Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Certificate_Verify Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_Verify:
Botan::TLS::Handshake_Message

Public Member Functions

 Certificate_Verify (const std::vector< uint8_t > &buf, Protocol_Version version)
 
 Certificate_Verify (Handshake_IO &io, Handshake_State &state, const Policy &policy, RandomNumberGenerator &rng, const Private_Key *key)
 
Handshake_Type type () const override
 
std::string type_string () const
 
bool verify (const X509_Certificate &cert, const Handshake_State &state, const Policy &policy) const
 

Detailed Description

Certificate Verify Message

Definition at line 460 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_Verify() [1/2]

Botan::TLS::Certificate_Verify::Certificate_Verify ( Handshake_IO io,
Handshake_State state,
const Policy policy,
RandomNumberGenerator rng,
const Private_Key key 
)

Definition at line 22 of file msg_cert_verify.cpp.

27 {
28 BOTAN_ASSERT_NONNULL(priv_key);
29
30 std::pair<std::string, Signature_Format> format =
31 state.choose_sig_format(*priv_key, m_scheme, true, policy);
32
33 m_signature =
34 state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second,
35 state.hash().get_contents());
36
37 state.hash().update(io.send(*this));
38 }
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:107

References BOTAN_ASSERT_NONNULL, Botan::TLS::Handshake_State::callbacks(), Botan::TLS::Handshake_State::choose_sig_format(), Botan::TLS::Handshake_Hash::get_contents(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Handshake_IO::send(), Botan::TLS::Callbacks::tls_sign_message(), and Botan::TLS::Handshake_Hash::update().

◆ Certificate_Verify() [2/2]

Botan::TLS::Certificate_Verify::Certificate_Verify ( const std::vector< uint8_t > &  buf,
Protocol_Version  version 
)

Definition at line 43 of file msg_cert_verify.cpp.

45 {
46 TLS_Data_Reader reader("CertificateVerify", buf);
47
48 if(version.supports_negotiable_signature_algorithms())
49 {
50 m_scheme = static_cast<Signature_Scheme>(reader.get_uint16_t());
51 }
52
53 m_signature = reader.get_range<uint8_t>(2, 0, 65535);
54 reader.assert_done();
55 }
Signature_Scheme
Definition: tls_algos.h:86

References Botan::TLS::TLS_Data_Reader::assert_done(), Botan::TLS::TLS_Data_Reader::get_range(), Botan::TLS::TLS_Data_Reader::get_uint16_t(), and Botan::TLS::Protocol_Version::supports_negotiable_signature_algorithms().

Member Function Documentation

◆ type()

Handshake_Type Botan::TLS::Certificate_Verify::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 463 of file tls_messages.h.

463{ return CERTIFICATE_VERIFY; }
@ CERTIFICATE_VERIFY
Definition: tls_magic.h:55

References Botan::TLS::CERTIFICATE_VERIFY.

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

20 {
22 }
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ verify()

bool Botan::TLS::Certificate_Verify::verify ( const X509_Certificate cert,
const Handshake_State state,
const Policy policy 
) const

Check the signature on a certificate verify message

Parameters
certthe purported certificate
statethe handshake state
policythe TLS policy

Definition at line 85 of file msg_cert_verify.cpp.

88 {
89 std::unique_ptr<Public_Key> key(cert.subject_public_key());
90
91 policy.check_peer_key_acceptable(*key);
92
93 std::pair<std::string, Signature_Format> format =
94 state.parse_sig_format(*key.get(), m_scheme, true, policy);
95
96 const bool signature_valid =
97 state.callbacks().tls_verify_message(*key, format.first, format.second,
98 state.hash().get_contents(), m_signature);
99
100#if defined(BOTAN_UNSAFE_FUZZER_MODE)
101 BOTAN_UNUSED(signature_valid);
102 return true;
103#else
104 return signature_valid;
105#endif
106 }
#define BOTAN_UNUSED(...)
Definition: assert.h:142

References BOTAN_UNUSED, Botan::TLS::Handshake_State::callbacks(), Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Handshake_Hash::get_contents(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Handshake_State::parse_sig_format(), Botan::X509_Certificate::subject_public_key(), and Botan::TLS::Callbacks::tls_verify_message().


The documentation for this class was generated from the following files: