DevTools - network - security (improvements)

https://github.com/MoonchildProductions/moebius/pull/113 https://github.com/MoonchildProductions/moebius/pull/118 https://github.com/MoonchildProductions/moebius/pull/127
author: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-03-01 09:02:37 +0100
committer: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-03-01 09:02:37 +0100
commit: 228d252ab14f65f8433c8d53122a7d1e9429c23e (patch)
tree: 0a2d13e0d46b5400b9a2d06e72b63e3c71fbc23a /security/manager/ssl/nsNSSCallbacks.cpp
parent: 46ecf68249ec70bbd68b57f92f9d48e5c95636b7 (diff)
download: UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.tar
UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.tar.gz
UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.tar.lz
UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.tar.xz
UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.zip
1 files changed, 96 insertions, 0 deletions
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp
index e28760d5f..941101265 100644
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -848,6 +848,99 @@ PK11PasswordPrompt(PK11SlotInfo* slot, PRBool /*retry*/, void* arg)
   return runnable->mResult;
 }
 
+static nsCString
+getKeaGroupName(uint32_t aKeaGroup)
+{
+  nsCString groupName;
+  switch (aKeaGroup) {
+    case ssl_grp_ec_secp256r1:
+      groupName = NS_LITERAL_CSTRING("P256");
+      break;
+    case ssl_grp_ec_secp384r1:
+      groupName = NS_LITERAL_CSTRING("P384");
+      break;
+    case ssl_grp_ec_secp521r1:
+      groupName = NS_LITERAL_CSTRING("P521");
+      break;
+    case ssl_grp_ec_curve25519:
+      groupName = NS_LITERAL_CSTRING("x25519");
+      break;
+    case ssl_grp_ffdhe_2048:
+      groupName = NS_LITERAL_CSTRING("FF 2048");
+      break;
+    case ssl_grp_ffdhe_3072:
+      groupName = NS_LITERAL_CSTRING("FF 3072");
+      break;
+    case ssl_grp_none:
+      groupName = NS_LITERAL_CSTRING("none");
+      break;
+    case ssl_grp_ffdhe_custom:
+      groupName = NS_LITERAL_CSTRING("custom");
+      break;
+    // All other groups are not enabled in Firefox. See namedGroups in
+    // nsNSSIOLayer.cpp.
+    default:
+      // This really shouldn't happen!
+      MOZ_ASSERT_UNREACHABLE("Invalid key exchange group.");
+      groupName = NS_LITERAL_CSTRING("unknown group");
+  }
+  return groupName;
+}
+
+static nsCString
+getSignatureName(uint32_t aSignatureScheme)
+{
+  nsCString signatureName;
+  switch (aSignatureScheme) {
+    case ssl_sig_none:
+      signatureName = NS_LITERAL_CSTRING("none");
+      break;
+    case ssl_sig_rsa_pkcs1_sha1:
+      signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA1");
+      break;
+    case ssl_sig_rsa_pkcs1_sha256:
+      signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA256");
+      break;
+    case ssl_sig_rsa_pkcs1_sha384:
+      signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA384");
+      break;
+    case ssl_sig_rsa_pkcs1_sha512:
+      signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA512");
+      break;
+    case ssl_sig_ecdsa_secp256r1_sha256:
+      signatureName = NS_LITERAL_CSTRING("ECDSA-P256-SHA256");
+      break;
+    case ssl_sig_ecdsa_secp384r1_sha384:
+      signatureName = NS_LITERAL_CSTRING("ECDSA-P384-SHA384");
+      break;
+    case ssl_sig_ecdsa_secp521r1_sha512:
+      signatureName = NS_LITERAL_CSTRING("ECDSA-P521-SHA512");
+      break;
+    case ssl_sig_rsa_pss_sha256:
+      signatureName = NS_LITERAL_CSTRING("RSA-PSS-SHA256");
+      break;
+    case ssl_sig_rsa_pss_sha384:
+      signatureName = NS_LITERAL_CSTRING("RSA-PSS-SHA384");
+      break;
+    case ssl_sig_rsa_pss_sha512:
+      signatureName = NS_LITERAL_CSTRING("RSA-PSS-SHA512");
+      break;
+    case ssl_sig_ecdsa_sha1:
+      signatureName = NS_LITERAL_CSTRING("ECDSA-SHA1");
+      break;
+    case ssl_sig_rsa_pkcs1_sha1md5:
+      signatureName = NS_LITERAL_CSTRING("RSA-PKCS1-SHA1MD5");
+      break;
+    // All other groups are not enabled in Firefox. See sEnabledSignatureSchemes
+    // in nsNSSIOLayer.cpp.
+    default:
+      // This really shouldn't happen!
+      MOZ_ASSERT_UNREACHABLE("Invalid signature scheme.");
+      signatureName = NS_LITERAL_CSTRING("unknown signature");
+  }
+  return signatureName;
+}
+
 // call with shutdown prevention lock held
 static void
 PreliminaryHandshakeDone(PRFileDesc* fd)
@@ -874,6 +967,9 @@ PreliminaryHandshakeDone(PRFileDesc* fd)
       status->mHaveCipherSuiteAndProtocol = true;
       status->mCipherSuite = channelInfo.cipherSuite;
       status->mProtocolVersion = channelInfo.protocolVersion & 0xFF;
+      status->mKeaGroup.Assign(getKeaGroupName(channelInfo.keaGroup));
+      status->mSignatureSchemeName.Assign(
+        getSignatureName(channelInfo.signatureScheme));
       infoObject->SetKEAUsed(channelInfo.keaType);
       infoObject->SetKEAKeyBits(channelInfo.keaKeyBits);
       infoObject->SetMACAlgorithmUsed(cipherInfo.macAlgorithm);
author	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-03-01 09:02:37 +0100
committer	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-03-01 09:02:37 +0100
commit	228d252ab14f65f8433c8d53122a7d1e9429c23e (patch)
tree	0a2d13e0d46b5400b9a2d06e72b63e3c71fbc23a /security/manager/ssl/nsNSSCallbacks.cpp
parent	46ecf68249ec70bbd68b57f92f9d48e5c95636b7 (diff)
download	UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.tar UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.tar.gz UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.tar.lz UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.tar.xz UXP-228d252ab14f65f8433c8d53122a7d1e9429c23e.zip