OLD | NEW |
| (Empty) |
1 /* | |
2 * Functions to trace SSL protocol behavior in DEBUG builds. | |
3 * | |
4 * This Source Code Form is subject to the terms of the Mozilla Public | |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
7 #include <stdarg.h> | |
8 #include "cert.h" | |
9 #include "ssl.h" | |
10 #include "sslimpl.h" | |
11 #include "sslproto.h" | |
12 #include "prprf.h" | |
13 | |
14 #if defined(DEBUG) || defined(TRACE) | |
15 static const char *hex = "0123456789abcdef"; | |
16 | |
17 static const char printable[257] = { | |
18 "................" /* 0x */ | |
19 "................" /* 1x */ | |
20 " !\"#$%&'()*+,-./" /* 2x */ | |
21 "0123456789:;<=>?" /* 3x */ | |
22 "@ABCDEFGHIJKLMNO" /* 4x */ | |
23 "PQRSTUVWXYZ[\\]^_" /* 5x */ | |
24 "`abcdefghijklmno" /* 6x */ | |
25 "pqrstuvwxyz{|}~." /* 7x */ | |
26 "................" /* 8x */ | |
27 "................" /* 9x */ | |
28 "................" /* ax */ | |
29 "................" /* bx */ | |
30 "................" /* cx */ | |
31 "................" /* dx */ | |
32 "................" /* ex */ | |
33 "................" /* fx */ | |
34 }; | |
35 | |
36 void | |
37 ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len) | |
38 { | |
39 const unsigned char *cp = (const unsigned char *)vp; | |
40 char buf[80]; | |
41 char *bp; | |
42 char *ap; | |
43 | |
44 if (ss) { | |
45 SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd, | |
46 msg, len)); | |
47 } else { | |
48 SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len)); | |
49 } | |
50 memset(buf, ' ', sizeof buf); | |
51 bp = buf; | |
52 ap = buf + 50; | |
53 while (--len >= 0) { | |
54 unsigned char ch = *cp++; | |
55 *bp++ = hex[(ch >> 4) & 0xf]; | |
56 *bp++ = hex[ch & 0xf]; | |
57 *bp++ = ' '; | |
58 *ap++ = printable[ch]; | |
59 if (ap - buf >= 66) { | |
60 *ap = 0; | |
61 SSL_TRACE((" %s", buf)); | |
62 memset(buf, ' ', sizeof buf); | |
63 bp = buf; | |
64 ap = buf + 50; | |
65 } | |
66 } | |
67 if (bp > buf) { | |
68 *ap = 0; | |
69 SSL_TRACE((" %s", buf)); | |
70 } | |
71 } | |
72 | |
73 #define LEN(cp) (((cp)[0] << 8) | ((cp)[1])) | |
74 | |
75 static void | |
76 PrintType(sslSocket *ss, char *msg) | |
77 { | |
78 if (ss) { | |
79 SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, msg)); | |
80 } else { | |
81 SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg)); | |
82 } | |
83 } | |
84 | |
85 static void | |
86 PrintInt(sslSocket *ss, char *msg, unsigned v) | |
87 { | |
88 if (ss) { | |
89 SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd, msg, v)
); | |
90 } else { | |
91 SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v)); | |
92 } | |
93 } | |
94 | |
95 /* PrintBuf is just like ssl_PrintBuf above, except that: | |
96 * a) It prefixes each line of the buffer with "XX: SSL[xxx] " | |
97 * b) It dumps only hex, not ASCII. | |
98 */ | |
99 static void | |
100 PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len) | |
101 { | |
102 char buf[80]; | |
103 char *bp; | |
104 | |
105 if (ss) { | |
106 SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", | |
107 SSL_GETPID(), ss->fd, msg, len)); | |
108 } else { | |
109 SSL_TRACE(("%d: SSL: %s [Len: %d]", | |
110 SSL_GETPID(), msg, len)); | |
111 } | |
112 bp = buf; | |
113 while (--len >= 0) { | |
114 unsigned char ch = *cp++; | |
115 *bp++ = hex[(ch >> 4) & 0xf]; | |
116 *bp++ = hex[ch & 0xf]; | |
117 *bp++ = ' '; | |
118 if (bp + 4 > buf + 50) { | |
119 *bp = 0; | |
120 if (ss) { | |
121 SSL_TRACE(("%d: SSL[%d]: %s", | |
122 SSL_GETPID(), ss->fd, buf)); | |
123 } else { | |
124 SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); | |
125 } | |
126 bp = buf; | |
127 } | |
128 } | |
129 if (bp > buf) { | |
130 *bp = 0; | |
131 if (ss) { | |
132 SSL_TRACE(("%d: SSL[%d]: %s", | |
133 SSL_GETPID(), ss->fd, buf)); | |
134 } else { | |
135 SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); | |
136 } | |
137 } | |
138 } | |
139 | |
140 void | |
141 ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len) | |
142 { | |
143 switch (bp[0]) { | |
144 case SSL_MT_ERROR: | |
145 PrintType(ss, "Error"); | |
146 PrintInt(ss, "error", LEN(bp + 1)); | |
147 break; | |
148 | |
149 case SSL_MT_CLIENT_HELLO: { | |
150 unsigned lcs = LEN(bp + 3); | |
151 unsigned ls = LEN(bp + 5); | |
152 unsigned lc = LEN(bp + 7); | |
153 | |
154 PrintType(ss, "Client-Hello"); | |
155 | |
156 PrintInt(ss, "version (Major)", bp[1]); | |
157 PrintInt(ss, "version (minor)", bp[2]); | |
158 | |
159 PrintBuf(ss, "cipher-specs", bp + 9, lcs); | |
160 PrintBuf(ss, "session-id", bp + 9 + lcs, ls); | |
161 PrintBuf(ss, "challenge", bp + 9 + lcs + ls, lc); | |
162 } break; | |
163 case SSL_MT_CLIENT_MASTER_KEY: { | |
164 unsigned lck = LEN(bp + 4); | |
165 unsigned lek = LEN(bp + 6); | |
166 unsigned lka = LEN(bp + 8); | |
167 | |
168 PrintType(ss, "Client-Master-Key"); | |
169 | |
170 PrintInt(ss, "cipher-choice", bp[1]); | |
171 PrintInt(ss, "key-length", LEN(bp + 2)); | |
172 | |
173 PrintBuf(ss, "clear-key", bp + 10, lck); | |
174 PrintBuf(ss, "encrypted-key", bp + 10 + lck, lek); | |
175 PrintBuf(ss, "key-arg", bp + 10 + lck + lek, lka); | |
176 } break; | |
177 case SSL_MT_CLIENT_FINISHED: | |
178 PrintType(ss, "Client-Finished"); | |
179 PrintBuf(ss, "connection-id", bp + 1, len - 1); | |
180 break; | |
181 case SSL_MT_SERVER_HELLO: { | |
182 unsigned lc = LEN(bp + 5); | |
183 unsigned lcs = LEN(bp + 7); | |
184 unsigned lci = LEN(bp + 9); | |
185 | |
186 PrintType(ss, "Server-Hello"); | |
187 | |
188 PrintInt(ss, "session-id-hit", bp[1]); | |
189 PrintInt(ss, "certificate-type", bp[2]); | |
190 PrintInt(ss, "version (Major)", bp[3]); | |
191 PrintInt(ss, "version (minor)", bp[3]); | |
192 PrintBuf(ss, "certificate", bp + 11, lc); | |
193 PrintBuf(ss, "cipher-specs", bp + 11 + lc, lcs); | |
194 PrintBuf(ss, "connection-id", bp + 11 + lc + lcs, lci); | |
195 } break; | |
196 case SSL_MT_SERVER_VERIFY: | |
197 PrintType(ss, "Server-Verify"); | |
198 PrintBuf(ss, "challenge", bp + 1, len - 1); | |
199 break; | |
200 case SSL_MT_SERVER_FINISHED: | |
201 PrintType(ss, "Server-Finished"); | |
202 PrintBuf(ss, "session-id", bp + 1, len - 1); | |
203 break; | |
204 case SSL_MT_REQUEST_CERTIFICATE: | |
205 PrintType(ss, "Request-Certificate"); | |
206 PrintInt(ss, "authentication-type", bp[1]); | |
207 PrintBuf(ss, "certificate-challenge", bp + 2, len - 2); | |
208 break; | |
209 case SSL_MT_CLIENT_CERTIFICATE: { | |
210 unsigned lc = LEN(bp + 2); | |
211 unsigned lr = LEN(bp + 4); | |
212 PrintType(ss, "Client-Certificate"); | |
213 PrintInt(ss, "certificate-type", bp[1]); | |
214 PrintBuf(ss, "certificate", bp + 6, lc); | |
215 PrintBuf(ss, "response", bp + 6 + lc, lr); | |
216 } break; | |
217 default: | |
218 ssl_PrintBuf(ss, "sending *unknown* message type", bp, len); | |
219 return; | |
220 } | |
221 } | |
222 | |
223 void | |
224 ssl_Trace(const char *format, ...) | |
225 { | |
226 char buf[2000]; | |
227 va_list args; | |
228 | |
229 if (ssl_trace_iob) { | |
230 va_start(args, format); | |
231 PR_vsnprintf(buf, sizeof(buf), format, args); | |
232 va_end(args); | |
233 | |
234 fputs(buf, ssl_trace_iob); | |
235 fputs("\n", ssl_trace_iob); | |
236 } | |
237 } | |
238 #endif | |
OLD | NEW |