Home | History | Annotate | Download | only in conscrypt 
      1 /*
      2  * Copyright (C) 2017 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #ifndef CONSCRYPT_TRACE_H_
     18 #define CONSCRYPT_TRACE_H_
     19 
     20 #include <cstddef>
     21 #include <conscrypt/macros.h>
     22 
     23 namespace conscrypt {
     24 namespace trace {
     25 
     26 extern const bool kWithJniTrace;
     27 extern const bool kWithJniTraceMd;
     28 extern const bool kWithJniTraceData;
     29 
     30 /*
     31  * To print create a pcap-style dump you can take the log output and
     32  * pipe it through text2pcap.
     33  *
     34  * For example, if you were interested in ssl=0x12345678, you would do:
     35  *
     36  *  address=0x12345678
     37  *  awk "match(\$0,/ssl=$address SSL_DATA: (.*)\$/,a){print a[1]}" | text2pcap -T 443,1337 -t
     38  * '%s.' -n -D - $address.pcapng
     39  */
     40 extern const bool kWithJniTracePackets;
     41 
     42 /*
     43  * How to use this for debugging with Wireshark:
     44  *
     45  * 1. Pull lines from logcat to a file that have "KEY_LINE:" and remove the
     46  *    prefix up to and including "KEY_LINE: " so they look like this
     47  *    (without the quotes):
     48  *     "RSA 3b8...184 1c5...aa0" <CR>
     49  *     "CLIENT_RANDOM 82e...f18b 1c5...aa0" <CR>
     50  *     <etc>
     51  *    Follows the format defined at
     52  *    https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
     53  * 2. Start Wireshark
     54  * 3. Go to Edit -> Preferences -> SSL -> (Pre-)Master-Key log and fill in
     55  *    the file you put the lines in above.
     56  * 4. Follow the stream that corresponds to the desired "Session-ID" in
     57  *    the Server Hello.
     58  */
     59 extern const bool kWithJniTraceKeys;
     60 
     61 // don't overwhelm logcat
     62 extern const std::size_t kWithJniTraceDataChunkSize;
     63 
     64 }  // namespace trace
     65 }  // namespace conscrypt
     66 
     67 #define JNI_TRACE(...)                               \
     68     if (conscrypt::trace::kWithJniTrace) {           \
     69         ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
     70     }
     71 #define JNI_TRACE_MD(...)                            \
     72     if (conscrypt::trace::kWithJniTraceMd) {         \
     73         ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
     74     }
     75 #define JNI_TRACE_KEYS(...)                          \
     76     if (conscrypt::trace::kWithJniTraceKeys) {       \
     77         ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
     78     }
     79 #define JNI_TRACE_PACKET_DATA(ssl, dir, data, len)    \
     80     if (conscrypt::trace::kWithJniTracePackets) {     \
     81         debug_print_packet_data(ssl, dir, data, len); \
     82     }
     83 
     84 #endif  // CONSCRYPT_TRACE_H_
     85