security/nss/lib/softoken/fipsaudt.c@6474c204b198 (annotated)
security/nss/lib/softoken/fipsaudt.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | /* |
| michael@0 | 6 | * This file implements audit logging required by FIPS 140-2 Security |
| michael@0 | 7 | * Level 2. |
| michael@0 | 8 | */ |
| michael@0 | 9 | |
| michael@0 | 10 | #include "prprf.h" |
| michael@0 | 11 | #include "softoken.h" |
| michael@0 | 12 | |
| michael@0 | 13 | /* |
| michael@0 | 14 | * Print the value of the returned object handle in the output buffer |
| michael@0 | 15 | * on a successful return of the PKCS #11 function. If the PKCS #11 |
| michael@0 | 16 | * function failed or the pointer to object handle is NULL (which is |
| michael@0 | 17 | * the case for C_DeriveKey with CKM_TLS_KEY_AND_MAC_DERIVE), an empty |
| michael@0 | 18 | * string is stored in the output buffer. |
| michael@0 | 19 | * |
| michael@0 | 20 | * out: the output buffer |
| michael@0 | 21 | * outlen: the length of the output buffer |
| michael@0 | 22 | * argName: the name of the "pointer to object handle" argument |
| michael@0 | 23 | * phObject: the pointer to object handle |
| michael@0 | 24 | * rv: the return value of the PKCS #11 function |
| michael@0 | 25 | */ |
| michael@0 | 26 | static void sftk_PrintReturnedObjectHandle(char *out, PRUint32 outlen, |
| michael@0 | 27 | const char *argName, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv) |
| michael@0 | 28 | { |
| michael@0 | 29 | if ((rv == CKR_OK) && phObject) { |
| michael@0 | 30 | PR_snprintf(out, outlen, |
| michael@0 | 31 | " *%s=0x%08lX", argName, (PRUint32)*phObject); |
| michael@0 | 32 | } else { |
| michael@0 | 33 | PORT_Assert(outlen != 0); |
| michael@0 | 34 | out[0] = '\0'; |
| michael@0 | 35 | } |
| michael@0 | 36 | } |
| michael@0 | 37 | |
| michael@0 | 38 | /* |
| michael@0 | 39 | * MECHANISM_BUFSIZE needs to be large enough for sftk_PrintMechanism, |
| michael@0 | 40 | * which uses <= 49 bytes. |
| michael@0 | 41 | */ |
| michael@0 | 42 | #define MECHANISM_BUFSIZE 64 |
| michael@0 | 43 | |
| michael@0 | 44 | static void sftk_PrintMechanism(char *out, PRUint32 outlen, |
| michael@0 | 45 | CK_MECHANISM_PTR pMechanism) |
| michael@0 | 46 | { |
| michael@0 | 47 | if (pMechanism) { |
| michael@0 | 48 | /* |
| michael@0 | 49 | * If we change the format string, we need to make sure |
| michael@0 | 50 | * MECHANISM_BUFSIZE is still large enough. We allow |
| michael@0 | 51 | * 20 bytes for %p on a 64-bit platform. |
| michael@0 | 52 | */ |
| michael@0 | 53 | PR_snprintf(out, outlen, "%p {mechanism=0x%08lX, ...}", |
| michael@0 | 54 | pMechanism, (PRUint32)pMechanism->mechanism); |
| michael@0 | 55 | } else { |
| michael@0 | 56 | PR_snprintf(out, outlen, "%p", pMechanism); |
| michael@0 | 57 | } |
| michael@0 | 58 | } |
| michael@0 | 59 | |
| michael@0 | 60 | void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession, |
| michael@0 | 61 | CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, |
| michael@0 | 62 | CK_OBJECT_HANDLE_PTR phObject, CK_RV rv) |
| michael@0 | 63 | { |
| michael@0 | 64 | char msg[256]; |
| michael@0 | 65 | char shObject[32]; |
| michael@0 | 66 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 67 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 68 | |
| michael@0 | 69 | sftk_PrintReturnedObjectHandle(shObject, sizeof shObject, |
| michael@0 | 70 | "phObject", phObject, rv); |
| michael@0 | 71 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 72 | "C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, " |
| michael@0 | 73 | "phObject=%p)=0x%08lX%s", |
| michael@0 | 74 | (PRUint32)hSession, pTemplate, (PRUint32)ulCount, |
| michael@0 | 75 | phObject, (PRUint32)rv, shObject); |
| michael@0 | 76 | sftk_LogAuditMessage(severity, NSS_AUDIT_LOAD_KEY, msg); |
| michael@0 | 77 | } |
| michael@0 | 78 | |
| michael@0 | 79 | void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession, |
| michael@0 | 80 | CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, |
| michael@0 | 81 | CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv) |
| michael@0 | 82 | { |
| michael@0 | 83 | char msg[256]; |
| michael@0 | 84 | char shNewObject[32]; |
| michael@0 | 85 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 86 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 87 | |
| michael@0 | 88 | sftk_PrintReturnedObjectHandle(shNewObject, sizeof shNewObject, |
| michael@0 | 89 | "phNewObject", phNewObject, rv); |
| michael@0 | 90 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 91 | "C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, " |
| michael@0 | 92 | "pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s", |
| michael@0 | 93 | (PRUint32)hSession, (PRUint32)hObject, |
| michael@0 | 94 | pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject); |
| michael@0 | 95 | sftk_LogAuditMessage(severity, NSS_AUDIT_COPY_KEY, msg); |
| michael@0 | 96 | } |
| michael@0 | 97 | |
| michael@0 | 98 | /* WARNING: hObject has been destroyed and can only be printed. */ |
| michael@0 | 99 | void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession, |
| michael@0 | 100 | CK_OBJECT_HANDLE hObject, CK_RV rv) |
| michael@0 | 101 | { |
| michael@0 | 102 | char msg[256]; |
| michael@0 | 103 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 104 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 105 | |
| michael@0 | 106 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 107 | "C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX", |
| michael@0 | 108 | (PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv); |
| michael@0 | 109 | sftk_LogAuditMessage(severity, NSS_AUDIT_DESTROY_KEY, msg); |
| michael@0 | 110 | } |
| michael@0 | 111 | |
| michael@0 | 112 | void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession, |
| michael@0 | 113 | CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv) |
| michael@0 | 114 | { |
| michael@0 | 115 | char msg[256]; |
| michael@0 | 116 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 117 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 118 | |
| michael@0 | 119 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 120 | "C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, " |
| michael@0 | 121 | "pulSize=%p)=0x%08lX", |
| michael@0 | 122 | (PRUint32)hSession, (PRUint32)hObject, |
| michael@0 | 123 | pulSize, (PRUint32)rv); |
| michael@0 | 124 | sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg); |
| michael@0 | 125 | } |
| michael@0 | 126 | |
| michael@0 | 127 | void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession, |
| michael@0 | 128 | CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, |
| michael@0 | 129 | CK_ULONG ulCount, CK_RV rv) |
| michael@0 | 130 | { |
| michael@0 | 131 | char msg[256]; |
| michael@0 | 132 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 133 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 134 | |
| michael@0 | 135 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 136 | "C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, " |
| michael@0 | 137 | "pTemplate=%p, ulCount=%lu)=0x%08lX", |
| michael@0 | 138 | (PRUint32)hSession, (PRUint32)hObject, |
| michael@0 | 139 | pTemplate, (PRUint32)ulCount, (PRUint32)rv); |
| michael@0 | 140 | sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg); |
| michael@0 | 141 | } |
| michael@0 | 142 | |
| michael@0 | 143 | void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession, |
| michael@0 | 144 | CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, |
| michael@0 | 145 | CK_ULONG ulCount, CK_RV rv) |
| michael@0 | 146 | { |
| michael@0 | 147 | char msg[256]; |
| michael@0 | 148 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 149 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 150 | |
| michael@0 | 151 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 152 | "C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, " |
| michael@0 | 153 | "pTemplate=%p, ulCount=%lu)=0x%08lX", |
| michael@0 | 154 | (PRUint32)hSession, (PRUint32)hObject, |
| michael@0 | 155 | pTemplate, (PRUint32)ulCount, (PRUint32)rv); |
| michael@0 | 156 | sftk_LogAuditMessage(severity, NSS_AUDIT_CHANGE_KEY, msg); |
| michael@0 | 157 | } |
| michael@0 | 158 | |
| michael@0 | 159 | void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession, |
| michael@0 | 160 | CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv) |
| michael@0 | 161 | { |
| michael@0 | 162 | char msg[256]; |
| michael@0 | 163 | char mech[MECHANISM_BUFSIZE]; |
| michael@0 | 164 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 165 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 166 | |
| michael@0 | 167 | sftk_PrintMechanism(mech, sizeof mech, pMechanism); |
| michael@0 | 168 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 169 | "C_%sInit(hSession=0x%08lX, pMechanism=%s, " |
| michael@0 | 170 | "hKey=0x%08lX)=0x%08lX", |
| michael@0 | 171 | opName, (PRUint32)hSession, mech, |
| michael@0 | 172 | (PRUint32)hKey, (PRUint32)rv); |
| michael@0 | 173 | sftk_LogAuditMessage(severity, NSS_AUDIT_CRYPT, msg); |
| michael@0 | 174 | } |
| michael@0 | 175 | |
| michael@0 | 176 | void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession, |
| michael@0 | 177 | CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, |
| michael@0 | 178 | CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv) |
| michael@0 | 179 | { |
| michael@0 | 180 | char msg[256]; |
| michael@0 | 181 | char mech[MECHANISM_BUFSIZE]; |
| michael@0 | 182 | char shKey[32]; |
| michael@0 | 183 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 184 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 185 | |
| michael@0 | 186 | sftk_PrintMechanism(mech, sizeof mech, pMechanism); |
| michael@0 | 187 | sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv); |
| michael@0 | 188 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 189 | "C_GenerateKey(hSession=0x%08lX, pMechanism=%s, " |
| michael@0 | 190 | "pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s", |
| michael@0 | 191 | (PRUint32)hSession, mech, |
| michael@0 | 192 | pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey); |
| michael@0 | 193 | sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg); |
| michael@0 | 194 | } |
| michael@0 | 195 | |
| michael@0 | 196 | void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession, |
| michael@0 | 197 | CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, |
| michael@0 | 198 | CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, |
| michael@0 | 199 | CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, |
| michael@0 | 200 | CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv) |
| michael@0 | 201 | { |
| michael@0 | 202 | char msg[512]; |
| michael@0 | 203 | char mech[MECHANISM_BUFSIZE]; |
| michael@0 | 204 | char shPublicKey[32]; |
| michael@0 | 205 | char shPrivateKey[32]; |
| michael@0 | 206 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 207 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 208 | |
| michael@0 | 209 | sftk_PrintMechanism(mech, sizeof mech, pMechanism); |
| michael@0 | 210 | sftk_PrintReturnedObjectHandle(shPublicKey, sizeof shPublicKey, |
| michael@0 | 211 | "phPublicKey", phPublicKey, rv); |
| michael@0 | 212 | sftk_PrintReturnedObjectHandle(shPrivateKey, sizeof shPrivateKey, |
| michael@0 | 213 | "phPrivateKey", phPrivateKey, rv); |
| michael@0 | 214 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 215 | "C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, " |
| michael@0 | 216 | "pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, " |
| michael@0 | 217 | "pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, " |
| michael@0 | 218 | "phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s", |
| michael@0 | 219 | (PRUint32)hSession, mech, |
| michael@0 | 220 | pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount, |
| michael@0 | 221 | pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount, |
| michael@0 | 222 | phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey); |
| michael@0 | 223 | sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg); |
| michael@0 | 224 | } |
| michael@0 | 225 | |
| michael@0 | 226 | void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession, |
| michael@0 | 227 | CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, |
| michael@0 | 228 | CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, |
| michael@0 | 229 | CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv) |
| michael@0 | 230 | { |
| michael@0 | 231 | char msg[256]; |
| michael@0 | 232 | char mech[MECHANISM_BUFSIZE]; |
| michael@0 | 233 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 234 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 235 | |
| michael@0 | 236 | sftk_PrintMechanism(mech, sizeof mech, pMechanism); |
| michael@0 | 237 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 238 | "C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, " |
| michael@0 | 239 | "hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX", |
| michael@0 | 240 | (PRUint32)hSession, mech, (PRUint32)hWrappingKey, |
| michael@0 | 241 | (PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv); |
| michael@0 | 242 | sftk_LogAuditMessage(severity, NSS_AUDIT_WRAP_KEY, msg); |
| michael@0 | 243 | } |
| michael@0 | 244 | |
| michael@0 | 245 | void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession, |
| michael@0 | 246 | CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, |
| michael@0 | 247 | CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, |
| michael@0 | 248 | CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, |
| michael@0 | 249 | CK_OBJECT_HANDLE_PTR phKey, CK_RV rv) |
| michael@0 | 250 | { |
| michael@0 | 251 | char msg[256]; |
| michael@0 | 252 | char mech[MECHANISM_BUFSIZE]; |
| michael@0 | 253 | char shKey[32]; |
| michael@0 | 254 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 255 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 256 | |
| michael@0 | 257 | sftk_PrintMechanism(mech, sizeof mech, pMechanism); |
| michael@0 | 258 | sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv); |
| michael@0 | 259 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 260 | "C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, " |
| michael@0 | 261 | "hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, " |
| michael@0 | 262 | "pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s", |
| michael@0 | 263 | (PRUint32)hSession, mech, |
| michael@0 | 264 | (PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen, |
| michael@0 | 265 | pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey); |
| michael@0 | 266 | sftk_LogAuditMessage(severity, NSS_AUDIT_UNWRAP_KEY, msg); |
| michael@0 | 267 | } |
| michael@0 | 268 | |
| michael@0 | 269 | void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession, |
| michael@0 | 270 | CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, |
| michael@0 | 271 | CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, |
| michael@0 | 272 | CK_OBJECT_HANDLE_PTR phKey, CK_RV rv) |
| michael@0 | 273 | { |
| michael@0 | 274 | char msg[512]; |
| michael@0 | 275 | char mech[MECHANISM_BUFSIZE]; |
| michael@0 | 276 | char shKey[32]; |
| michael@0 | 277 | char sTlsKeys[128]; |
| michael@0 | 278 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 279 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 280 | |
| michael@0 | 281 | sftk_PrintMechanism(mech, sizeof mech, pMechanism); |
| michael@0 | 282 | sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv); |
| michael@0 | 283 | if ((rv == CKR_OK) && |
| michael@0 | 284 | (pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) { |
| michael@0 | 285 | CK_SSL3_KEY_MAT_PARAMS *param = |
| michael@0 | 286 | (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter; |
| michael@0 | 287 | CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial; |
| michael@0 | 288 | PR_snprintf(sTlsKeys, sizeof sTlsKeys, |
| michael@0 | 289 | " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX" |
| michael@0 | 290 | " hClientKey=0x%08lX hServerKey=0x%08lX", |
| michael@0 | 291 | (PRUint32)keymat->hClientMacSecret, |
| michael@0 | 292 | (PRUint32)keymat->hServerMacSecret, |
| michael@0 | 293 | (PRUint32)keymat->hClientKey, |
| michael@0 | 294 | (PRUint32)keymat->hServerKey); |
| michael@0 | 295 | } else { |
| michael@0 | 296 | sTlsKeys[0] = '\0'; |
| michael@0 | 297 | } |
| michael@0 | 298 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 299 | "C_DeriveKey(hSession=0x%08lX, pMechanism=%s, " |
| michael@0 | 300 | "hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, " |
| michael@0 | 301 | "phKey=%p)=0x%08lX%s%s", |
| michael@0 | 302 | (PRUint32)hSession, mech, |
| michael@0 | 303 | (PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount, |
| michael@0 | 304 | phKey, (PRUint32)rv, shKey, sTlsKeys); |
| michael@0 | 305 | sftk_LogAuditMessage(severity, NSS_AUDIT_DERIVE_KEY, msg); |
| michael@0 | 306 | } |
| michael@0 | 307 | |
| michael@0 | 308 | void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession, |
| michael@0 | 309 | CK_OBJECT_HANDLE hKey, CK_RV rv) |
| michael@0 | 310 | { |
| michael@0 | 311 | char msg[256]; |
| michael@0 | 312 | NSSAuditSeverity severity = (rv == CKR_OK) ? |
| michael@0 | 313 | NSS_AUDIT_INFO : NSS_AUDIT_ERROR; |
| michael@0 | 314 | |
| michael@0 | 315 | PR_snprintf(msg, sizeof msg, |
| michael@0 | 316 | "C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX", |
| michael@0 | 317 | (PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv); |
| michael@0 | 318 | sftk_LogAuditMessage(severity, NSS_AUDIT_DIGEST_KEY, msg); |
| michael@0 | 319 | } |
