Add Ciphersuite::to_string

Add a convenience function to Session that returns the ciphersuite
class since mostly users won't care about the underlying code point.

7 files changed, 110 insertions, 20 deletions

diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp
index 00728ff16..55bf39318 100644
--- a/src/tls/c_hello.cpp
+++ b/src/tls/c_hello.cpp
@@ -123,7 +123,7 @@ Client_Hello::Client_Hello(Record_Writer& writer,
    m_fragment_size(session.fragment_size()),
    m_secure_renegotiation(session.secure_renegotiation())
    {
-   m_suites.push_back(session.ciphersuite());
+   m_suites.push_back(session.ciphersuite_code());
    m_comp_methods.push_back(session.compression_method());
 
    // set m_supported_algos here?
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 54873e682..cd7888c8b 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -36,7 +36,7 @@ bool check_for_resume(Session& session_info,
 
    // client didn't send original ciphersuite
    if(!value_exists(client_hello->ciphersuites(),
-                    session_info.ciphersuite()))
+                    session_info.ciphersuite_code()))
       return false;
 
    // client didn't send original compression method
@@ -185,7 +185,7 @@ void Server::process_handshake_msg(Handshake_Type type,
             state->hash,
             session_info.session_id(),
             Protocol_Version(session_info.version()),
-            session_info.ciphersuite(),
+            session_info.ciphersuite_code(),
             session_info.compression_method(),
             session_info.fragment_size(),
             secure_renegotiation.supported(),
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h
index e44967c00..96ef6514e 100644
--- a/src/tls/tls_session.h
+++ b/src/tls/tls_session.h
@@ -10,6 +10,7 @@
 
 #include <botan/x509cert.h>
 #include <botan/tls_version.h>
+#include <botan/tls_suites.h>
 #include <botan/tls_magic.h>
 #include <botan/secmem.h>
 
@@ -70,9 +71,14 @@ class BOTAN_DLL Session
       Protocol_Version version() const { return m_version; }
 
       /**
-      * Get the ciphersuite of the saved session
+      * Get the ciphersuite code of the saved session
       */
-      u16bit ciphersuite() const { return m_ciphersuite; }
+      u16bit ciphersuite_code() const { return m_ciphersuite; }
+
+      /**
+      * Get the ciphersuite info of the saved session
+      */
+      Ciphersuite ciphersuite() const { return Ciphersuite::lookup_ciphersuite(m_ciphersuite); }
 
       /**
       * Get the compression method used in the saved session
diff --git a/src/tls/tls_suites.cpp b/src/tls/tls_suites.cpp
index 442d261cd..07c8a1a9e 100644
--- a/src/tls/tls_suites.cpp
+++ b/src/tls/tls_suites.cpp
@@ -1,12 +1,14 @@
 /*
 * TLS Cipher Suites
-* (C) 2004-2010 Jack Lloyd
+* (C) 2004-2010,2012 Jack Lloyd
 *
 * Released under the terms of the Botan license
 */
 
 #include <botan/tls_suites.h>
-#include <botan/tls_exceptn.h>
+#include <botan/parsing.h>
+#include <sstream>
+#include <stdexcept>
 
 namespace Botan {
 
@@ -34,7 +36,7 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
          return Ciphersuite("RSA", "", "SHA-256", "AES-256", 32);
 
       case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
-         return Ciphersuite("RSA", "", "SHA-1", "TripleDES", 24);
+         return Ciphersuite("RSA", "", "SHA-1", "3DES", 24);
 
       case TLS_RSA_WITH_RC4_128_SHA:
          return Ciphersuite("RSA", "", "SHA-1", "ARC4", 16);
@@ -60,7 +62,7 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
          return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32);
 
       case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
-         return Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24);
+         return Ciphersuite("DSA", "DH", "SHA-1", "3DES", 24);
 
       case TLS_DHE_DSS_WITH_RC4_128_SHA:
          return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16);
@@ -83,7 +85,7 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
          return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32);
 
       case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
-         return Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24);
+         return Ciphersuite("RSA", "DH", "SHA-1", "3DES", 24);
 
       case TLS_DHE_RSA_WITH_SEED_CBC_SHA:
          return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16);
@@ -96,7 +98,7 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
          return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32);
 
       case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
-         return Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24);
+         return Ciphersuite("RSA", "ECDH", "SHA-1", "3DES", 24);
 
       case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
          return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16);
@@ -104,24 +106,24 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
       // SRP/RSA ciphersuites
 
       case TLS_SRP_SHA_RSA_WITH_AES_128_SHA:
-         return Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16);
+         return Ciphersuite("RSA", "SRP/SHA-1", "SHA-1", "AES-128", 16);
 
       case TLS_SRP_SHA_RSA_WITH_AES_256_SHA:
-         return Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32);
+         return Ciphersuite("RSA", "SRP/SHA-1", "SHA-1", "AES-256", 32);
 
       case TLS_SRP_SHA_RSA_WITH_3DES_EDE_SHA:
-         return Ciphersuite("RSA", "SRP", "SHA-1", "TripleDES", 24);
+         return Ciphersuite("RSA", "SRP/SHA-1", "SHA-1", "3DES", 24);
 
       // SRP/DSA ciphersuites
 
       case TLS_SRP_SHA_DSS_WITH_AES_128_SHA:
-         return Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16);
+         return Ciphersuite("DSA", "SRP/SHA-1", "SHA-1", "AES-128", 16);
 
       case TLS_SRP_SHA_DSS_WITH_AES_256_SHA:
-         return Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32);
+         return Ciphersuite("DSA", "SRP/SHA-1", "SHA-1", "AES-256", 32);
 
       case TLS_SRP_SHA_DSS_WITH_3DES_EDE_SHA:
-         return Ciphersuite("DSA", "SRP", "SHA-1", "TripleDES", 24);
+         return Ciphersuite("DSA", "SRP/SHA-1", "SHA-1", "3DES", 24);
 
       // ECDH/ECDSA ciphersuites
 
@@ -147,13 +149,67 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
          return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16);
 
       case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
-         return Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24);
+         return Ciphersuite("ECDSA", "ECDH", "SHA-1", "3DES", 24);
 
       default:
          return Ciphersuite(); // some unknown ciphersuite
       }
    }
 
+std::string Ciphersuite::to_string() const
+   {
+   if(m_cipher_keylen == 0)
+      throw std::runtime_error("Ciphersuite::to_string - no value set");
+
+   std::ostringstream out;
+
+   out << "TLS_";
+
+   if(kex_algo() == "DH")
+      out << "DHE";
+   else if(kex_algo() == "ECDH")
+      out << "ECDHE";
+   else if(kex_algo() == "SRP/SHA-1")
+      out << "SRP_SHA";
+   else if(kex_algo() != "")
+      out << kex_algo();
+
+   if(kex_algo() != "")
+      out << '_';
+
+   if(sig_algo() == "DSA")
+      out << "DSS";
+   else
+      out << sig_algo();
+
+   out << "_WITH_";
+
+   if(cipher_algo() == "ARC4")
+      {
+      out << "RC4_128_";
+      }
+   else
+      {
+      if(cipher_algo() == "3DES")
+         out << "3DES_EDE";
+      else
+         out << replace_char(cipher_algo(), '-', '_');
+
+      out << "_CBC_";
+      }
+
+   if(mac_algo() == "SHA-1")
+      out << "SHA";
+   else if(mac_algo() == "SHA-256")
+      out << "SHA256";
+   else if(mac_algo() == "SHA-384")
+      out << "SHA384";
+   else
+      out << mac_algo();
+
+   return out.str();
+   }
+
 Ciphersuite::Ciphersuite(const std::string& sig_algo,
                                  const std::string& kex_algo,
                                  const std::string& mac_algo,
diff --git a/src/tls/tls_suites.h b/src/tls/tls_suites.h
index 1fd975beb..0778a4eda 100644
--- a/src/tls/tls_suites.h
+++ b/src/tls/tls_suites.h
@@ -24,8 +24,13 @@ class BOTAN_DLL Ciphersuite
    public:
       static Ciphersuite lookup_ciphersuite(u16bit suite);
 
-      const std::string kex_algo() const { return m_kex_algo; }
-      const std::string sig_algo() const { return m_sig_algo; }
+      /**
+      * Formats the ciphersuite back to an RFC-style ciphersuite string
+      */
+      std::string to_string() const;
+
+      std::string kex_algo() const { return m_kex_algo; }
+      std::string sig_algo() const { return m_sig_algo; }
 
       std::string cipher_algo() const { return m_cipher_algo; }
       std::string mac_algo() const { return m_mac_algo; }
diff --git a/src/utils/parsing.cpp b/src/utils/parsing.cpp
index 9ec00040c..25f021c8c 100644
--- a/src/utils/parsing.cpp
+++ b/src/utils/parsing.cpp
@@ -288,4 +288,17 @@ std::string ipv4_to_string(u32bit ip)
    return str;
    }
 
+std::string replace_char(const std::string& str,
+                         char from_char,
+                         char to_char)
+   {
+   std::string out = str;
+
+   for(size_t i = 0; i != out.size(); ++i)
+      if(out[i] == from_char)
+         out[i] = to_char;
+
+   return out;
+   }
+
 }
diff --git a/src/utils/parsing.h b/src/utils/parsing.h
index 12370bf2b..668272309 100644
--- a/src/utils/parsing.h
+++ b/src/utils/parsing.h
@@ -32,6 +32,16 @@ BOTAN_DLL std::vector<std::string> split_on(
    const std::string& str, char delim);
 
 /**
+* Replace a character in a string
+* @param str the input string
+* @param from_char the character to replace
+* @return to_char the character to replace it with
+*/
+BOTAN_DLL std::string replace_char(const std::string& str,
+                                   char from_char,
+                                   char to_char);
+
+/**
 * Parse an ASN.1 OID
 * @param oid the OID in string form
 * @return OID components