mirror of https://github.com/ctz/rustls
Infer key log labels from secret kind
This commit is contained in:
Benjamin Saunders
ctz
parent
3bfc5950aa
commit
056d843c0b
|
|
@ -332,7 +332,6 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl,
|
|||
.get_key_schedule()
|
||||
.derive_logged_secret(SecretKind::ClientEarlyTrafficSecret, &client_hello_hash,
|
||||
&*sess.config.key_log,
|
||||
"CLIENT_EARLY_TRAFFIC_SECRET",
|
||||
&handshake.randoms.client);
|
||||
// Set early data encryption key
|
||||
sess.common
|
||||
|
|
|
|||
|
|
@ -214,7 +214,6 @@ pub fn start_handshake_traffic(sess: &mut ClientSessionImpl,
|
|||
.derive_logged_secret(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&handshake.hash_at_client_recvd_server_hello,
|
||||
&*sess.config.key_log,
|
||||
"CLIENT_HANDSHAKE_TRAFFIC_SECRET",
|
||||
&handshake.randoms.client);
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
sess.common.get_mut_key_schedule().current_client_traffic_secret = Some(write_key);
|
||||
|
|
@ -224,7 +223,6 @@ pub fn start_handshake_traffic(sess: &mut ClientSessionImpl,
|
|||
.derive_logged_secret(SecretKind::ServerHandshakeTrafficSecret,
|
||||
&handshake.hash_at_client_recvd_server_hello,
|
||||
&*sess.config.key_log,
|
||||
"SERVER_HANDSHAKE_TRAFFIC_SECRET",
|
||||
&handshake.randoms.client);
|
||||
sess.common.set_message_decrypter(cipher::new_tls13_read(suite, &read_key));
|
||||
sess.common.get_mut_key_schedule().current_server_traffic_secret = Some(read_key);
|
||||
|
|
@ -405,7 +403,6 @@ impl hs::State for ExpectEncryptedExtensions {
|
|||
SecretKind::ClientHandshakeTrafficSecret,
|
||||
&self.handshake.hash_at_client_recvd_server_hello,
|
||||
&*sess.config.key_log,
|
||||
"CLIENT_HANDSHAKE_TRAFFIC_SECRET",
|
||||
&self.handshake.randoms.client);
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
sess.common.get_mut_key_schedule()
|
||||
|
|
@ -833,7 +830,6 @@ impl hs::State for ExpectFinished {
|
|||
SecretKind::ClientHandshakeTrafficSecret,
|
||||
&st.handshake.hash_at_client_recvd_server_hello,
|
||||
&*sess.config.key_log,
|
||||
"CLIENT_HANDSHAKE_TRAFFIC_SECRET",
|
||||
&st.handshake.randoms.client);
|
||||
Some(key)
|
||||
} else {
|
||||
|
|
@ -853,7 +849,6 @@ impl hs::State for ExpectFinished {
|
|||
SecretKind::ServerApplicationTrafficSecret,
|
||||
&handshake_hash,
|
||||
&*sess.config.key_log,
|
||||
"SERVER_TRAFFIC_SECRET_0",
|
||||
&st.handshake.randoms.client);
|
||||
sess.common.set_message_decrypter(cipher::new_tls13_read(suite, &read_key));
|
||||
sess.common
|
||||
|
|
@ -865,7 +860,6 @@ impl hs::State for ExpectFinished {
|
|||
.derive_logged_secret(SecretKind::ExporterMasterSecret,
|
||||
&handshake_hash,
|
||||
&*sess.config.key_log,
|
||||
"EXPORTER_SECRET",
|
||||
&st.handshake.randoms.client);
|
||||
sess.common
|
||||
.get_mut_key_schedule()
|
||||
|
|
@ -901,7 +895,6 @@ impl hs::State for ExpectFinished {
|
|||
.derive_logged_secret(SecretKind::ClientApplicationTrafficSecret,
|
||||
&handshake_hash,
|
||||
&*sess.config.key_log,
|
||||
"CLIENT_TRAFFIC_SECRET_0",
|
||||
&st.handshake.randoms.client);
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
sess.common
|
||||
|
|
|
|||
|
|
@ -34,6 +34,19 @@ impl SecretKind {
|
|||
SecretKind::DerivedSecret => b"derived",
|
||||
}
|
||||
}
|
||||
|
||||
fn log_label(self) -> Option<&'static str> {
|
||||
use self::SecretKind::*;
|
||||
Some(match self {
|
||||
ClientEarlyTrafficSecret => "CLIENT_EARLY_TRAFFIC_SECRET",
|
||||
ClientHandshakeTrafficSecret => "CLIENT_HANDSHAKE_TRAFFIC_SECRET",
|
||||
ServerHandshakeTrafficSecret => "SERVER_HANDSHAKE_TRAFFIC_SECRET",
|
||||
ClientApplicationTrafficSecret => "CLIENT_TRAFFIC_SECRET_0",
|
||||
ServerApplicationTrafficSecret => "SERVER_TRAFFIC_SECRET_0",
|
||||
ExporterMasterSecret => "EXPORTER_SECRET",
|
||||
_ => { return None; }
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
/// This is the TLS1.3 key schedule. It stores the current secret,
|
||||
|
|
@ -91,9 +104,10 @@ impl KeySchedule {
|
|||
}
|
||||
|
||||
pub fn derive_logged_secret(&self, kind: SecretKind, hs_hash: &[u8],
|
||||
key_log: &dyn KeyLog, log_label: &str, client_random: &[u8; 32])
|
||||
key_log: &dyn KeyLog, client_random: &[u8; 32])
|
||||
-> hkdf::Prk
|
||||
{
|
||||
let log_label = kind.log_label().expect("not a loggable secret");
|
||||
if key_log.will_log(log_label) {
|
||||
let secret = self.derive::<PayloadU8, _>(PayloadU8Len(self.algorithm.len()), kind, hs_hash)
|
||||
.into_inner();
|
||||
|
|
@ -370,7 +384,7 @@ mod test {
|
|||
}
|
||||
}
|
||||
let log = Log(expected_traffic_secret);
|
||||
let traffic_secret = ks.derive_logged_secret(kind, &hash, &log, "", &[0; 32]);
|
||||
let traffic_secret = ks.derive_logged_secret(kind, &hash, &log, &[0; 32]);
|
||||
|
||||
// Since we can't test key equality, we test the output of sealing with the key instead.
|
||||
let aead_alg = &aead::AES_128_GCM;
|
||||
|
|
|
|||
|
|
@ -164,7 +164,6 @@ impl CompleteClientHelloHandling {
|
|||
SecretKind::ClientEarlyTrafficSecret,
|
||||
&client_hello_hash,
|
||||
&*sess.config.key_log,
|
||||
"CLIENT_EARLY_TRAFFIC_SECRET",
|
||||
&self.handshake.randoms.client);
|
||||
// If 0-RTT should be rejected, this will be clobbered by ExtensionProcessing
|
||||
// before the application can see.
|
||||
|
|
@ -181,7 +180,6 @@ impl CompleteClientHelloHandling {
|
|||
SecretKind::ServerHandshakeTrafficSecret,
|
||||
&handshake_hash,
|
||||
&*sess.config.key_log,
|
||||
"SERVER_HANDSHAKE_TRAFFIC_SECRET",
|
||||
&self.handshake.randoms.client);
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
|
||||
|
|
@ -189,7 +187,6 @@ impl CompleteClientHelloHandling {
|
|||
SecretKind::ClientHandshakeTrafficSecret,
|
||||
&handshake_hash,
|
||||
&*sess.config.key_log,
|
||||
"CLIENT_HANDSHAKE_TRAFFIC_SECRET",
|
||||
&self.handshake.randoms.client);
|
||||
sess.common.set_message_decrypter(cipher::new_tls13_read(suite, &read_key));
|
||||
|
||||
|
|
@ -416,7 +413,6 @@ impl CompleteClientHelloHandling {
|
|||
.derive_logged_secret(SecretKind::ServerApplicationTrafficSecret,
|
||||
&self.handshake.hash_at_server_fin,
|
||||
&*sess.config.key_log,
|
||||
"SERVER_TRAFFIC_SECRET_0",
|
||||
&self.handshake.randoms.client);
|
||||
let suite = sess.common.get_suite_assert();
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
|
|
@ -439,7 +435,6 @@ impl CompleteClientHelloHandling {
|
|||
.derive_logged_secret(SecretKind::ExporterMasterSecret,
|
||||
&self.handshake.hash_at_server_fin,
|
||||
&*sess.config.key_log,
|
||||
"EXPORTER_SECRET",
|
||||
&self.handshake.randoms.client);
|
||||
sess.common
|
||||
.get_mut_key_schedule()
|
||||
|
|
@ -849,7 +844,6 @@ impl hs::State for ExpectFinished {
|
|||
.derive_logged_secret(SecretKind::ClientApplicationTrafficSecret,
|
||||
&self.handshake.hash_at_server_fin,
|
||||
&*sess.config.key_log,
|
||||
"CLIENT_TRAFFIC_SECRET_0",
|
||||
&self.handshake.randoms.client);
|
||||
|
||||
let suite = sess.common.get_suite_assert();
|
||||
|
|
|
|||
Loading…
Reference in New Issue