2
* Functions to trace SSL protocol behavior in DEBUG builds.
4
* ***** BEGIN LICENSE BLOCK *****
5
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
7
* The contents of this file are subject to the Mozilla Public License Version
8
* 1.1 (the "License"); you may not use this file except in compliance with
9
* the License. You may obtain a copy of the License at
10
* http://www.mozilla.org/MPL/
12
* Software distributed under the License is distributed on an "AS IS" basis,
13
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14
* for the specific language governing rights and limitations under the
17
* The Original Code is the Netscape security libraries.
19
* The Initial Developer of the Original Code is
20
* Netscape Communications Corporation.
21
* Portions created by the Initial Developer are Copyright (C) 1994-2000
22
* the Initial Developer. All Rights Reserved.
26
* Alternatively, the contents of this file may be used under the terms of
27
* either the GNU General Public License Version 2 or later (the "GPL"), or
28
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
29
* in which case the provisions of the GPL or the LGPL are applicable instead
30
* of those above. If you wish to allow use of your version of this file only
31
* under the terms of either the GPL or the LGPL, and not to allow others to
32
* use your version of this file under the terms of the MPL, indicate your
33
* decision by deleting the provisions above and replace them with the notice
34
* and other provisions required by the GPL or the LGPL. If you do not delete
35
* the provisions above, a recipient may use your version of this file under
36
* the terms of any one of the MPL, the GPL or the LGPL.
38
* ***** END LICENSE BLOCK ***** */
39
/* $Id: ssltrace.c,v 1.3 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
47
#if defined(DEBUG) || defined(TRACE)
48
static const char *hex = "0123456789abcdef";
50
static const char printable[257] = {
51
"................" /* 0x */
52
"................" /* 1x */
53
" !\"#$%&'()*+,-./" /* 2x */
54
"0123456789:;<=>?" /* 3x */
55
"@ABCDEFGHIJKLMNO" /* 4x */
56
"PQRSTUVWXYZ[\\]^_" /* 5x */
57
"`abcdefghijklmno" /* 6x */
58
"pqrstuvwxyz{|}~." /* 7x */
59
"................" /* 8x */
60
"................" /* 9x */
61
"................" /* ax */
62
"................" /* bx */
63
"................" /* cx */
64
"................" /* dx */
65
"................" /* ex */
66
"................" /* fx */
69
void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len)
71
const unsigned char *cp = (const unsigned char *)vp;
77
SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
80
SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
82
memset(buf, ' ', sizeof buf);
86
unsigned char ch = *cp++;
87
*bp++ = hex[(ch >> 4) & 0xf];
88
*bp++ = hex[ch & 0xf];
90
*ap++ = printable[ch];
93
SSL_TRACE((" %s", buf));
94
memset(buf, ' ', sizeof buf);
101
SSL_TRACE((" %s", buf));
105
#define LEN(cp) (((cp)[0] << 8) | ((cp)[1]))
107
static void PrintType(sslSocket *ss, char *msg)
110
SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd,
113
SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg));
117
static void PrintInt(sslSocket *ss, char *msg, unsigned v)
120
SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd,
123
SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v));
127
/* PrintBuf is just like ssl_PrintBuf above, except that:
128
* a) It prefixes each line of the buffer with "XX: SSL[xxx] "
129
* b) It dumps only hex, not ASCII.
131
static void PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
137
SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]",
138
SSL_GETPID(), ss->fd, msg, len));
140
SSL_TRACE(("%d: SSL: %s [Len: %d]",
141
SSL_GETPID(), msg, len));
145
unsigned char ch = *cp++;
146
*bp++ = hex[(ch >> 4) & 0xf];
147
*bp++ = hex[ch & 0xf];
149
if (bp + 4 > buf + 50) {
152
SSL_TRACE(("%d: SSL[%d]: %s",
153
SSL_GETPID(), ss->fd, buf));
155
SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
163
SSL_TRACE(("%d: SSL[%d]: %s",
164
SSL_GETPID(), ss->fd, buf));
166
SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
171
void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len)
175
PrintType(ss, "Error");
176
PrintInt(ss, "error", LEN(bp+1));
179
case SSL_MT_CLIENT_HELLO:
181
unsigned lcs = LEN(bp+3);
182
unsigned ls = LEN(bp+5);
183
unsigned lc = LEN(bp+7);
185
PrintType(ss, "Client-Hello");
187
PrintInt(ss, "version (Major)", bp[1]);
188
PrintInt(ss, "version (minor)", bp[2]);
190
PrintBuf(ss, "cipher-specs", bp+9, lcs);
191
PrintBuf(ss, "session-id", bp+9+lcs, ls);
192
PrintBuf(ss, "challenge", bp+9+lcs+ls, lc);
195
case SSL_MT_CLIENT_MASTER_KEY:
197
unsigned lck = LEN(bp+4);
198
unsigned lek = LEN(bp+6);
199
unsigned lka = LEN(bp+8);
201
PrintType(ss, "Client-Master-Key");
203
PrintInt(ss, "cipher-choice", bp[1]);
204
PrintInt(ss, "key-length", LEN(bp+2));
206
PrintBuf(ss, "clear-key", bp+10, lck);
207
PrintBuf(ss, "encrypted-key", bp+10+lck, lek);
208
PrintBuf(ss, "key-arg", bp+10+lck+lek, lka);
211
case SSL_MT_CLIENT_FINISHED:
212
PrintType(ss, "Client-Finished");
213
PrintBuf(ss, "connection-id", bp+1, len-1);
215
case SSL_MT_SERVER_HELLO:
217
unsigned lc = LEN(bp+5);
218
unsigned lcs = LEN(bp+7);
219
unsigned lci = LEN(bp+9);
221
PrintType(ss, "Server-Hello");
223
PrintInt(ss, "session-id-hit", bp[1]);
224
PrintInt(ss, "certificate-type", bp[2]);
225
PrintInt(ss, "version (Major)", bp[3]);
226
PrintInt(ss, "version (minor)", bp[3]);
227
PrintBuf(ss, "certificate", bp+11, lc);
228
PrintBuf(ss, "cipher-specs", bp+11+lc, lcs);
229
PrintBuf(ss, "connection-id", bp+11+lc+lcs, lci);
232
case SSL_MT_SERVER_VERIFY:
233
PrintType(ss, "Server-Verify");
234
PrintBuf(ss, "challenge", bp+1, len-1);
236
case SSL_MT_SERVER_FINISHED:
237
PrintType(ss, "Server-Finished");
238
PrintBuf(ss, "session-id", bp+1, len-1);
240
case SSL_MT_REQUEST_CERTIFICATE:
241
PrintType(ss, "Request-Certificate");
242
PrintInt(ss, "authentication-type", bp[1]);
243
PrintBuf(ss, "certificate-challenge", bp+2, len-2);
245
case SSL_MT_CLIENT_CERTIFICATE:
247
unsigned lc = LEN(bp+2);
248
unsigned lr = LEN(bp+4);
249
PrintType(ss, "Client-Certificate");
250
PrintInt(ss, "certificate-type", bp[1]);
251
PrintBuf(ss, "certificate", bp+6, lc);
252
PrintBuf(ss, "response", bp+6+lc, lr);
256
ssl_PrintBuf(ss, "sending *unknown* message type", bp, len);
262
ssl_Trace(const char *format, ... )
267
va_start(args, format);
268
PR_vsnprintf(buf, sizeof(buf), format, args);