Additional bits for SSLv3 client auth

author: lloyd <[email protected]> 2011-12-28 16:40:19 +0000
committer: lloyd <[email protected]> 2011-12-28 16:40:19 +0000
commit: bff93678cf13da4ecca1851234578e671787a38b (patch)
tree: d46014fc0eaa677ea867a65fc4accb1f341bf13a
parent: d1324eb8283bf9adfbe5dca05be1ecbffba8a339 (diff)
5 files changed, 41 insertions, 10 deletions
diff --git a/doc/examples/self_sig.cpp b/doc/examples/self_sig.cpp
index 64b778b71..522fad677 100644
--- a/doc/examples/self_sig.cpp
+++ b/doc/examples/self_sig.cpp
@@ -35,7 +35,10 @@ int main(int argc, char* argv[])
       {
       AutoSeeded_RNG rng;
 
-      RSA_PrivateKey key(rng, 2048);
+      //RSA_PrivateKey key(rng, 2048);
+      DL_Group group(rng, DL_Group::DSA_Kosherizer, 2048, 256);
+
+      DSA_PrivateKey key(rng, group);
 
       std::ofstream priv_key("private.pem");
       priv_key << PKCS8::PEM_encode(key, rng, argv[1]);
diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp
index 4203e2542..023c6ccd7 100644
--- a/src/tls/cert_ver.cpp
+++ b/src/tls/cert_ver.cpp
@@ -7,6 +7,7 @@
 
 #include <botan/internal/tls_messages.h>
 #include <botan/internal/tls_reader.h>
+#include <botan/tls_exceptn.h>
 #include <botan/pubkey.h>
 #include <botan/rsa.h>
 #include <botan/dsa.h>
@@ -71,7 +72,9 @@ void Certificate_Verify::deserialize(const MemoryRegion<byte>& buf)
 * Verify a Certificate Verify message
 */
 bool Certificate_Verify::verify(const X509_Certificate& cert,
-                                TLS_Handshake_Hash& hash)
+                                TLS_Handshake_Hash& hash,
+                                Version_Code version,
+                                const SecureVector<byte>& master_secret)
    {
    // FIXME: duplicate of Server_Key_Exchange::verify
 
@@ -84,7 +87,10 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
       padding = "EMSA3(TLS.Digest.0)";
    else if(key->algo_name() == "DSA")
       {
-      padding == "EMSA1(SHA-1)";
+      if(version == SSL_V3)
+         padding = "Raw";
+      else
+         padding = "EMSA1(SHA-1)";
       format = DER_SEQUENCE;
       }
    else
@@ -92,7 +98,19 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
                              " is invalid/unknown for TLS signatures");
 
    PK_Verifier verifier(*key, padding, format);
-   return verifier.verify_message(hash.get_contents(), signature);
+
+   if(version == SSL_V3)
+      {
+      SecureVector<byte> md5_sha = hash.final_ssl3(master_secret);
+
+      return verifier.verify_message(&md5_sha[16], md5_sha.size()-16,
+                                     &signature[0], signature.size());
+      }
+   else if(version == TLS_V10 || version == TLS_V11)
+      return verifier.verify_message(hash.get_contents(), signature);
+   else
+      throw TLS_Exception(PROTOCOL_VERSION,
+                          "Unknown TLS version in certificate verification");
    }
 
 }
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index 8cfaea37e..51569fbc0 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -179,8 +179,17 @@ class Certificate_Verify : public HandshakeMessage
    public:
       Handshake_Type type() const { return CERTIFICATE_VERIFY; }
 
+      /**
+      * Check the signature on a certificate verify message
+      * @param cert the purported certificate
+      * @param hash the running handshake message hash
+      * @param version the version number we negotiated
+      * @param master_secret the session key (only used if version is SSL_V3)
+      */
       bool verify(const X509_Certificate& cert,
-                  TLS_Handshake_Hash& hash);
+                  TLS_Handshake_Hash& hash,
+                  Version_Code version,
+                  const SecureVector<byte>& master_secret);
 
       Certificate_Verify(RandomNumberGenerator& rng,
                          Record_Writer& writer,
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 784bdc031..bc8ce5e31 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -12,8 +12,6 @@
 #include <botan/rsa.h>
 #include <botan/dh.h>
 
-#include <stdio.h>
-
 namespace Botan {
 
 namespace {
@@ -296,8 +294,11 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
       const std::vector<X509_Certificate>& client_certs =
          state->client_certs->cert_chain();
 
-      const bool sig_valid = state->client_verify->verify(client_certs[0],
-                                                          state->hash);
+      const bool sig_valid =
+         state->client_verify->verify(client_certs[0],
+                                      state->hash,
+                                      state->server_hello->version(),
+                                      state->keys.master_secret());
 
       state->hash.update(type, contents);
 
diff --git a/src/tls/tls_session_key.h b/src/tls/tls_session_key.h
index 92e8d7a18..c967eaf22 100644
--- a/src/tls/tls_session_key.h
+++ b/src/tls/tls_session_key.h
@@ -29,7 +29,7 @@ class BOTAN_DLL SessionKeys
       InitializationVector client_iv() const { return c_iv; }
       InitializationVector server_iv() const { return s_iv; }
 
-      SecureVector<byte> master_secret() const { return master_sec; }
+      const SecureVector<byte>& master_secret() const { return master_sec; }
 
       SessionKeys() {}
author	lloyd <[email protected]>	2011-12-28 16:40:19 +0000
committer	lloyd <[email protected]>	2011-12-28 16:40:19 +0000
commit	bff93678cf13da4ecca1851234578e671787a38b (patch)
tree	d46014fc0eaa677ea867a65fc4accb1f341bf13a
parent	d1324eb8283bf9adfbe5dca05be1ecbffba8a339 (diff)