public TlsKdfV13EarlySecretResult GetDerivedEarlySecret(bool isExternalPsk, BitString preSharedKey, BitString clientHello) { var earlySecret = _hkdf.Extract(_bitstringHashLengthBits, preSharedKey); var binderKey = DeriveSecret(earlySecret, isExternalPsk ? "ext binder" : "res binder", BitString.Empty()); var clientEarlyTrafficSecret = DeriveSecret(earlySecret, "c e traffic", clientHello); var earlyExporterMasterSecret = DeriveSecret(earlySecret, "e exp master", clientHello); var derivedEarlySecret = DeriveSecret(earlySecret, "derived", BitString.Empty()); return(new TlsKdfV13EarlySecretResult() { EarlySecret = earlySecret, BinderKey = binderKey, ClientEarlyTrafficSecret = clientEarlyTrafficSecret, EarlyExporterMasterSecret = earlyExporterMasterSecret, DerivedEarlySecret = derivedEarlySecret, }); }