/src/botan/src/lib/tls/tls_handshake_state.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS Handshaking |
3 | | * (C) 2004-2006,2011,2012,2015,2016 Jack Lloyd |
4 | | * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/tls_handshake_state.h> |
10 | | #include <botan/internal/tls_record.h> |
11 | | #include <botan/tls_messages.h> |
12 | | #include <botan/kdf.h> |
13 | | #include <sstream> |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | namespace TLS { |
18 | | |
19 | | std::string Handshake_Message::type_string() const |
20 | 0 | { |
21 | 0 | return handshake_type_to_string(type()); |
22 | 0 | } |
23 | | |
24 | | const char* handshake_type_to_string(Handshake_Type type) |
25 | 780 | { |
26 | 780 | switch(type) |
27 | 780 | { |
28 | 15 | case HELLO_VERIFY_REQUEST: |
29 | 15 | return "hello_verify_request"; |
30 | 0 | |
31 | 99 | case HELLO_REQUEST: |
32 | 99 | return "hello_request"; |
33 | 0 | |
34 | 172 | case CLIENT_HELLO: |
35 | 172 | return "client_hello"; |
36 | 0 | |
37 | 94 | case SERVER_HELLO: |
38 | 94 | return "server_hello"; |
39 | 0 | |
40 | 19 | case CERTIFICATE: |
41 | 19 | return "certificate"; |
42 | 0 | |
43 | 27 | case CERTIFICATE_URL: |
44 | 27 | return "certificate_url"; |
45 | 0 | |
46 | 8 | case CERTIFICATE_STATUS: |
47 | 8 | return "certificate_status"; |
48 | 0 | |
49 | 29 | case SERVER_KEX: |
50 | 29 | return "server_key_exchange"; |
51 | 0 | |
52 | 10 | case CERTIFICATE_REQUEST: |
53 | 10 | return "certificate_request"; |
54 | 0 | |
55 | 42 | case SERVER_HELLO_DONE: |
56 | 42 | return "server_hello_done"; |
57 | 0 | |
58 | 5 | case CERTIFICATE_VERIFY: |
59 | 5 | return "certificate_verify"; |
60 | 0 | |
61 | 93 | case CLIENT_KEX: |
62 | 93 | return "client_key_exchange"; |
63 | 0 | |
64 | 12 | case NEW_SESSION_TICKET: |
65 | 12 | return "new_session_ticket"; |
66 | 0 | |
67 | 116 | case HANDSHAKE_CCS: |
68 | 116 | return "change_cipher_spec"; |
69 | 0 | |
70 | 39 | case FINISHED: |
71 | 39 | return "finished"; |
72 | 0 | |
73 | 0 | case HANDSHAKE_NONE: |
74 | 0 | return "invalid"; |
75 | 0 | } |
76 | 0 | |
77 | 0 | throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, |
78 | 0 | "Unknown TLS handshake message type " + std::to_string(type)); |
79 | 0 | } |
80 | | |
81 | | namespace { |
82 | | |
83 | | uint32_t bitmask_for_handshake_type(Handshake_Type type) |
84 | 310k | { |
85 | 310k | switch(type) |
86 | 310k | { |
87 | 391 | case HELLO_VERIFY_REQUEST: |
88 | 391 | return (1 << 0); |
89 | 0 | |
90 | 475 | case HELLO_REQUEST: |
91 | 475 | return (1 << 1); |
92 | 0 | |
93 | 72.2k | case CLIENT_HELLO: |
94 | 72.2k | return (1 << 2); |
95 | 0 | |
96 | 11.2k | case SERVER_HELLO: |
97 | 11.2k | return (1 << 3); |
98 | 0 | |
99 | 21.2k | case CERTIFICATE: |
100 | 21.2k | return (1 << 4); |
101 | 0 | |
102 | 403 | case CERTIFICATE_URL: |
103 | 403 | return (1 << 5); |
104 | 0 | |
105 | 514 | case CERTIFICATE_STATUS: |
106 | 514 | return (1 << 6); |
107 | 0 | |
108 | 2.86k | case SERVER_KEX: |
109 | 2.86k | return (1 << 7); |
110 | 0 | |
111 | 3.35k | case CERTIFICATE_REQUEST: |
112 | 3.35k | return (1 << 8); |
113 | 0 | |
114 | 3.17k | case SERVER_HELLO_DONE: |
115 | 3.17k | return (1 << 9); |
116 | 0 | |
117 | 381 | case CERTIFICATE_VERIFY: |
118 | 381 | return (1 << 10); |
119 | 0 | |
120 | 39.2k | case CLIENT_KEX: |
121 | 39.2k | return (1 << 11); |
122 | 0 | |
123 | 447 | case NEW_SESSION_TICKET: |
124 | 447 | return (1 << 12); |
125 | 0 | |
126 | 151k | case HANDSHAKE_CCS: |
127 | 151k | return (1 << 13); |
128 | 0 | |
129 | 2.26k | case FINISHED: |
130 | 2.26k | return (1 << 14); |
131 | 0 | |
132 | 0 | // allow explicitly disabling new handshakes |
133 | 416 | case HANDSHAKE_NONE: |
134 | 416 | return 0; |
135 | 62 | } |
136 | 62 | |
137 | 62 | throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, |
138 | 62 | "Unknown TLS handshake message type " + std::to_string(type)); |
139 | 62 | } |
140 | | |
141 | | std::string handshake_mask_to_string(uint32_t mask, char combiner) |
142 | 376 | { |
143 | 376 | const Handshake_Type types[] = { |
144 | 376 | HELLO_VERIFY_REQUEST, |
145 | 376 | HELLO_REQUEST, |
146 | 376 | CLIENT_HELLO, |
147 | 376 | SERVER_HELLO, |
148 | 376 | CERTIFICATE, |
149 | 376 | CERTIFICATE_URL, |
150 | 376 | CERTIFICATE_STATUS, |
151 | 376 | SERVER_KEX, |
152 | 376 | CERTIFICATE_REQUEST, |
153 | 376 | SERVER_HELLO_DONE, |
154 | 376 | CERTIFICATE_VERIFY, |
155 | 376 | CLIENT_KEX, |
156 | 376 | NEW_SESSION_TICKET, |
157 | 376 | HANDSHAKE_CCS, |
158 | 376 | FINISHED |
159 | 376 | }; |
160 | 376 | |
161 | 376 | std::ostringstream o; |
162 | 376 | bool empty = true; |
163 | 376 | |
164 | 376 | for(auto&& t : types) |
165 | 5.64k | { |
166 | 5.64k | if(mask & bitmask_for_handshake_type(t)) |
167 | 506 | { |
168 | 506 | if(!empty) |
169 | 130 | o << combiner; |
170 | 506 | o << handshake_type_to_string(t); |
171 | 506 | empty = false; |
172 | 506 | } |
173 | 5.64k | } |
174 | 376 | |
175 | 376 | return o.str(); |
176 | 376 | } |
177 | | |
178 | | } |
179 | | |
180 | | /* |
181 | | * Initialize the SSL/TLS Handshake State |
182 | | */ |
183 | | Handshake_State::Handshake_State(Handshake_IO* io, Callbacks& cb) : |
184 | | m_callbacks(cb), |
185 | | m_handshake_io(io), |
186 | | m_version(m_handshake_io->initial_record_version()) |
187 | 47.5k | { |
188 | 47.5k | } |
189 | | |
190 | | void Handshake_State::note_message(const Handshake_Message& msg) |
191 | 135k | { |
192 | 135k | m_callbacks.tls_inspect_handshake_msg(msg); |
193 | 135k | } |
194 | | |
195 | | void Handshake_State::hello_verify_request(const Hello_Verify_Request& hello_verify) |
196 | 0 | { |
197 | 0 | note_message(hello_verify); |
198 | 0 |
|
199 | 0 | m_client_hello->update_hello_cookie(hello_verify); |
200 | 0 | hash().reset(); |
201 | 0 | hash().update(handshake_io().send(*m_client_hello)); |
202 | 0 | note_message(*m_client_hello); |
203 | 0 | } |
204 | | |
205 | | void Handshake_State::client_hello(Client_Hello* client_hello) |
206 | 43.8k | { |
207 | 43.8k | if(client_hello == nullptr) |
208 | 6.67k | { |
209 | 6.67k | m_client_hello.reset(); |
210 | 6.67k | hash().reset(); |
211 | 6.67k | } |
212 | 37.2k | else |
213 | 37.2k | { |
214 | 37.2k | m_client_hello.reset(client_hello); |
215 | 37.2k | note_message(*m_client_hello); |
216 | 37.2k | } |
217 | 43.8k | } |
218 | | |
219 | | void Handshake_State::server_hello(Server_Hello* server_hello) |
220 | 28.9k | { |
221 | 28.9k | m_server_hello.reset(server_hello); |
222 | 28.9k | m_ciphersuite = Ciphersuite::by_id(m_server_hello->ciphersuite()); |
223 | 28.9k | note_message(*m_server_hello); |
224 | 28.9k | } |
225 | | |
226 | | void Handshake_State::server_certs(Certificate* server_certs) |
227 | 1.60k | { |
228 | 1.60k | m_server_certs.reset(server_certs); |
229 | 1.60k | note_message(*m_server_certs); |
230 | 1.60k | } |
231 | | |
232 | | void Handshake_State::server_cert_status(Certificate_Status* server_cert_status) |
233 | 1 | { |
234 | 1 | m_server_cert_status.reset(server_cert_status); |
235 | 1 | note_message(*m_server_cert_status); |
236 | 1 | } |
237 | | |
238 | | void Handshake_State::server_kex(Server_Key_Exchange* server_kex) |
239 | 25.0k | { |
240 | 25.0k | m_server_kex.reset(server_kex); |
241 | 25.0k | note_message(*m_server_kex); |
242 | 25.0k | } |
243 | | |
244 | | void Handshake_State::cert_req(Certificate_Req* cert_req) |
245 | 12 | { |
246 | 12 | m_cert_req.reset(cert_req); |
247 | 12 | note_message(*m_cert_req); |
248 | 12 | } |
249 | | |
250 | | void Handshake_State::server_hello_done(Server_Hello_Done* server_hello_done) |
251 | 25.4k | { |
252 | 25.4k | m_server_hello_done.reset(server_hello_done); |
253 | 25.4k | note_message(*m_server_hello_done); |
254 | 25.4k | } |
255 | | |
256 | | void Handshake_State::client_certs(Certificate* client_certs) |
257 | 7 | { |
258 | 7 | m_client_certs.reset(client_certs); |
259 | 7 | note_message(*m_client_certs); |
260 | 7 | } |
261 | | |
262 | | void Handshake_State::client_kex(Client_Key_Exchange* client_kex) |
263 | 14.8k | { |
264 | 14.8k | m_client_kex.reset(client_kex); |
265 | 14.8k | note_message(*m_client_kex); |
266 | 14.8k | } |
267 | | |
268 | | void Handshake_State::client_verify(Certificate_Verify* client_verify) |
269 | 0 | { |
270 | 0 | m_client_verify.reset(client_verify); |
271 | 0 | note_message(*m_client_verify); |
272 | 0 | } |
273 | | |
274 | | void Handshake_State::new_session_ticket(New_Session_Ticket* new_session_ticket) |
275 | 291 | { |
276 | 291 | m_new_session_ticket.reset(new_session_ticket); |
277 | 291 | note_message(*m_new_session_ticket); |
278 | 291 | } |
279 | | |
280 | | void Handshake_State::server_finished(Finished* server_finished) |
281 | 516 | { |
282 | 516 | m_server_finished.reset(server_finished); |
283 | 516 | note_message(*m_server_finished); |
284 | 516 | } |
285 | | |
286 | | void Handshake_State::client_finished(Finished* client_finished) |
287 | 1.31k | { |
288 | 1.31k | m_client_finished.reset(client_finished); |
289 | 1.31k | note_message(*m_client_finished); |
290 | 1.31k | } |
291 | | |
292 | | void Handshake_State::set_version(const Protocol_Version& version) |
293 | 35.8k | { |
294 | 35.8k | m_version = version; |
295 | 35.8k | } |
296 | | |
297 | | void Handshake_State::compute_session_keys() |
298 | 14.8k | { |
299 | 14.8k | m_session_keys = Session_Keys(this, client_kex()->pre_master_secret(), false); |
300 | 14.8k | } |
301 | | |
302 | | void Handshake_State::compute_session_keys(const secure_vector<uint8_t>& resume_master_secret) |
303 | 0 | { |
304 | 0 | m_session_keys = Session_Keys(this, resume_master_secret, true); |
305 | 0 | } |
306 | | |
307 | | void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) |
308 | 59.2k | { |
309 | 59.2k | const uint32_t mask = bitmask_for_handshake_type(handshake_msg); |
310 | 59.2k | |
311 | 59.2k | m_hand_received_mask |= mask; |
312 | 59.2k | |
313 | 59.2k | const bool ok = (m_hand_expecting_mask & mask) != 0; // overlap? |
314 | 59.2k | |
315 | 59.2k | if(!ok) |
316 | 274 | { |
317 | 274 | const uint32_t seen_so_far = m_hand_received_mask & ~mask; |
318 | 274 | |
319 | 274 | std::ostringstream msg; |
320 | 274 | |
321 | 274 | msg << "Unexpected state transition in handshake got a " << handshake_type_to_string(handshake_msg); |
322 | 274 | |
323 | 274 | if(m_hand_expecting_mask == 0) |
324 | 27 | msg << " not expecting messages"; |
325 | 247 | else |
326 | 247 | msg << " expected " << handshake_mask_to_string(m_hand_expecting_mask, '|'); |
327 | 274 | |
328 | 274 | if(seen_so_far != 0) |
329 | 129 | msg << " seen " << handshake_mask_to_string(seen_so_far, '+'); |
330 | 274 | |
331 | 274 | throw Unexpected_Message(msg.str()); |
332 | 274 | } |
333 | 58.9k | |
334 | 58.9k | /* We don't know what to expect next, so force a call to |
335 | 58.9k | set_expected_next; if it doesn't happen, the next transition |
336 | 58.9k | check will always fail which is what we want. |
337 | 58.9k | */ |
338 | 58.9k | m_hand_expecting_mask = 0; |
339 | 58.9k | } |
340 | | |
341 | | void Handshake_State::set_expected_next(Handshake_Type handshake_msg) |
342 | 94.3k | { |
343 | 94.3k | m_hand_expecting_mask |= bitmask_for_handshake_type(handshake_msg); |
344 | 94.3k | } |
345 | | |
346 | | bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const |
347 | 16.5k | { |
348 | 16.5k | const uint32_t mask = bitmask_for_handshake_type(handshake_msg); |
349 | 16.5k | |
350 | 16.5k | return (m_hand_received_mask & mask) != 0; |
351 | 16.5k | } |
352 | | |
353 | | std::pair<Handshake_Type, std::vector<uint8_t>> |
354 | | Handshake_State::get_next_handshake_msg() |
355 | 134k | { |
356 | 134k | const bool expecting_ccs = |
357 | 134k | (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask) != 0; |
358 | 134k | |
359 | 134k | return m_handshake_io->get_next_record(expecting_ccs); |
360 | 134k | } |
361 | | |
362 | | std::string Handshake_State::srp_identifier() const |
363 | 416 | { |
364 | 416 | #if defined(BOTAN_HAS_SRP6) |
365 | 416 | // Authenticated via the successful key exchange |
366 | 416 | if(ciphersuite().valid() && ciphersuite().kex_method() == Kex_Algo::SRP_SHA) |
367 | 0 | return client_hello()->srp_identifier(); |
368 | 416 | #endif |
369 | 416 | |
370 | 416 | return ""; |
371 | 416 | } |
372 | | |
373 | | |
374 | | std::vector<uint8_t> Handshake_State::session_ticket() const |
375 | 100 | { |
376 | 100 | if(new_session_ticket() && !new_session_ticket()->ticket().empty()) |
377 | 0 | return new_session_ticket()->ticket(); |
378 | 100 | |
379 | 100 | return client_hello()->session_ticket(); |
380 | 100 | } |
381 | | |
382 | | KDF* Handshake_State::protocol_specific_prf() const |
383 | 16.7k | { |
384 | 16.7k | if(version().supports_ciphersuite_specific_prf()) |
385 | 16.7k | { |
386 | 16.7k | const std::string prf_algo = ciphersuite().prf_algo(); |
387 | 16.7k | |
388 | 16.7k | if(prf_algo == "MD5" || prf_algo == "SHA-1") |
389 | 5.00k | return get_kdf("TLS-12-PRF(SHA-256)"); |
390 | 11.6k | |
391 | 11.6k | return get_kdf("TLS-12-PRF(" + prf_algo + ")"); |
392 | 11.6k | } |
393 | 0 | |
394 | 0 | // Old PRF used in TLS v1.0, v1.1 and DTLS v1.0 |
395 | 0 | return get_kdf("TLS-PRF"); |
396 | 0 | } |
397 | | |
398 | | std::pair<std::string, Signature_Format> |
399 | | Handshake_State::choose_sig_format(const Private_Key& key, |
400 | | Signature_Scheme& chosen_scheme, |
401 | | bool for_client_auth, |
402 | | const Policy& policy) const |
403 | 0 | { |
404 | 0 | const std::string sig_algo = key.algo_name(); |
405 | 0 |
|
406 | 0 | if(this->version().supports_negotiable_signature_algorithms()) |
407 | 0 | { |
408 | 0 | const std::vector<Signature_Scheme> allowed = policy.allowed_signature_schemes(); |
409 | 0 |
|
410 | 0 | std::vector<Signature_Scheme> requested = |
411 | 0 | (for_client_auth) ? cert_req()->signature_schemes() : client_hello()->signature_schemes(); |
412 | 0 |
|
413 | 0 | if(requested.empty()) |
414 | 0 | { |
415 | 0 | // Implicit SHA-1 |
416 | 0 | requested.push_back(Signature_Scheme::RSA_PKCS1_SHA1); |
417 | 0 | requested.push_back(Signature_Scheme::ECDSA_SHA1); |
418 | 0 | requested.push_back(Signature_Scheme::DSA_SHA1); |
419 | 0 | } |
420 | 0 |
|
421 | 0 | for(Signature_Scheme scheme : allowed) |
422 | 0 | { |
423 | 0 | if(signature_scheme_is_known(scheme) == false) |
424 | 0 | { |
425 | 0 | continue; |
426 | 0 | } |
427 | 0 | |
428 | 0 | if(signature_algorithm_of_scheme(scheme) == sig_algo) |
429 | 0 | { |
430 | 0 | if(std::find(requested.begin(), requested.end(), scheme) != requested.end()) |
431 | 0 | { |
432 | 0 | chosen_scheme = scheme; |
433 | 0 | break; |
434 | 0 | } |
435 | 0 | } |
436 | 0 | } |
437 | 0 |
|
438 | 0 | const std::string hash = hash_function_of_scheme(chosen_scheme); |
439 | 0 |
|
440 | 0 | if(!policy.allowed_signature_hash(hash)) |
441 | 0 | { |
442 | 0 | throw TLS_Exception(Alert::HANDSHAKE_FAILURE, |
443 | 0 | "Policy refuses to accept signing with any hash supported by peer"); |
444 | 0 | } |
445 | 0 | |
446 | 0 | if(sig_algo == "RSA") |
447 | 0 | { |
448 | 0 | return std::make_pair(padding_string_for_scheme(chosen_scheme), IEEE_1363); |
449 | 0 | } |
450 | 0 | else if(sig_algo == "DSA" || sig_algo == "ECDSA") |
451 | 0 | { |
452 | 0 | return std::make_pair(padding_string_for_scheme(chosen_scheme), DER_SEQUENCE); |
453 | 0 | } |
454 | 0 | } |
455 | 0 | else |
456 | 0 | { |
457 | 0 | if(sig_algo == "RSA") |
458 | 0 | { |
459 | 0 | const std::string padding = "PKCS1v15(Parallel(MD5,SHA-160))"; |
460 | 0 | return std::make_pair(padding, IEEE_1363); |
461 | 0 | } |
462 | 0 | else if(sig_algo == "DSA" || sig_algo == "ECDSA") |
463 | 0 | { |
464 | 0 | const std::string padding = "EMSA1(SHA-1)"; |
465 | 0 | return std::make_pair(padding, DER_SEQUENCE); |
466 | 0 | } |
467 | 0 | } |
468 | 0 | |
469 | 0 | throw Invalid_Argument(sig_algo + " is invalid/unknown for TLS signatures"); |
470 | 0 | } |
471 | | |
472 | | namespace { |
473 | | |
474 | | bool supported_algos_include( |
475 | | const std::vector<Signature_Scheme>& schemes, |
476 | | const std::string& key_type, |
477 | | const std::string& hash_type) |
478 | 297 | { |
479 | 297 | for(Signature_Scheme scheme : schemes) |
480 | 2.30k | { |
481 | 2.30k | if(signature_scheme_is_known(scheme) && |
482 | 2.30k | hash_function_of_scheme(scheme) == hash_type && |
483 | 2.30k | signature_algorithm_of_scheme(scheme) == key_type) |
484 | 295 | { |
485 | 295 | return true; |
486 | 295 | } |
487 | 2.30k | } |
488 | 297 | |
489 | 297 | return false; |
490 | 297 | } |
491 | | |
492 | | } |
493 | | |
494 | | std::pair<std::string, Signature_Format> |
495 | | Handshake_State::parse_sig_format(const Public_Key& key, |
496 | | Signature_Scheme scheme, |
497 | | bool for_client_auth, |
498 | | const Policy& policy) const |
499 | 367 | { |
500 | 367 | const std::string key_type = key.algo_name(); |
501 | 367 | |
502 | 367 | if(!policy.allowed_signature_method(key_type)) |
503 | 0 | { |
504 | 0 | throw TLS_Exception(Alert::HANDSHAKE_FAILURE, |
505 | 0 | "Rejecting " + key_type + " signature"); |
506 | 0 | } |
507 | 367 | |
508 | 367 | if(this->version().supports_negotiable_signature_algorithms() == false) |
509 | 0 | { |
510 | 0 | if(scheme != Signature_Scheme::NONE) |
511 | 0 | throw Decoding_Error("Counterparty sent hash/sig IDs with old version"); |
512 | 0 | |
513 | 0 | /* |
514 | 0 | There is no check on the acceptability of a v1.0/v1.1 hash type, |
515 | 0 | since it's implicit with use of the protocol |
516 | 0 | */ |
517 | 0 | |
518 | 0 | if(key_type == "RSA") |
519 | 0 | { |
520 | 0 | const std::string padding = "PKCS1v15(Parallel(MD5,SHA-160))"; |
521 | 0 | return std::make_pair(padding, IEEE_1363); |
522 | 0 | } |
523 | 0 | else if(key_type == "DSA" || key_type == "ECDSA") |
524 | 0 | { |
525 | 0 | const std::string padding = "EMSA1(SHA-1)"; |
526 | 0 | return std::make_pair(padding, DER_SEQUENCE); |
527 | 0 | } |
528 | 0 | else |
529 | 0 | throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures"); |
530 | 367 | } |
531 | 367 | |
532 | 367 | if(scheme == Signature_Scheme::NONE) |
533 | 1 | throw Decoding_Error("Counterparty did not send hash/sig IDS"); |
534 | 366 | |
535 | 366 | if(key_type != signature_algorithm_of_scheme(scheme)) |
536 | 9 | throw Decoding_Error("Counterparty sent inconsistent key and sig types"); |
537 | 357 | |
538 | 357 | if(for_client_auth && !cert_req()) |
539 | 0 | { |
540 | 0 | throw TLS_Exception(Alert::HANDSHAKE_FAILURE, |
541 | 0 | "No certificate verify set"); |
542 | 0 | } |
543 | 357 | |
544 | 357 | /* |
545 | 357 | Confirm the signature type we just received against the |
546 | 357 | supported_algos list that we sent; it better be there. |
547 | 357 | */ |
548 | 357 | |
549 | 357 | const std::vector<Signature_Scheme> supported_algos = |
550 | 357 | for_client_auth ? cert_req()->signature_schemes() : |
551 | 357 | client_hello()->signature_schemes(); |
552 | 357 | |
553 | 357 | if(!signature_scheme_is_known(scheme)) |
554 | 0 | throw TLS_Exception(Alert::HANDSHAKE_FAILURE, |
555 | 0 | "Peer sent unknown signature scheme"); |
556 | 357 | |
557 | 357 | const std::string hash_algo = hash_function_of_scheme(scheme); |
558 | 357 | |
559 | 357 | if(!supported_algos_include(supported_algos, key_type, hash_algo)) |
560 | 2 | { |
561 | 2 | throw TLS_Exception(Alert::ILLEGAL_PARAMETER, |
562 | 2 | "TLS signature extension did not allow for " + |
563 | 2 | key_type + "/" + hash_algo + " signature"); |
564 | 2 | } |
565 | 355 | |
566 | 355 | if(key_type == "RSA") |
567 | 32 | { |
568 | 32 | return std::make_pair(padding_string_for_scheme(scheme), IEEE_1363); |
569 | 32 | } |
570 | 323 | else if(key_type == "DSA" || key_type == "ECDSA") |
571 | 263 | { |
572 | 263 | return std::make_pair(padding_string_for_scheme(scheme), DER_SEQUENCE); |
573 | 263 | } |
574 | 60 | |
575 | 60 | throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures"); |
576 | 60 | } |
577 | | |
578 | | } |
579 | | |
580 | | } |