diff options
Diffstat (limited to 'lib/constate.c')
-rw-r--r-- | lib/constate.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/constate.c b/lib/constate.c index 51943ede69..c6329d7ba2 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -40,6 +40,7 @@ #include "handshake.h" #include "crypto-api.h" #include "locks.h" +#include "quic.h" static const char keyexp[] = "key expansion"; static const int keyexp_length = sizeof(keyexp) - 1; @@ -274,6 +275,11 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_ckey, iv_size, iv_block); if (ret < 0) return gnutls_assert_val(ret); + + _gnutls_call_secret_hook_func(session, GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + GNUTLS_CLIENT, + session->key.proto.tls13.ap_ckey, + session->security_parameters.prf->output_size); } else { ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE, sizeof(APPLICATION_TRAFFIC_UPDATE)-1, @@ -291,6 +297,11 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_skey, iv_size, iv_block); if (ret < 0) return gnutls_assert_val(ret); + + _gnutls_call_secret_hook_func(session, GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + GNUTLS_SERVER, + session->key.proto.tls13.ap_skey, + session->security_parameters.prf->output_size); } upd_state->mac_key_size = 0; @@ -390,6 +401,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, unsigned label_size, hsk_len; const char *keylog_label; void *ckey, *skey; + gnutls_encryption_level_t level; int ret; if (stage == STAGE_UPD_OURS || stage == STAGE_UPD_PEERS) @@ -406,12 +418,14 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, hsk_len = session->internals.handshake_hash_buffer.length; keylog_label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; ckey = session->key.proto.tls13.hs_ckey; + level = GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE; } else { label = APPLICATION_CLIENT_TRAFFIC_LABEL; label_size = sizeof(APPLICATION_CLIENT_TRAFFIC_LABEL)-1; hsk_len = session->internals.handshake_hash_buffer_server_finished_len; keylog_label = "CLIENT_TRAFFIC_SECRET_0"; ckey = session->key.proto.tls13.ap_ckey; + level = GNUTLS_ENCRYPTION_LEVEL_APPLICATION; } ret = _tls13_derive_secret(session, label, label_size, @@ -426,6 +440,10 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, ckey, session->security_parameters.prf->output_size); + _gnutls_call_secret_hook_func(session, level, + GNUTLS_CLIENT, ckey, + session->security_parameters.prf->output_size); + /* client keys */ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, ckey, key_size, ckey_block); if (ret < 0) @@ -441,11 +459,13 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, label_size = sizeof(HANDSHAKE_SERVER_TRAFFIC_LABEL)-1; keylog_label = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; skey = session->key.proto.tls13.hs_skey; + level = GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE; } else { label = APPLICATION_SERVER_TRAFFIC_LABEL; label_size = sizeof(APPLICATION_SERVER_TRAFFIC_LABEL)-1; keylog_label = "SERVER_TRAFFIC_SECRET_0"; skey = session->key.proto.tls13.ap_skey; + level = GNUTLS_ENCRYPTION_LEVEL_APPLICATION; } ret = _tls13_derive_secret(session, label, label_size, @@ -461,6 +481,10 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, skey, session->security_parameters.prf->output_size); + _gnutls_call_secret_hook_func(session, level, + GNUTLS_SERVER, skey, + session->security_parameters.prf->output_size); + ret = _tls13_expand_secret(session, "key", 3, NULL, 0, skey, key_size, skey_block); if (ret < 0) return gnutls_assert_val(ret); |