Package dpkt :: Module ssl
[hide private]
[frames] | no frames]

Module ssl

source code

Secure Sockets Layer / Transport Layer Security.

Classes [hide private]
  SSL2
  SSL3Exception
  TLSRecord
SSLv3 or TLSv1+ packet.
  TLSChangeCipherSpec
ChangeCipherSpec message is just a single byte with value 1
  TLSAppData
As far as TLSRecord is concerned, AppData is just an opaque blob.
  TLSAlert
  TLSHelloRequest
  TLSClientHello
  TLSServerHello
  TLSUnknownHandshake
  TLSCertificate
  TLSServerKeyExchange
  TLSCertificateRequest
  TLSServerHelloDone
  TLSCertificateVerify
  TLSClientKeyExchange
  TLSFinished
  TLSHandshake
A TLS Handshake message
  SSLFactory
  TLSRecordTest
Test basic TLSRecord functionality
  TLSChangeCipherSpecTest
It's just a byte.
  TLSAppDataTest
AppData is basically just a string
  TLSHandshakeTest
  ClientHelloTest
This data is extracted from and verified by Wireshark
  ServerHelloTest
Again, from Wireshark
  TLSMultiFactoryTest
Made up test data
Functions [hide private]
 
parse_variable_array(buf, lenbytes)
Parse an array described using the 'Type name<x..y>' syntax from the spec
source code
 
TLSMultiFactory(buf)
Attempt to parse one or more TLSRecord's out of buf
source code
Variables [hide private]
  SSL3_V = 768
  TLS1_V = 769
  TLS11_V = 770
  TLS12_V = 771
  ssl3_versions_str = {768: 'SSL3', 769: 'TLS 1.0', 770: 'TLS 1....
  SSL3_VERSION_BYTES = set(['\x03\x00', '\x03\x01', '\x03\x02', ...
  SSL3_AD_WARNING = 1
  SSL3_AD_FATAL = 2
  alert_level_str = {1: 'SSL3_AD_WARNING', 2: 'SSL3_AD_FATAL'}
  SSL3_AD_CLOSE_NOTIFY = 0
  SSL3_AD_UNEXPECTED_MESSAGE = 10
  SSL3_AD_BAD_RECORD_MAC = 20
  SSL3_AD_DECOMPRESSION_FAILURE = 30
  SSL3_AD_HANDSHAKE_FAILURE = 40
  SSL3_AD_NO_CERTIFICATE = 41
  SSL3_AD_BAD_CERTIFICATE = 42
  SSL3_AD_UNSUPPORTED_CERTIFICATE = 43
  SSL3_AD_CERTIFICATE_REVOKED = 44
  SSL3_AD_CERTIFICATE_EXPIRED = 45
  SSL3_AD_CERTIFICATE_UNKNOWN = 46
  SSL3_AD_ILLEGAL_PARAMETER = 47
  TLS1_AD_DECRYPTION_FAILED = 21
  TLS1_AD_RECORD_OVERFLOW = 22
  TLS1_AD_UNKNOWN_CA = 48
  TLS1_AD_ACCESS_DENIED = 49
  TLS1_AD_DECODE_ERROR = 50
  TLS1_AD_DECRYPT_ERROR = 51
  TLS1_AD_EXPORT_RESTRICTION = 60
  TLS1_AD_PROTOCOL_VERSION = 70
  TLS1_AD_INSUFFICIENT_SECURITY = 71
  TLS1_AD_INTERNAL_ERROR = 80
  TLS1_AD_USER_CANCELLED = 90
  TLS1_AD_NO_RENEGOTIATION = 100
  TLS1_AD_UNSUPPORTED_EXTENSION = 110
  TLS1_AD_CERTIFICATE_UNOBTAINABLE = 111
  TLS1_AD_UNRECOGNIZED_NAME = 112
  TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE = 113
  TLS1_AD_BAD_CERTIFICATE_HASH_VALUE = 114
  TLS1_AD_UNKNOWN_PSK_IDENTITY = 115
  alert_description_str = {0: 'SSL3_AD_CLOSE_NOTIFY', 10: 'SSL3_...
  _SIZE_FORMATS = ['!B', '!H', '!I', '!I']
  HANDSHAKE_TYPES = {0: ('HelloRequest', <class 'dpkt.ssl.TLSHel...
  RECORD_TYPES = {20: <class 'dpkt.ssl.TLSChangeCipherSpec'>, 21...
  __package__ = 'dpkt'
Function Details [hide private]

parse_variable_array(buf, lenbytes)

source code 

Parse an array described using the 'Type name<x..y>' syntax from the spec

Read a length at the start of buf, and returns that many bytes
after, in a tuple with the TOTAL bytes consumed (including the size). This
does not check that the array is the right length for any given datatype.

TLSMultiFactory(buf)

source code 

Attempt to parse one or more TLSRecord's out of buf

Args:
  buf: string containing SSL/TLS messages. May have an incomplete record
    on the end

Returns:
  [TLSRecord]
  int, total bytes consumed, != len(buf) if an incomplete record was left at
    the end.

Raises SSL3Exception.


Variables Details [hide private]

ssl3_versions_str

Value:
{768: 'SSL3', 769: 'TLS 1.0', 770: 'TLS 1.1', 771: 'TLS 1.2'}

SSL3_VERSION_BYTES

Value:
set(['\x03\x00', '\x03\x01', '\x03\x02', '\x03\x03'])

alert_description_str

Value:
{0: 'SSL3_AD_CLOSE_NOTIFY',
 10: 'SSL3_AD_UNEXPECTED_MESSAGE',
 20: 'SSL3_AD_BAD_RECORD_MAC',
 21: 'TLS1_AD_DECRYPTION_FAILED',
 22: 'TLS1_AD_RECORD_OVERFLOW',
 30: 'SSL3_AD_DECOMPRESSION_FAILURE',
 40: 'SSL3_AD_HANDSHAKE_FAILURE',
 41: 'SSL3_AD_NO_CERTIFICATE',
...

HANDSHAKE_TYPES

Value:
{0: ('HelloRequest', <class 'dpkt.ssl.TLSHelloRequest'>),
 1: ('ClientHello', <class 'dpkt.ssl.TLSClientHello'>),
 2: ('ServerHello', <class 'dpkt.ssl.TLSServerHello'>),
 11: ('Certificate', <class 'dpkt.ssl.TLSUnknownHandshake'>),
 12: ('ServerKeyExchange', <class 'dpkt.ssl.TLSUnknownHandshake'>),
 13: ('CertificateRequest', <class 'dpkt.ssl.TLSUnknownHandshake'>),
 14: ('ServerHelloDone', <class 'dpkt.ssl.TLSUnknownHandshake'>),
 15: ('CertificateVerify', <class 'dpkt.ssl.TLSUnknownHandshake'>),
...

RECORD_TYPES

Value:
{20: <class 'dpkt.ssl.TLSChangeCipherSpec'>,
 21: <class 'dpkt.ssl.TLSAlert'>,
 22: <class 'dpkt.ssl.TLSHandshake'>,
 23: <class 'dpkt.ssl.TLSAppData'>}