diff options
| author | Aniketh01 <anikethgireesh@gmail.com> | 2019-10-03 12:12:10 +0530 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-12-01 18:32:33 +0100 |
| commit | 51eed2631d3e216b0fe4a56a713f4665dbfe1c5c (patch) | |
| tree | 4c0293c452bddb5b7dcc46c81b24ad5879841ace /lib/constate.c | |
| parent | 25ae05fdc0e5627b6e53c17c2c55a987117d9cfb (diff) | |
| download | gnutls-tmp-secret-hook.tar.gz | |
gnutls_session_set_secret_hook_function: new functiontmp-secret-hook
This adds a callback to get notified when a new traffic secret is
set. This is particularly useful with QUIC, where the QUIC
implementations calculate actual traffic keys from the TLS secrets.
Signed-off-by: Aniketh01 <anikethgireesh@gmail.com>
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/constate.c')
| -rw-r--r-- | lib/constate.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/constate.c b/lib/constate.c index 51943ede69..c6329d7ba2 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -40,6 +40,7 @@ #include "handshake.h" #include "crypto-api.h" #include "locks.h" +#include "quic.h" static const char keyexp[] = "key expansion"; static const int keyexp_length = sizeof(keyexp) - 1; @@ -274,6 +275,11 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_ckey, iv_size, iv_block); if (ret < 0) return gnutls_assert_val(ret); + + _gnutls_call_secret_hook_func(session, GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + GNUTLS_CLIENT, + session->key.proto.tls13.ap_ckey, + session->security_parameters.prf->output_size); } else { ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE, sizeof(APPLICATION_TRAFFIC_UPDATE)-1, @@ -291,6 +297,11 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_skey, iv_size, iv_block); if (ret < 0) return gnutls_assert_val(ret); + + _gnutls_call_secret_hook_func(session, GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + GNUTLS_SERVER, + session->key.proto.tls13.ap_skey, + session->security_parameters.prf->output_size); } upd_state->mac_key_size = 0; @@ -390,6 +401,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, unsigned label_size, hsk_len; const char *keylog_label; void *ckey, *skey; + gnutls_encryption_level_t level; int ret; if (stage == STAGE_UPD_OURS || stage == STAGE_UPD_PEERS) @@ -406,12 +418,14 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, hsk_len = session->internals.handshake_hash_buffer.length; keylog_label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; ckey = session->key.proto.tls13.hs_ckey; + level = GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE; } else { label = APPLICATION_CLIENT_TRAFFIC_LABEL; label_size = sizeof(APPLICATION_CLIENT_TRAFFIC_LABEL)-1; hsk_len = session->internals.handshake_hash_buffer_server_finished_len; keylog_label = "CLIENT_TRAFFIC_SECRET_0"; ckey = session->key.proto.tls13.ap_ckey; + level = GNUTLS_ENCRYPTION_LEVEL_APPLICATION; } ret = _tls13_derive_secret(session, label, label_size, @@ -426,6 +440,10 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, ckey, session->security_parameters.prf->output_size); + _gnutls_call_secret_hook_func(session, level, + GNUTLS_CLIENT, ckey, + session->security_parameters.prf->output_size); + /* client keys */ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, ckey, key_size, ckey_block); if (ret < 0) @@ -441,11 +459,13 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, label_size = sizeof(HANDSHAKE_SERVER_TRAFFIC_LABEL)-1; keylog_label = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; skey = session->key.proto.tls13.hs_skey; + level = GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE; } else { label = APPLICATION_SERVER_TRAFFIC_LABEL; label_size = sizeof(APPLICATION_SERVER_TRAFFIC_LABEL)-1; keylog_label = "SERVER_TRAFFIC_SECRET_0"; skey = session->key.proto.tls13.ap_skey; + level = GNUTLS_ENCRYPTION_LEVEL_APPLICATION; } ret = _tls13_derive_secret(session, label, label_size, @@ -461,6 +481,10 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, skey, session->security_parameters.prf->output_size); + _gnutls_call_secret_hook_func(session, level, + GNUTLS_SERVER, skey, + session->security_parameters.prf->output_size); + ret = _tls13_expand_secret(session, "key", 3, NULL, 0, skey, key_size, skey_block); if (ret < 0) return gnutls_assert_val(ret); |