Well, I didn't want to get much into the reasoning but then again I suppose I can't avoid it. For a short synopsis, I'd say I'm trying to write a mechanism similar to NSS key log mechanism.
In more detail: You can see my project listed here: http://www.cs.tau.ac.il/~benriva/courses/secwsp10a/ Under 'Improving TLS firewall interception mechanism'. My final intent is to deliver an in-band encrypted session key. This is an alternative solution to the firewall doing MITM and so reduces the amount of trust the client needs to put forth in the firewall - presumably enough to justify passing the key as part of the exchange. The merits, pros and cons of the above has been hashed quite a bit as part of the presentation of the workplan. Since the workplan is committed i'm focusing on the code and later on may revamp it according to feedback. Back to code - this is a modification of the ssl3con.c file and not an external code, so I'd assume I have access to keys. In particular, NSS key log mechanism from the very same source will output a plaintext of the pre-master key to a file (line 4595 on my revision). I hope this clarifies the situation better. Gil -----Original Message----- From: Robert Relyea [mailto:[email protected]] Sent: Tuesday, March 15, 2011 11:27 PM To: mozilla's crypto code discussion list Cc: Gil Bahat; [email protected] Subject: Re: Need assistance - how can pwspec write key length be 0 after the client key exchange? On 03/14/2011 01:48 PM, Gil Bahat wrote: > Hi, > > I'm hacking around NSS code and i'm encountering a roadblock which i > cannot pass. > > here's the gist of my code: > > ssl_GetSpecReadLock(ss); > > /* M2: send the key_block from the pending cipher spec */ > > sent = ssl3_SendRecord(ss, content_key_share, ss->ssl3.pwSpec- >> client.write_key_item.data, ss->ssl3.pwSpec- >> client.write_key_item.len, > ssl_SEND_FLAG_FORCE_INTO_BUFFER); 1. My first question is 'why are you sending raw key data over an SSL connection?' Access to raw key data is restricted. You won't find it in the pwSpec structure. In some cases it's not even in your process address space. 2. Why are you sending this key in particular? If your SSL connection is successful, the client should already have access to this key. > if (sent < 0) { > return (SECStatus)sent; /* error code set by ssl3_SendRecord */ > } > > ssl_ReleaseSpecReadLock(ss); // M2: release spec read lock > > /* M2: this used to be before dealing with pwSpec/cwSpec */ > sent = ssl3_SendRecord(ss, content_change_cipher_spec, &change, 1, > ssl_SEND_FLAG_FORCE_INTO_BUFFER); > if (sent < 0) { > return (SECStatus)sent; /* error code set by ssl3_SendRecord */ > } > > /* M2: warning - once this is set, encryption starts... */ > /* swap the pending and current write specs. */ > ssl_GetSpecWriteLock(ss); /**************************************/ > > pwSpec = ss->ssl3.pwSpec; > pwSpec->write_seq_num.high = 0; > pwSpec->write_seq_num.low = 0; > > ss->ssl3.pwSpec = ss->ssl3.cwSpec; > ss->ssl3.cwSpec = pwSpec; > (...) > > which goes into SendChangeCipherSpecs. > > at this stage of the SSL state machine, pwSpec has been populated long > ago as ssl3_DeriveConnectionKeysPKCS11 has already been called from > SendClientKeyExchange. it's also evident from the following lines that > pwSpec is already 'primed' and ready to be exchanged with cwSpec. in > particular if i dare place my code after the exchange, sendRecord will > send an encrypted record. > > and yet... when accessing pwSpec contents - I get nothing. even with > the speclock. What am i missing? You are missing the key data. We don't let the application 'just have it'. Even the SSL engine never sees that actual key data. > Any help would be appreciated. Trying to understand what you really want to do would help us in helping you. bob -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
