finishedHash generates the Finished verify_data or PskBinderEntry according to RFC 8446, Section 4.4.4. See sections 4.4 and 4.2.11.2 for the baseKey selection.
(baseKey []byte, transcript hash.Hash)
| 35 | // to RFC 8446, Section 4.4.4. See sections 4.4 and 4.2.11.2 for the baseKey |
| 36 | // selection. |
| 37 | func (c *cipherSuiteTLS13) finishedHash(baseKey []byte, transcript hash.Hash) []byte { |
| 38 | finishedKey := tls13.ExpandLabel(c.hash.New, baseKey, "finished", nil, c.hash.Size()) |
| 39 | verifyData := hmac.New(c.hash.New, finishedKey) |
| 40 | verifyData.Write(transcript.Sum(nil)) |
| 41 | return verifyData.Sum(nil) |
| 42 | } |
| 43 | |
| 44 | // exportKeyingMaterial implements RFC5705 exporters for TLS 1.3 according to |
| 45 | // RFC 8446, Section 7.5. |
no test coverage detected