Key export callback must contain session specific information #2188
Comments
|
@hanno-arm is this issue still relevant or did you create another issue that supersedes this one in the meantime? |
|
Same question. |
|
We've introduced the 'extended' callback since the opening of this issue, which adds the ClientRandom and enables e.g. exporting an NSSKeylogFile (which is also demonstrated in the examples, IIRC). Looking forward to 3.0, the key export API has been changed again in #4552, addressing #4363, but the principle remains the same: Export a key alongside material which identifies its connection, namely the random bytes. We continue not to pass the SSL context to the key export. @toddwong Please let us know if any issues remain for you. |
|
@hanno-arm Thanks for the explaination. |
|
It really depends on what you want to do. Suppose, for example, that you're developing a tool like Wireshark which has access to all traces of all connections. Then, given a pair of client random + key, you can do the following: (a) Find the ClientHello which uses the given random value in the flood of messages you've buffered. (b) Lookup and remember the TCP/UDP connection this ClientHello belongs to. (c) Use the provided key to decrypt all encrypted post-handshake traffic on that TCP/UDP connection. |
|
I'm trying to work out the DTLS-SRTP key derivation |
|
I have read the code at https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_server2.c But I'm not sure if it actually works always. It saves the master_secret/random_bytes/tls_prf_type into a globally share variable, and use that to call mbedtls_ssl_tls_prf later to create the DTLS-SRTP key material. But what if we have more than one connection at the same time using the same mbedtls_ssl_config? |
|
Any suggestion? |
|
I'm sorry, I haven't had time to look into this so far. I'll come back to you next week (feel free to remind me if I don't). |
Fixes Mbed-TLS#2188 Signed-off-by: Hanno Becker <[email protected]>
Fixes Mbed-TLS#2188 Signed-off-by: Hanno Becker <[email protected]>
Fixes Mbed-TLS#2188 Signed-off-by: Hanno Becker <[email protected]>
|
@hanno-arm Sorry, has been busy these days. I'll try it as soon as I can, maybe on monday or tuesday. Thanks very much for all of these excellent works! |
|
@toddwong Sure, no worries at all - beginning of next week will be fine! |
|
@hanno-arm I'm compiling code from https://github.com/hanno-arm/mbedtls/tree/mbedtls_3_0_key_export without any modification |
|
@toddwong You need to run |
|
Unresolved external symbol @hanno-arm @gilles-peskine-arm |
|
@gilles-peskine-arm BTW, |
|
My bad. I'm trying build shared libraries under Windows, which is not supported. @hanno-arm @gilles-peskine-arm |
Context: The API
allows to bind a key export callback of type
to an SSL configuration. This callback is to be called for every SSL connection using the SSL configuration whenever the key schedule for that connection has been completed.
Issue: Multiple connections may share the same SSL configuration, and the key export callback doesn't get any information about which SSL context the call relates to.
Concretely, this becomes a problem when trying to create key log files for use with Wireshark, as those need an identifier for the session to be inspected, e.g. in the form of random bytes. An awkward way to work around this currently is to pass the SSL context as (part of) the
p_expkeyparameter, but this only works as long as there is only one SSL context using the SSL configuration.Suggestion: Create a new key export API (we cannot remove the current one before 3.0) which either
The text was updated successfully, but these errors were encountered: