diff options
| -rw-r--r-- | src/lib/tls/msg_client_kex.cpp | 11 | ||||
| -rw-r--r-- | src/lib/tls/tls_extensions.cpp | 94 | ||||
| -rw-r--r-- | src/lib/tls/tls_extensions.h | 5 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.h | 20 |
4 files changed, 16 insertions, 114 deletions
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index b94e9839e..2d0c2d019 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -115,21 +115,22 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, if(curve_type != 3) throw Decoding_Error("Server sent non-named ECC curve"); - const uint16_t curve_id = reader.get_uint16_t(); + const Group_Params curve_id = static_cast<Group_Params>(reader.get_uint16_t()); const std::vector<uint8_t> peer_public_value = reader.get_range<uint8_t>(1, 1, 255); - if(policy.choose_key_exchange_group({static_cast<Group_Params>(curve_id)}) == Group_Params::NONE) + if(policy.choose_key_exchange_group({curve_id}) != curve_id) { throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Server sent ECC curve prohibited by policy"); } - const std::string curve_name = Supported_Groups::curve_id_to_name(curve_id); + const std::string curve_name = group_param_to_string(curve_id); if(curve_name == "") - throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id)); + throw Decoding_Error("Server sent unknown named curve " + + std::to_string(static_cast<uint16_t>(curve_id))); - const std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> ecdh_result = + const std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> ecdh_result = state.callbacks().tls_ecdh_agree(curve_name, peer_public_value, policy, rng, state.server_hello()->prefers_compressed_ec_points()); diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index f796a39df..e77de9c5e 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -321,100 +321,6 @@ std::vector<Group_Params> Supported_Groups::dh_groups() const return dh; } -std::string Supported_Groups::curve_id_to_name(uint16_t id) - { - switch(id) - { - case 23: - return "secp256r1"; - case 24: - return "secp384r1"; - case 25: - return "secp521r1"; - case 26: - return "brainpool256r1"; - case 27: - return "brainpool384r1"; - case 28: - return "brainpool512r1"; - -#if defined(BOTAN_HAS_CURVE_25519) - case 29: - return "x25519"; -#endif - -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - case BOTAN_HOUSE_ECC_CURVE_TLS_ID: - return BOTAN_HOUSE_ECC_CURVE_NAME; -#endif - - case 256: - return "ffdhe/ietf/2048"; - case 257: - return "ffdhe/ietf/3072"; - case 258: - return "ffdhe/ietf/4096"; - case 259: - return "ffdhe/ietf/6144"; - case 260: - return "ffdhe/ietf/8192"; - - default: - return ""; // something we don't know or support - } - } - -uint16_t Supported_Groups::name_to_curve_id(const std::string& name) - { - if(name == "secp256r1") - return 23; - if(name == "secp384r1") - return 24; - if(name == "secp521r1") - return 25; - if(name == "brainpool256r1") - return 26; - if(name == "brainpool384r1") - return 27; - if(name == "brainpool512r1") - return 28; - -#if defined(BOTAN_HAS_CURVE_25519) - if(name == "x25519") - return 29; -#endif - -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(name == BOTAN_HOUSE_ECC_CURVE_NAME) - return BOTAN_HOUSE_ECC_CURVE_TLS_ID; -#endif - - if(name == "ffdhe/ietf/2048") - return 256; - if(name == "ffdhe/ietf/3072") - return 257; - if(name == "ffdhe/ietf/4096") - return 258; - if(name == "ffdhe/ietf/6144") - return 259; - if(name == "ffdhe/ietf/8192") - return 260; - - // Unknown/unavailable DH groups/EC curves are ignored - return 0; - } - -bool Supported_Groups::is_dh_group( const std::string& group_name ) - { - if(group_name == "ffdhe/ietf/2048" || group_name == "ffdhe/ietf/3072" - || group_name == "ffdhe/ietf/4096" || group_name == "ffdhe/ietf/6144" - || group_name == "ffdhe/ietf/8192") - { - return true; - } - return false; - } - std::vector<uint8_t> Supported_Groups::serialize() const { std::vector<uint8_t> buf(2); diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 27917a145..f87c07f2e 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -238,11 +238,6 @@ class Supported_Groups final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - static std::string curve_id_to_name(uint16_t id); - static uint16_t name_to_curve_id(const std::string& name); - - static bool is_dh_group(const std::string& group_name); - std::vector<Group_Params> ec_groups() const; std::vector<Group_Params> dh_groups() const; diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index c483770f8..615e1674b 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -376,16 +376,16 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy { return std::vector<Group_Params>({ Group_Params::BRAINPOOL512R1, - Group_Params::BRAINPOOL384R1, - Group_Params::BRAINPOOL256R1, - Group_Params::SECP384R1, - Group_Params::SECP256R1, - Group_Params::FFDHE_8192, - Group_Params::FFDHE_6144, - Group_Params::FFDHE_4096, - Group_Params::FFDHE_3072, - Group_Params::FFDHE_2048 - }); + Group_Params::BRAINPOOL384R1, + Group_Params::BRAINPOOL256R1, + Group_Params::SECP384R1, + Group_Params::SECP256R1, + Group_Params::FFDHE_8192, + Group_Params::FFDHE_6144, + Group_Params::FFDHE_4096, + Group_Params::FFDHE_3072, + Group_Params::FFDHE_2048 + }); } bool allow_insecure_renegotiation() const override { return false; } |