mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
crypto/tls: support keying material export
This change implement keying material export as described in: https://tools.ietf.org/html/rfc5705 I verified the implementation against openssl s_client and openssl s_server. Change-Id: I4dcdd2fb929c63ab4e92054616beab6dae7b1c55 Signed-off-by: Mike Danese <mikedanese@google.com> Reviewed-on: https://go-review.googlesource.com/85115 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Mike Danese
Adam Langley
parent
3ecc46ed22
commit
a6e50819c2
6 changed files with 89 additions and 8 deletions
|
|
@ -162,6 +162,12 @@ type ConnectionState struct {
|
|||
SignedCertificateTimestamps [][]byte // SCTs from the server, if any
|
||||
OCSPResponse []byte // stapled OCSP response from server, if any
|
||||
|
||||
// ExportKeyMaterial returns length bytes of exported key material as
|
||||
// defined in https://tools.ietf.org/html/rfc5705. If context is nil, it is
|
||||
// not used as part of the seed. If Config.Renegotiation was set to allow
|
||||
// renegotiation, this function will always return nil, false.
|
||||
ExportKeyingMaterial func(label string, context []byte, length int) ([]byte, bool)
|
||||
|
||||
// TLSUnique contains the "tls-unique" channel binding value (see RFC
|
||||
// 5929, section 3). For resumed sessions this value will be nil
|
||||
// because resumption does not include enough context (see
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue