From 6eef56392afbaec7779a1930efcf74b8f96c07e7 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 23 Jan 2022 08:37:02 -0500 Subject: [PATCH] Add tests for accessors for ciphersuite info Signed-off-by: Glenn Strauss --- programs/ssl/ssl_client2.c | 16 +++++++++++++--- programs/ssl/ssl_server2.c | 13 +++++++++++-- programs/ssl/ssl_test_lib.h | 1 + tests/ssl-opt.sh | 14 ++++++++++++++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 57f7d8f67c..fa74676fef 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2144,9 +2144,19 @@ int main( int argc, char *argv[] ) } } - mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n", - mbedtls_ssl_get_version( &ssl ), - mbedtls_ssl_get_ciphersuite( &ssl ) ); + { + int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl( &ssl ); + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( suite_id ); + + mbedtls_printf( " ok\n [ Protocol is %s ]\n" + " [ Ciphersuite is %s ]\n" + " [ Key size is %u ]\n", + mbedtls_ssl_get_version( &ssl ), + mbedtls_ssl_ciphersuite_get_name( ciphersuite_info ), + (unsigned int) + mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( ciphersuite_info ) ); + } if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 ) mbedtls_printf( " [ Record expansion is %d ]\n", ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7cbdaf62ca..11a45045c6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3231,8 +3231,17 @@ handshake: } else /* ret == 0 */ { - mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n", - mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) ); + int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl( &ssl ); + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( suite_id ); + + mbedtls_printf( " ok\n [ Protocol is %s ]\n" + " [ Ciphersuite is %s ]\n" + " [ Key size is %u ]\n", + mbedtls_ssl_get_version( &ssl ), + mbedtls_ssl_ciphersuite_get_name( ciphersuite_info ), + (unsigned int) + mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( ciphersuite_info ) ); } if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 ) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 6b9e7b8da7..55a39eb433 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -72,6 +72,7 @@ #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" +#include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/hmac_drbg.h" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 691c0e7d5b..a5c3a627ca 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1475,6 +1475,20 @@ run_test "TLS client auth: required" \ 0 \ -s "Verifying peer X.509 certificate... ok" +run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + 0 \ + -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + -c "Key size is 256" + +run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + -c "Key size is 128" + requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C