Botan
1.11.15
|
00001 /* 00002 * Certificate Verify Message 00003 * (C) 2004,2006,2011,2012 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #include <botan/internal/tls_messages.h> 00009 #include <botan/internal/tls_reader.h> 00010 #include <botan/internal/tls_extensions.h> 00011 #include <botan/internal/tls_handshake_io.h> 00012 00013 namespace Botan { 00014 00015 namespace TLS { 00016 00017 /* 00018 * Create a new Certificate Verify message 00019 */ 00020 Certificate_Verify::Certificate_Verify(Handshake_IO& io, 00021 Handshake_State& state, 00022 const Policy& policy, 00023 RandomNumberGenerator& rng, 00024 const Private_Key* priv_key) 00025 { 00026 BOTAN_ASSERT_NONNULL(priv_key); 00027 00028 std::pair<std::string, Signature_Format> format = 00029 state.choose_sig_format(*priv_key, m_hash_algo, m_sig_algo, true, policy); 00030 00031 PK_Signer signer(*priv_key, format.first, format.second); 00032 00033 m_signature = signer.sign_message(state.hash().get_contents(), rng); 00034 00035 state.hash().update(io.send(*this)); 00036 } 00037 00038 /* 00039 * Deserialize a Certificate Verify message 00040 */ 00041 Certificate_Verify::Certificate_Verify(const std::vector<byte>& buf, 00042 Protocol_Version version) 00043 { 00044 TLS_Data_Reader reader("CertificateVerify", buf); 00045 00046 if(version.supports_negotiable_signature_algorithms()) 00047 { 00048 m_hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte()); 00049 m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte()); 00050 } 00051 00052 m_signature = reader.get_range<byte>(2, 0, 65535); 00053 } 00054 00055 /* 00056 * Serialize a Certificate Verify message 00057 */ 00058 std::vector<byte> Certificate_Verify::serialize() const 00059 { 00060 std::vector<byte> buf; 00061 00062 if(m_hash_algo != "" && m_sig_algo != "") 00063 { 00064 buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo)); 00065 buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo)); 00066 } 00067 00068 const u16bit sig_len = m_signature.size(); 00069 buf.push_back(get_byte(0, sig_len)); 00070 buf.push_back(get_byte(1, sig_len)); 00071 buf += m_signature; 00072 00073 return buf; 00074 } 00075 00076 /* 00077 * Verify a Certificate Verify message 00078 */ 00079 bool Certificate_Verify::verify(const X509_Certificate& cert, 00080 const Handshake_State& state) const 00081 { 00082 std::unique_ptr<Public_Key> key(cert.subject_public_key()); 00083 00084 std::pair<std::string, Signature_Format> format = 00085 state.understand_sig_format(*key.get(), m_hash_algo, m_sig_algo); 00086 00087 PK_Verifier verifier(*key, format.first, format.second); 00088 00089 return verifier.verify_message(state.hash().get_contents(), m_signature); 00090 } 00091 00092 } 00093 00094 }