New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes
authorDr. Stephen Henson <steve@openssl.org>
Tue, 28 Aug 2012 23:17:28 +0000 (23:17 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 28 Aug 2012 23:17:28 +0000 (23:17 +0000)
all derived keys to the message callback.

Add code to SSL_trace to include support for printing out keys.

ssl/s3_enc.c
ssl/ssl3.h
ssl/t1_enc.c
ssl/t1_trce.c

index c5df2cb..d54babc 100644 (file)
@@ -375,6 +375,27 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
        EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
+#ifdef OPENSSL_SSL_TRACE_CRYPTO
+       if (s->msg_callback)
+               {
+               int wh = which & SSL3_CC_WRITE ?
+                               TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
+               s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
+                                               mac_secret, EVP_MD_size(m),
+                                               s, s->msg_callback_arg);
+               if (c->key_len)
+                       s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
+                                               key, c->key_len,
+                                               s, s->msg_callback_arg);
+               if (k)
+                       {
+                       s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV,
+                                               iv, k, s, s->msg_callback_arg);
+                       }
+               }
+#endif
+
        OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
        OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
        EVP_MD_CTX_cleanup(&md);
@@ -797,6 +818,9 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
        EVP_MD_CTX ctx;
        int i,ret=0;
        unsigned int n;
+#ifdef SSL_TRACE_CRYPTO_DEBUG
+       unsigned char *tmpout = out;
+#endif
 
        EVP_MD_CTX_init(&ctx);
        for (i=0; i<3; i++)
@@ -818,6 +842,23 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                ret+=n;
                }
        EVP_MD_CTX_cleanup(&ctx);
+
+#ifdef SSL_TRACE_CRYPTO_DEBUG
+       if (s->msg_callback)
+               {
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
+                                               p, len, s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
+                                       s->s3->client_random, SSL3_RANDOM_SIZE,
+                                               s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
+                                       s->s3->server_random, SSL3_RANDOM_SIZE,
+                                       s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
+                                       tmpout, SSL3_MASTER_SECRET_SIZE,
+                                       s, s->msg_callback_arg);
+               }
+#endif
        return(ret);
        }
 
index 7427477..b0b6539 100644 (file)
@@ -324,6 +324,20 @@ extern "C" {
 #define SSL3_RT_APPLICATION_DATA       23
 #define TLS1_RT_HEARTBEAT              24
 
+/* Pseudo content types to indicate additional parameters */
+#define TLS1_RT_CRYPTO                 0x1000
+#define TLS1_RT_CRYPTO_PREMASTER       (TLS1_RT_CRYPTO | 0x1)
+#define TLS1_RT_CRYPTO_CLIENT_RANDOM   (TLS1_RT_CRYPTO | 0x2)
+#define TLS1_RT_CRYPTO_SERVER_RANDOM   (TLS1_RT_CRYPTO | 0x3)
+#define TLS1_RT_CRYPTO_MASTER          (TLS1_RT_CRYPTO | 0x4)
+
+#define TLS1_RT_CRYPTO_READ            0x0000
+#define TLS1_RT_CRYPTO_WRITE           0x0100
+#define TLS1_RT_CRYPTO_MAC             (TLS1_RT_CRYPTO | 0x5)
+#define TLS1_RT_CRYPTO_KEY             (TLS1_RT_CRYPTO | 0x6)
+#define TLS1_RT_CRYPTO_IV              (TLS1_RT_CRYPTO | 0x7)
+#define TLS1_RT_CRYPTO_FIXED_IV                (TLS1_RT_CRYPTO | 0x8)
+
 #define SSL3_AL_WARNING                        1
 #define SSL3_AL_FATAL                  2
 
index f7bdeb3..44555f5 100644 (file)
@@ -556,6 +556,30 @@ printf("which = %04X\nmac key=",which);
                EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY,
                                *mac_secret_size,mac_secret);
 
+#ifdef OPENSSL_SSL_TRACE_CRYPTO
+       if (s->msg_callback)
+               {
+               int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
+               if (*mac_secret_size)
+                       s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
+                                               mac_secret, *mac_secret_size,
+                                               s, s->msg_callback_arg);
+               if (c->key_len)
+                       s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
+                                               key, c->key_len,
+                                               s, s->msg_callback_arg);
+               if (k)
+                       {
+                       if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+                               wh |= TLS1_RT_CRYPTO_FIXED_IV;
+                       else
+                               wh |= TLS1_RT_CRYPTO_IV;
+                       s->msg_callback(2, s->version, wh, iv, k,
+                                               s, s->msg_callback_arg);
+                       }
+               }
+#endif
+
 #ifdef TLS_DEBUG
 printf("which = %04X\nkey=",which);
 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
@@ -1118,6 +1142,24 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
        BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
 #endif
 
+#ifdef OPENSSL_SSL_TRACE_CRYPTO
+       if (s->msg_callback)
+               {
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
+                                               p, len, s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
+                                       s->s3->client_random, SSL3_RANDOM_SIZE,
+                                               s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
+                                       s->s3->server_random, SSL3_RANDOM_SIZE,
+                                       s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
+                                       s->session->master_key,
+                                       SSL3_MASTER_SECRET_SIZE,
+                                       s, s->msg_callback_arg);
+               }
+#endif
+
 #ifdef KSSL_DEBUG
        printf ("tls1_generate_master_secret() complete\n");
 #endif /* KSSL_DEBUG */
index 47539a5..3571aaa 100644 (file)
@@ -444,6 +444,21 @@ static ssl_trace_tbl ssl_ctype_tbl[] = {
        {66, "ecdsa_fixed_ecdh"}
 };
 
+static ssl_trace_tbl ssl_crypto_tbl[] = {
+       {TLS1_RT_CRYPTO_PREMASTER,      "Premaster Secret"},
+       {TLS1_RT_CRYPTO_CLIENT_RANDOM,  "Client Random"},
+       {TLS1_RT_CRYPTO_SERVER_RANDOM,  "Server Random"},
+       {TLS1_RT_CRYPTO_MASTER,         "Master Secret"},
+       {TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_WRITE,       "Write Mac Secret"},
+       {TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_READ,        "Read Mac Secret"},
+       {TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_WRITE,       "Write Key"},
+       {TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_READ,        "Read Key"},
+       {TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_WRITE,        "Write IV"},
+       {TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_READ,         "Read IV"},
+       {TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_WRITE,  "Write IV (fixed part)"},
+       {TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_READ,   "Read IV (fixed part)"}
+};
+
 static void ssl_print_hex(BIO *bio, int indent, const char *name,
                                const unsigned char *msg, size_t msglen)
        {
@@ -1193,7 +1208,16 @@ void SSL_trace(int write_p, int version, int content_type,
        {
        const unsigned char *msg = buf;
        BIO *bio = arg;
-       
+
+       if (write_p == 2)
+               {
+               BIO_puts(bio, "Session ");
+               ssl_print_hex(bio, 0,
+                               ssl_trace_str(content_type, ssl_crypto_tbl),
+                               msg, msglen);
+               return;
+               }
+
        BIO_printf(bio, "%s Record: Version = %s (0x%x)",
                                write_p ? "Sent" : "Received",
                                ssl_trace_str(version, ssl_version_tbl),