aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/msg_client_kex.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/tls/msg_client_kex.cpp')
-rw-r--r--src/lib/tls/msg_client_kex.cpp50
1 files changed, 28 insertions, 22 deletions
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index 0ff99462c..6e767d4d6 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -42,9 +42,9 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
const std::string& hostname,
RandomNumberGenerator& rng)
{
- const std::string kex_algo = state.ciphersuite().kex_algo();
+ const Kex_Algo kex_algo = state.ciphersuite().kex_method();
- if(kex_algo == "PSK")
+ if(kex_algo == Kex_Algo::PSK)
{
std::string identity_hint = "";
@@ -72,7 +72,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
SymmetricKey psk;
- if(kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK")
+ if(kex_algo == Kex_Algo::DHE_PSK ||
+ kex_algo == Kex_Algo::ECDHE_PSK)
{
std::string identity_hint = reader.get_string(2, 0, 65535);
@@ -84,7 +85,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
psk = creds.psk("tls-client", hostname, psk_identity);
}
- if(kex_algo == "DH" || kex_algo == "DHE_PSK")
+ if(kex_algo == Kex_Algo::DH ||
+ kex_algo == Kex_Algo::DHE_PSK)
{
const std::vector<uint8_t> modulus = reader.get_range<uint8_t>(2, 1, 65535);
const std::vector<uint8_t> generator = reader.get_range<uint8_t>(2, 1, 65535);
@@ -96,7 +98,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
const std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> dh_result =
state.callbacks().tls_dh_agree(modulus, generator, peer_public_value, policy, rng);
- if(kex_algo == "DH")
+ if(kex_algo == Kex_Algo::DH)
m_pre_master = dh_result.first;
else
{
@@ -106,7 +108,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
append_tls_length_value(m_key_material, dh_result.second, 2);
}
- else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK")
+ else if(kex_algo == Kex_Algo::ECDH ||
+ kex_algo == Kex_Algo::ECDHE_PSK)
{
const uint8_t curve_type = reader.get_byte();
@@ -131,7 +134,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
state.callbacks().tls_ecdh_agree(curve_name, peer_public_value, policy, rng,
state.server_hello()->prefers_compressed_ec_points());
- if(kex_algo == "ECDH")
+ if(kex_algo == Kex_Algo::ECDH)
m_pre_master = ecdh_result.first;
else
{
@@ -142,7 +145,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
append_tls_length_value(m_key_material, ecdh_result.second, 1);
}
#if defined(BOTAN_HAS_SRP6)
- else if(kex_algo == "SRP_SHA")
+ else if(kex_algo == Kex_Algo::SRP_SHA)
{
const BigInt N = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535));
const BigInt g = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535));
@@ -172,7 +175,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
#endif
#if defined(BOTAN_HAS_CECPQ1)
- else if(kex_algo == "CECPQ1")
+ else if(kex_algo == Kex_Algo::CECPQ1)
{
const std::vector<uint8_t> cecpq1_offer = reader.get_range<uint8_t>(2, 1, 65535);
@@ -188,7 +191,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
#endif
else
{
- throw Internal_Error("Client_Key_Exchange: Unknown kex " + kex_algo);
+ throw Internal_Error("Client_Key_Exchange: Unknown key exchange method was negotiated");
}
reader.assert_done();
@@ -197,8 +200,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
{
// No server key exchange msg better mean RSA kex + RSA key in cert
- if(kex_algo != "RSA")
- throw Unexpected_Message("No server kex but negotiated kex " + kex_algo);
+ if(kex_algo != Kex_Algo::STATIC_RSA)
+ throw Unexpected_Message("No server kex message, but negotiated a key exchange that required it");
if(!server_public_key)
throw Internal_Error("No server public key for RSA exchange");
@@ -236,9 +239,9 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
const Policy& policy,
RandomNumberGenerator& rng)
{
- const std::string kex_algo = state.ciphersuite().kex_algo();
+ const Kex_Algo kex_algo = state.ciphersuite().kex_method();
- if(kex_algo == "RSA")
+ if(kex_algo == Kex_Algo::STATIC_RSA)
{
BOTAN_ASSERT(state.server_certs() && !state.server_certs()->cert_chain().empty(),
"RSA key exchange negotiated so server sent a certificate");
@@ -283,7 +286,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
SymmetricKey psk;
- if(kex_algo == "PSK" || kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK")
+ if(key_exchange_is_psk(kex_algo))
{
const std::string psk_identity = reader.get_string(2, 0, 65535);
@@ -301,14 +304,14 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
}
}
- if(kex_algo == "PSK")
+ if(kex_algo == Kex_Algo::PSK)
{
std::vector<uint8_t> zeros(psk.length());
append_tls_length_value(m_pre_master, zeros, 2);
append_tls_length_value(m_pre_master, psk.bits_of(), 2);
}
#if defined(BOTAN_HAS_SRP6)
- else if(kex_algo == "SRP_SHA")
+ else if(kex_algo == Kex_Algo::SRP_SHA)
{
SRP6_Server_Session& srp = state.server_kex()->server_srp_params();
@@ -316,7 +319,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
}
#endif
#if defined(BOTAN_HAS_CECPQ1)
- else if(kex_algo == "CECPQ1")
+ else if(kex_algo == Kex_Algo::CECPQ1)
{
const CECPQ1_key& cecpq1_offer = state.server_kex()->cecpq1_key();
@@ -328,8 +331,10 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
CECPQ1_finish(m_pre_master.data(), cecpq1_offer, cecpq1_accept.data());
}
#endif
- else if(kex_algo == "DH" || kex_algo == "DHE_PSK" ||
- kex_algo == "ECDH" || kex_algo == "ECDHE_PSK")
+ else if(kex_algo == Kex_Algo::DH ||
+ kex_algo == Kex_Algo::DHE_PSK ||
+ kex_algo == Kex_Algo::ECDH ||
+ kex_algo == Kex_Algo::ECDHE_PSK)
{
const Private_Key& private_key = state.server_kex()->server_kex_key();
@@ -360,7 +365,8 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
if(ka_key->algo_name() == "DH")
shared_secret = CT::strip_leading_zeros(shared_secret);
- if(kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK")
+ if(kex_algo == Kex_Algo::DHE_PSK ||
+ kex_algo == Kex_Algo::ECDHE_PSK)
{
append_tls_length_value(m_pre_master, shared_secret, 2);
append_tls_length_value(m_pre_master, psk.bits_of(), 2);
@@ -380,7 +386,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
}
}
else
- throw Internal_Error("Client_Key_Exchange: Unknown kex type " + kex_algo);
+ throw Internal_Error("Client_Key_Exchange: Unknown key exchange negotiated");
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-21 02:06:14 +0000