• Home
  • History
  • Annotate
  • only in /external/chromium_org/third_party/tlslite/
NameDateSize

..11-Jul-20144 KiB

LICENSE11-Jul-201432

make_release.py11-Jul-20141.9 KiB

OWNERS11-Jul-201455

patches/11-Jul-20144 KiB

README.chromium11-Jul-20142.2 KiB

readme.txt11-Jul-201429.6 KiB

scripts/11-Jul-20144 KiB

setup.py11-Jul-2014824

test/11-Jul-20144 KiB

tlslite/11-Jul-20144 KiB

README.chromium

1Name: tlslite
2URL: http://trevp.net/tlslite/
3Version: 0.3.8
4Security Critical: No
5License: Public domain
6
7Local Modifications:
8
9- patches/close_notify.patch: tlslite/TLSRecordLayer.py was changed to force
10  the socket to be closed when the SSL connection is closed. This is is
11  necessary at this point since WinHTTP does not seem to react to the SSL
12  close notify. It's also needed to prevent a hang on Linux.  See also 
13  http://sourceforge.net/mailarchive/forum.php?thread_name=41C9B18B.2010201%40ag.com&forum_name=tlslite-users
14- patches/python26.patch: Replace sha, md5 module imports with hashlib, as
15  they are deprecated in Python 2.6
16- patches/ca_request.patch: tlslite/X509.py was changed to obtain the
17  DER-encoded distinguished name for a certificate, without requiring any
18  addition libraries.
19  tlslite/utils/ASN1Parser.py was changed to allow obtaining the unparsed
20  data for an element in a SEQUENCE, in addition to providing the parsed
21  value (tag and length removed)
22  tlslite/messages.py was changed from accepting/returning a single byte
23  array in the CertificateRequest message for the CA names to accept a list
24  of byte arrays, each containing a DER-encoded distinguished name.
25  tlslite/TLSConnection.py was changed to take a list of such byte arrays
26  when creating a TLS server that will request client authentication.
27- patches/send_certificate_types.patch: tlslite/message.py was changed to
28  default to a certificate_types of [rsa_sign] in CertificateRequest. Apple's
29  Secure Transport library rejects an empty list and raises an SSL protocol
30  error.
31- patches/parse_chain.patch: tlslite/X509CertChain.py and tlslite/X509.py were
32  updated to add a parseChain method, that can parse multiple certificates from
33  a PEM string.
34- patches/tls_intolerant.patch: allow TLSLite to simulate a TLS-intolerant server.
35- patches/channel_id.patch: add basic ChannelID support. (Signatures are not
36  checked.)
37- patches/signed_certificate_timestamps.patch: add support for sending Signed
38  Certificate Timestamps over a TLS extension.
39- patches/fallback_scsv.patch: add support for TLS_FALLBACK_SCSV. See
40  https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01
41- patches/status_request.patch: add support for sending stapled OCSP responses.
42

readme.txt

1
2tlslite version 0.3.8                                      February 21, 2005
3Trevor Perrin <trevp at trevp.net>
4http://trevp.net/tlslite/
5============================================================================
6
7
8Table of Contents
9==================
101  Introduction
112  License/Acknowledgements
123  Installation
134  Getting Started with the Command-Line Tools
145  Getting Started with the Library
156  Using TLS Lite with httplib
167  Using TLS Lite with xmlrpclib
178  Using TLS Lite with poplib or imaplib
189  Using TLS Lite with smtplib
1910 Using TLS Lite with SocketServer
2011 Using TLS Lite with asyncore
2112 Using TLS Lite with Twisted
2213 SECURITY CONSIDERATIONS
2314 History
2415 References
25
26
271 Introduction
28===============
29TLS Lite is a free python library that implements SSL v3, TLS v1, and 
30TLS v1.1 [0]. TLS Lite supports non-traditional authentication methods 
31such as SRP [1], shared keys [2], and cryptoIDs [3], in addition to X.509
32certificates.  TLS Lite is pure python, however it can access OpenSSL [4], 
33cryptlib [5], pycrypto [9], and GMPY [10] for faster crypto operations.  TLS 
34Lite integrates with httplib, xmlrpclib, poplib, imaplib, smtplib,
35SocketServer, asyncore, and Twisted.
36
37API documentation is available in the 'docs' directory.
38
39If you have questions or feedback, feel free to contact me.
40
41
422 Licenses/Acknowledgements
43============================
44All code here is public domain.
45
46Thanks to Bram Cohen for his public domain Rijndael implementation.
47
48Thanks to Edward Loper for Epydoc, which generated the API docs.
49
50
513 Installation
52===============
53Requirements:
54  Python 2.2 or greater is required.
55
56Options:
57  - If you have cryptoIDlib [8], you can use cryptoID certificate chains for
58  authentication.  CryptoIDlib is the sister library to TLS Lite; it was
59  written by the same author, and has a similar interface.
60
61  - If you have the M2Crypto [6] interface to OpenSSL, this will be used for
62  fast RSA operations and fast ciphers.
63
64  - If you have the cryptlib_py [7] interface to cryptlib, this will be used
65  for random number generation and fast ciphers.  If TLS Lite can't find an
66  OS-level random-number generator (i.e. /dev/urandom on UNIX or CryptoAPI on
67  Windows), then you must MUST install cryptlib.
68
69  - If you have pycrypto [9], this will be used for fast ciphers and fast RSA
70  operations.
71
72  - If you have the GMPY [10] interface to GMP, this will be used for fast RSA
73  and SRP operations.
74
75  - These modules don't need to be present at installation - you can install
76  them any time.
77
78On Windows:
79  Run the installer in the 'installers' directory.
80  *OR*
81  Run 'setup.py install' (this only works if your system has a compiler
82  available).
83
84Anywhere else:
85  - Run 'python setup.py install'
86
87Test the Installation:
88  - The 'tls.py' script should have been copied onto your path.  If not,
89    you may have to copy it there manually.
90  - From the distribution's ./test subdirectory, run:
91      tls.py servertest localhost:4443 .
92  - While the test server is waiting, run:
93      tls.py clienttest localhost:4443 .
94
95  If both say "Test succeeded" at the end, you're ready to go.
96
97  (WARNING: Be careful running these (or any) scripts from the distribution's
98  root directory.  Depending on your path, the scripts may load the local copy
99  of the library instead of the installed version, with unpredictable
100  results).
101
102
1034 Getting Started with the Command-Line Tools
104==============================================
105tlslite comes with two command-line scripts: 'tlsdb.py' and 'tls.py'.  They
106can be run with no arguments to see a list of commands.
107
108'tlsdb.py' lets you manage shared key or verifier databases.  These databases
109store usernames associated with either shared keys, or SRP password verifiers.
110These databases are used by a TLS server when authenticating clients with
111shared keys or SRP.
112
113'tls.py' lets you run test clients and servers.  It can be used for testing
114other TLS implementations, or as example code for using tlslite.  To run an
115SRP server, try something like:
116
117  tlsdb.py createsrp verifierDB
118  tlsdb.py add verifierDB alice abra123cadabra 1024
119  tlsdb.py add verifierDB bob swordfish 2048
120
121  tls.py serversrp localhost:443 verifierDB
122
123Then you can try connecting to the server with:
124
125  tls.py clientsrp localhost:443 alice abra123cadabra
126
127
1285 Getting Started with the Library
129===================================
130Using the library is simple.  Whether you're writing a client or server, there
131are six steps:
1321) Create a socket and connect it to the other party.
1332) Construct a TLSConnection instance with the socket.
1343) Call a handshake function on TLSConnection to perform the TLS handshake.
1354) Check the results to make sure you're talking to the right party.
1365) Use the TLSConnection to exchange data.
1376) Call close() on the TLSConnection when you're done.
138
139TLS Lite also integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, 
140SocketServer, asyncore, and Twisted.  When used with these, some of the steps 
141are performed for you.  See the sections following this one for details.
142
1435 Step 1 - create a socket
144---------------------------
145Below demonstrates a socket connection to Amazon's secure site.  It's a good
146idea to set the timeout value, so if the other side fails to respond you won't
147end up waiting forever.
148
149  from socket import *
150  sock = socket(AF_INET, SOCK_STREAM)
151  sock.connect( ("www.amazon.com", 443) )
152  sock.settimeout(10)  #Only on python 2.3 or greater
153
1545 Step 2 - construct a TLSConnection
155-------------------------------------
156  from tlslite.api import *
157  connection = TLSConnection(sock)
158
1595 Step 3 - call a handshake function (client)
160----------------------------------------------
161If you're a client, there's several different handshake functions you can
162call, depending on how you want to authenticate:
163
164  connection.handshakeClientCert()
165  connection.handshakeClientCert(certChain, privateKey)
166  connection.handshakeClientSRP("alice", "abra123cadabra")
167  connection.handshakeClientSharedKey("alice", "PaVBVZkYqAjCQCu6UBL2xgsnZhw")
168  connection.handshakeClientUnknown(srpCallback, certCallback)
169
170The ClientCert function without arguments is used when connecting to a site
171like Amazon, which doesn't require client authentication.  The server will
172authenticate with a certificate chain.
173
174The ClientCert function can also be used to do client authentication with an
175X.509 or cryptoID certificate chain.  To use cryptoID chains, you'll need the
176cryptoIDlib library [8].  To use X.509 chains, you'll need some way of
177creating these, such as OpenSSL (see http://www.openssl.org/docs/HOWTO/ for
178details).
179
180Below are examples of loading cryptoID and X.509 certificate chains:
181
182  #Load cryptoID certChain and privateKey.  Requires cryptoIDlib.
183  from cryptoIDlib.CertChain import CertChain
184  s = open("./test/clientCryptoIDChain.xml").read()
185  certChain = CertChain()
186  certChain.parse(s)
187  s = open("./test/clientCryptoIDKey.xml").read()
188  privateKey = parseXMLKey(s, private=True)
189
190  #Load X.509 certChain and privateKey.
191  s = open("./test/clientX509Cert.pem").read()
192  x509 = X509()
193  x509.parse(s)
194  certChain = X509CertChain([x509])
195  s = open("./test/clientX509Key.pem").read()
196  privateKey = parsePEMKey(s, private=True)
197
198The SRP and SharedKey functions both do mutual authentication with a username
199and password.  The difference is this: SRP is slow but safer when using low-
200entropy passwords, since the SRP protocol is not vulnerable to offline
201dictionary attacks.  Using shared keys is faster, but it's only safe when
202used with high-entropy secrets.  In general, you should prefer SRP for human-
203memorable passwords, and use shared keys only when your performance needs
204outweigh the inconvenience of handling large random strings.
205
206[WARNING: shared keys and SRP are internet-drafts; these protocols may change,
207which means future versions of tlslite may not be compatible with this one.
208This is less likely with SRP, more likely with shared-keys.]
209
210The Unknown function is used when you're not sure if the server requires
211client authentication.	 If the server requests SRP or certificate-based
212authentication, the appropriate callback will be triggered, and you should
213return a tuple containing either a (username, password) or (certChain,
214privateKey), as appropriate.  Alternatively, you can return None, which will
215cancel the handshake from an SRP callback, or cause it to continue without
216client authentication (if the server is willing) from a certificate callback.
217
218If you want more control over the handshake, you can pass in a
219HandshakeSettings instance.  For example, if you're performing SRP, but you
220only want to use SRP parameters of at least 2048 bits, and you only want to use
221the AES-256 cipher, and you only want to allow TLS (version 3.1), not SSL
222(version 3.0), you can do:
223
224  settings = HandshakeSettings()
225  settings.minKeySize = 2048
226  settings.cipherNames = ["aes256"]
227  settings.minVersion = (3,1)
228  connection.handshakeClientSRP("alice", "abra123cadabra", settings=settings)
229
230Finally, every TLSConnection has a session object.  You can try to resume a
231previous session by passing in the session object from the old session.  If
232the server remembers this old session and supports resumption, the handshake
233will finish more quickly.  Otherwise, the full handshake will be done.  For
234example:
235
236  connection.handshakeClientSRP("alice", "abra123cadabra")
237  .
238  .
239  oldSession = connection.session
240  connection2.handshakeClientSRP("alice", "abra123cadabra", session=
241  oldSession)
242
2435 Step 3 - call a handshake function (server)
244----------------------------------------------
245If you're a server, there's only one handshake function, but you can pass it
246several different parameters, depending on which types of authentication
247you're willing to perform.
248
249To perform SRP authentication, you have to pass in a database of password
250verifiers.  The VerifierDB class manages an in-memory or on-disk verifier
251database.
252
253  #On-disk database (use no-arg constructor if you want an in-memory DB)
254  verifierDB = VerifierDB("./test/verifierDB")
255
256  #Open the pre-existing database (can also 'create()' a new one)
257  verifierDB.open()
258
259  #Add to the database
260  verifier = VerifierDB.makeVerifier("alice", "abra123cadabra", 2048)
261  verifierDB["alice"] = verifier
262
263  #Perform a handshake using the database
264  connection.handshakeServer(verifierDB=verifierDB)
265
266To perform shared key authentication, you have to pass in a database of shared
267keys.  The SharedKeyDB class manages an in-memory or on-disk shared key
268database.
269
270  sharedKeyDB = SharedKeyDB("./test/sharedkeyDB")
271  sharedKeyDB.open()
272  sharedKeyDB["alice"] = "PaVBVZkYqAjCQCu6UBL2xgsnZhw"
273  connection.handshakeServer(sharedKeyDB=sharedKeyDB)
274
275To perform authentication with a certificate and private key, the server must
276load these as described in the previous section, then pass them in.  If the
277server sets the reqCert boolean to True, a certificate chain will be requested
278from the client.
279
280  connection.handshakeServer(certChain=certChain, privateKey=privateKey,
281                             reqCert=True)
282
283You can pass in any combination of a verifier database, a shared key database,
284and a certificate chain/private key.  The client will use one of them to
285authenticate.  In the case of SRP and a certificate chain/private key, they
286both may be used.
287
288You can also pass in a HandshakeSettings object, as described in the last
289section, for finer control over handshaking details.  Finally, the server can
290maintain a SessionCache, which will allow clients to use session resumption:
291
292  sessionCache = SessionCache()
293  connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache)
294
295It should be noted that the session cache, and the verifier and shared key
296databases, are all thread-safe.
297
2985 Step 4 - check the results
299-----------------------------
300If the handshake completes without raising an exception, authentication
301results will be stored in the connection's session object.  The following
302variables will be populated if applicable, or else set to None:
303
304  connection.session.srpUsername       #string
305  connection.session.sharedKeyUsername #string
306  connection.session.clientCertChain   #X509CertChain or
307                                       #cryptoIDlib.CertChain.CertChain
308  connection.session.serverCertChain   #X509CertChain or
309                                       #cryptoIDlib.CertChain.CertChain
310
311Both types of certificate chain object support the getFingerprint() function,
312but with a difference.  X.509 objects return the end-entity fingerprint, and
313ignore the other certificates.  CryptoID fingerprints (aka "cryptoIDs") are
314based on the root cryptoID certificate, so you have to call validate() on the
315CertChain to be sure you're really talking to the cryptoID.
316
317X.509 certificate chain objects may also be validated against a list of
318trusted root certificates.  See the API documentation for details.
319
320To save yourself the trouble of inspecting fingerprints after the handshake,
321you can pass a Checker object into the handshake function.  The checker will be
322called if the handshake completes successfully.  If the other party's
323certificate chain isn't approved by the checker, a subclass of
324TLSAuthenticationError will be raised.  For example, to perform a handshake
325with a server based on its X.509 fingerprint, do:
326
327  try:
328    checker = Checker(\
329              x509Fingerprint='e049ff930af76d43ff4c658b268786f4df1296f2')
330    connection.handshakeClientCert(checker=checker)
331  except TLSAuthenticationError:
332    print "Authentication failure"
333
334If the handshake fails for any reason, an exception will be raised.  If the
335socket timed out or was unexpectedly closed, a socket.error or
336TLSAbruptCloseError will be raised.  Otherwise, either a TLSLocalAlert or
337TLSRemoteAlert will be raised, depending on whether the local or remote
338implementation signalled the error.  The exception object has a 'description'
339member which identifies the error based on the codes in RFC 2246.  A
340TLSLocalAlert also has a 'message' string that may have more details.
341
342Example of handling a remote alert:
343
344  try:
345      [...]
346  except TLSRemoteAlert, alert:
347      if alert.description == AlertDescription.unknown_srp_username:
348          print "Unknown user."
349  [...]
350
351Figuring out what went wrong based on the alert may require some
352interpretation, particularly with remote alerts where you don't have an error
353string, and where the remote implementation may not be signalling alerts
354properly.  Many alerts signal an implementation error, and so should rarely be
355seen in normal operation (unexpected_message, decode_error, illegal_parameter,
356internal_error, etc.).
357
358Others alerts are more likely to occur.  Below are some common alerts and
359their probable causes, and whether they are signalled by the client or server.
360
361Client bad_record_mac:
362 - bad shared key password
363
364Client handshake failure:
365 - SRP parameters are not recognized by client
366
367Client user_canceled:
368 - The client might have returned None from an SRP callback.
369
370Client insufficient_security:
371 - SRP parameters are too small
372
373Client protocol_version:
374 - Client doesn't support the server's protocol version
375
376Server protocol_version:
377 - Server doesn't support the client's protocol version
378
379Server bad_record_mac:
380 - bad SRP username or password
381
382Server unknown_srp_username
383 - bad SRP username (bad_record_mac could be used for the same thing)
384
385Server handshake_failure:
386 - bad shared key username
387 - no matching cipher suites
388
3895 Step 5 - exchange data
390-------------------------
391Now that you have a connection, you can call read() and write() as if it were
392a socket.SSL object.  You can also call send(), sendall(), recv(), and
393makefile() as if it were a socket.  These calls may raise TLSLocalAlert,
394TLSRemoteAlert, socket.error, or TLSAbruptCloseError, just like the handshake
395functions.
396
397Once the TLS connection is closed by the other side, calls to read() or recv()
398will return an empty string.  If the socket is closed by the other side
399without first closing the TLS connection, calls to read() or recv() will return
400a TLSAbruptCloseError, and calls to write() or send() will return a
401socket.error.
402
4035 Step 6 - close the connection
404--------------------------------
405When you're finished sending data, you should call close() to close the
406connection down.  When the connection is closed properly, the socket stays
407open and can be used for exchanging non-secure data, the session object can be
408used for session resumption, and the connection object can be re-used by
409calling another handshake function.
410
411If an exception is raised, the connection will be automatically closed; you
412don't need to call close().  Furthermore, you will probably not be able to re-
413use the socket, the connection object, or the session object, and you
414shouldn't even try.
415
416By default, calling close() will leave the socket open.  If you set the
417connection's closeSocket flag to True, the connection will take ownership of
418the socket, and close it when the connection is closed.
419
420
4216 Using TLS Lite with httplib
422==============================
423TLS Lite comes with an HTTPTLSConnection class that extends httplib to work
424over SSL/TLS connections.  Depending on how you construct it, it will do
425different types of authentication.
426
427  #No authentication whatsoever
428  h = HTTPTLSConnection("www.amazon.com", 443)
429  h.request("GET", "")
430  r = h.getresponse()
431  [...]
432
433  #Authenticate server based on its X.509 fingerprint
434  h = HTTPTLSConnection("www.amazon.com", 443,
435          x509Fingerprint="e049ff930af76d43ff4c658b268786f4df1296f2")
436  [...]
437
438  #Authenticate server based on its X.509 chain (requires cryptlib_py [7])
439  h = HTTPTLSConnection("www.amazon.com", 443,
440          x509TrustList=[verisignCert],
441          x509CommonName="www.amazon.com")
442  [...]
443
444  #Authenticate server based on its cryptoID
445  h = HTTPTLSConnection("localhost", 443,
446          cryptoID="dmqb6.fq345.cxk6g.5fha3")
447  [...]
448
449  #Mutually authenticate with SRP
450  h = HTTPTLSConnection("localhost", 443,
451          username="alice", password="abra123cadabra")
452  [...]
453
454  #Mutually authenticate with a shared key
455  h = HTTPTLSConnection("localhost", 443,
456          username="alice", sharedKey="PaVBVZkYqAjCQCu6UBL2xgsnZhw")
457  [...]
458
459  #Mutually authenticate with SRP, *AND* authenticate the server based
460  #on its cryptoID
461  h = HTTPTLSConnection("localhost", 443,
462          username="alice", password="abra123cadabra",
463          cryptoID="dmqb6.fq345.cxk6g.5fha3")
464  [...]
465
466
4677 Using TLS Lite with xmlrpclib
468================================
469TLS Lite comes with an XMLRPCTransport class that extends xmlrpclib to work
470over SSL/TLS connections.  This class accepts the same parameters as
471HTTPTLSConnection (see previous section), and behaves similarly.  Depending on
472how you construct it, it will do different types of authentication.
473
474  from tlslite.api import XMLRPCTransport
475  from xmlrpclib import ServerProxy
476
477  #No authentication whatsoever
478  transport = XMLRPCTransport()
479  server = ServerProxy("https://localhost", transport)
480  server.someFunc(2, 3)
481  [...]
482
483  #Authenticate server based on its X.509 fingerprint
484  transport = XMLRPCTransport(\
485          x509Fingerprint="e049ff930af76d43ff4c658b268786f4df1296f2")  
486  [...]
487
488
4898 Using TLS Lite with poplib or imaplib
490========================================
491TLS Lite comes with POP3_TLS and IMAP4_TLS classes that extend poplib and
492imaplib to work over SSL/TLS connections.  These classes can be constructed
493with the same parameters as HTTPTLSConnection (see previous section), and 
494behave similarly.
495
496  #To connect to a POP3 server over SSL and display its fingerprint:
497  from tlslite.api import *
498  p = POP3_TLS("---------.net")
499  print p.sock.session.serverCertChain.getFingerprint()
500  [...]
501
502  #To connect to an IMAP server once you know its fingerprint:
503  from tlslite.api import *
504  i = IMAP4_TLS("cyrus.andrew.cmu.edu",
505          x509Fingerprint="00c14371227b3b677ddb9c4901e6f2aee18d3e45")
506  [...]  
507  
508
5099 Using TLS Lite with smtplib
510==============================
511TLS Lite comes with an SMTP_TLS class that extends smtplib to work
512over SSL/TLS connections.  This class accepts the same parameters as
513HTTPTLSConnection (see previous section), and behaves similarly.  Depending 
514on how you call starttls(), it will do different types of authentication.
515
516  #To connect to an SMTP server once you know its fingerprint:
517  from tlslite.api import *
518  s = SMTP_TLS("----------.net")
519  s.starttls(x509Fingerprint="7e39be84a2e3a7ad071752e3001d931bf82c32dc")
520  [...]
521
522
52310 Using TLS Lite with SocketServer
524====================================
525You can use TLS Lite to implement servers using Python's SocketServer
526framework.  TLS Lite comes with a TLSSocketServerMixIn class.  You can combine
527this with a TCPServer such as HTTPServer.  To combine them, define a new class
528that inherits from both of them (with the mix-in first). Then implement the
529handshake() method, doing some sort of server handshake on the connection
530argument.  If the handshake method returns True, the RequestHandler will be
531triggered.  Below is a complete example of a threaded HTTPS server.
532
533  from SocketServer import *
534  from BaseHTTPServer import *
535  from SimpleHTTPServer import *
536  from tlslite.api import *
537
538  s = open("./serverX509Cert.pem").read()
539  x509 = X509()
540  x509.parse(s)
541  certChain = X509CertChain([x509])
542
543  s = open("./serverX509Key.pem").read()
544  privateKey = parsePEMKey(s, private=True)
545
546  sessionCache = SessionCache()
547
548  class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn, HTTPServer):
549      def handshake(self, tlsConnection):
550          try:
551              tlsConnection.handshakeServer(certChain=certChain,
552                                            privateKey=privateKey,
553                                            sessionCache=sessionCache)
554              tlsConnection.ignoreAbruptClose = True
555              return True
556          except TLSError, error:
557              print "Handshake failure:", str(error)
558              return False
559
560  httpd = MyHTTPServer(('localhost', 443), SimpleHTTPRequestHandler)
561  httpd.serve_forever()
562
563
56411 Using TLS Lite with asyncore
565================================
566TLS Lite can be used with subclasses of asyncore.dispatcher.  See the comments
567in TLSAsyncDispatcherMixIn.py for details.  This is still experimental, and
568may not work with all asyncore.dispatcher subclasses.
569
570Below is an example of combining Medusa's http_channel with
571TLSAsyncDispatcherMixIn:
572
573  class http_tls_channel(TLSAsyncDispatcherMixIn,
574                         http_server.http_channel):
575      ac_in_buffer_size = 16384
576
577      def __init__ (self, server, conn, addr):
578          http_server.http_channel.__init__(self, server, conn, addr)
579          TLSAsyncDispatcherMixIn.__init__(self, conn)
580          self.tlsConnection.ignoreAbruptClose = True
581          self.setServerHandshakeOp(certChain=certChain,
582                                    privateKey=privateKey)
583
584
58512 Using TLS Lite with Twisted
586===============================
587TLS Lite can be used with Twisted protocols.  Below is a complete example of
588using TLS Lite with a Twisted echo server.
589
590There are two server implementations below.  Echo is the original protocol,
591which is oblivious to TLS.  Echo1 subclasses Echo and negotiates TLS when the
592client connects.  Echo2 subclasses Echo and negotiates TLS when the client
593sends "STARTTLS".
594
595  from twisted.internet.protocol import Protocol, Factory
596  from twisted.internet import reactor
597  from twisted.protocols.policies import WrappingFactory
598  from twisted.protocols.basic import LineReceiver
599  from twisted.python import log
600  from twisted.python.failure import Failure
601  import sys
602  from tlslite.api import *
603
604  s = open("./serverX509Cert.pem").read()
605  x509 = X509()
606  x509.parse(s)
607  certChain = X509CertChain([x509])
608
609  s = open("./serverX509Key.pem").read()
610  privateKey = parsePEMKey(s, private=True)
611
612  verifierDB = VerifierDB("verifierDB")
613  verifierDB.open()
614
615  class Echo(LineReceiver):
616      def connectionMade(self):
617          self.transport.write("Welcome to the echo server!\r\n")
618
619      def lineReceived(self, line):
620          self.transport.write(line + "\r\n")
621
622  class Echo1(Echo):
623      def connectionMade(self):
624          if not self.transport.tlsStarted:
625              self.transport.setServerHandshakeOp(certChain=certChain,
626                                                  privateKey=privateKey,
627                                                  verifierDB=verifierDB)
628          else:
629              Echo.connectionMade(self)
630
631      def connectionLost(self, reason):
632          pass #Handle any TLS exceptions here
633
634  class Echo2(Echo):
635      def lineReceived(self, data):
636          if data == "STARTTLS":
637              self.transport.setServerHandshakeOp(certChain=certChain,
638                                                  privateKey=privateKey,
639                                                  verifierDB=verifierDB)
640          else:
641              Echo.lineReceived(self, data)
642
643      def connectionLost(self, reason):
644          pass #Handle any TLS exceptions here
645
646  factory = Factory()
647  factory.protocol = Echo1
648  #factory.protocol = Echo2
649
650  wrappingFactory = WrappingFactory(factory)
651  wrappingFactory.protocol = TLSTwistedProtocolWrapper
652
653  log.startLogging(sys.stdout)
654  reactor.listenTCP(1079, wrappingFactory)
655  reactor.run()
656
657
65813 Security Considerations
659===========================
660TLS Lite is beta-quality code.  It hasn't received much security analysis.
661Use at your own risk.
662
663
66414 History
665===========
6660.3.8 - 2/21/2005
667 - Added support for poplib, imaplib, and smtplib
668 - Added python 2.4 windows installer
669 - Fixed occassional timing problems with test suite
6700.3.7 - 10/05/2004
671 - Added support for Python 2.2
672 - Cleaned up compatibility code, and docs, a bit
6730.3.6 - 9/28/2004
674 - Fixed script installation on UNIX
675 - Give better error message on old Python versions
6760.3.5 - 9/16/2004
677 - TLS 1.1 support
678 - os.urandom() support
679 - Fixed win32prng on some systems
6800.3.4 - 9/12/2004
681 - Updated for TLS/SRP draft 8
682 - Bugfix: was setting _versioncheck on SRP 1st hello, causing problems
683   with GnuTLS (which was offering TLS 1.1)
684 - Removed _versioncheck checking, since it could cause interop problems
685 - Minor bugfix: when cryptlib_py and and cryptoIDlib present, cryptlib
686   was complaining about being initialized twice
6870.3.3 - 6/10/2004
688 - Updated for TLS/SRP draft 7
689 - Updated test cryptoID cert chains for cryptoIDlib 0.3.1
6900.3.2 - 5/21/2004
691 - fixed bug when handling multiple handshake messages per record (e.g. IIS)
6920.3.1 - 4/21/2004
693 - added xmlrpclib integration
694 - fixed hanging bug in Twisted integration
695 - fixed win32prng to work on a wider range of win32 sytems
696 - fixed import problem with cryptoIDlib
697 - fixed port allocation problem when test scripts are run on some UNIXes
698 - made tolerant of buggy IE sending wrong version in premaster secret
6990.3.0 - 3/20/2004
700 - added API docs thanks to epydoc
701 - added X.509 path validation via cryptlib
702 - much cleaning/tweaking/re-factoring/minor fixes
7030.2.7 - 3/12/2004
704 - changed Twisted error handling to use connectionLost()
705 - added ignoreAbruptClose
7060.2.6 - 3/11/2004
707 - added Twisted errorHandler
708 - added TLSAbruptCloseError
709 - added 'integration' subdirectory
7100.2.5 - 3/10/2004
711 - improved asynchronous support a bit
712 - added first-draft of Twisted support
7130.2.4 - 3/5/2004
714 - cleaned up asyncore support
715 - added proof-of-concept for Twisted
7160.2.3 - 3/4/2004
717 - added pycrypto RSA support
718 - added asyncore support
7190.2.2 - 3/1/2004
720 - added GMPY support
721 - added pycrypto support
722 - added support for PEM-encoded private keys, in pure python
7230.2.1 - 2/23/2004
724 - improved PRNG use (cryptlib, or /dev/random, or CryptoAPI)
725 - added RSA blinding, to avoid timing attacks
726 - don't install local copy of M2Crypto, too problematic
7270.2.0 - 2/19/2004
728 - changed VerifierDB to take per-user parameters
729 - renamed tls_lite -> tlslite
7300.1.9 - 2/16/2004
731 - added post-handshake 'Checker'
732 - made compatible with Python 2.2
733 - made more forgiving of abrupt closure, since everyone does it:
734   if the socket is closed while sending/recv'ing close_notify,
735   just ignore it.
7360.1.8 - 2/12/2004
737 - TLSConnections now emulate sockets, including makefile()
738 - HTTPTLSConnection and TLSMixIn simplified as a result
7390.1.7 - 2/11/2004
740 - fixed httplib.HTTPTLSConnection with multiple requests
741 - fixed SocketServer to handle close_notify
742 - changed handshakeClientNoAuth() to ignore CertificateRequests
743 - changed handshakeClient() to ignore non-resumable session arguments
7440.1.6 - 2/10/2004
745 - fixed httplib support
7460.1.5 - 2/09/2004
747 - added support for httplib and SocketServer
748 - added support for SSLv3
749 - added support for 3DES
750 - cleaned up read()/write() behavior
751 - improved HMAC speed
7520.1.4 - 2/06/2004
753 - fixed dumb bug in tls.py
7540.1.3 - 2/05/2004
755 - change read() to only return requested number of bytes
756 - added support for shared-key and in-memory databases
757 - added support for PEM-encoded X.509 certificates
758 - added support for SSLv2 ClientHello
759 - fixed shutdown/re-handshaking behavior
760 - cleaned up handling of missing_srp_username
761 - renamed readString()/writeString() -> read()/write()
762 - added documentation
7630.1.2 - 2/04/2004
764 - added clienttest/servertest functions
765 - improved OpenSSL cipher wrappers speed
766 - fixed server when it has a key, but client selects plain SRP
767 - fixed server to postpone errors until it has read client's messages
768 - fixed ServerHello to only include extension data if necessary
7690.1.1 - 2/02/2004
770 - fixed close_notify behavior
771 - fixed handling of empty application data packets
772 - fixed socket reads to not consume extra bytes
773 - added testing functions to tls.py
7740.1.0 - 2/01/2004
775 - first release
776
777
77815 References
779==============
780[0] http://www.ietf.org/html.charters/tls-charter.html
781[1] http://www.trevp.net/tls_srp/draft-ietf-tls-srp-07.html
782[2] http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt
783[3] http://www.trevp.net/cryptoID/
784[4] http://www.openssl.org/
785[5] http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
786[6] http://sandbox.rulemaker.net/ngps/m2/
787[7] http://trevp.net/cryptlibConverter/
788[8] http://www.trevp.net/cryptoID/
789[9] http://www.amk.ca/python/code/crypto.html
790[10] http://gmpy.sourceforge.net/
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816