From 37d98ad3ed3c29acfaa1f9a7d8a9404397dc442b Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Sat, 7 Feb 2015 10:41:32 -0500 Subject: [PATCH] dump DTLS cert and keys --- daemon/crypto.c | 22 ++++++++++++++++++++++ daemon/crypto.h | 4 ++++ daemon/dtls.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/daemon/crypto.c b/daemon/crypto.c index e0544ab381..4caaf0c500 100644 --- a/daemon/crypto.c +++ b/daemon/crypto.c @@ -550,3 +550,25 @@ static int null_crypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s static int null_crypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, u_int64_t idx) { return 0; } + +static void dump_key(struct crypto_context *c) { + char *k, *s; + + k = g_base64_encode(c->params.master_key, c->params.crypto_suite->master_key_len); + s = g_base64_encode(c->params.master_salt, c->params.crypto_suite->master_salt_len); + + ilog(LOG_DEBUG, "--- %s key %s salt %s", c->params.crypto_suite->name, k, s); + + g_free(k); + g_free(s); +} + +void crypto_dump_keys(struct crypto_context *in, struct crypto_context *out) { + if (get_log_level() < LOG_DEBUG) + return; + + ilog(LOG_DEBUG, "SRTP keys, incoming:"); + dump_key(in); + ilog(LOG_DEBUG, "SRTP keys, outgoing:"); + dump_key(out); +} diff --git a/daemon/crypto.h b/daemon/crypto.h index 86e27a6c3c..b652a72cbc 100644 --- a/daemon/crypto.h +++ b/daemon/crypto.h @@ -92,6 +92,10 @@ extern const int num_crypto_suites; const struct crypto_suite *crypto_find_suite(const str *); int crypto_gen_session_key(struct crypto_context *, str *, unsigned char, int); +void crypto_dump_keys(struct crypto_context *in, struct crypto_context *out); + + + INLINE int crypto_encrypt_rtp(struct crypto_context *c, struct rtp_header *rtp, str *payload, u_int64_t index) diff --git a/daemon/dtls.c b/daemon/dtls.c index b63da4bae2..e4b987ca15 100644 --- a/daemon/dtls.c +++ b/daemon/dtls.c @@ -112,6 +112,52 @@ static void cert_free(void *p) { X509_free(cert->x509); } +static void buf_dump_free(char *buf, size_t len) { + char *p, *f; + int llen; + + p = buf; + while (len) { + f = memchr(p, '\n', len); + if (f) + llen = f - p; + else + llen = len; + + ilog(LOG_DEBUG, "--- %.*s", llen, p); + + len -= llen + 1; + p = f + 1; + } + + free(buf); +} + +static void dump_cert(struct dtls_cert *cert) { + FILE *fp; + char *buf; + size_t len; + + if (get_log_level() < LOG_DEBUG) + return; + + /* cert */ + fp = open_memstream(&buf, &len); + PEM_write_X509(fp, cert->x509); + fclose(fp); + + ilog(LOG_DEBUG, "Dump of DTLS certificate:"); + buf_dump_free(buf, len); + + /* key */ + fp = open_memstream(&buf, &len); + PEM_write_PrivateKey(fp, cert->pkey, NULL, NULL, 0, 0, NULL); + fclose(fp); + + ilog(LOG_DEBUG, "Dump of DTLS private key:"); + buf_dump_free(buf, len); +} + static int cert_init() { X509 *x509 = NULL; EVP_PKEY *pkey = NULL; @@ -202,6 +248,8 @@ static int cert_init() { new_cert->pkey = pkey; new_cert->expires = time(NULL) + CERT_EXPIRY_TIME; + dump_cert(new_cert); + /* swap out certs */ rwlock_lock_w(&__dtls_cert_lock); @@ -567,6 +615,8 @@ static int dtls_setup_crypto(struct packet_stream *ps, struct dtls_connection *d crypto_init(&ps->sfd->crypto, &client); } + crypto_dump_keys(&ps->crypto, &ps->sfd->crypto); + return 0; error: