net: add NSS support for RFC 5705

net/third_party/nss/ssl/sslinfo.c

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  * for the specific language governing rights and limitations under the
  * License.
  *
  * The Original Code is the Netscape security libraries.
  *
  * The Initial Developer of the Original Code is
  * Netscape Communications Corporation.
  * Portions created by the Initial Developer are Copyright (C) 2001
  * the Initial Developer. All Rights Reserved.
  *
  * Contributor(s):
  *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
+ *   Douglas Stebila <douglas@stebila.ca>
  *
  * Alternatively, the contents of this file may be used under the terms of
  * either the GNU General Public License Version 2 or later (the "GPL"), or
  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  * in which case the provisions of the GPL or the LGPL are applicable instead
  * of those above. If you wish to allow use of your version of this file only
  * under the terms of either the GPL or the LGPL, and not to allow others to
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
+#include "pk11func.h"

[wtc, 2011/07/21 19:56:16]

I don't see anything in the new code that requires
"pk11func.h".  Can this header be removed?

[agl, 2011/07/22 14:05:40]

Done.

 
 static const char *
 ssl_GetCompressionMethodName(SSLCompressionMethod compression)
 {
     switch (compression) {
     case ssl_compression_null:
         return "NULL";
 #ifdef NSS_ENABLE_ZLIB
     case ssl_compression_deflate:
         return "DEFLATE";
@@ skipping 258 matching lines @@
 {
     unsigned int i;
     for (i = 0; i < NUM_SUITEINFOS; i++) {
         if (suiteInfo[i].cipherSuite == cipherSuite) {
             return (PRBool)(suiteInfo[i].isExportable);
         }
     }
     return PR_FALSE;
 }
 
+/* Export keying material according to draft-ietf-tls-extractor-06.

[wtc, 2011/07/21 19:56:16]

Change draft-ietf-tls-extractor-06 to RFC 5705.

[agl, 2011/07/22 14:05:40]

Done.

+** fd must correspond to a TLS 1.0 or higher socket, out must
+** be already allocated.
+*/
+SECStatus
+SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
+                         const unsigned char *context,
+                         unsigned int contextLen,
+                         unsigned char *out,
+                         unsigned int outLen)
+{
+    sslSocket *ss;
+    unsigned char *val = NULL;
+    unsigned int valLen, i;
+    SECStatus rv = SECFailure;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
+        PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);

[wtc, 2011/07/21 19:56:16]

This is a new meaning for the SSL_ERROR_UNSUPPORTED_VERSION
error code.  It's fine for now.  (It'll be confusing if someone
prints the error message for this error code:
"Peer using unsupported version of security protocol.")

+        return SECFailure;
+    }
+
+    if (ss->ssl3.hs.ws != idle_handshake) {
+        PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);

[wtc, 2011/07/21 19:56:16]

In the other place where NSS sets this error code, the
test is much more complicated:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl3...

Should we do the same here?  We can omit the
(ss->version >= SSL_LIBRARY_VERSION_3_0) test because it is
ensured by the test on line 344 above.

[agl, 2011/07/22 14:05:40]

I've copied the referenced test for completeness (omitting the version clause.)

+        return SECFailure;
+    }
+
+    valLen = SSL3_RANDOM_LENGTH * 2;
+    if (contextLen > 0)
+        valLen += 2 /* uint16 length */ + contextLen;
+    val = PORT_Alloc(valLen);
+    if (val == NULL)
+        return SECFailure;
+    i = 0;
+    PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
+    i += SSL3_RANDOM_LENGTH;
+    PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
+    i += SSL3_RANDOM_LENGTH;
+    if (contextLen > 0) {
+        val[i++] = contextLen >> 8;
+        val[i++] = contextLen;
+        PORT_Memcpy(val + i, context, contextLen);
+        i += contextLen;
+    }
+    PORT_Assert(i == valLen);
+
+    ssl_GetSpecReadLock(ss);
+    rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen);

[wtc, 2011/07/21 19:56:16]

Please fold this long line.

[agl, 2011/07/22 14:05:40]

Done.

+    ssl_ReleaseSpecReadLock(ss);
+
+    if (val != NULL)
+        PORT_ZFree(val, valLen);
+    return rv;
+}
+
 SECItem*
 SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
 {
     SECItem *sniName = NULL;
     sslSocket *ss;
     char *name = NULL;
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
         SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo",
@@ skipping 19 matching lines @@
         sniName = PORT_ZNew(SECItem);
         if (!sniName) {
             PORT_Free(name);
             return NULL;
         }
         sniName->data = (void*)name;
         sniName->len  = PORT_Strlen(name);
     }
     return sniName;
 }