net/third_party/nss/ssl/ssltrace.c

   1 /*
   2  * Functions to trace SSL protocol behavior in DEBUG builds.
   3  *
   4  * This Source Code Form is subject to the terms of the Mozilla Public
   5  * License, v. 2.0. If a copy of the MPL was not distributed with this
   6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   7 #include <stdarg.h>
   8 #include "cert.h"
   9 #include "ssl.h"
  10 #include "sslimpl.h"
  11 #include "sslproto.h"
  12 #include "prprf.h"
  13
  14 #if defined(DEBUG) || defined(TRACE)
  15 static const char *hex = "0123456789abcdef";
  16
  17 static const char printable[257] = {
  18         "................"      /* 0x */
  19         "................"      /* 1x */
  20         " !\"#$%&'()*+,-./"     /* 2x */
  21         "0123456789:;<=>?"      /* 3x */
  22         "@ABCDEFGHIJKLMNO"      /* 4x */
  23         "PQRSTUVWXYZ[\\]^_"     /* 5x */
  24         "`abcdefghijklmno"      /* 6x */
  25         "pqrstuvwxyz{|}~."      /* 7x */
  26         "................"      /* 8x */
  27         "................"      /* 9x */
  28         "................"      /* ax */
  29         "................"      /* bx */
  30         "................"      /* cx */
  31         "................"      /* dx */
  32         "................"      /* ex */
  33         "................"      /* fx */
  34 };
  35
  36 void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len)
  37 {
  38     const unsigned char *cp = (const unsigned char *)vp;
  39     char buf[80];
  40     char *bp;
  41     char *ap;
  42
  43     if (ss) {
  44         SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
  45                    msg, len));
  46     } else {
  47         SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
  48     }
  49     memset(buf, ' ', sizeof buf);
  50     bp = buf;
  51     ap = buf + 50;
  52     while (--len >= 0) {
  53         unsigned char ch = *cp++;
  54         *bp++ = hex[(ch >> 4) & 0xf];
  55         *bp++ = hex[ch & 0xf];
  56         *bp++ = ' ';
  57         *ap++ = printable[ch];
  58         if (ap - buf >= 66) {
  59             *ap = 0;
  60             SSL_TRACE(("   %s", buf));
  61             memset(buf, ' ', sizeof buf);
  62             bp = buf;
  63             ap = buf + 50;
  64         }
  65     }
  66     if (bp > buf) {
  67         *ap = 0;
  68         SSL_TRACE(("   %s", buf));
  69     }
  70 }
  71
  72 #define LEN(cp)         (((cp)[0] << 8) | ((cp)[1]))
  73
  74 static void PrintType(sslSocket *ss, char *msg)
  75 {
  76     if (ss) {
  77         SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd,
  78                    msg));
  79     } else {
  80         SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg));
  81     }
  82 }
  83
  84 static void PrintInt(sslSocket *ss, char *msg, unsigned v)
  85 {
  86     if (ss) {
  87         SSL_TRACE(("%d: SSL[%d]:           %s=%u", SSL_GETPID(), ss->fd,
  88                    msg, v));
  89     } else {
  90         SSL_TRACE(("%d: SSL:           %s=%u", SSL_GETPID(), msg, v));
  91     }
  92 }
  93
  94 /* PrintBuf is just like ssl_PrintBuf above, except that:
  95  * a) It prefixes each line of the buffer with "XX: SSL[xxx]           "
  96  * b) It dumps only hex, not ASCII.
  97  */
  98 static void PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
  99 {
 100     char buf[80];
 101     char *bp;
 102
 103     if (ss) {
 104         SSL_TRACE(("%d: SSL[%d]:           %s [Len: %d]",
 105                    SSL_GETPID(), ss->fd, msg, len));
 106     } else {
 107         SSL_TRACE(("%d: SSL:           %s [Len: %d]",
 108                    SSL_GETPID(), msg, len));
 109     }
 110     bp = buf;
 111     while (--len >= 0) {
 112         unsigned char ch = *cp++;
 113         *bp++ = hex[(ch >> 4) & 0xf];
 114         *bp++ = hex[ch & 0xf];
 115         *bp++ = ' ';
 116         if (bp + 4 > buf + 50) {
 117             *bp = 0;
 118             if (ss) {
 119                 SSL_TRACE(("%d: SSL[%d]:             %s",
 120                            SSL_GETPID(), ss->fd, buf));
 121             } else {
 122                 SSL_TRACE(("%d: SSL:             %s", SSL_GETPID(), buf));
 123             }
 124             bp = buf;
 125         }
 126     }
 127     if (bp > buf) {
 128         *bp = 0;
 129         if (ss) {
 130             SSL_TRACE(("%d: SSL[%d]:             %s",
 131                        SSL_GETPID(), ss->fd, buf));
 132         } else {
 133             SSL_TRACE(("%d: SSL:             %s", SSL_GETPID(), buf));
 134         }
 135     }
 136 }
 137
 138 void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len)
 139 {
 140     switch (bp[0]) {
 141       case SSL_MT_ERROR:
 142         PrintType(ss, "Error");
 143         PrintInt(ss, "error", LEN(bp+1));
 144         break;
 145
 146       case SSL_MT_CLIENT_HELLO:
 147         {
 148             unsigned lcs = LEN(bp+3);
 149             unsigned ls  = LEN(bp+5);
 150             unsigned lc  = LEN(bp+7);
 151
 152             PrintType(ss, "Client-Hello");
 153
 154             PrintInt(ss, "version (Major)",                   bp[1]);
 155             PrintInt(ss, "version (minor)",                   bp[2]);
 156
 157             PrintBuf(ss, "cipher-specs",         bp+9,        lcs);
 158             PrintBuf(ss, "session-id",           bp+9+lcs,    ls);
 159             PrintBuf(ss, "challenge",            bp+9+lcs+ls, lc);
 160         }
 161         break;
 162       case SSL_MT_CLIENT_MASTER_KEY:
 163         {
 164             unsigned lck = LEN(bp+4);
 165             unsigned lek = LEN(bp+6);
 166             unsigned lka = LEN(bp+8);
 167
 168             PrintType(ss, "Client-Master-Key");
 169
 170             PrintInt(ss, "cipher-choice",                       bp[1]);
 171             PrintInt(ss, "key-length",                          LEN(bp+2));
 172
 173             PrintBuf(ss, "clear-key",            bp+10,         lck);
 174             PrintBuf(ss, "encrypted-key",        bp+10+lck,     lek);
 175             PrintBuf(ss, "key-arg",              bp+10+lck+lek, lka);
 176         }
 177         break;
 178       case SSL_MT_CLIENT_FINISHED:
 179         PrintType(ss, "Client-Finished");
 180         PrintBuf(ss, "connection-id",            bp+1,          len-1);
 181         break;
 182       case SSL_MT_SERVER_HELLO:
 183         {
 184             unsigned lc = LEN(bp+5);
 185             unsigned lcs = LEN(bp+7);
 186             unsigned lci = LEN(bp+9);
 187
 188             PrintType(ss, "Server-Hello");
 189
 190             PrintInt(ss, "session-id-hit",                     bp[1]);
 191             PrintInt(ss, "certificate-type",                   bp[2]);
 192             PrintInt(ss, "version (Major)",                    bp[3]);
 193             PrintInt(ss, "version (minor)",                    bp[3]);
 194             PrintBuf(ss, "certificate",          bp+11,        lc);
 195             PrintBuf(ss, "cipher-specs",         bp+11+lc,     lcs);
 196             PrintBuf(ss, "connection-id",        bp+11+lc+lcs, lci);
 197         }
 198         break;
 199       case SSL_MT_SERVER_VERIFY:
 200         PrintType(ss, "Server-Verify");
 201         PrintBuf(ss, "challenge",                bp+1,         len-1);
 202         break;
 203       case SSL_MT_SERVER_FINISHED:
 204         PrintType(ss, "Server-Finished");
 205         PrintBuf(ss, "session-id",               bp+1,         len-1);
 206         break;
 207       case SSL_MT_REQUEST_CERTIFICATE:
 208         PrintType(ss, "Request-Certificate");
 209         PrintInt(ss, "authentication-type",                    bp[1]);
 210         PrintBuf(ss, "certificate-challenge",    bp+2,         len-2);
 211         break;
 212       case SSL_MT_CLIENT_CERTIFICATE:
 213         {
 214             unsigned lc = LEN(bp+2);
 215             unsigned lr = LEN(bp+4);
 216             PrintType(ss, "Client-Certificate");
 217             PrintInt(ss, "certificate-type",                   bp[1]);
 218             PrintBuf(ss, "certificate",          bp+6,         lc);
 219             PrintBuf(ss, "response",             bp+6+lc,      lr);
 220         }
 221         break;
 222       default:
 223         ssl_PrintBuf(ss, "sending *unknown* message type", bp, len);
 224         return;
 225     }
 226 }
 227
 228 void
 229 ssl_Trace(const char *format, ... )
 230 {
 231     char buf[2000];
 232     va_list args;
 233
 234     if (ssl_trace_iob) {
 235         va_start(args, format);
 236         PR_vsnprintf(buf, sizeof(buf), format, args);
 237         va_end(args);
 238
 239         fputs(buf,  ssl_trace_iob);
 240         fputs("\n", ssl_trace_iob);
 241     }
 242 }
 243 #endif