Extend the webRequest.onCompleted event details object with TLS/SSL information

net/ssl/ssl_cipher_suite_names.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/ssl_cipher_suite_names.h"
 
 #include <stdlib.h>
 
 #include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "third_party/boringssl/src/include/openssl/ssl.h"
 
 // Rather than storing the names of all the ciphersuites we eliminate the
 // redundancy and break each cipher suite into a key exchange method, cipher
 // and mac. For all the ciphersuites in the IANA registry, we extract each of
 // those components from the name, number them and pack the result into a
 // 16-bit number thus:
 //   (MSB to LSB)
 //   <3 bits> unused
@@ skipping 355 matching lines @@
   }
   *cipher_str = kCipherNames[cipher].name;
   if (mac == kAEADMACValue) {
     *is_aead = true;
     *mac_str = nullptr;
   } else {
     *mac_str = kMacNames[mac].name;
   }
 }
 
+std::string SSLCipherSuiteToComposedString(uint16_t cipher_suite) {
+  int key_exchange, cipher, mac;
+  if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
+    return "UNKNOWN";
+
+  const char* prf;
+  switch (mac) {
+    case 1:
+      prf = "MD5";
+      break;
+    case 2:
+      prf = "SHA";
+      break;
+    case 3:
+      prf = "SHA256";
+      break;
+    case 4:
+      prf = "SHA384";
+      break;
+    case 7:                               // kAEADMACValue
+      if (cipher == 14 || cipher == 9) {  // AES_256_GCM or AES_256_CBC
+        prf = "SHA384";
+        break;
+      }
+      prf = "SHA256";
+      break;
+    default:
+      NOTREACHED() << mac;
+      prf = "???";
+      break;
+  }
+
+  std::string composed = "TLS";
+  if (key_exchange != kTLS13KeyExchangeValue)
+    composed +=
+        base::StringPrintf("_%s_WITH", kKeyExchangeNames[key_exchange].name);
+  composed += base::StringPrintf("_%s_%s", kCipherNames[cipher].name, prf);
+
+  return composed;
+}

[davidben, 2016/12/07 15:31:45]

I haven't looked at the rest yet, but the whole point of using the composed
names was to match the spec, which means adding a bunch of code to assemble it
manually rather defeats the purpose. BoringSSL provides an
SSL_CIPHER_get_rfc_name.

https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#S...

+
 void SSLVersionToString(const char** name, int ssl_version) {
   switch (ssl_version) {
     case SSL_CONNECTION_VERSION_SSL2:
       *name = "SSL 2.0";
       break;
     case SSL_CONNECTION_VERSION_SSL3:
       *name = "SSL 3.0";
       break;
     case SSL_CONNECTION_VERSION_TLS1:
       *name = "TLS 1.0";
@@ skipping 70 matching lines @@
   }
 
   // Only AEADs allowed.
   if (mac != kAEADMACValue)
     return false;
 
   return true;
 }
 
 }  // namespace net