| diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
| index 7363a30..e42b362 100644 |
| --- a/third_party/tlslite/tlslite/tlsconnection.py |
| +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| @@ -181,6 +181,8 @@ class TLSConnection(TLSRecordLayer): |
| @type sock: L{socket.socket} |
| """ |
| TLSRecordLayer.__init__(self, sock) |
| + self.clientRandom = b"" |
| + self.serverRandom = b"" |
| |
| #********************************************************* |
| # Client Handshake Functions |
| @@ -606,6 +608,9 @@ class TLSConnection(TLSRecordLayer): |
| else: break |
| masterSecret = result |
| |
| + self.clientRandom = clientHello.random |
| + self.serverRandom = serverHello.random |
| + |
| # Create the session object which is used for resumptions |
| self.session = Session() |
| self.session.create(masterSecret, serverHello.session_id, cipherSuite, |
| @@ -1398,6 +1403,9 @@ class TLSConnection(TLSRecordLayer): |
| else: break |
| masterSecret = result |
| |
| + self.clientRandom = clientHello.random |
| + self.serverRandom = serverHello.random |
| + |
| #Create the session object |
| self.session = Session() |
| if cipherSuite in CipherSuite.certAllSuites: |
| @@ -2013,3 +2025,22 @@ class TLSConnection(TLSRecordLayer): |
| except: |
| self._shutdown(False) |
| raise |
| + |
| + |
| + def exportKeyingMaterial(self, label, context, use_context, length): |
| + """Returns the exported keying material as defined in RFC 5705.""" |
| + |
| + seed = self.clientRandom + self.serverRandom |
| + if use_context: |
| + if len(context) > 65535: |
| + raise ValueError("Context is too long") |
| + seed += bytearray(2) |
| + seed[len(seed) - 2] = len(context) >> 8 |
| + seed[len(seed) - 1] = len(context) & 0xFF |
| + seed += context |
| + if self.version in ((3,1), (3,2)): |
| + return PRF(self.session.masterSecret, label, seed, length) |
| + elif self.version == (3,3): |
| + return PRF_1_2(self.session.masterSecret, label, seed, length) |
| + else: |
| + raise AssertionError() |