session server tls UPDATE add tls keylog support

Author: roman

src/session_mbedtls.c

@@ -22,6 +22,7 @@
 #include <ctype.h>
 #include <errno.h>
 #include <poll.h>
+#include <pthread.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -50,6 +51,8 @@
 #include <mbedtls/x509_crl.h>
 #include <mbedtls/x509_crt.h>
 
+extern struct nc_server_opts server_opts;
+
 /**
  * @brief Converts mbedTLS error codes to a string.
  *
@@ -220,6 +223,9 @@ nc_tls_session_destroy_wrap(void *tls_session)
 {
     mbedtls_ssl_free(tls_session);
     free(tls_session);
+
+    /* close keylog file if needed */
+    nc_tls_keylog_close();
 }
 
 void *
@@ -1923,3 +1929,98 @@ nc_tls_get_cert_exp_time_wrap(void *cert)
 
     return timegm(&t);
 }
+
+/**
+ * @brief Convert the MbedTLS key export type to a label for the keylog file.
+ *
+ * @param[in] type MbedTLS key export type.
+ * @return Label for the keylog file or NULL if the type is not supported.
+ */
+static const char *
+nc_tls_keylog_type2label(mbedtls_ssl_key_export_type type)
+{
+    switch (type) {
+    case MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET:
+        return "CLIENT_RANDOM";
+#ifdef MBEDTLS_SSL_PROTO_TLS1_3
+    case MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET:
+        return "CLIENT_HANDSHAKE_TRAFFIC_SECRET";
+    case MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET:
+        return "SERVER_HANDSHAKE_TRAFFIC_SECRET";
+    case MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET:
+        return "CLIENT_TRAFFIC_SECRET_0";
+    case MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET:
+        return "SERVER_TRAFFIC_SECRET_0";
+#endif
+    default:
+        return NULL;
+    }
+}
+
+/**
+ * @brief Callback for writing a line in the keylog file.
+ */
+static void
+nc_tls_keylog_write_line(void *UNUSED(p_expkey), mbedtls_ssl_key_export_type type, const unsigned char *secret,
+        size_t secret_len, const unsigned char client_random[32],
+        const unsigned char UNUSED(server_random[32]), mbedtls_tls_prf_types UNUSED(tls_prf_type))
+{
+    size_t linelen, len = 0, i, client_random_len;
+    char buf[256];
+    const char *label;
+
+    /* LOCK */
+    pthread_mutex_lock(&server_opts.keylog_data.lock);
+
+    if (!server_opts.keylog_data.f) {
+        goto cleanup;
+    }
+
+    label = nc_tls_keylog_type2label(type);
+    if (!label) {
+        /* type not supported */
+        goto cleanup;
+    }
+
+    /* <Label> <space> 0x<ClientRandom> <space> 0x<Secret> */
+    linelen = strlen(label) + 1 + 2 * 32 + 1 + 2 * secret_len + 1;
+    if (linelen > sizeof(buf)) {
+        /* sanity check, should not happen since the max len should be 196 bytes */
+        goto cleanup;
+    }
+
+    /* write the label */
+    len += sprintf(buf + len, "%s ", label);
+
+    /* write the client random */
+    client_random_len = 32;
+    for (i = 0; i < client_random_len; i++) {
+        len += sprintf(buf + len, "%02x", client_random[i]);
+    }
+    len += sprintf(buf + len, " ");
+
+    /* write the secret */
+    for (i = 0; i < secret_len; i++) {
+        len += sprintf(buf + len, "%02x", secret[i]);
+    }
+
+    len += sprintf(buf + len, "\n");
+    buf[len] = '\0';
+
+    if (len != linelen) {
+        goto cleanup;
+    }
+
+    fputs(buf, server_opts.keylog_data.f);
+    fflush(server_opts.keylog_data.f);
+
+cleanup:
+    /* UNLOCK */
+    pthread_mutex_unlock(&server_opts.keylog_data.lock);
+}
+
+void
+nc_tls_keylog_session_wrap(void *session)
+{
+    mbedtls_ssl_set_export_keys_cb(session, nc_tls_keylog_write_line, NULL);
+}

src/session_openssl.c

@@ -21,6 +21,7 @@
 
 #include <ctype.h>
 #include <poll.h>
+#include <pthread.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -43,6 +44,8 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+extern struct nc_server_opts server_opts;
+
 void *
 nc_tls_session_new_wrap(void *tls_cfg)
 {
@@ -61,6 +64,9 @@ void
 nc_tls_session_destroy_wrap(void *tls_session)
 {
     SSL_free(tls_session);
+
+    /* close keylog file if needed */
+    nc_tls_keylog_close();
 }
 
 void *
@@ -1449,3 +1455,52 @@ nc_tls_get_cert_exp_time_wrap(void *cert)
 
     return timegm(&t);
 }
+
+/**
+ * @brief Callback for writing a line in the keylog file.
+ */
+static void
+nc_tls_keylog_write_line(const SSL *UNUSED(ssl), const char *line)
+{
+    size_t linelen;
+    char buf[256];
+
+    /* LOCK */
+    pthread_mutex_lock(&server_opts.keylog_data.lock);
+
+    if (!server_opts.keylog_data.f || !line) {
+        goto cleanup;
+    }
+
+    /* linelen should not exceed 196 bytes, so 256 should be enough */
+    linelen = strlen(line);
+    if (!linelen || (linelen > sizeof(buf) - 2)) {
+        goto cleanup;
+    }
+
+    memcpy(buf, line, linelen);
+    if (line[linelen - 1] != '\n') {
+        buf[linelen++] = '\n';
+    }
+    buf[linelen] = '\0';
+
+    fputs(buf, server_opts.keylog_data.f);
+    fflush(server_opts.keylog_data.f);
+
+cleanup:
+    /* UNLOCK */
+    pthread_mutex_unlock(&server_opts.keylog_data.lock);
+}
+
+void
+nc_tls_keylog_session_wrap(void *session)
+{
+    SSL_CTX *ctx;
+
+    ctx = SSL_get_SSL_CTX(session);
+    if (!ctx) {
+        return;
+    }
+
+    SSL_CTX_set_keylog_callback(ctx, nc_tls_keylog_write_line);
+}

src/session_p.h

@@ -625,6 +625,15 @@ struct nc_server_opts {
         } *intervals;
         int interval_count;                 /**< Number of intervals. */
     } cert_exp_notif;
+
+    /**
+     * @brief Data for TLS key logger.
+     */
+    struct {
+        FILE *f;                /**< File to log keys to. */
+        uint32_t session_count; /**< Number of sessions using the key logger. */
+        pthread_mutex_t lock;   /**< Lock for the key logger data. */
+    } keylog_data;
 #endif
 };
 

src/session_server.c

@@ -858,6 +858,11 @@ nc_server_init(void)
         ERR(NULL, "%s: failed to init certificate expiration notification thread condition(%s).", __func__, strerror(r));
         goto error;
     }
+
+    if ((r = pthread_mutex_init(&server_opts.keylog_data.lock, NULL))) {
+        ERR(NULL, "%s: failed to init keylog data lock(%s).", __func__, strerror(r));
+        goto error;
+    }
 #endif
 
     return 0;
@@ -917,6 +922,8 @@ nc_server_destroy(void)
     nc_server_config_ts_truststore(NULL, NC_OP_DELETE);
     curl_global_cleanup();
     ssh_finalize();
+
+    pthread_mutex_destroy(&server_opts.keylog_data.lock);
 #endif /* NC_ENABLED_SSH_TLS */
 }
 

src/session_server_tls.c

@@ -16,6 +16,7 @@
 
 #define _GNU_SOURCE
 
+#include <errno.h>
 #include <poll.h>
 #include <stdint.h>
 #include <stdio.h>
@@ -32,7 +33,6 @@
 #include "session_p.h"
 #include "session_wrapper.h"
 
-struct nc_server_tls_opts tls_ch_opts;
 extern struct nc_server_opts server_opts;
 
 static int
@@ -790,6 +790,70 @@ nc_server_tls_get_num_certs(struct nc_cert_grouping *certs_grp)
     return count;
 }
 
+static int
+nc_tls_keylog_open(void)
+{
+    int ret = 0;
+    char *keylog_file_name;
+
+    /* LOCK */
+    pthread_mutex_lock(&server_opts.keylog_data.lock);
+
+    /* check if the file is already open and if not, open it */
+    if (!server_opts.keylog_data.f) {
+        keylog_file_name = getenv(SSLKEYLOGFILE_ENV);
+        if (!keylog_file_name) {
+            ret = 1;
+            goto cleanup;
+        }
+
+        server_opts.keylog_data.f = fopen(keylog_file_name, "a");
+        if (!server_opts.keylog_data.f) {
+            WRN(NULL, "Failed to open keylog file \"%s\".", keylog_file_name);
+            ret = 1;
+            goto cleanup;
+        }
+
+        if (setvbuf(server_opts.keylog_data.f, NULL, _IOLBF, 4096)) {
+            fclose(server_opts.keylog_data.f);
+            server_opts.keylog_data.f = NULL;
+            ERR(NULL, "Failed to setvbuf() on keylog file \"%s\" (%s).", keylog_file_name, strerror(errno));
+            ret = 1;
+            goto cleanup;
+        }
+    }
+
+    /* increase the session count */
+    server_opts.keylog_data.session_count++;
+
+cleanup:
+    /* UNLOCK */
+    pthread_mutex_unlock(&server_opts.keylog_data.lock);
+    return ret;
+}
+
+void
+nc_tls_keylog_close(void)
+{
+    /* LOCK */
+    pthread_mutex_lock(&server_opts.keylog_data.lock);
+
+    if (!server_opts.keylog_data.f) {
+        goto cleanup;
+    }
+
+    /* decrease the session count */
+    server_opts.keylog_data.session_count--;
+    if (!server_opts.keylog_data.session_count) {
+        fclose(server_opts.keylog_data.f);
+        server_opts.keylog_data.f = NULL;
+    }
+
+cleanup:
+    /* UNLOCK */
+    pthread_mutex_unlock(&server_opts.keylog_data.lock);
+}
+
 int
 nc_accept_tls_session(struct nc_session *session, struct nc_server_tls_opts *opts, int sock, int timeout)
 {
@@ -899,6 +963,10 @@ nc_accept_tls_session(struct nc_session *session, struct nc_server_tls_opts *opt
         goto fail;
     }
 
+    if (!nc_tls_keylog_open()) {
+        nc_tls_keylog_session_wrap(session->ti.tls.session);
+    }
+
     /* set session fd */
     nc_tls_set_fd_wrap(session->ti.tls.session, sock, &session->ti.tls.ctx);
 

src/session_wrapper.h

@@ -60,6 +60,11 @@ struct nc_tls_ctx {
 
 #endif
 
+/**
+ * TLS key log file environment variable name.
+ */
+#define SSLKEYLOGFILE_ENV "SSLKEYLOGFILE"
+
 /**
  * @brief Server side TLS verify callback data.
  */
@@ -732,4 +737,16 @@ void nc_server_tls_set_cipher_suites_wrap(void *tls_cfg, void *cipher_suites);
  */
 time_t nc_tls_get_cert_exp_time_wrap(void *cert);
 
+/**
+ * @brief Set the session to log TLS secrets for.
+ *
+ * @param[in] session Session to log secrets for.
+ */
+void nc_tls_keylog_session_wrap(void *session);
+
+/**
+ * @brief Decrease the logging session reference counter and close the keylog file if it reaches 0.
+ */
+void nc_tls_keylog_close(void);
+
 #endif