Set Token-Binding HTTP header

third_party/tlslite/tlslite/session.py

 # Authors: 
 #   Trevor Perrin
 #   Dave Baggett (Arcode Corporation) - canonicalCipherName
 #
 # See the LICENSE file for legal information regarding use of this file.
 
 """Class representing a TLS session."""
 
 from .utils.compat import *
 from .mathtls import *
@@ skipping 33 matching lines @@
     @ivar tackInHelloExt: True if a TACK was presented via TLS Extension.
     """
 
     def __init__(self):
         self.masterSecret = bytearray(0)
         self.sessionID = bytearray(0)
         self.cipherSuite = 0
         self.srpUsername = ""
         self.clientCertChain = None
         self.serverCertChain = None
+        self.clientRandom = b""
+        self.serverRandom = b""
         self.tackExt = None
         self.tackInHelloExt = False
         self.serverName = ""
         self.resumable = False
 
     def create(self, masterSecret, sessionID, cipherSuite,
-            srpUsername, clientCertChain, serverCertChain, 
-            tackExt, tackInHelloExt, serverName, resumable=True):
+            srpUsername, clientCertChain, serverCertChain, clientRandom,
+            serverRandom, tackExt, tackInHelloExt, serverName, resumable=True):
         self.masterSecret = masterSecret
         self.sessionID = sessionID
         self.cipherSuite = cipherSuite
         self.srpUsername = srpUsername
         self.clientCertChain = clientCertChain
         self.serverCertChain = serverCertChain
+        self.clientRandom = clientRandom
+        self.serverRandom = serverRandom

[davidben, 2015/11/18 20:49:01]

I don't think storing the client/server random on the Session is quite right. If
you resume a session, you will have different randoms on the connection, but the
same session.

[nharper, 2015/12/04 01:42:20]

Moved to the TLSConnection class. The clientRandom and serverRandom member
variables are the only member variables of that class (everything else is in the
parent class TLSRecordLayer).

         self.tackExt = tackExt
         self.tackInHelloExt = tackInHelloExt  
         self.serverName = serverName
         self.resumable = resumable
 
     def _clone(self):
         other = Session()
         other.masterSecret = self.masterSecret
         other.sessionID = self.sessionID
         other.cipherSuite = self.cipherSuite
         other.srpUsername = self.srpUsername
         other.clientCertChain = self.clientCertChain
         other.serverCertChain = self.serverCertChain
+        other.clientRandom = self.clientRandom
+        other.serverRandom = self.serverRandom
         other.tackExt = self.tackExt
         other.tackInHelloExt = self.tackInHelloExt
         other.serverName = self.serverName
         other.resumable = self.resumable
         return other
 
     def valid(self):
         """If this session can be used for session resumption.
 
         @rtype: bool
@@ skipping 26 matching lines @@
         """
         return CipherSuite.canonicalCipherName(self.cipherSuite)
         
     def getMacName(self):
         """Get the name of the HMAC hash algo used with this connection.
 
         @rtype: str
         @return: The name of the HMAC hash algo used with this connection.
         """
         return CipherSuite.canonicalMacName(self.cipherSuite)
+
+    def exportKeyingMaterial(self, version, label, context, use_context, length):
+        """Returns the exported keying material as defined in RFC 5705."""

[davidben, 2015/11/18 20:49:01]

Ditto. The client and server random used in the exporter are different on
session resumption. This probably wants to be a method on the connection.

[nharper, 2015/12/04 01:42:20]

Done.

+
+        seed = self.clientRandom + self.serverRandom
+        if use_context:
+            if len(context) > 65535:
+                raise ValueError("Context is too long")
+            seed += bytearray(2)
+            seed[len(seed) - 2] = len(context) >> 8
+            seed[len(seed) - 1] = len(context) & 0xFF
+            seed += context
+        if version in ((3,1), (3,2)):
+            return PRF(self.masterSecret, label, seed, length)
+        elif version == (3,3):
+            return PRF_1_2(self.masterSecret, label, seed, length)
+        else:
+            raise AssertionError()