Botan  2.1.0
Crypto and TLS for C++11
msg_cert_verify.cpp
Go to the documentation of this file.
1 /*
2 * Certificate Verify Message
3 * (C) 2004,2006,2011,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/tls_messages.h>
9 #include <botan/tls_extensions.h>
10 #include <botan/internal/tls_reader.h>
11 #include <botan/internal/tls_handshake_io.h>
12 #include <botan/internal/tls_handshake_state.h>
13 
14 namespace Botan {
15 
16 namespace TLS {
17 
18 /*
19 * Create a new Certificate Verify message
20 */
22  Handshake_State& state,
23  const Policy& policy,
25  const Private_Key* priv_key)
26  {
27  BOTAN_ASSERT_NONNULL(priv_key);
28 
29  std::pair<std::string, Signature_Format> format =
30  state.choose_sig_format(*priv_key, m_hash_algo, m_sig_algo, true, policy);
31 
32  PK_Signer signer(*priv_key, rng, format.first, format.second);
33 
34  m_signature = signer.sign_message(state.hash().get_contents(), rng);
35 
36  state.hash().update(io.send(*this));
37  }
38 
39 /*
40 * Deserialize a Certificate Verify message
41 */
42 Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf,
43  Protocol_Version version)
44  {
45  TLS_Data_Reader reader("CertificateVerify", buf);
46 
48  {
49  m_hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte());
50  m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte());
51  }
52 
53  m_signature = reader.get_range<uint8_t>(2, 0, 65535);
54  }
55 
56 /*
57 * Serialize a Certificate Verify message
58 */
59 std::vector<uint8_t> Certificate_Verify::serialize() const
60  {
61  std::vector<uint8_t> buf;
62 
63  if(!m_hash_algo.empty() && !m_sig_algo.empty())
64  {
65  buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo));
66  buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo));
67  }
68 
69  const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
70  buf.push_back(get_byte(0, sig_len));
71  buf.push_back(get_byte(1, sig_len));
72  buf += m_signature;
73 
74  return buf;
75  }
76 
77 /*
78 * Verify a Certificate Verify message
79 */
81  const Handshake_State& state,
82  const Policy& policy) const
83  {
84  std::unique_ptr<Public_Key> key(cert.subject_public_key());
85 
86  policy.check_peer_key_acceptable(*key);
87 
88  std::pair<std::string, Signature_Format> format =
89  state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo,
90  true, policy);
91 
92  PK_Verifier verifier(*key, format.first, format.second);
93 
94  const bool signature_valid =
95  verifier.verify_message(state.hash().get_contents(), m_signature);
96 
97 #if defined(BOTAN_UNSAFE_FUZZER_MODE)
98  return true;
99 #else
100  return signature_valid;
101 #endif
102  }
103 
104 }
105 
106 }
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
const std::vector< uint8_t > & get_contents() const
static uint8_t sig_algo_code(const std::string &name)
std::pair< std::string, Signature_Format > parse_sig_format(const Public_Key &key, const std::string &hash_algo, const std::string &sig_algo, bool for_client_auth, const Policy &policy) const
Certificate_Verify(Handshake_IO &io, Handshake_State &state, const Policy &policy, RandomNumberGenerator &rng, const Private_Key *key)
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition: pubkey.cpp:280
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition: pubkey.h:209
static uint8_t hash_algo_code(const std::string &name)
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:79
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:94
void update(const uint8_t in[], size_t length)
Definition: alg_id.cpp:13
static std::string sig_algo_name(uint8_t code)
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
Definition: tls_policy.cpp:186
bool verify(const X509_Certificate &cert, const Handshake_State &state, const Policy &policy) const
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
Public_Key * subject_public_key() const
Definition: x509cert.cpp:215
std::pair< std::string, Signature_Format > choose_sig_format(const Private_Key &key, std::string &hash_algo, std::string &sig_algo, bool for_client_auth, const Policy &policy) const
bool supports_negotiable_signature_algorithms() const
Definition: tls_version.cpp:61
static std::string hash_algo_name(uint8_t code)