Overview
Comment: | Added get cipher info command to return properties of a cipher |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | crypto |
Files: | files | file ages | folders |
SHA3-256: |
35832d0765288d85aa6cc28a13996537 |
User & Date: | bohagan on 2023-11-19 02:55:03 |
Other Links: | branch diff | manifest | tags |
Context
2023-11-19
| ||
23:20 | Added test cases for get cipher and digest info commands check-in: 5a64d9be3f user: bohagan tags: crypto | |
02:55 | Added get cipher info command to return properties of a cipher check-in: 35832d0765 user: bohagan tags: crypto | |
2023-11-18
| ||
18:55 | Added get digest info command to return properties of a digest check-in: e47bd35656 user: bohagan tags: crypto | |
Changes
Modified doc/tls.html
from [268ee1f2cf]
to [cb37aa64df].
︙ | ︙ | |||
27 28 29 30 31 32 33 34 35 36 37 38 39 40 | <dd><b>tls::socket</b> <em> ?-server command? ?options? port</em></dd> <dd><b>tls::handshake</b> <em> channel</em></dd> <dd><b>tls::status </b> <em>?-local? channel</em></dd> <dd><b>tls::connection </b> <em>channel</em></dd> <dd><b>tls::import</b> <em>channel ?options?</em></dd> <dd><b>tls::unimport</b> <em>channel</em></dd> <dt> </dt> <dd><b>tls::ciphers</b> <em>?protocol? ?verbose? ?supported?</em></dd> <dd><b>tls::digests</b> <em>?name?</em></dd> <dd><b>tls::macs</b></dd> <dd><b>tls::protocols</b></dd> <dd><b>tls::version</b></dd> <dt> </dt> <dd><b>tls::digest</b> <b>-digest</b> <em>name ?options?</em></dd> | > | 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | <dd><b>tls::socket</b> <em> ?-server command? ?options? port</em></dd> <dd><b>tls::handshake</b> <em> channel</em></dd> <dd><b>tls::status </b> <em>?-local? channel</em></dd> <dd><b>tls::connection </b> <em>channel</em></dd> <dd><b>tls::import</b> <em>channel ?options?</em></dd> <dd><b>tls::unimport</b> <em>channel</em></dd> <dt> </dt> <dd><b>tls::cipher</b> <em>name</em></dd> <dd><b>tls::ciphers</b> <em>?protocol? ?verbose? ?supported?</em></dd> <dd><b>tls::digests</b> <em>?name?</em></dd> <dd><b>tls::macs</b></dd> <dd><b>tls::protocols</b></dd> <dd><b>tls::version</b></dd> <dt> </dt> <dd><b>tls::digest</b> <b>-digest</b> <em>name ?options?</em></dd> |
︙ | ︙ | |||
71 72 73 74 75 76 77 78 79 80 81 82 83 84 | <a href="#tls::socket"><b>tls::socket</b> <i>?-server command? ?options? port</i></a><br> <a href="#tls::status"><b>tls::status</b> <i>?-local? channel</i></a><br> <a href="#tls::connection"><b>tls::connection</b> <i>channel</i></a><br> <a href="#tls::handshake"><b>tls::handshake</b> <i>channel</i></a><br> <a href="#tls::import"><b>tls::import</b> <i>channel ?options?</i></a><br> <a href="#tls::unimport"><b>tls::unimport</b> <i>channel</i></a><br> <br> <a href="#tls::ciphers"><b>tls::ciphers</b> <i>?protocol? ?verbose? ?supported?</i></a><br> <a href="#tls::digests"><b>tls::digests</b> <i>?name?</i></a><br> <a href="#tls::macs"><b>tls::macs</b></a><br> <a href="#tls::protocols"><b>tls::protocols</b></a><br> <a href="#tls::version"><b>tls::version</b></a><br> <br> <a href="#tls::digest"><b>tls::digest</b> <b>-digest</b> <i>name ?options?</i></a><br> | > | 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 | <a href="#tls::socket"><b>tls::socket</b> <i>?-server command? ?options? port</i></a><br> <a href="#tls::status"><b>tls::status</b> <i>?-local? channel</i></a><br> <a href="#tls::connection"><b>tls::connection</b> <i>channel</i></a><br> <a href="#tls::handshake"><b>tls::handshake</b> <i>channel</i></a><br> <a href="#tls::import"><b>tls::import</b> <i>channel ?options?</i></a><br> <a href="#tls::unimport"><b>tls::unimport</b> <i>channel</i></a><br> <br> <a href="#tls::cipher"><b>tls::cipher</b> <i>name</i></a><br> <a href="#tls::ciphers"><b>tls::ciphers</b> <i>?protocol? ?verbose? ?supported?</i></a><br> <a href="#tls::digests"><b>tls::digests</b> <i>?name?</i></a><br> <a href="#tls::macs"><b>tls::macs</b></a><br> <a href="#tls::protocols"><b>tls::protocols</b></a><br> <a href="#tls::version"><b>tls::version</b></a><br> <br> <a href="#tls::digest"><b>tls::digest</b> <b>-digest</b> <i>name ?options?</i></a><br> |
︙ | ︙ | |||
431 432 433 434 435 436 437 438 439 440 441 442 443 444 | <dd>Unique session ticket application data.</dd> <dt><strong>master_key</strong> <em>binary_string</em></dt> <dd>Unique session master key.</dd> <dt><strong>session_cache_mode</strong> <em>mode</em></dt> <dd>Server cache mode (client, server, or both).</dd> </dl> </blockquote> <dt><a name="tls::ciphers"><strong>tls::ciphers</strong> <em>?protocol? ?verbose? ?supported?</em></a></dt> <dd>Without any args, returns a list of all ciphers. With <em>protocol</em>, only the ciphers supported for that protocol are returned. See <b>tls::protocols</b> command for the supported protocols. If <em>verbose</em> is specified as true then a verbose, human readable | > > > > > | 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 | <dd>Unique session ticket application data.</dd> <dt><strong>master_key</strong> <em>binary_string</em></dt> <dd>Unique session master key.</dd> <dt><strong>session_cache_mode</strong> <em>mode</em></dt> <dd>Server cache mode (client, server, or both).</dd> </dl> </blockquote> <dt><a name="tls::cipher"><strong>tls::cipher</strong> <em>name</em></a></dt> <dd>Return a list of property names and values describing cipher <i>name</i>. Properties include name, description, block_size, key_length, iv_length, type, and mode list.</dd> <dt><a name="tls::ciphers"><strong>tls::ciphers</strong> <em>?protocol? ?verbose? ?supported?</em></a></dt> <dd>Without any args, returns a list of all ciphers. With <em>protocol</em>, only the ciphers supported for that protocol are returned. See <b>tls::protocols</b> command for the supported protocols. If <em>verbose</em> is specified as true then a verbose, human readable |
︙ | ︙ |
Modified generic/tlsInfo.c
from [f456ff7952]
to [07e090db04].
︙ | ︙ | |||
46 47 48 49 50 51 52 | if (1 || !obj->alias) { /* Filter out signed digests (a.k.a signature algorithms) */ if (strstr(obj->name, "rsa") == NULL && strstr(obj->name, "RSA") == NULL) { Tcl_ListObjAppendElement(NULL, objPtr, Tcl_NewStringObj(obj->name,-1)); } } } | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 | if (1 || !obj->alias) { /* Filter out signed digests (a.k.a signature algorithms) */ if (strstr(obj->name, "rsa") == NULL && strstr(obj->name, "RSA") == NULL) { Tcl_ListObjAppendElement(NULL, objPtr, Tcl_NewStringObj(obj->name,-1)); } } } /*******************************************************************/ /* *------------------------------------------------------------------- * * CipherInfo -- * * Return a list of properties and values for cipherName. * * Results: * A standard Tcl list. * * Side effects: * None. * *------------------------------------------------------------------- */ static int CipherObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { Tcl_Obj *objPtr, *listPtr; unsigned char *cipherName = NULL, *modeName = NULL; const EVP_CIPHER *cipher; unsigned long flags, mode; #if OPENSSL_VERSION_NUMBER < 0x10100000L OpenSSL_add_all_ciphers(); /* Make sure they're loaded */ #endif /* Clear errors */ Tcl_ResetResult(interp); ERR_clear_error(); /* Validate arg count */ if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "name"); return TCL_ERROR; } /* Get cipher */ cipherName = Tcl_GetStringFromObj(objv[1], NULL); cipher = EVP_get_cipherbyname(cipherName); if (cipher == NULL) { Tcl_AppendResult(interp, "Invalid cipher \"", cipherName, "\"", NULL); return TCL_ERROR; } /* Get properties */ objPtr = Tcl_NewListObj(0, NULL); LAPPEND_STR(interp, objPtr, "nid", OBJ_nid2ln(EVP_CIPHER_nid(cipher)), -1); LAPPEND_STR(interp, objPtr, "name", EVP_CIPHER_name(cipher), -1); LAPPEND_STR(interp, objPtr, "description", "", -1); LAPPEND_INT(interp, objPtr, "block_size", EVP_CIPHER_block_size(cipher)); LAPPEND_INT(interp, objPtr, "key_length", EVP_CIPHER_key_length(cipher)); LAPPEND_INT(interp, objPtr, "iv_length", EVP_CIPHER_iv_length(cipher)); LAPPEND_STR(interp, objPtr, "type", OBJ_nid2ln(EVP_CIPHER_type(cipher)), -1); LAPPEND_STR(interp, objPtr, "provider", "", -1); flags = EVP_CIPHER_flags(cipher); mode = EVP_CIPHER_mode(cipher); /* EVP_CIPHER_get_mode */ switch(mode) { case EVP_CIPH_STREAM_CIPHER: modeName = "STREAM"; break; case EVP_CIPH_ECB_MODE: modeName = "ECB"; break; case EVP_CIPH_CBC_MODE: modeName = "CBC"; break; case EVP_CIPH_CFB_MODE: modeName = "CFB"; break; case EVP_CIPH_OFB_MODE: modeName = "OFB"; break; case EVP_CIPH_CTR_MODE: modeName = "CTR"; break; case EVP_CIPH_GCM_MODE: modeName = "GCM"; break; case EVP_CIPH_XTS_MODE: modeName = "XTS"; break; case EVP_CIPH_CCM_MODE: modeName = "CCM"; break; case EVP_CIPH_OCB_MODE: modeName = "OCB"; break; case EVP_CIPH_WRAP_MODE : modeName = "WRAP"; break; default: modeName = "unknown"; break; } LAPPEND_STR(interp, objPtr, "mode", modeName, -1); /* Flags */ listPtr = Tcl_NewListObj(0, NULL); LAPPEND_BOOL(interp, listPtr, "Variable Length", flags & EVP_CIPH_VARIABLE_LENGTH); LAPPEND_BOOL(interp, listPtr, "Always Call Init", flags & EVP_CIPH_ALWAYS_CALL_INIT); LAPPEND_BOOL(interp, listPtr, "Custom IV", flags & EVP_CIPH_CUSTOM_IV); LAPPEND_BOOL(interp, listPtr, "Control Init", flags & EVP_CIPH_CTRL_INIT); LAPPEND_BOOL(interp, listPtr, "Custom Cipher", flags & EVP_CIPH_FLAG_CUSTOM_CIPHER); LAPPEND_BOOL(interp, listPtr, "AEAD Cipher", flags & EVP_CIPH_FLAG_AEAD_CIPHER); LAPPEND_BOOL(interp, listPtr, "Custom Copy", flags & EVP_CIPH_CUSTOM_COPY); LAPPEND_BOOL(interp, listPtr, "Non FIPS Allow", flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW); LAPPEND_OBJ(interp, objPtr, "flags", listPtr); Tcl_SetObjResult(interp, objPtr); return TCL_OK; } /* *------------------------------------------------------------------- * * CiphersObjCmd -- * * This procedure is invoked to process the "tls::ciphers" command * to list available ciphers, based upon protocol selected. |
︙ | ︙ | |||
208 209 210 211 212 213 214 | } } else { char buf[BUFSIZ]; objPtr = Tcl_NewStringObj("",0); for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | < < < < < < < < < < < | 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 | } } else { char buf[BUFSIZ]; objPtr = Tcl_NewStringObj("",0); for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); if (c == NULL) continue; /* textual description of the cipher */ if (SSL_CIPHER_description(c, buf, sizeof(buf)) != NULL) { Tcl_AppendToObj(objPtr, buf, (Tcl_Size) strlen(buf)); } else { Tcl_AppendToObj(objPtr, "UNKNOWN\n", 8); } } |
︙ | ︙ | |||
243 244 245 246 247 248 249 | } SSL_free(ssl); SSL_CTX_free(ctx); return TCL_OK; clientData = clientData; } | | > > | 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 | } SSL_free(ssl); SSL_CTX_free(ctx); return TCL_OK; clientData = clientData; } /*******************************************************************/ /* *------------------------------------------------------------------- * * DigestInfo -- * * Return a list of properties and values for digestName. * |
︙ | ︙ | |||
293 294 295 296 297 298 299 | LAPPEND_BOOL(interp, listPtr, "DigestAlgorithmId_Custom", flags & EVP_MD_FLAG_DIGALGID_CUSTOM); LAPPEND_BOOL(interp, listPtr, "FIPS", flags & EVP_MD_FLAG_FIPS); LAPPEND_OBJ(interp, objPtr, "flags", listPtr); Tcl_SetObjResult(interp, objPtr); return TCL_OK; } | | | 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 | LAPPEND_BOOL(interp, listPtr, "DigestAlgorithmId_Custom", flags & EVP_MD_FLAG_DIGALGID_CUSTOM); LAPPEND_BOOL(interp, listPtr, "FIPS", flags & EVP_MD_FLAG_FIPS); LAPPEND_OBJ(interp, objPtr, "flags", listPtr); Tcl_SetObjResult(interp, objPtr); return TCL_OK; } /* *------------------------------------------------------------------- * * DigestsObjCmd -- * * Return a list of all valid hash algorithms or message digests. * |
︙ | ︙ | |||
334 335 336 337 338 339 340 | /* List all digests */ objPtr = Tcl_NewListObj(0, NULL); OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NamesCallback, (void *) objPtr); Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; } | | > > | 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 | /* List all digests */ objPtr = Tcl_NewListObj(0, NULL); OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NamesCallback, (void *) objPtr); Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; } /*******************************************************************/ /* *------------------------------------------------------------------- * * MacsObjCmd -- * * Return a list of all valid message authentication codes (MAC). * |
︙ | ︙ | |||
369 370 371 372 373 374 375 | objPtr = Tcl_NewListObj(0, NULL); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("cmac", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("hmac", -1)); Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; } | | > > | 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 | objPtr = Tcl_NewListObj(0, NULL); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("cmac", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("hmac", -1)); Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; } /*******************************************************************/ /* *------------------------------------------------------------------- * * ProtocolsObjCmd -- * * Return a list of the available or supported SSL/TLS protocols. * |
︙ | ︙ | |||
421 422 423 424 425 426 427 | #if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3) Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1_3], -1)); #endif Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; } | | > > | 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 | #if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3) Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1_3], -1)); #endif Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; } /*******************************************************************/ /* *------------------------------------------------------------------- * * VersionObjCmd -- * * Return a string with the OpenSSL version info. * |
︙ | ︙ | |||
454 455 456 457 458 459 460 | } objPtr = Tcl_NewStringObj(OPENSSL_VERSION_TEXT, -1); Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; } | | > > > | 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 | } objPtr = Tcl_NewStringObj(OPENSSL_VERSION_TEXT, -1); Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; } /*******************************************************************/ /* *------------------------------------------------------------------- * * Tls_InfoCommands -- * * Create info commands * * Returns: * TCL_OK or TCL_ERROR * * Side effects: * Creates commands * *------------------------------------------------------------------- */ int Tls_InfoCommands(Tcl_Interp *interp) { Tcl_CreateObjCommand(interp, "tls::cipher", CipherObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::digests", DigestsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::macs", MacsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::protocols", ProtocolsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); return TCL_OK; } |