OLD | NEW |
(Empty) | |
| 1 diff --git a/third_party/tlslite/tlslite/session.py b/third_party/tlslite/tlslit
e/session.py |
| 2 index 6aadf58..82f0910 100644 |
| 3 --- a/third_party/tlslite/tlslite/session.py |
| 4 +++ b/third_party/tlslite/tlslite/session.py |
| 5 @@ -51,20 +51,24 @@ class Session(object): |
| 6 self.srpUsername = "" |
| 7 self.clientCertChain = None |
| 8 self.serverCertChain = None |
| 9 + self.clientRandom = b"" |
| 10 + self.serverRandom = b"" |
| 11 self.tackExt = None |
| 12 self.tackInHelloExt = False |
| 13 self.serverName = "" |
| 14 self.resumable = False |
| 15 |
| 16 def create(self, masterSecret, sessionID, cipherSuite, |
| 17 - srpUsername, clientCertChain, serverCertChain, |
| 18 - tackExt, tackInHelloExt, serverName, resumable=True): |
| 19 + srpUsername, clientCertChain, serverCertChain, clientRandom, |
| 20 + serverRandom, tackExt, tackInHelloExt, serverName, resumable=True): |
| 21 self.masterSecret = masterSecret |
| 22 self.sessionID = sessionID |
| 23 self.cipherSuite = cipherSuite |
| 24 self.srpUsername = srpUsername |
| 25 self.clientCertChain = clientCertChain |
| 26 self.serverCertChain = serverCertChain |
| 27 + self.clientRandom = clientRandom |
| 28 + self.serverRandom = serverRandom |
| 29 self.tackExt = tackExt |
| 30 self.tackInHelloExt = tackInHelloExt |
| 31 self.serverName = serverName |
| 32 @@ -78,6 +82,8 @@ class Session(object): |
| 33 other.srpUsername = self.srpUsername |
| 34 other.clientCertChain = self.clientCertChain |
| 35 other.serverCertChain = self.serverCertChain |
| 36 + other.clientRandom = self.clientRandom |
| 37 + other.serverRandom = self.serverRandom |
| 38 other.tackExt = self.tackExt |
| 39 other.tackInHelloExt = self.tackInHelloExt |
| 40 other.serverName = self.serverName |
| 41 @@ -124,3 +130,21 @@ class Session(object): |
| 42 @return: The name of the HMAC hash algo used with this connection. |
| 43 """ |
| 44 return CipherSuite.canonicalMacName(self.cipherSuite) |
| 45 + |
| 46 + def exportKeyingMaterial(self, version, label, context, use_context, length
): |
| 47 + """Returns the exported keying material as defined in RFC 5705.""" |
| 48 + |
| 49 + seed = self.clientRandom + self.serverRandom |
| 50 + if use_context: |
| 51 + if len(context) > 65535: |
| 52 + raise ValueError("Context is too long") |
| 53 + seed += bytearray(2) |
| 54 + seed[len(seed) - 2] = len(context) >> 8 |
| 55 + seed[len(seed) - 1] = len(context) & 0xFF |
| 56 + seed += context |
| 57 + if version in ((3,1), (3,2)): |
| 58 + return PRF(self.masterSecret, label, seed, length) |
| 59 + elif version == (3,3): |
| 60 + return PRF_1_2(self.masterSecret, label, seed, length) |
| 61 + else: |
| 62 + raise AssertionError() |
| 63 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
| 64 index 7363a30..6a53282 100644 |
| 65 --- a/third_party/tlslite/tlslite/tlsconnection.py |
| 66 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| 67 @@ -609,8 +609,8 @@ class TLSConnection(TLSRecordLayer): |
| 68 # Create the session object which is used for resumptions |
| 69 self.session = Session() |
| 70 self.session.create(masterSecret, serverHello.session_id, cipherSuite, |
| 71 - srpUsername, clientCertChain, serverCertChain, |
| 72 - tackExt, serverHello.tackExt!=None, serverName) |
| 73 + srpUsername, clientCertChain, serverCertChain, clientHello.random, |
| 74 + serverHello.random, tackExt, serverHello.tackExt!=None, serverName) |
| 75 self._handshakeDone(resumed=False) |
| 76 |
| 77 |
| 78 @@ -1411,8 +1411,8 @@ class TLSConnection(TLSRecordLayer): |
| 79 if clientHello.server_name: |
| 80 serverName = clientHello.server_name.decode("utf-8") |
| 81 self.session.create(masterSecret, serverHello.session_id, cipherSuite, |
| 82 - srpUsername, clientCertChain, serverCertChain, |
| 83 - tackExt, serverHello.tackExt!=None, serverName) |
| 84 + srpUsername, clientCertChain, serverCertChain, clientHello.random, |
| 85 + serverHello.random, tackExt, serverHello.tackExt!=None, serverName) |
| 86 |
| 87 #Add the session object to the session cache |
| 88 if sessionCache and sessionID: |
OLD | NEW |