.html0000700000175000017500000000753710206544645024512 0ustar clintclint tlslite.messages.RecordHeader2
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class RecordHeader2
    [show private | hide private]
    [frames | no frames]

    Class RecordHeader2

    Method Summary
      __init__(self)
      parse(self, p)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.ClientHello-class.html0000700000175000017500000001407310206544650024270 0ustar clintclint tlslite.messages.ClientHello
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ClientHello
    [show private | hide private]
    [frames | no frames]

    Class ClientHello

         Msg --+    
           |    
HandshakeMsg --+
               |
              ClientHello

    Method Summary
      __init__(self, ssl2)
      create(self, version, random, session_id, cipher_suites, certificate_types, srp_username)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/xmlrpclib.Transport-class.html0000700000175000017500000002070010206544647022570 0ustar clintclint xmlrpclib.Transport
       Home       Trees       Index       Help   
    Module xmlrpclib :: Class Transport
    [show private | hide private]
    [frames | no frames]

    Class Transport

    Known Subclasses:
    XMLRPCTransport
    Handles an HTTP transaction to an XML-RPC server.
    Method Summary
      get_host_info(self, host)
      getparser(self)
      make_connection(self, host)
      parse_response(self, file)
      request(self, host, handler, request_body, verbose)
      send_content(self, connection, request_body)
      send_host(self, connection, host)
      send_request(self, connection, handler, request_body)
      send_user_agent(self, connection)
      _parse_response(self, file, sock)

    Class Variable Summary
    str user_agent = 'xmlrpclib.py/1.0.1 (by www.pythonware.com)...

    Class Variable Details

    user_agent

    Type:
    str
    Value:
    'xmlrpclib.py/1.0.1 (by www.pythonware.com)'

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.AsyncStateMachine.AsyncStateMachine-class.html0000700000175000017500000004164510206544647031522 0ustar clintclint tlslite.integration.AsyncStateMachine.AsyncStateMachine
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module AsyncStateMachine :: Class AsyncStateMachine
    [show private | hide private]
    [frames | no frames]

    Class AsyncStateMachine

    Known Subclasses:
    TLSAsyncDispatcherMixIn, TLSTwistedProtocolWrapper

    This is an abstract class that's used to integrate TLS Lite with asyncore and Twisted.

    This class signals wantsReadsEvent() and wantsWriteEvent(). When the underlying socket has become readable or writeable, the event should be passed to this class by calling inReadEvent() or inWriteEvent(). This class will then try to read or write through the socket, and will update its state appropriately.

    This class will forward higher-level events to its subclass. For example, when a complete TLS record has been received, outReadEvent() will be called with the decrypted data.
    Method Summary
      __init__(self)
      inReadEvent(self)
    Tell the state machine it can read from the socket.
      inWriteEvent(self)
    Tell the state machine it can write to the socket.
      outCloseEvent(self)
    Called when a close operation completes.
      outConnectEvent(self)
    Called when a handshake operation completes.
      outReadEvent(self, readBuffer)
    Called when a read operation completes.
      outWriteEvent(self)
    Called when a write operation completes.
      setCloseOp(self)
    Start a close operation.
      setHandshakeOp(self, handshaker)
    Start a handshake operation.
      setServerHandshakeOp(self, **args)
    Start a handshake operation.
      setWriteOp(self, writeBuffer)
    Start a write operation.
    bool or None wantsReadEvent(self)
    If the state machine wants to read.
    bool or None wantsWriteEvent(self)
    If the state machine wants to write.
      _checkAssert(self, maxActive)
      _clear(self)
      _doCloseOp(self)
      _doHandshakeOp(self)
      _doReadOp(self)
      _doWriteOp(self)

    Method Details

    inReadEvent(self)

    Tell the state machine it can read from the socket.

    inWriteEvent(self)

    Tell the state machine it can write to the socket.

    outCloseEvent(self)

    Called when a close operation completes.

    May be overridden in subclass.

    outConnectEvent(self)

    Called when a handshake operation completes.

    May be overridden in subclass.

    outReadEvent(self, readBuffer)

    Called when a read operation completes.

    May be overridden in subclass.

    outWriteEvent(self)

    Called when a write operation completes.

    May be overridden in subclass.

    setCloseOp(self)

    Start a close operation.

    setHandshakeOp(self, handshaker)

    Start a handshake operation.
    Parameters:
    handshaker - A generator created by using one of the asynchronous handshake functions (i.e. handshakeServerAsync, or handshakeClientxxx(..., async=True).
               (type=generator)

    setServerHandshakeOp(self, **args)

    Start a handshake operation.

    The arguments passed to this function will be forwarded to tlslite.TLSConnection.TLSConnection.handshakeServerAsync.

    setWriteOp(self, writeBuffer)

    Start a write operation.
    Parameters:
    writeBuffer - The string to transmit.
               (type=str)

    wantsReadEvent(self)

    If the state machine wants to read.

    If an operation is active, this returns whether or not the operation wants to read from the socket. If an operation is not active, this returns None.
    Returns:
    If the state machine wants to read.
               (type=bool or None)

    wantsWriteEvent(self)

    If the state machine wants to write.

    If an operation is active, this returns whether or not the operation wants to write to the socket. If an operation is not active, this returns None.
    Returns:
    If the state machine wants to write.
               (type=bool or None)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.Checker-module.html0000700000175000017500000000157710206544651022575 0ustar clintclint tlslite.Checker
    Checker
    Classes
    Checker

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.errors.TLSAuthenticationError-class.html0000700000175000017500000001314510206544645026152 0ustar clintclint tlslite.errors.TLSAuthenticationError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAuthenticationError
    [show private | hide private]
    [frames | no frames]

    Class TLSAuthenticationError

    Exception --+    
            |    
     TLSError --+
                |
               TLSAuthenticationError

    Known Subclasses:
    TLSAuthenticationTypeError, TLSAuthorizationError, TLSFingerprintError, TLSNoAuthenticationError, TLSValidationError

    The handshake succeeded, but the other party's authentication was inadequate.

    This exception will only be raised when a tlslite.Checker.Checker has been passed to a handshake function. The Checker will be invoked once the handshake completes, and if the Checker objects to how the other party authenticated, a subclass of this exception will be raised.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.Python_AES-module.html0000700000175000017500000000215710206544651024334 0ustar clintclint tlslite.utils.Python_AES
    Python_AES
    Classes
    Python_AES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.AES.AES-class.html0000700000175000017500000001150410206544647022440 0ustar clintclint tlslite.utils.AES.AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module AES :: Class AES
    [show private | hide private]
    [frames | no frames]

    Class AES

    Known Subclasses:
    Cryptlib_AES, OpenSSL_AES, PyCrypto_AES, Python_AES
    Method Summary
      __init__(self, key, mode, IV, implementation)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.PyCrypto_TripleDES-module.html0000700000175000017500000000225710206544651026030 0ustar clintclint tlslite.utils.PyCrypto_TripleDES
    PyCrypto_TripleDES
    Classes
    PyCrypto_TripleDES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.dateFuncs-module.html0000700000175000017500000001324710206544646023522 0ustar clintclint tlslite.utils.dateFuncs
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module dateFuncs
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.dateFuncs

    Function Summary
      createDateClass(year, month, day, hour, minute, second)
      getHoursFromNow(hours)
      getMinutesFromNow(minutes)
      getNow()
      isDateClassBefore(d1, d2)
      isDateClassExpired(d)
      parseDateClass(s)
      printDateClass(d)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.AES-module.html0000700000175000017500000000661010206544647022213 0ustar clintclint tlslite.utils.AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.AES

    Abstract class for AES.
    Classes
    AES  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.TLSConnection-module.html0000700000175000017500000000165110206544651023704 0ustar clintclint tlslite.TLSConnection
    TLSConnection
    Classes
    TLSConnection

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.OpenSSL_RSAKey-module.html0000700000175000017500000001016410206544647024243 0ustar clintclint tlslite.utils.OpenSSL_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_RSAKey
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.OpenSSL_RSAKey

    OpenSSL/M2Crypto RSA implementation.
    Classes
    OpenSSL_RSAKey  

    Function Summary
      password_callback(v, prompt1, prompt2)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Python_RSAKey.Python_RSAKey-class.html0000700000175000017500000004525510206544645026526 0ustar clintclint tlslite.utils.Python_RSAKey.Python_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_RSAKey :: Class Python_RSAKey
    [show private | hide private]
    [frames | no frames]

    Class Python_RSAKey

    RSAKey --+
         |
        Python_RSAKey

    Method Summary
      __init__(self, n, e)
    Create a new RSA key.
    bool acceptsPassword(self)
    Return True if the write() method accepts a password for use in encrypting the private key.
      generate(bits)
    (Static method)
    str hash(self)
    Return the cryptoID <keyHash> value corresponding to this key.
    bool hasPrivateKey(self)
    Return whether or not this key has a private component.
      parsePEM(s, passwordCallback)
    Parse a string containing a <privateKey> or <publicKey>, or PEM-encoded key. (Static method)
      parseXML(s)
    (Static method)
      write(self, indent)
    str writeXMLPublicKey(self, indent)
    Return a string containing the key.
      _parseASN1PrivateKey(privateKeyP)
    (Static method)
      _parsePKCS8(bytes)
    (Static method)
      _parseSSLeay(bytes)
    (Static method)
      _parseXML(element)
    (Static method)
      _rawPrivateKeyOp(self, m)
      _rawPrivateKeyOpHelper(self, m)
      _rawPublicKeyOp(self, c)
        Inherited from RSAKey
    int __len__(self)
    Return the length of this key in bits.
    array.array of unsigned bytes or None. decrypt(self, encBytes)
    Decrypt the passed-in bytes.
    array.array of unsigned bytes. encrypt(self, bytes)
    Encrypt the passed-in bytes.
    str getSigningAlgorithm(self)
    Return the cryptoID sigAlgo value corresponding to this key.
    array.array of unsigned bytes. hashAndSign(self, bytes)
    Hash and sign the passed-in bytes.
    bool hashAndVerify(self, sigBytes, bytes)
    Hash and verify the passed-in bytes with the signature.
    array.array of unsigned bytes. sign(self, bytes)
    Sign the passed-in bytes.
    bool verify(self, sigBytes, bytes)
    Verify the passed-in bytes with the signature.
      _addPKCS1Padding(self, bytes, blockType)
      _addPKCS1SHA1Prefix(self, bytes)

    Instance Method Details

    __init__(self, n=0, e=0, d=0, p=0, q=0, dP=0, dQ=0, qInv=0)
    (Constructor)

    Create a new RSA key.

    If n and e are passed in, the new key will be initialized.
    Parameters:
    n - RSA modulus.
               (type=int)
    e - RSA public exponent.
               (type=int)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.__init__ (inherited documentation)

    acceptsPassword(self)

    Return True if the write() method accepts a password for use in encrypting the private key.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.acceptsPassword (inherited documentation)

    hash(self)

    Return the cryptoID <keyHash> value corresponding to this key.
    Returns:
    str
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hash (inherited documentation)

    hasPrivateKey(self)

    Return whether or not this key has a private component.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hasPrivateKey (inherited documentation)

    writeXMLPublicKey(self, indent='')

    Return a string containing the key.
    Returns:
    A string describing the public key, in XML format.
               (type=str)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.writeXMLPublicKey (inherited documentation)

    Static Method Details

    parsePEM(s, passwordCallback=None)

    Parse a string containing a <privateKey> or <publicKey>, or PEM-encoded key.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.Msg-class.html0000700000175000017500000001046310206544647022621 0ustar clintclint tlslite.messages.Msg
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class Msg
    [show private | hide private]
    [frames | no frames]

    Class Msg

    Known Subclasses:
    Alert, ApplicationData, ChangeCipherSpec, HandshakeMsg
    Method Summary
      postWrite(self, w, trial)
      preWrite(self, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.compat-module.html0000700000175000017500000000304310206544651023641 0ustar clintclint tlslite.utils.compat
    compat
    Functions
    bytesToString
    concatArrays
    createByteArraySequence
    createByteArrayZeros
    formatExceptionTrace
    numBits
    stringToBytes

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.messages.ServerHello-class.html0000700000175000017500000001371110206544647024324 0ustar clintclint tlslite.messages.ServerHello
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ServerHello
    [show private | hide private]
    [frames | no frames]

    Class ServerHello

         Msg --+    
           |    
HandshakeMsg --+
               |
              ServerHello

    Method Summary
      __init__(self)
      create(self, version, random, session_id, cipher_suite, certificate_type)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.ClientHelper.ClientHelper-class.html0000700000175000017500000003002010206544650027523 0ustar clintclint tlslite.integration.ClientHelper.ClientHelper
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module ClientHelper :: Class ClientHelper
    [show private | hide private]
    [frames | no frames]

    Class ClientHelper

    Known Subclasses:
    HTTPTLSConnection, IMAP4_TLS, POP3_TLS, XMLRPCTransport
    This is a helper class used to integrate TLS Lite with various TLS clients (e.g. poplib, smtplib, httplib, etc.)
    Method Summary
      __init__(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    For client authentication, use one of these argument combinations:
      _handshake(self, tlsConnection)

    Method Details

    __init__(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Then you should be prepared to handle TLS-specific exceptions. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.rijndael-module.html0000700000175000017500000000540010206544651024145 0ustar clintclint tlslite.utils.rijndael
    rijndael
    Classes
    rijndael

    Functions
    decrypt
    encrypt
    test

    Variables
    num_rounds
    rcon
    S
    shifts
    Si
    T1
    T2
    T3
    T4
    T5
    T6
    T7
    T8
    U1
    U2
    U3
    U4

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES-class.html0000700000175000017500000001163710206544645030533 0ustar clintclint tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_TripleDES :: Class Cryptlib_TripleDES
    [show private | hide private]
    [frames | no frames]

    Class Cryptlib_TripleDES

    TripleDES --+
            |
           Cryptlib_TripleDES

    Method Summary
      __init__(self, key, mode, IV)
      __del__(self)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.integration.ClientHelper-module.html0000700000175000017500000000164610206544651026126 0ustar clintclint tlslite.integration.ClientHelper
    ClientHelper
    Classes
    ClientHelper

    [show private | hide private] tlslite-0.3.8/docs/private/toc.html0000700000175000017500000001634310206544651016266 0ustar clintclint Table of Contents
    Table of Contents
    Everything

    Packages
    tlslite
    tlslite.integration
    tlslite.utils

    Modules
    tlslite.api
    tlslite.BaseDB
    tlslite.Checker
    tlslite.constants
    tlslite.errors
    tlslite.FileObject
    tlslite.HandshakeSettings
    tlslite.integration.AsyncStateMachine
    tlslite.integration.ClientHelper
    tlslite.integration.HTTPTLSConnection
    tlslite.integration.IMAP4_TLS
    tlslite.integration.IntegrationHelper
    tlslite.integration.POP3_TLS
    tlslite.integration.SMTP_TLS
    tlslite.integration.TLSAsyncDispatcherMixIn
    tlslite.integration.TLSSocketServerMixIn
    tlslite.integration.TLSTwistedProtocolWrapper
    tlslite.integration.XMLRPCTransport
    tlslite.mathtls
    tlslite.messages
    tlslite.Session
    tlslite.SessionCache
    tlslite.SharedKeyDB
    tlslite.TLSConnection
    tlslite.TLSRecordLayer
    tlslite.utils.AES
    tlslite.utils.ASN1Parser
    tlslite.utils.cipherfactory
    tlslite.utils.codec
    tlslite.utils.compat
    tlslite.utils.Cryptlib_AES
    tlslite.utils.Cryptlib_RC4
    tlslite.utils.Cryptlib_TripleDES
    tlslite.utils.cryptomath
    tlslite.utils.dateFuncs
    tlslite.utils.hmac
    tlslite.utils.jython_compat
    tlslite.utils.keyfactory
    tlslite.utils.OpenSSL_AES
    tlslite.utils.OpenSSL_RC4
    tlslite.utils.OpenSSL_RSAKey
    tlslite.utils.OpenSSL_TripleDES
    tlslite.utils.PyCrypto_AES
    tlslite.utils.PyCrypto_RC4
    tlslite.utils.PyCrypto_RSAKey
    tlslite.utils.PyCrypto_TripleDES
    tlslite.utils.Python_AES
    tlslite.utils.Python_RC4
    tlslite.utils.Python_RSAKey
    tlslite.utils.RC4
    tlslite.utils.rijndael
    tlslite.utils.RSAKey
    tlslite.utils.TripleDES
    tlslite.utils.xmltools
    tlslite.VerifierDB
    tlslite.X509
    tlslite.X509CertChain

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.constants.AlertLevel-class.html0000700000175000017500000001470710206544647024344 0ustar clintclint tlslite.constants.AlertLevel
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class AlertLevel
    [show private | hide private]
    [frames | no frames]

    Class AlertLevel

    Class Variable Summary
    int fatal = 2                                                                     
    int warning = 1                                                                     

    Class Variable Details

    fatal

    Type:
    int
    Value:
    2                                                                     

    warning

    Type:
    int
    Value:
    1                                                                     

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.X509CertChain.X509CertChain-class.html0000700000175000017500000002771110206544646024743 0ustar clintclint tlslite.X509CertChain.X509CertChain
       Home       Trees       Index       Help   
    Package tlslite :: Module X509CertChain :: Class X509CertChain
    [show private | hide private]
    [frames | no frames]

    Class X509CertChain

    This class represents a chain of X.509 certificates.
    Method Summary
      __init__(self, x509List)
    Create a new X509CertChain.
    str or None getCommonName(self)
    Get the Subject's Common Name from the end-entity certificate.
    tlslite.utils.RSAKey.RSAKey getEndEntityPublicKey(self)
    Get the public key from the end-entity certificate.
    str getFingerprint(self)
    Get the hex-encoded fingerprint of the end-entity certificate.
    int getNumCerts(self)
    Get the number of certificates in this chain.
      validate(self, x509TrustList)
    Check the validity of the certificate chain.
      _checkChaining(self, lastC, rootC)

    Instance Variable Summary
    list x509List: A list of tlslite.X509.X509 instances, starting with the end-entity certificate and with every subsequent certificate certifying the previous.

    Method Details

    __init__(self, x509List=None)
    (Constructor)

    Create a new X509CertChain.
    Parameters:
    x509List - A list of tlslite.X509.X509 instances, starting with the end-entity certificate and with every subsequent certificate certifying the previous.
               (type=list)

    getCommonName(self)

    Get the Subject's Common Name from the end-entity certificate.

    The cryptlib_py module must be installed in order to use this function.
    Returns:
    The CN component of the certificate's subject DN, if present.
               (type=str or None)

    getEndEntityPublicKey(self)

    Get the public key from the end-entity certificate.
    Returns:
    tlslite.utils.RSAKey.RSAKey

    getFingerprint(self)

    Get the hex-encoded fingerprint of the end-entity certificate.
    Returns:
    A hex-encoded fingerprint.
               (type=str)

    getNumCerts(self)

    Get the number of certificates in this chain.
    Returns:
    int

    validate(self, x509TrustList)

    Check the validity of the certificate chain.

    This checks that every certificate in the chain validates with the subsequent one, until some certificate validates with (or is identical to) one of the passed-in root certificates.

    The cryptlib_py module must be installed in order to use this function.
    Parameters:
    x509TrustList - A list of trusted root certificates. The certificate chain must extend to one of these certificates to be considered valid.
               (type=list of tlslite.X509.X509)

    Instance Variable Details

    x509List

    A list of tlslite.X509.X509 instances, starting with the end-entity certificate and with every subsequent certificate certifying the previous.
    Type:
    list

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.xmltools-module.html0000700000175000017500000005027210206544645023465 0ustar clintclint tlslite.utils.xmltools
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module xmltools
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.xmltools

    Helper functions for XML.

    This module has misc. helper functions for working with XML DOM nodes.
    Function Summary
      checkName(element, name)
      checkNoMoreAttributes(element)
      escape(s)
      getAttribute(element, attrName, regEx)
      getChild(element, index, name)
      getChildIter(element, index)
      getChildOrNone(element, index)
      getLastChild(element, index, name)
      getReqAttribute(element, attrName, regEx)
      getText(element, regEx)
      indent(s, steps, ch)
      parseAndStripWhitespace(s)
      parseDocument(s)
      stripWhitespace(element, tab)

    Variable Summary
    str base64RegEx = '[A-Za-z0-9+/]+={0,4}\\Z'
    str booleanRegEx = '(true)|(false)'
    str certsListRegEx = '(0)?(1)?(2)?(3)?(4)?(5)?(6)?(7)?(8)?(9...
    str cryptoIDRegEx = '([a-km-z3-9]{5}\\.){3}[a-km-z3-9]{5}\\Z...
    str dateTimeRegEx = '\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\...
    str exprRegEx = '[a-zA-Z0-9 ,()]{1,200}\\Z'
    str keyRegEx = '[A-Z]\\Z'
    str keysListRegEx = '(A)?(B)?(C)?(D)?(E)?(F)?(G)?(H)?(I)?(J)...
    str nsRegEx = 'http://trevp.net/cryptoID\\Z'
    str sha1Base64RegEx = '[A-Za-z0-9+/]{27}=\\Z'
    str shortStringRegEx = '.{1,100}\\Z'
    str urlRegEx = 'http(s)?://.{1,100}\\Z'

    Variable Details

    base64RegEx

    Type:
    str
    Value:
    '[A-Za-z0-9+/]+={0,4}\\Z'

    booleanRegEx

    Type:
    str
    Value:
    '(true)|(false)'

    certsListRegEx

    Type:
    str
    Value:
    '(0)?(1)?(2)?(3)?(4)?(5)?(6)?(7)?(8)?(9)?\\Z'

    cryptoIDRegEx

    Type:
    str
    Value:
    '([a-km-z3-9]{5}\\.){3}[a-km-z3-9]{5}\\Z'

    dateTimeRegEx

    Type:
    str
    Value:
    '\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ\\Z'

    exprRegEx

    Type:
    str
    Value:
    '[a-zA-Z0-9 ,()]{1,200}\\Z'

    keyRegEx

    Type:
    str
    Value:
    '[A-Z]\\Z'

    keysListRegEx

    Type:
    str
    Value:
    '(A)?(B)?(C)?(D)?(E)?(F)?(G)?(H)?(I)?(J)?(K)?(L)?(M)?(N)?(O)?(P)?(Q)?(\
R)?(S)?(T)?(U)?(V)?(W)?(X)?(Y)?(Z)?\\Z'

    nsRegEx

    Type:
    str
    Value:
    'http://trevp.net/cryptoID\\Z'

    sha1Base64RegEx

    Type:
    str
    Value:
    '[A-Za-z0-9+/]{27}=\\Z'

    shortStringRegEx

    Type:
    str
    Value:
    '.{1,100}\\Z'

    urlRegEx

    Type:
    str
    Value:
    'http(s)?://.{1,100}\\Z'

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.TLSTwistedProtocolWrapper._FakeSocket-class.html0000700000175000017500000001051510206544650032045 0ustar clintclint tlslite.integration.TLSTwistedProtocolWrapper._FakeSocket
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSTwistedProtocolWrapper :: Class _FakeSocket
    [show private | hide private]
    [frames | no frames]

    Class _FakeSocket

    Method Summary
      __init__(self, wrapper)
      recv(self, numBytes)
      send(self, data)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.integration.AsyncStateMachine-module.html0000700000175000017500000000176510206544651027115 0ustar clintclint tlslite.integration.AsyncStateMachine
    AsyncStateMachine
    Classes
    AsyncStateMachine

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.TripleDES.TripleDES-class.html0000700000175000017500000001153310206544646025007 0ustar clintclint tlslite.utils.TripleDES.TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module TripleDES :: Class TripleDES
    [show private | hide private]
    [frames | no frames]

    Class TripleDES

    Known Subclasses:
    Cryptlib_TripleDES, OpenSSL_TripleDES, PyCrypto_TripleDES
    Method Summary
      __init__(self, key, mode, IV, implementation)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/twisted.internet.protocol.BaseProtocol-class.html0000700000175000017500000002334410206544650026347 0ustar clintclint twisted.internet.protocol.BaseProtocol
       Home       Trees       Index       Help   
    Package twisted :: Package internet :: Module protocol :: Class BaseProtocol
    [show private | hide private]
    [frames | no frames]

    Class BaseProtocol

    Known Subclasses:
    Protocol

    This is the abstract superclass of all protocols.

    If you are going to write a new protocol for Twisted, start here. The docstrings of this class explain how you can get started. Any protocol implementation, either client or server, should be a subclass of me.

    My API is quite simple. Implement dataReceived(data) to handle both event-based and synchronous input; output can be sent through the 'transport' attribute, which is to be an instance that implements twisted.internet.interfaces.ITransport.

    Some subclasses exist already to help you write common types of protocols: see the twisted.protocols.basic module for a few of them.
    Method Summary
      connectionMade(self)
    Called when a connection is made.
      makeConnection(self, transport)
    Make a connection to a transport and a server.

    Class Variable Summary
    int connected = 0                                                                     
    NoneType transport = None                                                                  

    Method Details

    connectionMade(self)

    Called when a connection is made.

    This may be considered the initializer of the protocol, because it is called when the connection is completed. For clients, this is called once the connection to the server has been established; for servers, this is called after an accept() call stops blocking and a socket has been received. If you need to send any greeting or initial message, do it here.

    makeConnection(self, transport)

    Make a connection to a transport and a server.

    This sets the 'transport' attribute of this Protocol, and calls the connectionMade() callback.

    Class Variable Details

    connected

    Type:
    int
    Value:
    0                                                                     

    transport

    Type:
    NoneType
    Value:
    None                                                                  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.SharedKeyDB-module.html0000700000175000017500000000163310206544651023307 0ustar clintclint tlslite.SharedKeyDB
    SharedKeyDB
    Classes
    SharedKeyDB

    [show private | hide private] tlslite-0.3.8/docs/private/indices.html0000700000175000017500000075025610206544651017127 0ustar clintclint Index
       Home       Trees       Index       Help   
    [show private | hide private]
    [frames | no frames]

    Identifier Index
    __call__ Method in class tlslite.Checker.Checker
    __contains__ Method in class tlslite.BaseDB.BaseDB
    __del__ Method in class tlslite.FileObject.FileObject
    __del__ Method in class tlslite.utils.Cryptlib_AES.Cryptlib_AES
    __del__ Method in class tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    __del__ Method in class tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    __del__ Method in class tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    __del__ Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    __delitem__ Method in class tlslite.BaseDB.BaseDB
    __getattr__ Method in class imaplib.IMAP4
    __getattr__ Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    __getattr__ Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    __getattr__ Method in class twisted.protocols.policies.ProtocolWrapper
    __getitem__ Method in class exceptions.Exception
    __getitem__ Method in class tlslite.BaseDB.BaseDB
    __getitem__ Method in class tlslite.SessionCache.SessionCache
    __implements__ Variable in class twisted.internet.protocol.Protocol
    __implements__ Variable in class twisted.protocols.policies.ProtocolWrapper
    __implements__ Variable in class twisted.protocols.policies.ProtocolWrapper
    __init__ Method in class exceptions.Exception
    __init__ Method in class httplib.HTTPConnection
    __init__ Method in class httplib.HTTPResponse
    __init__ Method in class imaplib.IMAP4
    __init__ Method in class poplib.POP3
    __init__ Method in class smtplib.SMTP
    __init__ Method in class tlslite.BaseDB.BaseDB
    __init__ Method in class tlslite.Checker.Checker
    __init__ Method in class tlslite.FileObject.FileObject
    __init__ Method in class tlslite.HandshakeSettings.HandshakeSettings
    __init__ Method in class tlslite.Session.Session
    __init__ Method in class tlslite.SessionCache.SessionCache
    __init__ Method in class tlslite.SharedKeyDB.SharedKeyDB
    __init__ Method in class tlslite.TLSConnection.TLSConnection
    __init__ Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    __init__ Method in class tlslite.TLSRecordLayer._ConnectionState
    __init__ Method in class tlslite.VerifierDB.VerifierDB
    __init__ Method in class tlslite.X509.X509
    __init__ Method in class tlslite.X509CertChain.X509CertChain
    __init__ Method in class tlslite.errors.TLSLocalAlert
    __init__ Method in class tlslite.errors.TLSRemoteAlert
    __init__ Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    __init__ Method in class tlslite.integration.ClientHelper.ClientHelper
    __init__ Method in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    __init__ Method in class tlslite.integration.HTTPTLSConnection.HTTPTLSConnection
    __init__ Method in class tlslite.integration.IMAP4_TLS.IMAP4_TLS
    __init__ Method in class tlslite.integration.IntegrationHelper.IntegrationHelper
    __init__ Method in class tlslite.integration.POP3_TLS.POP3_TLS
    __init__ Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    __init__ Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    __init__ Method in class tlslite.integration.TLSTwistedProtocolWrapper._FakeSocket
    __init__ Method in class tlslite.integration.XMLRPCTransport.XMLRPCTransport
    __init__ Method in class tlslite.mathtls.MAC_SSL
    __init__ Method in class tlslite.messages.Alert
    __init__ Method in class tlslite.messages.ApplicationData
    __init__ Method in class tlslite.messages.Certificate
    __init__ Method in class tlslite.messages.CertificateRequest
    __init__ Method in class tlslite.messages.CertificateVerify
    __init__ Method in class tlslite.messages.ChangeCipherSpec
    __init__ Method in class tlslite.messages.ClientHello
    __init__ Method in class tlslite.messages.ClientKeyExchange
    __init__ Method in class tlslite.messages.Finished
    __init__ Method in class tlslite.messages.RecordHeader2
    __init__ Method in class tlslite.messages.RecordHeader3
    __init__ Method in class tlslite.messages.ServerHello
    __init__ Method in class tlslite.messages.ServerHelloDone
    __init__ Method in class tlslite.messages.ServerKeyExchange
    __init__ Method in class tlslite.utils.AES.AES
    __init__ Method in class tlslite.utils.ASN1Parser.ASN1Parser
    __init__ Method in class tlslite.utils.Cryptlib_AES.Cryptlib_AES
    __init__ Method in class tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    __init__ Method in class tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    __init__ Method in class tlslite.utils.OpenSSL_AES.OpenSSL_AES
    __init__ Method in class tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    __init__ Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    __init__ Method in class tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    __init__ Method in class tlslite.utils.PyCrypto_AES.PyCrypto_AES
    __init__ Method in class tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
    __init__ Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    __init__ Method in class tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
    __init__ Method in class tlslite.utils.Python_AES.Python_AES
    __init__ Method in class tlslite.utils.Python_RC4.Python_RC4
    __init__ Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    __init__ Method in class tlslite.utils.RC4.RC4
    __init__ Method in class tlslite.utils.RSAKey.RSAKey
    __init__ Method in class tlslite.utils.TripleDES.TripleDES
    __init__ Method in class tlslite.utils.codec.Parser
    __init__ Method in class tlslite.utils.codec.Writer
    __init__ Method in class tlslite.utils.hmac.HMAC
    __init__ Method in class tlslite.utils.rijndael.rijndael
    __init__ Method in class twisted.protocols.policies.ProtocolWrapper
    __iter__ Method in class tlslite.FileObject.FileObject
    __len__ Method in class tlslite.utils.RSAKey.RSAKey
    __setitem__ Method in class tlslite.BaseDB.BaseDB
    __setitem__ Method in class tlslite.SessionCache.SessionCache
    __setitem__ Method in class tlslite.SharedKeyDB.SharedKeyDB
    __setitem__ Method in class tlslite.VerifierDB.VerifierDB
    __str__ Method in class exceptions.Exception
    __str__ Method in class tlslite.errors.TLSLocalAlert
    __str__ Method in class tlslite.errors.TLSRemoteAlert
    _addPKCS1Padding Method in class tlslite.utils.RSAKey.RSAKey
    _addPKCS1SHA1Prefix Method in class tlslite.utils.RSAKey.RSAKey
    _append_untagged Method in class imaplib.IMAP4
    _calcFinished Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _calcMasterSecret Method in class tlslite.Session.Session
    _calcPendingStates Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _calcSSLHandshakeHash Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _changeReadState Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _changeWriteState Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _check_bye Method in class imaplib.IMAP4
    _check_close Method in class httplib.HTTPResponse
    _checkAssert Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    _checkChaining Method in class tlslite.X509CertChain.X509CertChain
    _checkItem Method in class tlslite.SharedKeyDB.SharedKeyDB
    _checkItem Method in class tlslite.VerifierDB.VerifierDB
    _checkquote Method in class imaplib.IMAP4
    _clear Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    _clone Method in class tlslite.Session.Session
    _command Method in class imaplib.IMAP4
    _command_complete Method in class imaplib.IMAP4
    _ConnectionState Class in module tlslite.TLSRecordLayer
    _CRAM_MD5_AUTH Method in class imaplib.IMAP4
    _createContext Method in class tlslite.utils.OpenSSL_AES.OpenSSL_AES
    _createContext Method in class tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    _createPrivateKey Function in module tlslite.utils.keyfactory
    _createPrivateRSAKey Function in module tlslite.utils.keyfactory
    _createPublicKey Function in module tlslite.utils.keyfactory
    _createPublicRSAKey Function in module tlslite.utils.keyfactory
    _createSharedKey Method in class tlslite.Session.Session
    _decrefAsync Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _decryptRecord Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _doCloseOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    _doHandshakeOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    _doReadOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    _doWriteOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    _dump_ur Method in class imaplib.IMAP4
    _FakeSocket Class in module tlslite.integration.TLSTwistedProtocolWrapper
    _filter Method in class tlslite.HandshakeSettings.HandshakeSettings
    _get_line Method in class imaplib.IMAP4
    _get_response Method in class imaplib.IMAP4
    _get_tagged_response Method in class imaplib.IMAP4
    _get_wbuf_len Method in class tlslite.FileObject.FileObject
    _getASN1Length Method in class tlslite.utils.ASN1Parser.ASN1Parser
    _getCertificateTypes Method in class tlslite.HandshakeSettings.HandshakeSettings
    _getclosed Method in class tlslite.FileObject.FileObject
    _getFinished Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _getItem Method in class tlslite.SharedKeyDB.SharedKeyDB
    _getItem Method in class tlslite.VerifierDB.VerifierDB
    _getKeyFromChain Method in class tlslite.TLSConnection.TLSConnection
    _getline Method in class poplib.POP3
    _getlongresp Method in class poplib.POP3
    _getMsg Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _getNextRecord Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _getresp Method in class poplib.POP3
    _handshake Method in class tlslite.integration.ClientHelper.ClientHelper
    _handshake Method in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    _handshake Method in class tlslite.integration.HTTPTLSConnection.HTTPTLSConnection
    _handshakeClientAsync Method in class tlslite.TLSConnection.TLSConnection
    _handshakeClientAsyncHelper Method in class tlslite.TLSConnection.TLSConnection
    _handshakeDone Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _handshakeServerAsyncHelper Method in class tlslite.TLSConnection.TLSConnection
    _handshakeStart Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _handshakeWrapperAsync Method in class tlslite.TLSConnection.TLSConnection
    _log Method in class imaplib.IMAP4
    _longcmd Method in class poplib.POP3
    _match Method in class imaplib.IMAP4
    _mesg Method in class imaplib.IMAP4
    _new_tag Method in class imaplib.IMAP4
    _output Method in class httplib.HTTPConnection
    _parse_response Method in class xmlrpclib.Transport
    _parseASN1PrivateKey Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    _parseKeyHelper Function in module tlslite.utils.keyfactory
    _parsePKCS8 Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    _parseSSLeay Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    _parseXML Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    _purge Method in class tlslite.SessionCache.SessionCache
    _putcmd Method in class poplib.POP3
    _putline Method in class poplib.POP3
    _quote Method in class imaplib.IMAP4
    _rawPrivateKeyOp Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    _rawPrivateKeyOp Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    _rawPrivateKeyOp Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    _rawPrivateKeyOp Method in class tlslite.utils.RSAKey.RSAKey
    _rawPrivateKeyOpHelper Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    _rawPublicKeyOp Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    _rawPublicKeyOp Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    _rawPublicKeyOp Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    _rawPublicKeyOp Method in class tlslite.utils.RSAKey.RSAKey
    _read_chunked Method in class httplib.HTTPResponse
    _read_status Method in class httplib.HTTPResponse
    _safe_read Method in class httplib.HTTPResponse
    _send_output Method in class httplib.HTTPConnection
    _send_request Method in class httplib.HTTPConnection
    _sendError Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _sendFinished Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _sendMsg Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _sendMsgs Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _set_hostport Method in class httplib.HTTPConnection
    _setItem Method in class tlslite.SharedKeyDB.SharedKeyDB
    _setItem Method in class tlslite.VerifierDB.VerifierDB
    _setResumable Method in class tlslite.Session.Session
    _shortcmd Method in class poplib.POP3
    _shutdown Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    _simple_command Method in class imaplib.IMAP4
    _strxor Function in module tlslite.utils.hmac
    _test Function in module tlslite.SessionCache
    _untagged_response Method in class imaplib.IMAP4
    abort Class in module imaplib
    acceptsPassword Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    acceptsPassword Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    acceptsPassword Method in class tlslite.utils.RSAKey.RSAKey
    access_denied Variable in class tlslite.constants.AlertDescription
    add Method in class tlslite.utils.codec.Writer
    addFixSeq Method in class tlslite.utils.codec.Writer
    addVarSeq Method in class tlslite.utils.codec.Writer
    AES Module in package tlslite.utils
    AES Class in module tlslite.utils.AES
    aes128Suites Variable in class tlslite.constants.CipherSuite
    aes256Suites Variable in class tlslite.constants.CipherSuite
    alert Variable in class tlslite.constants.ContentType
    Alert Class in module tlslite.messages
    AlertDescription Class in module tlslite.constants
    AlertLevel Class in module tlslite.constants
    all Variable in class tlslite.constants.ContentType
    allegedSharedKeyUsername Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    allegedSharedKeyUsername Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    allegedSrpUsername Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    allegedSrpUsername Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    api Module in package tlslite
    apop Method in class poplib.POP3
    append Method in class imaplib.IMAP4
    application_data Variable in class tlslite.constants.ContentType
    ApplicationData Class in module tlslite.messages
    ASN1Parser Module in package tlslite.utils
    ASN1Parser Class in module tlslite.utils.ASN1Parser
    AsyncStateMachine Module in package tlslite.integration
    AsyncStateMachine Class in module tlslite.integration.AsyncStateMachine
    atLengthCheck Method in class tlslite.utils.codec.Parser
    authenticate Method in class imaplib.IMAP4
    auto_open Variable in class httplib.HTTPConnection
    auto_open Variable in class httplib.HTTPConnection
    auto_open Variable in class httplib.HTTPConnection
    bad_certificate Variable in class tlslite.constants.AlertDescription
    bad_record_mac Variable in class tlslite.constants.AlertDescription
    badA Variable in class tlslite.constants.Fault
    badB Variable in class tlslite.constants.Fault
    badFinished Variable in class tlslite.constants.Fault
    badIdentifier Variable in class tlslite.constants.Fault
    badMAC Variable in class tlslite.constants.Fault
    badPadding Variable in class tlslite.constants.Fault
    badPassword Variable in class tlslite.constants.Fault
    badPremasterPadding Variable in class tlslite.constants.Fault
    badSharedKey Variable in class tlslite.constants.Fault
    badUsername Variable in class tlslite.constants.Fault
    badVerifyMessage Variable in class tlslite.constants.Fault
    base64RegEx Variable in module tlslite.utils.xmltools
    base64ToBytes Function in module tlslite.utils.cryptomath
    base64ToNumber Function in module tlslite.utils.cryptomath
    base64ToString Function in module tlslite.utils.cryptomath
    BaseDB Module in package tlslite
    BaseDB Class in module tlslite.BaseDB
    BaseProtocol Class in module twisted.internet.protocol
    begin Method in class httplib.HTTPResponse
    booleanRegEx Variable in module tlslite.utils.xmltools
    bytes Variable in class tlslite.X509.X509
    bytesToBase64 Function in module tlslite.utils.cryptomath
    bytesToNumber Function in module tlslite.utils.cryptomath
    bytesToString Function in module tlslite.utils.compat
    bytesToString Function in module tlslite.utils.jython_compat
    CertChainBase Class in module tlslite.utils.jython_compat
    certificate Variable in class tlslite.constants.HandshakeType
    Certificate Class in module tlslite.messages
    certificate_expired Variable in class tlslite.constants.AlertDescription
    certificate_request Variable in class tlslite.constants.HandshakeType
    certificate_revoked Variable in class tlslite.constants.AlertDescription
    certificate_unknown Variable in class tlslite.constants.AlertDescription
    certificate_verify Variable in class tlslite.constants.HandshakeType
    CertificateRequest Class in module tlslite.messages
    CertificateType Class in module tlslite.constants
    certificateTypes Variable in class tlslite.HandshakeSettings.HandshakeSettings
    CertificateVerify Class in module tlslite.messages
    certsListRegEx Variable in module tlslite.utils.xmltools
    change_cipher_spec Variable in class tlslite.constants.ContentType
    ChangeCipherSpec Class in module tlslite.messages
    check Method in class imaplib.IMAP4
    check Method in class tlslite.BaseDB.BaseDB
    Checker Module in package tlslite
    Checker Class in module tlslite.Checker
    checkName Function in module tlslite.utils.xmltools
    checkNoMoreAttributes Function in module tlslite.utils.xmltools
    cipherfactory Module in package tlslite.utils
    cipherNames Variable in class tlslite.HandshakeSettings.HandshakeSettings
    CipherSuite Class in module tlslite.constants
    client_hello Variable in class tlslite.constants.HandshakeType
    client_key_exchange Variable in class tlslite.constants.HandshakeType
    clientCertChain Variable in class tlslite.Session.Session
    clientCertFaults Variable in class tlslite.constants.Fault
    ClientHello Class in module tlslite.messages
    ClientHelper Module in package tlslite.integration
    ClientHelper Class in module tlslite.integration.ClientHelper
    ClientKeyExchange Class in module tlslite.messages
    clientNoAuthFaults Variable in class tlslite.constants.Fault
    clientSharedKeyFaults Variable in class tlslite.constants.Fault
    clientSrpFaults Variable in class tlslite.constants.Fault
    close Method in class httplib.HTTPConnection
    close Method in class httplib.HTTPResponse
    close Method in class imaplib.IMAP4
    close Method in class smtplib.SMTP
    close Method in class tlslite.FileObject.FileObject
    close Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    close Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    close_notify Variable in class tlslite.constants.AlertDescription
    closeAsync Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    closed Method in class tlslite.TLSRecordLayer.TLSRecordLayer in class tlslite.FileObject.FileObject
    closed Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    closed Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    closeSocket Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    closeSocket Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    codec Module in package tlslite.utils
    compat Module in package tlslite.utils
    concatArrays Function in module tlslite.utils.compat
    concatArrays Function in module tlslite.utils.jython_compat
    connect Method in class httplib.HTTPConnection
    connect Method in class smtplib.SMTP
    connect Method in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    connectionFailed Method in class twisted.internet.protocol.Protocol
    connectionLost Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    connectionLost Method in class twisted.internet.protocol.Protocol
    connectionLost Method in class twisted.protocols.policies.ProtocolWrapper
    connectionMade Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    connectionMade Method in class twisted.internet.protocol.BaseProtocol
    connectionMade Method in class twisted.protocols.policies.ProtocolWrapper
    constants Module in package tlslite
    ContentType Class in module tlslite.constants
    copy Method in class imaplib.IMAP4
    copy Method in class tlslite.mathtls.MAC_SSL
    copy Method in class tlslite.utils.hmac.HMAC
    create Method in class imaplib.IMAP4
    create Method in class tlslite.BaseDB.BaseDB
    create Method in class tlslite.messages.Alert
    create Method in class tlslite.messages.ApplicationData
    create Method in class tlslite.messages.Certificate
    create Method in class tlslite.messages.CertificateRequest
    create Method in class tlslite.messages.CertificateVerify
    create Method in class tlslite.messages.ChangeCipherSpec
    create Method in class tlslite.messages.ClientHello
    create Method in class tlslite.messages.Finished
    create Method in class tlslite.messages.RecordHeader3
    create Method in class tlslite.messages.ServerHello
    create Method in class tlslite.messages.ServerHelloDone
    createAES Function in module tlslite.utils.cipherfactory
    createByteArraySequence Function in module tlslite.utils.compat
    createByteArraySequence Function in module tlslite.utils.jython_compat
    createByteArrayZeros Function in module tlslite.utils.compat
    createByteArrayZeros Function in module tlslite.utils.jython_compat
    createDateClass Function in module tlslite.utils.dateFuncs
    createRC4 Function in module tlslite.utils.cipherfactory
    createRSA Method in class tlslite.messages.ClientKeyExchange
    createSRP Method in class tlslite.messages.ClientKeyExchange
    createSRP Method in class tlslite.messages.ServerKeyExchange
    createTripleDES Function in module tlslite.utils.cipherfactory
    Cryptlib_AES Module in package tlslite.utils
    Cryptlib_AES Class in module tlslite.utils.Cryptlib_AES
    Cryptlib_RC4 Module in package tlslite.utils
    Cryptlib_RC4 Class in module tlslite.utils.Cryptlib_RC4
    Cryptlib_TripleDES Module in package tlslite.utils
    Cryptlib_TripleDES Class in module tlslite.utils.Cryptlib_TripleDES
    cryptoID Variable in class tlslite.constants.CertificateType
    cryptoIDRegEx Variable in module tlslite.utils.xmltools
    cryptomath Module in package tlslite.utils
    data Method in class smtplib.SMTP
    dataReceived Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    dataReceived Method in class twisted.internet.protocol.Protocol
    dataReceived Method in class twisted.protocols.policies.ProtocolWrapper
    dateFuncs Module in package tlslite.utils
    dateTimeRegEx Variable in module tlslite.utils.xmltools
    debuglevel Variable in class httplib.HTTPConnection
    debuglevel Variable in class httplib.HTTPConnection
    debuglevel Variable in class httplib.HTTPConnection
    debuglevel Variable in class smtplib.SMTP
    debuglevel Variable in class smtplib.SMTP
    decode_error Variable in class tlslite.constants.AlertDescription
    decompression_failure Variable in class tlslite.constants.AlertDescription
    decrypt Method in class tlslite.utils.AES.AES
    decrypt Method in class tlslite.utils.Cryptlib_AES.Cryptlib_AES
    decrypt Method in class tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    decrypt Method in class tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    decrypt Method in class tlslite.utils.OpenSSL_AES.OpenSSL_AES
    decrypt Method in class tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    decrypt Method in class tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    decrypt Method in class tlslite.utils.PyCrypto_AES.PyCrypto_AES
    decrypt Method in class tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
    decrypt Method in class tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
    decrypt Method in class tlslite.utils.Python_AES.Python_AES
    decrypt Method in class tlslite.utils.Python_RC4.Python_RC4
    decrypt Method in class tlslite.utils.RC4.RC4
    decrypt Method in class tlslite.utils.RSAKey.RSAKey
    decrypt Method in class tlslite.utils.TripleDES.TripleDES
    decrypt Function in module tlslite.utils.rijndael
    decrypt Method in class tlslite.utils.rijndael.rijndael
    decrypt_error Variable in class tlslite.constants.AlertDescription
    decryption_failed Variable in class tlslite.constants.AlertDescription
    default_bufsize Variable in class tlslite.FileObject.FileObject
    default_port Variable in class httplib.HTTPConnection
    default_port Variable in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    default_port Variable in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    dele Method in class poplib.POP3
    delete Method in class imaplib.IMAP4
    description Variable in class tlslite.errors.TLSLocalAlert
    description Variable in class tlslite.errors.TLSRemoteAlert
    digest Method in class tlslite.mathtls.MAC_SSL
    digest Method in class tlslite.utils.hmac.HMAC
    digest_size Variable in module tlslite.utils.hmac
    disconnecting Variable in class twisted.protocols.policies.ProtocolWrapper
    disconnecting Variable in class twisted.protocols.policies.ProtocolWrapper
    docmd Method in class smtplib.SMTP
    does_esmtp Variable in class smtplib.SMTP
    does_esmtp Variable in class smtplib.SMTP
    ehlo Method in class smtplib.SMTP
    ehlo_resp Variable in class smtplib.SMTP
    ehlo_resp Variable in class smtplib.SMTP
    encrypt Method in class tlslite.utils.AES.AES
    encrypt Method in class tlslite.utils.Cryptlib_AES.Cryptlib_AES
    encrypt Method in class tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    encrypt Method in class tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    encrypt Method in class tlslite.utils.OpenSSL_AES.OpenSSL_AES
    encrypt Method in class tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    encrypt Method in class tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    encrypt Method in class tlslite.utils.PyCrypto_AES.PyCrypto_AES
    encrypt Method in class tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
    encrypt Method in class tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
    encrypt Method in class tlslite.utils.Python_AES.Python_AES
    encrypt Method in class tlslite.utils.Python_RC4.Python_RC4
    encrypt Method in class tlslite.utils.RC4.RC4
    encrypt Method in class tlslite.utils.RSAKey.RSAKey
    encrypt Method in class tlslite.utils.TripleDES.TripleDES
    encrypt Function in module tlslite.utils.rijndael
    encrypt Method in class tlslite.utils.rijndael.rijndael
    endheaders Method in class httplib.HTTPConnection
    error Class in module imaplib
    errors Module in package tlslite
    escape Function in module tlslite.utils.xmltools
    Exception Class in module exceptions
    expn Method in class smtplib.SMTP
    export_restriction Variable in class tlslite.constants.AlertDescription
    exprRegEx Variable in module tlslite.utils.xmltools
    expunge Method in class imaplib.IMAP4
    fatal Variable in class tlslite.constants.AlertLevel
    Fault Class in module tlslite.constants
    faultAlerts Variable in class tlslite.constants.Fault
    faultNames Variable in class tlslite.constants.Fault
    fetch Method in class imaplib.IMAP4
    file Variable in class smtplib.SMTP
    file Variable in class smtplib.SMTP
    FileObject Module in package tlslite
    FileObject Class in module tlslite.FileObject
    finish_request Method in class tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn
    finished Variable in class tlslite.constants.HandshakeType
    Finished Class in module tlslite.messages
    flush Method in class tlslite.FileObject.FileObject
    formatExceptionTrace Function in module tlslite.utils.compat
    formatExceptionTrace Function in module tlslite.utils.jython_compat
    gcd Function in module tlslite.utils.cryptomath
    generate Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    generate Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    generate Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    generate Method in class tlslite.utils.RSAKey.RSAKey
    generateRSAKey Function in module tlslite.utils.keyfactory
    genericFaults Variable in class tlslite.constants.Fault
    get Method in class tlslite.utils.codec.Parser
    get_host_info Method in class xmlrpclib.Transport
    getacl Method in class imaplib.IMAP4
    getAttribute Function in module tlslite.utils.xmltools
    getBase64Nonce Function in module tlslite.utils.cryptomath
    getChild Method in class tlslite.utils.ASN1Parser.ASN1Parser
    getChild Function in module tlslite.utils.xmltools
    getChildIter Function in module tlslite.utils.xmltools
    getChildOrNone Function in module tlslite.utils.xmltools
    getCipherImplementation Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getCipherName Method in class tlslite.Session.Session
    getCipherName Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getCommonName Method in class tlslite.X509.X509
    getCommonName Method in class tlslite.X509CertChain.X509CertChain
    getEndEntityPublicKey Method in class tlslite.X509CertChain.X509CertChain
    getFingerprint Method in class tlslite.X509.X509
    getFingerprint Method in class tlslite.X509CertChain.X509CertChain
    getFixBytes Method in class tlslite.utils.codec.Parser
    getFixList Method in class tlslite.utils.codec.Parser
    getheader Method in class httplib.HTTPResponse
    getHost Method in class twisted.protocols.policies.ProtocolWrapper
    getHoursFromNow Function in module tlslite.utils.dateFuncs
    getLastChild Function in module tlslite.utils.xmltools
    getListFromSet Function in module tlslite.utils.jython_compat
    getMinutesFromNow Function in module tlslite.utils.dateFuncs
    getNow Function in module tlslite.utils.dateFuncs
    getNumCerts Method in class tlslite.X509CertChain.X509CertChain
    getparser Method in class xmlrpclib.Transport
    getPeer Method in class twisted.protocols.policies.ProtocolWrapper
    getpeername Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getquota Method in class imaplib.IMAP4
    getquotaroot Method in class imaplib.IMAP4
    getRandomBytes Function in module tlslite.utils.cryptomath
    getRandomNumber Function in module tlslite.utils.cryptomath
    getRandomPrime Function in module tlslite.utils.cryptomath
    getRandomSafePrime Function in module tlslite.utils.cryptomath
    getreply Method in class smtplib.SMTP
    getReqAttribute Function in module tlslite.utils.xmltools
    getresponse Method in class httplib.HTTPConnection
    getRsaSuites Method in class tlslite.constants.CipherSuite
    getSeqNumStr Method in class tlslite.TLSRecordLayer._ConnectionState
    getSHA1 Function in module tlslite.utils.jython_compat
    getSigningAlgorithm Method in class tlslite.utils.RSAKey.RSAKey
    getsockname Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getSrpRsaSuites Method in class tlslite.constants.CipherSuite
    getSrpSuites Method in class tlslite.constants.CipherSuite
    getText Function in module tlslite.utils.xmltools
    gettimeout Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getVarBytes Method in class tlslite.utils.codec.Parser
    getVarList Method in class tlslite.utils.codec.Parser
    getwelcome Method in class poplib.POP3
    goodGroupParameters Variable in module tlslite.mathtls
    handle_read Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    handle_write Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    handshake Variable in class tlslite.constants.ContentType
    handshake Method in class tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn
    handshake_failure Variable in class tlslite.constants.AlertDescription
    handshakeClientCert Method in class tlslite.TLSConnection.TLSConnection
    handshakeClientSharedKey Method in class tlslite.TLSConnection.TLSConnection
    handshakeClientSRP Method in class tlslite.TLSConnection.TLSConnection
    handshakeClientUnknown Method in class tlslite.TLSConnection.TLSConnection
    HandshakeMsg Class in module tlslite.messages
    handshakeServer Method in class tlslite.TLSConnection.TLSConnection
    handshakeServerAsync Method in class tlslite.TLSConnection.TLSConnection
    HandshakeSettings Module in package tlslite
    HandshakeSettings Class in module tlslite.HandshakeSettings
    HandshakeType Class in module tlslite.constants
    has_extn Method in class smtplib.SMTP
    hash Method in class tlslite.messages.ServerKeyExchange
    hash Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    hash Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    hash Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    hash Method in class tlslite.utils.RSAKey.RSAKey
    hashAndBase64 Function in module tlslite.utils.cryptomath
    hashAndSign Method in class tlslite.utils.RSAKey.RSAKey
    hashAndVerify Method in class tlslite.utils.RSAKey.RSAKey
    hasPrivateKey Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    hasPrivateKey Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    hasPrivateKey Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    hasPrivateKey Method in class tlslite.utils.RSAKey.RSAKey
    hello_request Variable in class tlslite.constants.HandshakeType
    helo Method in class smtplib.SMTP
    helo_resp Variable in class smtplib.SMTP
    helo_resp Variable in class smtplib.SMTP
    help Method in class smtplib.SMTP
    hexdigest Method in class tlslite.mathtls.MAC_SSL
    hexdigest Method in class tlslite.utils.hmac.HMAC
    hmac Module in package tlslite.utils
    HMAC Class in module tlslite.utils.hmac
    HTTPBaseTLSConnection Class in module tlslite.integration.HTTPTLSConnection
    HTTPConnection Class in module httplib
    HTTPResponse Class in module httplib
    HTTPTLSConnection Module in package tlslite.integration
    HTTPTLSConnection Class in module tlslite.integration.HTTPTLSConnection
    ignoreAbruptClose Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    ignoreAbruptClose Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    illegal_parameter Variable in class tlslite.constants.AlertDescription
    IMAP4 Class in module imaplib
    IMAP4_TLS Module in package tlslite.integration
    IMAP4_TLS Class in module tlslite.integration.IMAP4_TLS
    IMAP4_TLS_PORT Variable in module tlslite.integration.IMAP4_TLS
    indent Function in module tlslite.utils.xmltools
    inReadEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    insufficient_security Variable in class tlslite.constants.AlertDescription
    integration Package in package tlslite
    IntegrationHelper Module in package tlslite.integration
    IntegrationHelper Class in module tlslite.integration.IntegrationHelper
    internal_error Variable in class tlslite.constants.AlertDescription
    invMod Function in module tlslite.utils.cryptomath
    inWriteEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    isclosed Method in class httplib.HTTPResponse
    isDateClassBefore Function in module tlslite.utils.dateFuncs
    isDateClassExpired Function in module tlslite.utils.dateFuncs
    isPrime Function in module tlslite.utils.cryptomath
    iterSet Function in module tlslite.utils.jython_compat
    jython_compat Module in package tlslite.utils
    keyfactory Module in package tlslite.utils
    keyRegEx Variable in module tlslite.utils.xmltools
    keys Method in class tlslite.BaseDB.BaseDB
    keysListRegEx Variable in module tlslite.utils.xmltools
    lcm Function in module tlslite.utils.cryptomath
    level Variable in class tlslite.errors.TLSLocalAlert
    level Variable in class tlslite.errors.TLSRemoteAlert
    list Method in class imaplib.IMAP4
    list Method in class poplib.POP3
    login Method in class imaplib.IMAP4
    login Method in class smtplib.SMTP
    login_cram_md5 Method in class imaplib.IMAP4
    logout Method in class imaplib.IMAP4
    loseConnection Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    loseConnection Method in class twisted.protocols.policies.ProtocolWrapper
    lsub Method in class imaplib.IMAP4
    MAC_SSL Class in module tlslite.mathtls
    mail Method in class smtplib.SMTP
    make_connection Method in class tlslite.integration.XMLRPCTransport.XMLRPCTransport
    make_connection Method in class xmlrpclib.Transport
    makeConnection Method in class twisted.internet.protocol.BaseProtocol
    makeConnection Method in class twisted.protocols.policies.ProtocolWrapper
    makefile Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    makeK Function in module tlslite.mathtls
    makeSieve Function in module tlslite.utils.cryptomath
    makeU Function in module tlslite.mathtls
    makeVerifier Method in class tlslite.VerifierDB.VerifierDB
    makeVerifier Function in module tlslite.mathtls
    makeX Function in module tlslite.mathtls
    mathtls Module in package tlslite
    maxKeySize Variable in class tlslite.HandshakeSettings.HandshakeSettings
    maxVersion Variable in class tlslite.HandshakeSettings.HandshakeSettings
    message Variable in class tlslite.errors.TLSLocalAlert
    messages Module in package tlslite
    minKeySize Variable in class tlslite.HandshakeSettings.HandshakeSettings
    minVersion Variable in class tlslite.HandshakeSettings.HandshakeSettings
    missing_srp_username Variable in class tlslite.constants.AlertDescription
    mpiToNumber Function in module tlslite.utils.cryptomath
    Msg Class in module tlslite.messages
    mustquote Variable in class imaplib.IMAP4
    mustquote Variable in class imaplib.IMAP4
    namespace Method in class imaplib.IMAP4
    new Function in module tlslite.utils.Cryptlib_AES
    new Function in module tlslite.utils.Cryptlib_RC4
    new Function in module tlslite.utils.Cryptlib_TripleDES
    new Function in module tlslite.utils.OpenSSL_AES
    new Function in module tlslite.utils.OpenSSL_RC4
    new Function in module tlslite.utils.OpenSSL_TripleDES
    new Function in module tlslite.utils.PyCrypto_AES
    new Function in module tlslite.utils.PyCrypto_RC4
    new Function in module tlslite.utils.PyCrypto_TripleDES
    new Function in module tlslite.utils.Python_AES
    new Function in module tlslite.utils.Python_RC4
    new Function in module tlslite.utils.hmac
    next Method in class tlslite.FileObject.FileObject
    no_certificate Variable in class tlslite.constants.AlertDescription
    no_renegotiation Variable in class tlslite.constants.AlertDescription
    noop Method in class imaplib.IMAP4
    noop Method in class poplib.POP3
    noop Method in class smtplib.SMTP
    nsRegEx Variable in module tlslite.utils.xmltools
    num_rounds Variable in module tlslite.utils.rijndael
    numberToBase64 Function in module tlslite.utils.cryptomath
    numberToBytes Function in module tlslite.utils.cryptomath
    numberToMPI Function in module tlslite.utils.cryptomath
    numberToString Function in module tlslite.utils.cryptomath
    numBits Function in module tlslite.utils.compat
    numBits Function in module tlslite.utils.jython_compat
    numBytes Function in module tlslite.utils.cryptomath
    open Method in class imaplib.IMAP4
    open Method in class tlslite.BaseDB.BaseDB
    open Method in class tlslite.integration.IMAP4_TLS.IMAP4_TLS
    openpgp Variable in class tlslite.constants.CertificateType
    OpenSSL_AES Module in package tlslite.utils
    OpenSSL_AES Class in module tlslite.utils.OpenSSL_AES
    OpenSSL_RC4 Module in package tlslite.utils
    OpenSSL_RC4 Class in module tlslite.utils.OpenSSL_RC4
    OpenSSL_RSAKey Module in package tlslite.utils
    OpenSSL_RSAKey Class in module tlslite.utils.OpenSSL_RSAKey
    OpenSSL_TripleDES Module in package tlslite.utils
    OpenSSL_TripleDES Class in module tlslite.utils.OpenSSL_TripleDES
    outCloseEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    outCloseEvent Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    outCloseEvent Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    outConnectEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    outConnectEvent Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    outConnectEvent Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    outReadEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    outReadEvent Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    outReadEvent Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    outWriteEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    outWriteEvent Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    P_hash Function in module tlslite.mathtls
    PAD Function in module tlslite.mathtls
    parse Method in class tlslite.X509.X509
    parse Method in class tlslite.messages.Alert
    parse Method in class tlslite.messages.ApplicationData
    parse Method in class tlslite.messages.Certificate
    parse Method in class tlslite.messages.CertificateRequest
    parse Method in class tlslite.messages.CertificateVerify
    parse Method in class tlslite.messages.ChangeCipherSpec
    parse Method in class tlslite.messages.ClientHello
    parse Method in class tlslite.messages.ClientKeyExchange
    parse Method in class tlslite.messages.Finished
    parse Method in class tlslite.messages.RecordHeader2
    parse Method in class tlslite.messages.RecordHeader3
    parse Method in class tlslite.messages.ServerHello
    parse Method in class tlslite.messages.ServerHelloDone
    parse Method in class tlslite.messages.ServerKeyExchange
    parse Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    parse_response Method in class xmlrpclib.Transport
    parseAndStripWhitespace Function in module tlslite.utils.xmltools
    parseAsPublicKey Function in module tlslite.utils.keyfactory
    parseBinary Method in class tlslite.X509.X509
    parseDateClass Function in module tlslite.utils.dateFuncs
    parseDocument Function in module tlslite.utils.xmltools
    parsePEM Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    parsePEMKey Function in module tlslite.utils.keyfactory
    parsePrivateKey Function in module tlslite.utils.keyfactory
    Parser Class in module tlslite.utils.codec
    parseXML Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    parseXMLKey Function in module tlslite.utils.keyfactory
    partial Method in class imaplib.IMAP4
    pass_ Method in class poplib.POP3
    password_callback Function in module tlslite.utils.OpenSSL_RSAKey
    POP3 Class in module poplib
    POP3_TLS Module in package tlslite.integration
    POP3_TLS Class in module tlslite.integration.POP3_TLS
    POP3_TLS_PORT Variable in module tlslite.integration.POP3_TLS
    postWrite Method in class tlslite.messages.Msg
    powMod Function in module tlslite.utils.cryptomath
    preWrite Method in class tlslite.messages.HandshakeMsg
    preWrite Method in class tlslite.messages.Msg
    PRF Function in module tlslite.mathtls
    PRF_SSL Function in module tlslite.mathtls
    print_log Method in class imaplib.IMAP4
    printDateClass Function in module tlslite.utils.dateFuncs
    Protocol Class in module twisted.internet.protocol
    protocol_version Variable in class tlslite.constants.AlertDescription
    ProtocolWrapper Class in module twisted.protocols.policies
    proxyauth Method in class imaplib.IMAP4
    publicKey Variable in class tlslite.X509.X509
    putcmd Method in class smtplib.SMTP
    putheader Method in class httplib.HTTPConnection
    putrequest Method in class httplib.HTTPConnection
    PyCrypto_AES Module in package tlslite.utils
    PyCrypto_AES Class in module tlslite.utils.PyCrypto_AES
    PyCrypto_RC4 Module in package tlslite.utils
    PyCrypto_RC4 Class in module tlslite.utils.PyCrypto_RC4
    PyCrypto_RSAKey Module in package tlslite.utils
    PyCrypto_RSAKey Class in module tlslite.utils.PyCrypto_RSAKey
    PyCrypto_TripleDES Module in package tlslite.utils
    PyCrypto_TripleDES Class in module tlslite.utils.PyCrypto_TripleDES
    Python_AES Module in package tlslite.utils
    Python_AES Class in module tlslite.utils.Python_AES
    Python_RC4 Module in package tlslite.utils
    Python_RC4 Class in module tlslite.utils.Python_RC4
    Python_RSAKey Module in package tlslite.utils
    Python_RSAKey Class in module tlslite.utils.Python_RSAKey
    quit Method in class poplib.POP3
    quit Method in class smtplib.SMTP
    RC4 Module in package tlslite.utils
    RC4 Class in module tlslite.utils.RC4
    rc4Suites Variable in class tlslite.constants.CipherSuite
    rcon Variable in module tlslite.utils.rijndael
    rcpt Method in class smtplib.SMTP
    read Method in class httplib.HTTPResponse
    read Method in class imaplib.IMAP4
    read Method in class tlslite.FileObject.FileObject
    read Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    readable Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    readAsync Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    readline Method in class imaplib.IMAP4
    readline Method in class tlslite.FileObject.FileObject
    readlines Method in class tlslite.FileObject.FileObject
    readonly Class in module imaplib
    recent Method in class imaplib.IMAP4
    record_overflow Variable in class tlslite.constants.AlertDescription
    RecordHeader2 Class in module tlslite.messages
    RecordHeader3 Class in module tlslite.messages
    recv Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    recv Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    recv Method in class tlslite.integration.TLSTwistedProtocolWrapper._FakeSocket
    registerProducer Method in class twisted.protocols.policies.ProtocolWrapper
    rename Method in class imaplib.IMAP4
    ReportFuncBase Class in module tlslite.utils.jython_compat
    request Method in class httplib.HTTPConnection
    request Method in class xmlrpclib.Transport
    response Method in class imaplib.IMAP4
    HTTPResponse Class in module httplib
    resumed Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    resumed Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    retr Method in class poplib.POP3
    rijndael Module in package tlslite.utils
    rijndael Class in module tlslite.utils.rijndael
    rpop Method in class poplib.POP3
    RSAKey Module in package tlslite.utils
    RSAKey Class in module tlslite.utils.RSAKey
    rsaSuites Variable in class tlslite.constants.CipherSuite
    rset Method in class poplib.POP3
    rset Method in class smtplib.SMTP
    S Variable in module tlslite.utils.rijndael
    search Method in class imaplib.IMAP4
    select Method in class imaplib.IMAP4
    SelfTestBase Class in module tlslite.utils.jython_compat
    send Method in class httplib.HTTPConnection
    send Method in class imaplib.IMAP4
    send Method in class smtplib.SMTP
    send Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    send Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    send Method in class tlslite.integration.TLSTwistedProtocolWrapper._FakeSocket
    send_content Method in class xmlrpclib.Transport
    send_host Method in class xmlrpclib.Transport
    send_request Method in class xmlrpclib.Transport
    send_user_agent Method in class xmlrpclib.Transport
    sendall Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    sendmail Method in class smtplib.SMTP
    server_hello Variable in class tlslite.constants.HandshakeType
    server_hello_done Variable in class tlslite.constants.HandshakeType
    server_key_exchange Variable in class tlslite.constants.HandshakeType
    serverCertChain Variable in class tlslite.Session.Session
    serverFaults Variable in class tlslite.constants.Fault
    ServerHello Class in module tlslite.messages
    ServerHelloDone Class in module tlslite.messages
    ServerKeyExchange Class in module tlslite.messages
    Session Module in package tlslite
    Session Class in module tlslite.Session
    session Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    session Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    SessionCache Module in package tlslite
    SessionCache Class in module tlslite.SessionCache
    set_debuglevel Method in class httplib.HTTPConnection
    set_debuglevel Method in class poplib.POP3
    set_debuglevel Method in class smtplib.SMTP
    setacl Method in class imaplib.IMAP4
    setCloseOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    setHandshakeOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    setLengthCheck Method in class tlslite.utils.codec.Parser
    setquota Method in class imaplib.IMAP4
    setServerHandshakeOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    setServerHandshakeOp Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    setsockopt Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    settimeout Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    setWriteOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    sha1Base64RegEx Variable in module tlslite.utils.xmltools
    SharedKeyDB Module in package tlslite
    SharedKeyDB Class in module tlslite.SharedKeyDB
    sharedKeyUsername Variable in class tlslite.Session.Session
    shifts Variable in module tlslite.utils.rijndael
    shortPremasterSecret Variable in class tlslite.constants.Fault
    shortStringRegEx Variable in module tlslite.utils.xmltools
    shutdown Method in class imaplib.IMAP4
    Si Variable in module tlslite.utils.rijndael
    sign Method in class tlslite.utils.RSAKey.RSAKey
    SMTP Class in module smtplib
    SMTP_TLS Module in package tlslite.integration
    SMTP_TLS Class in module tlslite.integration.SMTP_TLS
    sock Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    sock Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    socket Method in class imaplib.IMAP4
    sort Method in class imaplib.IMAP4
    srpRsaSuites Variable in class tlslite.constants.CipherSuite
    srpSuites Variable in class tlslite.constants.CipherSuite
    srpUsername Variable in class tlslite.Session.Session
    startLengthCheck Method in class tlslite.utils.codec.Parser
    starttls Method in class smtplib.SMTP
    starttls Method in class tlslite.integration.SMTP_TLS.SMTP_TLS
    stat Method in class poplib.POP3
    status Method in class imaplib.IMAP4
    stopConsuming Method in class twisted.protocols.policies.ProtocolWrapper
    stopLengthCheck Method in class tlslite.utils.codec.Parser
    store Method in class imaplib.IMAP4
    strict Variable in class httplib.HTTPConnection
    strict Variable in class httplib.HTTPConnection
    strict Variable in class httplib.HTTPConnection
    stringToBase64 Function in module tlslite.utils.cryptomath
    stringToBytes Function in module tlslite.utils.compat
    stringToBytes Function in module tlslite.utils.jython_compat
    stringToNumber Function in module tlslite.utils.cryptomath
    stripWhitespace Function in module tlslite.utils.xmltools
    subscribe Method in class imaplib.IMAP4
    T1 Variable in module tlslite.utils.rijndael
    T2 Variable in module tlslite.utils.rijndael
    T3 Variable in module tlslite.utils.rijndael
    T4 Variable in module tlslite.utils.rijndael
    T5 Variable in module tlslite.utils.rijndael
    T6 Variable in module tlslite.utils.rijndael
    T7 Variable in module tlslite.utils.rijndael
    T8 Variable in module tlslite.utils.rijndael
    test Function in module tlslite.utils.rijndael
    timestamp Variable in class poplib.POP3
    timestamp Variable in class poplib.POP3
    TLS_RSA_WITH_3DES_EDE_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_RSA_WITH_AES_128_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_RSA_WITH_AES_256_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_RSA_WITH_RC4_128_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_WITH_AES_128_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_WITH_AES_256_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLSAbruptCloseError Class in module tlslite.errors
    TLSAlert Class in module tlslite.errors
    TLSAsyncDispatcherMixIn Module in package tlslite.integration
    TLSAsyncDispatcherMixIn Class in module tlslite.integration.TLSAsyncDispatcherMixIn
    TLSAuthenticationError Class in module tlslite.errors
    TLSAuthenticationTypeError Class in module tlslite.errors
    TLSAuthorizationError Class in module tlslite.errors
    TLSConnection Module in package tlslite
    TLSConnection Class in module tlslite.TLSConnection
    TLSError Class in module tlslite.errors
    TLSFaultError Class in module tlslite.errors
    TLSFingerprintError Class in module tlslite.errors
    tlslite Package
    TLSLocalAlert Class in module tlslite.errors
    TLSNoAuthenticationError Class in module tlslite.errors
    TLSRecordLayer Module in package tlslite
    TLSRecordLayer Class in module tlslite.TLSRecordLayer
    TLSRemoteAlert Class in module tlslite.errors
    TLSSocketServerMixIn Module in package tlslite.integration
    TLSSocketServerMixIn Class in module tlslite.integration.TLSSocketServerMixIn
    TLSTwistedProtocolWrapper Module in package tlslite.integration
    TLSTwistedProtocolWrapper Class in module tlslite.integration.TLSTwistedProtocolWrapper
    TLSValidationError Class in module tlslite.errors
    top Method in class poplib.POP3
    Transport Class in module xmlrpclib
    TripleDES Module in package tlslite.utils
    TripleDES Class in module tlslite.utils.TripleDES
    tripleDESPresent Variable in module tlslite.utils.cipherfactory
    tripleDESSuites Variable in class tlslite.constants.CipherSuite
    U1 Variable in module tlslite.utils.rijndael
    U2 Variable in module tlslite.utils.rijndael
    U3 Variable in module tlslite.utils.rijndael
    U4 Variable in module tlslite.utils.rijndael
    uid Method in class imaplib.IMAP4
    uidl Method in class poplib.POP3
    unexpected_message Variable in class tlslite.constants.AlertDescription
    unknown_ca Variable in class tlslite.constants.AlertDescription
    unknown_srp_username Variable in class tlslite.constants.AlertDescription
    unregisterProducer Method in class twisted.protocols.policies.ProtocolWrapper
    unsubscribe Method in class imaplib.IMAP4
    unsupported_certificate Variable in class tlslite.constants.AlertDescription
    untrusted_srp_parameters Variable in class tlslite.constants.AlertDescription
    update Method in class tlslite.mathtls.MAC_SSL
    update Method in class tlslite.utils.hmac.HMAC
    urlRegEx Variable in module tlslite.utils.xmltools
    user Method in class poplib.POP3
    user_agent Variable in class xmlrpclib.Transport
    user_agent Variable in class xmlrpclib.Transport
    user_canceled Variable in class tlslite.constants.AlertDescription
    utils Package in package tlslite
    valid Method in class tlslite.Session.Session
    validate Method in class tlslite.X509CertChain.X509CertChain
    VerifierDB Module in package tlslite
    VerifierDB Class in module tlslite.VerifierDB
    verify Method in class smtplib.SMTP
    verify Method in class tlslite.utils.RSAKey.RSAKey
    version Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    version Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    wantsReadEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    wantsWriteEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    warning Variable in class tlslite.constants.AlertLevel
    writable Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    write Method in class tlslite.FileObject.FileObject
    write Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    write Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    write Method in class tlslite.messages.Alert
    write Method in class tlslite.messages.ApplicationData
    write Method in class tlslite.messages.Certificate
    write Method in class tlslite.messages.CertificateRequest
    write Method in class tlslite.messages.CertificateVerify
    write Method in class tlslite.messages.ChangeCipherSpec
    write Method in class tlslite.messages.ClientHello
    write Method in class tlslite.messages.ClientKeyExchange
    write Method in class tlslite.messages.Finished
    write Method in class tlslite.messages.RecordHeader3
    write Method in class tlslite.messages.ServerHello
    write Method in class tlslite.messages.ServerHelloDone
    write Method in class tlslite.messages.ServerKeyExchange
    write Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    write Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    write Method in class tlslite.utils.RSAKey.RSAKey
    write Method in class twisted.protocols.policies.ProtocolWrapper
    writeAsync Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    writeBytes Method in class tlslite.X509.X509
    writelines Method in class tlslite.FileObject.FileObject
    Writer Class in module tlslite.utils.codec
    writeSequence Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    writeSequence Method in class twisted.protocols.policies.ProtocolWrapper
    writeXMLPublicKey Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    writeXMLPublicKey Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    writeXMLPublicKey Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    writeXMLPublicKey Method in class tlslite.utils.RSAKey.RSAKey
    X509 Module in package tlslite
    X509 Class in module tlslite.X509
    x509 Variable in class tlslite.constants.CertificateType
    X509CertChain Module in package tlslite
    X509CertChain Class in module tlslite.X509CertChain
    x509List Variable in class tlslite.X509CertChain.X509CertChain
    xatom Method in class imaplib.IMAP4
    XMLRPCTransport Module in package tlslite.integration
    XMLRPCTransport Class in module tlslite.integration.XMLRPCTransport
    xmltools Module in package tlslite.utils

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:57 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.RSAKey-module.html0000700000175000017500000000670610206544646022706 0ustar clintclint tlslite.utils.RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module RSAKey
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.RSAKey

    Abstract class for RSA.
    Classes
    RSAKey This is an abstract base class for RSA keys.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.integration.XMLRPCTransport-module.html0000700000175000017500000000174710206544651026474 0ustar clintclint tlslite.integration.XMLRPCTransport
    XMLRPCTransport
    Classes
    XMLRPCTransport

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.utils.cipherfactory-module.html0000700000175000017500000000256210206544651025225 0ustar clintclint tlslite.utils.cipherfactory
    cipherfactory
    Functions
    createAES
    createRC4
    createTripleDES

    Variables
    tripleDESPresent

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.utils.AES-module.html0000700000175000017500000000157310206544651022774 0ustar clintclint tlslite.utils.AES
    AES
    Classes
    AES

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.SharedKeyDB.SharedKeyDB-class.html0000700000175000017500000002530510206544647024437 0ustar clintclint tlslite.SharedKeyDB.SharedKeyDB
       Home       Trees       Index       Help   
    Package tlslite :: Module SharedKeyDB :: Class SharedKeyDB
    [show private | hide private]
    [frames | no frames]

    Class SharedKeyDB

    BaseDB --+
         |
        SharedKeyDB

    This class represent an in-memory or on-disk database of shared keys.

    A SharedKeyDB can be passed to a server handshake function to authenticate a client based on one of the shared keys.

    This class is thread-safe.
    Method Summary
      __init__(self, filename)
    Create a new SharedKeyDB.
      __setitem__(self, username, sharedKey)
    Add a shared key to the database.
      _checkItem(self, value, username, param)
      _getItem(self, username, valueStr)
      _setItem(self, username, value)
        Inherited from BaseDB
    bool __contains__(self, username)
    Check if the database contains the specified username.
      __delitem__(self, username)
      __getitem__(self, username)
      check(self, username, param)
      create(self)
    Create a new on-disk database.
    list keys(self)
    Return a list of usernames in the database.
      open(self)
    Open a pre-existing on-disk database.

    Method Details

    __init__(self, filename=None)
    (Constructor)

    Create a new SharedKeyDB.
    Parameters:
    filename - Filename for an on-disk database, or None for an in-memory database. If the filename already exists, follow this with a call to open(). To create a new on-disk database, follow this with a call to create().
               (type=str)
    Overrides:
    tlslite.BaseDB.BaseDB.__init__

    __setitem__(self, username, sharedKey)
    (Index assignment operator)

    Add a shared key to the database.
    Parameters:
    username - The username to associate the shared key with. Must be less than or equal to 16 characters in length, and must not already be in the database.
               (type=str)
    sharedKey - The shared key to add. Must be less than 48 characters in length.
               (type=str)
    Overrides:
    tlslite.BaseDB.BaseDB.__setitem__

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.PyCrypto_RSAKey-module.html0000700000175000017500000000675510206544646024563 0ustar clintclint tlslite.utils.PyCrypto_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_RSAKey
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.PyCrypto_RSAKey

    PyCrypto RSA implementation.
    Classes
    PyCrypto_RSAKey  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.PyCrypto_RC4-module.html0000700000175000017500000000217710206544651024626 0ustar clintclint tlslite.utils.PyCrypto_RC4
    PyCrypto_RC4
    Classes
    PyCrypto_RC4

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.utils.xmltools-module.html0000700000175000017500000000676610206544651024256 0ustar clintclint tlslite.utils.xmltools
    xmltools
    Functions
    checkName
    checkNoMoreAttributes
    escape
    getAttribute
    getChild
    getChildIter
    getChildOrNone
    getLastChild
    getReqAttribute
    getText
    indent
    parseAndStripWhitespace
    parseDocument
    stripWhitespace

    Variables
    base64RegEx
    booleanRegEx
    certsListRegEx
    cryptoIDRegEx
    dateTimeRegEx
    exprRegEx
    keyRegEx
    keysListRegEx
    nsRegEx
    sha1Base64RegEx
    shortStringRegEx
    urlRegEx

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.FileObject-module.html0000700000175000017500000000703110206544650022442 0ustar clintclint tlslite.FileObject
       Home       Trees       Index       Help   
    Package tlslite :: Module FileObject
    [show private | hide private]
    [frames | no frames]

    Module tlslite.FileObject

    Class returned by TLSConnection.makefile().
    Classes
    FileObject This class provides a file object interface to a tlslite.TLSConnection.TLSConnection.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/imaplib.abort-class.html0000700000175000017500000001073710206544646021334 0ustar clintclint imaplib.abort
       Home       Trees       Index       Help   
    Module imaplib :: Class abort
    [show private | hide private]
    [frames | no frames]

    Class abort

    Exception --+    
            |    
        error --+
                |
               abort

    Known Subclasses:
    readonly
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Python_AES-module.html0000700000175000017500000001005510206544646023551 0ustar clintclint tlslite.utils.Python_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Python_AES

    Pure-Python AES implementation.
    Classes
    Python_AES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.Session.Session-class.html0000700000175000017500000002652610206544645023337 0ustar clintclint tlslite.Session.Session
       Home       Trees       Index       Help   
    Package tlslite :: Module Session :: Class Session
    [show private | hide private]
    [frames | no frames]

    Class Session

    This class represents a TLS session.

    TLS distinguishes between connections and sessions. A new handshake creates both a connection and a session. Data is transmitted over the connection.

    The session contains a more permanent record of the handshake. The session can be inspected to determine handshake results. The session can also be used to create a new connection through "session resumption". If the client and server both support this, they can create a new connection based on an old session without the overhead of a full handshake.

    The session for a tlslite.TLSConnection.TLSConnection can be retrieved from the connection's 'session' attribute.
    Method Summary
      __init__(self)
    str getCipherName(self)
    Get the name of the cipher used with this connection.
    bool valid(self)
    If this session can be used for session resumption.
      _calcMasterSecret(self, version, premasterSecret, clientRandom, serverRandom)
      _clone(self)
      _createSharedKey(self, sharedKeyUsername, sharedKey)
      _setResumable(self, boolean)

    Instance Variable Summary
    tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain clientCertChain: The client's certificate chain (or None).
    tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain serverCertChain: The server's certificate chain (or None).
    str sharedKeyUsername: The client's shared-key username (or None).
    str srpUsername: The client's SRP username (or None).

    Method Details

    getCipherName(self)

    Get the name of the cipher used with this connection.
    Returns:
    The name of the cipher used with this connection. Either 'aes128', 'aes256', 'rc4', or '3des'.
               (type=str)

    valid(self)

    If this session can be used for session resumption.
    Returns:
    If this session can be used for session resumption.
               (type=bool)

    Instance Variable Details

    clientCertChain

    The client's certificate chain (or None).
    Type:
    tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain

    serverCertChain

    The server's certificate chain (or None).
    Type:
    tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain

    sharedKeyUsername

    The client's shared-key username (or None).
    Type:
    str

    srpUsername

    The client's SRP username (or None).
    Type:
    str

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.Certificate-class.html0000700000175000017500000001343610206544650024312 0ustar clintclint tlslite.messages.Certificate
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class Certificate
    [show private | hide private]
    [frames | no frames]

    Class Certificate

         Msg --+    
           |    
HandshakeMsg --+
               |
              Certificate

    Method Summary
      __init__(self, certificateType)
      create(self, certChain)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.RC4-module.html0000700000175000017500000000661010206544646022172 0ustar clintclint tlslite.utils.RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.RC4

    Abstract class for RC4.
    Classes
    RC4  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/exceptions.Exception-class.html0000700000175000017500000001026510206544647022724 0ustar clintclint exceptions.Exception
       Home       Trees       Index       Help   
    Module exceptions :: Class Exception
    [show private | hide private]
    [frames | no frames]

    Class Exception

    Known Subclasses:
    TLSError, error
    Common base class for all exceptions.
    Method Summary
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/httplib.HTTPResponse-class.html0000700000175000017500000001666310206544646022560 0ustar clintclint httplib.HTTPResponse
       Home       Trees       Index       Help   
    Module httplib :: Class HTTPResponse
    [show private | hide private]
    [frames | no frames]

    Class HTTPResponse

    Method Summary
      __init__(self, sock, debuglevel, strict, method)
      begin(self)
      close(self)
      getheader(self, name, default)
      isclosed(self)
      read(self, amt)
      _check_close(self)
      _read_chunked(self, amt)
      _read_status(self)
      _safe_read(self, amt)
    Read the number of bytes requested, compensating for partial reads.

    Method Details

    _safe_read(self, amt)

    Read the number of bytes requested, compensating for partial reads.

    Normally, we have a blocking socket, but a read() can be interrupted by a signal (resulting in a partial read).

    Note that we cannot distinguish between EOF and an interrupt when zero bytes have been read. IncompleteRead() will be raised in this situation.

    This function should be used when <amt> bytes "should" be present for reading. If the bytes are truly not available (due to EOF), then the IncompleteRead exception can be used to detect the problem.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.PyCrypto_RC4-module.html0000700000175000017500000000772410206544646024052 0ustar clintclint tlslite.utils.PyCrypto_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.PyCrypto_RC4

    PyCrypto RC4 implementation.
    Classes
    PyCrypto_RC4  

    Function Summary
      new(key)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn-class.html0000700000175000017500000001337710206544647032533 0ustar clintclint tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSSocketServerMixIn :: Class TLSSocketServerMixIn
    [show private | hide private]
    [frames | no frames]

    Class TLSSocketServerMixIn

    This class can be mixed in with any SocketServer.TCPServer to add TLS support.

    To use this class, define a new class that inherits from it and some SocketServer.TCPServer (with the mix-in first). Then implement the handshake() method, doing some sort of server handshake on the connection argument. If the handshake method returns True, the RequestHandler will be triggered. Below is a complete example of a threaded HTTPS server: 
       from SocketServer import *
   from BaseHTTPServer import *
   from SimpleHTTPServer import *
   from tlslite.api import *

   s = open("./serverX509Cert.pem").read()
   x509 = X509()
   x509.parse(s)
   certChain = X509CertChain([x509])

   s = open("./serverX509Key.pem").read()
   privateKey = parsePEMKey(s, private=True)

   sessionCache = SessionCache()

   class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn,
                      HTTPServer):
     def handshake(self, tlsConnection):
         try:
             tlsConnection.handshakeServer(certChain=certChain,
                                           privateKey=privateKey,
                                           sessionCache=sessionCache)
             tlsConnection.ignoreAbruptClose = True
             return True
         except TLSError, error:
             print "Handshake failure:", str(error)
             return False

   httpd = MyHTTPServer(('localhost', 443), SimpleHTTPRequestHandler)
   httpd.serve_forever()
    Method Summary
      finish_request(self, sock, client_address)
      handshake(self, tlsConnection)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey-class.html0000700000175000017500000004214510206544650026521 0ustar clintclint tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_RSAKey :: Class OpenSSL_RSAKey
    [show private | hide private]
    [frames | no frames]

    Class OpenSSL_RSAKey

    RSAKey --+
         |
        OpenSSL_RSAKey

    Method Summary
      __init__(self, n, e)
    Create a new RSA key.
      __del__(self)
      __getattr__(self, name)
    bool acceptsPassword(self)
    Return True if the write() method accepts a password for use in encrypting the private key.
      generate(bits)
    (Static method)
    str hash(self)
    Return the cryptoID <keyHash> value corresponding to this key.
    bool hasPrivateKey(self)
    Return whether or not this key has a private component.
      parse(s, passwordCallback)
    (Static method)
    str write(self, password)
    Return a string containing the key.
    str writeXMLPublicKey(self, indent)
    Return a string containing the key.
      _rawPrivateKeyOp(self, m)
      _rawPublicKeyOp(self, c)
        Inherited from RSAKey
    int __len__(self)
    Return the length of this key in bits.
    array.array of unsigned bytes or None. decrypt(self, encBytes)
    Decrypt the passed-in bytes.
    array.array of unsigned bytes. encrypt(self, bytes)
    Encrypt the passed-in bytes.
    str getSigningAlgorithm(self)
    Return the cryptoID sigAlgo value corresponding to this key.
    array.array of unsigned bytes. hashAndSign(self, bytes)
    Hash and sign the passed-in bytes.
    bool hashAndVerify(self, sigBytes, bytes)
    Hash and verify the passed-in bytes with the signature.
    array.array of unsigned bytes. sign(self, bytes)
    Sign the passed-in bytes.
    bool verify(self, sigBytes, bytes)
    Verify the passed-in bytes with the signature.
      _addPKCS1Padding(self, bytes, blockType)
      _addPKCS1SHA1Prefix(self, bytes)

    Instance Method Details

    __init__(self, n=0, e=0)
    (Constructor)

    Create a new RSA key.

    If n and e are passed in, the new key will be initialized.
    Parameters:
    n - RSA modulus.
               (type=int)
    e - RSA public exponent.
               (type=int)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.__init__ (inherited documentation)

    acceptsPassword(self)

    Return True if the write() method accepts a password for use in encrypting the private key.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.acceptsPassword (inherited documentation)

    hash(self)

    Return the cryptoID <keyHash> value corresponding to this key.
    Returns:
    str
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hash (inherited documentation)

    hasPrivateKey(self)

    Return whether or not this key has a private component.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hasPrivateKey (inherited documentation)

    write(self, password=None)

    Return a string containing the key.
    Returns:
    A string describing the key, in whichever format (PEM or XML) is native to the implementation.
               (type=str)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.write (inherited documentation)

    writeXMLPublicKey(self, indent='')

    Return a string containing the key.
    Returns:
    A string describing the public key, in XML format.
               (type=str)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.writeXMLPublicKey (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/twisted.protocols.policies.ProtocolWrapper-class.html0000700000175000017500000004040210206544646027256 0ustar clintclint twisted.protocols.policies.ProtocolWrapper
       Home       Trees       Index       Help   
    Package twisted :: Package protocols :: Module policies :: Class ProtocolWrapper
    [show private | hide private]
    [frames | no frames]

    Class ProtocolWrapper

    BaseProtocol --+    
               |    
        Protocol --+
                   |
                  ProtocolWrapper

    Known Subclasses:
    TLSTwistedProtocolWrapper
    Wraps protocol instances and acts as their transport as well.
    Method Summary
      __init__(self, factory, wrappedProtocol)
      __getattr__(self, name)
      connectionLost(self, reason)
      connectionMade(self)
    Called when a connection is made.
      dataReceived(self, data)
    Called whenever data is received.
      getHost(self)
      getPeer(self)
      loseConnection(self)
      makeConnection(self, transport)
    Make a connection to a transport and a server.
      registerProducer(self, producer, streaming)
      stopConsuming(self)
      unregisterProducer(self)
      write(self, data)
      writeSequence(self, data)
        Inherited from Protocol
      connectionFailed(self)
    (Deprecated)

    Class Variable Summary
    tuple __implements__ = (<class 'twisted.internet.interfaces.IT...
    int disconnecting = 0                                                                     
        Inherited from BaseProtocol
    int connected = 0                                                                     
    NoneType transport = None                                                                  

    Method Details

    connectionMade(self)

    Called when a connection is made.

    This may be considered the initializer of the protocol, because it is called when the connection is completed. For clients, this is called once the connection to the server has been established; for servers, this is called after an accept() call stops blocking and a socket has been received. If you need to send any greeting or initial message, do it here.
    Overrides:
    twisted.internet.protocol.BaseProtocol.connectionMade (inherited documentation)

    dataReceived(self, data)

    Called whenever data is received.

    Use this method to translate to a higher-level message. Usually, some callback will be made upon the receipt of each complete protocol message.
    Parameters:
    data - a string of indeterminate length. Please keep in mind that you will probably need to buffer some data, as partial (or multiple) protocol messages may be received! I recommend that unit tests for protocols call through to this method with differing chunk sizes, down to one byte at a time.
    Overrides:
    twisted.internet.protocol.Protocol.dataReceived (inherited documentation)

    makeConnection(self, transport)

    Make a connection to a transport and a server.

    This sets the 'transport' attribute of this Protocol, and calls the connectionMade() callback.
    Overrides:
    twisted.internet.protocol.BaseProtocol.makeConnection (inherited documentation)

    Class Variable Details

    __implements__

    Type:
    tuple
    Value:
    (<class 'twisted.internet.interfaces.ITransport'>,)

    disconnecting

    Type:
    int
    Value:
    0                                                                     

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.Cryptlib_RC4.Cryptlib_RC4-class.html0000700000175000017500000001133110206544646026115 0ustar clintclint tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_RC4 :: Class Cryptlib_RC4
    [show private | hide private]
    [frames | no frames]

    Class Cryptlib_RC4

    RC4 --+
      |
     Cryptlib_RC4

    Method Summary
      __init__(self, key)
      __del__(self)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.TripleDES-module.html0000700000175000017500000000164510206544651024157 0ustar clintclint tlslite.utils.TripleDES
    TripleDES
    Classes
    TripleDES

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.utils.jython_compat-module.html0000700000175000017500000000464610206544651025246 0ustar clintclint tlslite.utils.jython_compat
    jython_compat
    Classes
    CertChainBase
    ReportFuncBase
    SelfTestBase

    Functions
    bytesToString
    concatArrays
    createByteArraySequence
    createByteArrayZeros
    formatExceptionTrace
    getListFromSet
    getSHA1
    iterSet
    numBits
    stringToBytes

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.integration.IntegrationHelper-module.html0000700000175000017500000000672510206544646026417 0ustar clintclint tlslite.integration.IntegrationHelper
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module IntegrationHelper
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.IntegrationHelper

    Classes
    IntegrationHelper  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.ClientHelper-module.html0000700000175000017500000000714510206544647025350 0ustar clintclint tlslite.integration.ClientHelper
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module ClientHelper
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.ClientHelper

    A helper class for using TLS Lite with stdlib clients (httplib, xmlrpclib, imaplib, poplib).
    Classes
    ClientHelper This is a helper class used to integrate TLS Lite with various TLS clients (e.g.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.OpenSSL_RSAKey-module.html0000700000175000017500000000225310206544651025021 0ustar clintclint tlslite.utils.OpenSSL_RSAKey
    OpenSSL_RSAKey
    Classes
    OpenSSL_RSAKey

    Functions
    password_callback

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.integration.XMLRPCTransport.XMLRPCTransport-class.html0000700000175000017500000004265210206544646030456 0ustar clintclint tlslite.integration.XMLRPCTransport.XMLRPCTransport
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module XMLRPCTransport :: Class XMLRPCTransport
    [show private | hide private]
    [frames | no frames]

    Class XMLRPCTransport

       Transport --+
               |
ClientHelper --+
               |
              XMLRPCTransport

    Handles an HTTPS transaction to an XML-RPC server.
    Method Summary
      __init__(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Create a new XMLRPCTransport.
      make_connection(self, host)
        Inherited from Transport
      get_host_info(self, host)
      getparser(self)
      parse_response(self, file)
      request(self, host, handler, request_body, verbose)
      send_content(self, connection, request_body)
      send_host(self, connection, host)
      send_request(self, connection, handler, request_body)
      send_user_agent(self, connection)
      _parse_response(self, file, sock)
        Inherited from ClientHelper
      _handshake(self, tlsConnection)

    Class Variable Summary
        Inherited from Transport
    str user_agent = 'xmlrpclib.py/1.0.1 (by www.pythonware.com)...

    Method Details

    __init__(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    Create a new XMLRPCTransport.

    An instance of this class can be passed to xmlrpclib.ServerProxy to use TLS with XML-RPC calls: 
       from tlslite.api import XMLRPCTransport
   from xmlrpclib import ServerProxy

   transport = XMLRPCTransport(user="alice", password="abra123")
   server = ServerProxy("https://localhost", transport)
    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Thus you should be prepared to handle TLS-specific exceptions when calling methods of xmlrpclib.ServerProxy. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    tlslite.integration.ClientHelper.ClientHelper.__init__

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.VerifierDB-module.html0000700000175000017500000000667110206544647022434 0ustar clintclint tlslite.VerifierDB
       Home       Trees       Index       Help   
    Package tlslite :: Module VerifierDB
    [show private | hide private]
    [frames | no frames]

    Module tlslite.VerifierDB

    Class for storing SRP password verifiers.
    Classes
    VerifierDB This class represent an in-memory or on-disk database of SRP password verifiers.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    ././@LongLink0000000000000000000000000000015600000000000011567 Lustar rootroottlslite-0.3.8/docs/private/tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper-class.htmltlslite-0.3.8/docs/private/tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper-c0000700000175000017500000006672410206544650033147 0ustar clintclint tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSTwistedProtocolWrapper :: Class TLSTwistedProtocolWrapper
    [show private | hide private]
    [frames | no frames]

    Class TLSTwistedProtocolWrapper

       AsyncStateMachine --+
                       |
BaseProtocol --+       |
               |       |
        Protocol --+   |
                   |   |
     ProtocolWrapper --+
                       |
                      TLSTwistedProtocolWrapper

    This class can wrap Twisted protocols to add TLS support.

    Below is a complete example of using TLS Lite with a Twisted echo server.

    There are two server implementations below. Echo is the original protocol, which is oblivious to TLS. Echo1 subclasses Echo and negotiates TLS when the client connects. Echo2 subclasses Echo and negotiates TLS when the client sends "STARTTLS": 
       from twisted.internet.protocol import Protocol, Factory
   from twisted.internet import reactor
   from twisted.protocols.policies import WrappingFactory
   from twisted.protocols.basic import LineReceiver
   from twisted.python import log
   from twisted.python.failure import Failure
   import sys
   from tlslite.api import *

   s = open("./serverX509Cert.pem").read()
   x509 = X509()
   x509.parse(s)
   certChain = X509CertChain([x509])

   s = open("./serverX509Key.pem").read()
   privateKey = parsePEMKey(s, private=True)

   verifierDB = VerifierDB("verifierDB")
   verifierDB.open()

   class Echo(LineReceiver):
       def connectionMade(self):
           self.transport.write("Welcome to the echo server!\r\n")

       def lineReceived(self, line):
           self.transport.write(line + "\r\n")

   class Echo1(Echo):
       def connectionMade(self):
           if not self.transport.tlsStarted:
               self.transport.setServerHandshakeOp(certChain=certChain,
                                                   privateKey=privateKey,
                                                   verifierDB=verifierDB)
           else:
               Echo.connectionMade(self)

       def connectionLost(self, reason):
           pass #Handle any TLS exceptions here

   class Echo2(Echo):
       def lineReceived(self, data):
           if data == "STARTTLS":
               self.transport.setServerHandshakeOp(certChain=certChain,
                                                   privateKey=privateKey,
                                                   verifierDB=verifierDB)
           else:
               Echo.lineReceived(self, data)

       def connectionLost(self, reason):
           pass #Handle any TLS exceptions here

   factory = Factory()
   factory.protocol = Echo1
   #factory.protocol = Echo2

   wrappingFactory = WrappingFactory(factory)
   wrappingFactory.protocol = TLSTwistedProtocolWrapper

   log.startLogging(sys.stdout)
   reactor.listenTCP(1079, wrappingFactory)
   reactor.run()

    This class works as follows:

    Data comes in and is given to the AsyncStateMachine for handling. AsyncStateMachine will forward events to this class, and we'll pass them on to the ProtocolHandler, which will proxy them to the wrapped protocol. The wrapped protocol may then call back into this class, and these calls will be proxied into the AsyncStateMachine.

    The call graph looks like this:
    • self.dataReceived
      • AsyncStateMachine.inReadEvent
        • self.out(Connect|Close|Read)Event

          • ProtocolWrapper.(connectionMade|loseConnection|dataReceived)

            • self.(loseConnection|write|writeSequence)
              • AsyncStateMachine.(setCloseOp|setWriteOp)
    Method Summary
      __init__(self, factory, wrappedProtocol)
      connectionLost(self, reason)
      connectionMade(self)
    Called when a connection is made.
      dataReceived(self, data)
    Called whenever data is received.
      loseConnection(self)
      outCloseEvent(self)
    Called when a close operation completes.
      outConnectEvent(self)
    Called when a handshake operation completes.
      outReadEvent(self, data)
      setServerHandshakeOp(self, **args)
    Start a handshake operation.
      write(self, data)
      writeSequence(self, seq)
        Inherited from ProtocolWrapper
      __getattr__(self, name)
      getHost(self)
      getPeer(self)
      makeConnection(self, transport)
    Make a connection to a transport and a server.
      registerProducer(self, producer, streaming)
      stopConsuming(self)
      unregisterProducer(self)
        Inherited from Protocol
      connectionFailed(self)
    (Deprecated)
        Inherited from AsyncStateMachine
      inReadEvent(self)
    Tell the state machine it can read from the socket.
      inWriteEvent(self)
    Tell the state machine it can write to the socket.
      outWriteEvent(self)
    Called when a write operation completes.
      setCloseOp(self)
    Start a close operation.
      setHandshakeOp(self, handshaker)
    Start a handshake operation.
      setWriteOp(self, writeBuffer)
    Start a write operation.
    bool or None wantsReadEvent(self)
    If the state machine wants to read.
    bool or None wantsWriteEvent(self)
    If the state machine wants to write.
      _checkAssert(self, maxActive)
      _clear(self)
      _doCloseOp(self)
      _doHandshakeOp(self)
      _doReadOp(self)
      _doWriteOp(self)

    Class Variable Summary
        Inherited from ProtocolWrapper
    tuple __implements__ = (<class 'twisted.internet.interfaces.IT...
    int disconnecting = 0                                                                     
        Inherited from BaseProtocol
    int connected = 0                                                                     
    NoneType transport = None                                                                  

    Method Details

    connectionMade(self)

    Called when a connection is made.

    This may be considered the initializer of the protocol, because it is called when the connection is completed. For clients, this is called once the connection to the server has been established; for servers, this is called after an accept() call stops blocking and a socket has been received. If you need to send any greeting or initial message, do it here.
    Overrides:
    twisted.protocols.policies.ProtocolWrapper.connectionMade (inherited documentation)

    dataReceived(self, data)

    Called whenever data is received.

    Use this method to translate to a higher-level message. Usually, some callback will be made upon the receipt of each complete protocol message.
    Parameters:
    data - a string of indeterminate length. Please keep in mind that you will probably need to buffer some data, as partial (or multiple) protocol messages may be received! I recommend that unit tests for protocols call through to this method with differing chunk sizes, down to one byte at a time.
    Overrides:
    twisted.protocols.policies.ProtocolWrapper.dataReceived (inherited documentation)

    outCloseEvent(self)

    Called when a close operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outCloseEvent (inherited documentation)

    outConnectEvent(self)

    Called when a handshake operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outConnectEvent (inherited documentation)

    setServerHandshakeOp(self, **args)

    Start a handshake operation.

    The arguments passed to this function will be forwarded to tlslite.TLSConnection.TLSConnection.handshakeServerAsync.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.setServerHandshakeOp (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.RC4.RC4-class.html0000700000175000017500000001134310206544647022401 0ustar clintclint tlslite.utils.RC4.RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module RC4 :: Class RC4
    [show private | hide private]
    [frames | no frames]

    Class RC4

    Known Subclasses:
    Cryptlib_RC4, OpenSSL_RC4, PyCrypto_RC4, Python_RC4
    Method Summary
      __init__(self, keyBytes, implementation)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.integration.POP3_TLS.POP3_TLS-class.html0000700000175000017500000005211010206544650025301 0ustar clintclint tlslite.integration.POP3_TLS.POP3_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module POP3_TLS :: Class POP3_TLS
    [show private | hide private]
    [frames | no frames]

    Class POP3_TLS

            POP3 --+
               |
ClientHelper --+
               |
              POP3_TLS

    This class extends poplib.POP3 with TLS support.
    Method Summary
      __init__(self, host, port, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Create a new POP3_TLS.
        Inherited from POP3
      apop(self, user, secret)
    Authorisation - only possible if server has supplied a timestamp in initial greeting.
      dele(self, which)
    Delete message number 'which'.
      getwelcome(self)
      list(self, which)
    Request listing, return result.
      noop(self)
    Does nothing.
      pass_(self, pswd)
    Send password, return response
      quit(self)
    Signoff: commit changes on server, unlock mailbox, close connection.
      retr(self, which)
    Retrieve whole message number 'which'.
      rpop(self, user)
    Not sure what this does.
      rset(self)
    Not sure what this does.
      set_debuglevel(self, level)
      stat(self)
    Get mailbox status.
      top(self, which, howmuch)
    Retrieve message header of message number 'which' and first 'howmuch' lines of message body.
      uidl(self, which)
    Return message digest (unique id) list.
      user(self, user)
    Send user name, return response
      _getline(self)
      _getlongresp(self)
      _getresp(self)
      _longcmd(self, line)
      _putcmd(self, line)
      _putline(self, line)
      _shortcmd(self, line)
        Inherited from ClientHelper
      _handshake(self, tlsConnection)

    Class Variable Summary
        Inherited from POP3
    SRE_Pattern timestamp = \+OK.*(<[^>]+>)

    Method Details

    __init__(self, host, port=995, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    Create a new POP3_TLS.

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    host - Server to connect to.
               (type=str)
    port - Port to connect to.
               (type=int)
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    poplib.POP3.__init__

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.hmac.HMAC-class.html0000700000175000017500000001743410206544646023047 0ustar clintclint tlslite.utils.hmac.HMAC
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module hmac :: Class HMAC
    [show private | hide private]
    [frames | no frames]

    Class HMAC

    RFC2104 HMAC class.

    This supports the API for Cryptographic Hash Functions (PEP 247).
    Method Summary
      __init__(self, key, msg, digestmod)
    Create a new HMAC object.
      copy(self)
    Return a separate copy of this hashing object.
      digest(self)
    Return the hash value of this hashing object.
      hexdigest(self)
    Like digest(), but returns a string of hexadecimal digits instead.
      update(self, msg)
    Update this hashing object with the string msg.

    Method Details

    __init__(self, key, msg=None, digestmod=None)
    (Constructor)

    Create a new HMAC object.

    key: key for the keyed hash object. msg: Initial input for the hash, if provided. digestmod: A module supporting PEP 247. Defaults to the md5 module.

    copy(self)

    Return a separate copy of this hashing object.

    An update to this copy won't affect the original object.

    digest(self)

    Return the hash value of this hashing object.

    This returns a string containing 8-bit data. The object is not altered in any way by this function; you can continue updating the object after calling this function.

    hexdigest(self)

    Like digest(), but returns a string of hexadecimal digits instead.

    update(self, msg)

    Update this hashing object with the string msg.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.errors.TLSLocalAlert-class.html0000700000175000017500000002115210206544650024174 0ustar clintclint tlslite.errors.TLSLocalAlert
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSLocalAlert
    [show private | hide private]
    [frames | no frames]

    Class TLSLocalAlert

    Exception --+        
            |        
     TLSError --+    
                |    
         TLSAlert --+
                    |
                   TLSLocalAlert

    A TLS alert has been signalled by the local implementation.
    Method Summary
      __init__(self, alert, message)
      __str__(self)
        Inherited from Exception
      __getitem__(...)

    Instance Variable Summary
    int description: Set to one of the constants in tlslite.constants.AlertDescription
    int level: Set to one of the constants in tlslite.constants.AlertLevel
    str message: Description of what went wrong.

    Class Variable Summary
        Inherited from TLSAlert
    dict _descriptionStr = {0: 'close_notify', 10: 'unexpected_me...

    Instance Variable Details

    description

    Set to one of the constants in tlslite.constants.AlertDescription
    Type:
    int

    level

    Set to one of the constants in tlslite.constants.AlertLevel
    Type:
    int

    message

    Description of what went wrong.
    Type:
    str

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.FileObject.FileObject-class.html0000700000175000017500000002504210206544647024277 0ustar clintclint tlslite.FileObject.FileObject
       Home       Trees       Index       Help   
    Package tlslite :: Module FileObject :: Class FileObject
    [show private | hide private]
    [frames | no frames]

    Class FileObject

    This class provides a file object interface to a tlslite.TLSConnection.TLSConnection.

    Call makefile() on a TLSConnection to create a FileObject instance.

    This class was copied, with minor modifications, from the _fileobject class in socket.py. Note that fileno() is not implemented.
    Method Summary
      __init__(self, sock, mode, bufsize)
      __del__(self)
      __iter__(self)
      close(self)
      flush(self)
      next(self)
      read(self, size)
      readline(self, size)
      readlines(self, sizehint)
      write(self, data)
      writelines(self, list)
      _get_wbuf_len(self)
      _getclosed(self)

    Property Summary
      closed: True if the file is closed

    Class Variable Summary
    int default_bufsize = 16384                                                                 

    Property Details

    closed

    True if the file is closed
    Get Method:
    _getclosed(self)

    Class Variable Details

    default_bufsize

    Type:
    int
    Value:
    16384                                                                 

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.OpenSSL_AES-module.html0000700000175000017500000001007210206544645023551 0ustar clintclint tlslite.utils.OpenSSL_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.OpenSSL_AES

    OpenSSL/M2Crypto AES implementation.
    Classes
    OpenSSL_AES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.messages.CertificateRequest-class.html0000700000175000017500000001353010206544645025662 0ustar clintclint tlslite.messages.CertificateRequest
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class CertificateRequest
    [show private | hide private]
    [frames | no frames]

    Class CertificateRequest

         Msg --+    
           |    
HandshakeMsg --+
               |
              CertificateRequest

    Method Summary
      __init__(self)
      create(self, certificate_types, certificate_authorities)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES-class.html0000700000175000017500000001123610206544647030532 0ustar clintclint tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_TripleDES :: Class PyCrypto_TripleDES
    [show private | hide private]
    [frames | no frames]

    Class PyCrypto_TripleDES

    TripleDES --+
            |
           PyCrypto_TripleDES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.PyCrypto_AES-module.html0000700000175000017500000000217710206544651024646 0ustar clintclint tlslite.utils.PyCrypto_AES
    PyCrypto_AES
    Classes
    PyCrypto_AES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.utils.keyfactory-module.html0000700000175000017500000000371710206544651024546 0ustar clintclint tlslite.utils.keyfactory
    keyfactory
    Functions
    _createPrivateKey
    _createPrivateRSAKey
    _createPublicKey
    _createPublicRSAKey
    _parseKeyHelper
    generateRSAKey
    parseAsPublicKey
    parsePEMKey
    parsePrivateKey
    parseXMLKey

    [show private | hide private] tlslite-0.3.8/docs/private/toc-tlslite.integration.SMTP_TLS-module.html0000700000175000017500000000166610206544651025057 0ustar clintclint tlslite.integration.SMTP_TLS
    SMTP_TLS
    Classes
    SMTP_TLS

    [show private | hide private] tlslite-0.3.8/docs/private/tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES-class.html0000700000175000017500000001173110206544647027716 0ustar clintclint tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_TripleDES :: Class OpenSSL_TripleDES
    [show private | hide private]
    [frames | no frames]

    Class OpenSSL_TripleDES

    TripleDES --+
            |
           OpenSSL_TripleDES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)
      _createContext(self, encrypt)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.utils.dateFuncs-module.html0000700000175000017500000000324210206544651024273 0ustar clintclint tlslite.utils.dateFuncs
    dateFuncs
    Functions
    createDateClass
    getHoursFromNow
    getMinutesFromNow
    getNow
    isDateClassBefore
    isDateClassExpired
    parseDateClass
    printDateClass

    [show private | hide private] tlslite-0.3.8/docs/private/twisted.internet.protocol.Protocol-class.html0000700000175000017500000002566410206544646025570 0ustar clintclint twisted.internet.protocol.Protocol
       Home       Trees       Index       Help   
    Package twisted :: Package internet :: Module protocol :: Class Protocol
    [show private | hide private]
    [frames | no frames]

    Class Protocol

    BaseProtocol --+
               |
              Protocol

    Known Subclasses:
    ProtocolWrapper
    Method Summary
      connectionFailed(self)
    (Deprecated)
      connectionLost(self, reason)
    Called when the connection is shut down.
      dataReceived(self, data)
    Called whenever data is received.
        Inherited from BaseProtocol
      connectionMade(self)
    Called when a connection is made.
      makeConnection(self, transport)
    Make a connection to a transport and a server.

    Class Variable Summary
    tuple __implements__ = (<class 'twisted.internet.interfaces.IP...
        Inherited from BaseProtocol
    int connected = 0                                                                     
    NoneType transport = None                                                                  

    Method Details

    connectionFailed(self)

    (Deprecated)

    This used to be called when the connection was not properly established.

    connectionLost(self, reason=<twisted.python.failure.Failure twisted.internet.error.Co...)

    Called when the connection is shut down.

    Clear any circular references here, and any external references to this Protocol. The connection has been closed.
    Parameters:
    reason
               (type=twisted.python.failure.Failure)

    dataReceived(self, data)

    Called whenever data is received.

    Use this method to translate to a higher-level message. Usually, some callback will be made upon the receipt of each complete protocol message.
    Parameters:
    data - a string of indeterminate length. Please keep in mind that you will probably need to buffer some data, as partial (or multiple) protocol messages may be received! I recommend that unit tests for protocols call through to this method with differing chunk sizes, down to one byte at a time.

    Class Variable Details

    __implements__

    Type:
    tuple
    Value:
    (<class 'twisted.internet.interfaces.IProtocol'>,)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/private/toc-tlslite.X509-module.html0000700000175000017500000000155210206544651021667 0ustar clintclint tlslite.X509
    X509
    Classes
    X509

    [show private | hide private] tlslite-0.3.8/docs/epydoc.css0000700000175000017500000001055410130703477015133 0ustar clintclint /* Body color */ body { background: #ffffff; color: #000000; } /* Tables */ table.summary, table.details, table.index { background: #e8f0f8; color: #000000; } tr.summary, tr.details, tr.index { background: #70b0f0; color: #000000; text-align: left; font-size: 120%; } tr.group { background: #c0e0f8; color: #000000; text-align: left; font-size: 120%; font-style: italic; } /* Documentation page titles */ h2.module { margin-top: 0.2em; } h2.class { margin-top: 0.2em; } /* Headings */ h1.heading { font-size: +140%; font-style: italic; font-weight: bold; } h2.heading { font-size: +125%; font-style: italic; font-weight: bold; } h3.heading { font-size: +110%; font-style: italic; font-weight: normal; } /* Base tree */ pre.base-tree { font-size: 80%; margin: 0; } /* Details Sections */ table.func-details { background: #e8f0f8; color: #000000; border: 2px groove #c0d0d0; padding: 0 1em 0 1em; margin: 0.4em 0 0 0; } h3.func-detail { background: transparent; color: #000000; margin: 0 0 1em 0; } table.var-details { background: #e8f0f8; color: #000000; border: 2px groove #c0d0d0; padding: 0 1em 0 1em; margin: 0.4em 0 0 0; } h3.var-details { background: transparent; color: #000000; margin: 0 0 1em 0; } /* Function signatures */ .sig { background: transparent; color: #000000; font-weight: bold; } .sig-name { background: transparent; color: #006080; } .sig-arg, .sig-kwarg, .sig-vararg { background: transparent; color: #008060; } .sig-default { background: transparent; color: #602000; } .summary-sig { background: transparent; color: #000000; } .summary-sig-name { background: transparent; color: #204080; } .summary-sig-arg, .summary-sig-kwarg, .summary-sig-vararg { background: transparent; color: #008060; } /* Doctest blocks */ .py-src { background: transparent; color: #000000; } .py-prompt { background: transparent; color: #005050; font-weight: bold;} .py-string { background: transparent; color: #006030; } .py-comment { background: transparent; color: #003060; } .py-keyword { background: transparent; color: #600000; } .py-output { background: transparent; color: #404040; } pre.doctestblock { background: #f4faff; color: #000000; padding: .5em; margin: 1em; border: 1px solid #708890; } table pre.doctestblock { background: #dce4ec; color: #000000; padding: .5em; margin: 1em; border: 1px solid #708890; } /* Variable values */ pre.variable { background: #dce4ec; color: #000000; padding: .5em; margin: 0; border: 1px solid #708890; } .variable-linewrap { background: transparent; color: #604000; } .variable-ellipsis { background: transparent; color: #604000; } .variable-quote { background: transparent; color: #604000; } .re { background: transparent; color: #000000; } .re-char { background: transparent; color: #006030; } .re-op { background: transparent; color: #600000; } .re-group { background: transparent; color: #003060; } .re-ref { background: transparent; color: #404040; } /* Navigation bar */ table.navbar { background: #a0c0ff; color: #0000ff; border: 2px groove #c0d0d0; } th.navbar { background: #a0c0ff; color: #0000ff; } th.navselect { background: #70b0ff; color: #000000; } .nomargin { margin: 0; } /* Links */ a:link { background: transparent; color: #0000ff; } a:visited { background: transparent; color: #204080; } a.navbar:link { background: transparent; color: #0000ff; text-decoration: none; } a.navbar:visited { background: transparent; color: #204080; text-decoration: none; } tlslite-0.3.8/docs/index.html0000700000175000017500000000062110206544651015126 0ustar clintclint API Documentation tlslite-0.3.8/docs/public/0000700000175000017500000000000010206516247014405 5ustar clintclinttlslite-0.3.8/docs/public/tlslite.messages.ServerKeyExchange-class.html0000700000175000017500000001452310206544645025260 0ustar clintclint tlslite.messages.ServerKeyExchange
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ServerKeyExchange
    [show private | hide private]
    [frames | no frames]

    Class ServerKeyExchange

         Msg --+    
           |    
HandshakeMsg --+
               |
              ServerKeyExchange

    Method Summary
      __init__(self, cipherSuite)
      createSRP(self, srp_N, srp_g, srp_s, srp_B)
      hash(self, clientRandom, serverRandom)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.HandshakeSettings-module.html0000700000175000017500000000170610206544651024436 0ustar clintclint tlslite.HandshakeSettings
    HandshakeSettings
    Classes
    HandshakeSettings

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.constants.CertificateType-class.html0000700000175000017500000001766310206544647025201 0ustar clintclint tlslite.constants.CertificateType
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class CertificateType
    [show private | hide private]
    [frames | no frames]

    Class CertificateType

    Class Variable Summary
    int cryptoID = 2                                                                     
    int openpgp = 1                                                                     
    int x509 = 0                                                                     

    Class Variable Details

    cryptoID

    Type:
    int
    Value:
    2                                                                     

    openpgp

    Type:
    int
    Value:
    1                                                                     

    x509

    Type:
    int
    Value:
    0                                                                     

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.Cryptlib_AES-module.html0000700000175000017500000000220010206544651024434 0ustar clintclint tlslite.utils.Cryptlib_AES
    Cryptlib_AES
    Classes
    Cryptlib_AES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.messages.ApplicationData-class.html0000700000175000017500000001257710206544645024742 0ustar clintclint tlslite.messages.ApplicationData
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ApplicationData
    [show private | hide private]
    [frames | no frames]

    Class ApplicationData

    Msg --+
      |
     ApplicationData

    Method Summary
      __init__(self)
      create(self, bytes)
      parse(self, p)
      write(self)
        Inherited from Msg
      postWrite(self, w, trial)
      preWrite(self, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.RSAKey.RSAKey-class.html0000700000175000017500000005453310206544647023431 0ustar clintclint tlslite.utils.RSAKey.RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module RSAKey :: Class RSAKey
    [show private | hide private]
    [frames | no frames]

    Class RSAKey

    Known Subclasses:
    OpenSSL_RSAKey, PyCrypto_RSAKey, Python_RSAKey

    This is an abstract base class for RSA keys.

    Particular implementations of RSA keys, such as OpenSSL_RSAKey.OpenSSL_RSAKey, Python_RSAKey.Python_RSAKey, and PyCrypto_RSAKey.PyCrypto_RSAKey, inherit from this.

    To create or parse an RSA key, don't use one of these classes directly. Instead, use the factory functions in tlslite.utils.keyfactory.
    Method Summary
      __init__(self, n, e)
    Create a new RSA key.
    int __len__(self)
    Return the length of this key in bits.
    bool acceptsPassword(self)
    Return True if the write() method accepts a password for use in encrypting the private key.
    array.array of unsigned bytes or None. decrypt(self, encBytes)
    Decrypt the passed-in bytes.
    array.array of unsigned bytes. encrypt(self, bytes)
    Encrypt the passed-in bytes.
    tlslite.utils.RSAKey.RSAKey generate(bits)
    Generate a new key with the specified bit length. (Static method)
    str getSigningAlgorithm(self)
    Return the cryptoID sigAlgo value corresponding to this key.
    str hash(self)
    Return the cryptoID <keyHash> value corresponding to this key.
    array.array of unsigned bytes. hashAndSign(self, bytes)
    Hash and sign the passed-in bytes.
    bool hashAndVerify(self, sigBytes, bytes)
    Hash and verify the passed-in bytes with the signature.
    bool hasPrivateKey(self)
    Return whether or not this key has a private component.
    array.array of unsigned bytes. sign(self, bytes)
    Sign the passed-in bytes.
    bool verify(self, sigBytes, bytes)
    Verify the passed-in bytes with the signature.
    str write(self, password)
    Return a string containing the key.
    str writeXMLPublicKey(self, indent)
    Return a string containing the key.

    Instance Method Details

    __init__(self, n=0, e=0)
    (Constructor)

    Create a new RSA key.

    If n and e are passed in, the new key will be initialized.
    Parameters:
    n - RSA modulus.
               (type=int)
    e - RSA public exponent.
               (type=int)

    __len__(self)
    (Length operator)

    Return the length of this key in bits.
    Returns:
    int

    acceptsPassword(self)

    Return True if the write() method accepts a password for use in encrypting the private key.
    Returns:
    bool

    decrypt(self, encBytes)

    Decrypt the passed-in bytes.

    This requires the key to have a private component. It performs PKCS1 decryption of the passed-in data.
    Parameters:
    encBytes - The value which will be decrypted.
               (type=array.array of unsigned bytes)
    Returns:
    A PKCS1 decryption of the passed-in data or None if the data is not properly formatted.
               (type=array.array of unsigned bytes or None.)

    encrypt(self, bytes)

    Encrypt the passed-in bytes.

    This performs PKCS1 encryption of the passed-in data.
    Parameters:
    bytes - The value which will be encrypted.
               (type=array.array of unsigned bytes)
    Returns:
    A PKCS1 encryption of the passed-in data.
               (type=array.array of unsigned bytes.)

    getSigningAlgorithm(self)

    Return the cryptoID sigAlgo value corresponding to this key.
    Returns:
    str

    hash(self)

    Return the cryptoID <keyHash> value corresponding to this key.
    Returns:
    str

    hashAndSign(self, bytes)

    Hash and sign the passed-in bytes.

    This requires the key to have a private component. It performs a PKCS1-SHA1 signature on the passed-in data.
    Parameters:
    bytes - The value which will be hashed and signed.
               (type=str or array.array of unsigned bytes)
    Returns:
    A PKCS1-SHA1 signature on the passed-in data.
               (type=array.array of unsigned bytes.)

    hashAndVerify(self, sigBytes, bytes)

    Hash and verify the passed-in bytes with the signature.

    This verifies a PKCS1-SHA1 signature on the passed-in data.
    Parameters:
    sigBytes - A PKCS1-SHA1 signature.
               (type=array.array of unsigned bytes)
    bytes - The value which will be hashed and verified.
               (type=str or array.array of unsigned bytes)
    Returns:
    Whether the signature matches the passed-in data.
               (type=bool)

    hasPrivateKey(self)

    Return whether or not this key has a private component.
    Returns:
    bool

    sign(self, bytes)

    Sign the passed-in bytes.

    This requires the key to have a private component. It performs a PKCS1 signature on the passed-in data.
    Parameters:
    bytes - The value which will be signed.
               (type=array.array of unsigned bytes)
    Returns:
    A PKCS1 signature on the passed-in data.
               (type=array.array of unsigned bytes.)

    verify(self, sigBytes, bytes)

    Verify the passed-in bytes with the signature.

    This verifies a PKCS1 signature on the passed-in data.
    Parameters:
    sigBytes - A PKCS1 signature.
               (type=array.array of unsigned bytes)
    bytes - The value which will be verified.
               (type=array.array of unsigned bytes)
    Returns:
    Whether the signature matches the passed-in data.
               (type=bool)

    write(self, password=None)

    Return a string containing the key.
    Returns:
    A string describing the key, in whichever format (PEM or XML) is native to the implementation.
               (type=str)

    writeXMLPublicKey(self, indent='')

    Return a string containing the key.
    Returns:
    A string describing the public key, in XML format.
               (type=str)

    Static Method Details

    generate(bits)

    Generate a new key with the specified bit length.
    Returns:
    tlslite.utils.RSAKey.RSAKey

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration-module.html0000700000175000017500000001077710206544646022603 0ustar clintclint tlslite.integration
       Home       Trees       Index       Help   
    Package tlslite :: Package integration
    [show private | hide private]
    [frames | no frames]

    Package tlslite.integration

    Classes for integrating TLS Lite with other packages.
    Submodules

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Python_RC4.Python_RC4-class.html0000700000175000017500000001070310206544647025106 0ustar clintclint tlslite.utils.Python_RC4.Python_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_RC4 :: Class Python_RC4
    [show private | hide private]
    [frames | no frames]

    Class Python_RC4

    RC4 --+
      |
     Python_RC4

    Method Summary
      __init__(self, key)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.Checker.Checker-class.html0000700000175000017500000002310110206544646022770 0ustar clintclint tlslite.Checker.Checker
       Home       Trees       Index       Help   
    Package tlslite :: Module Checker :: Class Checker
    [show private | hide private]
    [frames | no frames]

    Class Checker

    This class is passed to a handshake function to check the other party's certificate chain.

    If a handshake function completes successfully, but the Checker judges the other party's certificate chain to be missing or inadequate, a subclass of tlslite.errors.TLSAuthenticationError will be raised.

    Currently, the Checker can check either an X.509 or a cryptoID chain (for the latter, cryptoIDlib must be installed).
    Method Summary
      __init__(self, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, checkResumedSession)
    Create a new Checker instance.
      __call__(self, connection)
    Check a TLSConnection.

    Method Details

    __init__(self, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, checkResumedSession=False)
    (Constructor)

    Create a new Checker instance.

    You must pass in one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)
    Parameters:
    cryptoID - A cryptoID which the other party's certificate chain must match. The cryptoIDlib module must be installed. Mutually exclusive with all of the 'x509...' arguments.
               (type=str)
    protocol - A cryptoID protocol URI which the other party's certificate chain must match. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - A hex-encoded X.509 end-entity fingerprint which the other party's end-entity certificate must match. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    checkResumedSession - If resumed sessions should be checked. This defaults to False, on the theory that if the session was checked once, we don't need to bother re-checking it.
               (type=bool)

    __call__(self, connection)
    (Call operator)

    Check a TLSConnection.

    When a Checker is passed to a handshake function, this will be called at the end of the function.
    Parameters:
    connection - The TLSConnection to examine.
               (type=tlslite.TLSConnection.TLSConnection)
    Raises:
    tlslite.errors.TLSAuthenticationError - If the other party's certificate chain is missing or bad.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.integration.IMAP4_TLS-module.html0000700000175000017500000000223410206544651024702 0ustar clintclint tlslite.integration.IMAP4_TLS
    IMAP4_TLS
    Classes
    IMAP4_TLS

    Variables
    IMAP4_TLS_PORT

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.Python_RSAKey-module.html0000700000175000017500000000674110206544650024045 0ustar clintclint tlslite.utils.Python_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_RSAKey
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Python_RSAKey

    Pure-Python RSA implementation.
    Classes
    Python_RSAKey  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.TripleDES-module.html0000700000175000017500000000667210206544645023210 0ustar clintclint tlslite.utils.TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module TripleDES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.TripleDES

    Abstract class for 3DES.
    Classes
    TripleDES  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils-module.html0000700000175000017500000000617710206544651022176 0ustar clintclint tlslite.utils
    utils
    Modules
    AES
    ASN1Parser
    cipherfactory
    codec
    compat
    Cryptlib_AES
    Cryptlib_RC4
    Cryptlib_TripleDES
    dateFuncs
    hmac
    keyfactory
    OpenSSL_AES
    OpenSSL_RC4
    OpenSSL_RSAKey
    OpenSSL_TripleDES
    PyCrypto_AES
    PyCrypto_RC4
    PyCrypto_RSAKey
    PyCrypto_TripleDES
    Python_AES
    Python_RC4
    Python_RSAKey
    RC4
    rijndael
    RSAKey
    TripleDES
    xmltools

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.HandshakeSettings.HandshakeSettings-class.html0000700000175000017500000002266210206544646027111 0ustar clintclint tlslite.HandshakeSettings.HandshakeSettings
       Home       Trees       Index       Help   
    Package tlslite :: Module HandshakeSettings :: Class HandshakeSettings
    [show private | hide private]
    [frames | no frames]

    Class HandshakeSettings

    This class encapsulates various parameters that can be used with a TLS handshake.
    Method Summary
      __init__(self)

    Instance Variable Summary
    int minKeySize: The minimum bit length for asymmetric keys.
    int maxKeySize: The maximum bit length for asymmetric keys.
    list cipherNames: The allowed ciphers, in order of preference.
    list certificateTypes: The allowed certificate types, in order of preference.
    tuple minVersion: The minimum allowed SSL/TLS version.
    tuple maxVersion: The maximum allowed SSL/TLS version.

    Instance Variable Details

    minKeySize

    The minimum bit length for asymmetric keys.

    If the other party tries to use SRP, RSA, or Diffie-Hellman parameters smaller than this length, an alert will be signalled. The default is 1023.
    Type:
    int

    maxKeySize

    The maximum bit length for asymmetric keys.

    If the other party tries to use SRP, RSA, or Diffie-Hellman parameters larger than this length, an alert will be signalled. The default is 8193.
    Type:
    int

    cipherNames

    The allowed ciphers, in order of preference.

    The allowed values in this list are 'aes256', 'aes128', '3des', and 'rc4'. If these settings are used with a client handshake, they determine the order of the ciphersuites offered in the ClientHello message.

    If these settings are used with a server handshake, the server will choose whichever ciphersuite matches the earliest entry in this list.

    NOTE: If '3des' is used in this list, but TLS Lite can't find an add-on library that supports 3DES, then '3des' will be silently removed.

    The default value is ['aes256', 'aes128', '3des', 'rc4'].
    Type:
    list

    certificateTypes

    The allowed certificate types, in order of preference.

    The allowed values in this list are 'x509' and 'cryptoID'. This list is only used with a client handshake. The client will advertise to the server which certificate types are supported, and will check that the server uses one of the appropriate types.

    NOTE: If 'cryptoID' is used in this list, but cryptoIDlib is not installed, then 'cryptoID' will be silently removed.
    Type:
    list

    minVersion

    The minimum allowed SSL/TLS version.

    This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to use a lower version, a protocol_version alert will be signalled. The default is (3,0).
    Type:
    tuple

    maxVersion

    The maximum allowed SSL/TLS version.

    This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to use a higher version, a protocol_version alert will be signalled. The default is (3,2). (WARNING: Some servers may (improperly) reject clients which offer support for TLS 1.1. In this case, try lowering maxVersion to (3,1)).
    Type:
    tuple

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.hmac-module.html0000700000175000017500000001635310206544650022316 0ustar clintclint tlslite.utils.hmac
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module hmac
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.hmac

    HMAC (Keyed-Hashing for Message Authentication) Python module.

    Implements the HMAC algorithm as described by RFC 2104.

    (This file is modified from the standard library version to do faster copying)
    Classes
    HMAC RFC2104 HMAC class.

    Function Summary
      new(key, msg, digestmod)
    Create a new hashing object and return it.

    Variable Summary
    NoneType digest_size = None                                                                  

    Function Details

    new(key, msg=None, digestmod=None)

    Create a new hashing object and return it.

    key: The starting key for the hash. msg: if available, will immediately be hashed into the object's starting state.

    You can now feed arbitrary strings into the object using its update() method, and can ask for the hash value at any time by calling its digest() method.

    Variable Details

    digest_size

    Type:
    NoneType
    Value:
    None                                                                  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.POP3_TLS-module.html0000700000175000017500000001303510206544647024034 0ustar clintclint tlslite.integration.POP3_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module POP3_TLS
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.POP3_TLS

    TLS Lite + poplib.
    Classes
    POP3_TLS This class extends poplib.POP3 with TLS support.

    Variable Summary
    int POP3_TLS_PORT = 995                                                                   

    Variable Details

    POP3_TLS_PORT

    Type:
    int
    Value:
    995                                                                   

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/imaplib.IMAP4-class.html0000700000175000017500000013113610206544645020637 0ustar clintclint imaplib.IMAP4
       Home       Trees       Index       Help   
    Module imaplib :: Class IMAP4
    [show private | hide private]
    [frames | no frames]

    Class IMAP4

    Known Subclasses:
    IMAP4_TLS
    IMAP4 client class.

Instantiate with: IMAP4([host[, port]])

        host - host's name (default: localhost);
        port - port number (default: standard IMAP4 port).

All IMAP4rev1 commands are supported by methods of the same
name (in lower-case).

All arguments to commands are converted to strings, except for
AUTHENTICATE, and the last argument to APPEND which is passed as
an IMAP4 literal.  If necessary (the string contains any
non-printing characters or white-space and isn't enclosed with
either parentheses or double quotes) each string is quoted.
However, the 'password' argument to the LOGIN command is always
quoted.  If you want to avoid having an argument string quoted
(eg: the 'flags' argument to STORE) then enclose the string in
parentheses (eg: "(\Deleted)").

Each command returns a tuple: (type, [data, ...]) where 'type'
is usually 'OK' or 'NO', and 'data' is either the text from the
tagged response, or untagged results from command. Each 'data'
is either a string, or a tuple. If a tuple, then the first part
is the header of the response, and the second part contains
the data (ie: 'literal' value).

Errors raise the exception class <instance>.error("<reason>").
IMAP4 server errors raise <instance>.abort("<reason>"),
which is a sub-class of 'error'. Mailbox status changes
from READ-WRITE to READ-ONLY raise the exception class
<instance>.readonly("<reason>"), which is a sub-class of 'abort'.

"error" exceptions imply a program error.
"abort" exceptions imply the connection should be reset, and
        the command re-tried.
"readonly" exceptions imply the command should be re-tried.

Note: to use this module, you must read the RFCs pertaining
to the IMAP4 protocol, as the semantics of the arguments to
each IMAP4 command are left to the invoker, not to mention
the results.
    Method Summary
      __init__(self, host, port)
      __getattr__(self, attr)
      append(self, mailbox, flags, date_time, message)
    Append message to named mailbox.
      authenticate(self, mechanism, authobject)
    Authenticate command - requires response processing.
      check(self)
    Checkpoint mailbox on server.
      close(self)
    Close currently selected mailbox.
      copy(self, message_set, new_mailbox)
    Copy 'message_set' messages onto end of 'new_mailbox'.
      create(self, mailbox)
    Create new mailbox.
      delete(self, mailbox)
    Delete old mailbox.
      expunge(self)
    Permanently remove deleted items from selected mailbox.
      fetch(self, message_set, message_parts)
    Fetch (parts of) messages.
      getacl(self, mailbox)
    Get the ACLs for a mailbox.
      getquota(self, root)
    Get the quota root's resource usage and limits.
      getquotaroot(self, mailbox)
    Get the list of quota roots for the named mailbox.
      list(self, directory, pattern)
    List mailbox names in directory matching pattern.
      login(self, user, password)
    Identify client using plaintext password.
      login_cram_md5(self, user, password)
    Force use of CRAM-MD5 authentication.
      logout(self)
    Shutdown connection to server.
      lsub(self, directory, pattern)
    List 'subscribed' mailbox names in directory matching pattern.
      namespace(self)
    Returns IMAP namespaces ala rfc2342
      noop(self)
    Send NOOP command.
      open(self, host, port)
    Setup connection to remote server on "host:port" (default: localhost:standard IMAP4 port).
      partial(self, message_num, message_part, start, length)
    Fetch truncated part of a message.
      print_log(self)
      proxyauth(self, user)
    Assume authentication as "user".
      read(self, size)
    Read 'size' bytes from remote.
      readline(self)
    Read line from remote.
      recent(self)
    Return most recent 'RECENT' responses if any exist, else prompt server for an update using the 'NOOP' command.
      rename(self, oldmailbox, newmailbox)
    Rename old mailbox name to new.
      response(self, code)
    Return data for response 'code' if received, or None.
      search(self, charset, *criteria)
    Search mailbox for matching messages.
      select(self, mailbox, readonly)
    Select a mailbox.
      send(self, data)
    Send data to remote.
      setacl(self, mailbox, who, what)
    Set a mailbox acl.
      setquota(self, root, limits)
    Set the quota root's resource limits.
      shutdown(self)
    Close I/O established in "open".
      socket(self)
    Return socket instance used to connect to IMAP4 server.
      sort(self, sort_criteria, charset, *search_criteria)
    IMAP4rev1 extension SORT command.
      status(self, mailbox, names)
    Request named status conditions for mailbox.
      store(self, message_set, command, flags)
    Alters flag dispositions for messages in mailbox.
      subscribe(self, mailbox)
    Subscribe to new mailbox.
      uid(self, command, *args)
    Execute "command arg ..." with messages identified by UID, rather than message number.
      unsubscribe(self, mailbox)
    Unsubscribe from old mailbox.
      xatom(self, name, *args)
    Allow simple extension commands notified by server in CAPABILITY response.

    Class Variable Summary
    SRE_Pattern mustquote = [^\w!#\$%&'\*\+,\.:;<=>\?\^`\|~-]

    Method Details

    append(self, mailbox, flags, date_time, message) 

    Append message to named mailbox.

(typ, [data]) = <instance>.append(mailbox, flags, date_time, message)

        All args except `message' can be None.

    authenticate(self, mechanism, authobject) 

    Authenticate command - requires response processing.

'mechanism' specifies which authentication mechanism is to
be used - it must appear in <instance>.capabilities in the
form AUTH=<mechanism>.

'authobject' must be a callable object:

        data = authobject(response)

It will be called to process server continuation responses.
It should return data that will be encoded and sent to server.
It should return None if the client abort response '*' should
be sent instead.

    check(self)

    Checkpoint mailbox on server.

    (typ, [data]) = <instance>.check()

    close(self)

    Close currently selected mailbox.

    Deleted messages are removed from writable mailbox. This is the recommended command before 'LOGOUT'.

    (typ, [data]) = <instance>.close()

    copy(self, message_set, new_mailbox)

    Copy 'message_set' messages onto end of 'new_mailbox'.

    (typ, [data]) = <instance>.copy(message_set, new_mailbox)

    create(self, mailbox)

    Create new mailbox.

    (typ, [data]) = <instance>.create(mailbox)

    delete(self, mailbox)

    Delete old mailbox.

    (typ, [data]) = <instance>.delete(mailbox)

    expunge(self)

    Permanently remove deleted items from selected mailbox.

    Generates 'EXPUNGE' response for each deleted message.

    (typ, [data]) = <instance>.expunge()

    'data' is list of 'EXPUNGE'd message numbers in order received.

    fetch(self, message_set, message_parts)

    Fetch (parts of) messages.

    (typ, [data, ...]) = <instance>.fetch(message_set, message_parts)

    'message_parts' should be a string of selected parts enclosed in parentheses, eg: "(UID BODY[TEXT])".

    'data' are tuples of message part envelope and data.

    getacl(self, mailbox)

    Get the ACLs for a mailbox.

    (typ, [data]) = <instance>.getacl(mailbox)

    getquota(self, root)

    Get the quota root's resource usage and limits.

    Part of the IMAP4 QUOTA extension defined in rfc2087.

    (typ, [data]) = <instance>.getquota(root)

    getquotaroot(self, mailbox)

    Get the list of quota roots for the named mailbox.

    (typ, [[QUOTAROOT responses...], [QUOTA responses]]) = <instance>.getquotaroot(mailbox)

    list(self, directory='""', pattern='*')

    List mailbox names in directory matching pattern.

    (typ, [data]) = <instance>.list(directory='""', pattern='*')

    'data' is list of LIST responses.

    login(self, user, password)

    Identify client using plaintext password.

    (typ, [data]) = <instance>.login(user, password)

    NB: 'password' will be quoted.

    login_cram_md5(self, user, password)

    Force use of CRAM-MD5 authentication.

    (typ, [data]) = <instance>.login_cram_md5(user, password)

    logout(self)

    Shutdown connection to server.

    (typ, [data]) = <instance>.logout()

    Returns server 'BYE' response.

    lsub(self, directory='""', pattern='*')

    List 'subscribed' mailbox names in directory matching pattern.

    (typ, [data, ...]) = <instance>.lsub(directory='""', pattern='*')

    'data' are tuples of message part envelope and data.

    namespace(self)

    Returns IMAP namespaces ala rfc2342

    (typ, [data, ...]) = <instance>.namespace()

    noop(self)

    Send NOOP command.

    (typ, [data]) = <instance>.noop()

    open(self, host='', port=143) 

    Setup connection to remote server on "host:port"
    (default: localhost:standard IMAP4 port).
This connection will be used by the routines:
    read, readline, send, shutdown.

    partial(self, message_num, message_part, start, length)

    Fetch truncated part of a message.

    (typ, [data, ...]) = <instance>.partial(message_num, message_part, start, length)

    'data' is tuple of message part envelope and data.

    proxyauth(self, user)

    Assume authentication as "user".

    Allows an authorised administrator to proxy into any user's mailbox.

    (typ, [data]) = <instance>.proxyauth(user)

    read(self, size)

    Read 'size' bytes from remote.

    readline(self)

    Read line from remote.

    recent(self)

    Return most recent 'RECENT' responses if any exist, else prompt server for an update using the 'NOOP' command.

    (typ, [data]) = <instance>.recent()

    'data' is None if no new messages, else list of RECENT responses, most recent last.

    rename(self, oldmailbox, newmailbox)

    Rename old mailbox name to new.

    (typ, [data]) = <instance>.rename(oldmailbox, newmailbox)

    response(self, code)

    Return data for response 'code' if received, or None.

    Old value for response 'code' is cleared.

    (code, [data]) = <instance>.response(code)

    search(self, charset, *criteria)

    Search mailbox for matching messages.

    (typ, [data]) = <instance>.search(charset, criterion, ...)

    'data' is space separated list of matching message numbers.

    select(self, mailbox='INBOX', readonly=None)

    Select a mailbox.

    Flush all untagged responses.

    (typ, [data]) = <instance>.select(mailbox='INBOX', readonly=None)

    'data' is count of messages in mailbox ('EXISTS' response).

    send(self, data)

    Send data to remote.

    setacl(self, mailbox, who, what)

    Set a mailbox acl.

    (typ, [data]) = <instance>.create(mailbox, who, what)

    setquota(self, root, limits)

    Set the quota root's resource limits.

    (typ, [data]) = <instance>.setquota(root, limits)

    shutdown(self)

    Close I/O established in "open".

    socket(self)

    Return socket instance used to connect to IMAP4 server.

    socket = <instance>.socket()

    sort(self, sort_criteria, charset, *search_criteria)

    IMAP4rev1 extension SORT command.

    (typ, [data]) = <instance>.sort(sort_criteria, charset, search_criteria, ...)

    status(self, mailbox, names)

    Request named status conditions for mailbox.

    (typ, [data]) = <instance>.status(mailbox, names)

    store(self, message_set, command, flags)

    Alters flag dispositions for messages in mailbox.

    (typ, [data]) = <instance>.store(message_set, command, flags)

    subscribe(self, mailbox)

    Subscribe to new mailbox.

    (typ, [data]) = <instance>.subscribe(mailbox)

    uid(self, command, *args) 

    Execute "command arg ..." with messages identified by UID,
        rather than message number.

(typ, [data]) = <instance>.uid(command, arg1, arg2, ...)

Returns response appropriate to 'command'.

    unsubscribe(self, mailbox)

    Unsubscribe from old mailbox.

    (typ, [data]) = <instance>.unsubscribe(mailbox)

    xatom(self, name, *args) 

    Allow simple extension commands
        notified by server in CAPABILITY response.

Assumes command is legal in current state.

(typ, [data]) = <instance>.xatom(name, arg, ...)

Returns response appropriate to extension command `name'.

    Class Variable Details

    mustquote

    Type:
    SRE_Pattern
    Value:
    [^\w!#\$%&'\*\+,\.:;<=>\?\^`\|~-]

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.ASN1Parser-module.html0000700000175000017500000000670110206544646023266 0ustar clintclint tlslite.utils.ASN1Parser
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module ASN1Parser
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.ASN1Parser

    Class for parsing ASN.1
    Classes
    ASN1Parser  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.codec-module.html0000700000175000017500000000710710206544650022460 0ustar clintclint tlslite.utils.codec
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module codec
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.codec

    Classes for reading/writing binary data (such as TLS records).
    Classes
    Parser  
    Writer  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.constants.HandshakeType-class.html0000700000175000017500000004442510206544647024641 0ustar clintclint tlslite.constants.HandshakeType
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class HandshakeType
    [show private | hide private]
    [frames | no frames]

    Class HandshakeType

    Class Variable Summary
    int certificate = 11                                                                    
    int certificate_request = 13                                                                    
    int certificate_verify = 15                                                                    
    int client_hello = 1                                                                     
    int client_key_exchange = 16                                                                    
    int finished = 20                                                                    
    int hello_request = 0                                                                     
    int server_hello = 2                                                                     
    int server_hello_done = 14                                                                    
    int server_key_exchange = 12                                                                    

    Class Variable Details

    certificate

    Type:
    int
    Value:
    11                                                                    

    certificate_request

    Type:
    int
    Value:
    13                                                                    

    certificate_verify

    Type:
    int
    Value:
    15                                                                    

    client_hello

    Type:
    int
    Value:
    1                                                                     

    client_key_exchange

    Type:
    int
    Value:
    16                                                                    

    finished

    Type:
    int
    Value:
    20                                                                    

    hello_request

    Type:
    int
    Value:
    0                                                                     

    server_hello

    Type:
    int
    Value:
    2                                                                     

    server_hello_done

    Type:
    int
    Value:
    14                                                                    

    server_key_exchange

    Type:
    int
    Value:
    12                                                                    

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.ChangeCipherSpec-class.html0000700000175000017500000001260510206544645025030 0ustar clintclint tlslite.messages.ChangeCipherSpec
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ChangeCipherSpec
    [show private | hide private]
    [frames | no frames]

    Class ChangeCipherSpec

    Msg --+
      |
     ChangeCipherSpec

    Method Summary
      __init__(self)
      create(self)
      parse(self, p)
      write(self, trial)
        Inherited from Msg
      postWrite(self, w, trial)
      preWrite(self, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/smtplib.SMTP-class.html0000700000175000017500000010741210206544645020645 0ustar clintclint smtplib.SMTP
       Home       Trees       Index       Help   
    Module smtplib :: Class SMTP
    [show private | hide private]
    [frames | no frames]

    Class SMTP

    Known Subclasses:
    SMTP_TLS
    This class manages a connection to an SMTP or ESMTP server.
SMTP Objects:
    SMTP objects have the following attributes:
        helo_resp
            This is the message given by the server in response to the
            most recent HELO command.

        ehlo_resp
            This is the message given by the server in response to the
            most recent EHLO command. This is usually multiline.

        does_esmtp
            This is a True value _after you do an EHLO command_, if the
            server supports ESMTP.

        esmtp_features
            This is a dictionary, which, if the server supports ESMTP,
            will _after you do an EHLO command_, contain the names of the
            SMTP service extensions this server supports, and their
            parameters (if any).

            Note, all extension names are mapped to lower case in the
            dictionary.

    See each method's docstrings for details.  In general, there is a
    method of the same name to perform each SMTP command.  There is also a
    method called 'sendmail' that will do an entire mail transaction.
    Method Summary
      __init__(self, host, port, local_hostname)
    Initialize a new instance.
      close(self)
    Close the connection to the SMTP server.
      connect(self, host, port)
    Connect to a host on a given port.
      data(self, msg)
    SMTP 'DATA' command -- sends message data to server.
      docmd(self, cmd, args)
    Send a command, and return its response code.
      ehlo(self, name)
    SMTP 'ehlo' command.
      expn(self, address)
    SMTP 'verify' command -- checks for address validity.
      getreply(self)
    Get a reply from the server.
      has_extn(self, opt)
    Does the server support a given SMTP service extension?
      helo(self, name)
    SMTP 'helo' command.
      help(self, args)
    SMTP 'help' command.
      login(self, user, password)
    Log in on an SMTP server that requires authentication.
      mail(self, sender, options)
    SMTP 'mail' command -- begins mail xfer session.
      noop(self)
    SMTP 'noop' command -- doesn't do anything :>
      putcmd(self, cmd, args)
    Send a command to the server.
      quit(self)
    Terminate the SMTP session.
      rcpt(self, recip, options)
    SMTP 'rcpt' command -- indicates 1 recipient for this mail.
      rset(self)
    SMTP 'rset' command -- resets session.
      send(self, str)
    Send `str' to the server.
      sendmail(self, from_addr, to_addrs, msg, mail_options, rcpt_options)
    This command performs an entire mail transaction.
      set_debuglevel(self, debuglevel)
    Set the debug output level.
      starttls(self, keyfile, certfile)
    Puts the connection to the SMTP server into TLS mode.
      verify(self, address)
    SMTP 'verify' command -- checks for address validity.
      vrfy(self, address)
    SMTP 'verify' command -- checks for address validity.

    Class Variable Summary
    int debuglevel = 0                                                                     
    int does_esmtp = 0                                                                     
    NoneType ehlo_resp = None                                                                  
    NoneType file = None                                                                  
    NoneType helo_resp = None                                                                  

    Method Details

    __init__(self, host='', port=0, local_hostname=None)
    (Constructor)

    Initialize a new instance.

    If specified, `host' is the name of the remote host to which to connect. If specified, `port' specifies the port to which to connect. By default, smtplib.SMTP_PORT is used. An SMTPConnectError is raised if the specified `host' doesn't respond correctly. If specified, `local_hostname` is used as the FQDN of the local host. By default, the local hostname is found using socket.getfqdn().

    close(self)

    Close the connection to the SMTP server.

    connect(self, host='localhost', port=0)

    Connect to a host on a given port.

    If the hostname ends with a colon (`:') followed by a number, and there is no port specified, that suffix will be stripped off and the number interpreted as the port number to use.

    Note: This method is automatically invoked by __init__, if a host is specified during instantiation.

    data(self, msg)

    SMTP 'DATA' command -- sends message data to server.

    Automatically quotes lines beginning with a period per rfc821. Raises SMTPDataError if there is an unexpected reply to the DATA command; the return value from this method is the final response code received when the all data is sent.

    docmd(self, cmd, args='')

    Send a command, and return its response code.

    ehlo(self, name='')

    SMTP 'ehlo' command. Hostname to send for this command defaults to the FQDN of the local host.

    expn(self, address)

    SMTP 'verify' command -- checks for address validity.

    getreply(self)

    Get a reply from the server.

    Returns a tuple consisting of:
    • server response code (e.g. '250', or such, if all goes well) Note: returns -1 if it can't read response code.
    • server response string corresponding to response code (multiline responses are converted to a single, multiline string).
    Raises SMTPServerDisconnected if end-of-file is reached.

    has_extn(self, opt)

    Does the server support a given SMTP service extension?

    helo(self, name='')

    SMTP 'helo' command. Hostname to send for this command defaults to the FQDN of the local host.

    help(self, args='')

    SMTP 'help' command. Returns help text from server.

    login(self, user, password) 

    Log in on an SMTP server that requires authentication.

The arguments are:
    - user:     The user name to authenticate with.
    - password: The password for the authentication.

If there has been no previous EHLO or HELO command this session, this
method tries ESMTP EHLO first.

This method will return normally if the authentication was successful.

This method may raise the following exceptions:

 SMTPHeloError            The server didn't reply properly to
                          the helo greeting.
 SMTPAuthenticationError  The server didn't accept the username/
                          password combination.
 SMTPException            No suitable authentication method was
                          found.

    mail(self, sender, options=[])

    SMTP 'mail' command -- begins mail xfer session.

    noop(self)

    SMTP 'noop' command -- doesn't do anything :>

    putcmd(self, cmd, args='')

    Send a command to the server.

    quit(self)

    Terminate the SMTP session.

    rcpt(self, recip, options=[])

    SMTP 'rcpt' command -- indicates 1 recipient for this mail.

    rset(self)

    SMTP 'rset' command -- resets session.

    send(self, str)

    Send `str' to the server.

    sendmail(self, from_addr, to_addrs, msg, mail_options=[], rcpt_options=[]) 

    This command performs an entire mail transaction.

The arguments are:
    - from_addr    : The address sending this mail.
    - to_addrs     : A list of addresses to send this mail to.  A bare
                     string will be treated as a list with 1 address.
    - msg          : The message to send.
    - mail_options : List of ESMTP options (such as 8bitmime) for the
                     mail command.
    - rcpt_options : List of ESMTP options (such as DSN commands) for
                     all the rcpt commands.

If there has been no previous EHLO or HELO command this session, this
method tries ESMTP EHLO first.  If the server does ESMTP, message size
and each of the specified options will be passed to it.  If EHLO
fails, HELO will be tried and ESMTP options suppressed.

This method will return normally if the mail is accepted for at least
one recipient.  It returns a dictionary, with one entry for each
recipient that was refused.  Each entry contains a tuple of the SMTP
error code and the accompanying error message sent by the server.

This method may raise the following exceptions:

 SMTPHeloError          The server didn't reply properly to
                        the helo greeting.
 SMTPRecipientsRefused  The server rejected ALL recipients
                        (no mail was sent).
 SMTPSenderRefused      The server didn't accept the from_addr.
 SMTPDataError          The server replied with an unexpected
                        error code (other than a refusal of
                        a recipient).

Note: the connection will be open even after an exception is raised.

Example:

 >>> import smtplib
 >>> s=smtplib.SMTP("localhost")
 >>> tolist=["one@one.org","two@two.org","three@three.org","four@four.org"]
 >>> msg = '''\
 ... From: Me@my.org
 ... Subject: testin'...
 ...
 ... This is a test '''
 >>> s.sendmail("me@my.org",tolist,msg)
 { "three@three.org" : ( 550 ,"User unknown" ) }
 >>> s.quit()

In the above example, the message was accepted for delivery to three
of the four addresses, and one was rejected, with the error code
550.  If all addresses are accepted, then the method will return an
empty dictionary.

    set_debuglevel(self, debuglevel)

    Set the debug output level.

    A non-false value results in debug messages for connection and for all messages sent to and received from the server.

    starttls(self, keyfile=None, certfile=None)

    Puts the connection to the SMTP server into TLS mode.

    If the server supports TLS, this will encrypt the rest of the SMTP session. If you provide the keyfile and certfile parameters, the identity of the SMTP server and client can be checked. This, however, depends on whether the socket module really checks the certificates.

    verify(self, address)

    SMTP 'verify' command -- checks for address validity.

    vrfy(self, address)

    SMTP 'verify' command -- checks for address validity.

    Class Variable Details

    debuglevel

    Type:
    int
    Value:
    0                                                                     

    does_esmtp

    Type:
    int
    Value:
    0                                                                     

    ehlo_resp

    Type:
    NoneType
    Value:
    None                                                                  

    file

    Type:
    NoneType
    Value:
    None                                                                  

    helo_resp

    Type:
    NoneType
    Value:
    None                                                                  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.Finished-class.html0000700000175000017500000001340710206544646023430 0ustar clintclint tlslite.messages.Finished
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class Finished
    [show private | hide private]
    [frames | no frames]

    Class Finished

         Msg --+    
           |    
HandshakeMsg --+
               |
              Finished

    Method Summary
      __init__(self, version)
      create(self, verify_data)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.X509CertChain-module.html0000700000175000017500000000165210206544651023255 0ustar clintclint tlslite.X509CertChain
    X509CertChain
    Classes
    X509CertChain

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.mathtls-module.html0000700000175000017500000000352410206544651022503 0ustar clintclint tlslite.mathtls
    mathtls
    Classes
    MAC_SSL

    Functions
    makeK
    makeU
    makeVerifier
    makeX
    P_hash
    PAD
    PRF
    PRF_SSL

    Variables
    goodGroupParameters

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.PyCrypto_AES.PyCrypto_AES-class.html0000700000175000017500000001107710206544647025773 0ustar clintclint tlslite.utils.PyCrypto_AES.PyCrypto_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_AES :: Class PyCrypto_AES
    [show private | hide private]
    [frames | no frames]

    Class PyCrypto_AES

    AES --+
      |
     PyCrypto_AES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Cryptlib_RC4-module.html0000700000175000017500000000772510206544645023655 0ustar clintclint tlslite.utils.Cryptlib_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Cryptlib_RC4

    Cryptlib RC4 implementation.
    Classes
    Cryptlib_RC4  

    Function Summary
      new(key)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.TLSConnection-module.html0000700000175000017500000000671010206544645022731 0ustar clintclint tlslite.TLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSConnection
    [show private | hide private]
    [frames | no frames]

    Module tlslite.TLSConnection

    MAIN CLASS FOR TLS LITE (START HERE!).
    Classes
    TLSConnection This class wraps a socket and provides TLS handshaking and data transfer.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages-module.html0000700000175000017500000001270510206544645022057 0ustar clintclint tlslite.messages
       Home       Trees       Index       Help   
    Package tlslite :: Module messages
    [show private | hide private]
    [frames | no frames]

    Module tlslite.messages

    Classes representing TLS messages.
    Classes
    Alert  
    ApplicationData  
    Certificate  
    CertificateRequest  
    CertificateVerify  
    ChangeCipherSpec  
    ClientHello  
    ClientKeyExchange  
    Finished  
    HandshakeMsg  
    Msg  
    RecordHeader2  
    RecordHeader3  
    ServerHello  
    ServerHelloDone  
    ServerKeyExchange  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.codec.Writer-class.html0000700000175000017500000001141510206544645023554 0ustar clintclint tlslite.utils.codec.Writer
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module codec :: Class Writer
    [show private | hide private]
    [frames | no frames]

    Class Writer

    Method Summary
      __init__(self, length)
      add(self, x, length)
      addFixSeq(self, seq, length)
      addVarSeq(self, seq, length, lengthLength)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.mathtls.MAC_SSL-class.html0000700000175000017500000001733510206544645022670 0ustar clintclint tlslite.mathtls.MAC_SSL
       Home       Trees       Index       Help   
    Package tlslite :: Module mathtls :: Class MAC_SSL
    [show private | hide private]
    [frames | no frames]

    Class MAC_SSL

    MAC_SSL class.

    This supports the API for Cryptographic Hash Functions (PEP 247).
    Method Summary
      __init__(self, key, msg, digestmod)
    Create a new MAC_SSL object.
      copy(self)
    Return a separate copy of this hashing object.
      digest(self)
    Return the hash value of this hashing object.
      hexdigest(self)
    Like digest(), but returns a string of hexadecimal digits instead.
      update(self, msg)
    Update this hashing object with the string msg.

    Method Details

    __init__(self, key, msg=None, digestmod=None)
    (Constructor)

    Create a new MAC_SSL object.

    key: key for the keyed hash object. msg: Initial input for the hash, if provided. digestmod: A module supporting PEP 247. Defaults to the md5 module.

    copy(self)

    Return a separate copy of this hashing object.

    An update to this copy won't affect the original object.

    digest(self)

    Return the hash value of this hashing object.

    This returns a string containing 8-bit data. The object is not altered in any way by this function; you can continue updating the object after calling this function.

    hexdigest(self)

    Like digest(), but returns a string of hexadecimal digits instead.

    update(self, msg)

    Update this hashing object with the string msg.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.cipherfactory-module.html0000700000175000017500000002347610206544647024262 0ustar clintclint tlslite.utils.cipherfactory
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module cipherfactory
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.cipherfactory

    Factory functions for symmetric cryptography.
    Function Summary
    tlslite.utils.AES createAES(key, IV, implList)
    Create a new AES object.
    tlslite.utils.RC4 createRC4(key, IV, implList)
    Create a new RC4 object.
    tlslite.utils.TripleDES createTripleDES(key, IV, implList)
    Create a new 3DES object.

    Variable Summary
    bool tripleDESPresent = True

    Function Details

    createAES(key, IV, implList=None)

    Create a new AES object.
    Parameters:
    key - A 16, 24, or 32 byte string.
               (type=str)
    IV - A 16 byte string
               (type=str)
    Returns:
    An AES object.
               (type=tlslite.utils.AES)

    createRC4(key, IV, implList=None)

    Create a new RC4 object.
    Parameters:
    key - A 16 to 32 byte string.
               (type=str)
    IV - Ignored, whatever it is.
               (type=object)
    Returns:
    An RC4 object.
               (type=tlslite.utils.RC4)

    createTripleDES(key, IV, implList=None)

    Create a new 3DES object.
    Parameters:
    key - A 24 byte string.
               (type=str)
    IV - An 8 byte string
               (type=str)
    Returns:
    A 3DES object.
               (type=tlslite.utils.TripleDES)

    Variable Details

    tripleDESPresent

    Type:
    bool
    Value:
    True

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.errors.TLSFaultError-class.html0000700000175000017500000001146310206544650024047 0ustar clintclint tlslite.errors.TLSFaultError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSFaultError
    [show private | hide private]
    [frames | no frames]

    Class TLSFaultError

    Exception --+    
            |    
     TLSError --+
                |
               TLSFaultError

    The other party responded incorrectly to an induced fault.

    This exception will only occur during fault testing, when a TLSConnection's fault variable is set to induce some sort of faulty behavior, and the other party doesn't respond appropriately.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.hmac-module.html0000700000175000017500000000241510206544651023074 0ustar clintclint tlslite.utils.hmac
    hmac
    Classes
    HMAC

    Functions
    new

    Variables
    digest_size

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.Cryptlib_AES.Cryptlib_AES-class.html0000700000175000017500000001150010206544647025760 0ustar clintclint tlslite.utils.Cryptlib_AES.Cryptlib_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_AES :: Class Cryptlib_AES
    [show private | hide private]
    [frames | no frames]

    Class Cryptlib_AES

    AES --+
      |
     Cryptlib_AES

    Method Summary
      __init__(self, key, mode, IV)
      __del__(self)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.PyCrypto_RC4.PyCrypto_RC4-class.html0000700000175000017500000001073110206544645025725 0ustar clintclint tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_RC4 :: Class PyCrypto_RC4
    [show private | hide private]
    [frames | no frames]

    Class PyCrypto_RC4

    RC4 --+
      |
     PyCrypto_RC4

    Method Summary
      __init__(self, key)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.Python_RSAKey-module.html0000700000175000017500000000170210206544651024621 0ustar clintclint tlslite.utils.Python_RSAKey
    Python_RSAKey
    Classes
    Python_RSAKey

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.compat-module.html0000700000175000017500000001237010206544647022672 0ustar clintclint tlslite.utils.compat
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module compat
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.compat

    Miscellaneous functions to mask Python version differences.
    Function Summary
      bytesToString(bytes)
      concatArrays(a1, a2)
      createByteArraySequence(seq)
      createByteArrayZeros(howMany)
      formatExceptionTrace(e)
      numBits(n)
      stringToBytes(s)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.messages-module.html0000700000175000017500000000444510206544651022641 0ustar clintclint tlslite.messages
    messages
    Classes
    Alert
    ApplicationData
    Certificate
    CertificateRequest
    CertificateVerify
    ChangeCipherSpec
    ClientHello
    ClientKeyExchange
    Finished
    HandshakeMsg
    Msg
    RecordHeader2
    RecordHeader3
    ServerHello
    ServerHelloDone
    ServerKeyExchange

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.mathtls-module.html0000700000175000017500000002306410206544646021725 0ustar clintclint tlslite.mathtls
       Home       Trees       Index       Help   
    Package tlslite :: Module mathtls
    [show private | hide private]
    [frames | no frames]

    Module tlslite.mathtls

    Miscellaneous helper functions.
    Classes
    MAC_SSL MAC_SSL class.

    Function Summary
      makeK(N, g)
      makeU(N, A, B)
      makeVerifier(username, password, bits)
      makeX(salt, username, password)
      P_hash(hashModule, secret, seed, length)
      PAD(n, x)
      PRF(secret, label, seed, length)
      PRF_SSL(secret, seed, length)

    Variable Summary
    list goodGroupParameters = [(2, 16760943441033506134513952376...

    Variable Details

    goodGroupParameters

    Type:
    list
    Value:
    [(2,
  16760943441033506134513952376435009026013552532981390455742093030980\
0865859473551531551523800013916573891864789934747039010546328480848979\
5166376737766056103746694262147761978284926913845194532182537027880222\
3320568363583162691335715494191412998548952262990254076836840948224829\
0641036967659389658897350067939L),
 (2,
  14869981859231282928165073536194095211524576625963800746148189668102\
...

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection-class.html0000700000175000017500000003145210206544646031551 0ustar clintclint tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module HTTPTLSConnection :: Class HTTPBaseTLSConnection
    [show private | hide private]
    [frames | no frames]

    Class HTTPBaseTLSConnection

    HTTPConnection --+
                 |
                HTTPBaseTLSConnection

    Known Subclasses:
    HTTPTLSConnection
    This abstract class provides a framework for adding TLS support to httplib.
    Method Summary
      __init__(self, host, port, strict)
      connect(self)
    Connect to the host and port specified in __init__.
        Inherited from HTTPConnection
      close(self)
    Close the connection to the HTTP server.
      endheaders(self)
    Indicate that the last header line has been sent to the server.
      getresponse(self)
    Get the response from the server.
      putheader(self, header, value)
    Send a request header line to the server.
      putrequest(self, method, url, skip_host)
    Send a request to the server.
      request(self, method, url, body, headers)
    Send a complete request to the server.
      send(self, str)
    Send `str' to the server.
      set_debuglevel(self, level)

    Class Variable Summary
    int default_port = 443                                                                   
        Inherited from HTTPConnection
    int auto_open = 1                                                                     
    int debuglevel = 0                                                                     
    int strict = 0                                                                     

    Method Details

    connect(self)

    Connect to the host and port specified in __init__.
    Overrides:
    httplib.HTTPConnection.connect (inherited documentation)

    Class Variable Details

    default_port

    Type:
    int
    Value:
    443                                                                   

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.HTTPTLSConnection.HTTPTLSConnection-class.html0000700000175000017500000004736510206544646030770 0ustar clintclint tlslite.integration.HTTPTLSConnection.HTTPTLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module HTTPTLSConnection :: Class HTTPTLSConnection
    [show private | hide private]
    [frames | no frames]

    Class HTTPTLSConnection

       HTTPConnection --+    
                    |    
HTTPBaseTLSConnection --+
                        |
         ClientHelper --+
                        |
                       HTTPTLSConnection

    This class extends HTTPBaseTLSConnection to support the common types of handshaking.
    Method Summary
      __init__(self, host, port, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Create a new HTTPTLSConnection.
        Inherited from HTTPBaseTLSConnection
      connect(self)
    Connect to the host and port specified in __init__.
        Inherited from HTTPConnection
      close(self)
    Close the connection to the HTTP server.
      endheaders(self)
    Indicate that the last header line has been sent to the server.
      getresponse(self)
    Get the response from the server.
      putheader(self, header, value)
    Send a request header line to the server.
      putrequest(self, method, url, skip_host)
    Send a request to the server.
      request(self, method, url, body, headers)
    Send a complete request to the server.
      send(self, str)
    Send `str' to the server.
      set_debuglevel(self, level)

    Class Variable Summary
        Inherited from HTTPBaseTLSConnection
    int default_port = 443                                                                   
        Inherited from HTTPConnection
    int auto_open = 1                                                                     
    int debuglevel = 0                                                                     
    int strict = 0                                                                     

    Method Details

    __init__(self, host, port=None, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    Create a new HTTPTLSConnection.

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Thus you should be prepared to handle TLS-specific exceptions when calling methods inherited from httplib.HTTPConnection such as request(), connect(), and send(). See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    host - Server to connect to.
               (type=str)
    port - Port to connect to.
               (type=int)
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection.__init__

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.HandshakeMsg-class.html0000700000175000017500000001222110206544650024220 0ustar clintclint tlslite.messages.HandshakeMsg
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class HandshakeMsg
    [show private | hide private]
    [frames | no frames]

    Class HandshakeMsg

    Msg --+
      |
     HandshakeMsg

    Known Subclasses:
    Certificate, CertificateRequest, CertificateVerify, ClientHello, ClientKeyExchange, Finished, ServerHello, ServerHelloDone, ServerKeyExchange
    Method Summary
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.Session-module.html0000700000175000017500000000655410206544647021702 0ustar clintclint tlslite.Session
       Home       Trees       Index       Help   
    Package tlslite :: Module Session
    [show private | hide private]
    [frames | no frames]

    Module tlslite.Session

    Class representing a TLS session.
    Classes
    Session This class represents a TLS session.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.VerifierDB.VerifierDB-class.html0000700000175000017500000002766410206544647024045 0ustar clintclint tlslite.VerifierDB.VerifierDB
       Home       Trees       Index       Help   
    Package tlslite :: Module VerifierDB :: Class VerifierDB
    [show private | hide private]
    [frames | no frames]

    Class VerifierDB

    BaseDB --+
         |
        VerifierDB

    This class represent an in-memory or on-disk database of SRP password verifiers.

    A VerifierDB can be passed to a server handshake to authenticate a client based on one of the verifiers.

    This class is thread-safe.
    Method Summary
      __init__(self, filename)
    Create a new VerifierDB instance.
      __setitem__(self, username, verifierEntry)
    Add a verifier entry to the database.
    tuple makeVerifier(username, password, bits)
    Create a verifier entry which can be stored in a VerifierDB. (Static method)
        Inherited from BaseDB
    bool __contains__(self, username)
    Check if the database contains the specified username.
      __delitem__(self, username)
      __getitem__(self, username)
      check(self, username, param)
      create(self)
    Create a new on-disk database.
    list keys(self)
    Return a list of usernames in the database.
      open(self)
    Open a pre-existing on-disk database.

    Instance Method Details

    __init__(self, filename=None)
    (Constructor)

    Create a new VerifierDB instance.
    Parameters:
    filename - Filename for an on-disk database, or None for an in-memory database. If the filename already exists, follow this with a call to open(). To create a new on-disk database, follow this with a call to create().
               (type=str)
    Overrides:
    tlslite.BaseDB.BaseDB.__init__

    __setitem__(self, username, verifierEntry)
    (Index assignment operator)

    Add a verifier entry to the database.
    Parameters:
    username - The username to associate the verifier with. Must be less than 256 characters in length. Must not already be in the database.
               (type=str)
    verifierEntry - The verifier entry to add. Use tlslite.VerifierDB.VerifierDB.makeVerifier to create a verifier entry.
               (type=tuple)
    Overrides:
    tlslite.BaseDB.BaseDB.__setitem__

    Static Method Details

    makeVerifier(username, password, bits)

    Create a verifier entry which can be stored in a VerifierDB.
    Parameters:
    username - The username for this verifier. Must be less than 256 characters in length.
               (type=str)
    password - The password for this verifier.
               (type=str)
    bits - This values specifies which SRP group parameters to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144, 8192). Larger values are more secure but slower. 2048 is a good compromise between safety and speed.
               (type=int)
    Returns:
    A tuple which may be stored in a VerifierDB.
               (type=tuple)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.ClientKeyExchange-class.html0000700000175000017500000001430510206544646025227 0ustar clintclint tlslite.messages.ClientKeyExchange
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ClientKeyExchange
    [show private | hide private]
    [frames | no frames]

    Class ClientKeyExchange

         Msg --+    
           |    
HandshakeMsg --+
               |
              ClientKeyExchange

    Method Summary
      __init__(self, cipherSuite, version)
      createRSA(self, encryptedPreMasterSecret)
      createSRP(self, srp_A)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.errors-module.html0000700000175000017500000000377110206544651022347 0ustar clintclint tlslite.errors
    errors
    Exceptions
    TLSAbruptCloseError
    TLSAlert
    TLSAuthenticationError
    TLSAuthenticationTypeError
    TLSAuthorizationError
    TLSError
    TLSFaultError
    TLSFingerprintError
    TLSLocalAlert
    TLSNoAuthenticationError
    TLSRemoteAlert
    TLSValidationError

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.X509CertChain-module.html0000700000175000017500000000667110206544647022505 0ustar clintclint tlslite.X509CertChain
       Home       Trees       Index       Help   
    Package tlslite :: Module X509CertChain
    [show private | hide private]
    [frames | no frames]

    Module tlslite.X509CertChain

    Class representing an X.509 certificate chain.
    Classes
    X509CertChain This class represents a chain of X.509 certificates.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.BaseDB.BaseDB-class.html0000700000175000017500000002225010206544647022225 0ustar clintclint tlslite.BaseDB.BaseDB
       Home       Trees       Index       Help   
    Package tlslite :: Module BaseDB :: Class BaseDB
    [show private | hide private]
    [frames | no frames]

    Class BaseDB

    Known Subclasses:
    SharedKeyDB, VerifierDB
    Method Summary
      __init__(self, filename, type)
    bool __contains__(self, username)
    Check if the database contains the specified username.
      __delitem__(self, username)
      __getitem__(self, username)
      __setitem__(self, username, value)
      check(self, username, param)
      create(self)
    Create a new on-disk database.
    list keys(self)
    Return a list of usernames in the database.
      open(self)
    Open a pre-existing on-disk database.

    Method Details

    __contains__(self, username)
    (In operator)

    Check if the database contains the specified username.
    Parameters:
    username - The username to check for.
               (type=str)
    Returns:
    True if the database contains the username, False otherwise.
               (type=bool)

    create(self)

    Create a new on-disk database.
    Raises:
    anydbm.error - If there's a problem creating the database.

    keys(self)

    Return a list of usernames in the database.
    Returns:
    The usernames in the database.
               (type=list)

    open(self)

    Open a pre-existing on-disk database.
    Raises:
    anydbm.error - If there's a problem opening the database.
    ValueError - If the database is not of the right type.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.Python_RC4-module.html0000700000175000017500000000216010206544651024112 0ustar clintclint tlslite.utils.Python_RC4
    Python_RC4
    Classes
    Python_RC4

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.errors.TLSAuthorizationError-class.html0000700000175000017500000001161110206544645025633 0ustar clintclint tlslite.errors.TLSAuthorizationError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAuthorizationError
    [show private | hide private]
    [frames | no frames]

    Class TLSAuthorizationError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSAuthorizationError

    The Checker was expecting the other party to authenticate with a certificate chain that has a different authorization.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.TLSSocketServerMixIn-module.html0000700000175000017500000000722310206544650026534 0ustar clintclint tlslite.integration.TLSSocketServerMixIn
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSSocketServerMixIn
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.TLSSocketServerMixIn

    TLS Lite + SocketServer.
    Classes
    TLSSocketServerMixIn This class can be mixed in with any SocketServer.TCPServer to add TLS support.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.OpenSSL_RC4.OpenSSL_RC4-class.html0000700000175000017500000001131710206544647025114 0ustar clintclint tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_RC4 :: Class OpenSSL_RC4
    [show private | hide private]
    [frames | no frames]

    Class OpenSSL_RC4

    RC4 --+
      |
     OpenSSL_RC4

    Method Summary
      __init__(self, key)
      __del__(self)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.Alert-class.html0000700000175000017500000001257610206544647022755 0ustar clintclint tlslite.messages.Alert
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class Alert
    [show private | hide private]
    [frames | no frames]

    Class Alert

    Msg --+
      |
     Alert

    Method Summary
      __init__(self)
      create(self, description, level)
      parse(self, p)
      write(self)
        Inherited from Msg
      postWrite(self, w, trial)
      preWrite(self, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.constants-module.html0000700000175000017500000000271010206544651023037 0ustar clintclint tlslite.constants
    constants
    Classes
    AlertDescription
    AlertLevel
    CertificateType
    CipherSuite
    ContentType
    Fault
    HandshakeType

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.utils.PyCrypto_RSAKey-module.html0000700000175000017500000000172010206544651025131 0ustar clintclint tlslite.utils.PyCrypto_RSAKey
    PyCrypto_RSAKey
    Classes
    PyCrypto_RSAKey

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.errors.TLSAbruptCloseError-class.html0000700000175000017500000001171210206544650025214 0ustar clintclint tlslite.errors.TLSAbruptCloseError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAbruptCloseError
    [show private | hide private]
    [frames | no frames]

    Class TLSAbruptCloseError

    Exception --+    
            |    
     TLSError --+
                |
               TLSAbruptCloseError

    The socket was closed without a proper TLS shutdown.

    The TLS specification mandates that an alert of some sort must be sent before the underlying socket is closed. If the socket is closed without this, it could signify that an attacker is trying to truncate the connection. It could also signify a misbehaving TLS implementation, or a random network failure.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Cryptlib_TripleDES-module.html0000700000175000017500000001015410206544647025050 0ustar clintclint tlslite.utils.Cryptlib_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_TripleDES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Cryptlib_TripleDES

    Cryptlib 3DES implementation.
    Classes
    Cryptlib_TripleDES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.OpenSSL_TripleDES-module.html0000700000175000017500000000225010206544651025317 0ustar clintclint tlslite.utils.OpenSSL_TripleDES
    OpenSSL_TripleDES
    Classes
    OpenSSL_TripleDES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.errors.TLSFingerprintError-class.html0000700000175000017500000001157710206544646025276 0ustar clintclint tlslite.errors.TLSFingerprintError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSFingerprintError
    [show private | hide private]
    [frames | no frames]

    Class TLSFingerprintError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSFingerprintError

    The Checker was expecting the other party to authenticate with a certificate chain that matches a different fingerprint.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.errors.TLSRemoteAlert-class.html0000700000175000017500000001537110206544645024213 0ustar clintclint tlslite.errors.TLSRemoteAlert
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSRemoteAlert
    [show private | hide private]
    [frames | no frames]

    Class TLSRemoteAlert

    Exception --+        
            |        
     TLSError --+    
                |    
         TLSAlert --+
                    |
                   TLSRemoteAlert

    A TLS alert has been signalled by the remote implementation.
    Method Summary
      __init__(self, alert)
      __str__(self)
        Inherited from Exception
      __getitem__(...)

    Instance Variable Summary
    int description: Set to one of the constants in tlslite.constants.AlertDescription
    int level: Set to one of the constants in tlslite.constants.AlertLevel

    Instance Variable Details

    description

    Set to one of the constants in tlslite.constants.AlertDescription
    Type:
    int

    level

    Set to one of the constants in tlslite.constants.AlertLevel
    Type:
    int

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.SMTP_TLS.SMTP_TLS-class.html0000700000175000017500000005753110206544646025232 0ustar clintclint tlslite.integration.SMTP_TLS.SMTP_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module SMTP_TLS :: Class SMTP_TLS
    [show private | hide private]
    [frames | no frames]

    Class SMTP_TLS

    SMTP --+
       |
      SMTP_TLS

    This class extends smtplib.SMTP with TLS support.
    Method Summary
      starttls(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Puts the connection to the SMTP server into TLS mode.
        Inherited from SMTP
      __init__(self, host, port, local_hostname)
    Initialize a new instance.
      close(self)
    Close the connection to the SMTP server.
      connect(self, host, port)
    Connect to a host on a given port.
      data(self, msg)
    SMTP 'DATA' command -- sends message data to server.
      docmd(self, cmd, args)
    Send a command, and return its response code.
      ehlo(self, name)
    SMTP 'ehlo' command.
      expn(self, address)
    SMTP 'verify' command -- checks for address validity.
      getreply(self)
    Get a reply from the server.
      has_extn(self, opt)
    Does the server support a given SMTP service extension?
      helo(self, name)
    SMTP 'helo' command.
      help(self, args)
    SMTP 'help' command.
      login(self, user, password)
    Log in on an SMTP server that requires authentication.
      mail(self, sender, options)
    SMTP 'mail' command -- begins mail xfer session.
      noop(self)
    SMTP 'noop' command -- doesn't do anything :>
      putcmd(self, cmd, args)
    Send a command to the server.
      quit(self)
    Terminate the SMTP session.
      rcpt(self, recip, options)
    SMTP 'rcpt' command -- indicates 1 recipient for this mail.
      rset(self)
    SMTP 'rset' command -- resets session.
      send(self, str)
    Send `str' to the server.
      sendmail(self, from_addr, to_addrs, msg, mail_options, rcpt_options)
    This command performs an entire mail transaction.
      set_debuglevel(self, debuglevel)
    Set the debug output level.
      verify(self, address)
    SMTP 'verify' command -- checks for address validity.
      vrfy(self, address)
    SMTP 'verify' command -- checks for address validity.

    Class Variable Summary
        Inherited from SMTP
    int debuglevel = 0                                                                     
    int does_esmtp = 0                                                                     
    NoneType ehlo_resp = None                                                                  
    NoneType file = None                                                                  
    NoneType helo_resp = None                                                                  

    Method Details

    starttls(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)

    Puts the connection to the SMTP server into TLS mode.

    If the server supports TLS, this will encrypt the rest of the SMTP session.

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    smtplib.SMTP.starttls

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/epydoc.css0000700000175000017500000001055410130703477016411 0ustar clintclint /* Body color */ body { background: #ffffff; color: #000000; } /* Tables */ table.summary, table.details, table.index { background: #e8f0f8; color: #000000; } tr.summary, tr.details, tr.index { background: #70b0f0; color: #000000; text-align: left; font-size: 120%; } tr.group { background: #c0e0f8; color: #000000; text-align: left; font-size: 120%; font-style: italic; } /* Documentation page titles */ h2.module { margin-top: 0.2em; } h2.class { margin-top: 0.2em; } /* Headings */ h1.heading { font-size: +140%; font-style: italic; font-weight: bold; } h2.heading { font-size: +125%; font-style: italic; font-weight: bold; } h3.heading { font-size: +110%; font-style: italic; font-weight: normal; } /* Base tree */ pre.base-tree { font-size: 80%; margin: 0; } /* Details Sections */ table.func-details { background: #e8f0f8; color: #000000; border: 2px groove #c0d0d0; padding: 0 1em 0 1em; margin: 0.4em 0 0 0; } h3.func-detail { background: transparent; color: #000000; margin: 0 0 1em 0; } table.var-details { background: #e8f0f8; color: #000000; border: 2px groove #c0d0d0; padding: 0 1em 0 1em; margin: 0.4em 0 0 0; } h3.var-details { background: transparent; color: #000000; margin: 0 0 1em 0; } /* Function signatures */ .sig { background: transparent; color: #000000; font-weight: bold; } .sig-name { background: transparent; color: #006080; } .sig-arg, .sig-kwarg, .sig-vararg { background: transparent; color: #008060; } .sig-default { background: transparent; color: #602000; } .summary-sig { background: transparent; color: #000000; } .summary-sig-name { background: transparent; color: #204080; } .summary-sig-arg, .summary-sig-kwarg, .summary-sig-vararg { background: transparent; color: #008060; } /* Doctest blocks */ .py-src { background: transparent; color: #000000; } .py-prompt { background: transparent; color: #005050; font-weight: bold;} .py-string { background: transparent; color: #006030; } .py-comment { background: transparent; color: #003060; } .py-keyword { background: transparent; color: #600000; } .py-output { background: transparent; color: #404040; } pre.doctestblock { background: #f4faff; color: #000000; padding: .5em; margin: 1em; border: 1px solid #708890; } table pre.doctestblock { background: #dce4ec; color: #000000; padding: .5em; margin: 1em; border: 1px solid #708890; } /* Variable values */ pre.variable { background: #dce4ec; color: #000000; padding: .5em; margin: 0; border: 1px solid #708890; } .variable-linewrap { background: transparent; color: #604000; } .variable-ellipsis { background: transparent; color: #604000; } .variable-quote { background: transparent; color: #604000; } .re { background: transparent; color: #000000; } .re-char { background: transparent; color: #006030; } .re-op { background: transparent; color: #600000; } .re-group { background: transparent; color: #003060; } .re-ref { background: transparent; color: #404040; } /* Navigation bar */ table.navbar { background: #a0c0ff; color: #0000ff; border: 2px groove #c0d0d0; } th.navbar { background: #a0c0ff; color: #0000ff; } th.navselect { background: #70b0ff; color: #000000; } .nomargin { margin: 0; } /* Links */ a:link { background: transparent; color: #0000ff; } a:visited { background: transparent; color: #204080; } a.navbar:link { background: transparent; color: #0000ff; text-decoration: none; } a.navbar:visited { background: transparent; color: #204080; text-decoration: none; } tlslite-0.3.8/docs/public/tlslite.constants.CipherSuite-class.html0000700000175000017500000006324310206544650024326 0ustar clintclint tlslite.constants.CipherSuite
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class CipherSuite
    [show private | hide private]
    [frames | no frames]

    Class CipherSuite

    Method Summary
      getRsaSuites(ciphers)
    (Static method)
      getSrpRsaSuites(ciphers)
    (Static method)
      getSrpSuites(ciphers)
    (Static method)

    Class Variable Summary
    list aes128Suites = [83, 84, 47]
    list aes256Suites = [86, 87, 53]
    list rc4Suites = [5]
    list rsaSuites = [10, 47, 53, 5]
    list srpRsaSuites = [81, 84, 87]
    list srpSuites = [80, 83, 86]
    int TLS_RSA_WITH_3DES_EDE_CBC_SHA = 10                                                                    
    int TLS_RSA_WITH_AES_128_CBC_SHA = 47                                                                    
    int TLS_RSA_WITH_AES_256_CBC_SHA = 53                                                                    
    int TLS_RSA_WITH_RC4_128_SHA = 5                                                                     
    int TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 81                                                                    
    int TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 84                                                                    
    int TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 87                                                                    
    int TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 80                                                                    
    int TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 83                                                                    
    int TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 86                                                                    
    list tripleDESSuites = [80, 81, 10]

    Class Variable Details

    aes128Suites

    Type:
    list
    Value:
    [83, 84, 47]

    aes256Suites

    Type:
    list
    Value:
    [86, 87, 53]

    rc4Suites

    Type:
    list
    Value:
    [5]

    rsaSuites

    Type:
    list
    Value:
    [10, 47, 53, 5]

    srpRsaSuites

    Type:
    list
    Value:
    [81, 84, 87]

    srpSuites

    Type:
    list
    Value:
    [80, 83, 86]

    TLS_RSA_WITH_3DES_EDE_CBC_SHA

    Type:
    int
    Value:
    10                                                                    

    TLS_RSA_WITH_AES_128_CBC_SHA

    Type:
    int
    Value:
    47                                                                    

    TLS_RSA_WITH_AES_256_CBC_SHA

    Type:
    int
    Value:
    53                                                                    

    TLS_RSA_WITH_RC4_128_SHA

    Type:
    int
    Value:
    5                                                                     

    TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA

    Type:
    int
    Value:
    81                                                                    

    TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA

    Type:
    int
    Value:
    84                                                                    

    TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA

    Type:
    int
    Value:
    87                                                                    

    TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA

    Type:
    int
    Value:
    80                                                                    

    TLS_SRP_SHA_WITH_AES_128_CBC_SHA

    Type:
    int
    Value:
    83                                                                    

    TLS_SRP_SHA_WITH_AES_256_CBC_SHA

    Type:
    int
    Value:
    86                                                                    

    tripleDESSuites

    Type:
    list
    Value:
    [80, 81, 10]

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.integration.POP3_TLS-module.html0000700000175000017500000000222210206544651024606 0ustar clintclint tlslite.integration.POP3_TLS
    POP3_TLS
    Classes
    POP3_TLS

    Variables
    POP3_TLS_PORT

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.TLSRecordLayer.TLSRecordLayer-class.html0000700000175000017500000007501610206544647025471 0ustar clintclint tlslite.TLSRecordLayer.TLSRecordLayer
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSRecordLayer :: Class TLSRecordLayer
    [show private | hide private]
    [frames | no frames]

    Class TLSRecordLayer

    Known Subclasses:
    TLSConnection

    This class handles data transmission for a TLS connection.

    Its only subclass is tlslite.TLSConnection.TLSConnection. We've separated the code in this class from TLSConnection to make things more readable.
    Method Summary
      __init__(self, sock)
    str read(self, max, min)
    Read some data from the TLS connection.
    iterable readAsync(self, max, min)
    Start a read operation on the TLS connection.
      write(self, s)
    Write some data to the TLS connection.
    iterable writeAsync(self, s)
    Start a write operation on the TLS connection.
      close(self)
    Close the TLS connection.
    iterable closeAsync(self)
    Start a close operation on the TLS connection.
    str getCipherImplementation(self)
    Get the name of the cipher implementation used with this connection.
    str getCipherName(self)
    Get the name of the cipher used with this connection.
      getpeername(self)
    Return the remote address to which the socket is connected (socket emulation).
      getsockname(self)
    Return the socket's own address (socket emulation).
      gettimeout(self)
    Return the timeout associated with socket operations (socket emulation).
    tlslite.FileObject.FileObject makefile(self, mode, bufsize)
    Create a file object for the TLS connection (socket emulation).
      recv(self, bufsize)
    Get some data from the TLS connection (socket emulation).
      send(self, s)
    Send data to the TLS connection (socket emulation).
      sendall(self, s)
    Send data to the TLS connection (socket emulation).
      setsockopt(self, level, optname, value)
    Set the value of the given socket option (socket emulation).
      settimeout(self, value)
    Set a timeout on blocking socket operations (socket emulation).

    Instance Variable Summary
    str or None allegedSharedKeyUsername: This is set to the shared-key username asserted by the client, whether the handshake succeeded or not.
    str or None allegedSrpUsername: This is set to the SRP username asserted by the client, whether the handshake succeeded or not.
    bool closed: If this connection is closed.
    bool closeSocket: If the socket should be closed when the connection is closed (writable).
    bool ignoreAbruptClose: If an abrupt close of the socket should raise an error (writable).
    bool resumed: If this connection is based on a resumed session.
    tlslite.Session.Session session: The session corresponding to this connection.
    socket.socket sock: The underlying socket object.
    tuple version: The TLS version being used for this connection.

    Method Details

    read(self, max=None, min=1)

    Read some data from the TLS connection.

    This function will block until at least 'min' bytes are available (or the connection is closed).

    If an exception is raised, the connection will have been automatically closed.
    Parameters:
    max - The maximum number of bytes to return.
               (type=int)
    min - The minimum number of bytes to return
               (type=int)
    Returns:
    A string of no more than 'max' bytes, and no fewer than 'min' (unless the connection has been closed, in which case fewer than 'min' bytes may be returned).
               (type=str)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.

    readAsync(self, max=None, min=1)

    Start a read operation on the TLS connection.

    This function returns a generator which behaves similarly to read(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or a string if the read operation has completed.
    Returns:
    A generator; see above for details.
               (type=iterable)

    write(self, s)

    Write some data to the TLS connection.

    This function will block until all the data has been sent.

    If an exception is raised, the connection will have been automatically closed.
    Parameters:
    s - The data to transmit to the other party.
               (type=str)
    Raises:
    socket.error - If a socket error occurs.

    writeAsync(self, s)

    Start a write operation on the TLS connection.

    This function returns a generator which behaves similarly to write(). Successive invocations of the generator will return 1 if it is waiting to write to the socket, or will raise StopIteration if the write operation has completed.
    Returns:
    A generator; see above for details.
               (type=iterable)

    close(self)

    Close the TLS connection.

    This function will block until it has exchanged close_notify alerts with the other party. After doing so, it will shut down the TLS connection. Further attempts to read through this connection will return "". Further attempts to write through this connection will raise ValueError.

    If makefile() has been called on this connection, the connection will be not be closed until the connection object and all file objects have been closed.

    Even if an exception is raised, the connection will have been closed.
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.

    closeAsync(self)

    Start a close operation on the TLS connection.

    This function returns a generator which behaves similarly to close(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the close operation has completed.
    Returns:
    A generator; see above for details.
               (type=iterable)

    getCipherImplementation(self)

    Get the name of the cipher implementation used with this connection.
    Returns:
    The name of the cipher implementation used with this connection. Either 'python', 'cryptlib', 'openssl', or 'pycrypto'.
               (type=str)

    getCipherName(self)

    Get the name of the cipher used with this connection.
    Returns:
    The name of the cipher used with this connection. Either 'aes128', 'aes256', 'rc4', or '3des'.
               (type=str)

    getpeername(self)

    Return the remote address to which the socket is connected (socket emulation).

    getsockname(self)

    Return the socket's own address (socket emulation).

    gettimeout(self)

    Return the timeout associated with socket operations (socket emulation).

    makefile(self, mode='r', bufsize=-1)

    Create a file object for the TLS connection (socket emulation).
    Returns:
    tlslite.FileObject.FileObject

    recv(self, bufsize)

    Get some data from the TLS connection (socket emulation).
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.

    send(self, s)

    Send data to the TLS connection (socket emulation).
    Raises:
    socket.error - If a socket error occurs.

    sendall(self, s)

    Send data to the TLS connection (socket emulation).
    Raises:
    socket.error - If a socket error occurs.

    setsockopt(self, level, optname, value)

    Set the value of the given socket option (socket emulation).

    settimeout(self, value)

    Set a timeout on blocking socket operations (socket emulation).

    Instance Variable Details

    allegedSharedKeyUsername

    This is set to the shared-key username asserted by the client, whether the handshake succeeded or not. If the handshake fails, this can be inspected to determine if a guessing attack is in progress against a particular user account.
    Type:
    str or None

    allegedSrpUsername

    This is set to the SRP username asserted by the client, whether the handshake succeeded or not. If the handshake fails, this can be inspected to determine if a guessing attack is in progress against a particular user account.
    Type:
    str or None

    closed

    If this connection is closed.
    Type:
    bool

    closeSocket

    If the socket should be closed when the connection is closed (writable).

    If you set this to True, TLS Lite will assume the responsibility of closing the socket when the TLS Connection is shutdown (either through an error or through the user calling close()). The default is False.
    Type:
    bool

    ignoreAbruptClose

    If an abrupt close of the socket should raise an error (writable).

    If you set this to True, TLS Lite will not raise a tlslite.errors.TLSAbruptCloseError exception if the underlying socket is unexpectedly closed. Such an unexpected closure could be caused by an attacker. However, it also occurs with some incorrect TLS implementations.

    You should set this to True only if you're not worried about an attacker truncating the connection, and only if necessary to avoid spurious errors. The default is False.
    Type:
    bool

    resumed

    If this connection is based on a resumed session.
    Type:
    bool

    session

    The session corresponding to this connection.

    Due to TLS session resumption, multiple connections can correspond to the same underlying session.
    Type:
    tlslite.Session.Session

    sock

    The underlying socket object.
    Type:
    socket.socket

    version

    The TLS version being used for this connection.

    (3,0) means SSL 3.0, and (3,1) means TLS 1.0.
    Type:
    tuple

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.PyCrypto_AES-module.html0000700000175000017500000001007310206544645023664 0ustar clintclint tlslite.utils.PyCrypto_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.PyCrypto_AES

    PyCrypto AES implementation.
    Classes
    PyCrypto_AES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.BaseDB-module.html0000700000175000017500000000157110206544651022107 0ustar clintclint tlslite.BaseDB
    BaseDB
    Classes
    BaseDB

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.integration.TLSSocketServerMixIn-module.html0000700000175000017500000000201310206544651027310 0ustar clintclint tlslite.integration.TLSSocketServerMixIn
    TLSSocketServerMixIn
    Classes
    TLSSocketServerMixIn

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.errors.TLSAlert-class.html0000700000175000017500000001143110206544647023032 0ustar clintclint tlslite.errors.TLSAlert
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAlert
    [show private | hide private]
    [frames | no frames]

    Class TLSAlert

    Exception --+    
            |    
     TLSError --+
                |
               TLSAlert

    Known Subclasses:
    TLSLocalAlert, TLSRemoteAlert
    A TLS alert has been signalled.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite-module.html0000700000175000017500000000456710206544651021040 0ustar clintclint tlslite
    tlslite
    Modules
    api
    BaseDB
    Checker
    constants
    errors
    FileObject
    HandshakeSettings
    integration
    mathtls
    messages
    Session
    SessionCache
    SharedKeyDB
    TLSConnection
    TLSRecordLayer
    utils
    VerifierDB
    X509
    X509CertChain

    Variables

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey-class.html0000700000175000017500000003375510206544647027156 0ustar clintclint tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_RSAKey :: Class PyCrypto_RSAKey
    [show private | hide private]
    [frames | no frames]

    Class PyCrypto_RSAKey

    RSAKey --+
         |
        PyCrypto_RSAKey

    Method Summary
      __init__(self, n, e)
    Create a new RSA key.
      __getattr__(self, name)
      generate(bits)
    (Static method)
    str hash(self)
    Return the cryptoID <keyHash> value corresponding to this key.
    bool hasPrivateKey(self)
    Return whether or not this key has a private component.
    str writeXMLPublicKey(self, indent)
    Return a string containing the key.
        Inherited from RSAKey
    int __len__(self)
    Return the length of this key in bits.
    bool acceptsPassword(self)
    Return True if the write() method accepts a password for use in encrypting the private key.
    array.array of unsigned bytes or None. decrypt(self, encBytes)
    Decrypt the passed-in bytes.
    array.array of unsigned bytes. encrypt(self, bytes)
    Encrypt the passed-in bytes.
    str getSigningAlgorithm(self)
    Return the cryptoID sigAlgo value corresponding to this key.
    array.array of unsigned bytes. hashAndSign(self, bytes)
    Hash and sign the passed-in bytes.
    bool hashAndVerify(self, sigBytes, bytes)
    Hash and verify the passed-in bytes with the signature.
    array.array of unsigned bytes. sign(self, bytes)
    Sign the passed-in bytes.
    bool verify(self, sigBytes, bytes)
    Verify the passed-in bytes with the signature.
    str write(self, password)
    Return a string containing the key.

    Instance Method Details

    __init__(self, n=0, e=0, d=0, p=0, q=0, dP=0, dQ=0, qInv=0)
    (Constructor)

    Create a new RSA key.

    If n and e are passed in, the new key will be initialized.
    Parameters:
    n - RSA modulus.
               (type=int)
    e - RSA public exponent.
               (type=int)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.__init__ (inherited documentation)

    hash(self)

    Return the cryptoID <keyHash> value corresponding to this key.
    Returns:
    str
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hash (inherited documentation)

    hasPrivateKey(self)

    Return whether or not this key has a private component.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hasPrivateKey (inherited documentation)

    writeXMLPublicKey(self, indent='')

    Return a string containing the key.
    Returns:
    A string describing the public key, in XML format.
               (type=str)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.writeXMLPublicKey (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.SMTP_TLS-module.html0000700000175000017500000000710410206544647024076 0ustar clintclint tlslite.integration.SMTP_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module SMTP_TLS
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.SMTP_TLS

    TLS Lite + smtplib.
    Classes
    SMTP_TLS This class extends smtplib.SMTP with TLS support.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.IMAP4_TLS.IMAP4_TLS-class.html0000700000175000017500000007566410206544647025320 0ustar clintclint tlslite.integration.IMAP4_TLS.IMAP4_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module IMAP4_TLS :: Class IMAP4_TLS
    [show private | hide private]
    [frames | no frames]

    Class IMAP4_TLS

           IMAP4 --+
               |
ClientHelper --+
               |
              IMAP4_TLS

    This class extends imaplib.IMAP4 with TLS support.
    Method Summary
      __init__(self, host, port, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Create a new IMAP4_TLS.
      open(self, host, port)
    Setup connection to remote server on "host:port".
        Inherited from IMAP4
      __getattr__(self, attr)
      append(self, mailbox, flags, date_time, message)
    Append message to named mailbox.
      authenticate(self, mechanism, authobject)
    Authenticate command - requires response processing.
      check(self)
    Checkpoint mailbox on server.
      close(self)
    Close currently selected mailbox.
      copy(self, message_set, new_mailbox)
    Copy 'message_set' messages onto end of 'new_mailbox'.
      create(self, mailbox)
    Create new mailbox.
      delete(self, mailbox)
    Delete old mailbox.
      expunge(self)
    Permanently remove deleted items from selected mailbox.
      fetch(self, message_set, message_parts)
    Fetch (parts of) messages.
      getacl(self, mailbox)
    Get the ACLs for a mailbox.
      getquota(self, root)
    Get the quota root's resource usage and limits.
      getquotaroot(self, mailbox)
    Get the list of quota roots for the named mailbox.
      list(self, directory, pattern)
    List mailbox names in directory matching pattern.
      login(self, user, password)
    Identify client using plaintext password.
      login_cram_md5(self, user, password)
    Force use of CRAM-MD5 authentication.
      logout(self)
    Shutdown connection to server.
      lsub(self, directory, pattern)
    List 'subscribed' mailbox names in directory matching pattern.
      namespace(self)
    Returns IMAP namespaces ala rfc2342
      noop(self)
    Send NOOP command.
      partial(self, message_num, message_part, start, length)
    Fetch truncated part of a message.
      print_log(self)
      proxyauth(self, user)
    Assume authentication as "user".
      read(self, size)
    Read 'size' bytes from remote.
      readline(self)
    Read line from remote.
      recent(self)
    Return most recent 'RECENT' responses if any exist, else prompt server for an update using the 'NOOP' command.
      rename(self, oldmailbox, newmailbox)
    Rename old mailbox name to new.
      response(self, code)
    Return data for response 'code' if received, or None.
      search(self, charset, *criteria)
    Search mailbox for matching messages.
      select(self, mailbox, readonly)
    Select a mailbox.
      send(self, data)
    Send data to remote.
      setacl(self, mailbox, who, what)
    Set a mailbox acl.
      setquota(self, root, limits)
    Set the quota root's resource limits.
      shutdown(self)
    Close I/O established in "open".
      socket(self)
    Return socket instance used to connect to IMAP4 server.
      sort(self, sort_criteria, charset, *search_criteria)
    IMAP4rev1 extension SORT command.
      status(self, mailbox, names)
    Request named status conditions for mailbox.
      store(self, message_set, command, flags)
    Alters flag dispositions for messages in mailbox.
      subscribe(self, mailbox)
    Subscribe to new mailbox.
      uid(self, command, *args)
    Execute "command arg ..." with messages identified by UID, rather than message number.
      unsubscribe(self, mailbox)
    Unsubscribe from old mailbox.
      xatom(self, name, *args)
    Allow simple extension commands notified by server in CAPABILITY response.

    Class Variable Summary
        Inherited from IMAP4
    SRE_Pattern mustquote = [^\w!#\$%&'\*\+,\.:;<=>\?\^`\|~-]

    Method Details

    __init__(self, host='', port=993, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    Create a new IMAP4_TLS.

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    host - Server to connect to.
               (type=str)
    port - Port to connect to.
               (type=int)
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    imaplib.IMAP4.__init__

    open(self, host='', port=993)

    Setup connection to remote server on "host:port".

    This connection will be used by the routines: read, readline, send, shutdown.
    Overrides:
    imaplib.IMAP4.open

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Python_RC4-module.html0000700000175000017500000000771010206544645023340 0ustar clintclint tlslite.utils.Python_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Python_RC4

    Pure-Python RC4 implementation.
    Classes
    Python_RC4  

    Function Summary
      new(key)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.SessionCache-module.html0000700000175000017500000000664510206544646022626 0ustar clintclint tlslite.SessionCache
       Home       Trees       Index       Help   
    Package tlslite :: Module SessionCache
    [show private | hide private]
    [frames | no frames]

    Module tlslite.SessionCache

    Class for caching TLS sessions.
    Classes
    SessionCache This class is used by the server to cache TLS sessions.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.TLSRecordLayer-module.html0000700000175000017500000000667010206544645023052 0ustar clintclint tlslite.TLSRecordLayer
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSRecordLayer
    [show private | hide private]
    [frames | no frames]

    Module tlslite.TLSRecordLayer

    Helper class for TLSConnection.
    Classes
    TLSRecordLayer This class handles data transmission for a TLS connection.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.codec-module.html0000700000175000017500000000174110206544651023242 0ustar clintclint tlslite.utils.codec
    codec
    Classes
    Parser
    Writer

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.Session-module.html0000700000175000017500000000160010206544651022443 0ustar clintclint tlslite.Session
    Session
    Classes
    Session

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.utils.RSAKey-module.html0000700000175000017500000000162110206544651023260 0ustar clintclint tlslite.utils.RSAKey
    RSAKey
    Classes
    RSAKey

    [show private | hide private] tlslite-0.3.8/docs/public/toc-everything.html0000700000175000017500000004720710206544651020257 0ustar clintclint Everything
    Everything
    All Classes
    tlslite.BaseDB.BaseDB
    tlslite.Checker.Checker
    tlslite.constants.AlertDescription
    tlslite.constants.AlertLevel
    tlslite.constants.CertificateType
    tlslite.constants.CipherSuite
    tlslite.constants.ContentType
    tlslite.constants.Fault
    tlslite.constants.HandshakeType
    tlslite.FileObject.FileObject
    tlslite.HandshakeSettings.HandshakeSettings
    tlslite.integration.AsyncStateMachine.AsyncStateMachine
    tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    tlslite.integration.HTTPTLSConnection.HTTPTLSConnection
    tlslite.integration.IMAP4_TLS.IMAP4_TLS
    tlslite.integration.POP3_TLS.POP3_TLS
    tlslite.integration.SMTP_TLS.SMTP_TLS
    tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn
    tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    tlslite.integration.XMLRPCTransport.XMLRPCTransport
    tlslite.mathtls.MAC_SSL
    tlslite.messages.Alert
    tlslite.messages.ApplicationData
    tlslite.messages.Certificate
    tlslite.messages.CertificateRequest
    tlslite.messages.CertificateVerify
    tlslite.messages.ChangeCipherSpec
    tlslite.messages.ClientHello
    tlslite.messages.ClientKeyExchange
    tlslite.messages.Finished
    tlslite.messages.HandshakeMsg
    tlslite.messages.Msg
    tlslite.messages.RecordHeader2
    tlslite.messages.RecordHeader3
    tlslite.messages.ServerHello
    tlslite.messages.ServerHelloDone
    tlslite.messages.ServerKeyExchange
    tlslite.Session.Session
    tlslite.SessionCache.SessionCache
    tlslite.SharedKeyDB.SharedKeyDB
    tlslite.TLSConnection.TLSConnection
    tlslite.TLSRecordLayer.TLSRecordLayer
    tlslite.utils.AES.AES
    tlslite.utils.ASN1Parser.ASN1Parser
    tlslite.utils.codec.Parser
    tlslite.utils.codec.Writer
    tlslite.utils.Cryptlib_AES.Cryptlib_AES
    tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    tlslite.utils.hmac.HMAC
    tlslite.utils.OpenSSL_AES.OpenSSL_AES
    tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    tlslite.utils.PyCrypto_AES.PyCrypto_AES
    tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
    tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
    tlslite.utils.Python_AES.Python_AES
    tlslite.utils.Python_RC4.Python_RC4
    tlslite.utils.Python_RSAKey.Python_RSAKey
    tlslite.utils.RC4.RC4
    tlslite.utils.rijndael.rijndael
    tlslite.utils.RSAKey.RSAKey
    tlslite.utils.TripleDES.TripleDES
    tlslite.VerifierDB.VerifierDB
    tlslite.X509.X509
    tlslite.X509CertChain.X509CertChain

    All Exceptions
    tlslite.errors.TLSAbruptCloseError
    tlslite.errors.TLSAlert
    tlslite.errors.TLSAuthenticationError
    tlslite.errors.TLSAuthenticationTypeError
    tlslite.errors.TLSAuthorizationError
    tlslite.errors.TLSError
    tlslite.errors.TLSFaultError
    tlslite.errors.TLSFingerprintError
    tlslite.errors.TLSLocalAlert
    tlslite.errors.TLSNoAuthenticationError
    tlslite.errors.TLSRemoteAlert
    tlslite.errors.TLSValidationError

    All Functions
    bytesToString
    checkName
    checkNoMoreAttributes
    concatArrays
    createAES
    createByteArraySequence
    createByteArrayZeros
    createDateClass
    createRC4
    createTripleDES
    decrypt
    encrypt
    escape
    formatExceptionTrace
    generateRSAKey
    getAttribute
    getChild
    getChildIter
    getChildOrNone
    getHoursFromNow
    getLastChild
    getMinutesFromNow
    getNow
    getReqAttribute
    getText
    indent
    isDateClassBefore
    isDateClassExpired
    makeK
    makeU
    makeVerifier
    makeX
    new
    new
    new
    new
    new
    new
    new
    new
    new
    new
    new
    new
    numBits
    P_hash
    PAD
    parseAndStripWhitespace
    parseAsPublicKey
    parseDateClass
    parseDocument
    parsePEMKey
    parsePrivateKey
    parseXMLKey
    password_callback
    PRF
    PRF_SSL
    printDateClass
    stringToBytes
    stripWhitespace
    test

    All Variables
    base64RegEx
    booleanRegEx
    certsListRegEx
    cryptoIDRegEx
    dateTimeRegEx
    digest_size
    exprRegEx
    goodGroupParameters
    IMAP4_TLS_PORT
    keyRegEx
    keysListRegEx
    nsRegEx
    num_rounds
    POP3_TLS_PORT
    rcon
    S
    sha1Base64RegEx
    shifts
    shortStringRegEx
    Si
    T1
    T2
    T3
    T4
    T5
    T6
    T7
    T8
    tripleDESPresent
    U1
    U2
    U3
    U4
    urlRegEx

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.messages.RecordHeader3-class.html0000700000175000017500000001077510206544647024317 0ustar clintclint tlslite.messages.RecordHeader3
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class RecordHeader3
    [show private | hide private]
    [frames | no frames]

    Class RecordHeader3

    Method Summary
      __init__(self)
      create(self, version, type, length)
      parse(self, p)
      write(self)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.Cryptlib_TripleDES-module.html0000700000175000017500000000226010206544651025625 0ustar clintclint tlslite.utils.Cryptlib_TripleDES
    Cryptlib_TripleDES
    Classes
    Cryptlib_TripleDES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.FileObject-module.html0000700000175000017500000000162510206544651023035 0ustar clintclint tlslite.FileObject
    FileObject
    Classes
    FileObject

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.integration.TLSAsyncDispatcherMixIn-module.html0000700000175000017500000000204010206544651027755 0ustar clintclint tlslite.integration.TLSAsyncDispatcherMixIn
    TLSAsyncDispatcherMixIn
    Classes
    TLSAsyncDispatcherMixIn

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.constants.Fault-class.html0000700000175000017500000007066610206544647023172 0ustar clintclint tlslite.constants.Fault
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class Fault
    [show private | hide private]
    [frames | no frames]

    Class Fault

    Class Variable Summary
    int badA = 103                                                                   
    int badB = 201                                                                   
    int badFinished = 300                                                                   
    int badIdentifier = 401                                                                   
    int badMAC = 301                                                                   
    int badPadding = 302                                                                   
    int badPassword = 102                                                                   
    int badPremasterPadding = 501                                                                   
    int badSharedKey = 402                                                                   
    int badUsername = 101                                                                   
    int badVerifyMessage = 601                                                                   
    list clientCertFaults = [601]
    list clientNoAuthFaults = [501, 502]
    list clientSharedKeyFaults = [401, 402]
    list clientSrpFaults = [101, 102, 103]
    dict faultAlerts = {101: (120, 20), 102: (20,), 103: (47,), 3...
    dict faultNames = {101: 'bad username', 102: 'bad password', ...
    list genericFaults = [300, 301, 302]
    list serverFaults = [201]
    int shortPremasterSecret = 502                                                                   

    Class Variable Details

    badA

    Type:
    int
    Value:
    103                                                                   

    badB

    Type:
    int
    Value:
    201                                                                   

    badFinished

    Type:
    int
    Value:
    300                                                                   

    badIdentifier

    Type:
    int
    Value:
    401                                                                   

    badMAC

    Type:
    int
    Value:
    301                                                                   

    badPadding

    Type:
    int
    Value:
    302                                                                   

    badPassword

    Type:
    int
    Value:
    102                                                                   

    badPremasterPadding

    Type:
    int
    Value:
    501                                                                   

    badSharedKey

    Type:
    int
    Value:
    402                                                                   

    badUsername

    Type:
    int
    Value:
    101                                                                   

    badVerifyMessage

    Type:
    int
    Value:
    601                                                                   

    clientCertFaults

    Type:
    list
    Value:
    [601]

    clientNoAuthFaults

    Type:
    list
    Value:
    [501, 502]

    clientSharedKeyFaults

    Type:
    list
    Value:
    [401, 402]

    clientSrpFaults

    Type:
    list
    Value:
    [101, 102, 103]

    faultAlerts

    Type:
    dict
    Value:
    {101: (120, 20),
 102: (20,),
 103: (47,),
 300: (51,),
 301: (20,),
 302: (20,),
 401: (40,),
 402: (20,),
...

    faultNames

    Type:
    dict
    Value:
    {101: 'bad username',
 102: 'bad password',
 103: 'bad A',
 300: 'bad finished message',
 301: 'bad MAC',
 302: 'bad padding',
 401: 'bad identifier',
 402: 'bad sharedkey',
...

    genericFaults

    Type:
    list
    Value:
    [300, 301, 302]

    serverFaults

    Type:
    list
    Value:
    [201]

    shortPremasterSecret

    Type:
    int
    Value:
    502                                                                   

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.PyCrypto_TripleDES-module.html0000700000175000017500000001015410206544645025047 0ustar clintclint tlslite.utils.PyCrypto_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_TripleDES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.PyCrypto_TripleDES

    PyCrypto 3DES implementation.
    Classes
    PyCrypto_TripleDES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Cryptlib_AES-module.html0000700000175000017500000001007310206544646023664 0ustar clintclint tlslite.utils.Cryptlib_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Cryptlib_AES

    Cryptlib AES implementation.
    Classes
    Cryptlib_AES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/index.html0000700000175000017500000000057410206544651016413 0ustar clintclint API Documentation tlslite-0.3.8/docs/public/frames.html0000700000175000017500000000057410206544651016561 0ustar clintclint API Documentation tlslite-0.3.8/docs/public/tlslite.errors.TLSError-class.html0000700000175000017500000001156110206544646023057 0ustar clintclint tlslite.errors.TLSError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSError
    [show private | hide private]
    [frames | no frames]

    Class TLSError

    Exception --+
            |
           TLSError

    Known Subclasses:
    TLSAbruptCloseError, TLSAlert, TLSAuthenticationError, TLSFaultError
    Base class for all TLS Lite exceptions.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.XMLRPCTransport-module.html0000700000175000017500000000707510206544646025521 0ustar clintclint tlslite.integration.XMLRPCTransport
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module XMLRPCTransport
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.XMLRPCTransport

    TLS Lite + xmlrpclib.
    Classes
    XMLRPCTransport Handles an HTTPS transaction to an XML-RPC server.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.SessionCache.SessionCache-class.html0000700000175000017500000001417210206544646025006 0ustar clintclint tlslite.SessionCache.SessionCache
       Home       Trees       Index       Help   
    Package tlslite :: Module SessionCache :: Class SessionCache
    [show private | hide private]
    [frames | no frames]

    Class SessionCache

    This class is used by the server to cache TLS sessions.

    Caching sessions allows the client to use TLS session resumption and avoid the expense of a full handshake. To use this class, simply pass a SessionCache instance into the server handshake function.

    This class is thread-safe.
    Method Summary
      __init__(self, maxEntries, maxAge)
    Create a new SessionCache.
      __getitem__(self, sessionID)
      __setitem__(self, sessionID, session)

    Method Details

    __init__(self, maxEntries=10000, maxAge=14400)
    (Constructor)

    Create a new SessionCache.
    Parameters:
    maxEntries - The maximum size of the cache. When this limit is reached, the oldest sessions will be deleted as necessary to make room for new ones. The default is 10000.
               (type=int)
    maxAge - The number of seconds before a session expires from the cache. The default is 14400 (i.e. 4 hours).
               (type=int)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.rijndael-module.html0000700000175000017500000011421410206544647023177 0ustar clintclint tlslite.utils.rijndael
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module rijndael
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.rijndael

    A pure python (slow) implementation of rijndael with a decent interface

    To include -

    from rijndael import rijndael

    To do a key setup -

    r = rijndael(key, block_size = 16)

    key must be a string of length 16, 24, or 32 blocksize must be 16, 24, or 32. Default is 16

    To use -

    ciphertext = r.encrypt(plaintext) plaintext = r.decrypt(ciphertext)

    If any strings are of the wrong length a ValueError is thrown
    Classes
    rijndael  

    Function Summary
      decrypt(key, block)
      encrypt(key, block)
      test()

    Variable Summary
    dict num_rounds = {16: {16: 10, 24: 12, 32: 14}, 24: {16: 12,...
    list rcon = [1, 2, 4, 8, 16, 32, 64, 128, 27, 54, 108, 216, 1...
    list S = [99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, ...
    list shifts = [[[0, 0], [1, 3], [2, 2], [3, 1]], [[0, 0], [1,...
    list Si = [82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 15...
    list T1 = [-966564955, -126059388, -294160487, -159679603, -8...
    list T2 = [-1513725085, -2064089988, -1712425097, -1913226373...
    list T3 = [1671808611, 2089089148, 2006576759, 2072901243, -2...
    list T4 = [1667474886, 2088535288, 2004326894, 2071694838, -2...
    list T5 = [1374988112, 2118214995, 437757123, 975658646, 1001...
    list T6 = [1347548327, 1400783205, -1021700188, -1774573730, ...
    list T7 = [-1487908364, 1699970625, -1530717673, 1586903591, ...
    list T8 = [-190361519, 1097159550, 396673818, 660510266, -141...
    list U1 = [0, 235474187, 470948374, 303765277, 941896748, 908...
    list U2 = [0, 185469197, 370938394, 487725847, 741876788, 657...
    list U3 = [0, 218828297, 437656594, 387781147, 875313188, 958...
    list U4 = [0, 151849742, 303699484, 454499602, 607398968, 758...

    Variable Details

    num_rounds

    Type:
    dict
    Value:
    {16: {16: 10, 24: 12, 32: 14},
 24: {16: 12, 24: 12, 32: 14},
 32: {16: 14, 24: 14, 32: 14}}

    rcon

    Type:
    list
    Value:
    [1, 2, 4, 8, 16, 32, 64, 128, 27]

    S

    Type:
    list
    Value:
    [99, 124, 119, 123, 242, 107, 111, 197, 48]

    shifts

    Type:
    list
    Value:
    [[[0, 0], [1, 3], [2, 2], [3, 1]],
 [[0, 0], [1, 5], [2, 4], [3, 3]],
 [[0, 0], [1, 7], [3, 5], [4, 4]]]

    Si

    Type:
    list
    Value:
    [82, 9, 106, 213, 48, 54, 165, 56, 191]

    T1

    Type:
    list
    Value:
    [-966564955,
 -126059388,
 -294160487,
 -159679603,
 -855539,
 -697603139,
 -563122255,
 -1849309868,
...

    T2

    Type:
    list
    Value:
    [-1513725085,
 -2064089988,
 -1712425097,
 -1913226373,
 234877682,
 -1110021269,
 -1310822545,
 1418839493,
...

    T3

    Type:
    list
    Value:
    [1671808611,
 2089089148,
 2006576759,
 2072901243,
 -233963534,
 1807603307,
 1873927791,
 -984313403,
...

    T4

    Type:
    list
    Value:
    [1667474886,
 2088535288,
 2004326894,
 2071694838,
 -219017729,
 1802223062,
 1869591006,
 -976923503,
...

    T5

    Type:
    list
    Value:
    [1374988112,
 2118214995,
 437757123,
 975658646,
 1001089995,
 530400753,
 -1392879445,
 1273168787,
...

    T6

    Type:
    list
    Value:
    [1347548327,
 1400783205,
 -1021700188,
 -1774573730,
 -885281941,
 -249586363,
 -1414727080,
 -1823743229,
...

    T7

    Type:
    list
    Value:
    [-1487908364,
 1699970625,
 -1530717673,
 1586903591,
 1808481195,
 1173430173,
 1487645946,
 59984867,
...

    T8

    Type:
    list
    Value:
    [-190361519,
 1097159550,
 396673818,
 660510266,
 -1418998981,
 -1656360673,
 -94852180,
 -486304949,
...

    U1

    Type:
    list
    Value:
    [0,
 235474187,
 470948374,
 303765277,
 941896748,
 908933415,
 607530554,
 708780849,
...

    U2

    Type:
    list
    Value:
    [0,
 185469197,
 370938394,
 487725847,
 741876788,
 657861945,
 975451694,
 824852259,
...

    U3

    Type:
    list
    Value:
    [0,
 218828297,
 437656594,
 387781147,
 875313188,
 958871085,
 775562294,
 590424639,
...

    U4

    Type:
    list
    Value:
    [0,
 151849742,
 303699484,
 454499602,
 607398968,
 758720310,
 908999204,
 1059270954,
...

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.IMAP4_TLS-module.html0000700000175000017500000001305710206544646024130 0ustar clintclint tlslite.integration.IMAP4_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module IMAP4_TLS
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.IMAP4_TLS

    TLS Lite + imaplib.
    Classes
    IMAP4_TLS This class extends imaplib.IMAP4 with TLS support.

    Variable Summary
    int IMAP4_TLS_PORT = 993                                                                   

    Variable Details

    IMAP4_TLS_PORT

    Type:
    int
    Value:
    993                                                                   

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.TLSAsyncDispatcherMixIn-module.html0000700000175000017500000000725710206544647027216 0ustar clintclint tlslite.integration.TLSAsyncDispatcherMixIn
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSAsyncDispatcherMixIn
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.TLSAsyncDispatcherMixIn

    TLS Lite + asyncore.
    Classes
    TLSAsyncDispatcherMixIn This class can be "mixed in" with an asyncore.dispatcher to add TLS support.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/help.html0000700000175000017500000002343310206544651016233 0ustar clintclint Help
       Home       Trees       Index       Help   
    [show private | hide private]
    [frames | no frames]

    API Documentation

    This document contains the API (Application Programming Interface) documentation for this project. Documentation for the Python objects defined by the project is divided into separate pages for each package, module, and class. The API documentation also includes two pages containing information about the project as a whole: a trees page, and an index page.

    Object Documentation

    Each Package Documentation page contains:

    • A description of the package.
    • A list of the modules and sub-packages contained by the package.
    • A summary of the classes defined by the package.
    • A summary of the functions defined by the package.
    • A summary of the variables defined by the package.
    • A detailed description of each function defined by the package.
    • A detailed description of each variable defined by the package.

    Each Module Documentation page contains:

    • A description of the module.
    • A summary of the classes defined by the module.
    • A summary of the functions defined by the module.
    • A summary of the variables defined by the module.
    • A detailed description of each function defined by the module.
    • A detailed description of each variable defined by the module.

    Each Class Documentation page contains:

    • A class inheritance diagram.
    • A list of known subclasses.
    • A description of the class.
    • A summary of the methods defined by the class.
    • A summary of the instance variables defined by the class.
    • A summary of the class (static) variables defined by the class.
    • A detailed description of each method defined by the class.
    • A detailed description of each instance variable defined by the class.
    • A detailed description of each class (static) variable defined by the class.

    Project Documentation

    The Trees page contains the module and class hierarchies:

    • The module hierarchy lists every package and module, with modules grouped into packages. At the top level, and within each package, modules and sub-packages are listed alphabetically.
    • The class hierarchy lists every class, grouped by base class. If a class has more than one base class, then it will be listed under each base class. At the top level, and under each base class, classes are listed alphabetically.

    The Index page contains indices of terms and identifiers:

    • The term index lists every term indexed by any object's documentation. For each term, the index provides links to each place where the term is indexed.
    • The identifier index lists the (short) name of every package, module, class, method, function, variable, and parameter. For each identifier, the index provides a short description, and a link to its documentation.

    The Table of Contents

    The table of contents occupies the two frames on the left side of the window. The upper-left frame displays the project contents, and the lower-left frame displays the module contents:

    Project
    Contents
    ...    		 API
    Documentation
    Frame
    Module
    Contents
     
    ...
     

    The project contents frame contains a list of all packages and modules that are defined by the project. Clicking on an entry will display its contents in the module contents frame. Clicking on a special entry, labeled "Everything," will display the contents of the entire project.

    The module contents frame contains a list of every submodule, class, type, exception, function, and variable defined by a module or package. Clicking on an entry will display its documentation in the API documentation frame. Clicking on the name of the module, at the top of the frame, will display the documentation for the module itself.

    The "frames" and "no frames" buttons below the top navigation bar can be used to control whether the table of contents is displayed or not.

    The Navigation Bar

    A navigation bar is located at the top and bottom of every page. It indicates what type of page you are currently viewing, and allows you to go to related pages. The following table describes the labels on the navigation bar. Note that not some labels (such as [Parent]) are not displayed on all pages.

    Label Highlighted when... Links to...
    [Parent] (never highlighted) the parent of the current package
    [Package] viewing a package the package containing the current object
    [Module] viewing a module the module containing the current object
    [Class] viewing a class the class containing the current object
    [Trees] viewing the trees page the trees page
    [Index] viewing the index page the index page
    [Help] viewing the help page the help page

    The "show private" and "hide private" buttons below the top navigation bar can be used to control whether documentation for private objects is displayed. Private objects are usually defined as objects whose (short) names begin with a single underscore, but do not end with an underscore. For example, "_x", "__pprint", and "epydoc.epytext._tokenize" are private objects; but "re.sub", "__init__", and "type_" are not. However, if a module defines the "__all__" variable, then its contents are used to decide which objects are private.

    A timestamp below the bottom navigation bar indicates when each page was last updated.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:57 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.api-module.html0000700000175000017500000001136510206544645021022 0ustar clintclint tlslite.api
       Home       Trees       Index       Help   
    Package tlslite :: Module api
    [show private | hide private]
    [frames | no frames]

    Module tlslite.api

    Import this module for easy access to TLS Lite objects.

    The TLS Lite API consists of classes, functions, and variables spread throughout this package. Instead of importing them individually with: 
       from tlslite.TLSConnection import TLSConnection
   from tlslite.HandshakeSettings import HandshakeSettings
   from tlslite.errors import *
   .
   .
    It's easier to do: 
       from tlslite.api import *
    This imports all the important objects (TLSConnection, Checker, HandshakeSettings, etc.) into the global namespace. In particular, it imports: 
       from constants import AlertLevel, AlertDescription, Fault
   from errors import *
   from Checker import Checker
   from HandshakeSettings import HandshakeSettings
   from Session import Session
   from SessionCache import SessionCache
   from SharedKeyDB import SharedKeyDB
   from TLSConnection import TLSConnection
   from VerifierDB import VerifierDB
   from X509 import X509
   from X509CertChain import X509CertChain

   from integration.HTTPTLSConnection import HTTPTLSConnection
   from integration.POP3_TLS import POP3_TLS
   from integration.IMAP4_TLS import IMAP4_TLS
   from integration.SMTP_TLS import SMTP_TLS
   from integration.XMLRPCTransport import XMLRPCTransport
   from integration.TLSSocketServerMixIn import TLSSocketServerMixIn
   from integration.TLSAsyncDispatcherMixIn import TLSAsyncDispatcherMixIn
   from integration.TLSTwistedProtocolWrapper import TLSTwistedProtocolWrapper
   from utils.cryptomath import cryptlibpyLoaded, m2cryptoLoaded,
                                gmpyLoaded, pycryptoLoaded, prngName
   from utils.keyfactory import generateRSAKey, parsePEMKey, parseXMLKey,
                                parseAsPublicKey, parsePrivateKey
       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.ASN1Parser.ASN1Parser-class.html0000700000175000017500000000777110206544646024774 0ustar clintclint tlslite.utils.ASN1Parser.ASN1Parser
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module ASN1Parser :: Class ASN1Parser
    [show private | hide private]
    [frames | no frames]

    Class ASN1Parser

    Method Summary
      __init__(self, bytes)
      getChild(self, which)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.OpenSSL_AES-module.html0000700000175000017500000000217010206544651024135 0ustar clintclint tlslite.utils.OpenSSL_AES
    OpenSSL_AES
    Classes
    OpenSSL_AES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.constants-module.html0000700000175000017500000001027010206544647022261 0ustar clintclint tlslite.constants
       Home       Trees       Index       Help   
    Package tlslite :: Module constants
    [show private | hide private]
    [frames | no frames]

    Module tlslite.constants

    Constants used in various places.
    Classes
    AlertDescription  
    AlertLevel  
    CertificateType  
    CipherSuite  
    ContentType  
    Fault  
    HandshakeType  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Python_AES.Python_AES-class.html0000700000175000017500000001105110206544646025142 0ustar clintclint tlslite.utils.Python_AES.Python_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_AES :: Class Python_AES
    [show private | hide private]
    [frames | no frames]

    Class Python_AES

    AES --+
      |
     Python_AES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.api-module.html0000700000175000017500000000126310206544651021576 0ustar clintclint tlslite.api
    api
    [show private | hide private] tlslite-0.3.8/docs/public/httplib.HTTPConnection-class.html0000700000175000017500000004231110206544646022652 0ustar clintclint httplib.HTTPConnection
       Home       Trees       Index       Help   
    Module httplib :: Class HTTPConnection
    [show private | hide private]
    [frames | no frames]

    Class HTTPConnection

    Known Subclasses:
    HTTPBaseTLSConnection
    Method Summary
      __init__(self, host, port, strict)
      close(self)
    Close the connection to the HTTP server.
      connect(self)
    Connect to the host and port specified in __init__.
      endheaders(self)
    Indicate that the last header line has been sent to the server.
      getresponse(self)
    Get the response from the server.
      putheader(self, header, value)
    Send a request header line to the server.
      putrequest(self, method, url, skip_host)
    Send a request to the server.
      request(self, method, url, body, headers)
    Send a complete request to the server.
      send(self, str)
    Send `str' to the server.
      set_debuglevel(self, level)

    Class Variable Summary
    int auto_open = 1                                                                     
    int debuglevel = 0                                                                     
    int default_port = 80                                                                    
    classobj response_class = httplib.HTTPResponse
    int strict = 0                                                                     

    Method Details

    close(self)

    Close the connection to the HTTP server.

    connect(self)

    Connect to the host and port specified in __init__.

    endheaders(self)

    Indicate that the last header line has been sent to the server.

    getresponse(self)

    Get the response from the server.

    putheader(self, header, value)

    Send a request header line to the server.

    For example: h.putheader('Accept', 'text/html')

    putrequest(self, method, url, skip_host=0)

    Send a request to the server.

    `method' specifies an HTTP request method, e.g. 'GET'. `url' specifies the object being requested, e.g. '/index.html'.

    request(self, method, url, body=None, headers={})

    Send a complete request to the server.

    send(self, str)

    Send `str' to the server.

    Class Variable Details

    auto_open

    Type:
    int
    Value:
    1                                                                     

    debuglevel

    Type:
    int
    Value:
    0                                                                     

    default_port

    Type:
    int
    Value:
    80                                                                    

    strict

    Type:
    int
    Value:
    0                                                                     

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.integration.TLSTwistedProtocolWrapper-module.html0000700000175000017500000000205610206544651030441 0ustar clintclint tlslite.integration.TLSTwistedProtocolWrapper
    TLSTwistedProtocolWrapper
    Classes
    TLSTwistedProtocolWrapper

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.X509.X509-class.html0000700000175000017500000002367210206544646021207 0ustar clintclint tlslite.X509.X509
       Home       Trees       Index       Help   
    Package tlslite :: Module X509 :: Class X509
    [show private | hide private]
    [frames | no frames]

    Class X509

    This class represents an X.509 certificate.
    Method Summary
      __init__(self)
    str or None getCommonName(self)
    Get the Subject's Common Name from the certificate.
    str getFingerprint(self)
    Get the hex-encoded fingerprint of this certificate.
      parse(self, s)
    Parse a PEM-encoded X.509 certificate.
      parseBinary(self, bytes)
    Parse a DER-encoded X.509 certificate.
      writeBytes(self)

    Instance Variable Summary
    array.array of unsigned bytes bytes: The DER-encoded ASN.1 certificate
    tlslite.utils.RSAKey.RSAKey publicKey: The subject public key from the certificate.

    Method Details

    getCommonName(self)

    Get the Subject's Common Name from the certificate.

    The cryptlib_py module must be installed in order to use this function.
    Returns:
    The CN component of the certificate's subject DN, if present.
               (type=str or None)

    getFingerprint(self)

    Get the hex-encoded fingerprint of this certificate.
    Returns:
    A hex-encoded fingerprint.
               (type=str)

    parse(self, s)

    Parse a PEM-encoded X.509 certificate.
    Parameters:
    s - A PEM-encoded X.509 certificate (i.e. a base64-encoded certificate wrapped with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" tags).
               (type=str)

    parseBinary(self, bytes)

    Parse a DER-encoded X.509 certificate.
    Parameters:
    bytes - A DER-encoded X.509 certificate.
               (type=str or array.array of unsigned bytes)

    Instance Variable Details

    bytes

    The DER-encoded ASN.1 certificate
    Type:
    array.array of unsigned bytes

    publicKey

    The subject public key from the certificate.
    Type:
    tlslite.utils.RSAKey.RSAKey

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.TLSTwistedProtocolWrapper-module.html0000700000175000017500000000722210206544646027662 0ustar clintclint tlslite.integration.TLSTwistedProtocolWrapper
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSTwistedProtocolWrapper
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.TLSTwistedProtocolWrapper

    TLS Lite + Twisted.
    Classes
    TLSTwistedProtocolWrapper This class can wrap Twisted protocols to add TLS support.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.Checker-module.html0000700000175000017500000000666110206544650021614 0ustar clintclint tlslite.Checker
       Home       Trees       Index       Help   
    Package tlslite :: Module Checker
    [show private | hide private]
    [frames | no frames]

    Module tlslite.Checker

    Class for post-handshake certificate checking.
    Classes
    Checker This class is passed to a handshake function to check the other party's certificate chain.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.codec.Parser-class.html0000700000175000017500000001475610206544646023550 0ustar clintclint tlslite.utils.codec.Parser
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module codec :: Class Parser
    [show private | hide private]
    [frames | no frames]

    Class Parser

    Method Summary
      __init__(self, bytes)
      atLengthCheck(self)
      get(self, length)
      getFixBytes(self, lengthBytes)
      getFixList(self, length, lengthList)
      getVarBytes(self, lengthLength)
      getVarList(self, length, lengthLength)
      setLengthCheck(self, length)
      startLengthCheck(self, lengthLength)
      stopLengthCheck(self)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/poplib.POP3-class.html0000700000175000017500000004355010206544645020420 0ustar clintclint poplib.POP3
       Home       Trees       Index       Help   
    Module poplib :: Class POP3
    [show private | hide private]
    [frames | no frames]

    Class POP3

    Known Subclasses:
    POP3_TLS
    This class supports both the minimal and optional command sets.
Arguments can be strings or integers (where appropriate)
(e.g.: retr(1) and retr('1') both work equally well.

Minimal Command Set:
        USER name               user(name)
        PASS string             pass_(string)
        STAT                    stat()
        LIST [msg]              list(msg = None)
        RETR msg                retr(msg)
        DELE msg                dele(msg)
        NOOP                    noop()
        RSET                    rset()
        QUIT                    quit()

Optional Commands (some servers support these):
        RPOP name               rpop(name)
        APOP name digest        apop(name, digest)
        TOP msg n               top(msg, n)
        UIDL [msg]              uidl(msg = None)

Raises one exception: 'error_proto'.

Instantiate with:
        POP3(hostname, port=110)

NB:     the POP protocol locks the mailbox from user
        authorization until QUIT, so be sure to get in, suck
        the messages, and quit, each time you access the
        mailbox.

        POP is a line-based protocol, which means large mail
        messages consume lots of python cycles reading them
        line-by-line.

        If it's available on your mail server, use IMAP4
        instead, it doesn't suffer from the two problems
        above.
    Method Summary
      __init__(self, host, port)
      apop(self, user, secret)
    Authorisation - only possible if server has supplied a timestamp in initial greeting.
      dele(self, which)
    Delete message number 'which'.
      getwelcome(self)
      list(self, which)
    Request listing, return result.
      noop(self)
    Does nothing.
      pass_(self, pswd)
    Send password, return response
      quit(self)
    Signoff: commit changes on server, unlock mailbox, close connection.
      retr(self, which)
    Retrieve whole message number 'which'.
      rpop(self, user)
    Not sure what this does.
      rset(self)
    Not sure what this does.
      set_debuglevel(self, level)
      stat(self)
    Get mailbox status.
      top(self, which, howmuch)
    Retrieve message header of message number 'which' and first 'howmuch' lines of message body.
      uidl(self, which)
    Return message digest (unique id) list.
      user(self, user)
    Send user name, return response

    Class Variable Summary
    SRE_Pattern timestamp = \+OK.*(<[^>]+>)

    Method Details

    apop(self, user, secret) 

    Authorisation

- only possible if server has supplied a timestamp in initial greeting.

Args:
        user    - mailbox user;
        secret  - secret shared between client and server.

NB: mailbox is locked by server from here to 'quit()'

    dele(self, which)

    Delete message number 'which'.

    Result is 'response'.

    list(self, which=None)

    Request listing, return result.

    Result without a message number argument is in form ['response', ['mesg_num octets', ...]].

    Result when a message number argument is given is a single response: the "scan listing" for that message.

    noop(self)

    Does nothing.

    One supposes the response indicates the server is alive.

    pass_(self, pswd)

    Send password, return response

    (response includes message count, mailbox size).

    NB: mailbox is locked by server from here to 'quit()'

    quit(self)

    Signoff: commit changes on server, unlock mailbox, close connection.

    retr(self, which)

    Retrieve whole message number 'which'.

    Result is in form ['response', ['line', ...], octets].

    rpop(self, user)

    Not sure what this does.

    rset(self)

    Not sure what this does.

    stat(self)

    Get mailbox status.

    Result is tuple of 2 ints (message count, mailbox size)

    top(self, which, howmuch)

    Retrieve message header of message number 'which' and first 'howmuch' lines of message body.

    Result is in form ['response', ['line', ...], octets].

    uidl(self, which=None)

    Return message digest (unique id) list.

    If 'which', result contains unique id for that message in the form 'response mesgnum uid', otherwise result is the list ['response', ['mesgnum uid', ...], octets]

    user(self, user)

    Send user name, return response

    (should indicate password required).

    Class Variable Details

    timestamp

    Type:
    SRE_Pattern
    Value:
    \+OK.*(<[^>]+>)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.BaseDB-module.html0000700000175000017500000000651710206544647021336 0ustar clintclint tlslite.BaseDB
       Home       Trees       Index       Help   
    Package tlslite :: Module BaseDB
    [show private | hide private]
    [frames | no frames]

    Module tlslite.BaseDB

    Base class for SharedKeyDB and VerifierDB.
    Classes
    BaseDB  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.constants.AlertDescription-class.html0000700000175000017500000012554710206544650025363 0ustar clintclint tlslite.constants.AlertDescription
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class AlertDescription
    [show private | hide private]
    [frames | no frames]

    Class AlertDescription

    Class Variable Summary
    int access_denied = 49                                                                    
    int bad_certificate = 42                                                                    
    int bad_record_mac: A TLS record failed to decrypt properly.
    int certificate_expired = 45                                                                    
    int certificate_revoked = 44                                                                    
    int certificate_unknown = 46                                                                    
    int close_notify = 0                                                                     
    int decode_error = 50                                                                    
    int decompression_failure = 30                                                                    
    int decrypt_error = 51                                                                    
    int decryption_failed = 21                                                                    
    int export_restriction = 60                                                                    
    int handshake_failure: A problem occurred while handshaking.
    int illegal_parameter = 47                                                                    
    int insufficient_security = 71                                                                    
    int internal_error = 80                                                                    
    int missing_srp_username = 121                                                                   
    int no_certificate = 41                                                                    
    int no_renegotiation = 100                                                                   
    int protocol_version: The other party's SSL/TLS version was unacceptable.
    int record_overflow = 22                                                                    
    int unexpected_message = 10                                                                    
    int unknown_ca = 48                                                                    
    int unknown_srp_username = 120                                                                   
    int unsupported_certificate = 43                                                                    
    int untrusted_srp_parameters = 122                                                                   
    int user_canceled: The handshake is being cancelled for some reason.

    Class Variable Details

    access_denied

    Type:
    int
    Value:
    49                                                                    

    bad_certificate

    Type:
    int
    Value:
    42                                                                    

    bad_record_mac

    A TLS record failed to decrypt properly.

    If this occurs during a shared-key or SRP handshake it most likely indicates a bad password. It may also indicate an implementation error, or some tampering with the data in transit.

    This alert will be signalled by the server if the SRP password is bad. It may also be signalled by the server if the SRP username is unknown to the server, but it doesn't wish to reveal that fact.

    This alert will be signalled by the client if the shared-key username is bad.
    Type:
    int
    Value:
    20                                                                    

    certificate_expired

    Type:
    int
    Value:
    45                                                                    

    certificate_revoked

    Type:
    int
    Value:
    44                                                                    

    certificate_unknown

    Type:
    int
    Value:
    46                                                                    

    close_notify

    Type:
    int
    Value:
    0                                                                     

    decode_error

    Type:
    int
    Value:
    50                                                                    

    decompression_failure

    Type:
    int
    Value:
    30                                                                    

    decrypt_error

    Type:
    int
    Value:
    51                                                                    

    decryption_failed

    Type:
    int
    Value:
    21                                                                    

    export_restriction

    Type:
    int
    Value:
    60                                                                    

    handshake_failure

    A problem occurred while handshaking.

    This typically indicates a lack of common ciphersuites between client and server, or some other disagreement (about SRP parameters or key sizes, for example).
    Type:
    int
    Value:
    40                                                                    

    illegal_parameter

    Type:
    int
    Value:
    47                                                                    

    insufficient_security

    Type:
    int
    Value:
    71                                                                    

    internal_error

    Type:
    int
    Value:
    80                                                                    

    missing_srp_username

    Type:
    int
    Value:
    121                                                                   

    no_certificate

    Type:
    int
    Value:
    41                                                                    

    no_renegotiation

    Type:
    int
    Value:
    100                                                                   

    protocol_version

    The other party's SSL/TLS version was unacceptable.

    This indicates that the client and server couldn't agree on which version of SSL or TLS to use.
    Type:
    int
    Value:
    70                                                                    

    record_overflow

    Type:
    int
    Value:
    22                                                                    

    unexpected_message

    Type:
    int
    Value:
    10                                                                    

    unknown_ca

    Type:
    int
    Value:
    48                                                                    

    unknown_srp_username

    Type:
    int
    Value:
    120                                                                   

    unsupported_certificate

    Type:
    int
    Value:
    43                                                                    

    untrusted_srp_parameters

    Type:
    int
    Value:
    122                                                                   

    user_canceled

    The handshake is being cancelled for some reason.
    Type:
    int
    Value:
    90                                                                    

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.Cryptlib_RC4-module.html0000700000175000017500000000220010206544651024414 0ustar clintclint tlslite.utils.Cryptlib_RC4
    Cryptlib_RC4
    Classes
    Cryptlib_RC4

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.TLSConnection.TLSConnection-class.html0000700000175000017500000014042210206544650025225 0ustar clintclint tlslite.TLSConnection.TLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Module TLSConnection :: Class TLSConnection
    [show private | hide private]
    [frames | no frames]

    Class TLSConnection

    TLSRecordLayer --+
                 |
                TLSConnection

    This class wraps a socket and provides TLS handshaking and data transfer.

    To use this class, create a new instance, passing a connected socket into the constructor. Then call some handshake function. If the handshake completes without raising an exception, then a TLS connection has been negotiated. You can transfer data over this connection as if it were a socket.

    This class provides both synchronous and asynchronous versions of its key functions. The synchronous versions should be used when writing single-or multi-threaded code using blocking sockets. The asynchronous versions should be used when performing asynchronous, event-based I/O with non-blocking sockets.

    Asynchronous I/O is a complicated subject; typically, you should not use the asynchronous functions directly, but should use some framework like asyncore or Twisted which TLS Lite integrates with (see tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn or tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper).
    Method Summary
      __init__(self, sock)
    Create a new TLSConnection instance.
    None or an iterable handshakeClientCert(self, certChain, privateKey, session, settings, checker, async)
    Perform a certificate-based handshake in the role of client.
    None or an iterable handshakeClientSharedKey(self, username, sharedKey, settings, checker, async)
    Perform a shared-key handshake in the role of client.
    None or an iterable handshakeClientSRP(self, username, password, session, settings, checker, async)
    Perform an SRP handshake in the role of client.
    None or an iterable handshakeClientUnknown(self, srpCallback, certCallback, session, settings, checker, async)
    Perform a to-be-determined type of handshake in the role of client.
      handshakeServer(self, sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, settings, checker)
    Perform a handshake in the role of server.
    iterable handshakeServerAsync(self, sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, settings, checker)
    Start a server handshake operation on the TLS connection.
        Inherited from TLSRecordLayer
      close(self)
    Close the TLS connection.
    iterable closeAsync(self)
    Start a close operation on the TLS connection.
    str getCipherImplementation(self)
    Get the name of the cipher implementation used with this connection.
    str getCipherName(self)
    Get the name of the cipher used with this connection.
      getpeername(self)
    Return the remote address to which the socket is connected (socket emulation).
      getsockname(self)
    Return the socket's own address (socket emulation).
      gettimeout(self)
    Return the timeout associated with socket operations (socket emulation).
    tlslite.FileObject.FileObject makefile(self, mode, bufsize)
    Create a file object for the TLS connection (socket emulation).
    str read(self, max, min)
    Read some data from the TLS connection.
    iterable readAsync(self, max, min)
    Start a read operation on the TLS connection.
      recv(self, bufsize)
    Get some data from the TLS connection (socket emulation).
      send(self, s)
    Send data to the TLS connection (socket emulation).
      sendall(self, s)
    Send data to the TLS connection (socket emulation).
      setsockopt(self, level, optname, value)
    Set the value of the given socket option (socket emulation).
      settimeout(self, value)
    Set a timeout on blocking socket operations (socket emulation).
      write(self, s)
    Write some data to the TLS connection.
    iterable writeAsync(self, s)
    Start a write operation on the TLS connection.

    Instance Variable Summary
        Inherited from TLSRecordLayer
    str or None allegedSharedKeyUsername: This is set to the shared-key username asserted by the client, whether the handshake succeeded or not.
    str or None allegedSrpUsername: This is set to the SRP username asserted by the client, whether the handshake succeeded or not.
    bool closed: If this connection is closed.
    bool closeSocket: If the socket should be closed when the connection is closed (writable).
    bool ignoreAbruptClose: If an abrupt close of the socket should raise an error (writable).
    bool resumed: If this connection is based on a resumed session.
    tlslite.Session.Session session: The session corresponding to this connection.
    socket.socket sock: The underlying socket object.
    tuple version: The TLS version being used for this connection.

    Method Details

    __init__(self, sock)
    (Constructor)

    Create a new TLSConnection instance.
    Parameters:
    sock - The socket data will be transmitted on. The socket should already be connected. It may be in blocking or non-blocking mode.
               (type=socket.socket)
    Overrides:
    tlslite.TLSRecordLayer.TLSRecordLayer.__init__

    handshakeClientCert(self, certChain=None, privateKey=None, session=None, settings=None, checker=None, async=False)

    Perform a certificate-based handshake in the role of client.

    This function performs an SSL or TLS handshake. The server will authenticate itself using an X.509 or cryptoID certificate chain. If the handshake succeeds, the server's certificate chain will be stored in the session's serverCertChain attribute. Unless a checker object is passed in, this function does no validation or checking of the server's certificate chain.

    If the server requests client authentication, the client will send the passed-in certificate chain, and use the passed-in private key to authenticate itself. If no certificate chain and private key were passed in, the client will attempt to proceed without client authentication. The server may or may not allow this.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    certChain - The certificate chain to be used if the server requests client authentication.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - The private key to be used if the server requests client authentication.
               (type=tlslite.utils.RSAKey.RSAKey)
    session - A TLS session to attempt to resume. If the resumption does not succeed, a full handshake will be performed.
               (type=tlslite.Session.Session)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    async - If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed.
               (type=bool)
    Returns:
    If 'async' is True, a generator object will be returned.
               (type=None or an iterable)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeClientSharedKey(self, username, sharedKey, settings=None, checker=None, async=False)

    Perform a shared-key handshake in the role of client.

    This function performs a shared-key handshake. Using shared symmetric keys of high entropy (128 bits or greater) mutually authenticates both parties to each other.

    TLS with shared-keys is non-standard. Most TLS implementations don't support it. See http://www.ietf.org/html.charters/tls-charter.html for the latest information on TLS with shared-keys. If the shared-keys Internet-Draft changes or is superceded, TLS Lite will track those changes, so the shared-key support in later versions of TLS Lite may become incompatible with this version.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    username - The shared-key username.
               (type=str)
    sharedKey - The shared key.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    async - If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed.
               (type=bool)
    Returns:
    If 'async' is True, a generator object will be returned.
               (type=None or an iterable)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeClientSRP(self, username, password, session=None, settings=None, checker=None, async=False)

    Perform an SRP handshake in the role of client.

    This function performs a TLS/SRP handshake. SRP mutually authenticates both parties to each other using only a username and password. This function may also perform a combined SRP and server-certificate handshake, if the server chooses to authenticate itself with a certificate chain in addition to doing SRP.

    TLS/SRP is non-standard. Most TLS implementations don't support it. See http://www.ietf.org/html.charters/tls-charter.html or http://trevp.net/tlssrp/ for the latest information on TLS/SRP.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    username - The SRP username.
               (type=str)
    password - The SRP password.
               (type=str)
    session - A TLS session to attempt to resume. This session must be an SRP session performed with the same username and password as were passed in. If the resumption does not succeed, a full SRP handshake will be performed.
               (type=tlslite.Session.Session)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    async - If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed.
               (type=bool)
    Returns:
    If 'async' is True, a generator object will be returned.
               (type=None or an iterable)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeClientUnknown(self, srpCallback=None, certCallback=None, session=None, settings=None, checker=None, async=False)

    Perform a to-be-determined type of handshake in the role of client.

    This function performs an SSL or TLS handshake. If the server requests client certificate authentication, the certCallback will be invoked and should return a (certChain, privateKey) pair. If the callback returns None, the library will attempt to proceed without client authentication. The server may or may not allow this.

    If the server requests SRP authentication, the srpCallback will be invoked and should return a (username, password) pair. If the callback returns None, the local implementation will signal a user_canceled error alert.

    After the handshake completes, the client can inspect the connection's session attribute to determine what type of authentication was performed.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    srpCallback - The callback to be used if the server requests SRP authentication. If None, the client will not offer support for SRP ciphersuites.
               (type=callable)
    certCallback - The callback to be used if the server requests client certificate authentication.
               (type=callable)
    session - A TLS session to attempt to resume. If the resumption does not succeed, a full handshake will be performed.
               (type=tlslite.Session.Session)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    async - If False, this function will block until the handshake is completed. If True, this function will return a generator. Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or will raise StopIteration if the handshake operation is completed.
               (type=bool)
    Returns:
    If 'async' is True, a generator object will be returned.
               (type=None or an iterable)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeServer(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None)

    Perform a handshake in the role of server.

    This function performs an SSL or TLS handshake. Depending on the arguments and the behavior of the client, this function can perform a shared-key, SRP, or certificate-based handshake. It can also perform a combined SRP and server-certificate handshake.

    Like any handshake function, this can be called on a closed TLS connection, or on a TLS connection that is already open. If called on an open connection it performs a re-handshake. This function does not send a Hello Request message before performing the handshake, so if re-handshaking is required, the server must signal the client to begin the re-handshake through some other means.

    If the function completes without raising an exception, the TLS connection will be open and available for data transfer.

    If an exception is raised, the connection will have been automatically closed (if it was ever open).
    Parameters:
    sharedKeyDB - A database of shared symmetric keys associated with usernames. If the client performs a shared-key handshake, the session's sharedKeyUsername attribute will be set.
               (type=tlslite.SharedKeyDB.SharedKeyDB)
    verifierDB - A database of SRP password verifiers associated with usernames. If the client performs an SRP handshake, the session's srpUsername attribute will be set.
               (type=tlslite.VerifierDB.VerifierDB)
    certChain - The certificate chain to be used if the client requests server certificate authentication.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - The private key to be used if the client requests server certificate authentication.
               (type=tlslite.utils.RSAKey.RSAKey)
    reqCert - Whether to request client certificate authentication. This only applies if the client chooses server certificate authentication; if the client chooses SRP or shared-key authentication, this will be ignored. If the client performs a client certificate authentication, the sessions's clientCertChain attribute will be set.
               (type=bool)
    sessionCache - An in-memory cache of resumable sessions. The client can resume sessions from this cache. Alternatively, if the client performs a full handshake, a new session will be added to the cache.
               (type=tlslite.SessionCache.SessionCache)
    settings - Various settings which can be used to control the ciphersuites and SSL/TLS version chosen by the server.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    checker - A Checker instance. This instance will be invoked to examine the other party's authentication credentials, if the handshake completes succesfully.
               (type=tlslite.Checker.Checker)
    Raises:
    socket.error - If a socket error occurs.
    tlslite.errors.TLSAbruptCloseError - If the socket is closed without a preceding alert.
    tlslite.errors.TLSAlert - If a TLS alert is signalled.
    tlslite.errors.TLSAuthenticationError - If the checker doesn't like the other party's authentication credentials.

    handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None)

    Start a server handshake operation on the TLS connection.

    This function returns a generator which behaves similarly to handshakeServer(). Successive invocations of the generator will return 0 if it is waiting to read from the socket, 1 if it is waiting to write to the socket, or it will raise StopIteration if the handshake operation is complete.
    Returns:
    A generator; see above for details.
               (type=iterable)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.AsyncStateMachine-module.html0000700000175000017500000000722710206544647026142 0ustar clintclint tlslite.integration.AsyncStateMachine
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module AsyncStateMachine
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.AsyncStateMachine

    A state machine for using TLS Lite with asynchronous I/O.
    Classes
    AsyncStateMachine This is an abstract class that's used to integrate TLS Lite with asyncore and Twisted.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.OpenSSL_TripleDES-module.html0000700000175000017500000001015410206544650024535 0ustar clintclint tlslite.utils.OpenSSL_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_TripleDES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.OpenSSL_TripleDES

    OpenSSL/M2Crypto 3DES implementation.
    Classes
    OpenSSL_TripleDES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.OpenSSL_AES.OpenSSL_AES-class.html0000700000175000017500000001106410206544645025151 0ustar clintclint tlslite.utils.OpenSSL_AES.OpenSSL_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_AES :: Class OpenSSL_AES
    [show private | hide private]
    [frames | no frames]

    Class OpenSSL_AES

    AES --+
      |
     OpenSSL_AES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.errors.TLSAuthenticationTypeError-class.html0000700000175000017500000001162610206544647026624 0ustar clintclint tlslite.errors.TLSAuthenticationTypeError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAuthenticationTypeError
    [show private | hide private]
    [frames | no frames]

    Class TLSAuthenticationTypeError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSAuthenticationTypeError

    The Checker was expecting the other party to authenticate with a different type of certificate chain.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.integration-module.html0000700000175000017500000000336310206544651023353 0ustar clintclint tlslite.integration
    integration
    Modules
    AsyncStateMachine
    HTTPTLSConnection
    IMAP4_TLS
    POP3_TLS
    SMTP_TLS
    TLSAsyncDispatcherMixIn
    TLSSocketServerMixIn
    TLSTwistedProtocolWrapper
    XMLRPCTransport

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.messages.ServerHelloDone-class.html0000700000175000017500000001327710206544647024745 0ustar clintclint tlslite.messages.ServerHelloDone
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ServerHelloDone
    [show private | hide private]
    [frames | no frames]

    Class ServerHelloDone

         Msg --+    
           |    
HandshakeMsg --+
               |
              ServerHelloDone

    Method Summary
      __init__(self)
      create(self)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.HandshakeSettings-module.html0000700000175000017500000000676110206544647023666 0ustar clintclint tlslite.HandshakeSettings
       Home       Trees       Index       Help   
    Package tlslite :: Module HandshakeSettings
    [show private | hide private]
    [frames | no frames]

    Module tlslite.HandshakeSettings

    Class for setting handshake parameters.
    Classes
    HandshakeSettings This class encapsulates various parameters that can be used with a TLS handshake.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.RC4-module.html0000700000175000017500000000157410206544651022561 0ustar clintclint tlslite.utils.RC4
    RC4
    Classes
    RC4

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.errors.TLSValidationError-class.html0000700000175000017500000001152010206544646025065 0ustar clintclint tlslite.errors.TLSValidationError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSValidationError
    [show private | hide private]
    [frames | no frames]

    Class TLSValidationError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSValidationError

    The Checker has determined that the other party's certificate chain is invalid.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.constants.ContentType-class.html0000700000175000017500000002427710206544647024370 0ustar clintclint tlslite.constants.ContentType
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class ContentType
    [show private | hide private]
    [frames | no frames]

    Class ContentType

    Class Variable Summary
    int alert = 21                                                                    
    tuple all = (20, 21, 22, 23)
    int application_data = 23                                                                    
    int change_cipher_spec = 20                                                                    
    int handshake = 22                                                                    

    Class Variable Details

    alert

    Type:
    int
    Value:
    21                                                                    

    all

    Type:
    tuple
    Value:
    (20, 21, 22, 23)

    application_data

    Type:
    int
    Value:
    23                                                                    

    change_cipher_spec

    Type:
    int
    Value:
    20                                                                    

    handshake

    Type:
    int
    Value:
    22                                                                    

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/trees.html0000700000175000017500000006133210206544651016425 0ustar clintclint Module and Class Hierarchies
       Home       Trees       Index       Help   
    [show private | hide private]
    [frames | no frames]

    Module Hierarchy

    Class Hierarchy

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:57 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.ASN1Parser-module.html0000700000175000017500000000165510206544651024050 0ustar clintclint tlslite.utils.ASN1Parser
    ASN1Parser
    Classes
    ASN1Parser

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite-module.html0000700000175000017500000002617610206544646020261 0ustar clintclint tlslite
       Home       Trees       Index       Help   
    Package tlslite
    [show private | hide private]
    [frames | no frames]

    Package tlslite

    TLS Lite is a free python library that implements SSL v3, TLS v1, and TLS v1.1. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs, in addition to X.509 certificates. TLS Lite is pure python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, SocketServer, asyncore, and Twisted.

    To use, do: 
       from tlslite.api import *
    Then use the tlslite.TLSConnection.TLSConnection class with a socket, or use one of the integration classes in tlslite.integration.

    Version: 0.3.8

    Submodules

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.SharedKeyDB-module.html0000700000175000017500000000665410206544647022345 0ustar clintclint tlslite.SharedKeyDB
       Home       Trees       Index       Help   
    Package tlslite :: Module SharedKeyDB
    [show private | hide private]
    [frames | no frames]

    Module tlslite.SharedKeyDB

    Class for storing shared keys.
    Classes
    SharedKeyDB This class represent an in-memory or on-disk database of shared keys.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.OpenSSL_RC4-module.html0000700000175000017500000000772510206544645023350 0ustar clintclint tlslite.utils.OpenSSL_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.OpenSSL_RC4

    OpenSSL/M2Crypto RC4 implementation.
    Classes
    OpenSSL_RC4  

    Function Summary
      new(key)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils-module.html0000700000175000017500000001532010206544646021405 0ustar clintclint tlslite.utils
       Home       Trees       Index       Help   
    Package tlslite :: Package utils
    [show private | hide private]
    [frames | no frames]

    Package tlslite.utils

    Toolkit for crypto and other stuff.
    Submodules

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.X509-module.html0000700000175000017500000000654210206544650020713 0ustar clintclint tlslite.X509
       Home       Trees       Index       Help   
    Package tlslite :: Module X509
    [show private | hide private]
    [frames | no frames]

    Module tlslite.X509

    Class representing an X.509 certificate.
    Classes
    X509 This class represents an X.509 certificate.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.VerifierDB-module.html0000700000175000017500000000162510206544651023010 0ustar clintclint tlslite.VerifierDB
    VerifierDB
    Classes
    VerifierDB

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.errors-module.html0000700000175000017500000001342010206544650021553 0ustar clintclint tlslite.errors
       Home       Trees       Index       Help   
    Package tlslite :: Module errors
    [show private | hide private]
    [frames | no frames]

    Module tlslite.errors

    Exception classes.
    Exceptions
    TLSError Base class for all TLS Lite exceptions.
    TLSAbruptCloseError The socket was closed without a proper TLS shutdown.
    TLSAlert A TLS alert has been signalled.
    TLSLocalAlert A TLS alert has been signalled by the local implementation.
    TLSRemoteAlert A TLS alert has been signalled by the remote implementation.
    TLSAuthenticationError The handshake succeeded, but the other party's authentication was inadequate.
    TLSNoAuthenticationError The Checker was expecting the other party to authenticate with a certificate chain, but this did not occur.
    TLSAuthenticationTypeError The Checker was expecting the other party to authenticate with a different type of certificate chain.
    TLSFingerprintError The Checker was expecting the other party to authenticate with a certificate chain that matches a different fingerprint.
    TLSAuthorizationError The Checker was expecting the other party to authenticate with a certificate chain that has a different authorization.
    TLSValidationError The Checker has determined that the other party's certificate chain is invalid.
    TLSFaultError The other party responded incorrectly to an induced fault.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.HTTPTLSConnection-module.html0000700000175000017500000000773610206544647025766 0ustar clintclint tlslite.integration.HTTPTLSConnection
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module HTTPTLSConnection
    [show private | hide private]
    [frames | no frames]

    Module tlslite.integration.HTTPTLSConnection

    TLS Lite + httplib.
    Classes
    HTTPBaseTLSConnection This abstract class provides a framework for adding TLS support to httplib.
    HTTPTLSConnection This class extends HTTPBaseTLSConnection to support the common types of handshaking.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.CertificateVerify-class.html0000700000175000017500000001340410206544645025302 0ustar clintclint tlslite.messages.CertificateVerify
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class CertificateVerify
    [show private | hide private]
    [frames | no frames]

    Class CertificateVerify

         Msg --+    
           |    
HandshakeMsg --+
               |
              CertificateVerify

    Method Summary
      __init__(self)
      create(self, signature)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    ././@LongLink0000000000000000000000000000015100000000000011562 Lustar rootroottlslite-0.3.8/docs/public/tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn-class.htmltlslite-0.3.8/docs/public/tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn-class.0000700000175000017500000004044010206544647032553 0ustar clintclint tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSAsyncDispatcherMixIn :: Class TLSAsyncDispatcherMixIn
    [show private | hide private]
    [frames | no frames]

    Class TLSAsyncDispatcherMixIn

    AsyncStateMachine --+
                    |
                   TLSAsyncDispatcherMixIn

    This class can be "mixed in" with an asyncore.dispatcher to add TLS support.

    This class essentially sits between the dispatcher and the select loop, intercepting events and only calling the dispatcher when applicable.

    In the case of handle_read(), a read operation will be activated, and when it completes, the bytes will be placed in a buffer where the dispatcher can retrieve them by calling recv(), and the dispatcher's handle_read() will be called.

    In the case of handle_write(), the dispatcher's handle_write() will be called, and when it calls send(), a write operation will be activated.

    To use this class, you must combine it with an asyncore.dispatcher, and pass in a handshake operation with setServerHandshakeOp().

    Below is an example of using this class with medusa. This class is mixed in with http_channel to create http_tls_channel. Note:
    1. the mix-in is listed first in the inheritance list
    2. the input buffer size must be at least 16K, otherwise the dispatcher might not read all the bytes from the TLS layer, leaving some bytes in limbo.
    3. IE seems to have a problem receiving a whole HTTP response in a single TLS record, so HTML pages containing '\r\n\r\n' won't be displayed on IE.
    Add the following text into 'start_medusa.py', in the 'HTTP Server' section: 
       from tlslite.api import *
   s = open("./serverX509Cert.pem").read()
   x509 = X509()
   x509.parse(s)
   certChain = X509CertChain([x509])

   s = open("./serverX509Key.pem").read()
   privateKey = parsePEMKey(s, private=True)

   class http_tls_channel(TLSAsyncDispatcherMixIn,
                          http_server.http_channel):
       ac_in_buffer_size = 16384

       def __init__ (self, server, conn, addr):
           http_server.http_channel.__init__(self, server, conn, addr)
           TLSAsyncDispatcherMixIn.__init__(self, conn)
           self.tlsConnection.ignoreAbruptClose = True
           self.setServerHandshakeOp(certChain=certChain,
                                     privateKey=privateKey)

   hs.channel_class = http_tls_channel
    If the TLS layer raises an exception, the exception will be caught in asyncore.dispatcher, which will call close() on this class. The TLS layer always closes the TLS connection before raising an exception, so the close operation will complete right away, causing asyncore.dispatcher.close() to be called, which closes the socket and removes this instance from the asyncore loop.
    Method Summary
      __init__(self, sock)
      close(self)
      handle_read(self)
      handle_write(self)
      outCloseEvent(self)
    Called when a close operation completes.
      outConnectEvent(self)
    Called when a handshake operation completes.
      outReadEvent(self, readBuffer)
    Called when a read operation completes.
      outWriteEvent(self)
    Called when a write operation completes.
      readable(self)
      recv(self, bufferSize)
      send(self, writeBuffer)
      writable(self)
        Inherited from AsyncStateMachine
      inReadEvent(self)
    Tell the state machine it can read from the socket.
      inWriteEvent(self)
    Tell the state machine it can write to the socket.
      setCloseOp(self)
    Start a close operation.
      setHandshakeOp(self, handshaker)
    Start a handshake operation.
      setServerHandshakeOp(self, **args)
    Start a handshake operation.
      setWriteOp(self, writeBuffer)
    Start a write operation.
    bool or None wantsReadEvent(self)
    If the state machine wants to read.
    bool or None wantsWriteEvent(self)
    If the state machine wants to write.

    Method Details

    outCloseEvent(self)

    Called when a close operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outCloseEvent (inherited documentation)

    outConnectEvent(self)

    Called when a handshake operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outConnectEvent (inherited documentation)

    outReadEvent(self, readBuffer)

    Called when a read operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outReadEvent (inherited documentation)

    outWriteEvent(self)

    Called when a write operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outWriteEvent (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.TLSRecordLayer-module.html0000700000175000017500000000166110206544651023625 0ustar clintclint tlslite.TLSRecordLayer
    TLSRecordLayer
    Classes
    TLSRecordLayer

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.SessionCache-module.html0000700000175000017500000000202110206544651023365 0ustar clintclint tlslite.SessionCache
    SessionCache
    Classes
    SessionCache

    Functions

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.utils.OpenSSL_RC4-module.html0000700000175000017500000000217010206544651024115 0ustar clintclint tlslite.utils.OpenSSL_RC4
    OpenSSL_RC4
    Classes
    OpenSSL_RC4

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.rijndael.rijndael-class.html0000700000175000017500000001053210206544645024602 0ustar clintclint tlslite.utils.rijndael.rijndael
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module rijndael :: Class rijndael
    [show private | hide private]
    [frames | no frames]

    Class rijndael

    Method Summary
      __init__(self, key, block_size)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.keyfactory-module.html0000700000175000017500000003767110206544646023601 0ustar clintclint tlslite.utils.keyfactory
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module keyfactory
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.keyfactory

    Factory functions for asymmetric cryptography.
    Function Summary
    tlslite.utils.RSAKey.RSAKey generateRSAKey(bits, implementations)
    Generate an RSA key with the specified bit length.
    tlslite.utils.RSAKey.RSAKey parseXMLKey(s, private, public, implementations)
    Parse an XML-format key.
    tlslite.utils.RSAKey.RSAKey parsePEMKey(s, private, public, passwordCallback, implementations)
    Parse a PEM-format key.
    tlslite.utils.RSAKey.RSAKey parseAsPublicKey(s)
    Parse an XML or PEM-formatted public key.
    tlslite.utils.RSAKey.RSAKey parsePrivateKey(s)
    Parse an XML or PEM-formatted private key.

    Function Details

    generateRSAKey(bits, implementations=['openssl', 'python'])

    Generate an RSA key with the specified bit length.
    Parameters:
    bits - Desired bit length of the new key's modulus.
               (type=int)
    Returns:
    A new RSA private key.
               (type=tlslite.utils.RSAKey.RSAKey)

    parseXMLKey(s, private=False, public=False, implementations=['python'])

    Parse an XML-format key.

    The XML format used here is specific to tlslite and cryptoIDlib. The format can store the public component of a key, or the public and private components. For example: 
       <publicKey xmlns="http://trevp.net/rsa">
       <n>4a5yzB8oGNlHo866CAspAC47M4Fvx58zwK8pou...
       <e>Aw==</e>
   </publicKey>

   <privateKey xmlns="http://trevp.net/rsa">
       <n>4a5yzB8oGNlHo866CAspAC47M4Fvx58zwK8pou...
       <e>Aw==</e>
       <d>JZ0TIgUxWXmL8KJ0VqyG1V0J3ern9pqIoB0xmy...
       <p>5PreIj6z6ldIGL1V4+1C36dQFHNCQHJvW52GXc...
       <q>/E/wDit8YXPCxx126zTq2ilQ3IcW54NJYyNjiZ...
       <dP>mKc+wX8inDowEH45Qp4slRo1YveBgExKPROu6...
       <dQ>qDVKtBz9lk0shL5PR3ickXDgkwS576zbl2ztB...
       <qInv>j6E8EA7dNsTImaXexAmLA1DoeArsYeFAInr...
   </privateKey>
    Parameters:
    s - A string containing an XML public or private key.
               (type=str)
    private - If True, a SyntaxError will be raised if the private key component is not present.
               (type=bool)
    public - If True, the private key component (if present) will be discarded, so this function will always return a public key.
               (type=bool)
    Returns:
    An RSA key.
               (type=tlslite.utils.RSAKey.RSAKey)
    Raises:
    SyntaxError - If the key is not properly formatted.

    parsePEMKey(s, private=False, public=False, passwordCallback=None, implementations=['openssl', 'python'])

    Parse a PEM-format key.

    The PEM format is used by OpenSSL and other tools. The format is typically used to store both the public and private components of a key. For example: 
      -----BEGIN RSA PRIVATE KEY-----
   MIICXQIBAAKBgQDYscuoMzsGmW0pAYsmyHltxB2TdwHS0dImfjCMfaSDkfLdZY5+
   dOWORVns9etWnr194mSGA1F0Pls/VJW8+cX9+3vtJV8zSdANPYUoQf0TP7VlJxkH
   dSRkUbEoz5bAAs/+970uos7n7iXQIni+3erUTdYEk2iWnMBjTljfgbK/dQIDAQAB
   AoGAJHoJZk75aKr7DSQNYIHuruOMdv5ZeDuJvKERWxTrVJqE32/xBKh42/IgqRrc
   esBN9ZregRCd7YtxoL+EVUNWaJNVx2mNmezEznrc9zhcYUrgeaVdFO2yBF1889zO
   gCOVwrO8uDgeyj6IKa25H6c1N13ih/o7ZzEgWbGG+ylU1yECQQDv4ZSJ4EjSh/Fl
   aHdz3wbBa/HKGTjC8iRy476Cyg2Fm8MZUe9Yy3udOrb5ZnS2MTpIXt5AF3h2TfYV
   VoFXIorjAkEA50FcJmzT8sNMrPaV8vn+9W2Lu4U7C+K/O2g1iXMaZms5PC5zV5aV
   CKXZWUX1fq2RaOzlbQrpgiolhXpeh8FjxwJBAOFHzSQfSsTNfttp3KUpU0LbiVvv
   i+spVSnA0O4rq79KpVNmK44Mq67hsW1P11QzrzTAQ6GVaUBRv0YS061td1kCQHnP
   wtN2tboFR6lABkJDjxoGRvlSt4SOPr7zKGgrWjeiuTZLHXSAnCY+/hr5L9Q3ZwXG
   6x6iBdgLjVIe4BZQNtcCQQDXGv/gWinCNTN3MPWfTW/RGzuMYVmyBFais0/VrgdH
   h1dLpztmpQqfyH/zrBXQ9qL/zR4ojS6XYneO/U18WpEe
   -----END RSA PRIVATE KEY-----
    To generate a key like this with OpenSSL, run: 
       openssl genrsa 2048 > key.pem
    This format also supports password-encrypted private keys. TLS Lite can only handle password-encrypted private keys when OpenSSL and M2Crypto are installed. In this case, passwordCallback will be invoked to query the user for the password.
    Parameters:
    s - A string containing a PEM-encoded public or private key.
               (type=str)
    private - If True, a SyntaxError will be raised if the private key component is not present.
               (type=bool)
    public - If True, the private key component (if present) will be discarded, so this function will always return a public key.
               (type=bool)
    passwordCallback - This function will be called, with no arguments, if the PEM-encoded private key is password-encrypted. The callback should return the password string. If the password is incorrect, SyntaxError will be raised. If no callback is passed and the key is password-encrypted, a prompt will be displayed at the console.
               (type=callable)
    Returns:
    An RSA key.
               (type=tlslite.utils.RSAKey.RSAKey)
    Raises:
    SyntaxError - If the key is not properly formatted.

    parseAsPublicKey(s)

    Parse an XML or PEM-formatted public key.
    Parameters:
    s - A string containing an XML or PEM-encoded public or private key.
               (type=str)
    Returns:
    An RSA public key.
               (type=tlslite.utils.RSAKey.RSAKey)
    Raises:
    SyntaxError - If the key is not properly formatted.

    parsePrivateKey(s)

    Parse an XML or PEM-formatted private key.
    Parameters:
    s - A string containing an XML or PEM-encoded private key.
               (type=str)
    Returns:
    An RSA private key.
               (type=tlslite.utils.RSAKey.RSAKey)
    Raises:
    SyntaxError - If the key is not properly formatted.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.errors.TLSNoAuthenticationError-class.html0000700000175000017500000001162010206544647026251 0ustar clintclint tlslite.errors.TLSNoAuthenticationError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSNoAuthenticationError
    [show private | hide private]
    [frames | no frames]

    Class TLSNoAuthenticationError

         Exception --+        
                 |        
          TLSError --+    
                     |    
TLSAuthenticationError --+
                         |
                        TLSNoAuthenticationError

    The Checker was expecting the other party to authenticate with a certificate chain, but this did not occur.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.integration.HTTPTLSConnection-module.html0000700000175000017500000000217310206544651026532 0ustar clintclint tlslite.integration.HTTPTLSConnection
    HTTPTLSConnection
    Classes
    HTTPBaseTLSConnection
    HTTPTLSConnection

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.messages.RecordHeader2-class.html0000700000175000017500000000754010206544645024310 0ustar clintclint tlslite.messages.RecordHeader2
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class RecordHeader2
    [show private | hide private]
    [frames | no frames]

    Class RecordHeader2

    Method Summary
      __init__(self)
      parse(self, p)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.ClientHello-class.html0000700000175000017500000001407410206544650024075 0ustar clintclint tlslite.messages.ClientHello
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ClientHello
    [show private | hide private]
    [frames | no frames]

    Class ClientHello

         Msg --+    
           |    
HandshakeMsg --+
               |
              ClientHello

    Method Summary
      __init__(self, ssl2)
      create(self, version, random, session_id, cipher_suites, certificate_types, srp_username)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/xmlrpclib.Transport-class.html0000700000175000017500000002011010206544647022367 0ustar clintclint xmlrpclib.Transport
       Home       Trees       Index       Help   
    Module xmlrpclib :: Class Transport
    [show private | hide private]
    [frames | no frames]

    Class Transport

    Known Subclasses:
    XMLRPCTransport
    Handles an HTTP transaction to an XML-RPC server.
    Method Summary
      get_host_info(self, host)
      getparser(self)
      make_connection(self, host)
      parse_response(self, file)
      request(self, host, handler, request_body, verbose)
      send_content(self, connection, request_body)
      send_host(self, connection, host)
      send_request(self, connection, handler, request_body)
      send_user_agent(self, connection)

    Class Variable Summary
    str user_agent = 'xmlrpclib.py/1.0.1 (by www.pythonware.com)...

    Class Variable Details

    user_agent

    Type:
    str
    Value:
    'xmlrpclib.py/1.0.1 (by www.pythonware.com)'

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.AsyncStateMachine.AsyncStateMachine-class.html0000700000175000017500000003650110206544647031321 0ustar clintclint tlslite.integration.AsyncStateMachine.AsyncStateMachine
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module AsyncStateMachine :: Class AsyncStateMachine
    [show private | hide private]
    [frames | no frames]

    Class AsyncStateMachine

    Known Subclasses:
    TLSAsyncDispatcherMixIn, TLSTwistedProtocolWrapper

    This is an abstract class that's used to integrate TLS Lite with asyncore and Twisted.

    This class signals wantsReadsEvent() and wantsWriteEvent(). When the underlying socket has become readable or writeable, the event should be passed to this class by calling inReadEvent() or inWriteEvent(). This class will then try to read or write through the socket, and will update its state appropriately.

    This class will forward higher-level events to its subclass. For example, when a complete TLS record has been received, outReadEvent() will be called with the decrypted data.
    Method Summary
      __init__(self)
      inReadEvent(self)
    Tell the state machine it can read from the socket.
      inWriteEvent(self)
    Tell the state machine it can write to the socket.
      outCloseEvent(self)
    Called when a close operation completes.
      outConnectEvent(self)
    Called when a handshake operation completes.
      outReadEvent(self, readBuffer)
    Called when a read operation completes.
      outWriteEvent(self)
    Called when a write operation completes.
      setCloseOp(self)
    Start a close operation.
      setHandshakeOp(self, handshaker)
    Start a handshake operation.
      setServerHandshakeOp(self, **args)
    Start a handshake operation.
      setWriteOp(self, writeBuffer)
    Start a write operation.
    bool or None wantsReadEvent(self)
    If the state machine wants to read.
    bool or None wantsWriteEvent(self)
    If the state machine wants to write.

    Method Details

    inReadEvent(self)

    Tell the state machine it can read from the socket.

    inWriteEvent(self)

    Tell the state machine it can write to the socket.

    outCloseEvent(self)

    Called when a close operation completes.

    May be overridden in subclass.

    outConnectEvent(self)

    Called when a handshake operation completes.

    May be overridden in subclass.

    outReadEvent(self, readBuffer)

    Called when a read operation completes.

    May be overridden in subclass.

    outWriteEvent(self)

    Called when a write operation completes.

    May be overridden in subclass.

    setCloseOp(self)

    Start a close operation.

    setHandshakeOp(self, handshaker)

    Start a handshake operation.
    Parameters:
    handshaker - A generator created by using one of the asynchronous handshake functions (i.e. handshakeServerAsync, or handshakeClientxxx(..., async=True).
               (type=generator)

    setServerHandshakeOp(self, **args)

    Start a handshake operation.

    The arguments passed to this function will be forwarded to tlslite.TLSConnection.TLSConnection.handshakeServerAsync.

    setWriteOp(self, writeBuffer)

    Start a write operation.
    Parameters:
    writeBuffer - The string to transmit.
               (type=str)

    wantsReadEvent(self)

    If the state machine wants to read.

    If an operation is active, this returns whether or not the operation wants to read from the socket. If an operation is not active, this returns None.
    Returns:
    If the state machine wants to read.
               (type=bool or None)

    wantsWriteEvent(self)

    If the state machine wants to write.

    If an operation is active, this returns whether or not the operation wants to write to the socket. If an operation is not active, this returns None.
    Returns:
    If the state machine wants to write.
               (type=bool or None)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.Checker-module.html0000700000175000017500000000160010206544651022364 0ustar clintclint tlslite.Checker
    Checker
    Classes
    Checker

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.errors.TLSAuthenticationError-class.html0000700000175000017500000001314610206544645025757 0ustar clintclint tlslite.errors.TLSAuthenticationError
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSAuthenticationError
    [show private | hide private]
    [frames | no frames]

    Class TLSAuthenticationError

    Exception --+    
            |    
     TLSError --+
                |
               TLSAuthenticationError

    Known Subclasses:
    TLSAuthenticationTypeError, TLSAuthorizationError, TLSFingerprintError, TLSNoAuthenticationError, TLSValidationError

    The handshake succeeded, but the other party's authentication was inadequate.

    This exception will only be raised when a tlslite.Checker.Checker has been passed to a handshake function. The Checker will be invoked once the handshake completes, and if the Checker objects to how the other party authenticated, a subclass of this exception will be raised.
    Method Summary
        Inherited from Exception
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.Python_AES-module.html0000700000175000017500000000216010206544651024132 0ustar clintclint tlslite.utils.Python_AES
    Python_AES
    Classes
    Python_AES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.AES.AES-class.html0000700000175000017500000001150510206544647022245 0ustar clintclint tlslite.utils.AES.AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module AES :: Class AES
    [show private | hide private]
    [frames | no frames]

    Class AES

    Known Subclasses:
    Cryptlib_AES, OpenSSL_AES, PyCrypto_AES, Python_AES
    Method Summary
      __init__(self, key, mode, IV, implementation)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.PyCrypto_TripleDES-module.html0000700000175000017500000000226010206544651025626 0ustar clintclint tlslite.utils.PyCrypto_TripleDES
    PyCrypto_TripleDES
    Classes
    PyCrypto_TripleDES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.dateFuncs-module.html0000700000175000017500000001325010206544646023320 0ustar clintclint tlslite.utils.dateFuncs
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module dateFuncs
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.dateFuncs

    Function Summary
      createDateClass(year, month, day, hour, minute, second)
      getHoursFromNow(hours)
      getMinutesFromNow(minutes)
      getNow()
      isDateClassBefore(d1, d2)
      isDateClassExpired(d)
      parseDateClass(s)
      printDateClass(d)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.AES-module.html0000700000175000017500000000661110206544647022020 0ustar clintclint tlslite.utils.AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.AES

    Abstract class for AES.
    Classes
    AES  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.TLSConnection-module.html0000700000175000017500000000165210206544651023511 0ustar clintclint tlslite.TLSConnection
    TLSConnection
    Classes
    TLSConnection

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.OpenSSL_RSAKey-module.html0000700000175000017500000001016510206544647024050 0ustar clintclint tlslite.utils.OpenSSL_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_RSAKey
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.OpenSSL_RSAKey

    OpenSSL/M2Crypto RSA implementation.
    Classes
    OpenSSL_RSAKey  

    Function Summary
      password_callback(v, prompt1, prompt2)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Python_RSAKey.Python_RSAKey-class.html0000700000175000017500000003732510206544645026331 0ustar clintclint tlslite.utils.Python_RSAKey.Python_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_RSAKey :: Class Python_RSAKey
    [show private | hide private]
    [frames | no frames]

    Class Python_RSAKey

    RSAKey --+
         |
        Python_RSAKey

    Method Summary
      __init__(self, n, e)
    Create a new RSA key.
    bool acceptsPassword(self)
    Return True if the write() method accepts a password for use in encrypting the private key.
      generate(bits)
    (Static method)
    str hash(self)
    Return the cryptoID <keyHash> value corresponding to this key.
    bool hasPrivateKey(self)
    Return whether or not this key has a private component.
      parsePEM(s, passwordCallback)
    Parse a string containing a <privateKey> or <publicKey>, or PEM-encoded key. (Static method)
      parseXML(s)
    (Static method)
      write(self, indent)
    str writeXMLPublicKey(self, indent)
    Return a string containing the key.
        Inherited from RSAKey
    int __len__(self)
    Return the length of this key in bits.
    array.array of unsigned bytes or None. decrypt(self, encBytes)
    Decrypt the passed-in bytes.
    array.array of unsigned bytes. encrypt(self, bytes)
    Encrypt the passed-in bytes.
    str getSigningAlgorithm(self)
    Return the cryptoID sigAlgo value corresponding to this key.
    array.array of unsigned bytes. hashAndSign(self, bytes)
    Hash and sign the passed-in bytes.
    bool hashAndVerify(self, sigBytes, bytes)
    Hash and verify the passed-in bytes with the signature.
    array.array of unsigned bytes. sign(self, bytes)
    Sign the passed-in bytes.
    bool verify(self, sigBytes, bytes)
    Verify the passed-in bytes with the signature.

    Instance Method Details

    __init__(self, n=0, e=0, d=0, p=0, q=0, dP=0, dQ=0, qInv=0)
    (Constructor)

    Create a new RSA key.

    If n and e are passed in, the new key will be initialized.
    Parameters:
    n - RSA modulus.
               (type=int)
    e - RSA public exponent.
               (type=int)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.__init__ (inherited documentation)

    acceptsPassword(self)

    Return True if the write() method accepts a password for use in encrypting the private key.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.acceptsPassword (inherited documentation)

    hash(self)

    Return the cryptoID <keyHash> value corresponding to this key.
    Returns:
    str
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hash (inherited documentation)

    hasPrivateKey(self)

    Return whether or not this key has a private component.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hasPrivateKey (inherited documentation)

    writeXMLPublicKey(self, indent='')

    Return a string containing the key.
    Returns:
    A string describing the public key, in XML format.
               (type=str)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.writeXMLPublicKey (inherited documentation)

    Static Method Details

    parsePEM(s, passwordCallback=None)

    Parse a string containing a <privateKey> or <publicKey>, or PEM-encoded key.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.Msg-class.html0000700000175000017500000001046410206544647022426 0ustar clintclint tlslite.messages.Msg
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class Msg
    [show private | hide private]
    [frames | no frames]

    Class Msg

    Known Subclasses:
    Alert, ApplicationData, ChangeCipherSpec, HandshakeMsg
    Method Summary
      postWrite(self, w, trial)
      preWrite(self, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.compat-module.html0000700000175000017500000000304410206544651023446 0ustar clintclint tlslite.utils.compat
    compat
    Functions
    bytesToString
    concatArrays
    createByteArraySequence
    createByteArrayZeros
    formatExceptionTrace
    numBits
    stringToBytes

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.messages.ServerHello-class.html0000700000175000017500000001371210206544647024131 0ustar clintclint tlslite.messages.ServerHello
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class ServerHello
    [show private | hide private]
    [frames | no frames]

    Class ServerHello

         Msg --+    
           |    
HandshakeMsg --+
               |
              ServerHello

    Method Summary
      __init__(self)
      create(self, version, random, session_id, cipher_suite, certificate_type)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.rijndael-module.html0000700000175000017500000000540110206544651023752 0ustar clintclint tlslite.utils.rijndael
    rijndael
    Classes
    rijndael

    Functions
    decrypt
    encrypt
    test

    Variables
    num_rounds
    rcon
    S
    shifts
    Si
    T1
    T2
    T3
    T4
    T5
    T6
    T7
    T8
    U1
    U2
    U3
    U4

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES-class.html0000700000175000017500000001164010206544645030331 0ustar clintclint tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_TripleDES :: Class Cryptlib_TripleDES
    [show private | hide private]
    [frames | no frames]

    Class Cryptlib_TripleDES

    TripleDES --+
            |
           Cryptlib_TripleDES

    Method Summary
      __init__(self, key, mode, IV)
      __del__(self)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc.html0000700000175000017500000001540410206544651016067 0ustar clintclint Table of Contents
    Table of Contents
    Everything

    Packages
    tlslite
    tlslite.integration
    tlslite.utils

    Modules
    tlslite.api
    tlslite.BaseDB
    tlslite.Checker
    tlslite.constants
    tlslite.errors
    tlslite.FileObject
    tlslite.HandshakeSettings
    tlslite.integration.AsyncStateMachine
    tlslite.integration.HTTPTLSConnection
    tlslite.integration.IMAP4_TLS
    tlslite.integration.POP3_TLS
    tlslite.integration.SMTP_TLS
    tlslite.integration.TLSAsyncDispatcherMixIn
    tlslite.integration.TLSSocketServerMixIn
    tlslite.integration.TLSTwistedProtocolWrapper
    tlslite.integration.XMLRPCTransport
    tlslite.mathtls
    tlslite.messages
    tlslite.Session
    tlslite.SessionCache
    tlslite.SharedKeyDB
    tlslite.TLSConnection
    tlslite.TLSRecordLayer
    tlslite.utils.AES
    tlslite.utils.ASN1Parser
    tlslite.utils.cipherfactory
    tlslite.utils.codec
    tlslite.utils.compat
    tlslite.utils.Cryptlib_AES
    tlslite.utils.Cryptlib_RC4
    tlslite.utils.Cryptlib_TripleDES
    tlslite.utils.dateFuncs
    tlslite.utils.hmac
    tlslite.utils.keyfactory
    tlslite.utils.OpenSSL_AES
    tlslite.utils.OpenSSL_RC4
    tlslite.utils.OpenSSL_RSAKey
    tlslite.utils.OpenSSL_TripleDES
    tlslite.utils.PyCrypto_AES
    tlslite.utils.PyCrypto_RC4
    tlslite.utils.PyCrypto_RSAKey
    tlslite.utils.PyCrypto_TripleDES
    tlslite.utils.Python_AES
    tlslite.utils.Python_RC4
    tlslite.utils.Python_RSAKey
    tlslite.utils.RC4
    tlslite.utils.rijndael
    tlslite.utils.RSAKey
    tlslite.utils.TripleDES
    tlslite.utils.xmltools
    tlslite.VerifierDB
    tlslite.X509
    tlslite.X509CertChain

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.constants.AlertLevel-class.html0000700000175000017500000001471010206544647024142 0ustar clintclint tlslite.constants.AlertLevel
       Home       Trees       Index       Help   
    Package tlslite :: Module constants :: Class AlertLevel
    [show private | hide private]
    [frames | no frames]

    Class AlertLevel

    Class Variable Summary
    int fatal = 2                                                                     
    int warning = 1                                                                     

    Class Variable Details

    fatal

    Type:
    int
    Value:
    2                                                                     

    warning

    Type:
    int
    Value:
    1                                                                     

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.X509CertChain.X509CertChain-class.html0000700000175000017500000002712110206544646024542 0ustar clintclint tlslite.X509CertChain.X509CertChain
       Home       Trees       Index       Help   
    Package tlslite :: Module X509CertChain :: Class X509CertChain
    [show private | hide private]
    [frames | no frames]

    Class X509CertChain

    This class represents a chain of X.509 certificates.
    Method Summary
      __init__(self, x509List)
    Create a new X509CertChain.
    str or None getCommonName(self)
    Get the Subject's Common Name from the end-entity certificate.
    tlslite.utils.RSAKey.RSAKey getEndEntityPublicKey(self)
    Get the public key from the end-entity certificate.
    str getFingerprint(self)
    Get the hex-encoded fingerprint of the end-entity certificate.
    int getNumCerts(self)
    Get the number of certificates in this chain.
      validate(self, x509TrustList)
    Check the validity of the certificate chain.

    Instance Variable Summary
    list x509List: A list of tlslite.X509.X509 instances, starting with the end-entity certificate and with every subsequent certificate certifying the previous.

    Method Details

    __init__(self, x509List=None)
    (Constructor)

    Create a new X509CertChain.
    Parameters:
    x509List - A list of tlslite.X509.X509 instances, starting with the end-entity certificate and with every subsequent certificate certifying the previous.
               (type=list)

    getCommonName(self)

    Get the Subject's Common Name from the end-entity certificate.

    The cryptlib_py module must be installed in order to use this function.
    Returns:
    The CN component of the certificate's subject DN, if present.
               (type=str or None)

    getEndEntityPublicKey(self)

    Get the public key from the end-entity certificate.
    Returns:
    tlslite.utils.RSAKey.RSAKey

    getFingerprint(self)

    Get the hex-encoded fingerprint of the end-entity certificate.
    Returns:
    A hex-encoded fingerprint.
               (type=str)

    getNumCerts(self)

    Get the number of certificates in this chain.
    Returns:
    int

    validate(self, x509TrustList)

    Check the validity of the certificate chain.

    This checks that every certificate in the chain validates with the subsequent one, until some certificate validates with (or is identical to) one of the passed-in root certificates.

    The cryptlib_py module must be installed in order to use this function.
    Parameters:
    x509TrustList - A list of trusted root certificates. The certificate chain must extend to one of these certificates to be considered valid.
               (type=list of tlslite.X509.X509)

    Instance Variable Details

    x509List

    A list of tlslite.X509.X509 instances, starting with the end-entity certificate and with every subsequent certificate certifying the previous.
    Type:
    list

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.xmltools-module.html0000700000175000017500000005027310206544645023272 0ustar clintclint tlslite.utils.xmltools
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module xmltools
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.xmltools

    Helper functions for XML.

    This module has misc. helper functions for working with XML DOM nodes.
    Function Summary
      checkName(element, name)
      checkNoMoreAttributes(element)
      escape(s)
      getAttribute(element, attrName, regEx)
      getChild(element, index, name)
      getChildIter(element, index)
      getChildOrNone(element, index)
      getLastChild(element, index, name)
      getReqAttribute(element, attrName, regEx)
      getText(element, regEx)
      indent(s, steps, ch)
      parseAndStripWhitespace(s)
      parseDocument(s)
      stripWhitespace(element, tab)

    Variable Summary
    str base64RegEx = '[A-Za-z0-9+/]+={0,4}\\Z'
    str booleanRegEx = '(true)|(false)'
    str certsListRegEx = '(0)?(1)?(2)?(3)?(4)?(5)?(6)?(7)?(8)?(9...
    str cryptoIDRegEx = '([a-km-z3-9]{5}\\.){3}[a-km-z3-9]{5}\\Z...
    str dateTimeRegEx = '\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\...
    str exprRegEx = '[a-zA-Z0-9 ,()]{1,200}\\Z'
    str keyRegEx = '[A-Z]\\Z'
    str keysListRegEx = '(A)?(B)?(C)?(D)?(E)?(F)?(G)?(H)?(I)?(J)...
    str nsRegEx = 'http://trevp.net/cryptoID\\Z'
    str sha1Base64RegEx = '[A-Za-z0-9+/]{27}=\\Z'
    str shortStringRegEx = '.{1,100}\\Z'
    str urlRegEx = 'http(s)?://.{1,100}\\Z'

    Variable Details

    base64RegEx

    Type:
    str
    Value:
    '[A-Za-z0-9+/]+={0,4}\\Z'

    booleanRegEx

    Type:
    str
    Value:
    '(true)|(false)'

    certsListRegEx

    Type:
    str
    Value:
    '(0)?(1)?(2)?(3)?(4)?(5)?(6)?(7)?(8)?(9)?\\Z'

    cryptoIDRegEx

    Type:
    str
    Value:
    '([a-km-z3-9]{5}\\.){3}[a-km-z3-9]{5}\\Z'

    dateTimeRegEx

    Type:
    str
    Value:
    '\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ\\Z'

    exprRegEx

    Type:
    str
    Value:
    '[a-zA-Z0-9 ,()]{1,200}\\Z'

    keyRegEx

    Type:
    str
    Value:
    '[A-Z]\\Z'

    keysListRegEx

    Type:
    str
    Value:
    '(A)?(B)?(C)?(D)?(E)?(F)?(G)?(H)?(I)?(J)?(K)?(L)?(M)?(N)?(O)?(P)?(Q)?(\
R)?(S)?(T)?(U)?(V)?(W)?(X)?(Y)?(Z)?\\Z'

    nsRegEx

    Type:
    str
    Value:
    'http://trevp.net/cryptoID\\Z'

    sha1Base64RegEx

    Type:
    str
    Value:
    '[A-Za-z0-9+/]{27}=\\Z'

    shortStringRegEx

    Type:
    str
    Value:
    '.{1,100}\\Z'

    urlRegEx

    Type:
    str
    Value:
    'http(s)?://.{1,100}\\Z'

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.integration.AsyncStateMachine-module.html0000700000175000017500000000176610206544651026722 0ustar clintclint tlslite.integration.AsyncStateMachine
    AsyncStateMachine
    Classes
    AsyncStateMachine

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.TripleDES.TripleDES-class.html0000700000175000017500000001153410206544646024614 0ustar clintclint tlslite.utils.TripleDES.TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module TripleDES :: Class TripleDES
    [show private | hide private]
    [frames | no frames]

    Class TripleDES

    Known Subclasses:
    Cryptlib_TripleDES, OpenSSL_TripleDES, PyCrypto_TripleDES
    Method Summary
      __init__(self, key, mode, IV, implementation)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.SharedKeyDB-module.html0000700000175000017500000000163410206544651023114 0ustar clintclint tlslite.SharedKeyDB
    SharedKeyDB
    Classes
    SharedKeyDB

    [show private | hide private] tlslite-0.3.8/docs/public/indices.html0000700000175000017500000062167410206544651016734 0ustar clintclint Index
       Home       Trees       Index       Help   
    [show private | hide private]
    [frames | no frames]

    Identifier Index
    __call__ Method in class tlslite.Checker.Checker
    __contains__ Method in class tlslite.BaseDB.BaseDB
    __del__ Method in class tlslite.FileObject.FileObject
    __del__ Method in class tlslite.utils.Cryptlib_AES.Cryptlib_AES
    __del__ Method in class tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    __del__ Method in class tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    __del__ Method in class tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    __del__ Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    __delitem__ Method in class tlslite.BaseDB.BaseDB
    __getattr__ Method in class imaplib.IMAP4
    __getattr__ Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    __getattr__ Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    __getattr__ Method in class twisted.protocols.policies.ProtocolWrapper
    __getitem__ Method in class exceptions.Exception
    __getitem__ Method in class tlslite.BaseDB.BaseDB
    __getitem__ Method in class tlslite.SessionCache.SessionCache
    __implements__ Variable in class twisted.internet.protocol.Protocol
    __implements__ Variable in class twisted.protocols.policies.ProtocolWrapper
    __implements__ Variable in class twisted.protocols.policies.ProtocolWrapper
    __init__ Method in class exceptions.Exception
    __init__ Method in class httplib.HTTPConnection
    __init__ Method in class httplib.HTTPResponse
    __init__ Method in class imaplib.IMAP4
    __init__ Method in class poplib.POP3
    __init__ Method in class smtplib.SMTP
    __init__ Method in class tlslite.BaseDB.BaseDB
    __init__ Method in class tlslite.Checker.Checker
    __init__ Method in class tlslite.FileObject.FileObject
    __init__ Method in class tlslite.HandshakeSettings.HandshakeSettings
    __init__ Method in class tlslite.Session.Session
    __init__ Method in class tlslite.SessionCache.SessionCache
    __init__ Method in class tlslite.SharedKeyDB.SharedKeyDB
    __init__ Method in class tlslite.TLSConnection.TLSConnection
    __init__ Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    __init__ Method in class tlslite.VerifierDB.VerifierDB
    __init__ Method in class tlslite.X509.X509
    __init__ Method in class tlslite.X509CertChain.X509CertChain
    __init__ Method in class tlslite.errors.TLSLocalAlert
    __init__ Method in class tlslite.errors.TLSRemoteAlert
    __init__ Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    __init__ Method in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    __init__ Method in class tlslite.integration.HTTPTLSConnection.HTTPTLSConnection
    __init__ Method in class tlslite.integration.IMAP4_TLS.IMAP4_TLS
    __init__ Method in class tlslite.integration.POP3_TLS.POP3_TLS
    __init__ Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    __init__ Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    __init__ Method in class tlslite.integration.XMLRPCTransport.XMLRPCTransport
    __init__ Method in class tlslite.mathtls.MAC_SSL
    __init__ Method in class tlslite.messages.Alert
    __init__ Method in class tlslite.messages.ApplicationData
    __init__ Method in class tlslite.messages.Certificate
    __init__ Method in class tlslite.messages.CertificateRequest
    __init__ Method in class tlslite.messages.CertificateVerify
    __init__ Method in class tlslite.messages.ChangeCipherSpec
    __init__ Method in class tlslite.messages.ClientHello
    __init__ Method in class tlslite.messages.ClientKeyExchange
    __init__ Method in class tlslite.messages.Finished
    __init__ Method in class tlslite.messages.RecordHeader2
    __init__ Method in class tlslite.messages.RecordHeader3
    __init__ Method in class tlslite.messages.ServerHello
    __init__ Method in class tlslite.messages.ServerHelloDone
    __init__ Method in class tlslite.messages.ServerKeyExchange
    __init__ Method in class tlslite.utils.AES.AES
    __init__ Method in class tlslite.utils.ASN1Parser.ASN1Parser
    __init__ Method in class tlslite.utils.Cryptlib_AES.Cryptlib_AES
    __init__ Method in class tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    __init__ Method in class tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    __init__ Method in class tlslite.utils.OpenSSL_AES.OpenSSL_AES
    __init__ Method in class tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    __init__ Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    __init__ Method in class tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    __init__ Method in class tlslite.utils.PyCrypto_AES.PyCrypto_AES
    __init__ Method in class tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
    __init__ Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    __init__ Method in class tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
    __init__ Method in class tlslite.utils.Python_AES.Python_AES
    __init__ Method in class tlslite.utils.Python_RC4.Python_RC4
    __init__ Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    __init__ Method in class tlslite.utils.RC4.RC4
    __init__ Method in class tlslite.utils.RSAKey.RSAKey
    __init__ Method in class tlslite.utils.TripleDES.TripleDES
    __init__ Method in class tlslite.utils.codec.Parser
    __init__ Method in class tlslite.utils.codec.Writer
    __init__ Method in class tlslite.utils.hmac.HMAC
    __init__ Method in class tlslite.utils.rijndael.rijndael
    __init__ Method in class twisted.protocols.policies.ProtocolWrapper
    __iter__ Method in class tlslite.FileObject.FileObject
    __len__ Method in class tlslite.utils.RSAKey.RSAKey
    __setitem__ Method in class tlslite.BaseDB.BaseDB
    __setitem__ Method in class tlslite.SessionCache.SessionCache
    __setitem__ Method in class tlslite.SharedKeyDB.SharedKeyDB
    __setitem__ Method in class tlslite.VerifierDB.VerifierDB
    __str__ Method in class exceptions.Exception
    __str__ Method in class tlslite.errors.TLSLocalAlert
    __str__ Method in class tlslite.errors.TLSRemoteAlert
    acceptsPassword Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    acceptsPassword Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    acceptsPassword Method in class tlslite.utils.RSAKey.RSAKey
    access_denied Variable in class tlslite.constants.AlertDescription
    add Method in class tlslite.utils.codec.Writer
    addFixSeq Method in class tlslite.utils.codec.Writer
    addVarSeq Method in class tlslite.utils.codec.Writer
    AES Module in package tlslite.utils
    AES Class in module tlslite.utils.AES
    aes128Suites Variable in class tlslite.constants.CipherSuite
    aes256Suites Variable in class tlslite.constants.CipherSuite
    alert Variable in class tlslite.constants.ContentType
    Alert Class in module tlslite.messages
    AlertDescription Class in module tlslite.constants
    AlertLevel Class in module tlslite.constants
    all Variable in class tlslite.constants.ContentType
    allegedSharedKeyUsername Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    allegedSharedKeyUsername Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    allegedSrpUsername Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    allegedSrpUsername Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    api Module in package tlslite
    apop Method in class poplib.POP3
    append Method in class imaplib.IMAP4
    application_data Variable in class tlslite.constants.ContentType
    ApplicationData Class in module tlslite.messages
    ASN1Parser Module in package tlslite.utils
    ASN1Parser Class in module tlslite.utils.ASN1Parser
    AsyncStateMachine Module in package tlslite.integration
    AsyncStateMachine Class in module tlslite.integration.AsyncStateMachine
    atLengthCheck Method in class tlslite.utils.codec.Parser
    authenticate Method in class imaplib.IMAP4
    auto_open Variable in class httplib.HTTPConnection
    auto_open Variable in class httplib.HTTPConnection
    auto_open Variable in class httplib.HTTPConnection
    bad_certificate Variable in class tlslite.constants.AlertDescription
    bad_record_mac Variable in class tlslite.constants.AlertDescription
    badA Variable in class tlslite.constants.Fault
    badB Variable in class tlslite.constants.Fault
    badFinished Variable in class tlslite.constants.Fault
    badIdentifier Variable in class tlslite.constants.Fault
    badMAC Variable in class tlslite.constants.Fault
    badPadding Variable in class tlslite.constants.Fault
    badPassword Variable in class tlslite.constants.Fault
    badPremasterPadding Variable in class tlslite.constants.Fault
    badSharedKey Variable in class tlslite.constants.Fault
    badUsername Variable in class tlslite.constants.Fault
    badVerifyMessage Variable in class tlslite.constants.Fault
    base64RegEx Variable in module tlslite.utils.xmltools
    BaseDB Module in package tlslite
    BaseDB Class in module tlslite.BaseDB
    begin Method in class httplib.HTTPResponse
    booleanRegEx Variable in module tlslite.utils.xmltools
    bytes Variable in class tlslite.X509.X509
    bytesToString Function in module tlslite.utils.compat
    certificate Variable in class tlslite.constants.HandshakeType
    Certificate Class in module tlslite.messages
    certificate_expired Variable in class tlslite.constants.AlertDescription
    certificate_request Variable in class tlslite.constants.HandshakeType
    certificate_revoked Variable in class tlslite.constants.AlertDescription
    certificate_unknown Variable in class tlslite.constants.AlertDescription
    certificate_verify Variable in class tlslite.constants.HandshakeType
    CertificateRequest Class in module tlslite.messages
    CertificateType Class in module tlslite.constants
    certificateTypes Variable in class tlslite.HandshakeSettings.HandshakeSettings
    CertificateVerify Class in module tlslite.messages
    certsListRegEx Variable in module tlslite.utils.xmltools
    change_cipher_spec Variable in class tlslite.constants.ContentType
    ChangeCipherSpec Class in module tlslite.messages
    check Method in class imaplib.IMAP4
    check Method in class tlslite.BaseDB.BaseDB
    Checker Module in package tlslite
    Checker Class in module tlslite.Checker
    checkName Function in module tlslite.utils.xmltools
    checkNoMoreAttributes Function in module tlslite.utils.xmltools
    cipherfactory Module in package tlslite.utils
    cipherNames Variable in class tlslite.HandshakeSettings.HandshakeSettings
    CipherSuite Class in module tlslite.constants
    client_hello Variable in class tlslite.constants.HandshakeType
    client_key_exchange Variable in class tlslite.constants.HandshakeType
    clientCertChain Variable in class tlslite.Session.Session
    clientCertFaults Variable in class tlslite.constants.Fault
    ClientHello Class in module tlslite.messages
    ClientKeyExchange Class in module tlslite.messages
    clientNoAuthFaults Variable in class tlslite.constants.Fault
    clientSharedKeyFaults Variable in class tlslite.constants.Fault
    clientSrpFaults Variable in class tlslite.constants.Fault
    close Method in class httplib.HTTPConnection
    close Method in class httplib.HTTPResponse
    close Method in class imaplib.IMAP4
    close Method in class smtplib.SMTP
    close Method in class tlslite.FileObject.FileObject
    close Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    close Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    close_notify Variable in class tlslite.constants.AlertDescription
    closeAsync Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    closed Method in class tlslite.TLSRecordLayer.TLSRecordLayer in class tlslite.FileObject.FileObject
    closed Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    closed Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    closeSocket Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    closeSocket Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    codec Module in package tlslite.utils
    compat Module in package tlslite.utils
    concatArrays Function in module tlslite.utils.compat
    connect Method in class httplib.HTTPConnection
    connect Method in class smtplib.SMTP
    connect Method in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    connectionFailed Method in class twisted.internet.protocol.Protocol
    connectionLost Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    connectionLost Method in class twisted.internet.protocol.Protocol
    connectionLost Method in class twisted.protocols.policies.ProtocolWrapper
    connectionMade Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    connectionMade Method in class twisted.protocols.policies.ProtocolWrapper
    constants Module in package tlslite
    ContentType Class in module tlslite.constants
    copy Method in class imaplib.IMAP4
    copy Method in class tlslite.mathtls.MAC_SSL
    copy Method in class tlslite.utils.hmac.HMAC
    create Method in class imaplib.IMAP4
    create Method in class tlslite.BaseDB.BaseDB
    create Method in class tlslite.messages.Alert
    create Method in class tlslite.messages.ApplicationData
    create Method in class tlslite.messages.Certificate
    create Method in class tlslite.messages.CertificateRequest
    create Method in class tlslite.messages.CertificateVerify
    create Method in class tlslite.messages.ChangeCipherSpec
    create Method in class tlslite.messages.ClientHello
    create Method in class tlslite.messages.Finished
    create Method in class tlslite.messages.RecordHeader3
    create Method in class tlslite.messages.ServerHello
    create Method in class tlslite.messages.ServerHelloDone
    createAES Function in module tlslite.utils.cipherfactory
    createByteArraySequence Function in module tlslite.utils.compat
    createByteArrayZeros Function in module tlslite.utils.compat
    createDateClass Function in module tlslite.utils.dateFuncs
    createRC4 Function in module tlslite.utils.cipherfactory
    createRSA Method in class tlslite.messages.ClientKeyExchange
    createSRP Method in class tlslite.messages.ClientKeyExchange
    createSRP Method in class tlslite.messages.ServerKeyExchange
    createTripleDES Function in module tlslite.utils.cipherfactory
    Cryptlib_AES Module in package tlslite.utils
    Cryptlib_AES Class in module tlslite.utils.Cryptlib_AES
    Cryptlib_RC4 Module in package tlslite.utils
    Cryptlib_RC4 Class in module tlslite.utils.Cryptlib_RC4
    Cryptlib_TripleDES Module in package tlslite.utils
    Cryptlib_TripleDES Class in module tlslite.utils.Cryptlib_TripleDES
    cryptoID Variable in class tlslite.constants.CertificateType
    cryptoIDRegEx Variable in module tlslite.utils.xmltools
    data Method in class smtplib.SMTP
    dataReceived Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    dataReceived Method in class twisted.internet.protocol.Protocol
    dataReceived Method in class twisted.protocols.policies.ProtocolWrapper
    dateFuncs Module in package tlslite.utils
    dateTimeRegEx Variable in module tlslite.utils.xmltools
    debuglevel Variable in class httplib.HTTPConnection
    debuglevel Variable in class httplib.HTTPConnection
    debuglevel Variable in class httplib.HTTPConnection
    debuglevel Variable in class smtplib.SMTP
    debuglevel Variable in class smtplib.SMTP
    decode_error Variable in class tlslite.constants.AlertDescription
    decompression_failure Variable in class tlslite.constants.AlertDescription
    decrypt Method in class tlslite.utils.AES.AES
    decrypt Method in class tlslite.utils.Cryptlib_AES.Cryptlib_AES
    decrypt Method in class tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    decrypt Method in class tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    decrypt Method in class tlslite.utils.OpenSSL_AES.OpenSSL_AES
    decrypt Method in class tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    decrypt Method in class tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    decrypt Method in class tlslite.utils.PyCrypto_AES.PyCrypto_AES
    decrypt Method in class tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
    decrypt Method in class tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
    decrypt Method in class tlslite.utils.Python_AES.Python_AES
    decrypt Method in class tlslite.utils.Python_RC4.Python_RC4
    decrypt Method in class tlslite.utils.RC4.RC4
    decrypt Method in class tlslite.utils.RSAKey.RSAKey
    decrypt Method in class tlslite.utils.TripleDES.TripleDES
    decrypt Function in module tlslite.utils.rijndael
    decrypt Method in class tlslite.utils.rijndael.rijndael
    decrypt_error Variable in class tlslite.constants.AlertDescription
    decryption_failed Variable in class tlslite.constants.AlertDescription
    default_bufsize Variable in class tlslite.FileObject.FileObject
    default_port Variable in class httplib.HTTPConnection
    default_port Variable in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    default_port Variable in class tlslite.integration.HTTPTLSConnection.HTTPBaseTLSConnection
    dele Method in class poplib.POP3
    delete Method in class imaplib.IMAP4
    description Variable in class tlslite.errors.TLSLocalAlert
    description Variable in class tlslite.errors.TLSRemoteAlert
    digest Method in class tlslite.mathtls.MAC_SSL
    digest Method in class tlslite.utils.hmac.HMAC
    digest_size Variable in module tlslite.utils.hmac
    disconnecting Variable in class twisted.protocols.policies.ProtocolWrapper
    disconnecting Variable in class twisted.protocols.policies.ProtocolWrapper
    docmd Method in class smtplib.SMTP
    does_esmtp Variable in class smtplib.SMTP
    does_esmtp Variable in class smtplib.SMTP
    ehlo Method in class smtplib.SMTP
    ehlo_resp Variable in class smtplib.SMTP
    ehlo_resp Variable in class smtplib.SMTP
    encrypt Method in class tlslite.utils.AES.AES
    encrypt Method in class tlslite.utils.Cryptlib_AES.Cryptlib_AES
    encrypt Method in class tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
    encrypt Method in class tlslite.utils.Cryptlib_TripleDES.Cryptlib_TripleDES
    encrypt Method in class tlslite.utils.OpenSSL_AES.OpenSSL_AES
    encrypt Method in class tlslite.utils.OpenSSL_RC4.OpenSSL_RC4
    encrypt Method in class tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
    encrypt Method in class tlslite.utils.PyCrypto_AES.PyCrypto_AES
    encrypt Method in class tlslite.utils.PyCrypto_RC4.PyCrypto_RC4
    encrypt Method in class tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
    encrypt Method in class tlslite.utils.Python_AES.Python_AES
    encrypt Method in class tlslite.utils.Python_RC4.Python_RC4
    encrypt Method in class tlslite.utils.RC4.RC4
    encrypt Method in class tlslite.utils.RSAKey.RSAKey
    encrypt Method in class tlslite.utils.TripleDES.TripleDES
    encrypt Function in module tlslite.utils.rijndael
    encrypt Method in class tlslite.utils.rijndael.rijndael
    endheaders Method in class httplib.HTTPConnection
    errors Module in package tlslite
    escape Function in module tlslite.utils.xmltools
    Exception Class in module exceptions
    expn Method in class smtplib.SMTP
    export_restriction Variable in class tlslite.constants.AlertDescription
    exprRegEx Variable in module tlslite.utils.xmltools
    expunge Method in class imaplib.IMAP4
    fatal Variable in class tlslite.constants.AlertLevel
    Fault Class in module tlslite.constants
    faultAlerts Variable in class tlslite.constants.Fault
    faultNames Variable in class tlslite.constants.Fault
    fetch Method in class imaplib.IMAP4
    file Variable in class smtplib.SMTP
    file Variable in class smtplib.SMTP
    FileObject Module in package tlslite
    FileObject Class in module tlslite.FileObject
    finish_request Method in class tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn
    finished Variable in class tlslite.constants.HandshakeType
    Finished Class in module tlslite.messages
    flush Method in class tlslite.FileObject.FileObject
    formatExceptionTrace Function in module tlslite.utils.compat
    generate Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    generate Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    generate Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    generate Method in class tlslite.utils.RSAKey.RSAKey
    generateRSAKey Function in module tlslite.utils.keyfactory
    genericFaults Variable in class tlslite.constants.Fault
    get Method in class tlslite.utils.codec.Parser
    get_host_info Method in class xmlrpclib.Transport
    getacl Method in class imaplib.IMAP4
    getAttribute Function in module tlslite.utils.xmltools
    getChild Method in class tlslite.utils.ASN1Parser.ASN1Parser
    getChild Function in module tlslite.utils.xmltools
    getChildIter Function in module tlslite.utils.xmltools
    getChildOrNone Function in module tlslite.utils.xmltools
    getCipherImplementation Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getCipherName Method in class tlslite.Session.Session
    getCipherName Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getCommonName Method in class tlslite.X509.X509
    getCommonName Method in class tlslite.X509CertChain.X509CertChain
    getEndEntityPublicKey Method in class tlslite.X509CertChain.X509CertChain
    getFingerprint Method in class tlslite.X509.X509
    getFingerprint Method in class tlslite.X509CertChain.X509CertChain
    getFixBytes Method in class tlslite.utils.codec.Parser
    getFixList Method in class tlslite.utils.codec.Parser
    getheader Method in class httplib.HTTPResponse
    getHost Method in class twisted.protocols.policies.ProtocolWrapper
    getHoursFromNow Function in module tlslite.utils.dateFuncs
    getLastChild Function in module tlslite.utils.xmltools
    getMinutesFromNow Function in module tlslite.utils.dateFuncs
    getNow Function in module tlslite.utils.dateFuncs
    getNumCerts Method in class tlslite.X509CertChain.X509CertChain
    getparser Method in class xmlrpclib.Transport
    getPeer Method in class twisted.protocols.policies.ProtocolWrapper
    getpeername Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getquota Method in class imaplib.IMAP4
    getquotaroot Method in class imaplib.IMAP4
    getreply Method in class smtplib.SMTP
    getReqAttribute Function in module tlslite.utils.xmltools
    getresponse Method in class httplib.HTTPConnection
    getRsaSuites Method in class tlslite.constants.CipherSuite
    getSigningAlgorithm Method in class tlslite.utils.RSAKey.RSAKey
    getsockname Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getSrpRsaSuites Method in class tlslite.constants.CipherSuite
    getSrpSuites Method in class tlslite.constants.CipherSuite
    getText Function in module tlslite.utils.xmltools
    gettimeout Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    getVarBytes Method in class tlslite.utils.codec.Parser
    getVarList Method in class tlslite.utils.codec.Parser
    getwelcome Method in class poplib.POP3
    goodGroupParameters Variable in module tlslite.mathtls
    handle_read Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    handle_write Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    handshake Variable in class tlslite.constants.ContentType
    handshake Method in class tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn
    handshake_failure Variable in class tlslite.constants.AlertDescription
    handshakeClientCert Method in class tlslite.TLSConnection.TLSConnection
    handshakeClientSharedKey Method in class tlslite.TLSConnection.TLSConnection
    handshakeClientSRP Method in class tlslite.TLSConnection.TLSConnection
    handshakeClientUnknown Method in class tlslite.TLSConnection.TLSConnection
    HandshakeMsg Class in module tlslite.messages
    handshakeServer Method in class tlslite.TLSConnection.TLSConnection
    handshakeServerAsync Method in class tlslite.TLSConnection.TLSConnection
    HandshakeSettings Module in package tlslite
    HandshakeSettings Class in module tlslite.HandshakeSettings
    HandshakeType Class in module tlslite.constants
    has_extn Method in class smtplib.SMTP
    hash Method in class tlslite.messages.ServerKeyExchange
    hash Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    hash Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    hash Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    hash Method in class tlslite.utils.RSAKey.RSAKey
    hashAndSign Method in class tlslite.utils.RSAKey.RSAKey
    hashAndVerify Method in class tlslite.utils.RSAKey.RSAKey
    hasPrivateKey Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    hasPrivateKey Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    hasPrivateKey Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    hasPrivateKey Method in class tlslite.utils.RSAKey.RSAKey
    hello_request Variable in class tlslite.constants.HandshakeType
    helo Method in class smtplib.SMTP
    helo_resp Variable in class smtplib.SMTP
    helo_resp Variable in class smtplib.SMTP
    help Method in class smtplib.SMTP
    hexdigest Method in class tlslite.mathtls.MAC_SSL
    hexdigest Method in class tlslite.utils.hmac.HMAC
    hmac Module in package tlslite.utils
    HMAC Class in module tlslite.utils.hmac
    HTTPBaseTLSConnection Class in module tlslite.integration.HTTPTLSConnection
    HTTPConnection Class in module httplib
    HTTPResponse Class in module httplib
    HTTPTLSConnection Module in package tlslite.integration
    HTTPTLSConnection Class in module tlslite.integration.HTTPTLSConnection
    ignoreAbruptClose Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    ignoreAbruptClose Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    illegal_parameter Variable in class tlslite.constants.AlertDescription
    IMAP4 Class in module imaplib
    IMAP4_TLS Module in package tlslite.integration
    IMAP4_TLS Class in module tlslite.integration.IMAP4_TLS
    IMAP4_TLS_PORT Variable in module tlslite.integration.IMAP4_TLS
    indent Function in module tlslite.utils.xmltools
    inReadEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    insufficient_security Variable in class tlslite.constants.AlertDescription
    integration Package in package tlslite
    internal_error Variable in class tlslite.constants.AlertDescription
    inWriteEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    isclosed Method in class httplib.HTTPResponse
    isDateClassBefore Function in module tlslite.utils.dateFuncs
    isDateClassExpired Function in module tlslite.utils.dateFuncs
    keyfactory Module in package tlslite.utils
    keyRegEx Variable in module tlslite.utils.xmltools
    keys Method in class tlslite.BaseDB.BaseDB
    keysListRegEx Variable in module tlslite.utils.xmltools
    level Variable in class tlslite.errors.TLSLocalAlert
    level Variable in class tlslite.errors.TLSRemoteAlert
    list Method in class imaplib.IMAP4
    list Method in class poplib.POP3
    login Method in class imaplib.IMAP4
    login Method in class smtplib.SMTP
    login_cram_md5 Method in class imaplib.IMAP4
    logout Method in class imaplib.IMAP4
    loseConnection Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    loseConnection Method in class twisted.protocols.policies.ProtocolWrapper
    lsub Method in class imaplib.IMAP4
    MAC_SSL Class in module tlslite.mathtls
    mail Method in class smtplib.SMTP
    make_connection Method in class tlslite.integration.XMLRPCTransport.XMLRPCTransport
    make_connection Method in class xmlrpclib.Transport
    makeConnection Method in class twisted.protocols.policies.ProtocolWrapper
    makefile Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    makeK Function in module tlslite.mathtls
    makeU Function in module tlslite.mathtls
    makeVerifier Method in class tlslite.VerifierDB.VerifierDB
    makeVerifier Function in module tlslite.mathtls
    makeX Function in module tlslite.mathtls
    mathtls Module in package tlslite
    maxKeySize Variable in class tlslite.HandshakeSettings.HandshakeSettings
    maxVersion Variable in class tlslite.HandshakeSettings.HandshakeSettings
    message Variable in class tlslite.errors.TLSLocalAlert
    messages Module in package tlslite
    minKeySize Variable in class tlslite.HandshakeSettings.HandshakeSettings
    minVersion Variable in class tlslite.HandshakeSettings.HandshakeSettings
    missing_srp_username Variable in class tlslite.constants.AlertDescription
    Msg Class in module tlslite.messages
    mustquote Variable in class imaplib.IMAP4
    mustquote Variable in class imaplib.IMAP4
    namespace Method in class imaplib.IMAP4
    new Function in module tlslite.utils.Cryptlib_AES
    new Function in module tlslite.utils.Cryptlib_RC4
    new Function in module tlslite.utils.Cryptlib_TripleDES
    new Function in module tlslite.utils.OpenSSL_AES
    new Function in module tlslite.utils.OpenSSL_RC4
    new Function in module tlslite.utils.OpenSSL_TripleDES
    new Function in module tlslite.utils.PyCrypto_AES
    new Function in module tlslite.utils.PyCrypto_RC4
    new Function in module tlslite.utils.PyCrypto_TripleDES
    new Function in module tlslite.utils.Python_AES
    new Function in module tlslite.utils.Python_RC4
    new Function in module tlslite.utils.hmac
    next Method in class tlslite.FileObject.FileObject
    no_certificate Variable in class tlslite.constants.AlertDescription
    no_renegotiation Variable in class tlslite.constants.AlertDescription
    noop Method in class imaplib.IMAP4
    noop Method in class poplib.POP3
    noop Method in class smtplib.SMTP
    nsRegEx Variable in module tlslite.utils.xmltools
    num_rounds Variable in module tlslite.utils.rijndael
    numBits Function in module tlslite.utils.compat
    open Method in class imaplib.IMAP4
    open Method in class tlslite.BaseDB.BaseDB
    open Method in class tlslite.integration.IMAP4_TLS.IMAP4_TLS
    openpgp Variable in class tlslite.constants.CertificateType
    OpenSSL_AES Module in package tlslite.utils
    OpenSSL_AES Class in module tlslite.utils.OpenSSL_AES
    OpenSSL_RC4 Module in package tlslite.utils
    OpenSSL_RC4 Class in module tlslite.utils.OpenSSL_RC4
    OpenSSL_RSAKey Module in package tlslite.utils
    OpenSSL_RSAKey Class in module tlslite.utils.OpenSSL_RSAKey
    OpenSSL_TripleDES Module in package tlslite.utils
    OpenSSL_TripleDES Class in module tlslite.utils.OpenSSL_TripleDES
    outCloseEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    outCloseEvent Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    outCloseEvent Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    outConnectEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    outConnectEvent Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    outConnectEvent Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    outReadEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    outReadEvent Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    outReadEvent Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    outWriteEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    outWriteEvent Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    P_hash Function in module tlslite.mathtls
    PAD Function in module tlslite.mathtls
    parse Method in class tlslite.X509.X509
    parse Method in class tlslite.messages.Alert
    parse Method in class tlslite.messages.ApplicationData
    parse Method in class tlslite.messages.Certificate
    parse Method in class tlslite.messages.CertificateRequest
    parse Method in class tlslite.messages.CertificateVerify
    parse Method in class tlslite.messages.ChangeCipherSpec
    parse Method in class tlslite.messages.ClientHello
    parse Method in class tlslite.messages.ClientKeyExchange
    parse Method in class tlslite.messages.Finished
    parse Method in class tlslite.messages.RecordHeader2
    parse Method in class tlslite.messages.RecordHeader3
    parse Method in class tlslite.messages.ServerHello
    parse Method in class tlslite.messages.ServerHelloDone
    parse Method in class tlslite.messages.ServerKeyExchange
    parse Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    parse_response Method in class xmlrpclib.Transport
    parseAndStripWhitespace Function in module tlslite.utils.xmltools
    parseAsPublicKey Function in module tlslite.utils.keyfactory
    parseBinary Method in class tlslite.X509.X509
    parseDateClass Function in module tlslite.utils.dateFuncs
    parseDocument Function in module tlslite.utils.xmltools
    parsePEM Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    parsePEMKey Function in module tlslite.utils.keyfactory
    parsePrivateKey Function in module tlslite.utils.keyfactory
    Parser Class in module tlslite.utils.codec
    parseXML Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    parseXMLKey Function in module tlslite.utils.keyfactory
    partial Method in class imaplib.IMAP4
    pass_ Method in class poplib.POP3
    password_callback Function in module tlslite.utils.OpenSSL_RSAKey
    POP3 Class in module poplib
    POP3_TLS Module in package tlslite.integration
    POP3_TLS Class in module tlslite.integration.POP3_TLS
    POP3_TLS_PORT Variable in module tlslite.integration.POP3_TLS
    postWrite Method in class tlslite.messages.Msg
    preWrite Method in class tlslite.messages.HandshakeMsg
    preWrite Method in class tlslite.messages.Msg
    PRF Function in module tlslite.mathtls
    PRF_SSL Function in module tlslite.mathtls
    print_log Method in class imaplib.IMAP4
    printDateClass Function in module tlslite.utils.dateFuncs
    Protocol Class in module twisted.internet.protocol
    protocol_version Variable in class tlslite.constants.AlertDescription
    ProtocolWrapper Class in module twisted.protocols.policies
    proxyauth Method in class imaplib.IMAP4
    publicKey Variable in class tlslite.X509.X509
    putcmd Method in class smtplib.SMTP
    putheader Method in class httplib.HTTPConnection
    putrequest Method in class httplib.HTTPConnection
    PyCrypto_AES Module in package tlslite.utils
    PyCrypto_AES Class in module tlslite.utils.PyCrypto_AES
    PyCrypto_RC4 Module in package tlslite.utils
    PyCrypto_RC4 Class in module tlslite.utils.PyCrypto_RC4
    PyCrypto_RSAKey Module in package tlslite.utils
    PyCrypto_RSAKey Class in module tlslite.utils.PyCrypto_RSAKey
    PyCrypto_TripleDES Module in package tlslite.utils
    PyCrypto_TripleDES Class in module tlslite.utils.PyCrypto_TripleDES
    Python_AES Module in package tlslite.utils
    Python_AES Class in module tlslite.utils.Python_AES
    Python_RC4 Module in package tlslite.utils
    Python_RC4 Class in module tlslite.utils.Python_RC4
    Python_RSAKey Module in package tlslite.utils
    Python_RSAKey Class in module tlslite.utils.Python_RSAKey
    quit Method in class poplib.POP3
    quit Method in class smtplib.SMTP
    RC4 Module in package tlslite.utils
    RC4 Class in module tlslite.utils.RC4
    rc4Suites Variable in class tlslite.constants.CipherSuite
    rcon Variable in module tlslite.utils.rijndael
    rcpt Method in class smtplib.SMTP
    read Method in class httplib.HTTPResponse
    read Method in class imaplib.IMAP4
    read Method in class tlslite.FileObject.FileObject
    read Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    readable Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    readAsync Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    readline Method in class imaplib.IMAP4
    readline Method in class tlslite.FileObject.FileObject
    readlines Method in class tlslite.FileObject.FileObject
    recent Method in class imaplib.IMAP4
    record_overflow Variable in class tlslite.constants.AlertDescription
    RecordHeader2 Class in module tlslite.messages
    RecordHeader3 Class in module tlslite.messages
    recv Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    recv Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    registerProducer Method in class twisted.protocols.policies.ProtocolWrapper
    rename Method in class imaplib.IMAP4
    request Method in class httplib.HTTPConnection
    request Method in class xmlrpclib.Transport
    response Method in class imaplib.IMAP4
    HTTPResponse Class in module httplib
    resumed Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    resumed Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    retr Method in class poplib.POP3
    rijndael Module in package tlslite.utils
    rijndael Class in module tlslite.utils.rijndael
    rpop Method in class poplib.POP3
    RSAKey Module in package tlslite.utils
    RSAKey Class in module tlslite.utils.RSAKey
    rsaSuites Variable in class tlslite.constants.CipherSuite
    rset Method in class poplib.POP3
    rset Method in class smtplib.SMTP
    S Variable in module tlslite.utils.rijndael
    search Method in class imaplib.IMAP4
    select Method in class imaplib.IMAP4
    send Method in class httplib.HTTPConnection
    send Method in class imaplib.IMAP4
    send Method in class smtplib.SMTP
    send Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    send Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    send_content Method in class xmlrpclib.Transport
    send_host Method in class xmlrpclib.Transport
    send_request Method in class xmlrpclib.Transport
    send_user_agent Method in class xmlrpclib.Transport
    sendall Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    sendmail Method in class smtplib.SMTP
    server_hello Variable in class tlslite.constants.HandshakeType
    server_hello_done Variable in class tlslite.constants.HandshakeType
    server_key_exchange Variable in class tlslite.constants.HandshakeType
    serverCertChain Variable in class tlslite.Session.Session
    serverFaults Variable in class tlslite.constants.Fault
    ServerHello Class in module tlslite.messages
    ServerHelloDone Class in module tlslite.messages
    ServerKeyExchange Class in module tlslite.messages
    Session Module in package tlslite
    Session Class in module tlslite.Session
    session Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    session Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    SessionCache Module in package tlslite
    SessionCache Class in module tlslite.SessionCache
    set_debuglevel Method in class httplib.HTTPConnection
    set_debuglevel Method in class poplib.POP3
    set_debuglevel Method in class smtplib.SMTP
    setacl Method in class imaplib.IMAP4
    setCloseOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    setHandshakeOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    setLengthCheck Method in class tlslite.utils.codec.Parser
    setquota Method in class imaplib.IMAP4
    setServerHandshakeOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    setServerHandshakeOp Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    setsockopt Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    settimeout Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    setWriteOp Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    sha1Base64RegEx Variable in module tlslite.utils.xmltools
    SharedKeyDB Module in package tlslite
    SharedKeyDB Class in module tlslite.SharedKeyDB
    sharedKeyUsername Variable in class tlslite.Session.Session
    shifts Variable in module tlslite.utils.rijndael
    shortPremasterSecret Variable in class tlslite.constants.Fault
    shortStringRegEx Variable in module tlslite.utils.xmltools
    shutdown Method in class imaplib.IMAP4
    Si Variable in module tlslite.utils.rijndael
    sign Method in class tlslite.utils.RSAKey.RSAKey
    SMTP Class in module smtplib
    SMTP_TLS Module in package tlslite.integration
    SMTP_TLS Class in module tlslite.integration.SMTP_TLS
    sock Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    sock Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    socket Method in class imaplib.IMAP4
    sort Method in class imaplib.IMAP4
    srpRsaSuites Variable in class tlslite.constants.CipherSuite
    srpSuites Variable in class tlslite.constants.CipherSuite
    srpUsername Variable in class tlslite.Session.Session
    startLengthCheck Method in class tlslite.utils.codec.Parser
    starttls Method in class smtplib.SMTP
    starttls Method in class tlslite.integration.SMTP_TLS.SMTP_TLS
    stat Method in class poplib.POP3
    status Method in class imaplib.IMAP4
    stopConsuming Method in class twisted.protocols.policies.ProtocolWrapper
    stopLengthCheck Method in class tlslite.utils.codec.Parser
    store Method in class imaplib.IMAP4
    strict Variable in class httplib.HTTPConnection
    strict Variable in class httplib.HTTPConnection
    strict Variable in class httplib.HTTPConnection
    stringToBytes Function in module tlslite.utils.compat
    stripWhitespace Function in module tlslite.utils.xmltools
    subscribe Method in class imaplib.IMAP4
    T1 Variable in module tlslite.utils.rijndael
    T2 Variable in module tlslite.utils.rijndael
    T3 Variable in module tlslite.utils.rijndael
    T4 Variable in module tlslite.utils.rijndael
    T5 Variable in module tlslite.utils.rijndael
    T6 Variable in module tlslite.utils.rijndael
    T7 Variable in module tlslite.utils.rijndael
    T8 Variable in module tlslite.utils.rijndael
    test Function in module tlslite.utils.rijndael
    timestamp Variable in class poplib.POP3
    timestamp Variable in class poplib.POP3
    TLS_RSA_WITH_3DES_EDE_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_RSA_WITH_AES_128_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_RSA_WITH_AES_256_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_RSA_WITH_RC4_128_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_WITH_AES_128_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLS_SRP_SHA_WITH_AES_256_CBC_SHA Variable in class tlslite.constants.CipherSuite
    TLSAbruptCloseError Class in module tlslite.errors
    TLSAlert Class in module tlslite.errors
    TLSAsyncDispatcherMixIn Module in package tlslite.integration
    TLSAsyncDispatcherMixIn Class in module tlslite.integration.TLSAsyncDispatcherMixIn
    TLSAuthenticationError Class in module tlslite.errors
    TLSAuthenticationTypeError Class in module tlslite.errors
    TLSAuthorizationError Class in module tlslite.errors
    TLSConnection Module in package tlslite
    TLSConnection Class in module tlslite.TLSConnection
    TLSError Class in module tlslite.errors
    TLSFaultError Class in module tlslite.errors
    TLSFingerprintError Class in module tlslite.errors
    tlslite Package
    TLSLocalAlert Class in module tlslite.errors
    TLSNoAuthenticationError Class in module tlslite.errors
    TLSRecordLayer Module in package tlslite
    TLSRecordLayer Class in module tlslite.TLSRecordLayer
    TLSRemoteAlert Class in module tlslite.errors
    TLSSocketServerMixIn Module in package tlslite.integration
    TLSSocketServerMixIn Class in module tlslite.integration.TLSSocketServerMixIn
    TLSTwistedProtocolWrapper Module in package tlslite.integration
    TLSTwistedProtocolWrapper Class in module tlslite.integration.TLSTwistedProtocolWrapper
    TLSValidationError Class in module tlslite.errors
    top Method in class poplib.POP3
    Transport Class in module xmlrpclib
    TripleDES Module in package tlslite.utils
    TripleDES Class in module tlslite.utils.TripleDES
    tripleDESPresent Variable in module tlslite.utils.cipherfactory
    tripleDESSuites Variable in class tlslite.constants.CipherSuite
    U1 Variable in module tlslite.utils.rijndael
    U2 Variable in module tlslite.utils.rijndael
    U3 Variable in module tlslite.utils.rijndael
    U4 Variable in module tlslite.utils.rijndael
    uid Method in class imaplib.IMAP4
    uidl Method in class poplib.POP3
    unexpected_message Variable in class tlslite.constants.AlertDescription
    unknown_ca Variable in class tlslite.constants.AlertDescription
    unknown_srp_username Variable in class tlslite.constants.AlertDescription
    unregisterProducer Method in class twisted.protocols.policies.ProtocolWrapper
    unsubscribe Method in class imaplib.IMAP4
    unsupported_certificate Variable in class tlslite.constants.AlertDescription
    untrusted_srp_parameters Variable in class tlslite.constants.AlertDescription
    update Method in class tlslite.mathtls.MAC_SSL
    update Method in class tlslite.utils.hmac.HMAC
    urlRegEx Variable in module tlslite.utils.xmltools
    user Method in class poplib.POP3
    user_agent Variable in class xmlrpclib.Transport
    user_agent Variable in class xmlrpclib.Transport
    user_canceled Variable in class tlslite.constants.AlertDescription
    utils Package in package tlslite
    valid Method in class tlslite.Session.Session
    validate Method in class tlslite.X509CertChain.X509CertChain
    VerifierDB Module in package tlslite
    VerifierDB Class in module tlslite.VerifierDB
    verify Method in class smtplib.SMTP
    verify Method in class tlslite.utils.RSAKey.RSAKey
    version Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    version Variable in class tlslite.TLSRecordLayer.TLSRecordLayer
    wantsReadEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    wantsWriteEvent Method in class tlslite.integration.AsyncStateMachine.AsyncStateMachine
    warning Variable in class tlslite.constants.AlertLevel
    writable Method in class tlslite.integration.TLSAsyncDispatcherMixIn.TLSAsyncDispatcherMixIn
    write Method in class tlslite.FileObject.FileObject
    write Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    write Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    write Method in class tlslite.messages.Alert
    write Method in class tlslite.messages.ApplicationData
    write Method in class tlslite.messages.Certificate
    write Method in class tlslite.messages.CertificateRequest
    write Method in class tlslite.messages.CertificateVerify
    write Method in class tlslite.messages.ChangeCipherSpec
    write Method in class tlslite.messages.ClientHello
    write Method in class tlslite.messages.ClientKeyExchange
    write Method in class tlslite.messages.Finished
    write Method in class tlslite.messages.RecordHeader3
    write Method in class tlslite.messages.ServerHello
    write Method in class tlslite.messages.ServerHelloDone
    write Method in class tlslite.messages.ServerKeyExchange
    write Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    write Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    write Method in class tlslite.utils.RSAKey.RSAKey
    write Method in class twisted.protocols.policies.ProtocolWrapper
    writeAsync Method in class tlslite.TLSRecordLayer.TLSRecordLayer
    writeBytes Method in class tlslite.X509.X509
    writelines Method in class tlslite.FileObject.FileObject
    Writer Class in module tlslite.utils.codec
    writeSequence Method in class tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
    writeSequence Method in class twisted.protocols.policies.ProtocolWrapper
    writeXMLPublicKey Method in class tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
    writeXMLPublicKey Method in class tlslite.utils.PyCrypto_RSAKey.PyCrypto_RSAKey
    writeXMLPublicKey Method in class tlslite.utils.Python_RSAKey.Python_RSAKey
    writeXMLPublicKey Method in class tlslite.utils.RSAKey.RSAKey
    X509 Module in package tlslite
    X509 Class in module tlslite.X509
    x509 Variable in class tlslite.constants.CertificateType
    X509CertChain Module in package tlslite
    X509CertChain Class in module tlslite.X509CertChain
    x509List Variable in class tlslite.X509CertChain.X509CertChain
    xatom Method in class imaplib.IMAP4
    XMLRPCTransport Module in package tlslite.integration
    XMLRPCTransport Class in module tlslite.integration.XMLRPCTransport
    xmltools Module in package tlslite.utils

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:57 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.RSAKey-module.html0000700000175000017500000000670710206544646022513 0ustar clintclint tlslite.utils.RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module RSAKey
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.RSAKey

    Abstract class for RSA.
    Classes
    RSAKey This is an abstract base class for RSA keys.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.integration.XMLRPCTransport-module.html0000700000175000017500000000175010206544651026272 0ustar clintclint tlslite.integration.XMLRPCTransport
    XMLRPCTransport
    Classes
    XMLRPCTransport

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.utils.cipherfactory-module.html0000700000175000017500000000256310206544651025032 0ustar clintclint tlslite.utils.cipherfactory
    cipherfactory
    Functions
    createAES
    createRC4
    createTripleDES

    Variables
    tripleDESPresent

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.utils.AES-module.html0000700000175000017500000000157410206544651022601 0ustar clintclint tlslite.utils.AES
    AES
    Classes
    AES

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.SharedKeyDB.SharedKeyDB-class.html0000700000175000017500000002307210206544647024242 0ustar clintclint tlslite.SharedKeyDB.SharedKeyDB
       Home       Trees       Index       Help   
    Package tlslite :: Module SharedKeyDB :: Class SharedKeyDB
    [show private | hide private]
    [frames | no frames]

    Class SharedKeyDB

    BaseDB --+
         |
        SharedKeyDB

    This class represent an in-memory or on-disk database of shared keys.

    A SharedKeyDB can be passed to a server handshake function to authenticate a client based on one of the shared keys.

    This class is thread-safe.
    Method Summary
      __init__(self, filename)
    Create a new SharedKeyDB.
      __setitem__(self, username, sharedKey)
    Add a shared key to the database.
        Inherited from BaseDB
    bool __contains__(self, username)
    Check if the database contains the specified username.
      __delitem__(self, username)
      __getitem__(self, username)
      check(self, username, param)
      create(self)
    Create a new on-disk database.
    list keys(self)
    Return a list of usernames in the database.
      open(self)
    Open a pre-existing on-disk database.

    Method Details

    __init__(self, filename=None)
    (Constructor)

    Create a new SharedKeyDB.
    Parameters:
    filename - Filename for an on-disk database, or None for an in-memory database. If the filename already exists, follow this with a call to open(). To create a new on-disk database, follow this with a call to create().
               (type=str)
    Overrides:
    tlslite.BaseDB.BaseDB.__init__

    __setitem__(self, username, sharedKey)
    (Index assignment operator)

    Add a shared key to the database.
    Parameters:
    username - The username to associate the shared key with. Must be less than or equal to 16 characters in length, and must not already be in the database.
               (type=str)
    sharedKey - The shared key to add. Must be less than 48 characters in length.
               (type=str)
    Overrides:
    tlslite.BaseDB.BaseDB.__setitem__

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.PyCrypto_RSAKey-module.html0000700000175000017500000000675610206544646024370 0ustar clintclint tlslite.utils.PyCrypto_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_RSAKey
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.PyCrypto_RSAKey

    PyCrypto RSA implementation.
    Classes
    PyCrypto_RSAKey  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.PyCrypto_RC4-module.html0000700000175000017500000000220010206544651024415 0ustar clintclint tlslite.utils.PyCrypto_RC4
    PyCrypto_RC4
    Classes
    PyCrypto_RC4

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.utils.xmltools-module.html0000700000175000017500000000676710206544651024063 0ustar clintclint tlslite.utils.xmltools
    xmltools
    Functions
    checkName
    checkNoMoreAttributes
    escape
    getAttribute
    getChild
    getChildIter
    getChildOrNone
    getLastChild
    getReqAttribute
    getText
    indent
    parseAndStripWhitespace
    parseDocument
    stripWhitespace

    Variables
    base64RegEx
    booleanRegEx
    certsListRegEx
    cryptoIDRegEx
    dateTimeRegEx
    exprRegEx
    keyRegEx
    keysListRegEx
    nsRegEx
    sha1Base64RegEx
    shortStringRegEx
    urlRegEx

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.FileObject-module.html0000700000175000017500000000703210206544650022247 0ustar clintclint tlslite.FileObject
       Home       Trees       Index       Help   
    Package tlslite :: Module FileObject
    [show private | hide private]
    [frames | no frames]

    Module tlslite.FileObject

    Class returned by TLSConnection.makefile().
    Classes
    FileObject This class provides a file object interface to a tlslite.TLSConnection.TLSConnection.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Python_AES-module.html0000700000175000017500000001005610206544646023356 0ustar clintclint tlslite.utils.Python_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Python_AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.Python_AES

    Pure-Python AES implementation.
    Classes
    Python_AES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.Session.Session-class.html0000700000175000017500000002360410206544645023135 0ustar clintclint tlslite.Session.Session
       Home       Trees       Index       Help   
    Package tlslite :: Module Session :: Class Session
    [show private | hide private]
    [frames | no frames]

    Class Session

    This class represents a TLS session.

    TLS distinguishes between connections and sessions. A new handshake creates both a connection and a session. Data is transmitted over the connection.

    The session contains a more permanent record of the handshake. The session can be inspected to determine handshake results. The session can also be used to create a new connection through "session resumption". If the client and server both support this, they can create a new connection based on an old session without the overhead of a full handshake.

    The session for a tlslite.TLSConnection.TLSConnection can be retrieved from the connection's 'session' attribute.
    Method Summary
      __init__(self)
    str getCipherName(self)
    Get the name of the cipher used with this connection.
    bool valid(self)
    If this session can be used for session resumption.

    Instance Variable Summary
    tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain clientCertChain: The client's certificate chain (or None).
    tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain serverCertChain: The server's certificate chain (or None).
    str sharedKeyUsername: The client's shared-key username (or None).
    str srpUsername: The client's SRP username (or None).

    Method Details

    getCipherName(self)

    Get the name of the cipher used with this connection.
    Returns:
    The name of the cipher used with this connection. Either 'aes128', 'aes256', 'rc4', or '3des'.
               (type=str)

    valid(self)

    If this session can be used for session resumption.
    Returns:
    If this session can be used for session resumption.
               (type=bool)

    Instance Variable Details

    clientCertChain

    The client's certificate chain (or None).
    Type:
    tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain

    serverCertChain

    The server's certificate chain (or None).
    Type:
    tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain

    sharedKeyUsername

    The client's shared-key username (or None).
    Type:
    str

    srpUsername

    The client's SRP username (or None).
    Type:
    str

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.Certificate-class.html0000700000175000017500000001343710206544650024117 0ustar clintclint tlslite.messages.Certificate
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class Certificate
    [show private | hide private]
    [frames | no frames]

    Class Certificate

         Msg --+    
           |    
HandshakeMsg --+
               |
              Certificate

    Method Summary
      __init__(self, certificateType)
      create(self, certChain)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.RC4-module.html0000700000175000017500000000661110206544646021777 0ustar clintclint tlslite.utils.RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.RC4

    Abstract class for RC4.
    Classes
    RC4  

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/exceptions.Exception-class.html0000700000175000017500000001015310206544647022524 0ustar clintclint exceptions.Exception
       Home       Trees       Index       Help   
    Module exceptions :: Class Exception
    [show private | hide private]
    [frames | no frames]

    Class Exception

    Known Subclasses:
    TLSError
    Common base class for all exceptions.
    Method Summary
      __init__(...)
      __getitem__(...)
      __str__(...)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/httplib.HTTPResponse-class.html0000700000175000017500000001203010206544646022344 0ustar clintclint httplib.HTTPResponse
       Home       Trees       Index       Help   
    Module httplib :: Class HTTPResponse
    [show private | hide private]
    [frames | no frames]

    Class HTTPResponse

    Method Summary
      __init__(self, sock, debuglevel, strict, method)
      begin(self)
      close(self)
      getheader(self, name, default)
      isclosed(self)
      read(self, amt)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.PyCrypto_RC4-module.html0000700000175000017500000000772510206544646023657 0ustar clintclint tlslite.utils.PyCrypto_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_RC4
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.PyCrypto_RC4

    PyCrypto RC4 implementation.
    Classes
    PyCrypto_RC4  

    Function Summary
      new(key)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn-class.html0000700000175000017500000001340010206544647032322 0ustar clintclint tlslite.integration.TLSSocketServerMixIn.TLSSocketServerMixIn
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSSocketServerMixIn :: Class TLSSocketServerMixIn
    [show private | hide private]
    [frames | no frames]

    Class TLSSocketServerMixIn

    This class can be mixed in with any SocketServer.TCPServer to add TLS support.

    To use this class, define a new class that inherits from it and some SocketServer.TCPServer (with the mix-in first). Then implement the handshake() method, doing some sort of server handshake on the connection argument. If the handshake method returns True, the RequestHandler will be triggered. Below is a complete example of a threaded HTTPS server: 
       from SocketServer import *
   from BaseHTTPServer import *
   from SimpleHTTPServer import *
   from tlslite.api import *

   s = open("./serverX509Cert.pem").read()
   x509 = X509()
   x509.parse(s)
   certChain = X509CertChain([x509])

   s = open("./serverX509Key.pem").read()
   privateKey = parsePEMKey(s, private=True)

   sessionCache = SessionCache()

   class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn,
                      HTTPServer):
     def handshake(self, tlsConnection):
         try:
             tlsConnection.handshakeServer(certChain=certChain,
                                           privateKey=privateKey,
                                           sessionCache=sessionCache)
             tlsConnection.ignoreAbruptClose = True
             return True
         except TLSError, error:
             print "Handshake failure:", str(error)
             return False

   httpd = MyHTTPServer(('localhost', 443), SimpleHTTPRequestHandler)
   httpd.serve_forever()
    Method Summary
      finish_request(self, sock, client_address)
      handshake(self, tlsConnection)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey-class.html0000700000175000017500000003725510206544650026333 0ustar clintclint tlslite.utils.OpenSSL_RSAKey.OpenSSL_RSAKey
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_RSAKey :: Class OpenSSL_RSAKey
    [show private | hide private]
    [frames | no frames]

    Class OpenSSL_RSAKey

    RSAKey --+
         |
        OpenSSL_RSAKey

    Method Summary
      __init__(self, n, e)
    Create a new RSA key.
      __del__(self)
      __getattr__(self, name)
    bool acceptsPassword(self)
    Return True if the write() method accepts a password for use in encrypting the private key.
      generate(bits)
    (Static method)
    str hash(self)
    Return the cryptoID <keyHash> value corresponding to this key.
    bool hasPrivateKey(self)
    Return whether or not this key has a private component.
      parse(s, passwordCallback)
    (Static method)
    str write(self, password)
    Return a string containing the key.
    str writeXMLPublicKey(self, indent)
    Return a string containing the key.
        Inherited from RSAKey
    int __len__(self)
    Return the length of this key in bits.
    array.array of unsigned bytes or None. decrypt(self, encBytes)
    Decrypt the passed-in bytes.
    array.array of unsigned bytes. encrypt(self, bytes)
    Encrypt the passed-in bytes.
    str getSigningAlgorithm(self)
    Return the cryptoID sigAlgo value corresponding to this key.
    array.array of unsigned bytes. hashAndSign(self, bytes)
    Hash and sign the passed-in bytes.
    bool hashAndVerify(self, sigBytes, bytes)
    Hash and verify the passed-in bytes with the signature.
    array.array of unsigned bytes. sign(self, bytes)
    Sign the passed-in bytes.
    bool verify(self, sigBytes, bytes)
    Verify the passed-in bytes with the signature.

    Instance Method Details

    __init__(self, n=0, e=0)
    (Constructor)

    Create a new RSA key.

    If n and e are passed in, the new key will be initialized.
    Parameters:
    n - RSA modulus.
               (type=int)
    e - RSA public exponent.
               (type=int)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.__init__ (inherited documentation)

    acceptsPassword(self)

    Return True if the write() method accepts a password for use in encrypting the private key.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.acceptsPassword (inherited documentation)

    hash(self)

    Return the cryptoID <keyHash> value corresponding to this key.
    Returns:
    str
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hash (inherited documentation)

    hasPrivateKey(self)

    Return whether or not this key has a private component.
    Returns:
    bool
    Overrides:
    tlslite.utils.RSAKey.RSAKey.hasPrivateKey (inherited documentation)

    write(self, password=None)

    Return a string containing the key.
    Returns:
    A string describing the key, in whichever format (PEM or XML) is native to the implementation.
               (type=str)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.write (inherited documentation)

    writeXMLPublicKey(self, indent='')

    Return a string containing the key.
    Returns:
    A string describing the public key, in XML format.
               (type=str)
    Overrides:
    tlslite.utils.RSAKey.RSAKey.writeXMLPublicKey (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/twisted.protocols.policies.ProtocolWrapper-class.html0000700000175000017500000003554310206544646027074 0ustar clintclint twisted.protocols.policies.ProtocolWrapper
       Home       Trees       Index       Help   
    Package twisted :: Package protocols :: Module policies :: Class ProtocolWrapper
    [show private | hide private]
    [frames | no frames]

    Class ProtocolWrapper

    BaseProtocol --+    
               |    
        Protocol --+
                   |
                  ProtocolWrapper

    Known Subclasses:
    TLSTwistedProtocolWrapper
    Wraps protocol instances and acts as their transport as well.
    Method Summary
      __init__(self, factory, wrappedProtocol)
      __getattr__(self, name)
      connectionLost(self, reason)
      connectionMade(self)
    Called when a connection is made.
      dataReceived(self, data)
    Called whenever data is received.
      getHost(self)
      getPeer(self)
      loseConnection(self)
      makeConnection(self, transport)
    Make a connection to a transport and a server.
      registerProducer(self, producer, streaming)
      stopConsuming(self)
      unregisterProducer(self)
      write(self, data)
      writeSequence(self, data)
        Inherited from Protocol
      connectionFailed(self)
    (Deprecated)

    Class Variable Summary
    tuple __implements__ = (<class 'twisted.internet.interfaces.IT...
    int disconnecting = 0                                                                     

    Method Details

    connectionMade(self)

    Called when a connection is made.

    This may be considered the initializer of the protocol, because it is called when the connection is completed. For clients, this is called once the connection to the server has been established; for servers, this is called after an accept() call stops blocking and a socket has been received. If you need to send any greeting or initial message, do it here.
    Overrides:
    twisted.internet.protocol.BaseProtocol.connectionMade (inherited documentation)

    dataReceived(self, data)

    Called whenever data is received.

    Use this method to translate to a higher-level message. Usually, some callback will be made upon the receipt of each complete protocol message.
    Parameters:
    data - a string of indeterminate length. Please keep in mind that you will probably need to buffer some data, as partial (or multiple) protocol messages may be received! I recommend that unit tests for protocols call through to this method with differing chunk sizes, down to one byte at a time.
    Overrides:
    twisted.internet.protocol.Protocol.dataReceived (inherited documentation)

    makeConnection(self, transport)

    Make a connection to a transport and a server.

    This sets the 'transport' attribute of this Protocol, and calls the connectionMade() callback.
    Overrides:
    twisted.internet.protocol.BaseProtocol.makeConnection (inherited documentation)

    Class Variable Details

    __implements__

    Type:
    tuple
    Value:
    (<class 'twisted.internet.interfaces.ITransport'>,)

    disconnecting

    Type:
    int
    Value:
    0                                                                     

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.Cryptlib_RC4.Cryptlib_RC4-class.html0000700000175000017500000001133210206544646025722 0ustar clintclint tlslite.utils.Cryptlib_RC4.Cryptlib_RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module Cryptlib_RC4 :: Class Cryptlib_RC4
    [show private | hide private]
    [frames | no frames]

    Class Cryptlib_RC4

    RC4 --+
      |
     Cryptlib_RC4

    Method Summary
      __init__(self, key)
      __del__(self)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.TripleDES-module.html0000700000175000017500000000164610206544651023764 0ustar clintclint tlslite.utils.TripleDES
    TripleDES
    Classes
    TripleDES

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.utils.OpenSSL_RSAKey-module.html0000700000175000017500000000225410206544651024626 0ustar clintclint tlslite.utils.OpenSSL_RSAKey
    OpenSSL_RSAKey
    Classes
    OpenSSL_RSAKey

    Functions
    password_callback

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.integration.XMLRPCTransport.XMLRPCTransport-class.html0000700000175000017500000004101110206544646030246 0ustar clintclint tlslite.integration.XMLRPCTransport.XMLRPCTransport
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module XMLRPCTransport :: Class XMLRPCTransport
    [show private | hide private]
    [frames | no frames]

    Class XMLRPCTransport

       Transport --+
               |
ClientHelper --+
               |
              XMLRPCTransport

    Handles an HTTPS transaction to an XML-RPC server.
    Method Summary
      __init__(self, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Create a new XMLRPCTransport.
      make_connection(self, host)
        Inherited from Transport
      get_host_info(self, host)
      getparser(self)
      parse_response(self, file)
      request(self, host, handler, request_body, verbose)
      send_content(self, connection, request_body)
      send_host(self, connection, host)
      send_request(self, connection, handler, request_body)
      send_user_agent(self, connection)

    Class Variable Summary
        Inherited from Transport
    str user_agent = 'xmlrpclib.py/1.0.1 (by www.pythonware.com)...

    Method Details

    __init__(self, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    Create a new XMLRPCTransport.

    An instance of this class can be passed to xmlrpclib.ServerProxy to use TLS with XML-RPC calls: 
       from tlslite.api import XMLRPCTransport
   from xmlrpclib import ServerProxy

   transport = XMLRPCTransport(user="alice", password="abra123")
   server = ServerProxy("https://localhost", transport)
    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The constructor does not perform the TLS handshake itself, but simply stores these arguments for later. The handshake is performed only when this class needs to connect with the server. Thus you should be prepared to handle TLS-specific exceptions when calling methods of xmlrpclib.ServerProxy. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    tlslite.integration.ClientHelper.ClientHelper.__init__

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.VerifierDB-module.html0000700000175000017500000000667210206544647022241 0ustar clintclint tlslite.VerifierDB
       Home       Trees       Index       Help   
    Package tlslite :: Module VerifierDB
    [show private | hide private]
    [frames | no frames]

    Module tlslite.VerifierDB

    Class for storing SRP password verifiers.
    Classes
    VerifierDB This class represent an in-memory or on-disk database of SRP password verifiers.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    ././@LongLink0000000000000000000000000000015500000000000011566 Lustar rootroottlslite-0.3.8/docs/public/tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper-class.htmltlslite-0.3.8/docs/public/tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper-cl0000700000175000017500000005777410206544650033134 0ustar clintclint tlslite.integration.TLSTwistedProtocolWrapper.TLSTwistedProtocolWrapper
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module TLSTwistedProtocolWrapper :: Class TLSTwistedProtocolWrapper
    [show private | hide private]
    [frames | no frames]

    Class TLSTwistedProtocolWrapper

       AsyncStateMachine --+
                       |
BaseProtocol --+       |
               |       |
        Protocol --+   |
                   |   |
     ProtocolWrapper --+
                       |
                      TLSTwistedProtocolWrapper

    This class can wrap Twisted protocols to add TLS support.

    Below is a complete example of using TLS Lite with a Twisted echo server.

    There are two server implementations below. Echo is the original protocol, which is oblivious to TLS. Echo1 subclasses Echo and negotiates TLS when the client connects. Echo2 subclasses Echo and negotiates TLS when the client sends "STARTTLS": 
       from twisted.internet.protocol import Protocol, Factory
   from twisted.internet import reactor
   from twisted.protocols.policies import WrappingFactory
   from twisted.protocols.basic import LineReceiver
   from twisted.python import log
   from twisted.python.failure import Failure
   import sys
   from tlslite.api import *

   s = open("./serverX509Cert.pem").read()
   x509 = X509()
   x509.parse(s)
   certChain = X509CertChain([x509])

   s = open("./serverX509Key.pem").read()
   privateKey = parsePEMKey(s, private=True)

   verifierDB = VerifierDB("verifierDB")
   verifierDB.open()

   class Echo(LineReceiver):
       def connectionMade(self):
           self.transport.write("Welcome to the echo server!\r\n")

       def lineReceived(self, line):
           self.transport.write(line + "\r\n")

   class Echo1(Echo):
       def connectionMade(self):
           if not self.transport.tlsStarted:
               self.transport.setServerHandshakeOp(certChain=certChain,
                                                   privateKey=privateKey,
                                                   verifierDB=verifierDB)
           else:
               Echo.connectionMade(self)

       def connectionLost(self, reason):
           pass #Handle any TLS exceptions here

   class Echo2(Echo):
       def lineReceived(self, data):
           if data == "STARTTLS":
               self.transport.setServerHandshakeOp(certChain=certChain,
                                                   privateKey=privateKey,
                                                   verifierDB=verifierDB)
           else:
               Echo.lineReceived(self, data)

       def connectionLost(self, reason):
           pass #Handle any TLS exceptions here

   factory = Factory()
   factory.protocol = Echo1
   #factory.protocol = Echo2

   wrappingFactory = WrappingFactory(factory)
   wrappingFactory.protocol = TLSTwistedProtocolWrapper

   log.startLogging(sys.stdout)
   reactor.listenTCP(1079, wrappingFactory)
   reactor.run()

    This class works as follows:

    Data comes in and is given to the AsyncStateMachine for handling. AsyncStateMachine will forward events to this class, and we'll pass them on to the ProtocolHandler, which will proxy them to the wrapped protocol. The wrapped protocol may then call back into this class, and these calls will be proxied into the AsyncStateMachine.

    The call graph looks like this:
    • self.dataReceived
      • AsyncStateMachine.inReadEvent
        • self.out(Connect|Close|Read)Event

          • ProtocolWrapper.(connectionMade|loseConnection|dataReceived)

            • self.(loseConnection|write|writeSequence)
              • AsyncStateMachine.(setCloseOp|setWriteOp)
    Method Summary
      __init__(self, factory, wrappedProtocol)
      connectionLost(self, reason)
      connectionMade(self)
    Called when a connection is made.
      dataReceived(self, data)
    Called whenever data is received.
      loseConnection(self)
      outCloseEvent(self)
    Called when a close operation completes.
      outConnectEvent(self)
    Called when a handshake operation completes.
      outReadEvent(self, data)
      setServerHandshakeOp(self, **args)
    Start a handshake operation.
      write(self, data)
      writeSequence(self, seq)
        Inherited from ProtocolWrapper
      __getattr__(self, name)
      getHost(self)
      getPeer(self)
      makeConnection(self, transport)
    Make a connection to a transport and a server.
      registerProducer(self, producer, streaming)
      stopConsuming(self)
      unregisterProducer(self)
        Inherited from Protocol
      connectionFailed(self)
    (Deprecated)
        Inherited from AsyncStateMachine
      inReadEvent(self)
    Tell the state machine it can read from the socket.
      inWriteEvent(self)
    Tell the state machine it can write to the socket.
      outWriteEvent(self)
    Called when a write operation completes.
      setCloseOp(self)
    Start a close operation.
      setHandshakeOp(self, handshaker)
    Start a handshake operation.
      setWriteOp(self, writeBuffer)
    Start a write operation.
    bool or None wantsReadEvent(self)
    If the state machine wants to read.
    bool or None wantsWriteEvent(self)
    If the state machine wants to write.

    Class Variable Summary
        Inherited from ProtocolWrapper
    tuple __implements__ = (<class 'twisted.internet.interfaces.IT...
    int disconnecting = 0                                                                     

    Method Details

    connectionMade(self)

    Called when a connection is made.

    This may be considered the initializer of the protocol, because it is called when the connection is completed. For clients, this is called once the connection to the server has been established; for servers, this is called after an accept() call stops blocking and a socket has been received. If you need to send any greeting or initial message, do it here.
    Overrides:
    twisted.protocols.policies.ProtocolWrapper.connectionMade (inherited documentation)

    dataReceived(self, data)

    Called whenever data is received.

    Use this method to translate to a higher-level message. Usually, some callback will be made upon the receipt of each complete protocol message.
    Parameters:
    data - a string of indeterminate length. Please keep in mind that you will probably need to buffer some data, as partial (or multiple) protocol messages may be received! I recommend that unit tests for protocols call through to this method with differing chunk sizes, down to one byte at a time.
    Overrides:
    twisted.protocols.policies.ProtocolWrapper.dataReceived (inherited documentation)

    outCloseEvent(self)

    Called when a close operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outCloseEvent (inherited documentation)

    outConnectEvent(self)

    Called when a handshake operation completes.

    May be overridden in subclass.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.outConnectEvent (inherited documentation)

    setServerHandshakeOp(self, **args)

    Start a handshake operation.

    The arguments passed to this function will be forwarded to tlslite.TLSConnection.TLSConnection.handshakeServerAsync.
    Overrides:
    tlslite.integration.AsyncStateMachine.AsyncStateMachine.setServerHandshakeOp (inherited documentation)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.RC4.RC4-class.html0000700000175000017500000001134410206544647022206 0ustar clintclint tlslite.utils.RC4.RC4
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module RC4 :: Class RC4
    [show private | hide private]
    [frames | no frames]

    Class RC4

    Known Subclasses:
    Cryptlib_RC4, OpenSSL_RC4, PyCrypto_RC4, Python_RC4
    Method Summary
      __init__(self, keyBytes, implementation)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.integration.POP3_TLS.POP3_TLS-class.html0000700000175000017500000004455710206544650025125 0ustar clintclint tlslite.integration.POP3_TLS.POP3_TLS
       Home       Trees       Index       Help   
    Package tlslite :: Package integration :: Module POP3_TLS :: Class POP3_TLS
    [show private | hide private]
    [frames | no frames]

    Class POP3_TLS

            POP3 --+
               |
ClientHelper --+
               |
              POP3_TLS

    This class extends poplib.POP3 with TLS support.
    Method Summary
      __init__(self, host, port, username, password, sharedKey, certChain, privateKey, cryptoID, protocol, x509Fingerprint, x509TrustList, x509CommonName, settings)
    Create a new POP3_TLS.
        Inherited from POP3
      apop(self, user, secret)
    Authorisation - only possible if server has supplied a timestamp in initial greeting.
      dele(self, which)
    Delete message number 'which'.
      getwelcome(self)
      list(self, which)
    Request listing, return result.
      noop(self)
    Does nothing.
      pass_(self, pswd)
    Send password, return response
      quit(self)
    Signoff: commit changes on server, unlock mailbox, close connection.
      retr(self, which)
    Retrieve whole message number 'which'.
      rpop(self, user)
    Not sure what this does.
      rset(self)
    Not sure what this does.
      set_debuglevel(self, level)
      stat(self)
    Get mailbox status.
      top(self, which, howmuch)
    Retrieve message header of message number 'which' and first 'howmuch' lines of message body.
      uidl(self, which)
    Return message digest (unique id) list.
      user(self, user)
    Send user name, return response

    Class Variable Summary
        Inherited from POP3
    SRE_Pattern timestamp = \+OK.*(<[^>]+>)

    Method Details

    __init__(self, host, port=995, username=None, password=None, sharedKey=None, certChain=None, privateKey=None, cryptoID=None, protocol=None, x509Fingerprint=None, x509TrustList=None, x509CommonName=None, settings=None)
    (Constructor)

    Create a new POP3_TLS.

    For client authentication, use one of these argument combinations:
    • username, password (SRP)
    • username, sharedKey (shared-key)
    • certChain, privateKey (certificate)
    For server authentication, you can either rely on the implicit mutual authentication performed by SRP or shared-keys, or you can do certificate-based server authentication with one of these argument combinations:
    • cryptoID[, protocol] (requires cryptoIDlib)
    • x509Fingerprint
    • x509TrustList[, x509CommonName] (requires cryptlib_py)

    Certificate-based server authentication is compatible with SRP or certificate-based client authentication. It is not compatible with shared-keys.

    The caller should be prepared to handle TLS-specific exceptions. See the client handshake functions in tlslite.TLSConnection.TLSConnection for details on which exceptions might be raised.
    Parameters:
    host - Server to connect to.
               (type=str)
    port - Port to connect to.
               (type=int)
    username - SRP or shared-key username. Requires the 'password' or 'sharedKey' argument.
               (type=str)
    password - SRP password for mutual authentication. Requires the 'username' argument.
               (type=str)
    sharedKey - Shared key for mutual authentication. Requires the 'username' argument.
               (type=str)
    certChain - Certificate chain for client authentication. Requires the 'privateKey' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.X509CertChain.X509CertChain or cryptoIDlib.CertChain.CertChain)
    privateKey - Private key for client authentication. Requires the 'certChain' argument. Excludes the SRP or shared-key related arguments.
               (type=tlslite.utils.RSAKey.RSAKey)
    cryptoID - cryptoID for server authentication. Mutually exclusive with the 'x509...' arguments.
               (type=str)
    protocol - cryptoID protocol URI for server authentication. Requires the 'cryptoID' argument.
               (type=str)
    x509Fingerprint - Hex-encoded X.509 fingerprint for server authentication. Mutually exclusive with the 'cryptoID' and 'x509TrustList' arguments.
               (type=str)
    x509TrustList - A list of trusted root certificates. The other party must present a certificate chain which extends to one of these root certificates. The cryptlib_py module must be installed to use this parameter. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments.
               (type=list of tlslite.X509.X509)
    x509CommonName - The end-entity certificate's 'CN' field must match this value. For a web server, this is typically a server name such as 'www.amazon.com'. Mutually exclusive with the 'cryptoID' and 'x509Fingerprint' arguments. Requires the 'x509TrustList' argument.
               (type=str)
    settings - Various settings which can be used to control the ciphersuites, certificate types, and SSL/TLS versions offered by the client.
               (type=tlslite.HandshakeSettings.HandshakeSettings)
    Overrides:
    poplib.POP3.__init__

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.hmac.HMAC-class.html0000700000175000017500000001743510206544646022654 0ustar clintclint tlslite.utils.hmac.HMAC
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module hmac :: Class HMAC
    [show private | hide private]
    [frames | no frames]

    Class HMAC

    RFC2104 HMAC class.

    This supports the API for Cryptographic Hash Functions (PEP 247).
    Method Summary
      __init__(self, key, msg, digestmod)
    Create a new HMAC object.
      copy(self)
    Return a separate copy of this hashing object.
      digest(self)
    Return the hash value of this hashing object.
      hexdigest(self)
    Like digest(), but returns a string of hexadecimal digits instead.
      update(self, msg)
    Update this hashing object with the string msg.

    Method Details

    __init__(self, key, msg=None, digestmod=None)
    (Constructor)

    Create a new HMAC object.

    key: key for the keyed hash object. msg: Initial input for the hash, if provided. digestmod: A module supporting PEP 247. Defaults to the md5 module.

    copy(self)

    Return a separate copy of this hashing object.

    An update to this copy won't affect the original object.

    digest(self)

    Return the hash value of this hashing object.

    This returns a string containing 8-bit data. The object is not altered in any way by this function; you can continue updating the object after calling this function.

    hexdigest(self)

    Like digest(), but returns a string of hexadecimal digits instead.

    update(self, msg)

    Update this hashing object with the string msg.

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.errors.TLSLocalAlert-class.html0000700000175000017500000001645110206544650024006 0ustar clintclint tlslite.errors.TLSLocalAlert
       Home       Trees       Index       Help   
    Package tlslite :: Module errors :: Class TLSLocalAlert
    [show private | hide private]
    [frames | no frames]

    Class TLSLocalAlert

    Exception --+        
            |        
     TLSError --+    
                |    
         TLSAlert --+
                    |
                   TLSLocalAlert

    A TLS alert has been signalled by the local implementation.
    Method Summary
      __init__(self, alert, message)
      __str__(self)
        Inherited from Exception
      __getitem__(...)

    Instance Variable Summary
    int description: Set to one of the constants in tlslite.constants.AlertDescription
    int level: Set to one of the constants in tlslite.constants.AlertLevel
    str message: Description of what went wrong.

    Instance Variable Details

    description

    Set to one of the constants in tlslite.constants.AlertDescription
    Type:
    int

    level

    Set to one of the constants in tlslite.constants.AlertLevel
    Type:
    int

    message

    Description of what went wrong.
    Type:
    str

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:56 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.FileObject.FileObject-class.html0000700000175000017500000002401710206544647024104 0ustar clintclint tlslite.FileObject.FileObject
       Home       Trees       Index       Help   
    Package tlslite :: Module FileObject :: Class FileObject
    [show private | hide private]
    [frames | no frames]

    Class FileObject

    This class provides a file object interface to a tlslite.TLSConnection.TLSConnection.

    Call makefile() on a TLSConnection to create a FileObject instance.

    This class was copied, with minor modifications, from the _fileobject class in socket.py. Note that fileno() is not implemented.
    Method Summary
      __init__(self, sock, mode, bufsize)
      __del__(self)
      __iter__(self)
      close(self)
      flush(self)
      next(self)
      read(self, size)
      readline(self, size)
      readlines(self, sizehint)
      write(self, data)
      writelines(self, list)

    Property Summary
      closed: True if the file is closed

    Class Variable Summary
    int default_bufsize = 16384                                                                 

    Property Details

    closed

    True if the file is closed
    Get Method:
    _getclosed(self)

    Class Variable Details

    default_bufsize

    Type:
    int
    Value:
    16384                                                                 

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.OpenSSL_AES-module.html0000700000175000017500000001007310206544645023356 0ustar clintclint tlslite.utils.OpenSSL_AES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_AES
    [show private | hide private]
    [frames | no frames]

    Module tlslite.utils.OpenSSL_AES

    OpenSSL/M2Crypto AES implementation.
    Classes
    OpenSSL_AES  

    Function Summary
      new(key, mode, IV)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.messages.CertificateRequest-class.html0000700000175000017500000001353110206544645025467 0ustar clintclint tlslite.messages.CertificateRequest
       Home       Trees       Index       Help   
    Package tlslite :: Module messages :: Class CertificateRequest
    [show private | hide private]
    [frames | no frames]

    Class CertificateRequest

         Msg --+    
           |    
HandshakeMsg --+
               |
              CertificateRequest

    Method Summary
      __init__(self)
      create(self, certificate_types, certificate_authorities)
      parse(self, p)
      write(self, trial)
        Inherited from HandshakeMsg
      preWrite(self, handshakeType, trial)
        Inherited from Msg
      postWrite(self, w, trial)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:53 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES-class.html0000700000175000017500000001123710206544647030337 0ustar clintclint tlslite.utils.PyCrypto_TripleDES.PyCrypto_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module PyCrypto_TripleDES :: Class PyCrypto_TripleDES
    [show private | hide private]
    [frames | no frames]

    Class PyCrypto_TripleDES

    TripleDES --+
            |
           PyCrypto_TripleDES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.PyCrypto_AES-module.html0000700000175000017500000000220010206544651024435 0ustar clintclint tlslite.utils.PyCrypto_AES
    PyCrypto_AES
    Classes
    PyCrypto_AES

    Functions
    new

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.utils.keyfactory-module.html0000700000175000017500000000254010206544651024343 0ustar clintclint tlslite.utils.keyfactory
    keyfactory
    Functions
    generateRSAKey
    parseAsPublicKey
    parsePEMKey
    parsePrivateKey
    parseXMLKey

    [show private | hide private] tlslite-0.3.8/docs/public/toc-tlslite.integration.SMTP_TLS-module.html0000700000175000017500000000166710206544651024664 0ustar clintclint tlslite.integration.SMTP_TLS
    SMTP_TLS
    Classes
    SMTP_TLS

    [show private | hide private] tlslite-0.3.8/docs/public/tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES-class.html0000700000175000017500000001122410206544647027517 0ustar clintclint tlslite.utils.OpenSSL_TripleDES.OpenSSL_TripleDES
       Home       Trees       Index       Help   
    Package tlslite :: Package utils :: Module OpenSSL_TripleDES :: Class OpenSSL_TripleDES
    [show private | hide private]
    [frames | no frames]

    Class OpenSSL_TripleDES

    TripleDES --+
            |
           OpenSSL_TripleDES

    Method Summary
      __init__(self, key, mode, IV)
      decrypt(self, ciphertext)
      encrypt(self, plaintext)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:55 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.utils.dateFuncs-module.html0000700000175000017500000000324310206544651024100 0ustar clintclint tlslite.utils.dateFuncs
    dateFuncs
    Functions
    createDateClass
    getHoursFromNow
    getMinutesFromNow
    getNow
    isDateClassBefore
    isDateClassExpired
    parseDateClass
    printDateClass

    [show private | hide private] tlslite-0.3.8/docs/public/twisted.internet.protocol.Protocol-class.html0000700000175000017500000002115610206544646025364 0ustar clintclint twisted.internet.protocol.Protocol
       Home       Trees       Index       Help   
    Package twisted :: Package internet :: Module protocol :: Class Protocol
    [show private | hide private]
    [frames | no frames]

    Class Protocol

    BaseProtocol --+
               |
              Protocol

    Known Subclasses:
    ProtocolWrapper
    Method Summary
      connectionFailed(self)
    (Deprecated)
      connectionLost(self, reason)
    Called when the connection is shut down.
      dataReceived(self, data)
    Called whenever data is received.

    Class Variable Summary
    tuple __implements__ = (<class 'twisted.internet.interfaces.IP...

    Method Details

    connectionFailed(self)

    (Deprecated)

    This used to be called when the connection was not properly established.

    connectionLost(self, reason=<twisted.python.failure.Failure twisted.internet.error.Co...)

    Called when the connection is shut down.

    Clear any circular references here, and any external references to this Protocol. The connection has been closed.
    Parameters:
    reason
               (type=twisted.python.failure.Failure)

    dataReceived(self, data)

    Called whenever data is received.

    Use this method to translate to a higher-level message. Usually, some callback will be made upon the receipt of each complete protocol message.
    Parameters:
    data - a string of indeterminate length. Please keep in mind that you will probably need to buffer some data, as partial (or multiple) protocol messages may be received! I recommend that unit tests for protocols call through to this method with differing chunk sizes, down to one byte at a time.

    Class Variable Details

    __implements__

    Type:
    tuple
    Value:
    (<class 'twisted.internet.interfaces.IProtocol'>,)

       Home       Trees       Index       Help   
    Generated by Epydoc 2.0 on Mon Feb 21 21:56:54 2005 http://epydoc.sf.net
    tlslite-0.3.8/docs/public/toc-tlslite.X509-module.html0000700000175000017500000000155310206544651021474 0ustar clintclint tlslite.X509
    X509
    Classes
    X509

    [show private | hide private] tlslite-0.3.8/setup.py0000700000175000017500000000147010206510606013707 0ustar clintclint#!/usr/bin/env python import sys from distutils.core import setup, Extension if sys.version_info < (2, 2): raise AssertionError("Python 2.2 or later required") if sys.platform == "win32": ext = Extension("tlslite.utils.win32prng", sources=["tlslite/utils/win32prng.c"], libraries=["advapi32"]) exts = [ext] else: exts = None setup(name="tlslite", version="0.3.8", author="Trevor Perrin", author_email="trevp@trevp.net", url="http://trevp.net/tlslite/", description="tlslite implements SSL and TLS with SRP, shared-keys, cryptoID, or X.509 authentication.", license="public domain", scripts=["scripts/tls.py", "scripts/tlsdb.py"], packages=["tlslite", "tlslite.utils", "tlslite.integration"], ext_modules=exts)