diff options
-rw-r--r-- | src/tls/cert_req.cpp | 53 | ||||
-rw-r--r-- | src/tls/tls_magic.h | 11 | ||||
-rw-r--r-- | src/tls/tls_messages.h | 4 |
3 files changed, 52 insertions, 16 deletions
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 3f70c306b..f400a36d2 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -17,6 +17,37 @@ namespace Botan { namespace TLS { +namespace { + +std::string cert_type_code_to_name(byte code) + { + switch(code) + { + case 1: + return "RSA"; + case 2: + return "DSA"; + case 64: + return "ECDSA"; + default: + return ""; // DH or something else + } + } + +byte cert_type_name_to_code(const std::string& name) + { + if(name == "RSA") + return 1; + if(name == "DSA") + return 2; + if(name == "ECDSA") + return 64; + + throw Invalid_Argument("Unknown cert type " + name); + } + +} + /** * Create a new Certificate Request message */ @@ -29,8 +60,9 @@ Certificate_Req::Certificate_Req(Record_Writer& writer, for(size_t i = 0; i != ca_certs.size(); ++i) names.push_back(ca_certs[i].subject_dn()); - cert_types.push_back(RSA_CERT); - cert_types.push_back(DSS_CERT); + cert_key_types.push_back("RSA"); + cert_key_types.push_back("DSA"); + cert_key_types.push_back("ECDSA"); if(version >= Protocol_Version::TLS_V12) { @@ -56,7 +88,17 @@ Certificate_Req::Certificate_Req(const MemoryRegion<byte>& buf, TLS_Data_Reader reader(buf); - cert_types = reader.get_range_vector<byte>(1, 1, 255); + std::vector<byte> cert_type_codes = reader.get_range_vector<byte>(1, 1, 255); + + for(size_t i = 0; i != cert_type_codes.size(); ++i) + { + const std::string cert_type_name = cert_type_code_to_name(cert_type_codes[i]); + + if(cert_type_name == "") // something we don't know + continue; + + cert_key_types.push_back(cert_type_name); + } if(version >= Protocol_Version::TLS_V12) { @@ -103,6 +145,11 @@ MemoryVector<byte> Certificate_Req::serialize() const { MemoryVector<byte> buf; + std::vector<byte> cert_types; + + for(size_t i = 0; i != cert_key_types.size(); ++i) + cert_types.push_back(cert_type_name_to_code(cert_key_types[i])); + append_tls_length_value(buf, cert_types, 1); if(!m_supported_algos.empty()) diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h index ebca860de..ff8906b86 100644 --- a/src/tls/tls_magic.h +++ b/src/tls/tls_magic.h @@ -94,17 +94,6 @@ enum Alert_Type { NULL_ALERT = 255 }; -enum Certificate_Type { - RSA_CERT = 1, - DSS_CERT = 2, - DH_RSA_CERT = 3, - DH_DSS_CERT = 4, - - ECDSA_CERT = 64, - ECDH_RSA_CERT = 65, - ECDH_ECDSA_CERT = 66 -}; - enum Ciphersuite_Code { TLS_RSA_WITH_RC4_128_MD5 = 0x0004, TLS_RSA_WITH_RC4_128_SHA = 0x0005, diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 33cd9e493..b5a651e7d 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -260,7 +260,7 @@ class Certificate_Req : public Handshake_Message public: Handshake_Type type() const { return CERTIFICATE_REQUEST; } - std::vector<byte> acceptable_types() const { return cert_types; } + std::vector<std::string> acceptable_keys() const { return cert_key_types; } std::vector<X509_DN> acceptable_CAs() const { return names; } std::vector<std::pair<std::string, std::string> > supported_algos() const @@ -278,7 +278,7 @@ class Certificate_Req : public Handshake_Message MemoryVector<byte> serialize() const; std::vector<X509_DN> names; - std::vector<byte> cert_types; + std::vector<std::string> cert_key_types; std::vector<std::pair<std::string, std::string> > m_supported_algos; }; |