Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Bug 1287711 - Implement SSLKEYLOGFILE for TLS 1.3 (v2)
Summary: Extend the previous keylogging functionality with TLS 1.3 support. Verified that a session between nss (selfserv) and boringssl 15868b3bbaa resulted in the same keys and that it can be used with Wireshark. Reviewers: mt, ekr Reviewed By: mt Bug #: 1287711 Differential Revision: https://phabricator.services.mozilla.com/D82
- Loading branch information
1 parent
deeb8aa
commit 9f29abe
Showing
6 changed files
with
154 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ | ||
/* vim: set ts=2 et sw=2 tw=80: */ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include <cstdlib> | ||
#include <fstream> | ||
#include <sstream> | ||
|
||
#include "gtest_utils.h" | ||
#include "tls_connect.h" | ||
|
||
namespace nss_test { | ||
|
||
static const char *keylog_file_path = "keylog.txt"; | ||
|
||
class KeyLogFileTest : public TlsConnectGeneric { | ||
public: | ||
void SetUp() { | ||
TlsConnectTestBase::SetUp(); | ||
remove(keylog_file_path); | ||
setenv("SSLKEYLOGFILE", keylog_file_path, 1); | ||
} | ||
|
||
void CheckKeyLog() { | ||
std::ifstream f(keylog_file_path); | ||
std::map<std::string, size_t> labels; | ||
std::string last_client_random; | ||
for (std::string line; std::getline(f, line);) { | ||
if (line[0] == '#') { | ||
continue; | ||
} | ||
|
||
std::istringstream iss(line); | ||
std::string label, client_random, secret; | ||
iss >> label >> client_random >> secret; | ||
|
||
ASSERT_EQ(1U, client_random.size()); | ||
ASSERT_TRUE(last_client_random.empty() || | ||
last_client_random == client_random); | ||
last_client_random = client_random; | ||
labels[label]++; | ||
} | ||
|
||
if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) { | ||
ASSERT_EQ(1U, labels["CLIENT_RANDOM"]); | ||
} else { | ||
ASSERT_EQ(1U, labels["CLIENT_EARLY_TRAFFIC_SECRET"]); | ||
ASSERT_EQ(1U, labels["CLIENT_HANDSHAKE_TRAFFIC_SECRET"]); | ||
ASSERT_EQ(1U, labels["SERVER_HANDSHAKE_TRAFFIC_SECRET"]); | ||
ASSERT_EQ(1U, labels["CLIENT_TRAFFIC_SECRET_0"]); | ||
ASSERT_EQ(1U, labels["SERVER_TRAFFIC_SECRET_0"]); | ||
ASSERT_EQ(1U, labels["EXPORTER_SECRET"]); | ||
} | ||
} | ||
|
||
void ConnectAndCheck() { | ||
Connect(); | ||
CheckKeyLog(); | ||
_exit(0); | ||
} | ||
}; | ||
|
||
// Tests are run in a separate process to ensure that NSS is not initialized yet | ||
// and can process the SSLKEYLOGFILE environment variable. | ||
|
||
TEST_P(KeyLogFileTest, KeyLogFile) { | ||
testing::GTEST_FLAG(death_test_style) = "threadsafe"; | ||
|
||
ASSERT_EXIT(ConnectAndCheck(), ::testing::ExitedWithCode(0), ""); | ||
} | ||
|
||
INSTANTIATE_TEST_CASE_P( | ||
KeyLogFileDTLS12, KeyLogFileTest, | ||
::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram, | ||
TlsConnectTestBase::kTlsV11V12)); | ||
INSTANTIATE_TEST_CASE_P( | ||
KeyLogFileTLS12, KeyLogFileTest, | ||
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream, | ||
TlsConnectTestBase::kTlsV10ToV12)); | ||
#ifndef NSS_DISABLE_TLS_1_3 | ||
INSTANTIATE_TEST_CASE_P( | ||
KeyLogFileTLS13, KeyLogFileTest, | ||
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream, | ||
TlsConnectTestBase::kTlsV13)); | ||
#endif | ||
|
||
} // namespace nss_test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters