From 9ba266082d4ed9b3ad3a0ff8f4b96df82e794f82 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 18 May 2016 16:31:28 +0200 Subject: Write session keys into a file when GNUTLS_KEYLOGFILE is exported That is the file pointed from the variable is written to, and contain the session parameters in the following format (identical to NSS key log format): CLIENT_RANDOM <64 bytes of hex encoded client_random> <96 bytes of hex encoded master secret> and for the old RSA ciphersuites also in the format: RSA <16 bytes of hex encoded encrypted pre master secret> <96 bytes of hex encoded master secret> Resolves #64 --- lib/gnutls_kx.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index d02d42d271..fd963421cf 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -95,6 +95,47 @@ int _gnutls_generate_master(gnutls_session_t session, int keep_premaster) return 0; } +static void write_nss_key_log(gnutls_session_t session, const gnutls_datum_t *premaster) +{ + const char *filename; + char buf[512]; + FILE *fp; + + if (session->security_parameters.entity == GNUTLS_SERVER) + return; + + filename = getenv("GNUTLS_KEYLOGFILE"); + + if (filename == NULL) + return; + + fp = fopen(filename, "w"); + if (fp == NULL) + return; + + if (session->security_parameters.kx_algorithm == GNUTLS_KX_RSA) { + fprintf(fp, "RSA %s ", + _gnutls_bin2hex(premaster->data, + premaster->size, + buf, sizeof(buf), + NULL)); + fprintf(fp, "%s\n", + _gnutls_bin2hex(session->security_parameters. + master_secret, GNUTLS_MASTER_SIZE, + buf, sizeof(buf), NULL)); + } + + fprintf(fp, "CLIENT_RANDOM %s ", + _gnutls_bin2hex(session->security_parameters. + client_random, 32, buf, + sizeof(buf), NULL)); + fprintf(fp, "%s\n", + _gnutls_bin2hex(session->security_parameters. + master_secret, GNUTLS_MASTER_SIZE, + buf, sizeof(buf), NULL)); + fclose(fp); +} + /* here we generate the TLS Master secret. */ static int @@ -175,6 +216,8 @@ generate_normal_master(gnutls_session_t session, master_secret, GNUTLS_MASTER_SIZE, buf, sizeof(buf), NULL)); + write_nss_key_log(session, premaster); + return ret; } -- cgit v1.2.1