Implement referred Token Bindings

As described in https://tools.ietf.org/html/draft-ietf-tokbind-https-02: when
a server sends the 'Include-Referer-Token-Binding-ID' header on a redirect
response, the client will include the TokenBindingID from the referrer in its
request to the new location in the redirect. If either connection does not
have Token Binding enabled, then this has no effect.

BUG=467312

Review URL: https://codereview.chromium.org/1781003003

Cr-Original-Commit-Position: refs/heads/master@{#384134}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: d6e658265a6a3baa7cd7befecb24b12acb181047
diff --git a/README.chromium b/README.chromium
index 10867b8..69b0383 100644
--- a/README.chromium
+++ b/README.chromium
@@ -50,3 +50,5 @@
 - patches/token_binding_resumption.patch: Fix token binding negotiation
   extension to work on session resumption.
 - patches/extension_number_update.patch: Update TLS extension numbers.
+- patches/save_randoms.patch: Save client and server randoms when resuming
+  sessions.
diff --git a/patches/save_randoms.patch b/patches/save_randoms.patch
new file mode 100644
index 0000000..ceb4697
--- /dev/null
+++ b/patches/save_randoms.patch
@@ -0,0 +1,13 @@
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
+index e42b362..41aab85 100644
+--- a/third_party/tlslite/tlslite/tlsconnection.py
++++ b/third_party/tlslite/tlslite/tlsconnection.py
+@@ -1570,6 +1570,8 @@ class TLSConnection(TLSRecordLayer):
+                 #Set the session
+                 self.session = session
+                     
++                self.clientRandom = clientHello.random
++                self.serverRandom = serverHello.random
+                 yield None # Handshake done!
+ 
+         #Calculate the first cipher suite intersection.
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
index e42b362..41aab85 100644
--- a/tlslite/tlsconnection.py
+++ b/tlslite/tlsconnection.py
@@ -1570,6 +1570,8 @@
                 #Set the session
                 self.session = session
                     
+                self.clientRandom = clientHello.random
+                self.serverRandom = serverHello.random
                 yield None # Handshake done!
 
         #Calculate the first cipher suite intersection.