Bug 1247278 - Determine keaKeyBits correctly for NSS_ECC_MORE_THAN_SUITE_B=1 r=ekr
authorTim Taubert <ttaubert@mozilla.com>
Wed, 17 Feb 2016 23:44:12 +0100
changeset 11901 458ac5f53544f9228ca9dca0d9b87bd6228b0e54
parent 11899 ff8696cc41bbc9f6751626d4093ea6bdc464afec
child 11902 43e2d2e1cb741aca5c026de3ed72649e00c9fc2e
push id997
push userttaubert@mozilla.com
push dateWed, 17 Feb 2016 22:45:31 +0000
reviewersekr
bugs1247278, 1
Bug 1247278 - Determine keaKeyBits correctly for NSS_ECC_MORE_THAN_SUITE_B=1 r=ekr
external_tests/ssl_gtest/libssl_internals.c
external_tests/ssl_gtest/libssl_internals.h
external_tests/ssl_gtest/tls_agent.cc
--- a/external_tests/ssl_gtest/libssl_internals.c
+++ b/external_tests/ssl_gtest/libssl_internals.c
@@ -19,8 +19,29 @@ SSLInt_IncrementClientHandshakeVersion(P
     if (!ss) {
         return SECFailure;
     }
 
     ++ss->clientHelloVersion;
 
     return SECSuccess;
 }
+
+PRUint32
+SSLInt_DetermineKEABits(uint16_t serverKeyBits, SSLAuthType authAlgorithm) {
+    // For ECDSA authentication we expect a curve for key exchange with the
+    // same strength as the one used for the certificate's signature.
+    if (authAlgorithm == ssl_auth_ecdsa) {
+        return serverKeyBits;
+    }
+
+    PORT_Assert(authAlgorithm == ssl_auth_rsa);
+    PRUint32 minKeaBits;
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+    // P-192 is the smallest curve we want to use.
+    minKeaBits = 192U;
+#else
+    // P-256 is the smallest supported curve.
+    minKeaBits = 256U;
+#endif
+
+    return PR_MAX(SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyBits), minKeaBits);
+}
--- a/external_tests/ssl_gtest/libssl_internals.h
+++ b/external_tests/ssl_gtest/libssl_internals.h
@@ -4,14 +4,18 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef libssl_internals_h_
 #define libssl_internals_h_
 
 #include "prio.h"
 #include "seccomon.h"
+#include "sslt.h"
 
 SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd);
 
+PRUint32 SSLInt_DetermineKEABits(uint16_t serverKeyBits,
+                                 SSLAuthType authAlgorithm);
+
 #endif
 
 
--- a/external_tests/ssl_gtest/tls_agent.cc
+++ b/external_tests/ssl_gtest/tls_agent.cc
@@ -8,16 +8,21 @@
 
 #include "pk11func.h"
 #include "ssl.h"
 #include "sslerr.h"
 #include "sslproto.h"
 #include "keyhi.h"
 #include "databuffer.h"
 
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
 #define GTEST_HAS_RTTI 0
 #include "gtest/gtest.h"
 
 namespace nss_test {
 
 
 const char* TlsAgent::states[] = {"INIT", "CONNECTING", "CONNECTED", "ERROR"};
 
@@ -286,19 +291,22 @@ void TlsAgent::SetSignatureAlgorithms(co
   }
   EXPECT_EQ(i, configuredCount) << "algorithms in use were all set";
 }
 
 void TlsAgent::CheckKEAType(SSLKEAType type) const {
   EXPECT_EQ(STATE_CONNECTED, state_);
   EXPECT_EQ(type, csinfo_.keaType);
 
+  PRUint32 ecKEAKeyBits = SSLInt_DetermineKEABits(server_key_bits_,
+                                                  csinfo_.authAlgorithm);
+
   switch (type) {
       case ssl_kea_ecdh:
-          EXPECT_EQ(256U, info_.keaKeyBits);
+          EXPECT_EQ(ecKEAKeyBits, info_.keaKeyBits);
           break;
       case ssl_kea_dh:
           EXPECT_EQ(2048U, info_.keaKeyBits);
           break;
       case ssl_kea_rsa:
           EXPECT_EQ(server_key_bits_, info_.keaKeyBits);
           break;
       default: