OLD | NEW |
1 /* | 1 /* |
2 * Functions to trace SSL protocol behavior in DEBUG builds. | 2 * Functions to trace SSL protocol behavior in DEBUG builds. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 #include <stdarg.h> | 7 #include <stdarg.h> |
8 #include "cert.h" | 8 #include "cert.h" |
9 #include "ssl.h" | 9 #include "ssl.h" |
10 #include "sslimpl.h" | 10 #include "sslimpl.h" |
11 #include "sslproto.h" | 11 #include "sslproto.h" |
12 #include "prprf.h" | 12 #include "prprf.h" |
13 | 13 |
14 #if defined(DEBUG) || defined(TRACE) | 14 #if defined(DEBUG) || defined(TRACE) |
15 static const char *hex = "0123456789abcdef"; | 15 static const char *hex = "0123456789abcdef"; |
16 | 16 |
17 static const char printable[257] = { | 17 static const char printable[257] = { |
18 » "................"» /* 0x */ | 18 "................" /* 0x */ |
19 » "................"» /* 1x */ | 19 "................" /* 1x */ |
20 » " !\"#$%&'()*+,-./"» /* 2x */ | 20 " !\"#$%&'()*+,-./" /* 2x */ |
21 » "0123456789:;<=>?"» /* 3x */ | 21 "0123456789:;<=>?" /* 3x */ |
22 » "@ABCDEFGHIJKLMNO"» /* 4x */ | 22 "@ABCDEFGHIJKLMNO" /* 4x */ |
23 » "PQRSTUVWXYZ[\\]^_"» /* 5x */ | 23 "PQRSTUVWXYZ[\\]^_" /* 5x */ |
24 » "`abcdefghijklmno"» /* 6x */ | 24 "`abcdefghijklmno" /* 6x */ |
25 » "pqrstuvwxyz{|}~."» /* 7x */ | 25 "pqrstuvwxyz{|}~." /* 7x */ |
26 » "................"» /* 8x */ | 26 "................" /* 8x */ |
27 » "................"» /* 9x */ | 27 "................" /* 9x */ |
28 » "................"» /* ax */ | 28 "................" /* ax */ |
29 » "................"» /* bx */ | 29 "................" /* bx */ |
30 » "................"» /* cx */ | 30 "................" /* cx */ |
31 » "................"» /* dx */ | 31 "................" /* dx */ |
32 » "................"» /* ex */ | 32 "................" /* ex */ |
33 » "................"» /* fx */ | 33 "................" /* fx */ |
34 }; | 34 }; |
35 | 35 |
36 void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len) | 36 void |
| 37 ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len) |
37 { | 38 { |
38 const unsigned char *cp = (const unsigned char *)vp; | 39 const unsigned char *cp = (const unsigned char *)vp; |
39 char buf[80]; | 40 char buf[80]; |
40 char *bp; | 41 char *bp; |
41 char *ap; | 42 char *ap; |
42 | 43 |
43 if (ss) { | 44 if (ss) { |
44 » SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd, | 45 SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd, |
45 » » msg, len)); | 46 msg, len)); |
46 } else { | 47 } else { |
47 » SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len)); | 48 SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len)); |
48 } | 49 } |
49 memset(buf, ' ', sizeof buf); | 50 memset(buf, ' ', sizeof buf); |
50 bp = buf; | 51 bp = buf; |
51 ap = buf + 50; | 52 ap = buf + 50; |
52 while (--len >= 0) { | 53 while (--len >= 0) { |
53 » unsigned char ch = *cp++; | 54 unsigned char ch = *cp++; |
54 » *bp++ = hex[(ch >> 4) & 0xf]; | 55 *bp++ = hex[(ch >> 4) & 0xf]; |
55 » *bp++ = hex[ch & 0xf]; | 56 *bp++ = hex[ch & 0xf]; |
56 » *bp++ = ' '; | 57 *bp++ = ' '; |
57 » *ap++ = printable[ch]; | 58 *ap++ = printable[ch]; |
58 » if (ap - buf >= 66) { | 59 if (ap - buf >= 66) { |
59 » *ap = 0; | 60 *ap = 0; |
60 » SSL_TRACE((" %s", buf)); | 61 SSL_TRACE((" %s", buf)); |
61 » memset(buf, ' ', sizeof buf); | 62 memset(buf, ' ', sizeof buf); |
62 » bp = buf; | 63 bp = buf; |
63 » ap = buf + 50; | 64 ap = buf + 50; |
64 » } | 65 } |
65 } | 66 } |
66 if (bp > buf) { | 67 if (bp > buf) { |
67 » *ap = 0; | 68 *ap = 0; |
68 » SSL_TRACE((" %s", buf)); | 69 SSL_TRACE((" %s", buf)); |
69 } | 70 } |
70 } | 71 } |
71 | 72 |
72 #define LEN(cp)»» (((cp)[0] << 8) | ((cp)[1])) | 73 #define LEN(cp) (((cp)[0] << 8) | ((cp)[1])) |
73 | 74 |
74 static void PrintType(sslSocket *ss, char *msg) | 75 static void |
| 76 PrintType(sslSocket *ss, char *msg) |
75 { | 77 { |
76 if (ss) { | 78 if (ss) { |
77 » SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, | 79 SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, msg)); |
78 » » msg)); | |
79 } else { | 80 } else { |
80 » SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg)); | 81 SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg)); |
81 } | 82 } |
82 } | 83 } |
83 | 84 |
84 static void PrintInt(sslSocket *ss, char *msg, unsigned v) | 85 static void |
| 86 PrintInt(sslSocket *ss, char *msg, unsigned v) |
85 { | 87 { |
86 if (ss) { | 88 if (ss) { |
87 » SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd, | 89 SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd, msg, v)
); |
88 » » msg, v)); | |
89 } else { | 90 } else { |
90 » SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v)); | 91 SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v)); |
91 } | 92 } |
92 } | 93 } |
93 | 94 |
94 /* PrintBuf is just like ssl_PrintBuf above, except that: | 95 /* PrintBuf is just like ssl_PrintBuf above, except that: |
95 * a) It prefixes each line of the buffer with "XX: SSL[xxx] " | 96 * a) It prefixes each line of the buffer with "XX: SSL[xxx] " |
96 * b) It dumps only hex, not ASCII. | 97 * b) It dumps only hex, not ASCII. |
97 */ | 98 */ |
98 static void PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len) | 99 static void |
| 100 PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len) |
99 { | 101 { |
100 char buf[80]; | 102 char buf[80]; |
101 char *bp; | 103 char *bp; |
102 | 104 |
103 if (ss) { | 105 if (ss) { |
104 » SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", | 106 SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", |
105 » » SSL_GETPID(), ss->fd, msg, len)); | 107 SSL_GETPID(), ss->fd, msg, len)); |
106 } else { | 108 } else { |
107 » SSL_TRACE(("%d: SSL: %s [Len: %d]", | 109 SSL_TRACE(("%d: SSL: %s [Len: %d]", |
108 » » SSL_GETPID(), msg, len)); | 110 SSL_GETPID(), msg, len)); |
109 } | 111 } |
110 bp = buf; | 112 bp = buf; |
111 while (--len >= 0) { | 113 while (--len >= 0) { |
112 » unsigned char ch = *cp++; | 114 unsigned char ch = *cp++; |
113 » *bp++ = hex[(ch >> 4) & 0xf]; | 115 *bp++ = hex[(ch >> 4) & 0xf]; |
114 » *bp++ = hex[ch & 0xf]; | 116 *bp++ = hex[ch & 0xf]; |
115 » *bp++ = ' '; | 117 *bp++ = ' '; |
116 » if (bp + 4 > buf + 50) { | 118 if (bp + 4 > buf + 50) { |
117 » *bp = 0; | 119 *bp = 0; |
118 » if (ss) { | 120 if (ss) { |
119 » » SSL_TRACE(("%d: SSL[%d]: %s", | 121 SSL_TRACE(("%d: SSL[%d]: %s", |
120 » » » SSL_GETPID(), ss->fd, buf)); | 122 SSL_GETPID(), ss->fd, buf)); |
121 » } else { | 123 } else { |
122 » » SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); | 124 SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); |
123 » } | 125 } |
124 » bp = buf; | 126 bp = buf; |
125 » } | 127 } |
126 } | 128 } |
127 if (bp > buf) { | 129 if (bp > buf) { |
128 » *bp = 0; | 130 *bp = 0; |
129 » if (ss) { | 131 if (ss) { |
130 » SSL_TRACE(("%d: SSL[%d]: %s", | 132 SSL_TRACE(("%d: SSL[%d]: %s", |
131 » » SSL_GETPID(), ss->fd, buf)); | 133 SSL_GETPID(), ss->fd, buf)); |
132 » } else { | 134 } else { |
133 » SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); | 135 SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); |
134 » } | 136 } |
135 } | |
136 } | |
137 | |
138 void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len) | |
139 { | |
140 switch (bp[0]) { | |
141 case SSL_MT_ERROR: | |
142 » PrintType(ss, "Error"); | |
143 » PrintInt(ss, "error", LEN(bp+1)); | |
144 » break; | |
145 | |
146 case SSL_MT_CLIENT_HELLO: | |
147 » { | |
148 » unsigned lcs = LEN(bp+3); | |
149 » unsigned ls = LEN(bp+5); | |
150 » unsigned lc = LEN(bp+7); | |
151 | |
152 » PrintType(ss, "Client-Hello"); | |
153 | |
154 » PrintInt(ss, "version (Major)", bp[1]); | |
155 » PrintInt(ss, "version (minor)", bp[2]); | |
156 | |
157 » PrintBuf(ss, "cipher-specs", bp+9, lcs); | |
158 » PrintBuf(ss, "session-id", bp+9+lcs, ls); | |
159 » PrintBuf(ss, "challenge", bp+9+lcs+ls, lc); | |
160 » } | |
161 » break; | |
162 case SSL_MT_CLIENT_MASTER_KEY: | |
163 » { | |
164 » unsigned lck = LEN(bp+4); | |
165 » unsigned lek = LEN(bp+6); | |
166 » unsigned lka = LEN(bp+8); | |
167 | |
168 » PrintType(ss, "Client-Master-Key"); | |
169 | |
170 » PrintInt(ss, "cipher-choice", bp[1]); | |
171 » PrintInt(ss, "key-length", LEN(bp+2)); | |
172 | |
173 » PrintBuf(ss, "clear-key", bp+10, lck); | |
174 » PrintBuf(ss, "encrypted-key", bp+10+lck, lek); | |
175 » PrintBuf(ss, "key-arg", bp+10+lck+lek, lka); | |
176 » } | |
177 » break; | |
178 case SSL_MT_CLIENT_FINISHED: | |
179 » PrintType(ss, "Client-Finished"); | |
180 » PrintBuf(ss, "connection-id", bp+1, len-1); | |
181 » break; | |
182 case SSL_MT_SERVER_HELLO: | |
183 » { | |
184 » unsigned lc = LEN(bp+5); | |
185 » unsigned lcs = LEN(bp+7); | |
186 » unsigned lci = LEN(bp+9); | |
187 | |
188 » PrintType(ss, "Server-Hello"); | |
189 | |
190 » PrintInt(ss, "session-id-hit", bp[1]); | |
191 » PrintInt(ss, "certificate-type", bp[2]); | |
192 » PrintInt(ss, "version (Major)", bp[3]); | |
193 » PrintInt(ss, "version (minor)", bp[3]); | |
194 » PrintBuf(ss, "certificate", bp+11, lc); | |
195 » PrintBuf(ss, "cipher-specs", bp+11+lc, lcs); | |
196 » PrintBuf(ss, "connection-id", bp+11+lc+lcs, lci); | |
197 » } | |
198 » break; | |
199 case SSL_MT_SERVER_VERIFY: | |
200 » PrintType(ss, "Server-Verify"); | |
201 » PrintBuf(ss, "challenge", bp+1, len-1); | |
202 » break; | |
203 case SSL_MT_SERVER_FINISHED: | |
204 » PrintType(ss, "Server-Finished"); | |
205 » PrintBuf(ss, "session-id", bp+1, len-1); | |
206 » break; | |
207 case SSL_MT_REQUEST_CERTIFICATE: | |
208 » PrintType(ss, "Request-Certificate"); | |
209 » PrintInt(ss, "authentication-type", bp[1]); | |
210 » PrintBuf(ss, "certificate-challenge", bp+2, len-2); | |
211 » break; | |
212 case SSL_MT_CLIENT_CERTIFICATE: | |
213 » { | |
214 » unsigned lc = LEN(bp+2); | |
215 » unsigned lr = LEN(bp+4); | |
216 » PrintType(ss, "Client-Certificate"); | |
217 » PrintInt(ss, "certificate-type", bp[1]); | |
218 » PrintBuf(ss, "certificate", bp+6, lc); | |
219 » PrintBuf(ss, "response", bp+6+lc, lr); | |
220 » } | |
221 » break; | |
222 default: | |
223 » ssl_PrintBuf(ss, "sending *unknown* message type", bp, len); | |
224 » return; | |
225 } | 137 } |
226 } | 138 } |
227 | 139 |
228 void | 140 void |
229 ssl_Trace(const char *format, ... ) | 141 ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len) |
230 { | 142 { |
231 char buf[2000]; | 143 switch (bp[0]) { |
| 144 case SSL_MT_ERROR: |
| 145 PrintType(ss, "Error"); |
| 146 PrintInt(ss, "error", LEN(bp + 1)); |
| 147 break; |
| 148 |
| 149 case SSL_MT_CLIENT_HELLO: { |
| 150 unsigned lcs = LEN(bp + 3); |
| 151 unsigned ls = LEN(bp + 5); |
| 152 unsigned lc = LEN(bp + 7); |
| 153 |
| 154 PrintType(ss, "Client-Hello"); |
| 155 |
| 156 PrintInt(ss, "version (Major)", bp[1]); |
| 157 PrintInt(ss, "version (minor)", bp[2]); |
| 158 |
| 159 PrintBuf(ss, "cipher-specs", bp + 9, lcs); |
| 160 PrintBuf(ss, "session-id", bp + 9 + lcs, ls); |
| 161 PrintBuf(ss, "challenge", bp + 9 + lcs + ls, lc); |
| 162 } break; |
| 163 case SSL_MT_CLIENT_MASTER_KEY: { |
| 164 unsigned lck = LEN(bp + 4); |
| 165 unsigned lek = LEN(bp + 6); |
| 166 unsigned lka = LEN(bp + 8); |
| 167 |
| 168 PrintType(ss, "Client-Master-Key"); |
| 169 |
| 170 PrintInt(ss, "cipher-choice", bp[1]); |
| 171 PrintInt(ss, "key-length", LEN(bp + 2)); |
| 172 |
| 173 PrintBuf(ss, "clear-key", bp + 10, lck); |
| 174 PrintBuf(ss, "encrypted-key", bp + 10 + lck, lek); |
| 175 PrintBuf(ss, "key-arg", bp + 10 + lck + lek, lka); |
| 176 } break; |
| 177 case SSL_MT_CLIENT_FINISHED: |
| 178 PrintType(ss, "Client-Finished"); |
| 179 PrintBuf(ss, "connection-id", bp + 1, len - 1); |
| 180 break; |
| 181 case SSL_MT_SERVER_HELLO: { |
| 182 unsigned lc = LEN(bp + 5); |
| 183 unsigned lcs = LEN(bp + 7); |
| 184 unsigned lci = LEN(bp + 9); |
| 185 |
| 186 PrintType(ss, "Server-Hello"); |
| 187 |
| 188 PrintInt(ss, "session-id-hit", bp[1]); |
| 189 PrintInt(ss, "certificate-type", bp[2]); |
| 190 PrintInt(ss, "version (Major)", bp[3]); |
| 191 PrintInt(ss, "version (minor)", bp[3]); |
| 192 PrintBuf(ss, "certificate", bp + 11, lc); |
| 193 PrintBuf(ss, "cipher-specs", bp + 11 + lc, lcs); |
| 194 PrintBuf(ss, "connection-id", bp + 11 + lc + lcs, lci); |
| 195 } break; |
| 196 case SSL_MT_SERVER_VERIFY: |
| 197 PrintType(ss, "Server-Verify"); |
| 198 PrintBuf(ss, "challenge", bp + 1, len - 1); |
| 199 break; |
| 200 case SSL_MT_SERVER_FINISHED: |
| 201 PrintType(ss, "Server-Finished"); |
| 202 PrintBuf(ss, "session-id", bp + 1, len - 1); |
| 203 break; |
| 204 case SSL_MT_REQUEST_CERTIFICATE: |
| 205 PrintType(ss, "Request-Certificate"); |
| 206 PrintInt(ss, "authentication-type", bp[1]); |
| 207 PrintBuf(ss, "certificate-challenge", bp + 2, len - 2); |
| 208 break; |
| 209 case SSL_MT_CLIENT_CERTIFICATE: { |
| 210 unsigned lc = LEN(bp + 2); |
| 211 unsigned lr = LEN(bp + 4); |
| 212 PrintType(ss, "Client-Certificate"); |
| 213 PrintInt(ss, "certificate-type", bp[1]); |
| 214 PrintBuf(ss, "certificate", bp + 6, lc); |
| 215 PrintBuf(ss, "response", bp + 6 + lc, lr); |
| 216 } break; |
| 217 default: |
| 218 ssl_PrintBuf(ss, "sending *unknown* message type", bp, len); |
| 219 return; |
| 220 } |
| 221 } |
| 222 |
| 223 void |
| 224 ssl_Trace(const char *format, ...) |
| 225 { |
| 226 char buf[2000]; |
232 va_list args; | 227 va_list args; |
233 | 228 |
234 if (ssl_trace_iob) { | 229 if (ssl_trace_iob) { |
235 » va_start(args, format); | 230 va_start(args, format); |
236 » PR_vsnprintf(buf, sizeof(buf), format, args); | 231 PR_vsnprintf(buf, sizeof(buf), format, args); |
237 » va_end(args); | 232 va_end(args); |
238 | 233 |
239 » fputs(buf, ssl_trace_iob); | 234 fputs(buf, ssl_trace_iob); |
240 » fputs("\n", ssl_trace_iob); | 235 fputs("\n", ssl_trace_iob); |
241 } | 236 } |
242 } | 237 } |
243 #endif | 238 #endif |
OLD | NEW |