summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2016-05-18 16:31:28 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2016-05-18 21:20:42 +0200
commit9ba266082d4ed9b3ad3a0ff8f4b96df82e794f82 (patch)
tree0b02c68167547c69b2bc1cac515e26733c7b2ca1
parenta66a24fe8388280838cb4f0316137a8bf035f3f4 (diff)
downloadgnutls-9ba266082d4ed9b3ad3a0ff8f4b96df82e794f82.tar.gz
Write session keys into a file when GNUTLS_KEYLOGFILE is exported
That is the file pointed from the variable is written to, and contain the session parameters in the following format (identical to NSS key log format): CLIENT_RANDOM <space> <64 bytes of hex encoded client_random> <space> <96 bytes of hex encoded master secret> and for the old RSA ciphersuites also in the format: RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded master secret> Resolves #64
Diffstat
-rw-r--r--lib/gnutls_kx.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index d02d42d271..fd963421cf 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -95,6 +95,47 @@ int _gnutls_generate_master(gnutls_session_t session, int keep_premaster)
return 0;
}
+static void write_nss_key_log(gnutls_session_t session, const gnutls_datum_t *premaster)
+{
+ const char *filename;
+ char buf[512];
+ FILE *fp;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return;
+
+ filename = getenv("GNUTLS_KEYLOGFILE");
+
+ if (filename == NULL)
+ return;
+
+ fp = fopen(filename, "w");
+ if (fp == NULL)
+ return;
+
+ if (session->security_parameters.kx_algorithm == GNUTLS_KX_RSA) {
+ fprintf(fp, "RSA %s ",
+ _gnutls_bin2hex(premaster->data,
+ premaster->size,
+ buf, sizeof(buf),
+ NULL));
+ fprintf(fp, "%s\n",
+ _gnutls_bin2hex(session->security_parameters.
+ master_secret, GNUTLS_MASTER_SIZE,
+ buf, sizeof(buf), NULL));
+ }
+
+ fprintf(fp, "CLIENT_RANDOM %s ",
+ _gnutls_bin2hex(session->security_parameters.
+ client_random, 32, buf,
+ sizeof(buf), NULL));
+ fprintf(fp, "%s\n",
+ _gnutls_bin2hex(session->security_parameters.
+ master_secret, GNUTLS_MASTER_SIZE,
+ buf, sizeof(buf), NULL));
+ fclose(fp);
+}
+
/* here we generate the TLS Master secret.
*/
static int
@@ -175,6 +216,8 @@ generate_normal_master(gnutls_session_t session,
master_secret, GNUTLS_MASTER_SIZE,
buf, sizeof(buf), NULL));
+ write_nss_key_log(session, premaster);
+
return ret;
}
View Lorry Controller Status