mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2025-12-06 14:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

std.crypto.tls.Client: remove debug prints

Browse Source
This commit is contained in:
Andrew Kelley 2022-12-29 20:58:42 -07:00
parent 79b41dbdbf
commit 341e68ff8f
2 changed files with 10 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/std/crypto/Certificate.zig
View File

@ -241,7 +241,6 @@ pub fn parse(cert: Certificate) !Parsed {
var common_name = der.Element.Slice.empty; var common_name = der.Element.Slice.empty;
var name_i = subject.slice.start; var name_i = subject.slice.start;
//std.debug.print("subject name:\n", .{});
while (name_i < subject.slice.end) { while (name_i < subject.slice.end) {
const rdn = try der.Element.parse(cert_bytes, name_i); const rdn = try der.Element.parse(cert_bytes, name_i);
var rdn_i = rdn.slice.start; var rdn_i = rdn.slice.start;
@ -252,9 +251,6 @@ pub fn parse(cert: Certificate) !Parsed {
const ty_elem = try der.Element.parse(cert_bytes, atav_i); const ty_elem = try der.Element.parse(cert_bytes, atav_i);
const ty = try parseAttribute(cert_bytes, ty_elem); const ty = try parseAttribute(cert_bytes, ty_elem);
const val = try der.Element.parse(cert_bytes, ty_elem.slice.end); const val = try der.Element.parse(cert_bytes, ty_elem.slice.end);
//std.debug.print(" {s}: '{s}'\n", .{
// @tagName(ty), cert_bytes[val.slice.start..val.slice.end],
//});
switch (ty) { switch (ty) {
.commonName => common_name = val.slice, .commonName => common_name = val.slice,
else => {}, else => {},
@ -452,10 +448,7 @@ fn parseEnum(comptime E: type, bytes: []const u8, element: der.Element) !E {
if (element.identifier.tag != .object_identifier) if (element.identifier.tag != .object_identifier)
return error.CertificateFieldHasWrongDataType; return error.CertificateFieldHasWrongDataType;
const oid_bytes = bytes[element.slice.start..element.slice.end]; const oid_bytes = bytes[element.slice.start..element.slice.end];
return E.map.get(oid_bytes) orelse { return E.map.get(oid_bytes) orelse return error.CertificateHasUnrecognizedObjectId;
//std.debug.print("tag: {}\n", .{std.fmt.fmtSliceHexLower(oid_bytes)});
return error.CertificateHasUnrecognizedObjectId;
};
} }
pub fn checkVersion(bytes: []const u8, version: der.Element) !void { pub fn checkVersion(bytes: []const u8, version: der.Element) !void {

83
lib/std/crypto/tls/Client.zig
View File

@ -147,7 +147,8 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
.alert => { .alert => {
const level = @intToEnum(tls.AlertLevel, frag[0]); const level = @intToEnum(tls.AlertLevel, frag[0]);
const desc = @intToEnum(tls.AlertDescription, frag[1]); const desc = @intToEnum(tls.AlertDescription, frag[1]);
std.debug.print("alert: {s} {s}\n", .{ @tagName(level), @tagName(desc) }); _ = level;
_ = desc;
return error.TlsAlert; return error.TlsAlert;
}, },
.handshake => { .handshake => {
@ -226,14 +227,11 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
shared_key = mul.affineCoordinates().x.toBytes(.Big); shared_key = mul.affineCoordinates().x.toBytes(.Big);
}, },
else => { else => {
//std.debug.print("named group: {x}\n", .{named_group});
return error.TlsIllegalParameter; return error.TlsIllegalParameter;
}, },
} }
}, },
else => { else => {},
std.debug.print("unexpected extension: {x}\n", .{et});
},
} }
i = next_i; i = next_i;
} }
@ -283,18 +281,6 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
p.server_handshake_key = hkdfExpandLabel(P.Hkdf, server_secret, "key", "", P.AEAD.key_length); p.server_handshake_key = hkdfExpandLabel(P.Hkdf, server_secret, "key", "", P.AEAD.key_length);
p.client_handshake_iv = hkdfExpandLabel(P.Hkdf, client_secret, "iv", "", P.AEAD.nonce_length); p.client_handshake_iv = hkdfExpandLabel(P.Hkdf, client_secret, "iv", "", P.AEAD.nonce_length);
p.server_handshake_iv = hkdfExpandLabel(P.Hkdf, server_secret, "iv", "", P.AEAD.nonce_length); p.server_handshake_iv = hkdfExpandLabel(P.Hkdf, server_secret, "iv", "", P.AEAD.nonce_length);
//std.debug.print("shared_key: {}\nhello_hash: {}\nearly_secret: {}\nempty_hash: {}\nderived_secret: {}\nhandshake_secret: {}\n client_secret: {}\n server_secret: {}\nclient_handshake_iv: {}\nserver_handshake_iv: {}\n", .{
// std.fmt.fmtSliceHexLower(&shared_key),
// std.fmt.fmtSliceHexLower(&hello_hash),
// std.fmt.fmtSliceHexLower(&early_secret),
// std.fmt.fmtSliceHexLower(&empty_hash),
// std.fmt.fmtSliceHexLower(&hs_derived_secret),
// std.fmt.fmtSliceHexLower(&p.handshake_secret),
// std.fmt.fmtSliceHexLower(&client_secret),
// std.fmt.fmtSliceHexLower(&server_secret),
// std.fmt.fmtSliceHexLower(&p.client_handshake_iv),
// std.fmt.fmtSliceHexLower(&p.server_handshake_iv),
//});
}, },
else => { else => {
return error.TlsIllegalParameter; return error.TlsIllegalParameter;
@ -416,11 +402,7 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
const next_ext_i = hs_i + ext_size; const next_ext_i = hs_i + ext_size;
switch (et) { switch (et) {
.server_name => {}, .server_name => {},
else => { else => {},
std.debug.print("encrypted extension: {any}\n", .{
et,
});
},
} }
hs_i = next_ext_i; hs_i = next_ext_i;
} }
@ -467,12 +449,7 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
@memcpy(&main_cert_pub_key_buf, pub_key.ptr, pub_key.len); @memcpy(&main_cert_pub_key_buf, pub_key.ptr, pub_key.len);
main_cert_pub_key_len = @intCast(@TypeOf(main_cert_pub_key_len), pub_key.len); main_cert_pub_key_len = @intCast(@TypeOf(main_cert_pub_key_len), pub_key.len);
} else { } else {
prev_cert.verify(subject) catch |err| { try prev_cert.verify(subject);
std.debug.print("unable to validate previous cert: {s}\n", .{
@errorName(err),
});
return err;
};
} }
if (ca_bundle.verify(subject)) |_| { if (ca_bundle.verify(subject)) |_| {
@ -480,12 +457,7 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
break :cert; break :cert;
} else |err| switch (err) { } else |err| switch (err) {
error.CertificateIssuerNotFound => {}, error.CertificateIssuerNotFound => {},
else => |e| { else => |e| return e,
std.debug.print("unable to validate cert against system root CAs: {s}\n", .{
@errorName(e),
});
return e;
},
} }
prev_cert = subject; prev_cert = subject;
@ -559,9 +531,6 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
} }
}, },
else => { else => {
//std.debug.print("signature scheme: {any}\n", .{
// scheme,
//});
return error.TlsBadSignatureScheme; return error.TlsBadSignatureScheme;
}, },
} }
@ -609,11 +578,6 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
const client_secret = hkdfExpandLabel(P.Hkdf, p.master_secret, "c ap traffic", &handshake_hash, P.Hash.digest_length); const client_secret = hkdfExpandLabel(P.Hkdf, p.master_secret, "c ap traffic", &handshake_hash, P.Hash.digest_length);
const server_secret = hkdfExpandLabel(P.Hkdf, p.master_secret, "s ap traffic", &handshake_hash, P.Hash.digest_length); const server_secret = hkdfExpandLabel(P.Hkdf, p.master_secret, "s ap traffic", &handshake_hash, P.Hash.digest_length);
//std.debug.print("master_secret={}\nclient_secret={}\nserver_secret={}\n", .{
// std.fmt.fmtSliceHexLower(&p.master_secret),
// std.fmt.fmtSliceHexLower(&client_secret),
// std.fmt.fmtSliceHexLower(&server_secret),
//});
break :c @unionInit(tls.ApplicationCipher, @tagName(tag), .{ break :c @unionInit(tls.ApplicationCipher, @tagName(tag), .{
.client_secret = client_secret, .client_secret = client_secret,
.server_secret = server_secret, .server_secret = server_secret,
@ -646,13 +610,11 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
} }
}, },
else => { else => {
std.debug.print("inner content type: {any}\n", .{inner_ct});
return error.TlsUnexpectedMessage; return error.TlsUnexpectedMessage;
}, },
} }
}, },
else => { else => {
std.debug.print("content type: {s}\n", .{@tagName(ct)});
return error.TlsUnexpectedMessage; return error.TlsUnexpectedMessage;
}, },
} }
@ -707,16 +669,6 @@ pub fn write(c: *Client, stream: net.Stream, bytes: []const u8) !usize {
c.write_seq += 1; // TODO send key_update on overflow c.write_seq += 1; // TODO send key_update on overflow
const nonce = @as(V, p.client_iv) ^ operand; const nonce = @as(V, p.client_iv) ^ operand;
P.AEAD.encrypt(ciphertext, auth_tag, cleartext, ad, nonce, p.client_key); P.AEAD.encrypt(ciphertext, auth_tag, cleartext, ad, nonce, p.client_key);
//std.debug.print("seq: {d} nonce: {} client_key: {} client_iv: {} ad: {} auth_tag: {}\nserver_key: {} server_iv: {}\n", .{
// c.write_seq - 1,
// std.fmt.fmtSliceHexLower(&nonce),
// std.fmt.fmtSliceHexLower(&p.client_key),
// std.fmt.fmtSliceHexLower(&p.client_iv),
// std.fmt.fmtSliceHexLower(ad),
// std.fmt.fmtSliceHexLower(auth_tag),
// std.fmt.fmtSliceHexLower(&p.server_key),
// std.fmt.fmtSliceHexLower(&p.server_iv),
//});
const record = ciphertext_buf[record_start..ciphertext_end]; const record = ciphertext_buf[record_start..ciphertext_end];
iovecs_buf[iovec_end] = .{ iovecs_buf[iovec_end] = .{
@ -844,10 +796,6 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
c.partial_cleartext_idx = 0; c.partial_cleartext_idx = 0;
c.partial_ciphertext_idx = 0; c.partial_ciphertext_idx = 0;
c.partial_ciphertext_end = 0; c.partial_ciphertext_end = 0;
} else {
std.debug.print("finished giving partial cleartext. {d} bytes ciphertext remain\n", .{
c.partial_ciphertext_end - c.partial_ciphertext_idx,
});
} }
} }
@ -943,11 +891,8 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
in += 1; in += 1;
const legacy_version = mem.readIntBig(u16, frag[in..][0..2]); const legacy_version = mem.readIntBig(u16, frag[in..][0..2]);
in += 2; in += 2;
//_ = legacy_version; _ = legacy_version;
const record_len = mem.readIntBig(u16, frag[in..][0..2]); const record_len = mem.readIntBig(u16, frag[in..][0..2]);
std.debug.print("ct={any} legacy_version={x} record_len={d}\n", .{
ct, legacy_version, record_len,
});
if (record_len > max_ciphertext_len) return error.TlsRecordOverflow; if (record_len > max_ciphertext_len) return error.TlsRecordOverflow;
in += 2; in += 2;
const end = in + record_len; const end = in + record_len;
@ -962,12 +907,8 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
const first = frag[in..]; const first = frag[in..];
const full_record_len = record_len + tls.ciphertext_record_header_len; const full_record_len = record_len + tls.ciphertext_record_header_len;
const second_len = full_record_len - first.len; const second_len = full_record_len - first.len;
if (frag1.len < second_len) { if (frag1.len < second_len)
std.debug.print("end > frag.len finishRead2 end={d} frag.len={d}\n", .{
end, frag.len,
});
return finishRead2(c, first, frag1, vp.total); return finishRead2(c, first, frag1, vp.total);
}
mem.copy(u8, frag[0..in], first); mem.copy(u8, frag[0..in], first);
mem.copy(u8, frag[first.len..], frag1[0..second_len]); mem.copy(u8, frag[first.len..], frag1[0..second_len]);
@ -1016,7 +957,7 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
c.partial_ciphertext_end = c.partial_ciphertext_idx; c.partial_ciphertext_end = c.partial_ciphertext_idx;
return vp.total; return vp.total;
} }
std.debug.print("alert: {s} {s}\n", .{ @tagName(level), @tagName(desc) }); _ = level;
return error.TlsAlert; return error.TlsAlert;
}, },
.handshake => { .handshake => {
@ -1032,11 +973,9 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
const handshake = cleartext[ct_i..next_handshake_i]; const handshake = cleartext[ct_i..next_handshake_i];
switch (handshake_type) { switch (handshake_type) {
.new_session_ticket => { .new_session_ticket => {
std.debug.print("new_session_ticket\n", .{});
// This client implementation ignores new session tickets. // This client implementation ignores new session tickets.
}, },
.key_update => { .key_update => {
std.debug.print("key_update\n", .{});
switch (c.application_cipher) { switch (c.application_cipher) {
inline else => |*p| { inline else => |*p| {
const P = @TypeOf(p.*); const P = @TypeOf(p.*);
@ -1085,13 +1024,10 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
const dest = c.partially_read_buffer[c.partial_ciphertext_idx..]; const dest = c.partially_read_buffer[c.partial_ciphertext_idx..];
mem.copy(u8, dest, msg); mem.copy(u8, dest, msg);
c.partial_ciphertext_idx = @intCast(@TypeOf(c.partial_ciphertext_idx), c.partial_ciphertext_idx + msg.len); c.partial_ciphertext_idx = @intCast(@TypeOf(c.partial_ciphertext_idx), c.partial_ciphertext_idx + msg.len);
std.debug.print("application_data {d} bytes to partial buffer\n", .{msg.len});
} else { } else {
const amt = vp.put(msg); const amt = vp.put(msg);
std.debug.print("application_data {d} bytes to read buffer\n", .{msg.len});
if (amt < msg.len) { if (amt < msg.len) {
const rest = msg[amt..]; const rest = msg[amt..];
std.debug.print(" {d} bytes to partial buffer\n", .{rest.len});
c.partial_cleartext_idx = 0; c.partial_cleartext_idx = 0;
c.partial_ciphertext_idx = @intCast(@TypeOf(c.partial_ciphertext_idx), rest.len); c.partial_ciphertext_idx = @intCast(@TypeOf(c.partial_ciphertext_idx), rest.len);
mem.copy(u8, &c.partially_read_buffer, rest); mem.copy(u8, &c.partially_read_buffer, rest);
@ -1101,7 +1037,6 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
// Output buffer was used directly which means no // Output buffer was used directly which means no
// memory copying needs to occur, and we can move // memory copying needs to occur, and we can move
// on to the next ciphertext record. // on to the next ciphertext record.
std.debug.print("application_data {d} bytes directly to read buffer\n", .{cleartext.len - 1});
vp.next(cleartext.len - 1); vp.next(cleartext.len - 1);
} }
}, },