Set Token-Binding HTTP header

third_party/tlslite/patches/exported_keying_material.patch

Index: third_party/tlslite/patches/exported_keying_material.patch
diff --git a/third_party/tlslite/patches/exported_keying_material.patch b/third_party/tlslite/patches/exported_keying_material.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9d4ed9c60014b1f0b5182a99b60574a43a000046
--- /dev/null
+++ b/third_party/tlslite/patches/exported_keying_material.patch
@@ -0,0 +1,56 @@
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
+index 7363a30..e42b362 100644
+--- a/third_party/tlslite/tlslite/tlsconnection.py
++++ b/third_party/tlslite/tlslite/tlsconnection.py
+@@ -181,6 +181,8 @@ class TLSConnection(TLSRecordLayer):
+         @type sock: L{socket.socket}
+         """
+         TLSRecordLayer.__init__(self, sock)
++        self.clientRandom = b""
++        self.serverRandom = b""
+ 
+     #*********************************************************
+     # Client Handshake Functions
+@@ -606,6 +608,9 @@ class TLSConnection(TLSRecordLayer):
+                 else: break
+         masterSecret = result
+         
++        self.clientRandom = clientHello.random
++        self.serverRandom = serverHello.random
++
+         # Create the session object which is used for resumptions
+         self.session = Session()
+         self.session.create(masterSecret, serverHello.session_id, cipherSuite,
+@@ -1398,6 +1403,9 @@ class TLSConnection(TLSRecordLayer):
+                 else: break
+         masterSecret = result
+ 
++        self.clientRandom = clientHello.random
++        self.serverRandom = serverHello.random
++
+         #Create the session object
+         self.session = Session()
+         if cipherSuite in CipherSuite.certAllSuites:        
+@@ -2013,3 +2025,22 @@ class TLSConnection(TLSRecordLayer):
+             except:
+                 self._shutdown(False)
+                 raise
++
++
++    def exportKeyingMaterial(self, label, context, use_context, length):
++        """Returns the exported keying material as defined in RFC 5705."""
++
++        seed = self.clientRandom + self.serverRandom
++        if use_context:
++            if len(context) > 65535:
++                raise ValueError("Context is too long")
++            seed += bytearray(2)
++            seed[len(seed) - 2] = len(context) >> 8
++            seed[len(seed) - 1] = len(context) & 0xFF
++            seed += context
++        if self.version in ((3,1), (3,2)):
++            return PRF(self.session.masterSecret, label, seed, length)
++        elif self.version == (3,3):
++            return PRF_1_2(self.session.masterSecret, label, seed, length)
++        else:
++            raise AssertionError()