Various and sundry bug fixes

author: lloyd <[email protected]> 2012-01-19 20:02:07 +0000
committer: lloyd <[email protected]> 2012-01-19 20:02:07 +0000
commit: 4c3d3e1c56451c635fb81dadfb249ce1856af0ce (patch)
tree: f641c31dfbcf9badeac1dd5ae79eb28742fd0c68
parent: 385febfc3c150450d231f9550ac5e33f5316751f (diff)
9 files changed, 31 insertions, 11 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp
index 60f6de487..a70713a80 100644
--- a/src/tls/c_hello.cpp
+++ b/src/tls/c_hello.cpp
@@ -151,6 +151,9 @@ MemoryVector<byte> Client_Hello::serialize() const
       extensions.push_back(new Server_Name_Indicator(m_hostname));
       extensions.push_back(new SRP_Identifier(m_srp_identifier));
 
+      if(m_version >= TLS_V12)
+         extensions.push_back(new Signature_Algorithms());
+
       if(m_next_protocol)
          extensions.push_back(new Next_Protocol_Notification());
       }
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp
index 21619fe0c..652544806 100644
--- a/src/tls/s_hello.cpp
+++ b/src/tls/s_hello.cpp
@@ -174,9 +174,6 @@ MemoryVector<byte> Server_Hello::serialize() const
    if(m_next_protocol)
       extensions.push_back(new Next_Protocol_Notification(m_next_protocols));
 
-   if(s_version == TLS_V12)
-      extensions.push_back(new Signature_Algorithms());
-
    buf += extensions.serialize();
 
    return buf;
diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp
index 2e2bc4cb0..ac6ee15ee 100644
--- a/src/tls/s_kex.cpp
+++ b/src/tls/s_kex.cpp
@@ -37,9 +37,15 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer,
 
    // FIXME: this should respect client's hash preferences
    if(state->version >= TLS_V12)
+      {
       hash_algo = TLS_ALGO_HASH_SHA256;
+      sig_algo = TLS_ALGO_SIGNER_RSA;
+      }
    else
+      {
       hash_algo = TLS_ALGO_NONE;
+      sig_algo = TLS_ALGO_NONE;
+      }
 
    std::pair<std::string, Signature_Format> format =
       state->choose_sig_format(private_key, hash_algo, false);
@@ -62,7 +68,10 @@ MemoryVector<byte> Server_Key_Exchange::serialize() const
    MemoryVector<byte> buf = serialize_params();
 
    if(hash_algo != TLS_ALGO_NONE)
-      {}
+      {
+      buf.push_back(Signature_Algorithms::hash_algo_code(hash_algo));
+      buf.push_back(Signature_Algorithms::sig_algo_code(sig_algo));
+      }
 
    append_tls_length_value(buf, signature, 2);
    return buf;
@@ -110,9 +119,16 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf,
    if(sig_alg != TLS_ALGO_SIGNER_ANON)
       {
       if(version < TLS_V12)
-         hash_algo = TLS_ALGO_NONE; // use old defaults
+         {
+         // use old defaults
+         hash_algo = TLS_ALGO_NONE;
+         sig_algo = TLS_ALGO_NONE;
+         }
       else
+         {
          hash_algo = Signature_Algorithms::hash_algo_code(reader.get_byte());
+         sig_algo = Signature_Algorithms::sig_algo_code(reader.get_byte());
+         }
 
       signature = reader.get_range<byte>(2, 0, 65535);
       }
@@ -137,6 +153,8 @@ bool Server_Key_Exchange::verify(const X509_Certificate& cert,
    {
    std::auto_ptr<Public_Key> key(cert.subject_public_key());
 
+   printf("Checking %s vs code %d\n", key->algo_name().c_str(), sig_algo);
+
    std::pair<std::string, Signature_Format> format =
       state->choose_sig_format(key.get(), hash_algo, false);
 
diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h
index 1811bab01..2f4f711c2 100644
--- a/src/tls/tls_extensions.h
+++ b/src/tls/tls_extensions.h
@@ -189,7 +189,7 @@ class Signature_Algorithms : public TLS_Extension
       static byte sig_algo_code(TLS_Ciphersuite_Algos code);
 
       TLS_Handshake_Extension_Type type() const
-         { return TLSEXT_NEXT_PROTOCOL; }
+         { return TLSEXT_SIGNATURE_ALGORITHMS; }
 
       std::vector<std::pair<TLS_Ciphersuite_Algos, TLS_Ciphersuite_Algos> >
          supported_signature_algorthms() const
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index f2052c5e7..9ea0b1a2d 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -300,6 +300,7 @@ class Certificate_Verify : public Handshake_Message
    private:
       MemoryVector<byte> serialize() const;
 
+      TLS_Ciphersuite_Algos sig_algo; // sig algo used to create signature
       TLS_Ciphersuite_Algos hash_algo; // hash used to create signature
       MemoryVector<byte> signature;
    };
@@ -371,6 +372,7 @@ class Server_Key_Exchange : public Handshake_Message
 
       std::vector<BigInt> params;
 
+      TLS_Ciphersuite_Algos sig_algo; // sig algo used to create signature
       TLS_Ciphersuite_Algos hash_algo; // hash used to create signature
       MemoryVector<byte> signature;
    };
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index 391e8e758..b510c3d4b 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -72,8 +72,8 @@ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa,
 
    if(use_rsa)
       {
-      suites.push_back(TLS_RSA_WITH_AES_256_CBC_SHA_256);
-      suites.push_back(TLS_RSA_WITH_AES_128_CBC_SHA_256);
+      suites.push_back(TLS_RSA_WITH_AES_256_CBC_SHA256);
+      suites.push_back(TLS_RSA_WITH_AES_128_CBC_SHA256);
 
       suites.push_back(TLS_RSA_WITH_AES_256_CBC_SHA);
       suites.push_back(TLS_RSA_WITH_AES_128_CBC_SHA);
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index 48ff9185e..a0bca4e7f 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -52,7 +52,7 @@ class BOTAN_DLL TLS_Policy
       /*
       * @return the version we would prefer to negotiate
       */
-      virtual Version_Code pref_version() const { return TLS_V11; }
+      virtual Version_Code pref_version() const { return TLS_V12; }
 
       virtual bool check_cert(const std::vector<X509_Certificate>& cert_chain) const = 0;
 
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index e3e2fe208..503d55610 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -25,7 +25,7 @@ Version_Code choose_version(Version_Code client, Version_Code minimum)
       throw TLS_Exception(PROTOCOL_VERSION,
                           "Client version is unacceptable by policy");
 
-   if(client == SSL_V3 || client == TLS_V10 || client == TLS_V11)
+   if(client == SSL_V3 || client == TLS_V10 || client == TLS_V11 || client == TLS_V12)
       return client;
    return TLS_V11;
    }
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h
index f1352a0e0..12b76bcab 100644
--- a/src/tls/tls_session.h
+++ b/src/tls/tls_session.h
@@ -75,7 +75,7 @@ class BOTAN_DLL TLS_Session
       /**
       * Get the minor version of the saved session
       */
-      byte minor_version() const { return get_byte(0, m_version); }
+      byte minor_version() const { return get_byte(1, m_version); }
 
       /**
       * Get the ciphersuite of the saved session
author	lloyd <[email protected]>	2012-01-19 20:02:07 +0000
committer	lloyd <[email protected]>	2012-01-19 20:02:07 +0000
commit	4c3d3e1c56451c635fb81dadfb249ce1856af0ce (patch)
tree	f641c31dfbcf9badeac1dd5ae79eb28742fd0c68
parent	385febfc3c150450d231f9550ac5e33f5316751f (diff)