Re: Why does 'SSL_export_keying_material' return a different value than whats printed to the NSS keylog file?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday, 17 May 2022 02:33:29 CEST, Ian Spence via openssl-users wrote:
I am trying to wrap my head around the keying material I can access
within my TLS client application using OpenSSL 3.0.3

I have `SSL_CTX_set_keylog_callback` set to just printf() the lines.

I also have the following code to extract the client random:


unsigned char * keymat = malloc(48);
const char * label = "CLIENT_RANDOM";
SSL_export_keying_material(ssl, keymat, 48, label, strnlen(label), NULL, 0, 0);
printf("[EXPORT] %s: ", label.UTF8String);
for (int i = 0; i < 48; i++) {
    printf("%02x", keymat[i]);
}
printf("\n");


Looking in ssl_local.h I found definitions for the various labels.
I've omitted the code from this email for brevity sake, but I print
out the value for each of the labels.

What I don't understand is why I'm getting different values from the
two. When connecting to a TLS1.3 server I see the following:


[NSS_KEYLOG] SERVER_HANDSHAKE_TRAFFIC_SECRET
f60a59b1ca9629281d4ee45b9966f19277de0652fb12513d71d388d9a8545077
882c1c081f9fe2708cee4067956717caf1936e60511d8d01b2e63541378e44671903e15c5a4b5b7fb3208452d71681e3
[NSS_KEYLOG] EXPORTER_SECRET
f60a59b1ca9629281d4ee45b9966f19277de0652fb12513d71d388d9a8545077
6333438b11e60e3ebd3a4795d7bd8400c08b878854e181ae2d084f95a264192e92ab108a2bd0cb284f7f82dd78a6b4eb
[NSS_KEYLOG] SERVER_TRAFFIC_SECRET_0
f60a59b1ca9629281d4ee45b9966f19277de0652fb12513d71d388d9a8545077
eabc8a14fc818707f03c2e0d7456011aa6aed025cfc43c25591aa7444ee6a045f643bc05b0daf9de9a1e863e7254681e
[NSS_KEYLOG] CLIENT_HANDSHAKE_TRAFFIC_SECRET
f60a59b1ca9629281d4ee45b9966f19277de0652fb12513d71d388d9a8545077
ef410252e24f3bc03d62218aa42d5f002d5a5bbf12d5f0f3e356ed2b56bc5e5151b26995f0dcb57564d2192fd2b6a1e8
[NSS_KEYLOG] CLIENT_TRAFFIC_SECRET_0
f60a59b1ca9629281d4ee45b9966f19277de0652fb12513d71d388d9a8545077
c88e7cc09e1c5b271aa5c722b527aa3a3f9744011c28cddce9a258be853dac6798aac67588bfbb57108cdbaae3c76130
[EXPORT] CLIENT_RANDOM:
a5ec0b54b796ef98bd1c8fad4f2459b657f6850d0b222a351444fd9deafa125d86991612cbec030e4ca2ee46eadb66ab
[EXPORT] CLIENT_EARLY_TRAFFIC_SECRET:
ae2cca098e941c88b574f068a52ea1cabbc2100a7b52afe3a1ba7981220111f348f5a0925092f619576649e3ddf15921
[EXPORT] CLIENT_HANDSHAKE_TRAFFIC_SECRET:
f916455fb08173176794188bb52bef126517248f04e6da47d6426a71c4e9b6a9d4381cfa89f4fcbf8a79de5183589725
[EXPORT] SERVER_HANDSHAKE_TRAFFIC_SECRET:
e6c60c26694e9d1eaaf97fd83f030dd3d9a0133231a2f803169d131f2238343dffd0a5328b561549cfc32cb30f7955c8
[EXPORT] CLIENT_TRAFFIC_SECRET_0:
e84885f1be1a25cd798768c2cf07d5593173ebe8ec6d2ed0959ff0332d6ad6a3ce6a38abe528db6be4a25500ad81cabe
[EXPORT] SERVER_TRAFFIC_SECRET_0:
643296314df063c06642faf895075afa2d8b9ec3922fcc94a46e69e1be628d09deb62c43fda18f2acdfe27d3b986f1dd
[EXPORT] EARLY_EXPORTER_SECRET:
c78b3e4ba7caca9318621f795100811cd6fbf4090f551e44bde0002e6ecdad78d211e9dc6a459fe44f305d35631c34bf
[EXPORT] EXPORTER_SECRET:
02fec8ac7a633d6b532e1ee0699a455f5a454cecbd684f9ed1c573cd820196a8a2a764726fa9236c168f356d776a5f60


Looking at the implementation of ssl_log_secret in ssl_lib.c I see
that the first parameter to the NSS log is the client random, but then
when I ask for CLIENT_RANDOM why do I get a different value?

I can reproduce this behaviour as well using the s_client: openssl
s_client ... -keymatexport "CLIENT_RANDOM" -keymatexportlen 48
-keylogfile keylog.txt

Keying material exporter is a way to implement channel binding:
https://datatracker.ietf.org/doc/html/rfc5705
not to extract the keys used for the connection.

The option to replicate the SSLKEYLOGFILE of NSS is the -keylogfile in s_server.

Here's an example use:
https://github.com/openssl/openssl/blob/598bd7741568a1aae678e5472f18aae1ab991e8d/apps/lib/s_cb.c#L1517
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux