Home Explore Help
Sign In
OWEALs
/
curl
mirror of https://github.com/curl/curl.git
2
0
Fork 0
Files Issues 8 Wiki
Tree: 852aa5ad35
Branches Tags
curl
/
lib
/
vtls
/
keylog.c

keylog.c 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 
  1. /***************************************************************************
    2. 

  2.  *                                  _   _ ____  _
    3. 

  3.  *  Project                     ___| | | |  _ \| |
    4. 

  4.  *                             / __| | | | |_) | |
    5. 

  5.  *                            | (__| |_| |  _ <| |___
    6. 

  6.  *                             \___|\___/|_| \_\_____|
    7. 

  7.  *
    8. 

  8.  * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
    9. 

  9.  *
    10. 

  10.  * This software is licensed as described in the file COPYING, which
    11. 

  11.  * you should have received as part of this distribution. The terms
    12. 

  12.  * are also available at https://curl.se/docs/copyright.html.
    13. 

  13.  *
    14. 

  14.  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
    15. 

  15.  * copies of the Software, and permit persons to whom the Software is
    16. 

  16.  * furnished to do so, under the terms of the COPYING file.
    17. 

  17.  *
    18. 

  18.  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
    19. 

  19.  * KIND, either express or implied.
    20. 

  20.  *
    21. 

  21.  ***************************************************************************/
    22. 

  22. #include "curl_setup.h"
    23. 

  23. 

  24. #include "keylog.h"
    25. 

  25. 

  26. /* The last #include files should be: */
    27. 

  27. #include "curl_memory.h"
    28. 

  28. #include "memdebug.h"
    29. 

  29. 

  30. #define KEYLOG_LABEL_MAXLEN (sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET") - 1)
    31. 

  31. 

  32. #define CLIENT_RANDOM_SIZE  32
    33. 

  33. 

  34. /*
    35. 

  35.  * The master secret in TLS 1.2 and before is always 48 bytes. In TLS 1.3, the
    36. 

  36.  * secret size depends on the cipher suite's hash function which is 32 bytes
    37. 

  37.  * for SHA-256 and 48 bytes for SHA-384.
    38. 

  38.  */
    39. 

  39. #define SECRET_MAXLEN       48
    40. 

  40. 

  41. 

  42. /* The fp for the open SSLKEYLOGFILE, or NULL if not open */
    43. 

  43. static FILE *keylog_file_fp;
    44. 

  44. 

  45. void
    46. 

  46. Curl_tls_keylog_open(void)
    47. 

  47. {
    48. 

  48.   char *keylog_file_name;
    49. 

  49. 

  50.   if(!keylog_file_fp) {
    51. 

  51.     keylog_file_name = curl_getenv("SSLKEYLOGFILE");
    52. 

  52.     if(keylog_file_name) {
    53. 

  53.       keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
    54. 

  54.       if(keylog_file_fp) {
    55. 

  55. #ifdef WIN32
    56. 

  56.         if(setvbuf(keylog_file_fp, NULL, _IONBF, 0))
    57. 

  57. #else
    58. 

  58.         if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096))
    59. 

  59. #endif
    60. 

  60.         {
    61. 

  61.           fclose(keylog_file_fp);
    62. 

  62.           keylog_file_fp = NULL;
    63. 

  63.         }
    64. 

  64.       }
    65. 

  65.       Curl_safefree(keylog_file_name);
    66. 

  66.     }
    67. 

  67.   }
    68. 

  68. }
    69. 

  69. 

  70. void
    71. 

  71. Curl_tls_keylog_close(void)
    72. 

  72. {
    73. 

  73.   if(keylog_file_fp) {
    74. 

  74.     fclose(keylog_file_fp);
    75. 

  75.     keylog_file_fp = NULL;
    76. 

  76.   }
    77. 

  77. }
    78. 

  78. 

  79. bool
    80. 

  80. Curl_tls_keylog_enabled(void)
    81. 

  81. {
    82. 

  82.   return keylog_file_fp != NULL;
    83. 

  83. }
    84. 

  84. 

  85. bool
    86. 

  86. Curl_tls_keylog_write_line(const char *line)
    87. 

  87. {
    88. 

  88.   /* The current maximum valid keylog line length LF and NUL is 195. */
    89. 

  89.   size_t linelen;
    90. 

  90.   char buf[256];
    91. 

  91. 

  92.   if(!keylog_file_fp || !line) {
    93. 

  93.     return false;
    94. 

  94.   }
    95. 

  95. 

  96.   linelen = strlen(line);
    97. 

  97.   if(linelen == 0 || linelen > sizeof(buf) - 2) {
    98. 

  98.     /* Empty line or too big to fit in a LF and NUL. */
    99. 

  99.     return false;
    100. 

  100.   }
    101. 

  101. 

  102.   memcpy(buf, line, linelen);
    103. 

  103.   if(line[linelen - 1] != '\n') {
    104. 

  104.     buf[linelen++] = '\n';
    105. 

  105.   }
    106. 

  106.   buf[linelen] = '\0';
    107. 

  107. 

  108.   /* Using fputs here instead of fprintf since libcurl's fprintf replacement
    109. 

  109.      may not be thread-safe. */
    110. 

  110.   fputs(buf, keylog_file_fp);
    111. 

  111.   return true;
    112. 

  112. }
    113. 

  113. 

  114. bool
    115. 

  115. Curl_tls_keylog_write(const char *label,
    116. 

  116.                       const unsigned char client_random[CLIENT_RANDOM_SIZE],
    117. 

  117.                       const unsigned char *secret, size_t secretlen)
    118. 

  118. {
    119. 

  119.   const char *hex = "0123456789ABCDEF";
    120. 

  120.   size_t pos, i;
    121. 

  121.   char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +
    122. 

  122.             2 * SECRET_MAXLEN + 1 + 1];
    123. 

  123. 

  124.   if(!keylog_file_fp) {
    125. 

  125.     return false;
    126. 

  126.   }
    127. 

  127. 

  128.   pos = strlen(label);
    129. 

  129.   if(pos > KEYLOG_LABEL_MAXLEN || !secretlen || secretlen > SECRET_MAXLEN) {
    130. 

  130.     /* Should never happen - sanity check anyway. */
    131. 

  131.     return false;
    132. 

  132.   }
    133. 

  133. 

  134.   memcpy(line, label, pos);
    135. 

  135.   line[pos++] = ' ';
    136. 

  136. 

  137.   /* Client Random */
    138. 

  138.   for(i = 0; i < CLIENT_RANDOM_SIZE; i++) {
    139. 

  139.     line[pos++] = hex[client_random[i] >> 4];
    140. 

  140.     line[pos++] = hex[client_random[i] & 0xF];
    141. 

  141.   }
    142. 

  142.   line[pos++] = ' ';
    143. 

  143. 

  144.   /* Secret */
    145. 

  145.   for(i = 0; i < secretlen; i++) {
    146. 

  146.     line[pos++] = hex[secret[i] >> 4];
    147. 

  147.     line[pos++] = hex[secret[i] & 0xF];
    148. 

  148.   }
    149. 

  149.   line[pos++] = '\n';
    150. 

  150.   line[pos] = '\0';
    151. 

  151. 

  152.   /* Using fputs here instead of fprintf since libcurl's fprintf replacement
    153. 

  153.      may not be thread-safe. */
    154. 

  154.   fputs(line, keylog_file_fp);
    155. 

  155.   return true;
    156. 

  156. }
    157.