mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-23 07:20:56 +00:00
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
Add accessors for ciphersuite info
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
fcca7cfa97
3
ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt
Normal file
3
ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt
Normal file
@ -0,0 +1,3 @@
|
||||
Features
|
||||
* Add accessor to obtain ciphersuite id from ssl context.
|
||||
* Add accessors to get members from ciphersuite info.
|
||||
@ -3888,6 +3888,15 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
|
||||
*/
|
||||
uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Return the id of the current ciphersuite
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return a ciphersuite id
|
||||
*/
|
||||
int mbedtls_ssl_get_ciphersuite_id_from_ssl( const mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Return the name of the current ciphersuite
|
||||
*
|
||||
|
||||
@ -394,6 +394,13 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers
|
||||
int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
|
||||
int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
|
||||
|
||||
static inline const char *mbedtls_ssl_ciphersuite_get_name( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
return info->MBEDTLS_PRIVATE(name);
|
||||
}
|
||||
|
||||
size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( const mbedtls_ssl_ciphersuite_t *info );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
|
||||
@ -2064,6 +2064,19 @@ int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name )
|
||||
return( cur->id );
|
||||
}
|
||||
|
||||
size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
const mbedtls_cipher_info_t * const cipher_info =
|
||||
mbedtls_cipher_info_from_type( info->cipher );
|
||||
|
||||
return( mbedtls_cipher_info_get_key_bitlen( cipher_info ) );
|
||||
#else
|
||||
(void)info;
|
||||
return( 0 );
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
|
||||
@ -4364,6 +4364,14 @@ uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
|
||||
return( 0xFFFFFFFF );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_get_ciphersuite_id_from_ssl( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl == NULL || ssl->session == NULL )
|
||||
return( 0 );
|
||||
|
||||
return( ssl->session->ciphersuite );
|
||||
}
|
||||
|
||||
const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl == NULL || ssl->session == NULL )
|
||||
|
||||
@ -2144,9 +2144,19 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
|
||||
mbedtls_ssl_get_version( &ssl ),
|
||||
mbedtls_ssl_get_ciphersuite( &ssl ) );
|
||||
{
|
||||
int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl( &ssl );
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
|
||||
|
||||
mbedtls_printf( " ok\n [ Protocol is %s ]\n"
|
||||
" [ Ciphersuite is %s ]\n"
|
||||
" [ Key size is %u ]\n",
|
||||
mbedtls_ssl_get_version( &ssl ),
|
||||
mbedtls_ssl_ciphersuite_get_name( ciphersuite_info ),
|
||||
(unsigned int)
|
||||
mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( ciphersuite_info ) );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
|
||||
mbedtls_printf( " [ Record expansion is %d ]\n", ret );
|
||||
|
||||
@ -3243,8 +3243,17 @@ handshake:
|
||||
}
|
||||
else /* ret == 0 */
|
||||
{
|
||||
mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
|
||||
mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
|
||||
int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl( &ssl );
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
|
||||
|
||||
mbedtls_printf( " ok\n [ Protocol is %s ]\n"
|
||||
" [ Ciphersuite is %s ]\n"
|
||||
" [ Key size is %u ]\n",
|
||||
mbedtls_ssl_get_version( &ssl ),
|
||||
mbedtls_ssl_ciphersuite_get_name( ciphersuite_info ),
|
||||
(unsigned int)
|
||||
mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( ciphersuite_info ) );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
|
||||
|
||||
@ -70,6 +70,7 @@
|
||||
|
||||
#include "mbedtls/net_sockets.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/ssl_ciphersuites.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/hmac_drbg.h"
|
||||
|
||||
@ -1475,6 +1475,20 @@ run_test "TLS client auth: required" \
|
||||
0 \
|
||||
-s "Verifying peer X.509 certificate... ok"
|
||||
|
||||
run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
|
||||
-c "Key size is 256"
|
||||
|
||||
run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||
-c "Key size is 128"
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user