Skip to content
Snippets Groups Projects
Commit a71546d0 authored by Bartolomeo Berend Müller's avatar Bartolomeo Berend Müller
Browse files

Support decrypting tls/tcp traffic also

parent a9e3eca6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 12 additions and 45 deletions
pq-tls-benchmark-framework/emulation-exp/code/install-prereqs-ubuntu.sh
+ 0
1
View file @ a71546d0
...@@ -100,7 +100,6 @@ echo "Openssl seems to be installed correctly" ...@@ -100,7 +100,6 @@ echo "Openssl seems to be installed correctly"
# export OPENSSL_CONF=${OPENSSL_INSTALL}/ssl/openssl.cnf # export OPENSSL_CONF=${OPENSSL_INSTALL}/ssl/openssl.cnf
# apply patches to nginx source # apply patches to nginx source
patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/ngx_event_openssl.c < ${ROOT}/../nginx-${NGINX_VERSION}-patches/ngx_event_openssl.c.diff
patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/quic/ngx_event_quic_openssl_compat.c < ${ROOT}/../nginx-${NGINX_VERSION}-patches/ngx_event_quic_openssl_compat.c.diff patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/quic/ngx_event_quic_openssl_compat.c < ${ROOT}/../nginx-${NGINX_VERSION}-patches/ngx_event_quic_openssl_compat.c.diff
# build nginx with dynamically linked custom openssl # build nginx with dynamically linked custom openssl
......
pq-tls-benchmark-framework/emulation-exp/code/kex/Makefile
+ 2
2
View file @ a71546d0
...@@ -15,14 +15,14 @@ all: s_timer quic_s_timer quic-client-block ...@@ -15,14 +15,14 @@ all: s_timer quic_s_timer quic-client-block
# FIXME which optimization level to use? # FIXME which optimization level to use?
s_timer: s_timer.c s_timer: s_timer.c
$(CC) -g -Wall -Wextra -Werror -Wpedantic -I$(OPENSSL_INCLUDE) -I$(OQS_INCLUDE) $< -L$(INSTALL_DIR) -L$(OQS_LIB) -lssl -lcrypto -ldl -lpthread -loqs -o $@ $(CC) -g -Wall -Wextra -Werror -Wpedantic -O3 -I$(OPENSSL_INCLUDE) -I$(OQS_INCLUDE) $< -L$(INSTALL_DIR) -L$(OQS_LIB) -lssl -lcrypto -ldl -lpthread -loqs -o $@
run_s_timer: s_timer run_s_timer: s_timer
./s_timer x25519 1 ./s_timer x25519 1
# TODO ldd quic_s_timer shows wrong libssl -> maybe use RPATH # TODO ldd quic_s_timer shows wrong libssl -> maybe use RPATH
quic_s_timer: quic_s_timer.c quic_s_timer: quic_s_timer.c
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS) $(CC) $(CFLAGS) -O3 $(LDFLAGS) -o $@ $^ $(LDLIBS)
run_quic_s_timer: quic_s_timer run_quic_s_timer: quic_s_timer
LD_LIBRARY_PATH=$(INSTALL_DIR)/openssl/lib64 ./quic_s_timer x25519 1 LD_LIBRARY_PATH=$(INSTALL_DIR)/openssl/lib64 ./quic_s_timer x25519 1
......
pq-tls-benchmark-framework/emulation-exp/code/kex/quic_s_timer.c
+ 1
1
View file @ a71546d0
...@@ -9,8 +9,8 @@ ...@@ -9,8 +9,8 @@
#include <stdio.h> #include <stdio.h>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/ssl.h>
#include <sys/socket.h> #include <sys/socket.h>
......
pq-tls-benchmark-framework/emulation-exp/code/nginx-1.26.1-patches/README.md
+ 1
1
View file @ a71546d0
These patches are adapted from https://mailman.nginx.org/pipermail/nginx-devel/2024-January/W5CRPNYOC72XXFF45KQSD3VNNMGJ4WMR.html. These patches are adapted from https://mailman.nginx.org/pipermail/nginx-devel/2024-January/W5CRPNYOC72XXFF45KQSD3VNNMGJ4WMR.html.
Only the one in with quic works currently. The SSL_CTX_set_keylog_callback() call from src/event/quic/ngx_event_quic_openssl_compat.c seems to overwrite the one in src/event/ngx_event_openssl.c leading to only having to overwrite the quic callback function. In case you would not compile with quic enabled, you would probably have to apply the other side of the patch referenced above.
pq-tls-benchmark-framework/emulation-exp/code/nginx-1.26.1-patches/ngx_event_openssl.c.diff deleted 100644 → 0
+ 0
31
View file @ a9e3eca6
--- nginx-1.26.1/src/event/ngx_event_openssl.c 2024-05-28 15:28:07.000000000 +0200
+++ nginx-1.26.1-tbm/src/event/ngx_event_openssl.c 2024-08-14 20:11:11.327339409 +0200
@@ -27,6 +27,7 @@
static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where,
int ret);
+static void ngx_ssl_keylog_callback(const SSL *ssl, const char *line);
static void ngx_ssl_passwords_cleanup(void *data);
static int ngx_ssl_new_client_session(ngx_ssl_conn_t *ssl_conn,
ngx_ssl_session_t *sess);
@@ -426,9 +427,20 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
+ SSL_CTX_set_keylog_callback(ssl->ctx, ngx_ssl_keylog_callback);
+
return NGX_OK;
}
+static void
+ngx_ssl_keylog_callback(const SSL *ssl, const char *line)
+{
+ ngx_connection_t *c;
+
+ c = ngx_ssl_get_connection(ssl);
+ ngx_log_debug(NGX_LOG_DEBUG_EVENT, c->log, 0, "ssl keylog: %s", line);
+}
+
ngx_int_t
ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
pq-tls-benchmark-framework/emulation-exp/code/nginx-1.26.1-patches/ngx_event_quic_openssl_compat.c.diff
+ 8
9
View file @ a71546d0
--- nginx-1.26.1/src/event/quic/ngx_event_quic_openssl_compat.c 2024-05-28 15:28:07.000000000 +0200 --- nginx-1.26.1-tbm/src/event/quic/ngx_event_quic_openssl_compat.c 2024-08-20 19:24:11.679435503 +0200
+++ nginx-1.26.1-tbm/src/event/quic/ngx_event_quic_openssl_compat.c 2024-08-14 20:01:30.591308680 +0200 +++ nginx-1.26.1/src/event/quic/ngx_event_quic_openssl_compat.c 2024-08-20 19:25:17.862276075 +0200
@@ -118,6 +118,8 @@ @@ -114,6 +114,7 @@
return; u_char secret[EVP_MAX_MD_SIZE];
}
c = ngx_ssl_get_connection(ssl);
+ ngx_log_debug(NGX_LOG_DEBUG_EVENT, c->log, 0, "ssl keylog: %s", line); + ngx_log_debug(NGX_LOG_DEBUG_EVENT, c->log, 0, "ssl keylog: %s", line);
+ if (c->type != SOCK_DGRAM) {
p = (u_char *) line; return;
}
for (start = p; *p && *p != ' '; p++);
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment