keylog.c 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "curl_setup.h"
  25. #include "keylog.h"
  26. #include <curl/curl.h>
  27. /* The last #include files should be: */
  28. #include "curl_memory.h"
  29. #include "memdebug.h"
  30. #define KEYLOG_LABEL_MAXLEN (sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET") - 1)
  31. #define CLIENT_RANDOM_SIZE 32
  32. /*
  33. * The master secret in TLS 1.2 and before is always 48 bytes. In TLS 1.3, the
  34. * secret size depends on the cipher suite's hash function which is 32 bytes
  35. * for SHA-256 and 48 bytes for SHA-384.
  36. */
  37. #define SECRET_MAXLEN 48
  38. /* The fp for the open SSLKEYLOGFILE, or NULL if not open */
  39. static FILE *keylog_file_fp;
  40. void
  41. Curl_tls_keylog_open(void)
  42. {
  43. char *keylog_file_name;
  44. if(!keylog_file_fp) {
  45. keylog_file_name = curl_getenv("SSLKEYLOGFILE");
  46. if(keylog_file_name) {
  47. keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
  48. if(keylog_file_fp) {
  49. #ifdef WIN32
  50. if(setvbuf(keylog_file_fp, NULL, _IONBF, 0))
  51. #else
  52. if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096))
  53. #endif
  54. {
  55. fclose(keylog_file_fp);
  56. keylog_file_fp = NULL;
  57. }
  58. }
  59. Curl_safefree(keylog_file_name);
  60. }
  61. }
  62. }
  63. void
  64. Curl_tls_keylog_close(void)
  65. {
  66. if(keylog_file_fp) {
  67. fclose(keylog_file_fp);
  68. keylog_file_fp = NULL;
  69. }
  70. }
  71. bool
  72. Curl_tls_keylog_enabled(void)
  73. {
  74. return keylog_file_fp != NULL;
  75. }
  76. bool
  77. Curl_tls_keylog_write_line(const char *line)
  78. {
  79. /* The current maximum valid keylog line length LF and NUL is 195. */
  80. size_t linelen;
  81. char buf[256];
  82. if(!keylog_file_fp || !line) {
  83. return false;
  84. }
  85. linelen = strlen(line);
  86. if(linelen == 0 || linelen > sizeof(buf) - 2) {
  87. /* Empty line or too big to fit in a LF and NUL. */
  88. return false;
  89. }
  90. memcpy(buf, line, linelen);
  91. if(line[linelen - 1] != '\n') {
  92. buf[linelen++] = '\n';
  93. }
  94. buf[linelen] = '\0';
  95. /* Using fputs here instead of fprintf since libcurl's fprintf replacement
  96. may not be thread-safe. */
  97. fputs(buf, keylog_file_fp);
  98. return true;
  99. }
  100. bool
  101. Curl_tls_keylog_write(const char *label,
  102. const unsigned char client_random[CLIENT_RANDOM_SIZE],
  103. const unsigned char *secret, size_t secretlen)
  104. {
  105. const char *hex = "0123456789ABCDEF";
  106. size_t pos, i;
  107. char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +
  108. 2 * SECRET_MAXLEN + 1 + 1];
  109. if(!keylog_file_fp) {
  110. return false;
  111. }
  112. pos = strlen(label);
  113. if(pos > KEYLOG_LABEL_MAXLEN || !secretlen || secretlen > SECRET_MAXLEN) {
  114. /* Should never happen - sanity check anyway. */
  115. return false;
  116. }
  117. memcpy(line, label, pos);
  118. line[pos++] = ' ';
  119. /* Client Random */
  120. for(i = 0; i < CLIENT_RANDOM_SIZE; i++) {
  121. line[pos++] = hex[client_random[i] >> 4];
  122. line[pos++] = hex[client_random[i] & 0xF];
  123. }
  124. line[pos++] = ' ';
  125. /* Secret */
  126. for(i = 0; i < secretlen; i++) {
  127. line[pos++] = hex[secret[i] >> 4];
  128. line[pos++] = hex[secret[i] & 0xF];
  129. }
  130. line[pos++] = '\n';
  131. line[pos] = '\0';
  132. /* Using fputs here instead of fprintf since libcurl's fprintf replacement
  133. may not be thread-safe. */
  134. fputs(line, keylog_file_fp);
  135. return true;
  136. }