From 6fd2fc61dd607475c367d3ee828c659a1651eb4e Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Mon, 1 Aug 2022 17:27:58 +0700
Subject: TLS: 'tls-exporter' channel binding

- defined in RFC 9266
- see https://github.com/bcgit/bc-java/issues/1198
---
 crypto/src/tls/AbstractTlsContext.cs      | 3 +++
 crypto/src/tls/ChannelBinding.cs          | 5 +++++
 crypto/test/src/tls/test/MockTlsClient.cs | 3 +++
 crypto/test/src/tls/test/MockTlsServer.cs | 3 +++
 4 files changed, 14 insertions(+)

diff --git a/crypto/src/tls/AbstractTlsContext.cs b/crypto/src/tls/AbstractTlsContext.cs
index be7a67dfc..a5ac85962 100644
--- a/crypto/src/tls/AbstractTlsContext.cs
+++ b/crypto/src/tls/AbstractTlsContext.cs
@@ -170,6 +170,9 @@ namespace Org.BouncyCastle.Tls
 
             SecurityParameters securityParameters = SecurityParameters;
 
+            if (ChannelBinding.tls_exporter == channelBinding)
+                return ExportKeyingMaterial("EXPORTER-Channel-Binding", TlsUtilities.EmptyBytes, 32);
+
             if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
                 return null;
 
diff --git a/crypto/src/tls/ChannelBinding.cs b/crypto/src/tls/ChannelBinding.cs
index 84f8bc4df..d6e0cbe27 100644
--- a/crypto/src/tls/ChannelBinding.cs
+++ b/crypto/src/tls/ChannelBinding.cs
@@ -15,5 +15,10 @@ namespace Org.BouncyCastle.Tls
         public const int tls_server_end_point = 0;
         public const int tls_unique = 1;
         public const int tls_unique_for_telnet = 2;
+
+        /*
+         * RFC 9266
+         */
+        public const int tls_exporter = 3;
     }
 }
diff --git a/crypto/test/src/tls/test/MockTlsClient.cs b/crypto/test/src/tls/test/MockTlsClient.cs
index 98898dd30..731504757 100644
--- a/crypto/test/src/tls/test/MockTlsClient.cs
+++ b/crypto/test/src/tls/test/MockTlsClient.cs
@@ -127,6 +127,9 @@ namespace Org.BouncyCastle.Tls.Tests
 
                 byte[] tlsUnique = m_context.ExportChannelBinding(ChannelBinding.tls_unique);
                 Console.WriteLine("Client 'tls-unique': " + ToHexString(tlsUnique));
+
+                byte[] tlsExporter = m_context.ExportChannelBinding(ChannelBinding.tls_exporter);
+                Console.WriteLine("Client 'tls-exporter': " + ToHexString(tlsExporter));
             }
         }
 
diff --git a/crypto/test/src/tls/test/MockTlsServer.cs b/crypto/test/src/tls/test/MockTlsServer.cs
index d4e885117..c4aa2c74d 100644
--- a/crypto/test/src/tls/test/MockTlsServer.cs
+++ b/crypto/test/src/tls/test/MockTlsServer.cs
@@ -155,6 +155,9 @@ namespace Org.BouncyCastle.Tls.Tests
 
             byte[] tlsUnique = m_context.ExportChannelBinding(ChannelBinding.tls_unique);
             Console.WriteLine("Server 'tls-unique': " + ToHexString(tlsUnique));
+
+            byte[] tlsExporter = m_context.ExportChannelBinding(ChannelBinding.tls_exporter);
+            Console.WriteLine("Server 'tls-exporter': " + ToHexString(tlsExporter));
         }
 
         public override void ProcessClientExtensions(IDictionary<int, byte[]> clientExtensions)
-- 
cgit 1.4.1