From e5b6565730600656c7806e7c5b543172f56f22f0 Mon Sep 17 00:00:00 2001 From: Pascal Knecht Date: Mon, 18 Jan 2021 18:11:55 +0100 Subject: [PATCH] tls-crypto: Rename DH group/key exchange method config option TLS key exchange methods are now configured with `ke_group`. --- conf/options/charon.opt | 3 +++ src/libtls/tests/suites/test_socket.c | 16 ++++++++-------- src/libtls/tls_crypto.c | 5 +++-- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 868ee1d..f76ef44 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -473,6 +473,9 @@ charon.tls.mac charon.tls.suites List of TLS cipher suites. +charon.tls.ke_group + List of TLS key exchange groups. + charon.tls.send_certreq_authorities = yes Whether to include CAs in a server's CertificateRequest message. diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c index e9f7d83..f158893 100644 --- a/src/libtls/tests/suites/test_socket.c +++ b/src/libtls/tests/suites/test_socket.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2020 Pascal Knecht + * Copyright (C) 2020-2021 Pascal Knecht * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2014 Martin Willi @@ -559,8 +559,8 @@ static void test_tls(tls_version_t version, uint16_t port, bool cauth, u_int i) /** * TLS curve test wrapper function */ -static void test_tls_curves(tls_version_t version, uint16_t port, bool cauth, - u_int i) +static void test_tls_ke_groups(tls_version_t version, uint16_t port, bool cauth, + u_int i) { echo_server_config_t *config; diffie_hellman_group_t *groups; @@ -575,7 +575,7 @@ static void test_tls_curves(tls_version_t version, uint16_t port, bool cauth, ck_assert(i < count); snprintf(curve, sizeof(curve), "%N", diffie_hellman_group_names_short, groups[i]); - lib->settings->set_str(lib->settings, "%s.tls.curve", curve, lib->ns); + lib->settings->set_str(lib->settings, "%s.tls.ke_group", curve, lib->ns); run_echo_client(config); @@ -653,9 +653,9 @@ START_TEST(test_tls_13_client) } END_TEST -START_TEST(test_tls13_curves) +START_TEST(test_tls13_ke_groups) { - test_tls_curves(TLS_1_3, 5668, FALSE, _i); + test_tls_ke_groups(TLS_1_3, 5668, FALSE, _i); } END_TEST @@ -736,9 +736,9 @@ Suite *socket_suite_create() add_tls_versions_test(test_tls_12_server, TLS_1_0, TLS_1_3); suite_add_tcase(s, tc); - tc = tcase_create("TLS 1.3/curves"); + tc = tcase_create("TLS 1.3/key exchange groups"); tcase_add_checked_fixture(tc, setup_creds, teardown_creds); - tcase_add_loop_test(tc, test_tls13_curves, 0, + tcase_add_loop_test(tc, test_tls13_ke_groups, 0, tls_crypto_get_supported_groups(NULL)); suite_add_tcase(s, tc); diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 23c3637..1693a18 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2020 Tobias Brunner - * Copyright (C) 2020 Pascal Knecht + * Copyright (C) 2020-2021 Pascal Knecht * Copyright (C) 2020 Méline Sieber * HSR Hochschule fuer Technik Rapperswil * @@ -1103,7 +1103,8 @@ static bool filter_curve_config(tls_named_group_t curve) enumerator_t *enumerator; char *token, *config; - config = lib->settings->get_str(lib->settings, "%s.tls.curve", NULL, lib->ns); + config = lib->settings->get_str(lib->settings, "%s.tls.ke_group", NULL, + lib->ns); if (config) { enumerator = enumerator_create_token(config, ",", " "); -- 2.7.4