From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 20 Sep 2017 11:43:14 +0000 (+0200)
Subject: gnutls_session_get_desc: more descriptive name for TLS1.3 ciphersuites
X-Git-Tag: gnutls_3_6_3~386
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=732707b1faa412eef6081899e9a58a95e4c19f51;p=thirdparty%2Fgnutls.git

gnutls_session_get_desc: more descriptive name for TLS1.3 ciphersuites

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/session.c b/lib/session.c
index edbf548be5..6c2671d70e 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -273,7 +273,7 @@ char *gnutls_session_get_desc(gnutls_session_t session)
 	gnutls_kx_algorithm_t kx;
 	const char *kx_str, *sign_str;
 	unsigned type;
-	char kx_name[64];
+	char kx_name[64] = "";
 	char proto_name[32];
 	char _group_name[24];
 	const char *group_name = NULL;
@@ -282,6 +282,7 @@ char *gnutls_session_get_desc(gnutls_session_t session)
 	unsigned sign_algo;
 	char *desc;
 	const struct gnutls_group_entry_st *group = get_group(session);
+	const version_entry_st *ver = get_version(session);
 
 	if (session->internals.initial_negotiation_completed == 0)
 		return NULL;
@@ -304,8 +305,22 @@ char *gnutls_session_get_desc(gnutls_session_t session)
 	sign_algo = gnutls_sign_algorithm_get(session);
 	sign_str = gnutls_sign_get_name(sign_algo);
 
-	kx_str = gnutls_kx_get_name(kx);
-	if (kx_str) {
+	if (kx == 0 && ver->tls13_sem) { /* TLS 1.3 */
+		if (group && sign_str) {
+			if (group->curve)
+				snprintf(kx_name, sizeof(kx_name), "(ECDHE-%s)-(%s)",
+					 group_name, sign_str);
+			else
+				snprintf(kx_name, sizeof(kx_name), "(DHE-%s)-(%s)",
+					 group_name, sign_str);
+		}
+	} else {
+		kx_str = gnutls_kx_get_name(kx);
+		if (kx_str == NULL) {
+			gnutls_assert();
+			return NULL;
+		}
+
 		if (kx == GNUTLS_KX_ECDHE_ECDSA || kx == GNUTLS_KX_ECDHE_RSA || 
 		    kx == GNUTLS_KX_ECDHE_PSK) {
 			if (sign_str)
@@ -327,8 +342,6 @@ char *gnutls_session_get_desc(gnutls_session_t session)
 			snprintf(kx_name, sizeof(kx_name), "(%s)",
 				 kx_str);
 		}
-	} else {
-		strcpy(kx_name, "(NULL)");
 	}
 
 
diff --git a/lib/state.c b/lib/state.c
index 32829cf6a5..65468cdca6 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -102,6 +102,11 @@ gnutls_certificate_type_get(gnutls_session_t session)
  *
  * Get currently used key exchange algorithm.
  *
+ * This function will return %GNUTLS_KX_ECDHE_RSA, or %GNUTLS_KX_DHE_RSA
+ * under TLS 1.3, to indicate an elliptic curve DH key exchange or
+ * a finite field one. The precise group used is available
+ * by calling gnutls_group_get() instead.
+ *
  * Returns: the key exchange algorithm used in the last handshake, a
  *   #gnutls_kx_algorithm_t value.
  **/
@@ -109,6 +114,19 @@ gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
 {
 	if (session->security_parameters.cs == 0)
 		return 0;
+
+	if (session->security_parameters.cs->kx_algorithm == 0) { /* TLS 1.3 */
+		const version_entry_st *ver = get_version(session);
+		const gnutls_group_entry_st *group = get_group(session);
+
+		if (ver->tls13_sem && group) {
+			if (group->curve)
+				return GNUTLS_KX_ECDHE_RSA;
+			else
+				return GNUTLS_KX_DHE_RSA;
+		}
+	}
+
 	return session->security_parameters.cs->kx_algorithm;
 }