Bug 420644: Improve SSL tracing of key derivation, r=julien.pierre

author: nelson%bolyard.com <devnull@localhost> 2008-04-27 02:06:05 +0000
committer: nelson%bolyard.com <devnull@localhost> 2008-04-27 02:06:05 +0000
commit: 8374e172bb832ae3be041581f2bea01be05e0787 (patch)
tree: 46e5715c8ce60593d8bb0f4fd42631158d2b4966
parent: d4ecb1551445aaca8e489f91898b56fe1ec6b9ed (diff)
download: nss-hg-8374e172bb832ae3be041581f2bea01be05e0787.tar.gz
1 files changed, 43 insertions, 22 deletions
diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c
index aa3623505..041a66fa5 100644
--- a/security/nss/lib/ssl/derive.c
+++ b/security/nss/lib/ssl/derive.c
@@ -56,20 +56,21 @@
 /* make this a macro! */
 #ifdef NOT_A_MACRO
 static void
-buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result)
+buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result,
+            const char * label)
 {
     result->type = siBuffer;
     result->data = keyBlock;
     result->len  = keyLen;
-    PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen));
+    PRINT_BUF(100, (NULL, label, keyBlock, keyLen));
 }
 #else
-#define buildSSLKey(keyBlock, keyLen, result) \
+#define buildSSLKey(keyBlock, keyLen, result, label) \
 { \
     (result)->type = siBuffer; \
     (result)->data = keyBlock; \
     (result)->len  = keyLen; \
-    PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen)); \
+    PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \
 }
 #endif
 
@@ -230,46 +231,56 @@ ssl3_KeyAndMacDeriveBypass(
      * The key_block is partitioned as follows:
      * client_write_MAC_secret[CipherSpec.hash_size]
      */
-    buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item);
+    buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item, \
+                "Client Write MAC Secret");
     i += macSize;
 
     /* 
      * server_write_MAC_secret[CipherSpec.hash_size]
      */
-    buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item);
+    buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item, \
+                "Server Write MAC Secret");
     i += macSize;
 
     if (!keySize) {
 	/* only MACing */
-	buildSSLKey(NULL, 0, &pwSpec->client.write_key_item);
-	buildSSLKey(NULL, 0, &pwSpec->server.write_key_item);
-	buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item);
-	buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item);
+	buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \
+	            "Client Write Key (MAC only)");
+	buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \
+	            "Server Write Key (MAC only)");
+	buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \
+	            "Client Write IV (MAC only)");
+	buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \
+	            "Server Write IV (MAC only)");
     } else if (!isExport) {
 	/* 
 	** Generate Domestic write keys and IVs.
 	** client_write_key[CipherSpec.key_material]
 	*/
-	buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item);
+	buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \
+	            "Domestic Client Write Key");
 	i += keySize;
 
 	/* 
 	** server_write_key[CipherSpec.key_material]
 	*/
-	buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item);
+	buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \
+	            "Domestic Server Write Key");
 	i += keySize;
 
 	if (IVSize > 0) {
 	    /* 
 	    ** client_write_IV[CipherSpec.IV_size]
 	    */
-	    buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item);
+	    buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item, \
+	                "Domestic Client Write IV");
 	    i += IVSize;
 
 	    /* 
 	    ** server_write_IV[CipherSpec.IV_size]
 	    */
-	    buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item);
+	    buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item, \
+	                "Domestic Server Write IV");
 	    i += IVSize;
 	}
 	PORT_Assert(i <= block_bytes);
@@ -290,7 +301,8 @@ ssl3_KeyAndMacDeriveBypass(
 	MD5_Update(md5Ctx, crsr.data, crsr.len);
 	MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
 	i += effKeySize;
-	buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item);
+	buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
+	            "SSL3 Export Client Write Key");
 	key_block2 += keySize;
 
 	/*
@@ -303,7 +315,8 @@ ssl3_KeyAndMacDeriveBypass(
 	MD5_Update(md5Ctx, srcr.data, srcr.len);
 	MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
 	i += effKeySize;
-	buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item);
+	buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
+	            "SSL3 Export Server Write Key");
 	key_block2 += keySize;
 	PORT_Assert(i <= block_bytes);
 
@@ -315,7 +328,8 @@ ssl3_KeyAndMacDeriveBypass(
 	    MD5_Begin(md5Ctx);
 	    MD5_Update(md5Ctx, crsr.data, crsr.len);
 	    MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-	    buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item);
+	    buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \
+	                "SSL3 Export Client Write IV");
 	    key_block2 += IVSize;
 
 	    /*
@@ -325,7 +339,8 @@ ssl3_KeyAndMacDeriveBypass(
 	    MD5_Begin(md5Ctx);
 	    MD5_Update(md5Ctx, srcr.data, srcr.len);
 	    MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-	    buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item);
+	    buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \
+	                "SSL3 Export Server Write IV");
 	    key_block2 += IVSize;
 	}
 
@@ -354,7 +369,8 @@ ssl3_KeyAndMacDeriveBypass(
 	if (status != SECSuccess) {
 	    goto key_and_mac_derive_fail;
 	}
-	buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item);
+	buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
+	            "TLS Export Client Write Key");
 	key_block2 += keySize;
 
 	/*
@@ -372,7 +388,8 @@ ssl3_KeyAndMacDeriveBypass(
 	if (status != SECSuccess) {
 	    goto key_and_mac_derive_fail;
 	}
-	buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item);
+	buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
+	            "TLS Export Server Write Key");
 	key_block2 += keySize;
 
 	/*
@@ -389,8 +406,12 @@ ssl3_KeyAndMacDeriveBypass(
 	    if (status != SECSuccess) {
 		goto key_and_mac_derive_fail;
 	    }
-	    buildSSLKey(key_block2,          IVSize, &pwSpec->client.write_iv_item);
-	    buildSSLKey(key_block2 + IVSize, IVSize, &pwSpec->server.write_iv_item);
+	    buildSSLKey(key_block2,          IVSize, \
+	                &pwSpec->client.write_iv_item, \
+			"TLS Export Client Write IV");
+	    buildSSLKey(key_block2 + IVSize, IVSize, \
+	                &pwSpec->server.write_iv_item, \
+			"TLS Export Server Write IV");
 	    key_block2 += 2 * IVSize;
 	}
 	PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
author	nelson%bolyard.com <devnull@localhost>	2008-04-27 02:06:05 +0000
committer	nelson%bolyard.com <devnull@localhost>	2008-04-27 02:06:05 +0000
commit	8374e172bb832ae3be041581f2bea01be05e0787 (patch)
tree	46e5715c8ce60593d8bb0f4fd42631158d2b4966
parent	d4ecb1551445aaca8e489f91898b56fe1ec6b9ed (diff)
download	nss-hg-8374e172bb832ae3be041581f2bea01be05e0787.tar.gz