Home Explore Help
Sign In
OWEALs
/
curl
mirror of https://github.com/curl/curl.git
2
0
Fork 0
Files Issues 8 Wiki
Tree: b6e1afd069
Branches Tags
curl
/
lib
/
vtls
/
keylog.c

keylog.c 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 
  1. /***************************************************************************
    2. 

  2.  *                                  _   _ ____  _
    3. 

  3.  *  Project                     ___| | | |  _ \| |
    4. 

  4.  *                             / __| | | | |_) | |
    5. 

  5.  *                            | (__| |_| |  _ <| |___
    6. 

  6.  *                             \___|\___/|_| \_\_____|
    7. 

  7.  *
    8. 

  8.  * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
    9. 

  9.  *
    10. 

  10.  * This software is licensed as described in the file COPYING, which
    11. 

  11.  * you should have received as part of this distribution. The terms
    12. 

  12.  * are also available at https://curl.se/docs/copyright.html.
    13. 

  13.  *
    14. 

  14.  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
    15. 

  15.  * copies of the Software, and permit persons to whom the Software is
    16. 

  16.  * furnished to do so, under the terms of the COPYING file.
    17. 

  17.  *
    18. 

  18.  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
    19. 

  19.  * KIND, either express or implied.
    20. 

  20.  *
    21. 

  21.  * SPDX-License-Identifier: curl
    22. 

  22.  *
    23. 

  23.  ***************************************************************************/
    24. 

  24. #include "curl_setup.h"
    25. 

  25. 

  26. #include "keylog.h"
    27. 

  27. #include <curl/curl.h>
    28. 

  28. 

  29. /* The last #include files should be: */
    30. 

  30. #include "curl_memory.h"
    31. 

  31. #include "memdebug.h"
    32. 

  32. 

  33. #define KEYLOG_LABEL_MAXLEN (sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET") - 1)
    34. 

  34. 

  35. #define CLIENT_RANDOM_SIZE  32
    36. 

  36. 

  37. /*
    38. 

  38.  * The master secret in TLS 1.2 and before is always 48 bytes. In TLS 1.3, the
    39. 

  39.  * secret size depends on the cipher suite's hash function which is 32 bytes
    40. 

  40.  * for SHA-256 and 48 bytes for SHA-384.
    41. 

  41.  */
    42. 

  42. #define SECRET_MAXLEN       48
    43. 

  43. 

  44. 

  45. /* The fp for the open SSLKEYLOGFILE, or NULL if not open */
    46. 

  46. static FILE *keylog_file_fp;
    47. 

  47. 

  48. void
    49. 

  49. Curl_tls_keylog_open(void)
    50. 

  50. {
    51. 

  51.   char *keylog_file_name;
    52. 

  52. 

  53.   if(!keylog_file_fp) {
    54. 

  54.     keylog_file_name = curl_getenv("SSLKEYLOGFILE");
    55. 

  55.     if(keylog_file_name) {
    56. 

  56.       keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
    57. 

  57.       if(keylog_file_fp) {
    58. 

  58. #ifdef WIN32
    59. 

  59.         if(setvbuf(keylog_file_fp, NULL, _IONBF, 0))
    60. 

  60. #else
    61. 

  61.         if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096))
    62. 

  62. #endif
    63. 

  63.         {
    64. 

  64.           fclose(keylog_file_fp);
    65. 

  65.           keylog_file_fp = NULL;
    66. 

  66.         }
    67. 

  67.       }
    68. 

  68.       Curl_safefree(keylog_file_name);
    69. 

  69.     }
    70. 

  70.   }
    71. 

  71. }
    72. 

  72. 

  73. void
    74. 

  74. Curl_tls_keylog_close(void)
    75. 

  75. {
    76. 

  76.   if(keylog_file_fp) {
    77. 

  77.     fclose(keylog_file_fp);
    78. 

  78.     keylog_file_fp = NULL;
    79. 

  79.   }
    80. 

  80. }
    81. 

  81. 

  82. bool
    83. 

  83. Curl_tls_keylog_enabled(void)
    84. 

  84. {
    85. 

  85.   return keylog_file_fp != NULL;
    86. 

  86. }
    87. 

  87. 

  88. bool
    89. 

  89. Curl_tls_keylog_write_line(const char *line)
    90. 

  90. {
    91. 

  91.   /* The current maximum valid keylog line length LF and NUL is 195. */
    92. 

  92.   size_t linelen;
    93. 

  93.   char buf[256];
    94. 

  94. 

  95.   if(!keylog_file_fp || !line) {
    96. 

  96.     return false;
    97. 

  97.   }
    98. 

  98. 

  99.   linelen = strlen(line);
    100. 

  100.   if(linelen == 0 || linelen > sizeof(buf) - 2) {
    101. 

  101.     /* Empty line or too big to fit in a LF and NUL. */
    102. 

  102.     return false;
    103. 

  103.   }
    104. 

  104. 

  105.   memcpy(buf, line, linelen);
    106. 

  106.   if(line[linelen - 1] != '\n') {
    107. 

  107.     buf[linelen++] = '\n';
    108. 

  108.   }
    109. 

  109.   buf[linelen] = '\0';
    110. 

  110. 

  111.   /* Using fputs here instead of fprintf since libcurl's fprintf replacement
    112. 

  112.      may not be thread-safe. */
    113. 

  113.   fputs(buf, keylog_file_fp);
    114. 

  114.   return true;
    115. 

  115. }
    116. 

  116. 

  117. bool
    118. 

  118. Curl_tls_keylog_write(const char *label,
    119. 

  119.                       const unsigned char client_random[CLIENT_RANDOM_SIZE],
    120. 

  120.                       const unsigned char *secret, size_t secretlen)
    121. 

  121. {
    122. 

  122.   const char *hex = "0123456789ABCDEF";
    123. 

  123.   size_t pos, i;
    124. 

  124.   char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +
    125. 

  125.             2 * SECRET_MAXLEN + 1 + 1];
    126. 

  126. 

  127.   if(!keylog_file_fp) {
    128. 

  128.     return false;
    129. 

  129.   }
    130. 

  130. 

  131.   pos = strlen(label);
    132. 

  132.   if(pos > KEYLOG_LABEL_MAXLEN || !secretlen || secretlen > SECRET_MAXLEN) {
    133. 

  133.     /* Should never happen - sanity check anyway. */
    134. 

  134.     return false;
    135. 

  135.   }
    136. 

  136. 

  137.   memcpy(line, label, pos);
    138. 

  138.   line[pos++] = ' ';
    139. 

  139. 

  140.   /* Client Random */
    141. 

  141.   for(i = 0; i < CLIENT_RANDOM_SIZE; i++) {
    142. 

  142.     line[pos++] = hex[client_random[i] >> 4];
    143. 

  143.     line[pos++] = hex[client_random[i] & 0xF];
    144. 

  144.   }
    145. 

  145.   line[pos++] = ' ';
    146. 

  146. 

  147.   /* Secret */
    148. 

  148.   for(i = 0; i < secretlen; i++) {
    149. 

  149.     line[pos++] = hex[secret[i] >> 4];
    150. 

  150.     line[pos++] = hex[secret[i] & 0xF];
    151. 

  151.   }
    152. 

  152.   line[pos++] = '\n';
    153. 

  153.   line[pos] = '\0';
    154. 

  154. 

  155.   /* Using fputs here instead of fprintf since libcurl's fprintf replacement
    156. 

  156.      may not be thread-safe. */
    157. 

  157.   fputs(line, keylog_file_fp);
    158. 

  158.   return true;
    159. 

  159. }
    160.