[gnutls-help] Obtaining client_write_{MAC_secret, key, IV} via gnutls_prf() function

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Aug 5 02:15:05 CEST 2014

On Mon, 2014-08-04 at 23:18 +0900, Youngsok Kim wrote:
> Hello,
> Could anyone provide assistance with obtaining
> client_write_{MAC_secret,key,IV} of an active TLS/SSL session? I'm
> trying to obtain these values for offload the data encryption and
> decryption routines to an accelerator without modifying GnuTLS's
> source codes.

There is no straightforward way to export the TLS session secrets. Which
accelerator do you use for off-loading? gnutls supports cryptodev and
more can be registered using gnutls_crypto_single_cipher_register(),
gnutls_crypto_single_mac_register() etc. If you are using one with free
software drivers consider contributing it back with that API.

A direct way to extract the calculated secrets (which is recommended for
debugging only as it will break on any future upgrade of gnutls) is to
export gnutls_session_int and security_parameters in your program.

>    // obtain 'key_block'
>    unsigned long key_block_size = hash_size * 2 + key_size * 2 +
> IV_size * 2;
>    unsigned char key_block[key_block_size];
>    err = gnutls_prf(m_session, 13, "key expansion", 1, 0, NULL,
> key_block_size, (char *)key_block);

I believe the 4th variable should be zero (the client random is first).
Note also that this construction will only work if you negotiate TLS 1.0
or later.


More information about the Gnutls-help mailing list