[gnutls-help] Obtaining client_write_{MAC_secret, key, IV} via gnutls_prf() function

[Youngsok Kim]

Hello,

Could anyone provide assistance with obtaining
client_write_{MAC_secret,key,IV} of an active TLS/SSL session? I'm trying
to obtain these values for offload the data encryption and decryption
routines to an accelerator without modifying GnuTLS's source codes.

According to TLS 1.0 RFC (#2246), we can obtain the key_block containing
the values using PRF. Thus, I used gnutls_prf() function to obtain the
key_block as follows:

   // obtain 'key_block'
   unsigned long key_block_size = hash_size * 2 + key_size * 2 + IV_size *
2;
   unsigned char key_block[key_block_size];
   err = gnutls_prf(m_session, 13, "key expansion", 1, 0, NULL,
key_block_size, (char *)key_block);
   if (err != GNUTLS_E_SUCCESS) {
     fprintf(stderr, "ERROR: %s() failed!\n", "gnutls_prf");
     gnutls_perror(err);
     exit(-1);
   }

where hash_size, key_size, and IV_size are 20, 16, and 16, respectively as
I'm using TLS v1.0 with TLS_RSA_WITH_AES_128_CBC_SHA. Then,
client_write_MAC_secret, client_write_key, client_write_IV should be
key_block[0:19], key_block[40:55], and key_block[72:87], respectively.

However, it seems like I am getting incorrect client_write_key and
client_write_IV. The data encrypted with the obtained key and IV does not
match the one I get with gnutls_record_send() function. It's definitely not
the encryption & decryption problem as I am using
gnutls_cipher_{encrypt,decrypt} for now and verified their correctness
separately.

Am I using gnutls_prf() function in a wrong way? Otherwise, are hash_size,
key_size, and IV_size I am using somewhat wrong for
TLS_RSA_WITH_AES_128_CBC_SHA? FYI, I'm using GnuTLS v3.3.6.

Any help would be greatly appreciated.

Thanks,
Youngsok
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140804/bbbfb8d6/attachment-0001.html>