WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #7372 from julek-wolfssl/zd/17435 

Add secret logging callback to TLS <= 1.2
pull/7475/head
Sean Parkinson 2024-04-26 09:41:58 +10:00 committed by GitHub
parent 5ee0e34d89 c62faa048c
commit c8e51112c3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 91 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/internal.c
View File

@ -7583,6 +7583,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
defined(WOLFSSL_SSLKEYLOGFILE) && defined(WOLFSSL_TLS13)
(void)wolfSSL_set_tls13_secret_cb(ssl, tls13ShowSecrets, NULL);
#endif
#if defined(HAVE_SECRET_CALLBACK) && defined(SHOW_SECRETS)
(void)wolfSSL_set_secret_cb(ssl, tlsShowSecrets, NULL);
#endif
#ifdef WOLFSSL_DUAL_ALG_CERTS
ssl->sigSpec = ctx->sigSpec;
ssl->sigSpecSz = ctx->sigSpecSz;

69
src/ssl.c
View File

@ -8236,6 +8236,75 @@ int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
return WOLFSSL_SUCCESS;
}
int wolfSSL_set_secret_cb(WOLFSSL* ssl, TlsSecretCb cb, void* ctx)
{
WOLFSSL_ENTER("wolfSSL_set_secret_cb");
if (ssl == NULL)
return WOLFSSL_FATAL_ERROR;
ssl->tlsSecretCb = cb;
ssl->tlsSecretCtx = ctx;
return WOLFSSL_SUCCESS;
}
#ifdef SHOW_SECRETS
int tlsShowSecrets(WOLFSSL* ssl, void* secret, int secretSz,
void* ctx)
{
/* Wireshark Pre-Master-Secret Format:
* CLIENT_RANDOM <clientrandom> <mastersecret>
*/
const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM";
int i, pmsPos = 0;
char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1];
byte clientRandom[RAN_LEN];
int clientRandomSz;
(void)ctx;
clientRandomSz = (int)wolfSSL_get_client_random(ssl, clientRandom,
sizeof(clientRandom));
if (clientRandomSz <= 0) {
printf("Error getting server random %d\n", clientRandomSz);
return BAD_FUNC_ARG;
}
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ",
CLIENT_RANDOM_LABEL);
pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1;
for (i = 0; i < clientRandomSz; i++) {
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
clientRandom[i]);
pmsPos += 2;
}
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " ");
pmsPos += 1;
for (i = 0; i < secretSz; i++) {
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
((byte*)secret)[i]);
pmsPos += 2;
}
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n");
pmsPos += 1;
/* print master secret */
puts(pmsBuf);
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
{
FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a");
if (f != XBADFILE) {
XFWRITE(pmsBuf, 1, pmsPos, f);
XFCLOSE(f);
}
}
#endif
return 0;
}
#endif /* SHOW_SECRETS */
#endif

46
src/tls.c
View File

@ -586,47 +586,13 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
ssl->specs.mac_algorithm, ssl->heap, ssl->devId);
}
}
#ifdef HAVE_SECRET_CALLBACK
if (ret == 0 && ssl->tlsSecretCb != NULL) {
ret = ssl->tlsSecretCb(ssl, ssl->arrays->masterSecret,
SECRET_LEN, ssl->tlsSecretCtx);
}
#endif /* HAVE_SECRET_CALLBACK */
if (ret == 0) {
#ifdef SHOW_SECRETS
/* Wireshark Pre-Master-Secret Format:
* CLIENT_RANDOM <clientrandom> <mastersecret>
*/
const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM";
int i, pmsPos = 0;
char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1];
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ",
CLIENT_RANDOM_LABEL);
pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1;
for (i = 0; i < RAN_LEN; i++) {
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
ssl->arrays->clientRandom[i]);
pmsPos += 2;
}
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " ");
pmsPos += 1;
for (i = 0; i < SECRET_LEN; i++) {
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
ssl->arrays->masterSecret[i]);
pmsPos += 2;
}
XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n");
pmsPos += 1;
/* print master secret */
puts(pmsBuf);
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
{
FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a");
if (f != XBADFILE) {
XFWRITE(pmsBuf, 1, pmsPos, f);
XFCLOSE(f);
}
}
#endif
#endif /* SHOW_SECRETS */
ret = DeriveTlsKeys(ssl);
}

1
src/tls13.c
View File

@ -14776,6 +14776,7 @@ int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret,
if (clientRandomSz <= 0) {
printf("Error getting server random %d\n", clientRandomSz);
return BAD_FUNC_ARG;
}
#if 0

7
wolfssl/internal.h
View File

@ -5869,6 +5869,8 @@ struct WOLFSSL {
#ifdef HAVE_SECRET_CALLBACK
SessionSecretCb sessionSecretCb;
void* sessionSecretCtx;
TlsSecretCb tlsSecretCb;
void* tlsSecretCtx;
#ifdef WOLFSSL_TLS13
Tls13SecretCb tls13SecretCb;
void* tls13SecretCtx;
@ -6749,6 +6751,11 @@ WOLFSSL_LOCAL int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* se
int secretSz, void* ctx);
#endif
#if defined(SHOW_SECRETS)
WOLFSSL_LOCAL int tlsShowSecrets(WOLFSSL* ssl, void* secret,
int secretSz, void* ctx);
#endif
/* Optional Pre-Master-Secret logging for Wireshark */
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
#ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT

5
wolfssl/ssl.h
View File

@ -1365,8 +1365,13 @@ WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx
#ifdef HAVE_SECRET_CALLBACK
typedef int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz,
void* ctx);
/* This callback is used to set the master secret during resumption */
WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb,
void*);
typedef int (*TlsSecretCb)(WOLFSSL* ssl, void* secret, int secretSz,
void* ctx);
/* This callback is used to log the secret for TLS <= 1.2 */
WOLFSSL_API int wolfSSL_set_secret_cb(WOLFSSL* ssl, TlsSecretCb cb, void* ctx);
#ifdef WOLFSSL_TLS13
typedef int (*Tls13SecretCb)(WOLFSSL* ssl, int id, const unsigned char* secret,
int secretSz, void* ctx);