void ssl_PrintKey(sslSocket *ss, const char *msg, PK11SymKey *key) { SECStatus rv; SECItem *rawkey; rv = PK11_ExtractKeyValue(key); if (rv != SECSuccess) { ssl_Trace("Could not extract key for %s", msg); return; } rawkey = PK11_GetKeyData(key); if (!rawkey) { ssl_Trace("Could not extract key for %s", msg); return; } ssl_PrintBuf(ss, msg, rawkey->data, rawkey->len); }
void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len) { switch (bp[0]) { case SSL_MT_ERROR: PrintType(ss, "Error"); PrintInt(ss, "error", LEN(bp+1)); break; case SSL_MT_CLIENT_HELLO: { unsigned lcs = LEN(bp+3); unsigned ls = LEN(bp+5); unsigned lc = LEN(bp+7); PrintType(ss, "Client-Hello"); PrintInt(ss, "version (Major)", bp[1]); PrintInt(ss, "version (minor)", bp[2]); PrintBuf(ss, "cipher-specs", bp+9, lcs); PrintBuf(ss, "session-id", bp+9+lcs, ls); PrintBuf(ss, "challenge", bp+9+lcs+ls, lc); } break; case SSL_MT_CLIENT_MASTER_KEY: { unsigned lck = LEN(bp+4); unsigned lek = LEN(bp+6); unsigned lka = LEN(bp+8); PrintType(ss, "Client-Master-Key"); PrintInt(ss, "cipher-choice", bp[1]); PrintInt(ss, "key-length", LEN(bp+2)); PrintBuf(ss, "clear-key", bp+10, lck); PrintBuf(ss, "encrypted-key", bp+10+lck, lek); PrintBuf(ss, "key-arg", bp+10+lck+lek, lka); } break; case SSL_MT_CLIENT_FINISHED: PrintType(ss, "Client-Finished"); PrintBuf(ss, "connection-id", bp+1, len-1); break; case SSL_MT_SERVER_HELLO: { unsigned lc = LEN(bp+5); unsigned lcs = LEN(bp+7); unsigned lci = LEN(bp+9); PrintType(ss, "Server-Hello"); PrintInt(ss, "session-id-hit", bp[1]); PrintInt(ss, "certificate-type", bp[2]); PrintInt(ss, "version (Major)", bp[3]); PrintInt(ss, "version (minor)", bp[3]); PrintBuf(ss, "certificate", bp+11, lc); PrintBuf(ss, "cipher-specs", bp+11+lc, lcs); PrintBuf(ss, "connection-id", bp+11+lc+lcs, lci); } break; case SSL_MT_SERVER_VERIFY: PrintType(ss, "Server-Verify"); PrintBuf(ss, "challenge", bp+1, len-1); break; case SSL_MT_SERVER_FINISHED: PrintType(ss, "Server-Finished"); PrintBuf(ss, "session-id", bp+1, len-1); break; case SSL_MT_REQUEST_CERTIFICATE: PrintType(ss, "Request-Certificate"); PrintInt(ss, "authentication-type", bp[1]); PrintBuf(ss, "certificate-challenge", bp+2, len-2); break; case SSL_MT_CLIENT_CERTIFICATE: { unsigned lc = LEN(bp+2); unsigned lr = LEN(bp+4); PrintType(ss, "Client-Certificate"); PrintInt(ss, "certificate-type", bp[1]); PrintBuf(ss, "certificate", bp+6, lc); PrintBuf(ss, "response", bp+6+lc, lr); } break; default: ssl_PrintBuf(ss, "sending *unknown* message type", bp, len); return; } }