1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22 #include "curl_setup.h"
23
24 #include "keylog.h"
25
26 /* The last #include files should be: */
27 #include "curl_memory.h"
28 #include "memdebug.h"
29
30 #define KEYLOG_LABEL_MAXLEN (sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET") - 1)
31
32 #define CLIENT_RANDOM_SIZE 32
33
34 /*
35 * The master secret in TLS 1.2 and before is always 48 bytes. In TLS 1.3, the
36 * secret size depends on the cipher suite's hash function which is 32 bytes
37 * for SHA-256 and 48 bytes for SHA-384.
38 */
39 #define SECRET_MAXLEN 48
40
41
42 /* The fp for the open SSLKEYLOGFILE, or NULL if not open */
43 static FILE *keylog_file_fp;
44
45 void
Curl_tls_keylog_open(void)46 Curl_tls_keylog_open(void)
47 {
48 char *keylog_file_name;
49
50 if(!keylog_file_fp) {
51 keylog_file_name = curl_getenv("SSLKEYLOGFILE");
52 if(keylog_file_name) {
53 keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
54 if(keylog_file_fp) {
55 #ifdef WIN32
56 if(setvbuf(keylog_file_fp, NULL, _IONBF, 0))
57 #else
58 if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096))
59 #endif
60 {
61 fclose(keylog_file_fp);
62 keylog_file_fp = NULL;
63 }
64 }
65 Curl_safefree(keylog_file_name);
66 }
67 }
68 }
69
70 void
Curl_tls_keylog_close(void)71 Curl_tls_keylog_close(void)
72 {
73 if(keylog_file_fp) {
74 fclose(keylog_file_fp);
75 keylog_file_fp = NULL;
76 }
77 }
78
79 bool
Curl_tls_keylog_enabled(void)80 Curl_tls_keylog_enabled(void)
81 {
82 return keylog_file_fp != NULL;
83 }
84
85 bool
Curl_tls_keylog_write_line(const char * line)86 Curl_tls_keylog_write_line(const char *line)
87 {
88 /* The current maximum valid keylog line length LF and NUL is 195. */
89 size_t linelen;
90 char buf[256];
91
92 if(!keylog_file_fp || !line) {
93 return false;
94 }
95
96 linelen = strlen(line);
97 if(linelen == 0 || linelen > sizeof(buf) - 2) {
98 /* Empty line or too big to fit in a LF and NUL. */
99 return false;
100 }
101
102 memcpy(buf, line, linelen);
103 if(line[linelen - 1] != '\n') {
104 buf[linelen++] = '\n';
105 }
106 buf[linelen] = '\0';
107
108 /* Using fputs here instead of fprintf since libcurl's fprintf replacement
109 may not be thread-safe. */
110 fputs(buf, keylog_file_fp);
111 return true;
112 }
113
114 bool
Curl_tls_keylog_write(const char * label,const unsigned char client_random[CLIENT_RANDOM_SIZE],const unsigned char * secret,size_t secretlen)115 Curl_tls_keylog_write(const char *label,
116 const unsigned char client_random[CLIENT_RANDOM_SIZE],
117 const unsigned char *secret, size_t secretlen)
118 {
119 const char *hex = "0123456789ABCDEF";
120 size_t pos, i;
121 char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +
122 2 * SECRET_MAXLEN + 1 + 1];
123
124 if(!keylog_file_fp) {
125 return false;
126 }
127
128 pos = strlen(label);
129 if(pos > KEYLOG_LABEL_MAXLEN || !secretlen || secretlen > SECRET_MAXLEN) {
130 /* Should never happen - sanity check anyway. */
131 return false;
132 }
133
134 memcpy(line, label, pos);
135 line[pos++] = ' ';
136
137 /* Client Random */
138 for(i = 0; i < CLIENT_RANDOM_SIZE; i++) {
139 line[pos++] = hex[client_random[i] >> 4];
140 line[pos++] = hex[client_random[i] & 0xF];
141 }
142 line[pos++] = ' ';
143
144 /* Secret */
145 for(i = 0; i < secretlen; i++) {
146 line[pos++] = hex[secret[i] >> 4];
147 line[pos++] = hex[secret[i] & 0xF];
148 }
149 line[pos++] = '\n';
150 line[pos] = '\0';
151
152 /* Using fputs here instead of fprintf since libcurl's fprintf replacement
153 may not be thread-safe. */
154 fputs(line, keylog_file_fp);
155 return true;
156 }
157