Welcome to FlexTLS’s documentation!¶

Features¶

Supported cryptographic protocols:
- SSLv2, SSLv3, TLS 1.0, TLS 1.1 and TLS 1.2
- DTLS 1.0 and DTLS 1.2
Decode and encode SSL/TLS/DTLS records
Handle fragmentation
- TLS - Handle fragmentation on the record layer
- DTLS - Handle fragmented handshake messages
Handle connection state

Installation¶

You can install FlexTLS with pip:

$ pip install flextls

See Introduction for more information.

Contents:

Introduction¶

Installation¶

As a Python egg¶

You can install the most recent FlexTLS version using pip

$ pip install flextls

From a tarball release¶

Download the most recent tarball from github, unpack it and run the following command on the command-line.

$ python setup.py install

Install the development version¶

Install git and run the following commands on the command-line.

$ git clone https://github.com/DinoTools/python-flextls.git
$ cd python-flextls
$ python setup.py install

Changelog¶

0.3 - 2015-03-07¶

Add support for DTLS 1.0 and DTLS 1.2
Add support to handle fragmentation on the record layer (TLS)
Add support to handle fragmented handshake messages (DTLS)
Add support to handle connection state
Add support to decode ServerKeyExchange messages
Change class names for consistent names
Add additional tests
Remove deprecated and unused code

0.2 - 2014-11-17¶

Add Registry to store global information
- Add SSL and TLS cipher suites
- Add named curves
- Add signature and hash algorithms
Add support to parse SSLv2 ClientHello and ServerHello packages
Fixes (Thanks to Till Maas)

0.1 - 2014-10-15¶

Proof of concept

Initial release.

API Documentation¶

Connection¶

The class in this python module can be used to handle SSL/TLS/DTLS connections.

class flextls.connection.BaseConnection(protocol_version)[source]¶: Base class to handle SSL/TLS/DTLS connections and its state.

class flextls.connection.BaseDTLSConnection(protocol_version)[source]¶: Base class for DTLS connections.

class flextls.connection.BaseTLSConnection(protocol_version)[source]¶: Class to handle SSL/TLS connections.

class flextls.connection.DTLSv10Connection(protocol_version)[source]¶: Class to handle DTLS 1.0 and DTLS 1.2 connections.

class flextls.connection.SSLv30Connection(protocol_version)[source]¶: Class to handle SSLv3.0, TLS 1.0, TLS 1.1 and TLS 1.2 connections.

Exceptions¶

exception flextls.exception.NotEnoughData[source]¶: Not enough data to decode the next record or field.

exception flextls.exception.WrongProtocolVersion(msg=None, record=None, protocol_version=None)[source]¶

Raised during a connection if the server/client returns a wrong protocol version.

Parameters:	msg (String) – Message record (flextls.protocol.Protocol) – The decoded record protocol_version (Integer) – Internal ID of the expected protocol version

Fields¶

class flextls.field.CertificateField(name='certificate')[source]¶

A certificate.

Parameters:	name (String) – The name of the field

class flextls.field.CertificateListField(name)[source]¶

List of certificates

Parameters:	name (String) – The name of the field

class flextls.field.CipherSuiteField(name='unnamed')[source]¶: A cipher suite

class flextls.field.CipherSuitesField(name)[source]¶

List of cipher suites.

Parameters:	name (String) – The name of the field

class flextls.field.CompressionMethodField(name='unnamed')[source]¶: Compression method

class flextls.field.CompressionMethodsField(name)[source]¶

List of compression methods

Parameters:	name (String) – The name of the field

class flextls.field.ECParametersNamedCurveField(name)[source]¶: RFC4492 ECC Cipher Suites for TLS

class flextls.field.ECPointField(name)[source]¶: RFC4492 ECC Cipher Suites for TLS

class flextls.field.EnumField(name, default, enums, fmt='H')[source]¶

The field should only use the defined values.

Parameters:	name (String) – The name of the field default (Mixed) – A value defined in the enums list enums (Dict) – List of possible values. fmt (String) – The format string

get_value_name(pretty=False)[source]¶

Get the name of the value

Parameters:	pretty (Boolean) – Return the name in a pretty format
Returns:	The name
Return type:	String

set_value(value, force=False)[source]¶

Set the value.

Parameters:	value (String\|Integer) – The value to set. Must be in the enum list. force (Boolean) – Set the value without checking it
Raises:	ValueError – If value name given but it isn’t available TypeError – If value is not String or Integer

value¶

Return the field value.

Returns:	The value of the field
Return type:	Mixed

class flextls.field.ExtensionsField(name)[source]¶

List of extensions

Parameters:	name (String) – The name of the field

class flextls.field.Field(name, default, fmt='H')[source]¶

Base class for all fields. Used to extract additional information.

Parameters:	name (String) – Name of the field default (Mixed) – Default field value fmt (String) – Format string used to decode the data

assemble()[source]¶

Assemble the field by using the given value.

Returns:	The assembled data
Return type:	bytes

dissect(data)[source]¶

Dissect the field.

Parameters:	data (bytes) – The data to extract the field value from
Returns:	The rest of the data not used to dissect the field value
Return type:	bytes

get_value()[source]¶

Return the field value.

Returns:	The value of the field
Return type:	Mixed

set_value(value)[source]¶

Set the value of the field

Parameters:	value (Mixed) – The value

value¶

Return the field value.

Returns:	The value of the field
Return type:	Mixed

class flextls.field.HostNameField(name)[source]¶: The hostname.

class flextls.field.MultiPartField(name, fields=[])[source]¶

A field consisting of more than one value.

Parameters:	name (String) – The name of the field fields – List of sub fields

class flextls.field.RandomField(name)[source]¶: Random data.

class flextls.field.SSLv2CipherSuiteField(name='unnamed')[source]¶: A cipher suite for SSLv2

class flextls.field.ServerDHParamsField(name)[source]¶: RFC5246 Section 7.4.3. Server Key Exchange Message

class flextls.field.ServerECDHParamsField(name)[source]¶: RFC4492 ECC Cipher Suites for TLS

class flextls.field.ServerNameField(name='test', **kwargs)[source]¶: The server name

class flextls.field.ServerNameListField(name)[source]¶

List of server names

Parameters:	name (String) – The name of the field

class flextls.field.SignatureAndHashAlgorithmField(name)[source]¶: Representing a signature and hash algorithm

class flextls.field.UInt16EnumField(name, default, enums)[source]¶

The field should only use the defined values. The value must be an 16-Bit unsigned integer.

Parameters:	name (String) – The name of the field default (Mixed) – A value defined in the enums list enums (Dict) – List of possible values.

class flextls.field.UInt16Field(name, default)[source]¶: Field representing an 16-bit unsigned integer value(range: 0 through 65535 decimal).

class flextls.field.UInt24Field(name, default)[source]¶: Field representing an 16-bit unsigned integer value.

class flextls.field.UInt48Field(name, default)[source]¶: Field representing an 48-bit unsigned integer value.

class flextls.field.UInt8EnumField(name, default, enums)[source]¶

The field should only use the defined values. The value must be an 8-Bit unsigned integer.

Parameters:	name (String) – The name of the field default (Mixed) – A value defined in the enums list enums (Dict) – List of possible values.

class flextls.field.UInt8Field(name, default)[source]¶: Field representing an 8-bit unsigned integer value(range: 0 through 255 decimal).

class flextls.field.VectorBaseField(name, default='', fmt='H', connection=None)[source]¶

A vector as defined by the RFC is a single dimensioned array.

Parameters:	name (String) – The name of the field default (Bytes) – Default value of the field fmt (String) – The format string of the length identifier

class flextls.field.VectorInt24Field(name)[source]¶

A vector as defined by the RFC is a single dimensioned array. The length identifier of this vector is a 24-bit unsigned integer.

Parameters:	name (String) – The name of the field fmt (String) – The format string of the length identifier

class flextls.field.VectorListBaseField(name, item_class=None, item_class_args=None, fmt='H')[source]¶

A vector as defined by the RFC is a single dimensioned array.

Parameters:	name (String) – The name of the field item_class (flextls.field.Field) – item_class_args (List) – fmt (String) – The format string

class flextls.field.VectorListInt24Field(name, item_class=None, item_class_args=None)[source]¶

A vector as defined by the RFC is a single dimensioned array. The length identifier of this vector is a 24-bit unsigned integer.

Parameters:	name (String) – The name of the field item_class (flextls.field.Field) – item_class_args (List) – fmt (String) – The format string of the length identifier

class flextls.field.VectorListUInt16Field(name, item_class=None, item_class_args=None)[source]¶

A vector as defined by the RFC is a single dimensioned array. The length identifier of this vector is a 16-bit unsigned integer.

Parameters:	name (String) – The name of the field item_class (flextls.field.Field) – item_class_args (List) – fmt (String) – The format string of the length identifier

class flextls.field.VectorListUInt8Field(name, item_class=None, item_class_args=None)[source]¶

A vector as defined by the RFC is a single dimensioned array. The length identifier of this vector is a 8-bit unsigned integer.

Parameters:	name (String) – The name of the field item_class (flextls.field.Field) – item_class_args (List) – fmt (String) – The format string of the length identifier

class flextls.field.VectorUInt16Field(name)[source]¶

A vector as defined by the RFC is a single dimensioned array. The length identifier of this vector is a 16-bit unsigned integer.

Parameters:	name (String) – The name of the field fmt (String) – The format string of the length identifier

class flextls.field.VectorUInt8Field(name)[source]¶

A vector as defined by the RFC is a single dimensioned array. The length identifier of this vector is a 8-bit unsigned integer.

Parameters:	name (String) – The name of the field fmt (String) – The format string of the length identifier

class flextls.field.VersionField(name)[source]¶

The protocol version field.

Parameters:	name (String) – Name of the field

Helpers¶

flextls.helper.get_version_by_version_id(version_id)[source]¶

Get the internal version ID be the version.

Parameters:	version_id (Tuple) – Major and minor version number
Returns:	Internal version ID
Return type:	Integer\|None

flextls.helper.get_version_id(protocol_version)[source]¶

Get a tuple with major and minor version number

Parameters:	protocol_version (Integer) – Internal version ID
Returns:	Tuple of major and minor protocol version
Return type:	Tuple

flextls.helper.get_version_name(version_id)[source]¶

Get the name of a protocol version by the internal version ID.

Parameters:	version_id (Integer) – Internal protocol version ID
Returns:	Name of the version
Return type:	String

Protocol¶

The SSL/TLS Protocol

class flextls.protocol.Protocol(connection=None)[source]¶: Base Class to decode protocols.

Alert¶

class flextls.protocol.alert.Alert(**kwargs)[source]¶

Handle Alert protocol

RFC5246 (Section 7.2)

Change Cipher Spec¶

class flextls.protocol.change_cipher_spec.ChangeCipherSpec(**kwargs)[source]¶: Handle Change Cipher Spec Protocol

Handshake¶

The SSL/TLS Handshake Protocol

class flextls.protocol.handshake.ClientHello(**kwargs)[source]¶: Handle SSLv3 and TLS 1.0, 1.1 and 1.2 Client Hello messages

class flextls.protocol.handshake.ClientKeyExchange(**kwargs)[source]¶: Handle SSLv3 and TLS 1.0, 1.1 and 1.2 and DLTS 1.0 and 1.2 Client Key Exchange messages

class flextls.protocol.handshake.DTLSv10ClientHello(**kwargs)[source]¶: Handle DTLS 1.0 and 1.2 Client Hello messages

class flextls.protocol.handshake.DTLSv10Handshake(**kwargs)[source]¶: Handle DTLS 1.0 and 1.2 Handshake protocol

class flextls.protocol.handshake.DTLSv10HelloVerifyRequest(**kwargs)[source]¶: Handle DTLS 1.0 and 1.2 Hello Verify Request messages

class flextls.protocol.handshake.Handshake(**kwargs)[source]¶: Handle SSLv3 and TLS 1.0, 1.1 and 1.2 Handshake protocol

class flextls.protocol.handshake.SSLv2ClientHello(**kwargs)[source]¶: Handle SSLv2 Client Hello messages

class flextls.protocol.handshake.SSLv2ServerHello(**kwargs)[source]¶: Handle SSLv2 Server Hello messages

class flextls.protocol.handshake.ServerCertificate(**kwargs)[source]¶: Handle SSLv3 and TLS 1.0, 1.1 and 1.2 and DLTS 1.0 and 1.2 Server Certificate messages

class flextls.protocol.handshake.ServerHello(**kwargs)[source]¶: Handle SSLv3 and TLS 1.0, 1.1 and 1.2 Server Hello messages

class flextls.protocol.handshake.ServerHelloDone(**kwargs)[source]¶: Handle SSLv3 and TLS 1.0, 1.1 and 1.2 and DLTS 1.0 and 1.2 Server Hello Done messages

class flextls.protocol.handshake.ServerKeyExchange(**kwargs)[source]¶: Handle SSLv3 and TLS 1.0, 1.1 and 1.2 and DLTS 1.0 and 1.2 Server Key Exchange messages

class flextls.protocol.handshake.extension.EcPointFormats(**kwargs)[source]¶: Handle Elliptic Curves Point Format extension

class flextls.protocol.handshake.extension.EllipticCurves(**kwargs)[source]¶: Handle Elliptic Curves extension

class flextls.protocol.handshake.extension.Extension(**kwargs)[source]¶: Handle TLS and DTLS Extensions

class flextls.protocol.handshake.extension.Heartbeat(**kwargs)[source]¶: Handle Heartbeat extension

class flextls.protocol.handshake.extension.ServerNameIndication(**kwargs)[source]¶

Handle Server Name Indication extension

RFC6066 (Section 3)

class flextls.protocol.handshake.extension.SessionTicketTLS(**kwargs)[source]¶: Handle Session Ticket extension

class flextls.protocol.handshake.extension.SignatureAlgorithms(**kwargs)[source]¶: Handle Signature Algorithm extension

Heartbeat¶

class flextls.protocol.heartbeat.Heartbeat(**kwargs)[source]¶

Handle Heartbeat Request and Response Messages

RFC6520

Record¶

The SSL/TLS Record Protocol

class flextls.protocol.record.DTLSv10Record(**kwargs)[source]¶: Handle DTLS 1.0 and DTLS 1.2 Record layer.

class flextls.protocol.record.SSLv2Record(**kwargs)[source]¶: Handle the SSLv2 Record layer.

class flextls.protocol.record.SSLv3Record(**kwargs)[source]¶: Handle the SSLv3 and TLS 1.0, 1.1 and 1.2 Record layer

Welcome to FlexTLS’s documentation!¶

Features¶

Installation¶

Introduction¶

Installation¶

As a Python egg¶

From a tarball release¶

Install the development version¶

Changelog¶

0.3 - 2015-03-07¶

0.2 - 2014-11-17¶

0.1 - 2014-10-15¶

API Documentation¶

Connection¶

Exceptions¶

Fields¶

Helpers¶

Protocol¶

Alert¶

Change Cipher Spec¶

Handshake¶

Heartbeat¶

Record¶

Indices and tables¶