Export keying material support (#725)
* added method to export keying material from an ssl connection
* updated tests to use bytestrings to avoid breaking python3 tests
* added additional comments to test
* simplify export_keying_material
* add changelog
* address review feedback
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 76d8c4d..03dd935 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -3379,6 +3379,28 @@
assert server_conn.client_random() != server_conn.server_random()
assert client_conn.client_random() != client_conn.server_random()
+ # Export key material for other uses.
+ cekm = client_conn.export_keying_material(b'LABEL', 32)
+ sekm = server_conn.export_keying_material(b'LABEL', 32)
+ assert cekm is not None
+ assert sekm is not None
+ assert cekm == sekm
+ assert len(sekm) == 32
+
+ # Export key material for other uses with additional context.
+ cekmc = client_conn.export_keying_material(b'LABEL', 32, b'CONTEXT')
+ sekmc = server_conn.export_keying_material(b'LABEL', 32, b'CONTEXT')
+ assert cekmc is not None
+ assert sekmc is not None
+ assert cekmc == sekmc
+ assert cekmc != cekm
+ assert sekmc != sekm
+ # Export with alternate label
+ cekmt = client_conn.export_keying_material(b'test', 32, b'CONTEXT')
+ sekmt = server_conn.export_keying_material(b'test', 32, b'CONTEXT')
+ assert cekmc != cekmt
+ assert sekmc != sekmt
+
# Here are the bytes we'll try to send.
important_message = b'One if by land, two if by sea.'