Botan 3.5.0
Crypto and TLS for C&
Botan::TLS::Certificate_Verify_12 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_Verify_12:
Botan::TLS::Certificate_Verify Botan::TLS::Handshake_Message

Public Member Functions

 Certificate_Verify ()=default
 
 Certificate_Verify (const std::vector< uint8_t > &buf)
 
 Certificate_Verify_12 (Handshake_IO &io, Handshake_State &state, const Policy &policy, RandomNumberGenerator &rng, const Private_Key *key)
 
std::vector< uint8_t > serialize () const override
 
Signature_Scheme signature_scheme () const
 
Handshake_Type type () const override
 
std::string type_string () const
 
bool verify (const X509_Certificate &cert, const Handshake_State &state, const Policy &policy) const
 
virtual Handshake_Type wire_type () const
 

Protected Attributes

Signature_Scheme m_scheme
 
std::vector< uint8_t > m_signature
 

Detailed Description

Certificate Verify Message

Definition at line 777 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_Verify_12()

Botan::TLS::Certificate_Verify_12::Certificate_Verify_12 ( Handshake_IO & io,
Handshake_State & state,
const Policy & policy,
RandomNumberGenerator & rng,
const Private_Key * key )

Definition at line 27 of file msg_cert_verify.cpp.

31 {
32 BOTAN_ASSERT_NONNULL(priv_key);
33
34 std::pair<std::string, Signature_Format> format = state.choose_sig_format(*priv_key, m_scheme, true, policy);
35
37 state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second, state.hash().get_contents());
38
39 state.hash().update(io.send(*this));
40}
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86
std::vector< uint8_t > m_signature

References BOTAN_ASSERT_NONNULL, Botan::TLS::Handshake_State::callbacks(), Botan::TLS::Handshake_State::choose_sig_format(), Botan::TLS::Handshake_Hash::get_contents(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Certificate_Verify::m_scheme, Botan::TLS::Certificate_Verify::m_signature, Botan::TLS::Handshake_IO::send(), Botan::TLS::Callbacks::tls_sign_message(), and Botan::TLS::Handshake_Hash::update().

Member Function Documentation

◆ Certificate_Verify() [1/2]

Botan::TLS::Certificate_Verify::Certificate_Verify ( )
default

◆ Certificate_Verify() [2/2]

Botan::TLS::Certificate_Verify::Certificate_Verify ( const std::vector< uint8_t > & buf)

Definition at line 764 of file msg_cert_verify.cpp.

45 {
46 TLS_Data_Reader reader("CertificateVerify", buf);
47
48 m_scheme = Signature_Scheme(reader.get_uint16_t());
49 m_signature = reader.get_range<uint8_t>(2, 0, 65535);
50 reader.assert_done();
51
52 if(!m_scheme.is_set()) {
53 throw Decoding_Error("Counterparty did not send hash/sig IDS");
54 }
55}

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_Verify::serialize ( ) const
overridevirtualinherited
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 60 of file msg_cert_verify.cpp.

60 {
62 std::vector<uint8_t> buf;
63 buf.reserve(2 + 2 + m_signature.size()); // work around GCC warning
64
65 const auto code = m_scheme.wire_code();
66 buf.push_back(get_byte<0>(code));
67 buf.push_back(get_byte<1>(code));
68
69 if(m_signature.size() > 0xFFFF) {
70 throw Encoding_Error("Certificate_Verify signature too long to encode");
71 }
72
73 const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
74 buf.push_back(get_byte<0>(sig_len));
75 buf.push_back(get_byte<1>(sig_len));
76 buf += m_signature;
77
78 return buf;
79}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
Signature_Scheme::Code wire_code() const noexcept
constexpr uint8_t get_byte(T input)
Definition loadstor.h:75

References BOTAN_ASSERT_NOMSG, Botan::get_byte(), Botan::TLS::Signature_Scheme::is_set(), Botan::TLS::Certificate_Verify::m_scheme, Botan::TLS::Certificate_Verify::m_signature, and Botan::TLS::Signature_Scheme::wire_code().

◆ signature_scheme()

Signature_Scheme Botan::TLS::Certificate_Verify::signature_scheme ( ) const
inlineinherited

Definition at line 762 of file tls_messages.h.

762{ return m_scheme; }

◆ type()

Handshake_Type Botan::TLS::Certificate_Verify::type ( ) const
inlineoverridevirtualinherited
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 760 of file tls_messages.h.

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

19 {
21}
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ verify()

bool Botan::TLS::Certificate_Verify_12::verify ( const X509_Certificate & cert,
const Handshake_State & state,
const Policy & policy ) const

Check the signature on a certificate verify message

Parameters
certthe purported certificate
statethe handshake state
policythe TLS policy

Definition at line 81 of file msg_cert_verify.cpp.

83 {
84 auto key = cert.subject_public_key();
85
86 policy.check_peer_key_acceptable(*key);
87
88 std::pair<std::string, Signature_Format> format =
89 state.parse_sig_format(*key, m_scheme, state.client_hello()->signature_schemes(), true, policy);
90
91 const bool signature_valid =
92 state.callbacks().tls_verify_message(*key, format.first, format.second, state.hash().get_contents(), m_signature);
93
94#if defined(BOTAN_UNSAFE_FUZZER_MODE)
95 BOTAN_UNUSED(signature_valid);
96 return true;
97
98#else
99 return signature_valid;
100
101#endif
102}
#define BOTAN_UNUSED
Definition assert.h:118

References BOTAN_UNUSED, Botan::TLS::Handshake_State::callbacks(), Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Handshake_State::client_hello(), Botan::TLS::Handshake_Hash::get_contents(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Certificate_Verify::m_scheme, Botan::TLS::Certificate_Verify::m_signature, Botan::TLS::Handshake_State::parse_sig_format(), Botan::X509_Certificate::subject_public_key(), and Botan::TLS::Callbacks::tls_verify_message().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

Referenced by Botan::TLS::Stream_Handshake_IO::send().

Member Data Documentation

◆ m_scheme

◆ m_signature


The documentation for this class was generated from the following files: