56
56
/* make this a macro! */
59
buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result)
59
buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result,
61
62
result->type = siBuffer;
62
63
result->data = keyBlock;
63
64
result->len = keyLen;
64
PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen));
65
PRINT_BUF(100, (NULL, label, keyBlock, keyLen));
67
#define buildSSLKey(keyBlock, keyLen, result) \
68
#define buildSSLKey(keyBlock, keyLen, result, label) \
69
70
(result)->type = siBuffer; \
70
71
(result)->data = keyBlock; \
71
72
(result)->len = keyLen; \
72
PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen)); \
73
PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \
230
231
* The key_block is partitioned as follows:
231
232
* client_write_MAC_secret[CipherSpec.hash_size]
233
buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item);
234
buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item, \
235
"Client Write MAC Secret");
237
239
* server_write_MAC_secret[CipherSpec.hash_size]
239
buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item);
241
buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item, \
242
"Server Write MAC Secret");
243
246
/* only MACing */
244
buildSSLKey(NULL, 0, &pwSpec->client.write_key_item);
245
buildSSLKey(NULL, 0, &pwSpec->server.write_key_item);
246
buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item);
247
buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item);
247
buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \
248
"Client Write Key (MAC only)");
249
buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \
250
"Server Write Key (MAC only)");
251
buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \
252
"Client Write IV (MAC only)");
253
buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \
254
"Server Write IV (MAC only)");
248
255
} else if (!isExport) {
250
257
** Generate Domestic write keys and IVs.
251
258
** client_write_key[CipherSpec.key_material]
253
buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item);
260
buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \
261
"Domestic Client Write Key");
257
265
** server_write_key[CipherSpec.key_material]
259
buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item);
267
buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \
268
"Domestic Server Write Key");
262
271
if (IVSize > 0) {
264
273
** client_write_IV[CipherSpec.IV_size]
266
buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item);
275
buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item, \
276
"Domestic Client Write IV");
270
280
** server_write_IV[CipherSpec.IV_size]
272
buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item);
282
buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item, \
283
"Domestic Server Write IV");
275
286
PORT_Assert(i <= block_bytes);
290
301
MD5_Update(md5Ctx, crsr.data, crsr.len);
291
302
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
293
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item);
304
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
305
"SSL3 Export Client Write Key");
294
306
key_block2 += keySize;
303
315
MD5_Update(md5Ctx, srcr.data, srcr.len);
304
316
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
306
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item);
318
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
319
"SSL3 Export Server Write Key");
307
320
key_block2 += keySize;
308
321
PORT_Assert(i <= block_bytes);
315
328
MD5_Begin(md5Ctx);
316
329
MD5_Update(md5Ctx, crsr.data, crsr.len);
317
330
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
318
buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item);
331
buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \
332
"SSL3 Export Client Write IV");
319
333
key_block2 += IVSize;
325
339
MD5_Begin(md5Ctx);
326
340
MD5_Update(md5Ctx, srcr.data, srcr.len);
327
341
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
328
buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item);
342
buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \
343
"SSL3 Export Server Write IV");
329
344
key_block2 += IVSize;
389
406
if (status != SECSuccess) {
390
407
goto key_and_mac_derive_fail;
392
buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item);
393
buildSSLKey(key_block2 + IVSize, IVSize, &pwSpec->server.write_iv_item);
409
buildSSLKey(key_block2, IVSize, \
410
&pwSpec->client.write_iv_item, \
411
"TLS Export Client Write IV");
412
buildSSLKey(key_block2 + IVSize, IVSize, \
413
&pwSpec->server.write_iv_item, \
414
"TLS Export Server Write IV");
394
415
key_block2 += 2 * IVSize;
396
417
PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);