summaryrefslogtreecommitdiff
path: root/security/manager/ssl/nsNSSCallbacks.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/nsNSSCallbacks.cpp')
-rw-r--r--security/manager/ssl/nsNSSCallbacks.cpp96
1 files changed, 96 insertions, 0 deletions
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp
index e28760d5f9..9411012651 100644
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -848,6 +848,99 @@ PK11PasswordPrompt(PK11SlotInfo* slot, PRBool /*retry*/, void* arg)
return runnable->mResult;
}
+static nsCString
+getKeaGroupName(uint32_t aKeaGroup)
+{
+ nsCString groupName;
+ switch (aKeaGroup) {
+ case ssl_grp_ec_secp256r1:
+ groupName = NS_LITERAL_CSTRING("P256");
+ break;
+ case ssl_grp_ec_secp384r1:
+ groupName = NS_LITERAL_CSTRING("P384");
+ break;
+ case ssl_grp_ec_secp521r1:
+ groupName = NS_LITERAL_CSTRING("P521");
+ break;
+ case ssl_grp_ec_curve25519:
+ groupName = NS_LITERAL_CSTRING("x25519");
+ break;
+ case ssl_grp_ffdhe_2048:
+ groupName = NS_LITERAL_CSTRING("FF 2048");
+ break;
+ case ssl_grp_ffdhe_3072:
+ groupName = NS_LITERAL_CSTRING("FF 3072");
+ break;
+ case ssl_grp_none:
+ groupName = NS_LITERAL_CSTRING("none");
+ break;
+ case ssl_grp_ffdhe_custom:
+ groupName = NS_LITERAL_CSTRING("custom");
+ break;
+ // All other groups are not enabled in Firefox. See namedGroups in
+ // nsNSSIOLayer.cpp.
+ default:
+ // This really shouldn't happen!
+ MOZ_ASSERT_UNREACHABLE("Invalid key exchange group.");
+ groupName = NS_LITERAL_CSTRING("unknown group");
+ }
+ return groupName;
+}
+
+static nsCString
+getSignatureName(uint32_t aSignatureScheme)
+{
+ nsCString signatureName;
+ switch (aSignatureScheme) {
+ case ssl_sig_none:
+ signatureName = NS_LITERAL_CSTRING("none");
+ break;
+ case ssl_sig_rsa_pkcs1_sha1:
+ signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA1");
+ break;
+ case ssl_sig_rsa_pkcs1_sha256:
+ signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA256");
+ break;
+ case ssl_sig_rsa_pkcs1_sha384:
+ signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA384");
+ break;
+ case ssl_sig_rsa_pkcs1_sha512:
+ signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA512");
+ break;
+ case ssl_sig_ecdsa_secp256r1_sha256:
+ signatureName = NS_LITERAL_CSTRING("ECDSA-P256-SHA256");
+ break;
+ case ssl_sig_ecdsa_secp384r1_sha384:
+ signatureName = NS_LITERAL_CSTRING("ECDSA-P384-SHA384");
+ break;
+ case ssl_sig_ecdsa_secp521r1_sha512:
+ signatureName = NS_LITERAL_CSTRING("ECDSA-P521-SHA512");
+ break;
+ case ssl_sig_rsa_pss_sha256:
+ signatureName = NS_LITERAL_CSTRING("RSA-PSS-SHA256");
+ break;
+ case ssl_sig_rsa_pss_sha384:
+ signatureName = NS_LITERAL_CSTRING("RSA-PSS-SHA384");
+ break;
+ case ssl_sig_rsa_pss_sha512:
+ signatureName = NS_LITERAL_CSTRING("RSA-PSS-SHA512");
+ break;
+ case ssl_sig_ecdsa_sha1:
+ signatureName = NS_LITERAL_CSTRING("ECDSA-SHA1");
+ break;
+ case ssl_sig_rsa_pkcs1_sha1md5:
+ signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA1MD5");
+ break;
+ // All other groups are not enabled in Firefox. See sEnabledSignatureSchemes
+ // in nsNSSIOLayer.cpp.
+ default:
+ // This really shouldn't happen!
+ MOZ_ASSERT_UNREACHABLE("Invalid signature scheme.");
+ signatureName = NS_LITERAL_CSTRING("unknown signature");
+ }
+ return signatureName;
+}
+
// call with shutdown prevention lock held
static void
PreliminaryHandshakeDone(PRFileDesc* fd)
@@ -874,6 +967,9 @@ PreliminaryHandshakeDone(PRFileDesc* fd)
status->mHaveCipherSuiteAndProtocol = true;
status->mCipherSuite = channelInfo.cipherSuite;
status->mProtocolVersion = channelInfo.protocolVersion & 0xFF;
+ status->mKeaGroup.Assign(getKeaGroupName(channelInfo.keaGroup));
+ status->mSignatureSchemeName.Assign(
+ getSignatureName(channelInfo.signatureScheme));
infoObject->SetKEAUsed(channelInfo.keaType);
infoObject->SetKEAKeyBits(channelInfo.keaKeyBits);
infoObject->SetMACAlgorithmUsed(cipherInfo.macAlgorithm);