Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: d5e1b311e2
Branches Tags
ydb
/
contrib
/
libs
/
curl
/
lib
/
vtls
/
keylog.c

keylog.c 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 
  1. /***************************************************************************
    2. 

  2.  *                                  _   _ ____  _
    3. 

  3.  *  Project                     ___| | | |  _ \| |
    4. 

  4.  *                             / __| | | | |_) | |
    5. 

  5.  *                            | (__| |_| |  _ <| |___
    6. 

  6.  *                             \___|\___/|_| \_\_____|
    7. 

  7.  *
    8. 

  8.  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
    9. 

  9.  *
    10. 

  10.  * This software is licensed as described in the file COPYING, which
    11. 

  11.  * you should have received as part of this distribution. The terms
    12. 

  12.  * are also available at https://curl.se/docs/copyright.html.
    13. 

  13.  *
    14. 

  14.  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
    15. 

  15.  * copies of the Software, and permit persons to whom the Software is
    16. 

  16.  * furnished to do so, under the terms of the COPYING file.
    17. 

  17.  *
    18. 

  18.  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
    19. 

  19.  * KIND, either express or implied.
    20. 

  20.  *
    21. 

  21.  * SPDX-License-Identifier: curl
    22. 

  22.  *
    23. 

  23.  ***************************************************************************/
    24. 

  24. #include "curl_setup.h"
    25. 

  25. 

  26. #if defined(USE_OPENSSL) || \
    27. 

  27.   defined(USE_WOLFSSL) || \
    28. 

  28.   (defined(USE_NGTCP2) && defined(USE_NGHTTP3)) || \
    29. 

  29.   defined(USE_QUICHE)
    30. 

  30. 

  31. #include "keylog.h"
    32. 

  32. #include <curl/curl.h>
    33. 

  33. 

  34. /* The last #include files should be: */
    35. 

  35. #include "curl_memory.h"
    36. 

  36. #include "memdebug.h"
    37. 

  37. 

  38. #define KEYLOG_LABEL_MAXLEN (sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET") - 1)
    39. 

  39. 

  40. #define CLIENT_RANDOM_SIZE  32
    41. 

  41. 

  42. /*
    43. 

  43.  * The master secret in TLS 1.2 and before is always 48 bytes. In TLS 1.3, the
    44. 

  44.  * secret size depends on the cipher suite's hash function which is 32 bytes
    45. 

  45.  * for SHA-256 and 48 bytes for SHA-384.
    46. 

  46.  */
    47. 

  47. #define SECRET_MAXLEN       48
    48. 

  48. 

  49. 

  50. /* The fp for the open SSLKEYLOGFILE, or NULL if not open */
    51. 

  51. static FILE *keylog_file_fp;
    52. 

  52. 

  53. void
    54. 

  54. Curl_tls_keylog_open(void)
    55. 

  55. {
    56. 

  56.   char *keylog_file_name;
    57. 

  57. 

  58.   if(!keylog_file_fp) {
    59. 

  59.     keylog_file_name = curl_getenv("SSLKEYLOGFILE");
    60. 

  60.     if(keylog_file_name) {
    61. 

  61.       keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
    62. 

  62.       if(keylog_file_fp) {
    63. 

  63. #ifdef _WIN32
    64. 

  64.         if(setvbuf(keylog_file_fp, NULL, _IONBF, 0))
    65. 

  65. #else
    66. 

  66.         if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096))
    67. 

  67. #endif
    68. 

  68.         {
    69. 

  69.           fclose(keylog_file_fp);
    70. 

  70.           keylog_file_fp = NULL;
    71. 

  71.         }
    72. 

  72.       }
    73. 

  73.       Curl_safefree(keylog_file_name);
    74. 

  74.     }
    75. 

  75.   }
    76. 

  76. }
    77. 

  77. 

  78. void
    79. 

  79. Curl_tls_keylog_close(void)
    80. 

  80. {
    81. 

  81.   if(keylog_file_fp) {
    82. 

  82.     fclose(keylog_file_fp);
    83. 

  83.     keylog_file_fp = NULL;
    84. 

  84.   }
    85. 

  85. }
    86. 

  86. 

  87. bool
    88. 

  88. Curl_tls_keylog_enabled(void)
    89. 

  89. {
    90. 

  90.   return keylog_file_fp != NULL;
    91. 

  91. }
    92. 

  92. 

  93. bool
    94. 

  94. Curl_tls_keylog_write_line(const char *line)
    95. 

  95. {
    96. 

  96.   /* The current maximum valid keylog line length LF and NUL is 195. */
    97. 

  97.   size_t linelen;
    98. 

  98.   char buf[256];
    99. 

  99. 

  100.   if(!keylog_file_fp || !line) {
    101. 

  101.     return false;
    102. 

  102.   }
    103. 

  103. 

  104.   linelen = strlen(line);
    105. 

  105.   if(linelen == 0 || linelen > sizeof(buf) - 2) {
    106. 

  106.     /* Empty line or too big to fit in a LF and NUL. */
    107. 

  107.     return false;
    108. 

  108.   }
    109. 

  109. 

  110.   memcpy(buf, line, linelen);
    111. 

  111.   if(line[linelen - 1] != '\n') {
    112. 

  112.     buf[linelen++] = '\n';
    113. 

  113.   }
    114. 

  114.   buf[linelen] = '\0';
    115. 

  115. 

  116.   /* Using fputs here instead of fprintf since libcurl's fprintf replacement
    117. 

  117.      may not be thread-safe. */
    118. 

  118.   fputs(buf, keylog_file_fp);
    119. 

  119.   return true;
    120. 

  120. }
    121. 

  121. 

  122. bool
    123. 

  123. Curl_tls_keylog_write(const char *label,
    124. 

  124.                       const unsigned char client_random[CLIENT_RANDOM_SIZE],
    125. 

  125.                       const unsigned char *secret, size_t secretlen)
    126. 

  126. {
    127. 

  127.   const char *hex = "0123456789ABCDEF";
    128. 

  128.   size_t pos, i;
    129. 

  129.   char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +
    130. 

  130.             2 * SECRET_MAXLEN + 1 + 1];
    131. 

  131. 

  132.   if(!keylog_file_fp) {
    133. 

  133.     return false;
    134. 

  134.   }
    135. 

  135. 

  136.   pos = strlen(label);
    137. 

  137.   if(pos > KEYLOG_LABEL_MAXLEN || !secretlen || secretlen > SECRET_MAXLEN) {
    138. 

  138.     /* Should never happen - sanity check anyway. */
    139. 

  139.     return false;
    140. 

  140.   }
    141. 

  141. 

  142.   memcpy(line, label, pos);
    143. 

  143.   line[pos++] = ' ';
    144. 

  144. 

  145.   /* Client Random */
    146. 

  146.   for(i = 0; i < CLIENT_RANDOM_SIZE; i++) {
    147. 

  147.     line[pos++] = hex[client_random[i] >> 4];
    148. 

  148.     line[pos++] = hex[client_random[i] & 0xF];
    149. 

  149.   }
    150. 

  150.   line[pos++] = ' ';
    151. 

  151. 

  152.   /* Secret */
    153. 

  153.   for(i = 0; i < secretlen; i++) {
    154. 

  154.     line[pos++] = hex[secret[i] >> 4];
    155. 

  155.     line[pos++] = hex[secret[i] & 0xF];
    156. 

  156.   }
    157. 

  157.   line[pos++] = '\n';
    158. 

  158.   line[pos] = '\0';
    159. 

  159. 

  160.   /* Using fputs here instead of fprintf since libcurl's fprintf replacement
    161. 

  161.      may not be thread-safe. */
    162. 

  162.   fputs(line, keylog_file_fp);
    163. 

  163.   return true;
    164. 

  164. }
    165. 

  165. 

  166. #endif  /* TLS or QUIC backend */
    167.