From a4124ddf481bfc56859007b34dea646ecb7f8a25 Mon Sep 17 00:00:00 2001 From: lloyd Date: Mon, 11 Jan 2010 22:57:21 +0000 Subject: Import latest version of Ajisai into src/ssl; once this hits mainline I'll officially kill off Ajisai (instead of it just lingering as a zombine as it is currently). Apparently I broke something (or multiple things) during the import process; servers crash and clients gets MAC errors on connect. --- src/ssl/cert_ver.cpp | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 src/ssl/cert_ver.cpp (limited to 'src/ssl/cert_ver.cpp') diff --git a/src/ssl/cert_ver.cpp b/src/ssl/cert_ver.cpp new file mode 100644 index 000000000..3ea6db685 --- /dev/null +++ b/src/ssl/cert_ver.cpp @@ -0,0 +1,109 @@ +/** +* Certificate Verify Message Source File +* (C) 2004-2006 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#include +#include +#include +#include +#include +#include + +namespace Botan { + +/** +* Create a new Certificate Verify message +*/ +Certificate_Verify::Certificate_Verify(RandomNumberGenerator& rng, + Record_Writer& writer, + HandshakeHash& hash, + const PKCS8_PrivateKey* priv_key) + { + const PK_Signing_Key* sign_key = + dynamic_cast(priv_key); + + if(sign_key) + { + PK_Signer* signer = 0; + try + { + if(dynamic_cast(sign_key)) + signer = get_pk_signer(*sign_key, "EMSA3(TLS.Digest.0)"); + else if(dynamic_cast(sign_key)) + signer = get_pk_signer(*sign_key, "EMSA1(SHA-1)"); + else + throw Invalid_Argument("Unknown PK algo for TLS signature"); + + signature = signer->sign_message(hash.final(), rng); + delete signer; + } + catch(...) + { + delete signer; + throw; + } + + send(writer, hash); + } + } + +/** +* Serialize a Certificate Verify message +*/ +SecureVector Certificate_Verify::serialize() const + { + SecureVector buf; + + u16bit sig_len = signature.size(); + buf.append(get_byte(0, sig_len)); + buf.append(get_byte(1, sig_len)); + buf.append(signature); + + return buf; + } + +/** +* Deserialize a Certificate Verify message +*/ +void Certificate_Verify::deserialize(const MemoryRegion& buf) + { + if(buf.size() < 2) + throw Decoding_Error("Certificate_Verify: Corrupted packet"); + + u32bit sig_len = make_u16bit(buf[0], buf[1]); + if(buf.size() != 2 + sig_len) + throw Decoding_Error("Certificate_Verify: Corrupted packet"); + + signature.set(buf + 2, sig_len); + } + +/** +* Verify a Certificate Verify message +*/ +bool Certificate_Verify::verify(const X509_Certificate& cert, + HandshakeHash& hash) + { + // FIXME: duplicate of Server_Key_Exchange::verify + + std::auto_ptr key(cert.subject_public_key()); + + DSA_PublicKey* dsa_pub = dynamic_cast(key.get()); + RSA_PublicKey* rsa_pub = dynamic_cast(key.get()); + + std::auto_ptr verifier; + + if(dsa_pub) + verifier.reset(get_pk_verifier(*dsa_pub, "EMSA1(SHA-1)", DER_SEQUENCE)); + else if(rsa_pub) + verifier.reset(get_pk_verifier(*rsa_pub, "EMSA3(TLS.Digest.0)")); + else + throw Invalid_Argument("Client did not provide a RSA/DSA cert"); + + // FIXME: WRONG + return verifier->verify_message(hash.final(), signature); + } + +} -- cgit v1.2.3