diff options
| author | Jack Lloyd <[email protected]> | 2017-12-21 15:37:39 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2018-01-28 12:14:07 -0500 |
| commit | b2b55e6c2fdb824f49923b60d2c3ffff8f0fb99a (patch) | |
| tree | 8d5650816329cbe176a4e1fee639094c9387b260 /src/lib/tls/msg_cert_verify.cpp | |
| parent | 1c667d34bf71336d33bb76309176a993f13a2aac (diff) | |
Use enums to represent TLS signature and kex algorithms.
Adds support for PSS signatures (currently verifying only).
Diffstat (limited to 'src/lib/tls/msg_cert_verify.cpp')
| -rw-r--r-- | src/lib/tls/msg_cert_verify.cpp | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index ce7a30374..8ca01043a 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -28,7 +28,7 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io, BOTAN_ASSERT_NONNULL(priv_key); std::pair<std::string, Signature_Format> format = - state.choose_sig_format(*priv_key, m_hash_algo, m_sig_algo, true, policy); + state.choose_sig_format(*priv_key, m_scheme, true, policy); m_signature = state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second, @@ -47,8 +47,7 @@ Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf, if(version.supports_negotiable_signature_algorithms()) { - m_hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte()); - m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte()); + m_scheme = static_cast<Signature_Scheme>(reader.get_uint16_t()); } m_signature = reader.get_range<uint8_t>(2, 0, 65535); @@ -61,10 +60,11 @@ std::vector<uint8_t> Certificate_Verify::serialize() const { std::vector<uint8_t> buf; - if(!m_hash_algo.empty() && !m_sig_algo.empty()) + if(m_scheme != Signature_Scheme::NONE) { - buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo)); - buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo)); + const uint16_t scheme_code = static_cast<uint16_t>(m_scheme); + buf.push_back(get_byte(0, scheme_code)); + buf.push_back(get_byte(1, scheme_code)); } const uint16_t sig_len = static_cast<uint16_t>(m_signature.size()); @@ -87,8 +87,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, policy.check_peer_key_acceptable(*key); std::pair<std::string, Signature_Format> format = - state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo, - true, policy); + state.parse_sig_format(*key.get(), m_scheme, true, policy); const bool signature_valid = state.callbacks().tls_verify_message(*key, format.first, format.second, |