1 files changed, 24 insertions, 0 deletions

diff --git a/lib/constate.c b/lib/constate.c
index 51943ede69..c6329d7ba2 100644
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -40,6 +40,7 @@
 #include "handshake.h"
 #include "crypto-api.h"
 #include "locks.h"
+#include "quic.h"
 
 static const char keyexp[] = "key expansion";
 static const int keyexp_length = sizeof(keyexp) - 1;
@@ -274,6 +275,11 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage,
 		ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_ckey, iv_size, iv_block);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
+
+		_gnutls_call_secret_hook_func(session, GNUTLS_ENCRYPTION_LEVEL_APPLICATION,
+					      GNUTLS_CLIENT,
+					      session->key.proto.tls13.ap_ckey,
+					      session->security_parameters.prf->output_size);
 	} else {
 		ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE,
 					   sizeof(APPLICATION_TRAFFIC_UPDATE)-1,
@@ -291,6 +297,11 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage,
 		ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_skey, iv_size, iv_block);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
+
+		_gnutls_call_secret_hook_func(session, GNUTLS_ENCRYPTION_LEVEL_APPLICATION,
+					      GNUTLS_SERVER,
+					      session->key.proto.tls13.ap_skey,
+					      session->security_parameters.prf->output_size);
 	}
 
 	upd_state->mac_key_size = 0;
@@ -390,6 +401,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 	unsigned label_size, hsk_len;
 	const char *keylog_label;
 	void *ckey, *skey;
+	gnutls_encryption_level_t level;
 	int ret;
 
 	if (stage == STAGE_UPD_OURS || stage == STAGE_UPD_PEERS)
@@ -406,12 +418,14 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 		hsk_len = session->internals.handshake_hash_buffer.length;
 		keylog_label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET";
 		ckey = session->key.proto.tls13.hs_ckey;
+		level = GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE;
 	} else {
 		label = APPLICATION_CLIENT_TRAFFIC_LABEL;
 		label_size = sizeof(APPLICATION_CLIENT_TRAFFIC_LABEL)-1;
 		hsk_len = session->internals.handshake_hash_buffer_server_finished_len;
 		keylog_label = "CLIENT_TRAFFIC_SECRET_0";
 		ckey = session->key.proto.tls13.ap_ckey;
+		level = GNUTLS_ENCRYPTION_LEVEL_APPLICATION;
 	}
 
 	ret = _tls13_derive_secret(session, label, label_size,
@@ -426,6 +440,10 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 				 ckey,
 				 session->security_parameters.prf->output_size);
 
+	_gnutls_call_secret_hook_func(session, level,
+				      GNUTLS_CLIENT, ckey,
+				      session->security_parameters.prf->output_size);
+
 	/* client keys */
 	ret = _tls13_expand_secret(session, "key", 3, NULL, 0, ckey, key_size, ckey_block);
 	if (ret < 0)
@@ -441,11 +459,13 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 		label_size = sizeof(HANDSHAKE_SERVER_TRAFFIC_LABEL)-1;
 		keylog_label = "SERVER_HANDSHAKE_TRAFFIC_SECRET";
 		skey = session->key.proto.tls13.hs_skey;
+		level = GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE;
 	} else {
 		label = APPLICATION_SERVER_TRAFFIC_LABEL;
 		label_size = sizeof(APPLICATION_SERVER_TRAFFIC_LABEL)-1;
 		keylog_label = "SERVER_TRAFFIC_SECRET_0";
 		skey = session->key.proto.tls13.ap_skey;
+		level = GNUTLS_ENCRYPTION_LEVEL_APPLICATION;
 	}
 
 	ret = _tls13_derive_secret(session, label, label_size,
@@ -461,6 +481,10 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage,
 				 skey,
 				 session->security_parameters.prf->output_size);
 
+	_gnutls_call_secret_hook_func(session, level,
+				      GNUTLS_SERVER, skey,
+				      session->security_parameters.prf->output_size);
+
 	ret = _tls13_expand_secret(session, "key", 3, NULL, 0, skey, key_size, skey_block);
 	if (ret < 0)
 		return gnutls_assert_val(ret);