Title: Add support for export_keying_material to SSL library
Type: enhancement Stage:
Components: SSL Versions: Python 3.9
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, wingel71
Priority: normal Keywords:

Created on 2019-08-26 08:49 by wingel71, last changed 2019-08-26 09:31 by wingel71.

Messages (3)
msg350512 - (view) Author: Christer Weinigel (wingel71) * Date: 2019-08-26 08:49
Add support for the export_keying_material function to the SSL library.

Tested with Python 3.7.4 and Python master branch:

Is this the correct format for a patch?  Should I include the automatically generated clinic changes in my patch or not?  What about the "versionadded::" string in the documentation?  Should I include a line like that or does it only generate unneccessary conflicts?  Anything else I need to do?
msg350513 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-08-26 09:16
Could you please explain the purpose of the feature and why you want to expose the interface? What's the use case?

As this is a new feature, Python 3.7 and 3.8 are out of scope.
msg350514 - (view) Author: Christer Weinigel (wingel71) * Date: 2019-08-26 09:31
I'm doing an implementation of the NTS protocol for my customer Netnod:

NTS is draft RFC on its way to become a standard:

NTS requires the export_keying_material functionality as described in RFC5705.

Basically it's a part of the TLS standard, is used by 10 existing protocols with more on the way.  And I can't implement a NTS key establishment server or client without the function.  That's why I added the functionality and verified that it works both with the stable 3.7.4 release and with the master branch of the cpython repository.

I tested with 3.7.4 first on my machine because that's the release of Python that comes with Ubuntu and I wanted to have as few differences as as possible compared to the distribution version.  I then forward ported the patch to the master branch and verified that my NTS implementation still works with that branch.
Date User Action Args
2019-08-26 09:31:13wingel71setmessages: + msg350514
2019-08-26 09:16:27christian.heimessetmessages: + msg350513
versions: - Python 3.7
2019-08-26 08:49:04wingel71create