Use enums for TLS key exchange group params

author: Jack Lloyd <[email protected]> 2018-02-08 05:21:34 -0500
committer: Jack Lloyd <[email protected]> 2018-02-13 07:48:56 -0500
commit: b558340da83e2fadc14ac25eb95d3bbac5c973a6 (patch)
tree: 82c6879e1a24849bd4132e8570cf31e7a5379429 /src/lib/tls/msg_client_kex.cpp
parent: f8744562284897c18d2c02102191a77de1a2afa0 (diff)
1 files changed, 10 insertions, 9 deletions
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index 6e767d4d6..b94e9839e 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -112,30 +112,31 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
               kex_algo == Kex_Algo::ECDHE_PSK)
          {
          const uint8_t curve_type = reader.get_byte();
-
          if(curve_type != 3)
             throw Decoding_Error("Server sent non-named ECC curve");
 
          const uint16_t curve_id = reader.get_uint16_t();
+         const std::vector<uint8_t> peer_public_value = reader.get_range<uint8_t>(1, 1, 255);
 
-         const std::string curve_name = Supported_Elliptic_Curves::curve_id_to_name(curve_id);
-
-         if(curve_name == "")
-            throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id));
-
-         if(!policy.allowed_ecc_curve(curve_name))
+         if(policy.choose_key_exchange_group({static_cast<Group_Params>(curve_id)}) == Group_Params::NONE)
             {
             throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
                                 "Server sent ECC curve prohibited by policy");
             }
 
-         const std::vector<uint8_t> peer_public_value = reader.get_range<uint8_t>(1, 1, 255);
-         const std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> ecdh_result =
+         const std::string curve_name = Supported_Groups::curve_id_to_name(curve_id);
+
+         if(curve_name == "")
+            throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id));
+
+               const std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> ecdh_result =
             state.callbacks().tls_ecdh_agree(curve_name, peer_public_value, policy, rng,
                                              state.server_hello()->prefers_compressed_ec_points());
 
          if(kex_algo == Kex_Algo::ECDH)
+            {
             m_pre_master = ecdh_result.first;
+            }
          else
             {
             append_tls_length_value(m_pre_master, ecdh_result.first, 2);
author	Jack Lloyd <[email protected]>	2018-02-08 05:21:34 -0500
committer	Jack Lloyd <[email protected]>	2018-02-13 07:48:56 -0500
commit	b558340da83e2fadc14ac25eb95d3bbac5c973a6 (patch)
tree	82c6879e1a24849bd4132e8570cf31e7a5379429 /src/lib/tls/msg_client_kex.cpp
parent	f8744562284897c18d2c02102191a77de1a2afa0 (diff)