diff options
| author | lloyd <[email protected]> | 2012-01-23 13:38:08 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-01-23 13:38:08 +0000 |
| commit | 8bba8bab6077ee184c102d6634b288e7dd32b1dc (patch) | |
| tree | 21054caf18db1077c9ab3598981bd45d318d3dea /src/tls | |
| parent | 99b96f74af6e13f99f53ecda061697da72c5d4fb (diff) | |
Remove the key() method on server key exchange - instead leave it to
the client key exchange object to interpret the message on the basis
of the chosen ciphersuite.
Diffstat (limited to 'src/tls')
| -rw-r--r-- | src/tls/c_kex.cpp | 25 | ||||
| -rw-r--r-- | src/tls/s_kex.cpp | 11 | ||||
| -rw-r--r-- | src/tls/tls_messages.h | 3 |
3 files changed, 18 insertions, 21 deletions
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index b2dd0b861..63ba6fcb7 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -48,21 +48,28 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, if(state->server_kex) { - std::auto_ptr<Public_Key> pub_key(state->server_kex->key()); + const std::vector<BigInt>& params = state->server_kex->params(); - if(pub_key->algo_name() != state->suite.kex_algo()) - throw TLS_Exception(HANDSHAKE_FAILURE, - "Server sent a " + pub_key->algo_name() + - " key but we expected " + state->suite.kex_algo()); - - if(const DH_PublicKey* dh_pub = dynamic_cast<const DH_PublicKey*>(pub_key.get())) + if(state->suite.kex_algo() == "DH") { - DH_PrivateKey priv_key(rng, dh_pub->get_domain()); + if(params.size() != 3) + throw Decoding_Error("Bad params size for DH key exchange"); + + DL_Group group(params[0], params[1]); + + if(!group.verify_group(rng, true)) + throw Internal_Error("DH group failed validation, possible attack"); + + DH_PublicKey counterparty_key(group, params[2]); + + // FIXME Check that public key is residue? + + DH_PrivateKey priv_key(rng, group); PK_Key_Agreement ka(priv_key, "Raw"); pre_master = strip_leading_zeros( - ka.derive_key(0, dh_pub->public_value()).bits_of()); + ka.derive_key(0, counterparty_key.public_value()).bits_of()); key_material = priv_key.public_value(); } diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 71e40f01c..bbad6fd83 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -118,17 +118,6 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, } /** -* Return the public key -*/ -Public_Key* Server_Key_Exchange::key() const - { - if(m_params.size() == 3) - return new DH_PublicKey(DL_Group(m_params[0], m_params[1]), m_params[2]); - else - throw Internal_Error("Server_Key_Exchange::key: No key set"); - } - -/** * Verify a Server Key Exchange message */ bool Server_Key_Exchange::verify(const X509_Certificate& cert, diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index e58a3bfbf..3579f7828 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -356,7 +356,8 @@ class Server_Key_Exchange : public Handshake_Message { public: Handshake_Type type() const { return SERVER_KEX; } - Public_Key* key() const; + + const std::vector<BigInt>& params() const { return m_params; } bool verify(const X509_Certificate& cert, TLS_Handshake_State* state) const; |