embed sslkeylog files into pcaps (#406)

* Embed sslkeylog files into pcaps Alternative to #269 Thanks to @sedrubal for the groundwork * black
quic-interop · Oct 11, 2024 · 8063219 · 8063219
1 parent bf780fc
commit 8063219
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 7 deletions.
diff --git a/.github/workflows/interop.yml b/.github/workflows/interop.yml
@@ -48,7 +48,7 @@ jobs:
       - name: Build Wireshark
         if: steps.restore-cache.outputs.cache-hit != 'true'
         run: |
-          cmake -GNinja -DBUILD_wireshark=0 -DBUILD_qtshark=0 -DBUILD_editcap=0 -DBUILD_capinfos=0 -DBUILD_text2pcap=0 -DBUILD_rawshark=0 -DBUILD_sdjournal=0 -DBUILD_sshdump=0 -DBUILD_ciscodump=0 -DBUILD_sharkd=0 -DENABLE_STATIC=1 -DENABLE_PLUGINS=0 -DENABLE_LIBXML2=0 -DENABLE_BROTLI=0 -DUSE_STATIC=1 -DENABLE_GNUTLS=1 .
+          cmake -GNinja -DBUILD_wireshark=0 -DBUILD_qtshark=0 -DBUILD_editcap=1 -DBUILD_capinfos=0 -DBUILD_text2pcap=0 -DBUILD_rawshark=0 -DBUILD_sdjournal=0 -DBUILD_sshdump=0 -DBUILD_ciscodump=0 -DBUILD_sharkd=0 -DENABLE_STATIC=1 -DENABLE_PLUGINS=0 -DENABLE_LIBXML2=0 -DENABLE_BROTLI=0 -DUSE_STATIC=1 -DENABLE_GNUTLS=1 .
           ninja
       - run: run/tshark -v
         if: steps.restore-cache.outputs.cache-hit != 'true'

diff --git a/testcases.py b/testcases.py
@@ -4,6 +4,7 @@
 import os
 import random
 import re
+import shutil
 import string
 import subprocess
 import sys
@@ -158,18 +159,38 @@ def _keylog_file(self) -> str:
             return self._server_keylog_file
         logging.debug("No key log file found.")
 
+    def _inject_keylog_if_possible(self, trace: str):
+        """
+        Inject the keylog file into the pcap file if it is available and valid.
+        """
+        keylog = self._keylog_file()
+        if keylog is None:
+            return
+
+        with tempfile.NamedTemporaryFile() as tmp:
+            r = subprocess.run(
+                f"editcap --inject-secrets tls,{keylog} {trace} {tmp.name}",
+                shell=True,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.STDOUT,
+            )
+            logging.debug("%s", r.stdout.decode("utf-8"))
+            if r.returncode != 0:
+                return
+            shutil.move(tmp.name, trace)
+
     def _client_trace(self):
         if self._cached_client_trace is None:
-            self._cached_client_trace = TraceAnalyzer(
-                self._sim_log_dir.name + "/trace_node_left.pcap", self._keylog_file()
-            )
+            trace = self._sim_log_dir.name + "/trace_node_left.pcap"
+            self._inject_keylog_if_possible(trace)
+            self._cached_client_trace = TraceAnalyzer(trace, self._keylog_file())
         return self._cached_client_trace
 
     def _server_trace(self):
         if self._cached_server_trace is None:
-            self._cached_server_trace = TraceAnalyzer(
-                self._sim_log_dir.name + "/trace_node_right.pcap", self._keylog_file()
-            )
+            trace = self._sim_log_dir.name + "/trace_node_right.pcap"
+            self._inject_keylog_if_possible(trace)
+            self._cached_server_trace = TraceAnalyzer(trace, self._keylog_file())
         return self._cached_server_trace
 
     # see https://www.stefanocappellini.it/generate-pseudorandom-bytes-with-python/ for benchmarks