state: add function to get the current hash algorithm

This is particularly useful when the application applies key
derivation function by itself with the same underlying hash algorithm
as the session.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

diff --git a/NEWS b/NEWS
index 21e95d5a337ea21956c89d62474ae910788ed51d..2362e8b39568f6db9e104ec36d028fc7d6b86bab 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ gnutls_hkdf_extract: Added
 gnutls_hkdf_expand: Added
 gnutls_pbkdf2: Added
 gnutls_session_set_keylog_function: Added
+gnutls_prf_hash_get: Added
 
 * Version 3.6.12 (released 2020-02-01)
 

diff --git a/devel/libgnutls-latest-x86_64.abi b/devel/libgnutls-latest-x86_64.abi
index 78d61778e44eb2c4712a09fe984e7a4c309c5903..76552ab037d515cc6c4c3251897677adbb9bbaab 100644 (file)
--- a/devel/libgnutls-latest-x86_64.abi
+++ b/devel/libgnutls-latest-x86_64.abi
@@ -48,6 +48,7 @@
     <elf-symbol name='_gnutls_mpi_log' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='_gnutls_pkcs11_token_get_url' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='_gnutls_pkcs12_string_to_key' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
+    <elf-symbol name='gnutls_prf_hash_get' version='GNUTLS_3_6_13' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='_gnutls_prf_raw' version='GNUTLS_FIPS140_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='_gnutls_record_overhead' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='_gnutls_record_set_default_version' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>

diff --git a/devel/symbols.last b/devel/symbols.last
index 4654e4f708faea715c987658602aa74c51b41cd1..70ef6b3f1800eb493f2b434fc7a5b4345f2e30d6 100644 (file)
--- a/devel/symbols.last
+++ b/devel/symbols.last
@@ -576,6 +576,7 @@ gnutls_pkcs_schema_get_name@GNUTLS_3_4
 gnutls_pkcs_schema_get_oid@GNUTLS_3_4
 gnutls_prf@GNUTLS_3_4
 gnutls_prf_early@GNUTLS_3_6_8
+gnutls_prf_hash_get@GNUTLS_3_6_13
 gnutls_prf_raw@GNUTLS_3_4
 gnutls_prf_rfc5705@GNUTLS_3_4
 gnutls_priority_certificate_type_list2@GNUTLS_3_6_4

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 0d24b337200f255fade128446229adb656067710..dd962d6a7852582ec069af0df04e7e429851ecc5 100644 (file)
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1573,6 +1573,8 @@ FUNCS += functions/gnutls_prf
 FUNCS += functions/gnutls_prf.short
 FUNCS += functions/gnutls_prf_early
 FUNCS += functions/gnutls_prf_early.short
+FUNCS += functions/gnutls_prf_hash_get
+FUNCS += functions/gnutls_prf_hash_get.short
 FUNCS += functions/gnutls_prf_raw
 FUNCS += functions/gnutls_prf_raw.short
 FUNCS += functions/gnutls_prf_rfc5705

diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index ca0e279e1c87532f860f0cd20749d49eaded47f7..6d381d8bd09206826a285194cf7fa014aae92e8c 100644 (file)
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -588,6 +588,7 @@ APIMANS += gnutls_pk_list.3
 APIMANS += gnutls_pk_to_sign.3
 APIMANS += gnutls_prf.3
 APIMANS += gnutls_prf_early.3
+APIMANS += gnutls_prf_hash_get.3
 APIMANS += gnutls_prf_raw.3
 APIMANS += gnutls_prf_rfc5705.3
 APIMANS += gnutls_priority_certificate_type_list.3

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 3592d3c071b1f5153262c1ff2b33eabfcbbc4d56..b0832a9bddd19af21313030e902129edcc72f8e8 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1275,6 +1275,7 @@ gnutls_group_t gnutls_group_get(gnutls_session_t session);
 gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session);
 gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session);
 gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session);
+gnutls_digest_algorithm_t gnutls_prf_hash_get(const gnutls_session_t session);
 gnutls_certificate_type_t
 gnutls_certificate_type_get(gnutls_session_t session);
 gnutls_certificate_type_t

diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 234d43e755802a7fe0c63c7e45adb01f3c3c73e2..3cc321beb839ffb6bceb88db230fc069cc67f0b2 100644 (file)
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1316,6 +1316,7 @@ GNUTLS_3_6_13
        gnutls_hkdf_expand;
        gnutls_pbkdf2;
        gnutls_session_set_keylog_function;
+       gnutls_prf_hash_get;
 } GNUTLS_3_6_12;
 
 GNUTLS_FIPS140_3_4 {

diff --git a/lib/state.c b/lib/state.c
index 35ebb2a23000832eb5ababc2961c4990e09d1ddb..d4d525422856ed339fab71ca6b2322e32ae21d35 100644 (file)
--- a/lib/state.c
+++ b/lib/state.c
@@ -230,6 +230,32 @@ gnutls_compression_get(gnutls_session_t session)
        return GNUTLS_COMP_NULL;
 }
 
+/**
+ * gnutls_prf_hash_get:
+ * @session: is a #gnutls_session_t type.
+ *
+ * Get the currently used hash algorithm. In TLS 1.3, the hash
+ * algorithm is used for both the key derivation function and
+ * handshake message authentication code. In TLS 1.2, it matches the
+ * hash algorithm used for PRF.
+ *
+ * Returns: the currently used hash algorithm, a
+ *    #gnutls_digest_algorithm_t value.
+ *
+ * Since: 3.6.13
+ **/
+gnutls_digest_algorithm_t
+gnutls_prf_hash_get(const gnutls_session_t session)
+{
+       if (session->security_parameters.prf == NULL)
+               return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
+
+       if (session->security_parameters.prf->id >= GNUTLS_MAC_AEAD)
+               return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
+
+       return (gnutls_digest_algorithm_t)session->security_parameters.prf->id;
+}
+
 void reset_binders(gnutls_session_t session)
 {
        _gnutls_free_temp_key_datum(&session->key.binders[0].psk);

diff --git a/tests/prf.c b/tests/prf.c
index c4c7a0dac2ffe0b14612836cb57bac6b45766785..aa4f36af6a0892a8aae1bf33b1987de52c36dd0e 100644 (file)
--- a/tests/prf.c
+++ b/tests/prf.c
@@ -323,6 +323,12 @@ static void client(int fd)
                exit(1);
        }
 
+       ret = gnutls_prf_hash_get(session);
+       if (ret != GNUTLS_DIG_MD5_SHA1) {
+               fprintf(stderr, "negotiated unexpected hash: %s\n", gnutls_digest_get_name(ret));
+               exit(1);
+       }
+
        check_prfs(session);
 
        gnutls_bye(session, GNUTLS_SHUT_WR);

diff --git a/tests/tls13/prf.c b/tests/tls13/prf.c
index a8a529bcb8a1158aa214d416c8c234d39708ae03..c9c9f80b7bce261e3bde4abde58f821dc21cc241 100644 (file)
--- a/tests/tls13/prf.c
+++ b/tests/tls13/prf.c
@@ -234,6 +234,12 @@ static void client(int fd)
                exit(1);
        }
 
+       ret = gnutls_prf_hash_get(session);
+       if (ret != GNUTLS_DIG_SHA384) {
+               fprintf(stderr, "negotiated unexpected hash: %s\n", gnutls_digest_get_name(ret));
+               exit(1);
+       }
+
        check_prfs(session);
 
        gnutls_bye(session, GNUTLS_SHUT_WR);