Route key_exchange_group over to DevTools.

chrome/browser/ssl/chrome_security_state_model_client.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
+#include <openssl/ssl.h>
+
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string16.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
@@ skipping 67 matching lines @@
   NOTREACHED();
   return content::SECURITY_STYLE_UNKNOWN;
 }
 
 void AddConnectionExplanation(
     const security_state::SecurityStateModel::SecurityInfo& security_info,
     content::SecurityStyleExplanations* security_style_explanations) {
 
   // Avoid showing TLS details when we couldn't even establish a TLS connection
   // (e.g. for net errors) or if there was no real connection (some tests). We
-  // check the |certificate| to see if there was a connection.
-  if (!security_info.certificate || security_info.connection_status == 0) {
+  // check the |connection_status| to see if there was a connection.
+  if (security_info.connection_status == 0) {
     return;
   }
 
   int ssl_version =
       net::SSLConnectionStatusToVersion(security_info.connection_status);
   const char* protocol;
   net::SSLVersionToString(&protocol, ssl_version);
   const char* key_exchange;
   const char* cipher;
   const char* mac;
   bool is_aead;
   uint16_t cipher_suite =
       net::SSLConnectionStatusToCipherSuite(security_info.connection_status);
   net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead,
                                cipher_suite);
   base::string16 protocol_name = base::ASCIIToUTF16(protocol);
   base::string16 key_exchange_name = base::ASCIIToUTF16(key_exchange);
   const base::string16 cipher_name =
       (mac == NULL) ? base::ASCIIToUTF16(cipher)
                     : l10n_util::GetStringFUTF16(IDS_CIPHER_WITH_MAC,
                                                  base::ASCIIToUTF16(cipher),
                                                  base::ASCIIToUTF16(mac));
+
+  // Include the key exchange group (previously known as curve) if specified.
+  //
+  // TODO(davidben): When TLS 1.3's new negotiation is implemented, omit the
+  // "key exchange" if empty and only display the group, which is the true key
+  // exchange. See https://crbug.com/639495.
+  if (security_info.key_exchange_group != 0) {
+    key_exchange_name = l10n_util::GetStringFUTF16(
+        IDS_SSL_KEY_EXCHANGE_WITH_GROUP, key_exchange_name,
+        base::ASCIIToUTF16(
+            SSL_get_curve_name(security_info.key_exchange_group)));
+  }
+
   if (security_info.obsolete_ssl_status == net::OBSOLETE_SSL_NONE) {
     security_style_explanations->secure_explanations.push_back(
         content::SecurityStyleExplanation(
             l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY),
             l10n_util::GetStringFUTF8(IDS_STRONG_SSL_DESCRIPTION, protocol_name,
                                       key_exchange_name, cipher_name)));
     return;
   }
 
   std::vector<base::string16> description_replacements;
@@ skipping 224 matching lines @@
   }
 
   state->connection_info_initialized = true;
   state->url = entry->GetURL();
   const content::SSLStatus& ssl = entry->GetSSL();
   state->initial_security_level =
       GetSecurityLevelForSecurityStyle(ssl.security_style);
   state->certificate = ssl.certificate;
   state->cert_status = ssl.cert_status;
   state->connection_status = ssl.connection_status;
+  state->key_exchange_group = ssl.key_exchange_group;
   state->security_bits = ssl.security_bits;
   state->pkp_bypassed = ssl.pkp_bypassed;
   state->sct_verify_statuses.clear();
   state->sct_verify_statuses.insert(state->sct_verify_statuses.begin(),
                                     ssl.sct_statuses.begin(),
                                     ssl.sct_statuses.end());
   state->displayed_mixed_content =
       !!(ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT);
   state->ran_mixed_content =
       !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT);
   state->displayed_content_with_cert_errors =
       !!(ssl.content_status &
          content::SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS);
   state->ran_content_with_cert_errors =
       !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS);
 
   CheckSafeBrowsingStatus(entry, web_contents_, state);
 }