summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/quic/quic_client_session.cc28
-rw-r--r--net/quic/test_tools/mock_crypto_client_stream.cc2
-rw-r--r--net/ssl/ssl_cipher_suite_names.cc3
-rw-r--r--net/ssl/ssl_connection_status_flags.h2
4 files changed, 28 insertions, 7 deletions
diff --git a/net/quic/quic_client_session.cc b/net/quic/quic_client_session.cc
index 403f651..5fe6e10 100644
--- a/net/quic/quic_client_session.cc
+++ b/net/quic/quic_client_session.cc
@@ -346,17 +346,31 @@ bool QuicClientSession::GetSSLInfo(SSLInfo* ssl_info) const {
ssl_info->cert_status = cert_verify_result_->cert_status;
ssl_info->cert = cert_verify_result_->verified_cert;
- // TODO(rtenneti): Figure out what to set for the following.
- // Temporarily hard coded cipher_suite as 0xc031 to represent
- // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (from
- // net/ssl/ssl_cipher_suite_names.cc) and encryption as 256.
- int cipher_suite = 0xc02f;
+ // TODO(wtc): Define QUIC "cipher suites".
+ // Report the TLS cipher suite that most closely resembles the crypto
+ // parameters of the QUIC connection.
+ QuicTag aead = crypto_stream_->crypto_negotiated_params().aead;
+ int cipher_suite;
+ int security_bits;
+ switch (aead) {
+ case kAESG:
+ cipher_suite = 0xc02f; // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ security_bits = 128;
+ break;
+ case kCC12:
+ cipher_suite = 0xcc13; // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ security_bits = 256;
+ break;
+ default:
+ NOTREACHED();
+ return false;
+ }
int ssl_connection_status = 0;
ssl_connection_status |=
(cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) <<
SSL_CONNECTION_CIPHERSUITE_SHIFT;
ssl_connection_status |=
- (SSL_CONNECTION_VERSION_TLS1_2 & SSL_CONNECTION_VERSION_MASK) <<
+ (SSL_CONNECTION_VERSION_QUIC & SSL_CONNECTION_VERSION_MASK) <<
SSL_CONNECTION_VERSION_SHIFT;
ssl_info->public_key_hashes = cert_verify_result_->public_key_hashes;
@@ -366,7 +380,7 @@ bool QuicClientSession::GetSSLInfo(SSLInfo* ssl_info) const {
ssl_info->connection_status = ssl_connection_status;
ssl_info->client_cert_sent = false;
ssl_info->channel_id_sent = false;
- ssl_info->security_bits = 256;
+ ssl_info->security_bits = security_bits;
ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL;
return true;
}
diff --git a/net/quic/test_tools/mock_crypto_client_stream.cc b/net/quic/test_tools/mock_crypto_client_stream.cc
index 24e2843..15ab193 100644
--- a/net/quic/test_tools/mock_crypto_client_stream.cc
+++ b/net/quic/test_tools/mock_crypto_client_stream.cc
@@ -44,6 +44,8 @@ bool MockCryptoClientStream::CryptoConnect() {
case CONFIRM_HANDSHAKE: {
encryption_established_ = true;
handshake_confirmed_ = true;
+ crypto_negotiated_params_.key_exchange = kC255;
+ crypto_negotiated_params_.aead = kAESG;
if (proof_verify_details_) {
client_session()->OnProofVerifyDetailsAvailable(*proof_verify_details_);
}
diff --git a/net/ssl/ssl_cipher_suite_names.cc b/net/ssl/ssl_cipher_suite_names.cc
index 8204fc1..f018857 100644
--- a/net/ssl/ssl_cipher_suite_names.cc
+++ b/net/ssl/ssl_cipher_suite_names.cc
@@ -323,6 +323,9 @@ void SSLVersionToString(const char** name, int ssl_version) {
case SSL_CONNECTION_VERSION_TLS1_2:
*name = "TLS 1.2";
break;
+ case SSL_CONNECTION_VERSION_QUIC:
+ *name = "QUIC";
+ break;
default:
NOTREACHED() << ssl_version;
*name = "???";
diff --git a/net/ssl/ssl_connection_status_flags.h b/net/ssl/ssl_connection_status_flags.h
index 08d585f..0575755 100644
--- a/net/ssl/ssl_connection_status_flags.h
+++ b/net/ssl/ssl_connection_status_flags.h
@@ -43,6 +43,8 @@ enum {
SSL_CONNECTION_VERSION_TLS1 = 3,
SSL_CONNECTION_VERSION_TLS1_1 = 4,
SSL_CONNECTION_VERSION_TLS1_2 = 5,
+ // Reserve 6 for TLS 1.3.
+ SSL_CONNECTION_VERSION_QUIC = 7,
SSL_CONNECTION_VERSION_MAX,
};
COMPILE_ASSERT(SSL_CONNECTION_VERSION_MAX - 1 <= SSL_CONNECTION_VERSION_MASK,
generated by cgit v1.1 at 2025-01-18 07:37:00 +0000