diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-18 16:31:28 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-05-18 21:16:36 +0200 |
commit | 7e3506a0457638f83f7b6eb9d20d17ceb8683827 (patch) | |
tree | f3a8c7f247232d3bc4c8a25ec7e4a3631e0855b1 /lib/kx.c | |
parent | 6e55c5de14ca8dc1a80338b396f00dfbb183bcfb (diff) | |
download | gnutls-7e3506a0457638f83f7b6eb9d20d17ceb8683827.tar.gz |
Write session keys into a file when GNUTLS_KEYLOGFILE is exported
That is the file pointed from the variable is written to, and contain
the session parameters in the following format (identical to NSS key
log format):
CLIENT_RANDOM <space> <64 bytes of hex encoded client_random> <space> <96 bytes of hex encoded master secret>
and for the old RSA ciphersuites also in the format:
RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded master secret>
Resolves #64
Diffstat (limited to 'lib/kx.c')
-rw-r--r-- | lib/kx.c | 43 |
1 files changed, 43 insertions, 0 deletions
@@ -95,6 +95,47 @@ int _gnutls_generate_master(gnutls_session_t session, int keep_premaster) return 0; } +static void write_nss_key_log(gnutls_session_t session, const gnutls_datum_t *premaster) +{ + const char *filename; + char buf[512]; + FILE *fp; + + if (session->security_parameters.entity == GNUTLS_SERVER) + return; + + filename = getenv("GNUTLS_KEYLOGFILE"); + + if (filename == NULL) + return; + + fp = fopen(filename, "w"); + if (fp == NULL) + return; + + if (session->security_parameters.kx_algorithm == GNUTLS_KX_RSA) { + fprintf(fp, "RSA %s ", + _gnutls_bin2hex(premaster->data, + premaster->size, + buf, sizeof(buf), + NULL)); + fprintf(fp, "%s\n", + _gnutls_bin2hex(session->security_parameters. + master_secret, GNUTLS_MASTER_SIZE, + buf, sizeof(buf), NULL)); + } + + fprintf(fp, "CLIENT_RANDOM %s ", + _gnutls_bin2hex(session->security_parameters. + client_random, 32, buf, + sizeof(buf), NULL)); + fprintf(fp, "%s\n", + _gnutls_bin2hex(session->security_parameters. + master_secret, GNUTLS_MASTER_SIZE, + buf, sizeof(buf), NULL)); + fclose(fp); +} + /* here we generate the TLS Master secret. */ static int @@ -176,6 +217,8 @@ generate_normal_master(gnutls_session_t session, master_secret, GNUTLS_MASTER_SIZE, buf, sizeof(buf), NULL)); + write_nss_key_log(session, premaster); + return ret; } |