Index: third_party/tlslite/tlslite/session.py |
diff --git a/third_party/tlslite/tlslite/session.py b/third_party/tlslite/tlslite/session.py |
index 6aadf58e0541ecfb87d71c838d110bdb504f14b6..82f091079f3804a7740c183c3a51d9feb14df5a8 100644 |
--- a/third_party/tlslite/tlslite/session.py |
+++ b/third_party/tlslite/tlslite/session.py |
@@ -51,20 +51,24 @@ class Session(object): |
self.srpUsername = "" |
self.clientCertChain = None |
self.serverCertChain = None |
+ self.clientRandom = b"" |
+ self.serverRandom = b"" |
self.tackExt = None |
self.tackInHelloExt = False |
self.serverName = "" |
self.resumable = False |
def create(self, masterSecret, sessionID, cipherSuite, |
- srpUsername, clientCertChain, serverCertChain, |
- tackExt, tackInHelloExt, serverName, resumable=True): |
+ srpUsername, clientCertChain, serverCertChain, clientRandom, |
+ serverRandom, tackExt, tackInHelloExt, serverName, resumable=True): |
self.masterSecret = masterSecret |
self.sessionID = sessionID |
self.cipherSuite = cipherSuite |
self.srpUsername = srpUsername |
self.clientCertChain = clientCertChain |
self.serverCertChain = serverCertChain |
+ self.clientRandom = clientRandom |
+ self.serverRandom = serverRandom |
davidben
2015/11/18 20:49:01
I don't think storing the client/server random on
nharper
2015/12/04 01:42:20
Moved to the TLSConnection class. The clientRandom
|
self.tackExt = tackExt |
self.tackInHelloExt = tackInHelloExt |
self.serverName = serverName |
@@ -78,6 +82,8 @@ class Session(object): |
other.srpUsername = self.srpUsername |
other.clientCertChain = self.clientCertChain |
other.serverCertChain = self.serverCertChain |
+ other.clientRandom = self.clientRandom |
+ other.serverRandom = self.serverRandom |
other.tackExt = self.tackExt |
other.tackInHelloExt = self.tackInHelloExt |
other.serverName = self.serverName |
@@ -124,3 +130,21 @@ class Session(object): |
@return: The name of the HMAC hash algo used with this connection. |
""" |
return CipherSuite.canonicalMacName(self.cipherSuite) |
+ |
+ def exportKeyingMaterial(self, version, label, context, use_context, length): |
+ """Returns the exported keying material as defined in RFC 5705.""" |
davidben
2015/11/18 20:49:01
Ditto. The client and server random used in the ex
nharper
2015/12/04 01:42:20
Done.
|
+ |
+ seed = self.clientRandom + self.serverRandom |
+ if use_context: |
+ if len(context) > 65535: |
+ raise ValueError("Context is too long") |
+ seed += bytearray(2) |
+ seed[len(seed) - 2] = len(context) >> 8 |
+ seed[len(seed) - 1] = len(context) & 0xFF |
+ seed += context |
+ if version in ((3,1), (3,2)): |
+ return PRF(self.masterSecret, label, seed, length) |
+ elif version == (3,3): |
+ return PRF_1_2(self.masterSecret, label, seed, length) |
+ else: |
+ raise AssertionError() |