Dump master key in NSS key log format in debug mode

virtueistheonlygood · Jan 13, 2018 · 503e75c · 503e75c
1 parent 2a50689
commit 503e75c
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 0 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -1,6 +1,8 @@
 
 ### SSLsplit develop
 
+-   Dump master key in NSS key log format in debug mode, allowing decryption of
+    SSL connections using Wireshark (issue #121 by @Neoptolemus).
 -   Copy basicConstraints, keyUsage and extendedKeyUsage X509v3 extensions from
     the original certificate and only generate them anew if they were not
     present (issue #73).

diff --git a/pxyconn.c b/pxyconn.c
@@ -1945,6 +1945,7 @@ pxy_bev_eventcb(struct bufferevent *bev, short events, void *arg)
 
 		if (OPTS_DEBUG(ctx->opts)) {
 			if (this->ssl) {
+				char *keystr;
 				/* for SSL, we get two connect events */
 				log_dbg_printf("SSL connected %s [%s]:%s"
 				               " %s %s\n",
@@ -1958,6 +1959,11 @@ pxy_bev_eventcb(struct bufferevent *bev, short events, void *arg)
 				               ctx->srcport_str,
 				               SSL_get_version(this->ssl),
 				               SSL_get_cipher(this->ssl));
+				keystr = ssl_ssl_masterkey_to_str(this->ssl);
+				if (keystr) {
+					log_dbg_printf("%s\n", keystr);
+					free(keystr);
+				}
 			} else {
 				/* for TCP, we get only a dst connect event,
 				 * since src was already connected from the

diff --git a/ssl.c b/ssl.c
@@ -500,6 +500,45 @@ ssl_ssl_state_to_str(SSL *ssl)
 	return (rv < 0) ? NULL : str;
 }
 
+/*
+ * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
+ */
+char *
+ssl_ssl_masterkey_to_str(SSL *ssl)
+{
+	char *str = NULL;
+	int rv;
+	unsigned char *k, *r;
+
+	k = ssl->session->master_key;
+	r = ssl->s3->client_random;
+	rv = asprintf(&str,
+	              "CLIENT_RANDOM "
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              " "
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              "%02X%02X%02X%02X%02X%02X%02X%02X"
+	              "%02X%02X%02X%02X%02X%02X%02X%02X",
+	              r[ 0], r[ 1], r[ 2], r[ 3], r[ 4], r[ 5], r[ 6], r[ 7],
+	              r[ 8], r[ 9], r[10], r[11], r[12], r[13], r[14], r[15],
+	              r[16], r[17], r[18], r[19], r[20], r[21], r[22], r[23],
+	              r[24], r[25], r[26], r[27], r[28], r[29], r[30], r[31],
+	              k[ 0], k[ 1], k[ 2], k[ 3], k[ 4], k[ 5], k[ 6], k[ 7],
+	              k[ 8], k[ 9], k[10], k[11], k[12], k[13], k[14], k[15],
+	              k[16], k[17], k[18], k[19], k[20], k[21], k[22], k[23],
+	              k[24], k[25], k[26], k[27], k[28], k[29], k[30], k[31],
+	              k[32], k[33], k[34], k[35], k[36], k[37], k[38], k[39],
+	              k[40], k[41], k[42], k[43], k[44], k[45], k[46], k[47]);
+
+	return (rv < 0) ? NULL : str;
+}
+
 #ifndef OPENSSL_NO_DH
 static unsigned char dh_g[] = { 0x02 };
 static unsigned char dh512_p[] = {

diff --git a/ssl.h b/ssl.h
@@ -148,6 +148,7 @@ void ssl_fini(void);
 char * ssl_sha1_to_str(unsigned char *, int) NONNULL(1) MALLOC;
 
 char * ssl_ssl_state_to_str(SSL *) NONNULL(1) MALLOC;
+char * ssl_ssl_masterkey_to_str(SSL *) NONNULL(1) MALLOC;
 
 #ifndef OPENSSL_NO_DH
 DH * ssl_tmp_dh_callback(SSL *, int, int) NONNULL(1) MALLOC;