Botan::TLS::Certificate_Verify_12 Class Reference

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_Verify_12:

Public Member Functions
	Certificate_Verify ()=default
	Certificate_Verify (const std::vector< uint8_t > &buf)
	Certificate_Verify_12 (Handshake_IO &io, Handshake_State &state, const Policy &policy, RandomNumberGenerator &rng, const Private_Key *key)
std::vector< uint8_t >	serialize () const override
Signature_Scheme	signature_scheme () const
Handshake_Type	type () const override
std::string	type_string () const
bool	verify (const X509_Certificate &cert, const Handshake_State &state, const Policy &policy) const
virtual Handshake_Type	wire_type () const

Protected Attributes
Signature_Scheme	m_scheme
std::vector< uint8_t >	m_signature

Detailed Description

Certificate Verify Message

Definition at line 777 of file tls_messages.h.

Constructor & Destructor Documentation

Certificate_Verify_12()

Botan::TLS::Certificate_Verify_12::Certificate_Verify_12	(	Handshake_IO &	io,
		Handshake_State &	state,
		const Policy &	policy,
		RandomNumberGenerator &	rng,
		const Private_Key *	key )

Definition at line 28 of file msg_cert_verify.cpp.

                                                                          {
   BOTAN_ASSERT_NONNULL(priv_key);
 
   std::pair<std::string, Signature_Format> format = state.choose_sig_format(*priv_key, m_scheme, true, policy);
 
   m_signature =
      state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second, state.hash().get_contents());
 
   state.hash().update(io.send(*this));
}

References BOTAN_ASSERT_NONNULL, Botan::TLS::Handshake_State::callbacks(), Botan::TLS::Handshake_State::choose_sig_format(), Botan::TLS::Handshake_Hash::get_contents(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Certificate_Verify::m_scheme, Botan::TLS::Certificate_Verify::m_signature, Botan::TLS::Handshake_IO::send(), Botan::TLS::Callbacks::tls_sign_message(), and Botan::TLS::Handshake_Hash::update().

Member Function Documentation

Certificate_Verify() [1/2]

Botan::TLS::Certificate_Verify::Certificate_Verify ( )

default

Certificate_Verify() [2/2]

Botan::TLS::Certificate_Verify::Certificate_Verify ( const std::vector< uint8_t > & buf )

explicit

Definition at line 764 of file msg_cert_verify.cpp.

                                                                    {
   TLS_Data_Reader reader("CertificateVerify", buf);
 
   m_scheme = Signature_Scheme(reader.get_uint16_t());
   m_signature = reader.get_range<uint8_t>(2, 0, 65535);
   reader.assert_done();
 
   if(!m_scheme.is_set()) {
      throw Decoding_Error("Counterparty did not send hash/sig IDS");
   }
}

serialize()

std::vector< uint8_t > Botan::TLS::Certificate_Verify::serialize ( ) const

overridevirtualinherited

Returns

DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 61 of file msg_cert_verify.cpp.

                                                       {
   BOTAN_ASSERT_NOMSG(m_scheme.is_set());
   std::vector<uint8_t> buf;
   buf.reserve(2 + 2 + m_signature.size());  // work around GCC warning
 
   const auto code = m_scheme.wire_code();
   buf.push_back(get_byte<0>(code));
   buf.push_back(get_byte<1>(code));
 
   if(m_signature.size() > 0xFFFF) {
      throw Encoding_Error("Certificate_Verify signature too long to encode");
   }
 
   const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
   buf.push_back(get_byte<0>(sig_len));
   buf.push_back(get_byte<1>(sig_len));
   buf += m_signature;
 
   return buf;
}

References BOTAN_ASSERT_NOMSG, Botan::get_byte(), m_scheme, and m_signature.

Referenced by Certificate_Verify().

signature_scheme()

Signature_Scheme Botan::TLS::Certificate_Verify::signature_scheme ( ) const

inlineinherited

Definition at line 762 of file tls_messages.h.

{ return m_scheme; }

References m_scheme.

type()

Handshake_Type Botan::TLS::Certificate_Verify::type ( ) const

inlineoverridevirtualinherited

Returns

the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 760 of file tls_messages.h.

{ return Handshake_Type::CertificateVerify; }

References Botan::TLS::CertificateVerify.

type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const

inherited

Returns

string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

                                               {
   return handshake_type_to_string(type());
}

References Botan::TLS::handshake_type_to_string(), and type().

verify()

bool Botan::TLS::Certificate_Verify_12::verify	(	const X509_Certificate &	cert,
		const Handshake_State &	state,
		const Policy &	policy ) const

Check the signature on a certificate verify message

Parameters

cert	the purported certificate
state	the handshake state
policy	the TLS policy

Definition at line 82 of file msg_cert_verify.cpp.

                                                               {
   auto key = cert.subject_public_key();
 
   policy.check_peer_key_acceptable(*key);
 
   std::pair<std::string, Signature_Format> format =
      state.parse_sig_format(*key, m_scheme, state.client_hello()->signature_schemes(), true, policy);
 
   const bool signature_valid =
      state.callbacks().tls_verify_message(*key, format.first, format.second, state.hash().get_contents(), m_signature);
 
#if defined(BOTAN_UNSAFE_FUZZER_MODE)
   BOTAN_UNUSED(signature_valid);
   return true;
 
#else
   return signature_valid;
 
#endif
}

References BOTAN_UNUSED, Botan::TLS::Handshake_State::callbacks(), Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Handshake_State::client_hello(), Botan::TLS::Handshake_Hash::get_contents(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Certificate_Verify::m_scheme, Botan::TLS::Certificate_Verify::m_signature, Botan::TLS::Handshake_State::parse_sig_format(), Botan::X509_Certificate::subject_public_key(), and Botan::TLS::Callbacks::tls_verify_message().

wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const

inlinevirtualinherited

Returns

the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

                                               {
         // Usually equal to the Handshake_Type enum value,
         // with the exception of TLS 1.3 Hello Retry Request.
         return type();
      }

References type().

Referenced by Botan::TLS::Stream_Handshake_IO::send().

Member Data Documentation

m_scheme

Signature_Scheme Botan::TLS::Certificate_Verify::m_scheme

protectedinherited

Definition at line 771 of file tls_messages.h.

Referenced by Certificate_Verify(), Botan::TLS::Certificate_Verify_12::Certificate_Verify_12(), Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), serialize(), signature_scheme(), Botan::TLS::Certificate_Verify_12::verify(), and Botan::TLS::Certificate_Verify_13::verify().

m_signature

std::vector<uint8_t> Botan::TLS::Certificate_Verify::m_signature

protectedinherited

Definition at line 770 of file tls_messages.h.

Referenced by Certificate_Verify(), Botan::TLS::Certificate_Verify_12::Certificate_Verify_12(), Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), serialize(), Botan::TLS::Certificate_Verify_12::verify(), and Botan::TLS::Certificate_Verify_13::verify().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls_messages.h
• src/lib/tls/msg_cert_verify.cpp