You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Sebastian Biedermann <bi...@seceng.informatik.tu-darmstadt.de> on 2013/12/06 11:19:02 UTC
symmetric aes key
Dear developers,
I work on a research project about SSL security.
Currently, I'm trying to identify and write the negotiated
symmetric AES key of a session to a file just by modifying the
apache2-2.4.6 source code. Until now, I was not able to identify
and locate the variable which temporary stores this key.
In apache2-2.4.6/modules/ssl/*mod_ssl.c*
a new ssl connection is initiated in
int *ssl_init_ssl_connection*(conn_rec *c, request_rec *r)
and there are several structs, I guess one of them stores the key:
SSLSrvConfigRec *sc;
SSLConnRec *sslconn
modssl_ctx_t *mctx;
server_rec *server;
Unfortunately, there is very less information about this on the Internet
and I don't really know where to start.
Can anyone give my a hint or tell me which variable stores the aes key?
Thank you!
--
Sebastian
Re: symmetric aes key
Posted by Yann Ylavic <yl...@gmail.com>.
On Sat, Dec 7, 2013 at 11:52 AM, Michael Felt <ma...@gmail.com> wrote:
> imho - it is a bad idea to store a session encryption key. I think the
> whole idea behind dynamic keys is that they are not stored. PKI is used to
> negotiate a key.
>
> If the session keys are static then, again imho, time would be better
> spent on code to establish dynamic session keys - that can be reestablished
> (i.e., new encryption keys) if the session is lost/interrupted.
>
Sebastian is talking about a research project, I guess he does not want
to store the sessions infos in a "production" environment.
At least this patch is not intended to be integrated in mod_ssl, I doubt it
would be accepted by the team...
Re: symmetric aes key
Posted by Michael Felt <ma...@gmail.com>.
imho - it is a bad idea to store a session encryption key. I think the
whole idea behind dynamic keys is that they are not stored. PKI is used to
negotiate a key.
If the session keys are static then, again imho, time would be better spent
on code to establish dynamic session keys - that can be reestablished
(i.e., new encryption keys) if the session is lost/interrupted.
On Fri, Dec 6, 2013 at 11:19 AM, Sebastian Biedermann <
biedermann@seceng.informatik.tu-darmstadt.de> wrote:
> Dear developers,
>
> I work on a research project about SSL security.
> Currently, I'm trying to identify and write the negotiated
> symmetric AES key of a session to a file just by modifying the
> apache2-2.4.6 source code. Until now, I was not able to identify
> and locate the variable which temporary stores this key.
>
> In apache2-2.4.6/modules/ssl/*mod_ssl.c*
> a new ssl connection is initiated in
> int *ssl_init_ssl_connection*(conn_rec *c, request_rec *r)
> and there are several structs, I guess one of them stores the key:
>
> SSLSrvConfigRec *sc;
> SSLConnRec *sslconn
> modssl_ctx_t *mctx;
> server_rec *server;
>
> Unfortunately, there is very less information about this on the Internet
> and I don't really know where to start.
> Can anyone give my a hint or tell me which variable stores the aes key?
>
> Thank you!
>
>
> --
> Sebastian
>
>
>
Re: symmetric aes key
Posted by Sebastian Biedermann <bi...@seceng.informatik.tu-darmstadt.de>.
Works perfect, thank you!!!
Am 06.12.2013 12:21, schrieb Yann Ylavic:
> Maybe the patch below can help.
>
> Disclaimer: this is just a POC, it is not thread safe (a single file
> is used)!!!
> You'll have to adjust that to your needs.
>
> SSL_SESSION_print will write all the session infos (including the
> master key) to the file.
> If you need the master key only, you could use session->master_key
> (with session->master_key_length).
>
> Using the ssl_callback_info() (in the SSL_CB_HANDSHAKE_DONE state)
> allows you to catch any (re)negotiation when finished.
>
> Regards,
> Yann.
>
>
> Index: modules/ssl/ssl_engine_kernel.c
> ===================================================================
> --- modules/ssl/ssl_engine_kernel.c (revision 1548486)
> +++ modules/ssl/ssl_engine_kernel.c (working copy)
> @@ -1989,6 +1989,15 @@ void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl
> scr->reneg_state = RENEG_REJECT;
> }
>
> + if ((where & SSL_CB_HANDSHAKE_DONE)) {
> + SSL_SESSION *session = SSL_get_session((SSL *)ssl);
> + if (session) {
> + BIO *bio = BIO_new_file("/path/to/sessions/file", "a");
> + SSL_SESSION_print(bio, session);
> + BIO_free(bio);
> + }
> + }
> +
> s = mySrvFromConn(c);
> if (s && s->loglevel >= APLOG_DEBUG) {
> log_tracing_state(ssl, c, s, where, rc);
> [END OF PATCH]
>
>
>
> On Fri, Dec 6, 2013 at 11:19 AM, Sebastian Biedermann
> <biedermann@seceng.informatik.tu-darmstadt.de
> <ma...@seceng.informatik.tu-darmstadt.de>> wrote:
>
> Dear developers,
>
> I work on a research project about SSL security.
> Currently, I'm trying to identify and write the negotiated
> symmetric AES key of a session to a file just by modifying the
> apache2-2.4.6 source code. Until now, I was not able to identify
> and locate the variable which temporary stores this key.
>
> In apache2-2.4.6/modules/ssl/*mod_ssl.c*
> a new ssl connection is initiated in
> int *ssl_init_ssl_connection*(conn_rec *c, request_rec *r)
> and there are several structs, I guess one of them stores the key:
>
> SSLSrvConfigRec *sc;
> SSLConnRec *sslconn
> modssl_ctx_t *mctx;
> server_rec *server;
>
> Unfortunately, there is very less information about this on the
> Internet
> and I don't really know where to start.
> Can anyone give my a hint or tell me which variable stores the aes
> key?
>
> Thank you!
>
>
> --
> Sebastian
>
>
--
Sebastian Biedermann
Security Engineering Group
Technische Universität Darmstadt
biedermann@seceng.informatik.tu-darmstadt.de
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this email
in error please notify the sender.
Re: symmetric aes key
Posted by Yann Ylavic <yl...@gmail.com>.
Maybe the patch below can help.
Disclaimer: this is just a POC, it is not thread safe (a single file is
used)!!!
You'll have to adjust that to your needs.
SSL_SESSION_print will write all the session infos (including the master
key) to the file.
If you need the master key only, you could use session->master_key (with
session->master_key_length).
Using the ssl_callback_info() (in the SSL_CB_HANDSHAKE_DONE state) allows
you to catch any (re)negotiation when finished.
Regards,
Yann.
Index: modules/ssl/ssl_engine_kernel.c
===================================================================
--- modules/ssl/ssl_engine_kernel.c (revision 1548486)
+++ modules/ssl/ssl_engine_kernel.c (working copy)
@@ -1989,6 +1989,15 @@ void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl
scr->reneg_state = RENEG_REJECT;
}
+ if ((where & SSL_CB_HANDSHAKE_DONE)) {
+ SSL_SESSION *session = SSL_get_session((SSL *)ssl);
+ if (session) {
+ BIO *bio = BIO_new_file("/path/to/sessions/file", "a");
+ SSL_SESSION_print(bio, session);
+ BIO_free(bio);
+ }
+ }
+
s = mySrvFromConn(c);
if (s && s->loglevel >= APLOG_DEBUG) {
log_tracing_state(ssl, c, s, where, rc);
[END OF PATCH]
On Fri, Dec 6, 2013 at 11:19 AM, Sebastian Biedermann <
biedermann@seceng.informatik.tu-darmstadt.de> wrote:
> Dear developers,
>
> I work on a research project about SSL security.
> Currently, I'm trying to identify and write the negotiated
> symmetric AES key of a session to a file just by modifying the
> apache2-2.4.6 source code. Until now, I was not able to identify
> and locate the variable which temporary stores this key.
>
> In apache2-2.4.6/modules/ssl/*mod_ssl.c*
> a new ssl connection is initiated in
> int *ssl_init_ssl_connection*(conn_rec *c, request_rec *r)
> and there are several structs, I guess one of them stores the key:
>
> SSLSrvConfigRec *sc;
> SSLConnRec *sslconn
> modssl_ctx_t *mctx;
> server_rec *server;
>
> Unfortunately, there is very less information about this on the Internet
> and I don't really know where to start.
> Can anyone give my a hint or tell me which variable stores the aes key?
>
> Thank you!
>
>
> --
> Sebastian
>
>
>