Add SSL_CIPHER_get_prf_nid.

draft-ietf-quic-tls needs access to the cipher's PRF hash to size its
keys correctly.

Change-Id: Ie4851f990e5e1be724f262f608f7195f7ca837ca
Reviewed-on: https://boringssl-review.googlesource.com/20624
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

include/openssl/ssl.h

@@ -1232,6 +1232,12 @@ OPENSSL_EXPORT int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *cipher);
 // function returns |NID_auth_any|.
 OPENSSL_EXPORT int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher);
 
+// SSL_CIPHER_get_prf_nid retuns the NID for |cipher|'s PRF hash. If |cipher| is
+// a pre-TLS-1.2 cipher, it returns |NID_md5_sha1| but note these ciphers use
+// SHA-256 in TLS 1.2. Other return values may be treated uniformly in all
+// applicable versions.
+OPENSSL_EXPORT int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher);
+
 // SSL_CIPHER_get_min_version returns the minimum protocol version required
 // for |cipher|.
 OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher);

ssl/ssl_cipher.cc

@@ -1513,6 +1513,19 @@ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher) {
   return NID_undef;
 }
 
+int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher) {
+  switch (cipher->algorithm_prf) {
+    case SSL_HANDSHAKE_MAC_DEFAULT:
+      return NID_md5_sha1;
+    case SSL_HANDSHAKE_MAC_SHA256:
+      return NID_sha256;
+    case SSL_HANDSHAKE_MAC_SHA384:
+      return NID_sha384;
+  }
+  assert(0);
+  return NID_undef;
+}
+
 int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) {
   return (cipher->algorithm_enc & SSL_eNULL) == 0 &&
       cipher->algorithm_mac != SSL_AEAD;

ssl/ssl_test.cc

@@ -828,6 +828,7 @@ TEST(SSLTest, CipherProperties) {
     int digest_nid;
     int kx_nid;
     int auth_nid;
+    int prf_nid;
   } kTests[] = {
       {
           SSL3_CK_RSA_DES_192_CBC3_SHA,
@@ -836,6 +837,7 @@ TEST(SSLTest, CipherProperties) {
           NID_sha1,
           NID_kx_rsa,
           NID_auth_rsa,
+          NID_md5_sha1,
       },
       {
           TLS1_CK_RSA_WITH_AES_128_SHA,
@@ -844,6 +846,7 @@ TEST(SSLTest, CipherProperties) {
           NID_sha1,
           NID_kx_rsa,
           NID_auth_rsa,
+          NID_md5_sha1,
       },
       {
           TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
@@ -852,6 +855,7 @@ TEST(SSLTest, CipherProperties) {
           NID_sha1,
           NID_kx_psk,
           NID_auth_psk,
+          NID_md5_sha1,
       },
       {
           TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
@@ -860,6 +864,7 @@ TEST(SSLTest, CipherProperties) {
           NID_sha256,
           NID_kx_ecdhe,
           NID_auth_rsa,
+          NID_sha256,
       },
       {
           TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
@@ -868,6 +873,7 @@ TEST(SSLTest, CipherProperties) {
           NID_sha384,
           NID_kx_ecdhe,
           NID_auth_rsa,
+          NID_sha384,
       },
       {
           TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -876,6 +882,7 @@ TEST(SSLTest, CipherProperties) {
           NID_undef,
           NID_kx_ecdhe,
           NID_auth_rsa,
+          NID_sha256,
       },
       {
           TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -884,6 +891,7 @@ TEST(SSLTest, CipherProperties) {
           NID_undef,
           NID_kx_ecdhe,
           NID_auth_ecdsa,
+          NID_sha256,
       },
       {
           TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -892,6 +900,7 @@ TEST(SSLTest, CipherProperties) {
           NID_undef,
           NID_kx_ecdhe,
           NID_auth_ecdsa,
+          NID_sha384,
       },
       {
           TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
@@ -900,6 +909,7 @@ TEST(SSLTest, CipherProperties) {
           NID_sha1,
           NID_kx_ecdhe,
           NID_auth_psk,
+          NID_md5_sha1,
       },
       {
           TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -908,6 +918,7 @@ TEST(SSLTest, CipherProperties) {
           NID_undef,
           NID_kx_ecdhe,
           NID_auth_rsa,
+          NID_sha256,
       },
       {
           TLS1_CK_AES_256_GCM_SHA384,
@@ -916,6 +927,7 @@ TEST(SSLTest, CipherProperties) {
           NID_undef,
           NID_kx_any,
           NID_auth_any,
+          NID_sha384,
       },
       {
           TLS1_CK_AES_128_GCM_SHA256,
@@ -924,6 +936,7 @@ TEST(SSLTest, CipherProperties) {
           NID_undef,
           NID_kx_any,
           NID_auth_any,
+          NID_sha256,
       },
       {
           TLS1_CK_CHACHA20_POLY1305_SHA256,
@@ -932,6 +945,7 @@ TEST(SSLTest, CipherProperties) {
           NID_undef,
           NID_kx_any,
           NID_auth_any,
+          NID_sha256,
       },
   };
 
@@ -950,6 +964,7 @@ TEST(SSLTest, CipherProperties) {
     EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher));
     EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher));
     EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher));
+    EXPECT_EQ(t.prf_nid, SSL_CIPHER_get_prf_nid(cipher));
   }
 }