Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Member Functions | Protected Attributes | List of all members
Botan::TLS::Certificate_Verify_12 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_Verify_12:
Botan::TLS::Certificate_Verify Botan::TLS::Handshake_Message

Public Member Functions

 Certificate_Verify ()=default
 
 Certificate_Verify (const std::vector< uint8_t > &buf)
 
 Certificate_Verify_12 (Handshake_IO &io, Handshake_State &state, const Policy &policy, RandomNumberGenerator &rng, const Private_Key *key)
 
std::vector< uint8_t > serialize () const override
 
Signature_Scheme signature_scheme () const
 
Handshake_Type type () const override
 
std::string type_string () const
 
bool verify (const X509_Certificate &cert, const Handshake_State &state, const Policy &policy) const
 
virtual Handshake_Type wire_type () const
 

Protected Attributes

Signature_Scheme m_scheme
 
std::vector< uint8_t > m_signature
 

Detailed Description

Certificate Verify Message

Definition at line 662 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_Verify_12()

Botan::TLS::Certificate_Verify_12::Certificate_Verify_12 ( Handshake_IO io,
Handshake_State state,
const Policy policy,
RandomNumberGenerator rng,
const Private_Key key 
)

Definition at line 26 of file msg_cert_verify.cpp.

31 {
32 BOTAN_ASSERT_NONNULL(priv_key);
33
34 std::pair<std::string, Signature_Format> format =
35 state.choose_sig_format(*priv_key, m_scheme, true, policy);
36
38 state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second,
39 state.hash().get_contents());
40
41 state.hash().update(io.send(*this));
42 }
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:106
std::vector< uint8_t > m_signature
Definition: tls_messages.h:655

References BOTAN_ASSERT_NONNULL, Botan::TLS::Handshake_State::callbacks(), Botan::TLS::Handshake_State::choose_sig_format(), Botan::TLS::Handshake_Hash::get_contents(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Certificate_Verify::m_scheme, Botan::TLS::Certificate_Verify::m_signature, Botan::TLS::Handshake_IO::send(), Botan::TLS::Callbacks::tls_sign_message(), and Botan::TLS::Handshake_Hash::update().

Member Function Documentation

◆ Certificate_Verify() [1/2]

Botan::TLS::Certificate_Verify::Certificate_Verify ( )
default

◆ Certificate_Verify() [2/2]

Botan::TLS::Certificate_Verify::Certificate_Verify ( const std::vector< uint8_t > &  buf)

Definition at line 649 of file msg_cert_verify.cpp.

48 {
49 TLS_Data_Reader reader("CertificateVerify", buf);
50
51 m_scheme = Signature_Scheme(reader.get_uint16_t());
52 m_signature = reader.get_range<uint8_t>(2, 0, 65535);
53 reader.assert_done();
54
55 if(!m_scheme.is_set())
56 { throw Decoding_Error("Counterparty did not send hash/sig IDS"); }
57 }

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_Verify::serialize ( ) const
overridevirtualinherited
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 62 of file msg_cert_verify.cpp.

63 {
65 std::vector<uint8_t> buf;
66
67 const auto code = m_scheme.wire_code();
68 buf.push_back(get_byte<0>(code));
69 buf.push_back(get_byte<1>(code));
70
71 if(m_signature.size() > 0xFFFF)
72 { throw Encoding_Error("Certificate_Verify signature too long to encode"); }
73
74 const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
75 buf.push_back(get_byte<0>(sig_len));
76 buf.push_back(get_byte<1>(sig_len));
77 buf += m_signature;
78
79 return buf;
80 }
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
Signature_Scheme::Code wire_code() const noexcept

References BOTAN_ASSERT_NOMSG, Botan::TLS::Signature_Scheme::is_set(), Botan::TLS::Certificate_Verify::m_scheme, Botan::TLS::Certificate_Verify::m_signature, and Botan::TLS::Signature_Scheme::wire_code().

◆ signature_scheme()

Signature_Scheme Botan::TLS::Certificate_Verify::signature_scheme ( ) const
inlineinherited

Definition at line 647 of file tls_messages.h.

647{ return m_scheme; }

◆ type()

Handshake_Type Botan::TLS::Certificate_Verify::type ( ) const
inlineoverridevirtualinherited
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 645 of file tls_messages.h.

645{ return CERTIFICATE_VERIFY; }
@ CERTIFICATE_VERIFY
Definition: tls_magic.h:77

References Botan::TLS::CERTIFICATE_VERIFY.

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 18 of file tls_handshake_state.cpp.

19 {
21 }
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ verify()

bool Botan::TLS::Certificate_Verify_12::verify ( const X509_Certificate cert,
const Handshake_State state,
const Policy policy 
) const

Check the signature on a certificate verify message

Parameters
certthe purported certificate
statethe handshake state
policythe TLS policy

Definition at line 83 of file msg_cert_verify.cpp.

86 {
87 std::unique_ptr<Public_Key> key(cert.subject_public_key());
88
89 policy.check_peer_key_acceptable(*key);
90
91 std::pair<std::string, Signature_Format> format =
92 state.parse_sig_format(*key.get(), m_scheme, state.client_hello()->signature_schemes(), true, policy);
93
94 const bool signature_valid =
95 state.callbacks().tls_verify_message(*key, format.first, format.second,
96 state.hash().get_contents(), m_signature);
97
98#if defined(BOTAN_UNSAFE_FUZZER_MODE)
99 BOTAN_UNUSED(signature_valid);
100 return true;
101
102#else
103 return signature_valid;
104
105#endif
106 }
#define BOTAN_UNUSED(...)
Definition: assert.h:141

References BOTAN_UNUSED, Botan::TLS::Handshake_State::callbacks(), Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Handshake_State::client_hello(), Botan::TLS::Handshake_Hash::get_contents(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Certificate_Verify::m_scheme, Botan::TLS::Certificate_Verify::m_signature, Botan::TLS::Handshake_State::parse_sig_format(), Botan::X509_Certificate::subject_public_key(), and Botan::TLS::Callbacks::tls_verify_message().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Definition at line 42 of file tls_handshake_msg.h.

43 {
44 // Usually equal to the Handshake_Type enum value,
45 // with the exception of TLS 1.3 Hello Retry Request.
46 return type();
47 }

References type.

Referenced by Botan::TLS::Stream_Handshake_IO::send().

Member Data Documentation

◆ m_scheme

Signature_Scheme Botan::TLS::Certificate_Verify::m_scheme
protectedinherited

◆ m_signature

std::vector<uint8_t> Botan::TLS::Certificate_Verify::m_signature
protectedinherited

The documentation for this class was generated from the following files: