nss tech note2 编辑

Using the PKCS #11 Module Logger

NSS Technical Note: 2

The logger displays all activity between NSS and a specified PKCS #11 module. It works by inserting a special set of entry points between NSS and the module.

To enable the module logger, you must set the environment variable NSS_DEBUG_PKCS11_MODULE to the name of the target module. For example, to log the softoken, use:

NSS_DEBUG_PKCS11_MODULE="NSS Internal PKCS #11 Module"

Note: In the Command Prompt on Windows, do not quote the name of the target module, otherwise the quotes are considered part of the name. For example, to log the softoken on Windows, use:

      set NSS_DEBUG_PKCS11_MODULE=NSS Internal PKCS #11 Module

The logger is available by default in debug builds. For optimized builds, NSS must be built with the variable DEBUG_PKCS11 set.

Modes of Operation

The logger has several modes of operation:

1. Only display the sequence of PKCS #11 calls. To enable this mode, set:

NSPR_LOG_MODULES=nss_mod_log:1
NSPR_LOG_FILE=<logfile>

The output format is:

OSThreadID[NSPRThreadID]: C_XXX
OSThreadID[NSPRThreadID]:   rv = 0xYYYYYYYY

For example,

1024[805ef10]: C_Initialize
1024[805ef10]:   rv = 0x0
1024[805ef10]: C_GetInfo
1024[805ef10]:   rv = 0x0
1024[805ef10]: C_GetSlotList
1024[805ef10]:   rv = 0x0

2. Display the sequence of PKCS #11 calls, and the parameters given to them. To enable this mode, set:

NSPR_LOG_MODULES=nss_mod_log:3
NSPR_LOG_FILE=<logfile>

The output format is:

OSThreadID[NSPRThreadID]: C_XXX
OSThreadID[NSPRThreadID]:   arg1 = 0xAAAAAAAA
...
OSThreadID[NSPRThreadID]:   argN = 0xAAAAAAAA
OSThreadID[NSPRThreadID]:   rv = 0xYYYYYYYY

For example,

1024[805ef10]: C_Initialize
1024[805ef10]:   pInitArgs = 0x4010c938
1024[805ef10]:   rv = 0x0
1024[805ef10]: C_GetInfo
1024[805ef10]:   pInfo = 0xbffff340
1024[805ef10]:   rv = 0x0
1024[805ef10]: C_GetSlotList
1024[805ef10]:   tokenPresent = 0x0
1024[805ef10]:   pSlotList = 0x0
1024[805ef10]:   pulCount = 0xbffff33c
1024[805ef10]:   *pulCount = 0x2
1024[805ef10]:   rv = 0x0

Note that when a PKCS #11 function takes a pointer argument for which it will set a value (C_GetSlotList above), this mode will display the value upon return.

3. Display verbose information, including template values, array values, etc. To enable this mode, set:

NSPR_LOG_MODULES=nss_mod_log:4
NSPR_LOG_FILE=<logfile>

The output format is the same as above, but with more information. For example,

1024[805ef10]: C_FindObjectsInit
1024[805ef10]:   hSession = 0x1000001
1024[805ef10]:   pTemplate = 0xbffff410
1024[805ef10]:   ulCount = 3
1024[805ef10]:     CKA_LABEL = localhost.nyc.rr.com [20]
1024[805ef10]:     CKA_TOKEN = CK_TRUE [1]
1024[805ef10]:     CKA_CLASS = CKO_CERTIFICATE [4]
1024[805ef10]:   rv = 0x0
1024[805ef10]: C_FindObjects
1024[805ef10]:   hSession = 0x1000001
1024[805ef10]:   phObject = 0x806d810
1024[805ef10]:   ulMaxObjectCount = 16
1024[805ef10]:   pulObjectCount = 0xbffff38c
1024[805ef10]:   *pulObjectCount = 0x1
1024[805ef10]:   phObject[0] = 0xf6457d04
1024[805ef10]:   rv = 0x0
1024[805ef10]: C_FindObjectsFinal
1024[805ef10]:   hSession = 0x1000001
1024[805ef10]:   rv = 0x0
1024[805ef10]: C_GetAttributeValue
1024[805ef10]:   hSession = 0x1000001
1024[805ef10]:   hObject = 0xf6457d04
1024[805ef10]:   pTemplate = 0xbffff2d0
1024[805ef10]:   ulCount = 2
1024[805ef10]:     CKA_TOKEN = 0 [1]
1024[805ef10]:     CKA_LABEL = 0 [20]
1024[805ef10]:   rv = 0x0
1024[805ef10]: C_GetAttributeValue
1024[805ef10]:   hSession = 0x1000001
1024[805ef10]:   hObject = 0xf6457d04
1024[805ef10]:   pTemplate = 0xbffff2d0
1024[805ef10]:   ulCount = 2
1024[805ef10]:     CKA_TOKEN = CK_TRUE [1]
1024[805ef10]:     CKA_LABEL = localhost.nyc.rr.com [20]
1024[805ef10]:   rv = 0x0

4. Collect performance data. This mode is most useful in optimized builds. The number of calls to each PKCS #11 function will be counted, and the time spent in each function as well. A summary of performance data is dumped during NSS shutdown.

No additional environment variables are required for this mode. If the environment variable NSS_OUTPUT_FILE is set, its value will be used as the path name of the file to which the final output will be written. Otherwise, the output will be written to stdout.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:24 次

字数:5109

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文