keylog.c 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.haxx.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "curl_setup.h"
  23. #include "keylog.h"
  24. /* The last #include files should be: */
  25. #include "curl_memory.h"
  26. #include "memdebug.h"
  27. #define KEYLOG_LABEL_MAXLEN (sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET") - 1)
  28. #define CLIENT_RANDOM_SIZE 32
  29. /*
  30. * The master secret in TLS 1.2 and before is always 48 bytes. In TLS 1.3, the
  31. * secret size depends on the cipher suite's hash function which is 32 bytes
  32. * for SHA-256 and 48 bytes for SHA-384.
  33. */
  34. #define SECRET_MAXLEN 48
  35. /* The fp for the open SSLKEYLOGFILE, or NULL if not open */
  36. static FILE *keylog_file_fp;
  37. void
  38. Curl_tls_keylog_open(void)
  39. {
  40. char *keylog_file_name;
  41. if(!keylog_file_fp) {
  42. keylog_file_name = curl_getenv("SSLKEYLOGFILE");
  43. if(keylog_file_name) {
  44. keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
  45. if(keylog_file_fp) {
  46. #ifdef WIN32
  47. if(setvbuf(keylog_file_fp, NULL, _IONBF, 0))
  48. #else
  49. if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096))
  50. #endif
  51. {
  52. fclose(keylog_file_fp);
  53. keylog_file_fp = NULL;
  54. }
  55. }
  56. Curl_safefree(keylog_file_name);
  57. }
  58. }
  59. }
  60. void
  61. Curl_tls_keylog_close(void)
  62. {
  63. if(keylog_file_fp) {
  64. fclose(keylog_file_fp);
  65. keylog_file_fp = NULL;
  66. }
  67. }
  68. bool
  69. Curl_tls_keylog_enabled(void)
  70. {
  71. return keylog_file_fp != NULL;
  72. }
  73. bool
  74. Curl_tls_keylog_write_line(const char *line)
  75. {
  76. /* The current maximum valid keylog line length LF and NUL is 195. */
  77. size_t linelen;
  78. char buf[256];
  79. if(!keylog_file_fp || !line) {
  80. return false;
  81. }
  82. linelen = strlen(line);
  83. if(linelen == 0 || linelen > sizeof(buf) - 2) {
  84. /* Empty line or too big to fit in a LF and NUL. */
  85. return false;
  86. }
  87. memcpy(buf, line, linelen);
  88. if(line[linelen - 1] != '\n') {
  89. buf[linelen++] = '\n';
  90. }
  91. buf[linelen] = '\0';
  92. /* Using fputs here instead of fprintf since libcurl's fprintf replacement
  93. may not be thread-safe. */
  94. fputs(buf, keylog_file_fp);
  95. return true;
  96. }
  97. bool
  98. Curl_tls_keylog_write(const char *label,
  99. const unsigned char client_random[CLIENT_RANDOM_SIZE],
  100. const unsigned char *secret, size_t secretlen)
  101. {
  102. const char *hex = "0123456789ABCDEF";
  103. size_t pos, i;
  104. char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +
  105. 2 * SECRET_MAXLEN + 1 + 1];
  106. if(!keylog_file_fp) {
  107. return false;
  108. }
  109. pos = strlen(label);
  110. if(pos > KEYLOG_LABEL_MAXLEN || !secretlen || secretlen > SECRET_MAXLEN) {
  111. /* Should never happen - sanity check anyway. */
  112. return false;
  113. }
  114. memcpy(line, label, pos);
  115. line[pos++] = ' ';
  116. /* Client Random */
  117. for(i = 0; i < CLIENT_RANDOM_SIZE; i++) {
  118. line[pos++] = hex[client_random[i] >> 4];
  119. line[pos++] = hex[client_random[i] & 0xF];
  120. }
  121. line[pos++] = ' ';
  122. /* Secret */
  123. for(i = 0; i < secretlen; i++) {
  124. line[pos++] = hex[secret[i] >> 4];
  125. line[pos++] = hex[secret[i] & 0xF];
  126. }
  127. line[pos++] = '\n';
  128. line[pos] = '\0';
  129. /* Using fputs here instead of fprintf since libcurl's fprintf replacement
  130. may not be thread-safe. */
  131. fputs(line, keylog_file_fp);
  132. return true;
  133. }