diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-18 16:31:28 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-05-18 21:20:42 +0200 |
commit | 9ba266082d4ed9b3ad3a0ff8f4b96df82e794f82 (patch) | |
tree | 0b02c68167547c69b2bc1cac515e26733c7b2ca1 | |
parent | a66a24fe8388280838cb4f0316137a8bf035f3f4 (diff) | |
download | gnutls-9ba266082d4ed9b3ad3a0ff8f4b96df82e794f82.tar.gz |
Write session keys into a file when GNUTLS_KEYLOGFILE is exported
That is the file pointed from the variable is written to, and contain
the session parameters in the following format (identical to NSS key
log format):
CLIENT_RANDOM <space> <64 bytes of hex encoded client_random> <space> <96 bytes of hex encoded master secret>
and for the old RSA ciphersuites also in the format:
RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded master secret>
Resolves #64
-rw-r--r-- | lib/gnutls_kx.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index d02d42d271..fd963421cf 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -95,6 +95,47 @@ int _gnutls_generate_master(gnutls_session_t session, int keep_premaster) return 0; } +static void write_nss_key_log(gnutls_session_t session, const gnutls_datum_t *premaster) +{ + const char *filename; + char buf[512]; + FILE *fp; + + if (session->security_parameters.entity == GNUTLS_SERVER) + return; + + filename = getenv("GNUTLS_KEYLOGFILE"); + + if (filename == NULL) + return; + + fp = fopen(filename, "w"); + if (fp == NULL) + return; + + if (session->security_parameters.kx_algorithm == GNUTLS_KX_RSA) { + fprintf(fp, "RSA %s ", + _gnutls_bin2hex(premaster->data, + premaster->size, + buf, sizeof(buf), + NULL)); + fprintf(fp, "%s\n", + _gnutls_bin2hex(session->security_parameters. + master_secret, GNUTLS_MASTER_SIZE, + buf, sizeof(buf), NULL)); + } + + fprintf(fp, "CLIENT_RANDOM %s ", + _gnutls_bin2hex(session->security_parameters. + client_random, 32, buf, + sizeof(buf), NULL)); + fprintf(fp, "%s\n", + _gnutls_bin2hex(session->security_parameters. + master_secret, GNUTLS_MASTER_SIZE, + buf, sizeof(buf), NULL)); + fclose(fp); +} + /* here we generate the TLS Master secret. */ static int @@ -175,6 +216,8 @@ generate_normal_master(gnutls_session_t session, master_secret, GNUTLS_MASTER_SIZE, buf, sizeof(buf), NULL)); + write_nss_key_log(session, premaster); + return ret; } |