Add TLS secret logging (#6)

* Reordered code for consistency * Updated gitignore * Added picotls setup_log_event handler * Added -l option to state tls secret log-file
rbruenig · Jul 4, 2020 · 0bdd0b0 · 0bdd0b0
1 parent 4145118
commit 0bdd0b0
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 13 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,3 @@
 *.user
 *.vscode
-build/
+build*
diff --git a/client.c b/client.c
@@ -119,10 +119,10 @@ static void client_on_conn_close(quicly_closed_by_remote_t *self, quicly_conn_t
 static quicly_stream_open_t stream_open = {&client_on_stream_open};
 static quicly_closed_by_remote_t closed_by_remote = {&client_on_conn_close};
 
-int run_client(const char *port, bool gso, const char *host, int runtime_s, bool ttfb_only)
+int run_client(const char *port, bool gso, const char *logfile, const char *host, int runtime_s, bool ttfb_only)
 {
-    printf("running client with host=%s, port=%s and runtime=%is\n", host, port, runtime_s);
-    quit_after_first_byte = ttfb_only;
+    setup_session_cache(get_tlsctx());
+    quicly_amend_ptls_context(get_tlsctx());
 
     client_ctx = quicly_spec_context;
     client_ctx.tls = get_tlsctx();
@@ -136,9 +136,6 @@ int run_client(const char *port, bool gso, const char *host, int runtime_s, bool
         enable_gso();
     }
 
-    setup_session_cache(get_tlsctx());
-    quicly_amend_ptls_context(get_tlsctx());
-
     struct ev_loop *loop = EV_DEFAULT;
 
     struct sockaddr_storage sas;
@@ -162,6 +159,14 @@ int run_client(const char *port, bool gso, const char *host, int runtime_s, bool
         return 1;
     }
 
+    if (logfile)
+    {
+        setup_log_event(client_ctx.tls, logfile);
+    }
+
+    printf("running client with host=%s, port=%s and runtime=%is\n", host, port, runtime_s);
+    quit_after_first_byte = ttfb_only;
+
     // start time
     start_time = client_ctx.now->cb(client_ctx.now);
 

diff --git a/client.h b/client.h
@@ -3,7 +3,7 @@
 #include <stdbool.h>
 #include <stdint.h>
 
-int run_client(const char* port, bool gso, const char *host, int runtime_s, bool ttfb_only);
+int run_client(const char* port, bool gso, const char *logfile, const char *host, int runtime_s, bool ttfb_only);
 void quit_client();
 
 void on_first_byte();
diff --git a/main.c b/main.c
@@ -15,6 +15,7 @@ static void usage(const char *cmd)
             "  -c target       run as client and connect to target server\n"
             "  -e              measure time for connection establishment and first byte only\n"
             "  -g              enable UDP generic segmentation offload\n"
+            "  -l log-file     file to log tls secrets\n"
             "  -p              port to listen on/connect to (default 18080)\n"
             "  -s              run as server\n"
             "  -t time (s)     run for X seconds (default 10s)\n"
@@ -32,8 +33,9 @@ int main(int argc, char** argv)
     int ch;
     bool ttfb_only = false;
     bool gso = false;
+    const char *logfile = NULL;
 
-    while ((ch = getopt(argc, argv, "c:egp:st:h")) != -1) {
+    while ((ch = getopt(argc, argv, "c:egl:p:st:h")) != -1) {
         switch (ch) {
         case 'c':
             host = optarg;
@@ -50,6 +52,9 @@ int main(int argc, char** argv)
                 exit(1);
             #endif
             break;
+        case 'l':
+            logfile = optarg;
+            break;
         case 'p':
             port = (intptr_t)optarg;
             if(sscanf(optarg, "%u", &port) < 0 || port > 65535) {
@@ -85,6 +90,6 @@ int main(int argc, char** argv)
     char port_char[16];
     sprintf(port_char, "%d", port);
     return server_mode ?
-                run_server(port_char, gso, "server.crt", "server.key") :
-                run_client(port_char, gso, host, runtime_s, ttfb_only);
+                run_server(port_char, gso, logfile, "server.crt", "server.key") :
+                run_client(port_char, gso, logfile, host, runtime_s, ttfb_only);
 }
diff --git a/server.c b/server.c
@@ -170,7 +170,7 @@ static void server_on_conn_close(quicly_closed_by_remote_t *self, quicly_conn_t
 static quicly_stream_open_t stream_open = {&server_on_stream_open};
 static quicly_closed_by_remote_t closed_by_remote = {&server_on_conn_close};
 
-int run_server(const char *port, bool gso, const char *cert, const char *key)
+int run_server(const char *port, bool gso, const char *logfile, const char *cert, const char *key)
 {
     setup_session_cache(get_tlsctx());
     quicly_amend_ptls_context(get_tlsctx());
@@ -205,6 +205,11 @@ int run_server(const char *port, bool gso, const char *cert, const char *key)
         return 1;
     }
 
+    if (logfile)
+    {
+        setup_log_event(server_ctx.tls, logfile);
+    }
+
     printf("starting server with pid %" PRIu64 " on port %s\n", get_current_pid(), port);
 
     ev_io socket_watcher;

diff --git a/server.h b/server.h
@@ -3,5 +3,5 @@
 #include <quicly.h>
 #include <stdbool.h>
 
-int run_server(const char* port, bool gso, const char *cert, const char *key);
+int run_server(const char* port, bool gso, const char *logfile, const char *cert, const char *key);