diff --git a/mozilla/security/nss/lib/ssl/derive.c b/mozilla/security/nss/lib/ssl/derive.c index 412313092a2..32b470968b1 100644 --- a/mozilla/security/nss/lib/ssl/derive.c +++ b/mozilla/security/nss/lib/ssl/derive.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: derive.c,v 1.9 2008-03-09 23:43:26 wtc%google.com Exp $ */ +/* $Id: derive.c,v 1.10 2008-04-27 02:06:05 nelson%bolyard.com Exp $ */ #include "ssl.h" /* prereq to sslimpl.h */ #include "certt.h" /* prereq to sslimpl.h */ @@ -56,20 +56,21 @@ /* make this a macro! */ #ifdef NOT_A_MACRO static void -buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result) +buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result, + const char * label) { result->type = siBuffer; result->data = keyBlock; result->len = keyLen; - PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen)); + PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); } #else -#define buildSSLKey(keyBlock, keyLen, result) \ +#define buildSSLKey(keyBlock, keyLen, result, label) \ { \ (result)->type = siBuffer; \ (result)->data = keyBlock; \ (result)->len = keyLen; \ - PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen)); \ + PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \ } #endif @@ -230,46 +231,56 @@ ssl3_KeyAndMacDeriveBypass( * The key_block is partitioned as follows: * client_write_MAC_secret[CipherSpec.hash_size] */ - buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item); + buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item, \ + "Client Write MAC Secret"); i += macSize; /* * server_write_MAC_secret[CipherSpec.hash_size] */ - buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item); + buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item, \ + "Server Write MAC Secret"); i += macSize; if (!keySize) { /* only MACing */ - buildSSLKey(NULL, 0, &pwSpec->client.write_key_item); - buildSSLKey(NULL, 0, &pwSpec->server.write_key_item); - buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item); - buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item); + buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \ + "Client Write Key (MAC only)"); + buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \ + "Server Write Key (MAC only)"); + buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \ + "Client Write IV (MAC only)"); + buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \ + "Server Write IV (MAC only)"); } else if (!isExport) { /* ** Generate Domestic write keys and IVs. ** client_write_key[CipherSpec.key_material] */ - buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item); + buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \ + "Domestic Client Write Key"); i += keySize; /* ** server_write_key[CipherSpec.key_material] */ - buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item); + buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \ + "Domestic Server Write Key"); i += keySize; if (IVSize > 0) { /* ** client_write_IV[CipherSpec.IV_size] */ - buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item); + buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item, \ + "Domestic Client Write IV"); i += IVSize; /* ** server_write_IV[CipherSpec.IV_size] */ - buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item); + buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item, \ + "Domestic Server Write IV"); i += IVSize; } PORT_Assert(i <= block_bytes); @@ -290,7 +301,8 @@ ssl3_KeyAndMacDeriveBypass( MD5_Update(md5Ctx, crsr.data, crsr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); i += effKeySize; - buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item); + buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \ + "SSL3 Export Client Write Key"); key_block2 += keySize; /* @@ -303,7 +315,8 @@ ssl3_KeyAndMacDeriveBypass( MD5_Update(md5Ctx, srcr.data, srcr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); i += effKeySize; - buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item); + buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \ + "SSL3 Export Server Write Key"); key_block2 += keySize; PORT_Assert(i <= block_bytes); @@ -315,7 +328,8 @@ ssl3_KeyAndMacDeriveBypass( MD5_Begin(md5Ctx); MD5_Update(md5Ctx, crsr.data, crsr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); - buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item); + buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \ + "SSL3 Export Client Write IV"); key_block2 += IVSize; /* @@ -325,7 +339,8 @@ ssl3_KeyAndMacDeriveBypass( MD5_Begin(md5Ctx); MD5_Update(md5Ctx, srcr.data, srcr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); - buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item); + buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \ + "SSL3 Export Server Write IV"); key_block2 += IVSize; } @@ -354,7 +369,8 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item); + buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \ + "TLS Export Client Write Key"); key_block2 += keySize; /* @@ -372,7 +388,8 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item); + buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \ + "TLS Export Server Write Key"); key_block2 += keySize; /* @@ -389,8 +406,12 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item); - buildSSLKey(key_block2 + IVSize, IVSize, &pwSpec->server.write_iv_item); + buildSSLKey(key_block2, IVSize, \ + &pwSpec->client.write_iv_item, \ + "TLS Export Client Write IV"); + buildSSLKey(key_block2 + IVSize, IVSize, \ + &pwSpec->server.write_iv_item, \ + "TLS Export Server Write IV"); key_block2 += 2 * IVSize; } PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);