1 /* 2 * Functions to trace SSL protocol behavior in DEBUG builds. 3 * 4 * ***** BEGIN LICENSE BLOCK ***** 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 6 * 7 * The contents of this file are subject to the Mozilla Public License Version 8 * 1.1 (the "License"); you may not use this file except in compliance with 9 * the License. You may obtain a copy of the License at 10 * http://www.mozilla.org/MPL/ 11 * 12 * Software distributed under the License is distributed on an "AS IS" basis, 13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 14 * for the specific language governing rights and limitations under the 15 * License. 16 * 17 * The Original Code is the Netscape security libraries. 18 * 19 * The Initial Developer of the Original Code is 20 * Netscape Communications Corporation. 21 * Portions created by the Initial Developer are Copyright (C) 1994-2000 22 * the Initial Developer. All Rights Reserved. 23 * 24 * Contributor(s): 25 * 26 * Alternatively, the contents of this file may be used under the terms of 27 * either the GNU General Public License Version 2 or later (the "GPL"), or 28 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 29 * in which case the provisions of the GPL or the LGPL are applicable instead 30 * of those above. If you wish to allow use of your version of this file only 31 * under the terms of either the GPL or the LGPL, and not to allow others to 32 * use your version of this file under the terms of the MPL, indicate your 33 * decision by deleting the provisions above and replace them with the notice 34 * and other provisions required by the GPL or the LGPL. If you do not delete 35 * the provisions above, a recipient may use your version of this file under 36 * the terms of any one of the MPL, the GPL or the LGPL. 37 * 38 * ***** END LICENSE BLOCK ***** */ 39 /* $Id: ssltrace.c,v 1.4 2007/01/31 04:20:26 nelson%bolyard.com Exp $ */ 40 #include <stdarg.h> 41 #include "cert.h" 42 #include "ssl.h" 43 #include "sslimpl.h" 44 #include "sslproto.h" 45 #include "prprf.h" 46 47 #if defined(DEBUG) || defined(TRACE) 48 static const char *hex = "0123456789abcdef"; 49 50 static const char printable[257] = { 51 "................" /* 0x */ 52 "................" /* 1x */ 53 " !\"#$%&'()*+,-./" /* 2x */ 54 "0123456789:;<=>?" /* 3x */ 55 "@ABCDEFGHIJKLMNO" /* 4x */ 56 "PQRSTUVWXYZ[\\]^_" /* 5x */ 57 "`abcdefghijklmno" /* 6x */ 58 "pqrstuvwxyz{|}~." /* 7x */ 59 "................" /* 8x */ 60 "................" /* 9x */ 61 "................" /* ax */ 62 "................" /* bx */ 63 "................" /* cx */ 64 "................" /* dx */ 65 "................" /* ex */ 66 "................" /* fx */ 67 }; 68 69 void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len) 70 { 71 const unsigned char *cp = (const unsigned char *)vp; 72 char buf[80]; 73 char *bp; 74 char *ap; 75 76 if (ss) { 77 SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd, 78 msg, len)); 79 } else { 80 SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len)); 81 } 82 memset(buf, ' ', sizeof buf); 83 bp = buf; 84 ap = buf + 50; 85 while (--len >= 0) { 86 unsigned char ch = *cp++; 87 *bp++ = hex[(ch >> 4) & 0xf]; 88 *bp++ = hex[ch & 0xf]; 89 *bp++ = ' '; 90 *ap++ = printable[ch]; 91 if (ap - buf >= 66) { 92 *ap = 0; 93 SSL_TRACE((" %s", buf)); 94 memset(buf, ' ', sizeof buf); 95 bp = buf; 96 ap = buf + 50; 97 } 98 } 99 if (bp > buf) { 100 *ap = 0; 101 SSL_TRACE((" %s", buf)); 102 } 103 } 104 105 #define LEN(cp) (((cp)[0] << 8) | ((cp)[1])) 106 107 static void PrintType(sslSocket *ss, char *msg) 108 { 109 if (ss) { 110 SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, 111 msg)); 112 } else { 113 SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg)); 114 } 115 } 116 117 static void PrintInt(sslSocket *ss, char *msg, unsigned v) 118 { 119 if (ss) { 120 SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd, 121 msg, v)); 122 } else { 123 SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v)); 124 } 125 } 126 127 /* PrintBuf is just like ssl_PrintBuf above, except that: 128 * a) It prefixes each line of the buffer with "XX: SSL[xxx] " 129 * b) It dumps only hex, not ASCII. 130 */ 131 static void PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len) 132 { 133 char buf[80]; 134 char *bp; 135 136 if (ss) { 137 SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", 138 SSL_GETPID(), ss->fd, msg, len)); 139 } else { 140 SSL_TRACE(("%d: SSL: %s [Len: %d]", 141 SSL_GETPID(), msg, len)); 142 } 143 bp = buf; 144 while (--len >= 0) { 145 unsigned char ch = *cp++; 146 *bp++ = hex[(ch >> 4) & 0xf]; 147 *bp++ = hex[ch & 0xf]; 148 *bp++ = ' '; 149 if (bp + 4 > buf + 50) { 150 *bp = 0; 151 if (ss) { 152 SSL_TRACE(("%d: SSL[%d]: %s", 153 SSL_GETPID(), ss->fd, buf)); 154 } else { 155 SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); 156 } 157 bp = buf; 158 } 159 } 160 if (bp > buf) { 161 *bp = 0; 162 if (ss) { 163 SSL_TRACE(("%d: SSL[%d]: %s", 164 SSL_GETPID(), ss->fd, buf)); 165 } else { 166 SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); 167 } 168 } 169 } 170 171 void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len) 172 { 173 switch (bp[0]) { 174 case SSL_MT_ERROR: 175 PrintType(ss, "Error"); 176 PrintInt(ss, "error", LEN(bp+1)); 177 break; 178 179 case SSL_MT_CLIENT_HELLO: 180 { 181 unsigned lcs = LEN(bp+3); 182 unsigned ls = LEN(bp+5); 183 unsigned lc = LEN(bp+7); 184 185 PrintType(ss, "Client-Hello"); 186 187 PrintInt(ss, "version (Major)", bp[1]); 188 PrintInt(ss, "version (minor)", bp[2]); 189 190 PrintBuf(ss, "cipher-specs", bp+9, lcs); 191 PrintBuf(ss, "session-id", bp+9+lcs, ls); 192 PrintBuf(ss, "challenge", bp+9+lcs+ls, lc); 193 } 194 break; 195 case SSL_MT_CLIENT_MASTER_KEY: 196 { 197 unsigned lck = LEN(bp+4); 198 unsigned lek = LEN(bp+6); 199 unsigned lka = LEN(bp+8); 200 201 PrintType(ss, "Client-Master-Key"); 202 203 PrintInt(ss, "cipher-choice", bp[1]); 204 PrintInt(ss, "key-length", LEN(bp+2)); 205 206 PrintBuf(ss, "clear-key", bp+10, lck); 207 PrintBuf(ss, "encrypted-key", bp+10+lck, lek); 208 PrintBuf(ss, "key-arg", bp+10+lck+lek, lka); 209 } 210 break; 211 case SSL_MT_CLIENT_FINISHED: 212 PrintType(ss, "Client-Finished"); 213 PrintBuf(ss, "connection-id", bp+1, len-1); 214 break; 215 case SSL_MT_SERVER_HELLO: 216 { 217 unsigned lc = LEN(bp+5); 218 unsigned lcs = LEN(bp+7); 219 unsigned lci = LEN(bp+9); 220 221 PrintType(ss, "Server-Hello"); 222 223 PrintInt(ss, "session-id-hit", bp[1]); 224 PrintInt(ss, "certificate-type", bp[2]); 225 PrintInt(ss, "version (Major)", bp[3]); 226 PrintInt(ss, "version (minor)", bp[3]); 227 PrintBuf(ss, "certificate", bp+11, lc); 228 PrintBuf(ss, "cipher-specs", bp+11+lc, lcs); 229 PrintBuf(ss, "connection-id", bp+11+lc+lcs, lci); 230 } 231 break; 232 case SSL_MT_SERVER_VERIFY: 233 PrintType(ss, "Server-Verify"); 234 PrintBuf(ss, "challenge", bp+1, len-1); 235 break; 236 case SSL_MT_SERVER_FINISHED: 237 PrintType(ss, "Server-Finished"); 238 PrintBuf(ss, "session-id", bp+1, len-1); 239 break; 240 case SSL_MT_REQUEST_CERTIFICATE: 241 PrintType(ss, "Request-Certificate"); 242 PrintInt(ss, "authentication-type", bp[1]); 243 PrintBuf(ss, "certificate-challenge", bp+2, len-2); 244 break; 245 case SSL_MT_CLIENT_CERTIFICATE: 246 { 247 unsigned lc = LEN(bp+2); 248 unsigned lr = LEN(bp+4); 249 PrintType(ss, "Client-Certificate"); 250 PrintInt(ss, "certificate-type", bp[1]); 251 PrintBuf(ss, "certificate", bp+6, lc); 252 PrintBuf(ss, "response", bp+6+lc, lr); 253 } 254 break; 255 default: 256 ssl_PrintBuf(ss, "sending *unknown* message type", bp, len); 257 return; 258 } 259 } 260 261 void 262 ssl_Trace(const char *format, ... ) 263 { 264 char buf[2000]; 265 va_list args; 266 267 if (ssl_trace_iob) { 268 va_start(args, format); 269 PR_vsnprintf(buf, sizeof(buf), format, args); 270 va_end(args); 271 272 fputs(buf, ssl_trace_iob); 273 fputs("\n", ssl_trace_iob); 274 } 275 } 276 #endif 277