net/third_party/nss/ssl/ssltrace.c

   1 /*
   2  * Functions to trace SSL protocol behavior in DEBUG builds.
   3  *
   4  * This Source Code Form is subject to the terms of the Mozilla Public
   5  * License, v. 2.0. If a copy of the MPL was not distributed with this
   6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   7 /* $Id: ssltrace.c,v 1.5 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
   8 #include <stdarg.h>
   9 #include "cert.h"
  10 #include "ssl.h"
  11 #include "sslimpl.h"
  12 #include "sslproto.h"
  13 #include "prprf.h"
  14
  15 #if defined(DEBUG) || defined(TRACE)
  16 static const char *hex = "0123456789abcdef";
  17
  18 static const char printable[257] = {
  19         "................"      /* 0x */
  20         "................"      /* 1x */
  21         " !\"#$%&'()*+,-./"     /* 2x */
  22         "0123456789:;<=>?"      /* 3x */
  23         "@ABCDEFGHIJKLMNO"      /* 4x */
  24         "PQRSTUVWXYZ[\\]^_"     /* 5x */
  25         "`abcdefghijklmno"      /* 6x */
  26         "pqrstuvwxyz{|}~."      /* 7x */
  27         "................"      /* 8x */
  28         "................"      /* 9x */
  29         "................"      /* ax */
  30         "................"      /* bx */
  31         "................"      /* cx */
  32         "................"      /* dx */
  33         "................"      /* ex */
  34         "................"      /* fx */
  35 };
  36
  37 void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len)
  38 {
  39     const unsigned char *cp = (const unsigned char *)vp;
  40     char buf[80];
  41     char *bp;
  42     char *ap;
  43
  44     if (ss) {
  45         SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
  46                    msg, len));
  47     } else {
  48         SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
  49     }
  50     memset(buf, ' ', sizeof buf);
  51     bp = buf;
  52     ap = buf + 50;
  53     while (--len >= 0) {
  54         unsigned char ch = *cp++;
  55         *bp++ = hex[(ch >> 4) & 0xf];
  56         *bp++ = hex[ch & 0xf];
  57         *bp++ = ' ';
  58         *ap++ = printable[ch];
  59         if (ap - buf >= 66) {
  60             *ap = 0;
  61             SSL_TRACE(("   %s", buf));
  62             memset(buf, ' ', sizeof buf);
  63             bp = buf;
  64             ap = buf + 50;
  65         }
  66     }
  67     if (bp > buf) {
  68         *ap = 0;
  69         SSL_TRACE(("   %s", buf));
  70     }
  71 }
  72
  73 #define LEN(cp)         (((cp)[0] << 8) | ((cp)[1]))
  74
  75 static void PrintType(sslSocket *ss, char *msg)
  76 {
  77     if (ss) {
  78         SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd,
  79                    msg));
  80     } else {
  81         SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg));
  82     }
  83 }
  84
  85 static void PrintInt(sslSocket *ss, char *msg, unsigned v)
  86 {
  87     if (ss) {
  88         SSL_TRACE(("%d: SSL[%d]:           %s=%u", SSL_GETPID(), ss->fd,
  89                    msg, v));
  90     } else {
  91         SSL_TRACE(("%d: SSL:           %s=%u", SSL_GETPID(), msg, v));
  92     }
  93 }
  94
  95 /* PrintBuf is just like ssl_PrintBuf above, except that:
  96  * a) It prefixes each line of the buffer with "XX: SSL[xxx]           "
  97  * b) It dumps only hex, not ASCII.
  98  */
  99 static void PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
 100 {
 101     char buf[80];
 102     char *bp;
 103
 104     if (ss) {
 105         SSL_TRACE(("%d: SSL[%d]:           %s [Len: %d]",
 106                    SSL_GETPID(), ss->fd, msg, len));
 107     } else {
 108         SSL_TRACE(("%d: SSL:           %s [Len: %d]",
 109                    SSL_GETPID(), msg, len));
 110     }
 111     bp = buf;
 112     while (--len >= 0) {
 113         unsigned char ch = *cp++;
 114         *bp++ = hex[(ch >> 4) & 0xf];
 115         *bp++ = hex[ch & 0xf];
 116         *bp++ = ' ';
 117         if (bp + 4 > buf + 50) {
 118             *bp = 0;
 119             if (ss) {
 120                 SSL_TRACE(("%d: SSL[%d]:             %s",
 121                            SSL_GETPID(), ss->fd, buf));
 122             } else {
 123                 SSL_TRACE(("%d: SSL:             %s", SSL_GETPID(), buf));
 124             }
 125             bp = buf;
 126         }
 127     }
 128     if (bp > buf) {
 129         *bp = 0;
 130         if (ss) {
 131             SSL_TRACE(("%d: SSL[%d]:             %s",
 132                        SSL_GETPID(), ss->fd, buf));
 133         } else {
 134             SSL_TRACE(("%d: SSL:             %s", SSL_GETPID(), buf));
 135         }
 136     }
 137 }
 138
 139 void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len)
 140 {
 141     switch (bp[0]) {
 142       case SSL_MT_ERROR:
 143         PrintType(ss, "Error");
 144         PrintInt(ss, "error", LEN(bp+1));
 145         break;
 146
 147       case SSL_MT_CLIENT_HELLO:
 148         {
 149             unsigned lcs = LEN(bp+3);
 150             unsigned ls  = LEN(bp+5);
 151             unsigned lc  = LEN(bp+7);
 152
 153             PrintType(ss, "Client-Hello");
 154
 155             PrintInt(ss, "version (Major)",                   bp[1]);
 156             PrintInt(ss, "version (minor)",                   bp[2]);
 157
 158             PrintBuf(ss, "cipher-specs",         bp+9,        lcs);
 159             PrintBuf(ss, "session-id",           bp+9+lcs,    ls);
 160             PrintBuf(ss, "challenge",            bp+9+lcs+ls, lc);
 161         }
 162         break;
 163       case SSL_MT_CLIENT_MASTER_KEY:
 164         {
 165             unsigned lck = LEN(bp+4);
 166             unsigned lek = LEN(bp+6);
 167             unsigned lka = LEN(bp+8);
 168
 169             PrintType(ss, "Client-Master-Key");
 170
 171             PrintInt(ss, "cipher-choice",                       bp[1]);
 172             PrintInt(ss, "key-length",                          LEN(bp+2));
 173
 174             PrintBuf(ss, "clear-key",            bp+10,         lck);
 175             PrintBuf(ss, "encrypted-key",        bp+10+lck,     lek);
 176             PrintBuf(ss, "key-arg",              bp+10+lck+lek, lka);
 177         }
 178         break;
 179       case SSL_MT_CLIENT_FINISHED:
 180         PrintType(ss, "Client-Finished");
 181         PrintBuf(ss, "connection-id",            bp+1,          len-1);
 182         break;
 183       case SSL_MT_SERVER_HELLO:
 184         {
 185             unsigned lc = LEN(bp+5);
 186             unsigned lcs = LEN(bp+7);
 187             unsigned lci = LEN(bp+9);
 188
 189             PrintType(ss, "Server-Hello");
 190
 191             PrintInt(ss, "session-id-hit",                     bp[1]);
 192             PrintInt(ss, "certificate-type",                   bp[2]);
 193             PrintInt(ss, "version (Major)",                    bp[3]);
 194             PrintInt(ss, "version (minor)",                    bp[3]);
 195             PrintBuf(ss, "certificate",          bp+11,        lc);
 196             PrintBuf(ss, "cipher-specs",         bp+11+lc,     lcs);
 197             PrintBuf(ss, "connection-id",        bp+11+lc+lcs, lci);
 198         }
 199         break;
 200       case SSL_MT_SERVER_VERIFY:
 201         PrintType(ss, "Server-Verify");
 202         PrintBuf(ss, "challenge",                bp+1,         len-1);
 203         break;
 204       case SSL_MT_SERVER_FINISHED:
 205         PrintType(ss, "Server-Finished");
 206         PrintBuf(ss, "session-id",               bp+1,         len-1);
 207         break;
 208       case SSL_MT_REQUEST_CERTIFICATE:
 209         PrintType(ss, "Request-Certificate");
 210         PrintInt(ss, "authentication-type",                    bp[1]);
 211         PrintBuf(ss, "certificate-challenge",    bp+2,         len-2);
 212         break;
 213       case SSL_MT_CLIENT_CERTIFICATE:
 214         {
 215             unsigned lc = LEN(bp+2);
 216             unsigned lr = LEN(bp+4);
 217             PrintType(ss, "Client-Certificate");
 218             PrintInt(ss, "certificate-type",                   bp[1]);
 219             PrintBuf(ss, "certificate",          bp+6,         lc);
 220             PrintBuf(ss, "response",             bp+6+lc,      lr);
 221         }
 222         break;
 223       default:
 224         ssl_PrintBuf(ss, "sending *unknown* message type", bp, len);
 225         return;
 226     }
 227 }
 228
 229 void
 230 ssl_Trace(const char *format, ... )
 231 {
 232     char buf[2000];
 233     va_list args;
 234
 235     if (ssl_trace_iob) {
 236         va_start(args, format);
 237         PR_vsnprintf(buf, sizeof(buf), format, args);
 238         va_end(args);
 239
 240         fputs(buf,  ssl_trace_iob);
 241         fputs("\n", ssl_trace_iob);
 242     }
 243 }
 244 #endif