keylogfile: simplify the callback mechanismtmp-keylog-func

This partially reverts commit 97117556 with a simpler interface.  The
original intention of having the callback mechanism was to reuse it
for monitoring QUIC encryption changes.  However, it turned out to be
insufficient because such changes must be emitted after a new epoch is
ready.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

1 files changed, 7 insertions, 15 deletions

diff --git a/lib/constate.c b/lib/constate.c
index a11577d7ba..eb05fdd04c 100644
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -197,7 +197,6 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage,
 	char buf[65];
 	record_state_st *upd_state;
 	record_parameters_st *prev = NULL;
-	gnutls_handshake_secret_type_t secret_type;
 	int ret;
 
 	/* generate new keys for direction needed and copy old from previous epoch */
@@ -275,7 +274,6 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage,
 		ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_ckey, iv_size, iv_block);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
-		secret_type = GNUTLS_SECRET_CLIENT_TRAFFIC_SECRET;
 	} else {
 		ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE,
 					   sizeof(APPLICATION_TRAFFIC_UPDATE)-1,
@@ -293,14 +291,8 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage,
 		ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_skey, iv_size, iv_block);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
-		secret_type = GNUTLS_SECRET_SERVER_TRAFFIC_SECRET;
 	}
 
-	ret = _gnutls_call_secret_func(session, secret_type,
-				       key_block, key_size);
-	if (ret < 0)
-		return gnutls_assert_val(ret);
-
 	upd_state->mac_key_size = 0;
 
 	assert(key_size <= sizeof(upd_state->key));
@@ -396,7 +388,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 	record_state_st *client_write, *server_write;
 	const char *label;
 	unsigned label_size, hsk_len;
-	gnutls_handshake_secret_type_t secret_type;
+	const char *keylog_label;
 	void *ckey, *skey;
 	int ret;
 
@@ -412,13 +404,13 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 		label = HANDSHAKE_CLIENT_TRAFFIC_LABEL;
 		label_size = sizeof(HANDSHAKE_CLIENT_TRAFFIC_LABEL)-1;
 		hsk_len = session->internals.handshake_hash_buffer.length;
-		secret_type = GNUTLS_SECRET_CLIENT_HANDSHAKE_TRAFFIC_SECRET;
+		keylog_label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET";
 		ckey = session->key.proto.tls13.hs_ckey;
 	} else {
 		label = APPLICATION_CLIENT_TRAFFIC_LABEL;
 		label_size = sizeof(APPLICATION_CLIENT_TRAFFIC_LABEL)-1;
 		hsk_len = session->internals.handshake_hash_buffer_server_finished_len;
-		secret_type = GNUTLS_SECRET_CLIENT_TRAFFIC_SECRET;
+		keylog_label = "CLIENT_TRAFFIC_SECRET_0";
 		ckey = session->key.proto.tls13.ap_ckey;
 	}
 
@@ -430,7 +422,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	ret = _gnutls_call_secret_func(session, secret_type,
+	ret = _gnutls_call_keylog_func(session, keylog_label,
 				       ckey,
 				       session->security_parameters.prf->output_size);
 	if (ret < 0)
@@ -449,12 +441,12 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 	if (stage == STAGE_HS) {
 		label = HANDSHAKE_SERVER_TRAFFIC_LABEL;
 		label_size = sizeof(HANDSHAKE_SERVER_TRAFFIC_LABEL)-1;
-		secret_type = GNUTLS_SECRET_SERVER_HANDSHAKE_TRAFFIC_SECRET;
+		keylog_label = "SERVER_HANDSHAKE_TRAFFIC_SECRET";
 		skey = session->key.proto.tls13.hs_skey;
 	} else {
 		label = APPLICATION_SERVER_TRAFFIC_LABEL;
 		label_size = sizeof(APPLICATION_SERVER_TRAFFIC_LABEL)-1;
-		secret_type = GNUTLS_SECRET_SERVER_TRAFFIC_SECRET;
+		keylog_label = "SERVER_TRAFFIC_SECRET_0";
 		skey = session->key.proto.tls13.ap_skey;
 	}
 
@@ -467,7 +459,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	ret = _gnutls_call_secret_func(session, secret_type,
+	ret = _gnutls_call_keylog_func(session, keylog_label,
 				       skey,
 				       session->security_parameters.prf->output_size);
 	if (ret < 0)