def get_mppe_keys(master: bytes, client_random: bytes, server_random: bytes,
label: bytes, ssl_connection: SSL.Connection) -> List[bytes]:
''' Generate MS-MPPE-Send/Recv-Key as defined in RFC 2548
On newer OpenSSLs, to support TLS 1.2, randomness is now generated
via export_keying_material. See T39616 for details. '''
if SSL.OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_101:
randomstuff = ssl_connection.export_keying_material(label, 64)
else:
label += client_random
label += server_random
randomstuff = PRF(master, label, 64)
return [randomstuff[:32], randomstuff[32:64]]
def get_mppe_keys(
label: bytes,
ssl_connection: SSL.Connection,
) -> Tuple[bytes, bytes]:
"""
Generate MS-MPPE-Send/Recv-Key as defined in RFC 2548. AuthProxy ship with OpenSSL 1.0.2o,
to support TLS 1.2, randomness is generated via export_keying_material.
"""
# Openssl return bytes contain recv_key[:32] and send_key[32:64]
randomstuff = ssl_connection.export_keying_material(label, 64)
recv_key = randomstuff[:32]
send_key = randomstuff[32:64]
return recv_key, send_key
