Expose SSL key materials to debug SSL

Summary: Adding two methods to export the parameters used to generate the key material   (key_block). These parameter can be used to decrypt a TLS session from a packet capture.

Reviewed By: anirudhvr

Differential Revision: D3687099

fbshipit-source-id: 04137f34dd32c387a1b7aec04b3ed6066f123a8e

diff --git a/folly/io/async/ssl/OpenSSLUtils.cpp b/folly/io/async/ssl/OpenSSLUtils.cpp
index 575583205b1a3a1b670d8b277215e2a1ad5dfb7e..81bdc1a33e1319524026d8dedb7731cedac88649 100644 (file)
--- a/folly/io/async/ssl/OpenSSLUtils.cpp
+++ b/folly/io/async/ssl/OpenSSLUtils.cpp
@@ -43,6 +43,35 @@ static int boringssl_bio_fd_should_retry(int err);
 namespace folly {
 namespace ssl {
 
+bool OpenSSLUtils::getTLSMasterKey(
+    const SSL_SESSION* session,
+    MutableByteRange keyOut) {
+#if OPENSSL_IS_101 || OPENSSL_IS_102
+  if (session &&
+      session->master_key_length == static_cast<int>(keyOut.size())) {
+    auto masterKey = session->master_key;
+    std::copy(
+        masterKey, masterKey + session->master_key_length, keyOut.begin());
+    return true;
+  }
+#endif
+  return false;
+}
+
+bool OpenSSLUtils::getTLSClientRandom(
+    const SSL* ssl,
+    MutableByteRange randomOut) {
+#if OPENSSL_IS_101 || OPENSSL_IS_102
+  if ((SSL_version(ssl) >> 8) == TLS1_VERSION_MAJOR && ssl->s3 &&
+      randomOut.size() == SSL3_RANDOM_SIZE) {
+    auto clientRandom = ssl->s3->client_random;
+    std::copy(clientRandom, clientRandom + SSL3_RANDOM_SIZE, randomOut.begin());
+    return true;
+  }
+#endif
+  return false;
+}
+
 bool OpenSSLUtils::getPeerAddressFromX509StoreCtx(X509_STORE_CTX* ctx,
                                                   sockaddr_storage* addrStorage,
                                                   socklen_t* addrLen) {

diff --git a/folly/io/async/ssl/OpenSSLUtils.h b/folly/io/async/ssl/OpenSSLUtils.h
index 204cb431895908027e4a98269944ac91facdab2f..8f5ea87ae28622f2e6d6a01f53d590a61f9fbcd9 100644 (file)
--- a/folly/io/async/ssl/OpenSSLUtils.h
+++ b/folly/io/async/ssl/OpenSSLUtils.h
@@ -15,8 +15,10 @@
  */
 #pragma once
 
+#include <folly/Range.h>
 #include <folly/portability/Sockets.h>
 
+#include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 
 namespace folly {
@@ -24,6 +26,30 @@ namespace ssl {
 
 class OpenSSLUtils {
  public:
+  /*
+   * Get the TLS Session Master Key used to generate the TLS key material
+   *
+   * @param session ssl session
+   * @param keyOut destination for the master key, the buffer must be at least
+   * 48 bytes
+   * @return true if the master key is available (>= TLS1) and the output buffer
+   * large enough
+   */
+  static bool getTLSMasterKey(
+      const SSL_SESSION* session,
+      MutableByteRange keyOut);
+
+  /*
+   * Get the TLS Client Random used to generate the TLS key material
+   *
+   * @param ssl
+   * @param randomOut destination for the client random, the buffer must be at
+   * least 32 bytes
+   * @return true if the client random is available (>= TLS1) and the output
+   * buffer large enough
+   */
+  static bool getTLSClientRandom(const SSL* ssl, MutableByteRange randomOut);
+
   /**
    * Validate that the peer certificate's common name or subject alt names
    * match what we expect.  Currently this only checks for IPs within