This is an automated email from the ASF dual-hosted git repository. maskit pushed a commit to branch quic-latest in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 6616b3798fd4e9cbcd5327304b766628c093e74d Author: Masakazu Kitajo <mas...@apache.org> AuthorDate: Tue Dec 19 11:16:26 2017 +0900 Print generated keys and IVs with extra care Keys and IVs will be logged if you specify vv_quic_crypto (double v). --- iocore/net/quic/QUICCrypto.cc | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/iocore/net/quic/QUICCrypto.cc b/iocore/net/quic/QUICCrypto.cc index 77b38e8..558e45a 100644 --- a/iocore/net/quic/QUICCrypto.cc +++ b/iocore/net/quic/QUICCrypto.cc @@ -34,6 +34,18 @@ constexpr static char tag[] = "quic_crypto"; +static void +to_hex(uint8_t *out, uint8_t *in, int in_len) +{ + for (int i = 0; i < in_len; ++i) { + int u4 = in[i] / 16; + int l4 = in[i] % 16; + out [i * 2] = (u4 < 10) ? ('0' + u4) : ('A' + u4 - 10); + out [i * 2 + 1] = (l4 < 10) ? ('0' + l4) : ('A' + l4 - 10); + } + out[in_len * 2] = 0; +} + // // QUICPacketProtection // @@ -161,11 +173,22 @@ QUICCryptoTls::is_handshake_finished() const int QUICCryptoTls::initialize_key_materials(QUICConnectionId cid) { + // Generate keys + uint8_t print_buf[512]; std::unique_ptr<KeyMaterial> km; km = this->_keygen_for_client.generate(cid); + to_hex(print_buf, km->key, km->key_len); + Debug("vv_quic_crypto", "client key 0x%s", print_buf); + to_hex(print_buf, km->iv, km->iv_len); + Debug("vv_quic_crypto", "client iv 0x%s", print_buf); this->_client_pp->set_key(std::move(km), QUICKeyPhase::CLEARTEXT); + km = this->_keygen_for_server.generate(cid); + to_hex(print_buf, km->key, km->key_len); + Debug("vv_quic_crypto", "server key 0x%s", print_buf); + to_hex(print_buf, km->iv, km->iv_len); + Debug("vv_quic_crypto", "server iv 0x%s", print_buf); this->_server_pp->set_key(std::move(km), QUICKeyPhase::CLEARTEXT); // Update algorithm @@ -197,10 +220,19 @@ QUICCryptoTls::update_key_materials() } // Generate keys + uint8_t print_buf[512]; std::unique_ptr<KeyMaterial> km; km = this->_keygen_for_client.generate(this->_ssl); + to_hex(print_buf, km->key, km->key_len); + Debug("vv_quic_crypto", "client key 0x%s", print_buf); + to_hex(print_buf, km->iv, km->iv_len); + Debug("vv_quic_crypto", "client iv 0x%s", print_buf); this->_client_pp->set_key(std::move(km), next_key_phase); km = this->_keygen_for_server.generate(this->_ssl); + to_hex(print_buf, km->key, km->key_len); + Debug("vv_quic_crypto", "server key 0x%s", print_buf); + to_hex(print_buf, km->iv, km->iv_len); + Debug("vv_quic_crypto", "server iv 0x%s", print_buf); this->_server_pp->set_key(std::move(km), next_key_phase); // Update algorithm -- To stop receiving notification emails like this one, please contact "commits@trafficserver.apache.org" <commits@trafficserver.apache.org>.