Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(184)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/tlslite/tlslite/session.py

Issue 1378613004: Set Token-Binding HTTP header (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@tb-tls-ext-new
Patch Set: Add UMA logging of Token Binding support and NetLog event for Token Binding key lookup Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/ssl/token_binding_openssl.cc ('K') | « third_party/tlslite/patches/token_binding_resumption.patch ('k') | third_party/tlslite/tlslite/tlsconnection.py » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/tlslite/tlslite/session.py
diff --git a/third_party/tlslite/tlslite/session.py b/third_party/tlslite/tlslite/session.py
index 6aadf58e0541ecfb87d71c838d110bdb504f14b6..82f091079f3804a7740c183c3a51d9feb14df5a8 100644
--- a/third_party/tlslite/tlslite/session.py
+++ b/third_party/tlslite/tlslite/session.py
@@ -51,20 +51,24 @@ class Session(object):
self.srpUsername = ""
self.clientCertChain = None
self.serverCertChain = None
+ self.clientRandom = b""
+ self.serverRandom = b""
self.tackExt = None
self.tackInHelloExt = False
self.serverName = ""
self.resumable = False
def create(self, masterSecret, sessionID, cipherSuite,
- srpUsername, clientCertChain, serverCertChain,
- tackExt, tackInHelloExt, serverName, resumable=True):
+ srpUsername, clientCertChain, serverCertChain, clientRandom,
+ serverRandom, tackExt, tackInHelloExt, serverName, resumable=True):
self.masterSecret = masterSecret
self.sessionID = sessionID
self.cipherSuite = cipherSuite
self.srpUsername = srpUsername
self.clientCertChain = clientCertChain
self.serverCertChain = serverCertChain
+ self.clientRandom = clientRandom
+ self.serverRandom = serverRandom
davidben 2015/11/18 20:49:01 I don't think storing the client/server random on
nharper 2015/12/04 01:42:20 Moved to the TLSConnection class. The clientRandom
self.tackExt = tackExt
self.tackInHelloExt = tackInHelloExt
self.serverName = serverName
@@ -78,6 +82,8 @@ class Session(object):
other.srpUsername = self.srpUsername
other.clientCertChain = self.clientCertChain
other.serverCertChain = self.serverCertChain
+ other.clientRandom = self.clientRandom
+ other.serverRandom = self.serverRandom
other.tackExt = self.tackExt
other.tackInHelloExt = self.tackInHelloExt
other.serverName = self.serverName
@@ -124,3 +130,21 @@ class Session(object):
@return: The name of the HMAC hash algo used with this connection.
"""
return CipherSuite.canonicalMacName(self.cipherSuite)
+
+ def exportKeyingMaterial(self, version, label, context, use_context, length):
+ """Returns the exported keying material as defined in RFC 5705."""
davidben 2015/11/18 20:49:01 Ditto. The client and server random used in the ex
nharper 2015/12/04 01:42:20 Done.
+
+ seed = self.clientRandom + self.serverRandom
+ if use_context:
+ if len(context) > 65535:
+ raise ValueError("Context is too long")
+ seed += bytearray(2)
+ seed[len(seed) - 2] = len(context) >> 8
+ seed[len(seed) - 1] = len(context) & 0xFF
+ seed += context
+ if version in ((3,1), (3,2)):
+ return PRF(self.masterSecret, label, seed, length)
+ elif version == (3,3):
+ return PRF_1_2(self.masterSecret, label, seed, length)
+ else:
+ raise AssertionError()
« net/ssl/token_binding_openssl.cc ('K') | « third_party/tlslite/patches/token_binding_resumption.patch ('k') | third_party/tlslite/tlslite/tlsconnection.py » ('j') | tools/metrics/histograms/histograms.xml » ('J')

Powered by Google App Engine
This is Rietveld 408576698