• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef CONSCRYPT_TRACE_H_
18 #define CONSCRYPT_TRACE_H_
19 
20 #include <cstddef>
21 #include "macros.h"
22 
23 namespace conscrypt {
24 
25 class Trace {
26 private:
Trace()27     Trace() {}
~Trace()28     ~Trace() {}
29 
30 public:
31     static constexpr bool kWithJniTrace = false;
32     static constexpr bool kWithJniTraceMd = false;
33     static constexpr bool kWithJniTraceData = false;
34 
35     /*
36      * To print create a pcap-style dump you can take the log output and
37      * pipe it through text2pcap.
38      *
39      * For example, if you were interested in ssl=0x12345678, you would do:
40      *
41      *  address=0x12345678
42      *  awk "match(\$0,/ssl=$address SSL_DATA: (.*)\$/,a){print a[1]}" | text2pcap -T 443,1337 -t
43      * '%s.' -n -D - $address.pcapng
44      */
45     static constexpr bool kWithJniTracePackets = false;
46 
47     /*
48      * How to use this for debugging with Wireshark:
49      *
50      * 1. Pull lines from logcat to a file that have "KEY_LINE:" and remove the
51      *    prefix up to and including "KEY_LINE: " so they look like this
52      *    (without the quotes):
53      *     "RSA 3b8...184 1c5...aa0" <CR>
54      *     "CLIENT_RANDOM 82e...f18b 1c5...aa0" <CR>
55      *     <etc>
56      *    Follows the format defined at
57      *    https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
58      * 2. Start Wireshark
59      * 3. Go to Edit -> Preferences -> SSL -> (Pre-)Master-Key log and fill in
60      *    the file you put the lines in above.
61      * 4. Follow the stream that corresponds to the desired "Session-ID" in
62      *    the Server Hello.
63      */
64     static constexpr bool kWithJniTraceKeys = false;
65 
66     // don't overwhelm logcat
67     static constexpr std::size_t kWithJniTraceDataChunkSize = 512;
68 };  // class Trace
69 
70 }  // namespace conscrypt
71 
72 #define JNI_TRACE(...)                               \
73     if (conscrypt::Trace::kWithJniTrace) {           \
74         ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
75     }
76 #define JNI_TRACE_MD(...)                            \
77     if (conscrypt::Trace::kWithJniTraceMd) {         \
78         ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
79     }
80 #define JNI_TRACE_KEYS(...)                          \
81     if (conscrypt::Trace::kWithJniTraceKeys) {       \
82         ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
83     }
84 #define JNI_TRACE_PACKET_DATA(ssl, dir, data, len)    \
85     if (conscrypt::Trace::kWithJniTracePackets) {     \
86         debug_print_packet_data(ssl, dir, data, len); \
87     }
88 
89 #endif  // CONSCRYPT_SCOPEDSSLBIO_H_
90