cyassl patch for AES-CCM testing

See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9499
author: Peter Wu <lekensteyn@gmail.com> 2013-12-03 18:36:16 +0100
committer: Peter Wu <lekensteyn@gmail.com> 2013-12-03 18:36:16 +0100
commit: befe0f77dd2246e437e61cefb861bf9a6d4ff82b (patch)
tree: 9e7d096020e35082218f568fe03ce29855ca0a4a
parent: 53eb87f0d7220a44fe333cf34e23263d56def62f (diff)
download: wireshark-notes-befe0f77dd2246e437e61cefb861bf9a6d4ff82b.tar.gz
2 files changed, 124 insertions, 0 deletions
diff --git a/notes.txt b/notes.txt
index 04c9e60..68c527d 100644
--- a/notes.txt
+++ b/notes.txt
@@ -13,6 +13,14 @@ make install
 # for libgcrypt-config test in wireshark ./configure
 PATH=/tmp/libgcrypt/prefix/bin:$PATH
 
+# Build cyassl for AES-CCM testing
+patch -p1 < cyassl-Implement-SSLKEYLOGFILE-support-for-ClientRandom.patch
+autoreconf -fiv
+./configure --enable-{opensslextra,dtls,ipv6,sniffer,aes{c,g}cm,camellia,md2,dsa,ecc,psk,webserver,sni}
+make
+examples/server/server -p 4433
+SSLKEYLOGFILE=premaster.txt examples/client/client -l AES256-SHA -p 4433
+
 # find which suites are not supported yet (unsupported.txt)
 awk -vsrc=/tmp/wireshark/epan/dissectors/packet-ssl-utils.c -F'[ {,]+' 'BEGIN{while(getline <src)if(/^ *\{.*,KEX_/)a[$2]=1}{if(!a[$1])print}' suites.txt
 # find which ciphers openssl supports
diff --git a/patches/cyassl-Implement-SSLKEYLOGFILE-support-for-ClientRandom.patch b/patches/cyassl-Implement-SSLKEYLOGFILE-support-for-ClientRandom.patch
new file mode 100644
index 0000000..e7221cc
--- /dev/null
+++ b/patches/cyassl-Implement-SSLKEYLOGFILE-support-for-ClientRandom.patch
@@ -0,0 +1,116 @@
+From be4d8fa77ddb1aff903b770980b79e02671d79b9 Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 3 Dec 2013 18:14:43 +0100
+Subject: [PATCH] Implement SSLKEYLOGFILE support for ClientRandom
+
+Based on NSS code, the format of the SSLKEYLOGFILE file is documented at
+https://developer.mozilla.org/en-US/docs/NSS_Key_Log_Format
+
+This debugging facility allows the master-key established in a SSL
+handshake to be saved to a file specified by the SSLKEYLOGFILE.
+---
+ src/internal.c | 43 +++++++++++++++++++++++++++++++++++++++++++
+ src/ssl.c      | 16 ++++++++++++++++
+ 2 files changed, 59 insertions(+)
+
+diff --git a/src/internal.c b/src/internal.c
+index 85e64f9..acb2a52 100644
+--- a/src/internal.c
++++ b/src/internal.c
+@@ -5423,6 +5423,47 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
+     return sz;
+ }
+ 
++static void hexEncode(byte* dst_str, const byte* src_bytes, size_t src_len)
++{
++    const byte hex[] = "0123456789abcdef";
++    size_t n;
++
++    for (n = 0; n < src_len; ++n) {
++        byte val = *src_bytes++;
++        *dst_str++ = hex[val >> 4];
++        *dst_str++ = hex[val & 0xf];
++    }
++}
++
++/* defined in src/ssl.c */
++extern FILE* ssl_keylog_iob;
++
++static void RecordKeyLog(CYASSL* ssl)
++{
++    byte buf[14 /* "CLIENT_RANDOM " */ +
++             RAN_LEN*2 /* client_random */ +
++             1 /* " " */ +
++             SECRET_LEN*2 /* master secret */ +
++             1 /* new line */];
++    unsigned int j;
++
++    if (!ssl_keylog_iob)
++        return;
++
++    memcpy(buf, "CLIENT_RANDOM ", 14);
++    j = 14;
++    hexEncode(buf + j, ssl->arrays->clientRandom, RAN_LEN);
++    j += RAN_LEN*2;
++    buf[j++] = ' ';
++    hexEncode(buf + j, ssl->arrays->masterSecret, SECRET_LEN);
++    j += SECRET_LEN*2;
++    buf[j] = '\n';
++
++    if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1)
++        return;
++    fflush(ssl_keylog_iob);
++}
++
+ 
+ int SendFinished(CYASSL* ssl)
+ {
+@@ -5529,6 +5570,8 @@ int SendFinished(CYASSL* ssl)
+ 
+     ssl->buffers.outputBuffer.length += sendSz;
+ 
++    RecordKeyLog(ssl);
++
+     return SendBuffered(ssl);
+ }
+ 
+diff --git a/src/ssl.c b/src/ssl.c
+index 827369f..1332839 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -1496,9 +1496,12 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
+ #endif /* NO_SESSION_CACHE */
+ 
+ 
++FILE* ssl_keylog_iob;
++
+ int CyaSSL_Init(void)
+ {
+     int ret = SSL_SUCCESS;
++    char* keylogfile;
+ 
+     CYASSL_ENTER("CyaSSL_Init");
+ 
+@@ -1519,6 +1522,19 @@ int CyaSSL_Init(void)
+         UnLockMutex(&count_mutex);
+     }
+ 
++    /* used in src/internal.c, format is described at
++     * https://developer.mozilla.org/en-US/docs/NSS_Key_Log_Format */
++    keylogfile = getenv("SSLKEYLOGFILE");
++    if (keylogfile && keylogfile[0]) {
++        ssl_keylog_iob = fopen(keylogfile, "a");
++        if (ssl_keylog_iob) {
++            if (ftell(ssl_keylog_iob) == 0) {
++                fputs("# SSL/TLS secrets log file, generated by CyaSSL\n",
++                        ssl_keylog_iob);
++            }
++        }
++    }
++
+     return ret;
+ }
+ 
+-- 
+1.8.4.2
+
author	Peter Wu <lekensteyn@gmail.com>	2013-12-03 18:36:16 +0100
committer	Peter Wu <lekensteyn@gmail.com>	2013-12-03 18:36:16 +0100
commit	befe0f77dd2246e437e61cefb861bf9a6d4ff82b (patch)
tree	9e7d096020e35082218f568fe03ce29855ca0a4a
parent	53eb87f0d7220a44fe333cf34e23263d56def62f (diff)
download	wireshark-notes-befe0f77dd2246e437e61cefb861bf9a6d4ff82b.tar.gz