dump DTLS cert and keys

11 years ago · 37d98ad3ed
parent a81588e313
commit 37d98ad3ed
3 changed files with 76 additions and 0 deletions
--- a/daemon/crypto.c
+++ b/daemon/crypto.c
@ -550,3 +550,25 @@ static int null_crypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s
 static int null_crypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, u_int64_t idx) {
 	return 0;
 }
+
+static void dump_key(struct crypto_context *c) {
+	char *k, *s;
+
+	k = g_base64_encode(c->params.master_key, c->params.crypto_suite->master_key_len);
+	s = g_base64_encode(c->params.master_salt, c->params.crypto_suite->master_salt_len);
+
+	ilog(LOG_DEBUG, "--- %s key %s salt %s", c->params.crypto_suite->name, k, s);
+
+	g_free(k);
+	g_free(s);
+}
+
+void crypto_dump_keys(struct crypto_context *in, struct crypto_context *out) {
+	if (get_log_level() < LOG_DEBUG)
+		return;
+
+	ilog(LOG_DEBUG, "SRTP keys, incoming:");
+	dump_key(in);
+	ilog(LOG_DEBUG, "SRTP keys, outgoing:");
+	dump_key(out);
+}
--- a/daemon/crypto.h
+++ b/daemon/crypto.h
@ -92,6 +92,10 @@ extern const int num_crypto_suites;

 const struct crypto_suite *crypto_find_suite(const str *);
 int crypto_gen_session_key(struct crypto_context *, str *, unsigned char, int);
+void crypto_dump_keys(struct crypto_context *in, struct crypto_context *out);
+
+
+

 INLINE int crypto_encrypt_rtp(struct crypto_context *c, struct rtp_header *rtp,
 		str *payload, u_int64_t index)
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@ -112,6 +112,52 @@ static void cert_free(void *p) {
 		X509_free(cert->x509);
 }

+static void buf_dump_free(char *buf, size_t len) {
+	char *p, *f;
+	int llen;
+
+	p = buf;
+	while (len) {
+		f = memchr(p, '\n', len);
+		if (f)
+			llen = f - p;
+		else
+			llen = len;
+
+		ilog(LOG_DEBUG, "--- %.*s", llen, p);
+
+		len -= llen + 1;
+		p = f + 1;
+	}
+
+	free(buf);
+}
+
+static void dump_cert(struct dtls_cert *cert) {
+	FILE *fp;
+	char *buf;
+	size_t len;
+
+	if (get_log_level() < LOG_DEBUG)
+		return;
+
+	/* cert */
+	fp = open_memstream(&buf, &len);
+	PEM_write_X509(fp, cert->x509);
+	fclose(fp);
+
+	ilog(LOG_DEBUG, "Dump of DTLS certificate:");
+	buf_dump_free(buf, len);
+
+	/* key */
+	fp = open_memstream(&buf, &len);
+	PEM_write_PrivateKey(fp, cert->pkey, NULL, NULL, 0, 0, NULL);
+	fclose(fp);
+
+	ilog(LOG_DEBUG, "Dump of DTLS private key:");
+	buf_dump_free(buf, len);
+}
+
 static int cert_init() {
 	X509 *x509 = NULL;
 	EVP_PKEY *pkey = NULL;
@ -202,6 +248,8 @@ static int cert_init() {
 	new_cert->pkey = pkey;
 	new_cert->expires = time(NULL) + CERT_EXPIRY_TIME;

+	dump_cert(new_cert);
+
 	/* swap out certs */

 	rwlock_lock_w(&__dtls_cert_lock);
@ -567,6 +615,8 @@ found:
 		crypto_init(&ps->sfd->crypto, &client);
 	}

+	crypto_dump_keys(&ps->crypto, &ps->sfd->crypto);
+
 	return 0;

 error: