From b2b55e6c2fdb824f49923b60d2c3ffff8f0fb99a Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Thu, 21 Dec 2017 15:37:39 -0500
Subject: Use enums to represent TLS signature and kex algorithms.

Adds support for PSS signatures (currently verifying only).
---
 src/lib/tls/msg_cert_verify.cpp | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

(limited to 'src/lib/tls/msg_cert_verify.cpp')

diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp
index ce7a30374..8ca01043a 100644
--- a/src/lib/tls/msg_cert_verify.cpp
+++ b/src/lib/tls/msg_cert_verify.cpp
@@ -28,7 +28,7 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io,
    BOTAN_ASSERT_NONNULL(priv_key);
 
    std::pair<std::string, Signature_Format> format =
-      state.choose_sig_format(*priv_key, m_hash_algo, m_sig_algo, true, policy);
+      state.choose_sig_format(*priv_key, m_scheme, true, policy);
 
    m_signature =
       state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second,
@@ -47,8 +47,7 @@ Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf,
 
    if(version.supports_negotiable_signature_algorithms())
       {
-      m_hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte());
-      m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte());
+      m_scheme = static_cast<Signature_Scheme>(reader.get_uint16_t());
       }
 
    m_signature = reader.get_range<uint8_t>(2, 0, 65535);
@@ -61,10 +60,11 @@ std::vector<uint8_t> Certificate_Verify::serialize() const
    {
    std::vector<uint8_t> buf;
 
-   if(!m_hash_algo.empty() && !m_sig_algo.empty())
+   if(m_scheme != Signature_Scheme::NONE)
       {
-      buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo));
-      buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo));
+      const uint16_t scheme_code = static_cast<uint16_t>(m_scheme);
+      buf.push_back(get_byte(0, scheme_code));
+      buf.push_back(get_byte(1, scheme_code));
       }
 
    const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
@@ -87,8 +87,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
    policy.check_peer_key_acceptable(*key);
 
    std::pair<std::string, Signature_Format> format =
-      state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo,
-                             true, policy);
+      state.parse_sig_format(*key.get(), m_scheme, true, policy);
 
    const bool signature_valid =
       state.callbacks().tls_verify_message(*key, format.first, format.second,
-- 
cgit v1.2.3