Index: third_party/tlslite/patches/exported_keying_material.patch |
diff --git a/third_party/tlslite/patches/exported_keying_material.patch b/third_party/tlslite/patches/exported_keying_material.patch |
new file mode 100644 |
index 0000000000000000000000000000000000000000..9d4ed9c60014b1f0b5182a99b60574a43a000046 |
--- /dev/null |
+++ b/third_party/tlslite/patches/exported_keying_material.patch |
@@ -0,0 +1,56 @@ |
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
+index 7363a30..e42b362 100644 |
+--- a/third_party/tlslite/tlslite/tlsconnection.py |
++++ b/third_party/tlslite/tlslite/tlsconnection.py |
+@@ -181,6 +181,8 @@ class TLSConnection(TLSRecordLayer): |
+ @type sock: L{socket.socket} |
+ """ |
+ TLSRecordLayer.__init__(self, sock) |
++ self.clientRandom = b"" |
++ self.serverRandom = b"" |
+ |
+ #********************************************************* |
+ # Client Handshake Functions |
+@@ -606,6 +608,9 @@ class TLSConnection(TLSRecordLayer): |
+ else: break |
+ masterSecret = result |
+ |
++ self.clientRandom = clientHello.random |
++ self.serverRandom = serverHello.random |
++ |
+ # Create the session object which is used for resumptions |
+ self.session = Session() |
+ self.session.create(masterSecret, serverHello.session_id, cipherSuite, |
+@@ -1398,6 +1403,9 @@ class TLSConnection(TLSRecordLayer): |
+ else: break |
+ masterSecret = result |
+ |
++ self.clientRandom = clientHello.random |
++ self.serverRandom = serverHello.random |
++ |
+ #Create the session object |
+ self.session = Session() |
+ if cipherSuite in CipherSuite.certAllSuites: |
+@@ -2013,3 +2025,22 @@ class TLSConnection(TLSRecordLayer): |
+ except: |
+ self._shutdown(False) |
+ raise |
++ |
++ |
++ def exportKeyingMaterial(self, label, context, use_context, length): |
++ """Returns the exported keying material as defined in RFC 5705.""" |
++ |
++ seed = self.clientRandom + self.serverRandom |
++ if use_context: |
++ if len(context) > 65535: |
++ raise ValueError("Context is too long") |
++ seed += bytearray(2) |
++ seed[len(seed) - 2] = len(context) >> 8 |
++ seed[len(seed) - 1] = len(context) & 0xFF |
++ seed += context |
++ if self.version in ((3,1), (3,2)): |
++ return PRF(self.session.masterSecret, label, seed, length) |
++ elif self.version == (3,3): |
++ return PRF_1_2(self.session.masterSecret, label, seed, length) |
++ else: |
++ raise AssertionError() |