Expose SSL key materials to debug SSL

Summary: Adding two methods to export the parameters used to generate the key material (key_block). These parameter can be used to decrypt a TLS session from a packet capture. Reviewed By: anirudhvr Differential Revision: D3687099 fbshipit-source-id: 04137f34dd32c387a1b7aec04b3ed6066f123a8e

Expose SSL key materials to debug SSL
Summary: Adding two methods to export the parameters used to generate the key material (key_block). These parameter can be used to decrypt a TLS session from a packet capture. Reviewed By: anirudhvr Differential Revision: D3687099 fbshipit-source-id: 04137f34dd32c387a1b7aec04b3ed6066f123a8e
4458ae04 · Gabriel Grise · Facebook Github Bot · e081efca · 4458ae04 · 4458ae04
Commit 4458ae04 authored Aug 30, 2016 by Gabriel Grise Committed by Facebook Github Bot Aug 30, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 55 additions and 0 deletions

folly/io/async/ssl/OpenSSLUtils.cpp folly/io/async/ssl/OpenSSLUtils.cpp +29 -0

folly/io/async/ssl/OpenSSLUtils.h folly/io/async/ssl/OpenSSLUtils.h +26 -0

No files found.
--- a/folly/io/async/ssl/OpenSSLUtils.cpp
+++ b/folly/io/async/ssl/OpenSSLUtils.cpp
@@ -43,6 +43,35 @@ static int boringssl_bio_fd_should_retry(int err);
 namespace folly {
 namespace ssl {

+bool OpenSSLUtils::getTLSMasterKey(
+    const SSL_SESSION* session,
+    MutableByteRange keyOut) {
+#if OPENSSL_IS_101 || OPENSSL_IS_102
+  if (session &&
+      session->master_key_length == static_cast<int>(keyOut.size())) {
+    auto masterKey = session->master_key;
+    std::copy(
+        masterKey, masterKey + session->master_key_length, keyOut.begin());
+    return true;
+  }
+#endif
+  return false;
+}
+
+bool OpenSSLUtils::getTLSClientRandom(
+    const SSL* ssl,
+    MutableByteRange randomOut) {
+#if OPENSSL_IS_101 || OPENSSL_IS_102
+  if ((SSL_version(ssl) >> 8) == TLS1_VERSION_MAJOR && ssl->s3 &&
+      randomOut.size() == SSL3_RANDOM_SIZE) {
+    auto clientRandom = ssl->s3->client_random;
+    std::copy(clientRandom, clientRandom + SSL3_RANDOM_SIZE, randomOut.begin());
+    return true;
+  }
+#endif
+  return false;
+}
+
 bool OpenSSLUtils::getPeerAddressFromX509StoreCtx(X509_STORE_CTX* ctx,
                                                  sockaddr_storage* addrStorage,
                                                  socklen_t* addrLen) {

--- a/folly/io/async/ssl/OpenSSLUtils.h
+++ b/folly/io/async/ssl/OpenSSLUtils.h
@@ -15,8 +15,10 @@
 */
 #pragma once

+#include <folly/Range.h>
 #include <folly/portability/Sockets.h>

+#include <openssl/ssl.h>
 #include <openssl/x509v3.h>

 namespace folly {
@@ -24,6 +26,30 @@ namespace ssl {

 class OpenSSLUtils {
 public:
+  /*
+   * Get the TLS Session Master Key used to generate the TLS key material
+   *
+   * @param session ssl session
+   * @param keyOut destination for the master key, the buffer must be at least
+   * 48 bytes
+   * @return true if the master key is available (>= TLS1) and the output buffer
+   * large enough
+   */
+  static bool getTLSMasterKey(
+      const SSL_SESSION* session,
+      MutableByteRange keyOut);
+
+  /*
+   * Get the TLS Client Random used to generate the TLS key material
+   *
+   * @param ssl
+   * @param randomOut destination for the client random, the buffer must be at
+   * least 32 bytes
+   * @return true if the client random is available (>= TLS1) and the output
+   * buffer large enough
+   */
+  static bool getTLSClientRandom(const SSL* ssl, MutableByteRange randomOut);
+
  /**
   * Validate that the peer certificate's common name or subject alt names
   * match what we expect.  Currently this only checks for IPs within