diff options
| author | Daiki Ueno <dueno@redhat.com> | 2020-02-02 08:13:50 +0100 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2020-02-07 18:03:45 +0100 |
| commit | 9711755641cd9b6de323676abeab6cc80ea13e4b (patch) | |
| tree | 95b303ea614c67994905ee5e18d4c9d2bcd0bcbe /lib/includes/gnutls/gnutls.h.in | |
| parent | ee43a212b6bde870bf0800329972f3cab24715ec (diff) | |
| download | gnutls-9711755641cd9b6de323676abeab6cc80ea13e4b.tar.gz | |
keylogfile: generalize with a callbacktmp-keylog-hook
This refactors the keylogfile mechanism by adding a callback to get
notified when a new secret is derived and installed. That way,
consumers can implement custom logging feature per session, which is
particularly useful in QUIC implementation.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/includes/gnutls/gnutls.h.in')
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index d05ef8e5a9..13b6c35659 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2292,6 +2292,59 @@ void gnutls_global_set_log_function(gnutls_log_func log_func); void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func); void gnutls_global_set_log_level(int level); +/** + * gnutls_handshake_secret_type_t: + * @GNUTLS_SECRET_CLIENT_RANDOM: 48 bytes for the master secret (for SSL 3.0, + * TLS 1.0, 1.1 and 1.2) + * @GNUTLS_SECRET_CLIENT_EARLY_TRAFFIC_SECRET: the early traffic secret for the + * client side (for TLS 1.3) + * @GNUTLS_SECRET_CLIENT_HANDSHAKE_TRAFFIC_SECRET: the handshake traffic secret + * for the client side (for TLS 1.3) + * @GNUTLS_SECRET_SERVER_HANDSHAKE_TRAFFIC_SECRET: the handshake traffic secret + * for the server side (for TLS 1.3) + * @GNUTLS_SECRET_CLIENT_TRAFFIC_SECRET: the application traffic secret for the + * client side (for TLS 1.3) + * @GNUTLS_SECRET_SERVER_TRAFFIC_SECRET: the application traffic secret for the + * server side (for TLS 1.3) + * @GNUTLS_SECRET_EARLY_EXPORTER_SECRET: the early exporter secret (for TLS 1.3, + * used for 0-RTT keys). + * @GNUTLS_SECRET_EXPORTER_SECRET: the exporter secret (for TLS 1.3, used for + * 1-RTT keys) + * + * Enumeration of different types of secrets derived during handshake. + * This is used by gnutls_handshake_set_secret_function(). + * + * Since: 3.6.13 + */ +typedef enum { + GNUTLS_SECRET_CLIENT_RANDOM, + GNUTLS_SECRET_CLIENT_EARLY_TRAFFIC_SECRET, + GNUTLS_SECRET_CLIENT_HANDSHAKE_TRAFFIC_SECRET, + GNUTLS_SECRET_SERVER_HANDSHAKE_TRAFFIC_SECRET, + GNUTLS_SECRET_CLIENT_TRAFFIC_SECRET, + GNUTLS_SECRET_SERVER_TRAFFIC_SECRET, + GNUTLS_SECRET_EARLY_EXPORTER_SECRET, + GNUTLS_SECRET_EXPORTER_SECRET +} gnutls_handshake_secret_type_t; + + /** + * gnutls_handshake_secret_function: + * @session: the current session + * @type: #gnutls_handshake_secret_type_t + * @secret: the (const) data of the derived secret. + * + * Function prototype for secret derivation hooks. It is set using + * gnutls_handshake_set_secret_function(). + * + * Returns: Non zero on error. + * Since: 3.6.13 + */ +typedef int (*gnutls_handshake_secret_func) (gnutls_session_t session, + gnutls_handshake_secret_type_t type, + const gnutls_datum_t *secret); +void gnutls_handshake_set_secret_function(gnutls_session_t session, + gnutls_handshake_secret_func func); + /* Diffie-Hellman parameter handling. */ int gnutls_dh_params_init(gnutls_dh_params_t * dh_params); |