Botan 3.5.0
Crypto and TLS for C&
Botan::TLS::Certificate_13 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_13:
Botan::TLS::Handshake_Message

Classes

class  Certificate_Entry
 

Public Member Functions

std::vector< X509_Certificatecert_chain () const
 
 Certificate_13 (const Certificate_Request_13 &cert_request, std::string_view hostname, Credentials_Manager &credentials_manager, Callbacks &callbacks, Certificate_Type cert_type)
 
 Certificate_13 (const Client_Hello_13 &client_hello, Credentials_Manager &credentials_manager, Callbacks &callbacks, Certificate_Type cert_type)
 
 Certificate_13 (const std::vector< uint8_t > &buf, const Policy &policy, Connection_Side side, Certificate_Type cert_type)
 
size_t count () const
 
bool empty () const
 
bool has_certificate_chain () const
 
bool is_raw_public_key () const
 
const X509_Certificateleaf () const
 
std::shared_ptr< const Public_Keypublic_key () const
 
const std::vector< uint8_t > & request_context () const
 
std::vector< uint8_t > serialize () const override
 
Handshake_Type type () const override
 
std::string type_string () const
 
void validate_extensions (const std::set< Extension_Code > &requested_extensions, Callbacks &cb) const
 
void verify (Callbacks &callbacks, const Policy &policy, Credentials_Manager &creds, std::string_view hostname, bool use_ocsp) const
 
virtual Handshake_Type wire_type () const
 

Detailed Description

Certificate Message of TLS 1.3

Definition at line 549 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_13() [1/3]

Botan::TLS::Certificate_13::Certificate_13 ( const Certificate_Request_13 & cert_request,
std::string_view hostname,
Credentials_Manager & credentials_manager,
Callbacks & callbacks,
Certificate_Type cert_type )

Create a Client Certificate message ... in response to a Certificate Request message.

Create a Client Certificate message

Definition at line 188 of file msg_certificate_13.cpp.

192 :
193 m_request_context(cert_request.context()), m_side(Connection_Side::Client) {
194 const auto key_types = filter_signature_schemes(cert_request.signature_schemes());
195 const auto op_type = "tls-client";
196
197 if(cert_type == Certificate_Type::X509) {
198 setup_entries(
199 credentials_manager.find_cert_chain(key_types,
200 to_algorithm_identifiers(cert_request.certificate_signature_schemes()),
201 cert_request.acceptable_CAs(),
202 op_type,
203 std::string(hostname)),
204 cert_request.extensions().get<Certificate_Status_Request>(),
205 callbacks);
206 } else if(cert_type == Certificate_Type::RawPublicKey) {
207 auto raw_public_key = credentials_manager.find_raw_public_key(key_types, op_type, std::string(hostname));
208
209 // RFC 8446 4.4.2
210 // If the RawPublicKey certificate type was negotiated, then the
211 // certificate_list MUST contain no more than one CertificateEntry
212 // [...].
213 // A client will send an empty certificate_list if it does not have
214 // an appropriate certificate to send in response to the server's
215 // authentication request.
216 if(raw_public_key) {
217 setup_entry(std::move(raw_public_key), callbacks);
218 }
219 }
220}
std::vector< AlgorithmIdentifier > to_algorithm_identifiers(const std::vector< Signature_Scheme > &schemes)

References Botan::TLS::Certificate_Request_13::acceptable_CAs(), Botan::TLS::Certificate_Request_13::certificate_signature_schemes(), Botan::TLS::Certificate_Request_13::extensions(), Botan::Credentials_Manager::find_cert_chain(), Botan::Credentials_Manager::find_raw_public_key(), Botan::TLS::Extensions::get(), Botan::TLS::RawPublicKey, Botan::TLS::Certificate_Request_13::signature_schemes(), Botan::TLS::to_algorithm_identifiers(), and Botan::TLS::X509.

◆ Certificate_13() [2/3]

Botan::TLS::Certificate_13::Certificate_13 ( const Client_Hello_13 & client_hello,
Credentials_Manager & credentials_manager,
Callbacks & callbacks,
Certificate_Type cert_type )

Create a Server Certificate message ... in response to a Client Hello indicating the need to authenticate with a server certificate.

Create a Server Certificate message

Definition at line 225 of file msg_certificate_13.cpp.

228 :
229 // RFC 8446 4.4.2:
230 // [In the case of server authentication], this field
231 // SHALL be zero length
232 m_request_context(), m_side(Connection_Side::Server) {
233 BOTAN_ASSERT_NOMSG(client_hello.extensions().has<Signature_Algorithms>());
234
235 const auto key_types = filter_signature_schemes(client_hello.signature_schemes());
236 const auto op_type = "tls-server";
237 const auto context = client_hello.sni_hostname();
238
239 if(cert_type == Certificate_Type::X509) {
240 auto cert_chain = credentials_manager.find_cert_chain(
241 key_types, to_algorithm_identifiers(client_hello.certificate_signature_schemes()), {}, op_type, context);
242
243 // RFC 8446 4.4.2
244 // The server's certificate_list MUST always be non-empty.
245 if(cert_chain.empty()) {
246 throw TLS_Exception(Alert::HandshakeFailure, "No sufficient server certificate available");
247 }
248
249 setup_entries(std::move(cert_chain), client_hello.extensions().get<Certificate_Status_Request>(), callbacks);
250 } else if(cert_type == Certificate_Type::RawPublicKey) {
251 auto raw_public_key = credentials_manager.find_raw_public_key(key_types, op_type, context);
252
253 // RFC 8446 4.4.2
254 // If the RawPublicKey certificate type was negotiated, then the
255 // certificate_list MUST contain no more than one CertificateEntry
256 // [...].
257 // The server's certificate_list MUST always be non-empty
258 if(!raw_public_key) {
259 throw TLS_Exception(Alert::HandshakeFailure, "No sufficient server raw public key available");
260 }
261
262 setup_entry(std::move(raw_public_key), callbacks);
263 }
264}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
std::vector< X509_Certificate > cert_chain() const

References BOTAN_ASSERT_NOMSG, cert_chain(), Botan::TLS::Client_Hello::certificate_signature_schemes(), Botan::TLS::Client_Hello::extensions(), Botan::Credentials_Manager::find_cert_chain(), Botan::Credentials_Manager::find_raw_public_key(), Botan::TLS::Extensions::get(), Botan::TLS::Extensions::has(), Botan::TLS::RawPublicKey, Botan::TLS::Client_Hello::signature_schemes(), Botan::TLS::Client_Hello::sni_hostname(), Botan::TLS::to_algorithm_identifiers(), and Botan::TLS::X509.

◆ Certificate_13() [3/3]

Botan::TLS::Certificate_13::Certificate_13 ( const std::vector< uint8_t > & buf,
const Policy & policy,
Connection_Side side,
Certificate_Type cert_type )

Deserialize a Certificate message

Parameters
bufthe serialized message
policythe TLS policy
sideis this a Connection_Side::Server or Connection_Side::Client certificate message
cert_typeis the certificate type that was negotiated during the handshake

Deserialize a Certificate message

Definition at line 345 of file msg_certificate_13.cpp.

348 :
349 m_side(side) {
350 TLS_Data_Reader reader("cert message reader", buf);
351
352 m_request_context = reader.get_range<uint8_t>(1, 0, 255);
353
354 // RFC 8446 4.4.2
355 // [...] in the case of server authentication, this field SHALL be zero length.
356 if(m_side == Connection_Side::Server && !m_request_context.empty()) {
357 throw TLS_Exception(Alert::IllegalParameter, "Server Certificate message must not contain a request context");
358 }
359
360 const auto cert_entries_len = reader.get_uint24_t();
361
362 if(reader.remaining_bytes() != cert_entries_len) {
363 throw TLS_Exception(Alert::DecodeError, "Certificate: Message malformed");
364 }
365
366 const size_t max_size = policy.maximum_certificate_chain_size();
367 if(max_size > 0 && cert_entries_len > max_size) {
368 throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
369 }
370
371 while(reader.has_remaining()) {
372 m_entries.emplace_back(reader, side, cert_type);
373 }
374
375 // RFC 8446 4.4.2
376 // The server's certificate_list MUST always be non-empty. A client
377 // will send an empty certificate_list if it does not have an
378 // appropriate certificate to send in response to the server's
379 // authentication request.
380 if(m_entries.empty()) {
381 // RFC 8446 4.4.2.4
382 // If the server supplies an empty Certificate message, the client MUST
383 // abort the handshake with a "decode_error" alert.
384 if(m_side == Connection_Side::Server) {
385 throw TLS_Exception(Alert::DecodeError, "No certificates sent by server");
386 }
387
388 return;
389 }
390
391 BOTAN_ASSERT_NOMSG(!m_entries.empty());
392
393 // RFC 8446 4.4.2.2
394 // The certificate type MUST be X.509v3 [RFC5280], unless explicitly
395 // negotiated otherwise (e.g., [RFC7250]).
396 //
397 // TLS 1.0 through 1.3 all seem to require that the certificate be
398 // precisely a v3 certificate. In fact the strict wording would seem
399 // to require that every certificate in the chain be v3. But often
400 // the intermediates are outside of the control of the server.
401 // But, require that the leaf certificate be v3.
402 if(cert_type == Certificate_Type::X509 && m_entries.front().certificate().x509_version() != 3) {
403 throw TLS_Exception(Alert::BadCertificate, "The leaf certificate must be v3");
404 }
405
406 // RFC 8446 4.4.2
407 // If the RawPublicKey certificate type was negotiated, then the
408 // certificate_list MUST contain no more than one CertificateEntry.
409 if(cert_type == Certificate_Type::RawPublicKey && m_entries.size() != 1) {
410 throw TLS_Exception(Alert::IllegalParameter, "Certificate message contained more than one RawPublicKey");
411 }
412
413 // Validate the provided (certificate) public key against our policy
414 auto pubkey = public_key();
415 policy.check_peer_key_acceptable(*pubkey);
416
417 if(!policy.allowed_signature_method(pubkey->algo_name())) {
418 throw TLS_Exception(Alert::HandshakeFailure, "Rejecting " + pubkey->algo_name() + " signature");
419 }
420}
std::shared_ptr< const Public_Key > public_key() const

References Botan::TLS::Policy::allowed_signature_method(), BOTAN_ASSERT_NOMSG, Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::TLS_Data_Reader::get_range(), Botan::TLS::TLS_Data_Reader::get_uint24_t(), Botan::TLS::TLS_Data_Reader::has_remaining(), Botan::TLS::Policy::maximum_certificate_chain_size(), public_key(), Botan::TLS::RawPublicKey, Botan::TLS::TLS_Data_Reader::remaining_bytes(), Botan::TLS::Server, and Botan::TLS::X509.

Member Function Documentation

◆ cert_chain()

std::vector< X509_Certificate > Botan::TLS::Certificate_13::cert_chain ( ) const

Definition at line 67 of file msg_certificate_13.cpp.

67 {
69 std::vector<X509_Certificate> result;
70 std::transform(m_entries.cbegin(), m_entries.cend(), std::back_inserter(result), [](const auto& cert_entry) {
71 return cert_entry.certificate();
72 });
73 return result;
74}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41

References BOTAN_STATE_CHECK, and has_certificate_chain().

Referenced by Certificate_13(), Botan::TLS::Client_Impl_13::peer_cert_chain(), and Botan::TLS::Server_Impl_13::peer_cert_chain().

◆ count()

size_t Botan::TLS::Certificate_13::count ( ) const
inline

Definition at line 582 of file tls_messages.h.

582{ return m_entries.size(); }

◆ empty()

bool Botan::TLS::Certificate_13::empty ( ) const
inline

Definition at line 584 of file tls_messages.h.

584{ return m_entries.empty(); }

Referenced by Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), has_certificate_chain(), is_raw_public_key(), leaf(), and public_key().

◆ has_certificate_chain()

bool Botan::TLS::Certificate_13::has_certificate_chain ( ) const

◆ is_raw_public_key()

bool Botan::TLS::Certificate_13::is_raw_public_key ( ) const

◆ leaf()

const X509_Certificate & Botan::TLS::Certificate_13::leaf ( ) const

Definition at line 96 of file msg_certificate_13.cpp.

96 {
98 return m_entries.front().certificate();
99}

References BOTAN_STATE_CHECK, and empty().

Referenced by Botan::TLS::Certificate_Verify_13::Certificate_Verify_13().

◆ public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Certificate_13::public_key ( ) const

◆ request_context()

const std::vector< uint8_t > & Botan::TLS::Certificate_13::request_context ( ) const
inline

Definition at line 589 of file tls_messages.h.

589{ return m_request_context; }

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_13::serialize ( ) const
overridevirtual

Serialize a Certificate message

Implements Botan::TLS::Handshake_Message.

Definition at line 425 of file msg_certificate_13.cpp.

425 {
426 std::vector<uint8_t> buf;
427
428 append_tls_length_value(buf, m_request_context, 1);
429
430 std::vector<uint8_t> entries;
431 for(const auto& entry : m_entries) {
432 append_tls_length_value(entries, entry.serialize(), 3);
433
434 // Extensions are tacked at the end of certificate entries. Note that
435 // Extensions::serialize() usually emits the required length field,
436 // except when no extensions are added at all, then it returns an
437 // empty buffer.
438 //
439 // TODO: look into this issue more generally when overhauling the
440 // message marshalling.
441 auto extensions = entry.extensions().serialize(m_side);
442 entries += (!extensions.empty()) ? extensions : std::vector<uint8_t>{0, 0};
443 }
444
445 append_tls_length_value(buf, entries, 3);
446
447 return buf;
448}
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition tls_reader.h:180

References Botan::TLS::append_tls_length_value().

◆ type()

Handshake_Type Botan::TLS::Certificate_13::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 575 of file tls_messages.h.

Referenced by validate_extensions().

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

19 {
21}
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ validate_extensions()

void Botan::TLS::Certificate_13::validate_extensions ( const std::set< Extension_Code > & requested_extensions,
Callbacks & cb ) const

Validate a Certificate message regarding what extensions are expected based on previous handshake messages. Also call the tls_examine_extenions() callback for each entry.

Parameters
requested_extensionsExtensions of Client_Hello or Certificate_Request messages
cbCallback that will be called for each extension.

Definition at line 76 of file msg_certificate_13.cpp.

76 {
77 // RFC 8446 4.4.2
78 // Extensions in the Certificate message from the server MUST
79 // correspond to ones from the ClientHello message. Extensions in
80 // the Certificate message from the client MUST correspond to
81 // extensions in the CertificateRequest message from the server.
82 for(const auto& entry : m_entries) {
83 if(entry.extensions().contains_other_than(requested_extensions)) {
84 throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that was not offered");
85 }
86
87 cb.tls_examine_extensions(entry.extensions(), m_side, type());
88 }
89}
Handshake_Type type() const override

References Botan::TLS::Callbacks::tls_examine_extensions(), and type().

◆ verify()

void Botan::TLS::Certificate_13::verify ( Callbacks & callbacks,
const Policy & policy,
Credentials_Manager & creds,
std::string_view hostname,
bool use_ocsp ) const

Verify the certificate chain

Exceptions
ifverification fails.

Definition at line 101 of file msg_certificate_13.cpp.

105 {
107
108 if(is_raw_public_key()) {
109 callbacks.tls_verify_raw_public_key(*public_key(), usage, hostname, policy);
110 } else {
111 verify_certificate_chain(callbacks, policy, creds, hostname, use_ocsp, usage);
112 }
113}
Usage_Type
Definition x509cert.h:22

References Botan::TLS::Client, is_raw_public_key(), public_key(), Botan::TLS_CLIENT_AUTH, Botan::TLS_SERVER_AUTH, and Botan::TLS::Callbacks::tls_verify_raw_public_key().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

Referenced by Botan::TLS::Stream_Handshake_IO::send().


The documentation for this class was generated from the following files: