eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export

Browse source 
Implement modified key export API for Mbed TLS 3.0
This commit is contained in:
Gilles Peskine 2021-06-22 18:52:37 +02:00 committed by GitHub
commit e9bc857327
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 216 additions and 262 deletions
Download patch file Download diff file Expand all files Collapse all files

10
ChangeLog.d/key-export.txt Normal file
View file

@ -0,0 +1,10 @@
API changes
* mbedtls_ssl_conf_export_keys_ext_cb() and
mbedtls_ssl_conf_export_keys_cb() have been removed and
replaced by a new API mbedtls_ssl_set_export_keys_cb().
Raw keys and IVs are no longer passed to the callback.
Further, callbacks now receive an additional parameter
indicating the type of secret that's being exported,
paving the way for the larger number of secrets
in TLS 1.3. Finally, the key export callback and
context are now connection-specific.

36
docs/3.0-migration-guide.d/key-export.md Normal file
View file

@ -0,0 +1,36 @@
SSL key export interface change
-------------------------------
This affects users of the SSL key export APIs:
```
mbedtls_ssl_conf_export_keys_cb()
mbedtls_ssl_conf_export_keys_ext_cb()
```
Those APIs have been removed and replaced by the new API
`mbedtls_ssl_set_export_keys_cb()`. This API differs from
the previous key export API in the following ways:
- It is no longer bound to an SSL configuration, but to an
SSL context. This allows users to more easily identify the
connection an exported key belongs to.
- It no longer exports raw keys and IV.
- A secret type parameter has been added to identify which key
is being exported. For TLS 1.2, only the master secret is
exported, but upcoming TLS 1.3 support will add other kinds of keys.
- The callback now specifies a void return type, rather than
returning an error code. It is the responsibility of the application
to handle failures in the key export callback, for example by
shutting down the TLS connection.
For users which do not rely on raw keys and IV, adjusting to the new
callback type should be straightforward - see the example programs
programs/ssl/ssl_client2 and programs/ssl/ssl_server2 for callbacks
for NSSKeylog, EAP-TLS and DTLS-SRTP.
Users which require access to the raw keys used to secure application
traffic may derive those by hand based on the master secret and the
handshake transcript hashes which can be obtained from the raw data
on the wire. Such users are also encouraged to reach out to the
Mbed TLS team on the mailing list, to let the team know about their
use case.

2
include/mbedtls/config.h
View file

@ -1549,7 +1549,7 @@
* (see Section 5 of RFC 5764), are not handled by this feature. * (see Section 5 of RFC 5764), are not handled by this feature.
* Instead, after successful completion of a handshake negotiating * Instead, after successful completion of a handshake negotiating
* the use of DTLS-SRTP, the extended key exporter API * the use of DTLS-SRTP, the extended key exporter API
* mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement * mbedtls_ssl_conf_export_keys_cb() should be used to implement
* the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
* (this is implemented in the SSL example programs). * (this is implemented in the SSL example programs).
* The resulting key should then be passed to an SRTP stack. * The resulting key should then be passed to an SRTP stack.

182
include/mbedtls/ssl.h
View file

@ -458,18 +458,6 @@ typedef enum
} }
mbedtls_ssl_states; mbedtls_ssl_states;
/*
* The tls_prf function types.
*/
typedef enum
{
MBEDTLS_SSL_TLS_PRF_NONE,
MBEDTLS_SSL_TLS_PRF_TLS1,
MBEDTLS_SSL_TLS_PRF_SHA384,
MBEDTLS_SSL_TLS_PRF_SHA256
}
mbedtls_tls_prf_types;
/** /**
* \brief Callback type: send data on the network. * \brief Callback type: send data on the network.
* *
@ -963,6 +951,57 @@ struct mbedtls_ssl_session
#endif #endif
}; };
/*
* Identifiers for PRFs used in various versions of TLS.
*/
typedef enum
{
MBEDTLS_SSL_TLS_PRF_NONE,
MBEDTLS_SSL_TLS_PRF_SHA384,
MBEDTLS_SSL_TLS_PRF_SHA256,
MBEDTLS_SSL_HKDF_EXPAND_SHA384,
MBEDTLS_SSL_HKDF_EXPAND_SHA256
}
mbedtls_tls_prf_types;
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
typedef enum
{
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_EARLY_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_EARLY_EXPORTER_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
} mbedtls_ssl_key_export_type;
/**
* \brief Callback type: Export key alongside random values for
* session identification, and PRF for
* implementation of TLS key exporters.
*
* \param p_expkey Context for the callback.
* \param type The type of the key that is being exported.
* \param secret The address of the buffer holding the secret
* that's being exporterd.
* \param secret_len The length of \p secret in bytes.
* \param client_random The client random bytes.
* \param server_random The server random bytes.
* \param tls_prf_type The identifier for the PRF used in the handshake
* to which the key belongs.
*/
typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
mbedtls_ssl_key_export_type type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
/** /**
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures. * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
*/ */
@ -1028,19 +1067,6 @@ struct mbedtls_ssl_config
void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */ void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t );
/** Callback to export key block, master secret,
* tls_prf and random bytes. Should replace f_export_keys */
int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t,
const unsigned char[32], const unsigned char[32],
mbedtls_tls_prf_types );
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */ size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@ -1388,6 +1414,12 @@ struct mbedtls_ssl_context
* Possible values are #MBEDTLS_SSL_CID_ENABLED * Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */ * and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
#endif
}; };
/** /**
@ -1911,70 +1943,6 @@ typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
size_t *tlen, size_t *tlen,
uint32_t *lifetime ); uint32_t *lifetime );
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/**
* \brief Callback type: Export key block and master secret
*
* \note This is required for certain uses of TLS, e.g. EAP-TLS
* (RFC 5216) and Thread. The key pointers are ephemeral and
* therefore must not be stored. The master secret and keys
* should not be used directly except as an input to a key
* derivation function.
*
* \param p_expkey Context for the callback
* \param ms Pointer to master secret (fixed length: 48 bytes)
* \param kb Pointer to key block, see RFC 5246 section 6.3
* (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
* \param maclen MAC length
* \param keylen Key length
* \param ivlen IV length
*
* \return 0 if successful, or
* a specific MBEDTLS_ERR_XXX code.
*/
typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
const unsigned char *ms,
const unsigned char *kb,
size_t maclen,
size_t keylen,
size_t ivlen );
/**
* \brief Callback type: Export key block, master secret,
* handshake randbytes and the tls_prf function
* used to derive keys.
*
* \note This is required for certain uses of TLS, e.g. EAP-TLS
* (RFC 5216) and Thread. The key pointers are ephemeral and
* therefore must not be stored. The master secret and keys
* should not be used directly except as an input to a key
* derivation function.
*
* \param p_expkey Context for the callback.
* \param ms Pointer to master secret (fixed length: 48 bytes).
* \param kb Pointer to key block, see RFC 5246 section 6.3.
* (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
* \param maclen MAC length.
* \param keylen Key length.
* \param ivlen IV length.
* \param client_random The client random bytes.
* \param server_random The server random bytes.
* \param tls_prf_type The tls_prf enum type.
*
* \return 0 if successful, or
* a specific MBEDTLS_ERR_XXX code.
*/
typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey,
const unsigned char *ms,
const unsigned char *kb,
size_t maclen,
size_t keylen,
size_t ivlen,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
/** /**
* \brief Callback type: parse and load session ticket * \brief Callback type: parse and load session ticket
* *
@ -2026,34 +1994,26 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_SSL_EXPORT_KEYS) #if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** /**
* \brief Configure key export callback. * \brief Configure a key export callback.
* (Default: none.) * (Default: none.)
* *
* \note See \c mbedtls_ssl_export_keys_t. * This API can be used for two purposes:
* - Debugging: Use this API to e.g. generate an NSSKeylog
* file and use it to inspect encrypted traffic in tools
* such as Wireshark.
* - Application-specific export: Use this API to implement
* key exporters, e.g. for EAP-TLS or DTLS-SRTP.
* *
* \param conf SSL configuration context *
* \param f_export_keys Callback for exporting keys * \param ssl The SSL context to which the export
* \param p_export_keys Context for the callback * callback should be attached.
* \param f_export_keys The callback for the key export.
* \param p_export_keys The opaque context pointer to be passed to the
* callback \p f_export_keys.
*/ */
void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
mbedtls_ssl_export_keys_t *f_export_keys, mbedtls_ssl_export_keys_t *f_export_keys,
void *p_export_keys ); void *p_export_keys );
/**
* \brief Configure extended key export callback.
* (Default: none.)
*
* \note See \c mbedtls_ssl_export_keys_ext_t.
* \warning Exported key material must not be used for any purpose
* before the (D)TLS handshake is completed
*
* \param conf SSL configuration context
* \param f_export_keys_ext Callback for exporting keys
* \param p_export_keys Context for the callback
*/
void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
void *p_export_keys );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)

31
library/ssl_tls.c
View file

@ -971,20 +971,11 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
((void) mac_enc); ((void) mac_enc);
#if defined(MBEDTLS_SSL_EXPORT_KEYS) #if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( ssl->conf->f_export_keys != NULL ) if( ssl->f_export_keys != NULL )
{ {
ssl->conf->f_export_keys( ssl->conf->p_export_keys, ssl->f_export_keys( ssl->p_export_keys,
master, keyblk, MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
mac_key_len, keylen, master, 48,
iv_copy_len );
}
if( ssl->conf->f_export_keys_ext != NULL )
{
ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys,
master, keyblk,
mac_key_len, keylen,
iv_copy_len,
randbytes + 32, randbytes + 32,
randbytes, randbytes,
tls_prf_get_type( tls_prf ) ); tls_prf_get_type( tls_prf ) );
@ -4168,20 +4159,12 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_EXPORT_KEYS) #if defined(MBEDTLS_SSL_EXPORT_KEYS)
void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
mbedtls_ssl_export_keys_t *f_export_keys, mbedtls_ssl_export_keys_t *f_export_keys,
void *p_export_keys ) void *p_export_keys )
{ {
conf->f_export_keys = f_export_keys; ssl->f_export_keys = f_export_keys;
conf->p_export_keys = p_export_keys; ssl->p_export_keys = p_export_keys;
}
void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
void *p_export_keys )
{
conf->f_export_keys_ext = f_export_keys_ext;
conf->p_export_keys = p_export_keys;
} }
#endif #endif

42
programs/ssl/ssl_client2.c
View file

@ -1723,27 +1723,6 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm ); mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
#endif #endif
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( opt.eap_tls != 0 )
{
mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
&eap_tls_keying );
}
else if( opt.nss_keylog != 0 )
{
mbedtls_ssl_conf_export_keys_ext_cb( &conf,
nss_keylog_export,
NULL );
}
#if defined( MBEDTLS_SSL_DTLS_SRTP )
else if( opt.use_srtp != 0 )
{
mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation,
&dtls_srtp_keying );
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)
if( opt.dhmlen != DFL_DHMLEN ) if( opt.dhmlen != DFL_DHMLEN )
mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen ); mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
@ -1873,6 +1852,27 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( opt.eap_tls != 0 )
{
mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
&eap_tls_keying );
}
else if( opt.nss_keylog != 0 )
{
mbedtls_ssl_set_export_keys_cb( &ssl,
nss_keylog_export,
NULL );
}
#if defined( MBEDTLS_SSL_DTLS_SRTP )
else if( opt.use_srtp != 0 )
{
mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation,
&dtls_srtp_keying );
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{ {

42
programs/ssl/ssl_server2.c
View file

@ -2512,27 +2512,6 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm ); mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
#endif #endif
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( opt.eap_tls != 0 )
{
mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
&eap_tls_keying );
}
else if( opt.nss_keylog != 0 )
{
mbedtls_ssl_conf_export_keys_ext_cb( &conf,
nss_keylog_export,
NULL );
}
#if defined( MBEDTLS_SSL_DTLS_SRTP )
else if( opt.use_srtp != 0 )
{
mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation,
&dtls_srtp_keying );
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
@ -2859,6 +2838,27 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( opt.eap_tls != 0 )
{
mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
&eap_tls_keying );
}
else if( opt.nss_keylog != 0 )
{
mbedtls_ssl_set_export_keys_cb( &ssl,
nss_keylog_export,
NULL );
}
#if defined( MBEDTLS_SSL_DTLS_SRTP )
else if( opt.use_srtp != 0 )
{
mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation,
&dtls_srtp_keying );
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
io_ctx.ssl = &ssl; io_ctx.ssl = &ssl;
io_ctx.net = &client_fd; io_ctx.net = &client_fd;
mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb, mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,

81
programs/ssl/ssl_test_common_source.c
View file

@ -25,55 +25,46 @@
*/ */
#if defined(MBEDTLS_SSL_EXPORT_KEYS) #if defined(MBEDTLS_SSL_EXPORT_KEYS)
int eap_tls_key_derivation( void *p_expkey, void eap_tls_key_derivation( void *p_expkey,
const unsigned char *ms, mbedtls_ssl_key_export_type secret_type,
const unsigned char *kb, const unsigned char *secret,
size_t maclen, size_t secret_len,
size_t keylen,
size_t ivlen,
const unsigned char client_random[32], const unsigned char client_random[32],
const unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type ) mbedtls_tls_prf_types tls_prf_type )
{ {
eap_tls_keys *keys = (eap_tls_keys *)p_expkey; eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
( ( void ) kb ); /* We're only interested in the TLS 1.2 master secret */
memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
return;
if( secret_len != sizeof( keys->master_secret ) )
return;
memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) );
memcpy( keys->randbytes, client_random, 32 ); memcpy( keys->randbytes, client_random, 32 );
memcpy( keys->randbytes + 32, server_random, 32 ); memcpy( keys->randbytes + 32, server_random, 32 );
keys->tls_prf_type = tls_prf_type; keys->tls_prf_type = tls_prf_type;
if( opt.debug_level > 2 )
{
mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
}
return( 0 );
} }
int nss_keylog_export( void *p_expkey, void nss_keylog_export( void *p_expkey,
const unsigned char *ms, mbedtls_ssl_key_export_type secret_type,
const unsigned char *kb, const unsigned char *secret,
size_t maclen, size_t secret_len,
size_t keylen,
size_t ivlen,
const unsigned char client_random[32], const unsigned char client_random[32],
const unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type ) mbedtls_tls_prf_types tls_prf_type )
{ {
char nss_keylog_line[ 200 ]; char nss_keylog_line[ 200 ];
size_t const client_random_len = 32; size_t const client_random_len = 32;
size_t const master_secret_len = 48;
size_t len = 0; size_t len = 0;
size_t j; size_t j;
int ret = 0;
/* We're only interested in the TLS 1.2 master secret */
if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
return;
((void) p_expkey); ((void) p_expkey);
((void) kb);
((void) maclen);
((void) keylen);
((void) ivlen);
((void) server_random); ((void) server_random);
((void) tls_prf_type); ((void) tls_prf_type);
@ -88,10 +79,10 @@ int nss_keylog_export( void *p_expkey,
len += sprintf( nss_keylog_line + len, " " ); len += sprintf( nss_keylog_line + len, " " );
for( j = 0; j < master_secret_len; j++ ) for( j = 0; j < secret_len; j++ )
{ {
len += sprintf( nss_keylog_line + len, len += sprintf( nss_keylog_line + len,
"%02x", ms[j] ); "%02x", secret[j] );
} }
len += sprintf( nss_keylog_line + len, "\n" ); len += sprintf( nss_keylog_line + len, "\n" );
@ -108,13 +99,11 @@ int nss_keylog_export( void *p_expkey,
if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL ) if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL )
{ {
ret = -1;
goto exit; goto exit;
} }
if( fwrite( nss_keylog_line, 1, len, f ) != len ) if( fwrite( nss_keylog_line, 1, len, f ) != len )
{ {
ret = -1;
fclose( f ); fclose( f );
goto exit; goto exit;
} }
@ -125,35 +114,29 @@ int nss_keylog_export( void *p_expkey,
exit: exit:
mbedtls_platform_zeroize( nss_keylog_line, mbedtls_platform_zeroize( nss_keylog_line,
sizeof( nss_keylog_line ) ); sizeof( nss_keylog_line ) );
return( ret );
} }
#if defined( MBEDTLS_SSL_DTLS_SRTP ) #if defined( MBEDTLS_SSL_DTLS_SRTP )
int dtls_srtp_key_derivation( void *p_expkey, void dtls_srtp_key_derivation( void *p_expkey,
const unsigned char *ms, mbedtls_ssl_key_export_type secret_type,
const unsigned char *kb, const unsigned char *secret,
size_t maclen, size_t secret_len,
size_t keylen,
size_t ivlen,
const unsigned char client_random[32], const unsigned char client_random[32],
const unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type ) mbedtls_tls_prf_types tls_prf_type )
{ {
dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey; dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
( ( void ) kb ); /* We're only interested in the TLS 1.2 master secret */
memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
return;
if( secret_len != sizeof( keys->master_secret ) )
return;
memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) );
memcpy( keys->randbytes, client_random, 32 ); memcpy( keys->randbytes, client_random, 32 );
memcpy( keys->randbytes + 32, server_random, 32 ); memcpy( keys->randbytes + 32, server_random, 32 );
keys->tls_prf_type = tls_prf_type; keys->tls_prf_type = tls_prf_type;
if( opt.debug_level > 2 )
{
mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
}
return( 0 );
} }
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */

6
tests/ssl-opt.sh
View file

@ -8377,12 +8377,6 @@ run_test "export keys functionality" \
"$P_SRV eap_tls=1 debug_level=3" \ "$P_SRV eap_tls=1 debug_level=3" \
"$P_CLI eap_tls=1 debug_level=3" \ "$P_CLI eap_tls=1 debug_level=3" \
0 \ 0 \
-s "exported maclen is " \
-s "exported keylen is " \
-s "exported ivlen is " \
-c "exported maclen is " \
-c "exported keylen is " \
-c "exported ivlen is " \
-c "EAP-TLS key material is:"\ -c "EAP-TLS key material is:"\
-s "EAP-TLS key material is:"\ -s "EAP-TLS key material is:"\
-c "EAP-TLS IV is:" \ -c "EAP-TLS IV is:" \

12
tests/suites/test_suite_ssl.data
View file

@ -8638,14 +8638,6 @@ ssl_tls1_3_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled
depends_on:MBEDTLS_SSL_PROTO_TLS1
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.1 enabled
depends_on:MBEDTLS_SSL_PROTO_TLS1_1
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384
depends_on:MBEDTLS_SHA384_C:MBEDTLS_SSL_PROTO_TLS1_2 depends_on:MBEDTLS_SHA384_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0
@ -8654,10 +8646,6 @@ SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256
depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2 depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.X not enabled
depends_on:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-384 not enabled SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-384 not enabled
depends_on:!MBEDTLS_SHA384_C depends_on:!MBEDTLS_SHA384_C
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE