diff options
author | nelson%bolyard.com <devnull@localhost> | 2008-04-27 02:06:05 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2008-04-27 02:06:05 +0000 |
commit | 8374e172bb832ae3be041581f2bea01be05e0787 (patch) | |
tree | 46e5715c8ce60593d8bb0f4fd42631158d2b4966 | |
parent | d4ecb1551445aaca8e489f91898b56fe1ec6b9ed (diff) | |
download | nss-hg-8374e172bb832ae3be041581f2bea01be05e0787.tar.gz |
Bug 420644: Improve SSL tracing of key derivation, r=julien.pierre
-rw-r--r-- | security/nss/lib/ssl/derive.c | 65 |
1 files changed, 43 insertions, 22 deletions
diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index aa3623505..041a66fa5 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -56,20 +56,21 @@ /* make this a macro! */ #ifdef NOT_A_MACRO static void -buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result) +buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result, + const char * label) { result->type = siBuffer; result->data = keyBlock; result->len = keyLen; - PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen)); + PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); } #else -#define buildSSLKey(keyBlock, keyLen, result) \ +#define buildSSLKey(keyBlock, keyLen, result, label) \ { \ (result)->type = siBuffer; \ (result)->data = keyBlock; \ (result)->len = keyLen; \ - PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen)); \ + PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \ } #endif @@ -230,46 +231,56 @@ ssl3_KeyAndMacDeriveBypass( * The key_block is partitioned as follows: * client_write_MAC_secret[CipherSpec.hash_size] */ - buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item); + buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item, \ + "Client Write MAC Secret"); i += macSize; /* * server_write_MAC_secret[CipherSpec.hash_size] */ - buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item); + buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item, \ + "Server Write MAC Secret"); i += macSize; if (!keySize) { /* only MACing */ - buildSSLKey(NULL, 0, &pwSpec->client.write_key_item); - buildSSLKey(NULL, 0, &pwSpec->server.write_key_item); - buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item); - buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item); + buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \ + "Client Write Key (MAC only)"); + buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \ + "Server Write Key (MAC only)"); + buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \ + "Client Write IV (MAC only)"); + buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \ + "Server Write IV (MAC only)"); } else if (!isExport) { /* ** Generate Domestic write keys and IVs. ** client_write_key[CipherSpec.key_material] */ - buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item); + buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \ + "Domestic Client Write Key"); i += keySize; /* ** server_write_key[CipherSpec.key_material] */ - buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item); + buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \ + "Domestic Server Write Key"); i += keySize; if (IVSize > 0) { /* ** client_write_IV[CipherSpec.IV_size] */ - buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item); + buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item, \ + "Domestic Client Write IV"); i += IVSize; /* ** server_write_IV[CipherSpec.IV_size] */ - buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item); + buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item, \ + "Domestic Server Write IV"); i += IVSize; } PORT_Assert(i <= block_bytes); @@ -290,7 +301,8 @@ ssl3_KeyAndMacDeriveBypass( MD5_Update(md5Ctx, crsr.data, crsr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); i += effKeySize; - buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item); + buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \ + "SSL3 Export Client Write Key"); key_block2 += keySize; /* @@ -303,7 +315,8 @@ ssl3_KeyAndMacDeriveBypass( MD5_Update(md5Ctx, srcr.data, srcr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); i += effKeySize; - buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item); + buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \ + "SSL3 Export Server Write Key"); key_block2 += keySize; PORT_Assert(i <= block_bytes); @@ -315,7 +328,8 @@ ssl3_KeyAndMacDeriveBypass( MD5_Begin(md5Ctx); MD5_Update(md5Ctx, crsr.data, crsr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); - buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item); + buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \ + "SSL3 Export Client Write IV"); key_block2 += IVSize; /* @@ -325,7 +339,8 @@ ssl3_KeyAndMacDeriveBypass( MD5_Begin(md5Ctx); MD5_Update(md5Ctx, srcr.data, srcr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); - buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item); + buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \ + "SSL3 Export Server Write IV"); key_block2 += IVSize; } @@ -354,7 +369,8 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item); + buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \ + "TLS Export Client Write Key"); key_block2 += keySize; /* @@ -372,7 +388,8 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item); + buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \ + "TLS Export Server Write Key"); key_block2 += keySize; /* @@ -389,8 +406,12 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item); - buildSSLKey(key_block2 + IVSize, IVSize, &pwSpec->server.write_iv_item); + buildSSLKey(key_block2, IVSize, \ + &pwSpec->client.write_iv_item, \ + "TLS Export Client Write IV"); + buildSSLKey(key_block2 + IVSize, IVSize, \ + &pwSpec->server.write_iv_item, \ + "TLS Export Server Write IV"); key_block2 += 2 * IVSize; } PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block); |