void
ssl_PrintKey(sslSocket *ss, const char *msg, PK11SymKey *key)
{
SECStatus rv;
SECItem *rawkey;
rv = PK11_ExtractKeyValue(key);
if (rv != SECSuccess) {
ssl_Trace("Could not extract key for %s", msg);
return;
}
rawkey = PK11_GetKeyData(key);
if (!rawkey) {
ssl_Trace("Could not extract key for %s", msg);
return;
}
ssl_PrintBuf(ss, msg, rawkey->data, rawkey->len);
}
void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len)
{
switch (bp[0]) {
case SSL_MT_ERROR:
PrintType(ss, "Error");
PrintInt(ss, "error", LEN(bp+1));
break;
case SSL_MT_CLIENT_HELLO:
{
unsigned lcs = LEN(bp+3);
unsigned ls = LEN(bp+5);
unsigned lc = LEN(bp+7);
PrintType(ss, "Client-Hello");
PrintInt(ss, "version (Major)", bp[1]);
PrintInt(ss, "version (minor)", bp[2]);
PrintBuf(ss, "cipher-specs", bp+9, lcs);
PrintBuf(ss, "session-id", bp+9+lcs, ls);
PrintBuf(ss, "challenge", bp+9+lcs+ls, lc);
}
break;
case SSL_MT_CLIENT_MASTER_KEY:
{
unsigned lck = LEN(bp+4);
unsigned lek = LEN(bp+6);
unsigned lka = LEN(bp+8);
PrintType(ss, "Client-Master-Key");
PrintInt(ss, "cipher-choice", bp[1]);
PrintInt(ss, "key-length", LEN(bp+2));
PrintBuf(ss, "clear-key", bp+10, lck);
PrintBuf(ss, "encrypted-key", bp+10+lck, lek);
PrintBuf(ss, "key-arg", bp+10+lck+lek, lka);
}
break;
case SSL_MT_CLIENT_FINISHED:
PrintType(ss, "Client-Finished");
PrintBuf(ss, "connection-id", bp+1, len-1);
break;
case SSL_MT_SERVER_HELLO:
{
unsigned lc = LEN(bp+5);
unsigned lcs = LEN(bp+7);
unsigned lci = LEN(bp+9);
PrintType(ss, "Server-Hello");
PrintInt(ss, "session-id-hit", bp[1]);
PrintInt(ss, "certificate-type", bp[2]);
PrintInt(ss, "version (Major)", bp[3]);
PrintInt(ss, "version (minor)", bp[3]);
PrintBuf(ss, "certificate", bp+11, lc);
PrintBuf(ss, "cipher-specs", bp+11+lc, lcs);
PrintBuf(ss, "connection-id", bp+11+lc+lcs, lci);
}
break;
case SSL_MT_SERVER_VERIFY:
PrintType(ss, "Server-Verify");
PrintBuf(ss, "challenge", bp+1, len-1);
break;
case SSL_MT_SERVER_FINISHED:
PrintType(ss, "Server-Finished");
PrintBuf(ss, "session-id", bp+1, len-1);
break;
case SSL_MT_REQUEST_CERTIFICATE:
PrintType(ss, "Request-Certificate");
PrintInt(ss, "authentication-type", bp[1]);
PrintBuf(ss, "certificate-challenge", bp+2, len-2);
break;
case SSL_MT_CLIENT_CERTIFICATE:
{
unsigned lc = LEN(bp+2);
unsigned lr = LEN(bp+4);
PrintType(ss, "Client-Certificate");
PrintInt(ss, "certificate-type", bp[1]);
PrintBuf(ss, "certificate", bp+6, lc);
PrintBuf(ss, "response", bp+6+lc, lr);
}
break;
default:
ssl_PrintBuf(ss, "sending *unknown* message type", bp, len);
return;
}
}
