aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/cert_ver.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-19 15:03:07 +0000
committerlloyd <[email protected]>2012-01-19 15:03:07 +0000
commit30104a60568b392886c1d717a7ca006378552e4d (patch)
tree2ad36cb3d8ced600d15a85f38ae2f7d9e7a32698 /src/tls/cert_ver.cpp
parentb899ee14925310574da400c2af0f491f8cd2a103 (diff)
I'm not sure if I like this asthetically, but passing around the
entire handshake state in many cases makes things simpler to update, in that each message type already knows what it needs depending on the version, params, etc, and this way a) that knowledge doesn't need to percolate up the the actual client and server handshake code and b) each message type can be updated for new formats/version without having to change its callers. Downside is it hides the dependency information away, and makes it non-obvious what needs to be created beforehand for each message to work correctly. However this is (almost) entirely predicated on the handshake message flows, and these we control with the next expected message scheme, so this should be fairly safe to do. This checkin only updates the ones where it was immediately relevant but for consistency probably all of them should be updated in the same way.
Diffstat (limited to 'src/tls/cert_ver.cpp')
-rw-r--r--src/tls/cert_ver.cpp80
1 files changed, 21 insertions, 59 deletions
diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp
index 3463a82ee..81d529e88 100644
--- a/src/tls/cert_ver.cpp
+++ b/src/tls/cert_ver.cpp
@@ -21,56 +21,36 @@ namespace Botan {
* Create a new Certificate Verify message
*/
Certificate_Verify::Certificate_Verify(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ TLS_Handshake_State* state,
RandomNumberGenerator& rng,
- Version_Code version,
- const SecureVector<byte>& master_secret,
const Private_Key* priv_key)
{
BOTAN_ASSERT_NONNULL(priv_key);
- std::string padding = "";
- Signature_Format format = IEEE_1363;
+ std::pair<std::string, Signature_Format> format =
+ state->choose_sig_format(priv_key, true);
- if(priv_key->algo_name() == "RSA")
- {
- if(version == SSL_V3)
- padding = "EMSA3(Raw)";
- else
- padding = "EMSA3(TLS.Digest.0)";
- }
- else if(priv_key->algo_name() == "DSA")
- {
- if(version == SSL_V3)
- padding = "Raw";
- else
- padding = "EMSA1(SHA-1)";
- format = DER_SEQUENCE;
- }
- else
- throw Invalid_Argument(priv_key->algo_name() +
- " is invalid/unknown for TLS signatures");
+ PK_Signer signer(*priv_key, format.first, format.second);
- PK_Signer signer(*priv_key, padding, format);
-
- if(version == SSL_V3)
+ if(state->version == SSL_V3)
{
- SecureVector<byte> md5_sha = hash.final_ssl3(master_secret);
+ SecureVector<byte> md5_sha = state->hash.final_ssl3(
+ state->keys.master_secret());
if(priv_key->algo_name() == "DSA")
signature = signer.sign_message(&md5_sha[16], md5_sha.size()-16, rng);
else
signature = signer.sign_message(md5_sha, rng);
}
- else if(version == TLS_V10 || version == TLS_V11)
+ else if(state->version == TLS_V10 || state->version == TLS_V11)
{
- signature = signer.sign_message(hash.get_contents(), rng);
+ signature = signer.sign_message(state->hash.get_contents(), rng);
}
else
throw TLS_Exception(PROTOCOL_VERSION,
"Unknown TLS version in certificate verification");
- send(writer, hash);
+ send(writer, state->hash);
}
/*
@@ -101,45 +81,27 @@ void Certificate_Verify::deserialize(const MemoryRegion<byte>& buf)
* Verify a Certificate Verify message
*/
bool Certificate_Verify::verify(const X509_Certificate& cert,
- TLS_Handshake_Hash& hash,
- Version_Code version,
- const SecureVector<byte>& master_secret)
+ TLS_Handshake_State* state)
{
std::auto_ptr<Public_Key> key(cert.subject_public_key());
- std::string padding = "";
- Signature_Format format = IEEE_1363;
-
- if(key->algo_name() == "RSA")
- {
- if(version == SSL_V3)
- padding = "EMSA3(Raw)";
- else
- padding = "EMSA3(TLS.Digest.0)";
- }
- else if(key->algo_name() == "DSA")
- {
- if(version == SSL_V3)
- padding = "Raw";
- else
- padding = "EMSA1(SHA-1)";
- format = DER_SEQUENCE;
- }
- else
- throw Invalid_Argument(key->algo_name() +
- " is invalid/unknown for TLS signatures");
+ std::pair<std::string, Signature_Format> format =
+ state->choose_sig_format(key.get(), true);
- PK_Verifier verifier(*key, padding, format);
+ PK_Verifier verifier(*key, format.first, format.second);
- if(version == SSL_V3)
+ if(state->version == SSL_V3)
{
- SecureVector<byte> md5_sha = hash.final_ssl3(master_secret);
+ SecureVector<byte> md5_sha = state->hash.final_ssl3(
+ state->keys.master_secret());
return verifier.verify_message(&md5_sha[16], md5_sha.size()-16,
&signature[0], signature.size());
}
- else if(version == TLS_V10 || version == TLS_V11)
- return verifier.verify_message(hash.get_contents(), signature);
+ else if(state->version == TLS_V10 || state->version == TLS_V11)
+ {
+ return verifier.verify_message(state->hash.get_contents(), signature);
+ }
else
throw TLS_Exception(PROTOCOL_VERSION,
"Unknown TLS version in certificate verification");