Botan 3.3.0
Crypto and TLS for C&
msg_cert_req.cpp
Go to the documentation of this file.
1/*
2* Certificate Request Message
3* (C) 2004-2006,2012 Jack Lloyd
4* 2021 Elektrobit Automotive GmbH
5* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6*
7* Botan is released under the Simplified BSD License (see license.txt)
8*/
9
10#include <botan/tls_messages.h>
11
12#include <botan/ber_dec.h>
13#include <botan/der_enc.h>
14#include <botan/tls_extensions.h>
15#include <botan/internal/tls_handshake_hash.h>
16#include <botan/internal/tls_handshake_io.h>
17#include <botan/internal/tls_reader.h>
18
19namespace Botan::TLS {
20
24
25namespace {
26
27std::string cert_type_code_to_name(uint8_t code) {
28 switch(code) {
29 case 1:
30 return "RSA";
31 case 64:
32 return "ECDSA";
33 default:
34 return ""; // DH or something else
35 }
36}
37
38uint8_t cert_type_name_to_code(std::string_view name) {
39 if(name == "RSA") {
40 return 1;
41 }
42 if(name == "ECDSA") {
43 return 64;
44 }
45
46 throw Invalid_Argument(fmt("Unknown/unhandled TLS cert type {}", name));
47}
48
49} // namespace
50
51/**
52* Create a new Certificate Request message
53*/
55 Handshake_Hash& hash,
56 const Policy& policy,
57 const std::vector<X509_DN>& ca_certs) :
58 m_names(ca_certs), m_cert_key_types({"RSA", "ECDSA"}) {
59 m_schemes = policy.acceptable_signature_schemes();
60 hash.update(io.send(*this));
61}
62
63/**
64* Deserialize a Certificate Request message
65*/
66Certificate_Request_12::Certificate_Request_12(const std::vector<uint8_t>& buf) {
67 if(buf.size() < 4) {
68 throw Decoding_Error("Certificate_Req: Bad certificate request");
69 }
70
71 TLS_Data_Reader reader("CertificateRequest", buf);
72
73 const auto cert_type_codes = reader.get_range_vector<uint8_t>(1, 1, 255);
74
75 for(const auto cert_type_code : cert_type_codes) {
76 const std::string cert_type_name = cert_type_code_to_name(cert_type_code);
77
78 if(cert_type_name.empty()) { // something we don't know
79 continue;
80 }
81
82 m_cert_key_types.emplace_back(cert_type_name);
83 }
84
85 const std::vector<uint8_t> algs = reader.get_range_vector<uint8_t>(2, 2, 65534);
86
87 if(algs.size() % 2 != 0) {
88 throw Decoding_Error("Bad length for signature IDs in certificate request");
89 }
90
91 for(size_t i = 0; i != algs.size(); i += 2) {
92 m_schemes.emplace_back(make_uint16(algs[i], algs[i + 1]));
93 }
94
95 const uint16_t purported_size = reader.get_uint16_t();
96
97 if(reader.remaining_bytes() != purported_size) {
98 throw Decoding_Error("Inconsistent length in certificate request");
99 }
100
101 while(reader.has_remaining()) {
102 std::vector<uint8_t> name_bits = reader.get_range_vector<uint8_t>(2, 0, 65535);
103
104 BER_Decoder decoder(name_bits.data(), name_bits.size());
106 decoder.decode(name);
107 m_names.emplace_back(name);
108 }
109}
110
111const std::vector<std::string>& Certificate_Request_12::acceptable_cert_types() const {
112 return m_cert_key_types;
113}
114
115const std::vector<X509_DN>& Certificate_Request_12::acceptable_CAs() const {
116 return m_names;
117}
118
119const std::vector<Signature_Scheme>& Certificate_Request_12::signature_schemes() const {
120 return m_schemes;
121}
122
123/**
124* Serialize a Certificate Request message
125*/
126std::vector<uint8_t> Certificate_Request_12::serialize() const {
127 std::vector<uint8_t> buf;
128
129 std::vector<uint8_t> cert_types;
130
131 cert_types.reserve(m_cert_key_types.size());
132 for(const auto& cert_key_type : m_cert_key_types) {
133 cert_types.push_back(cert_type_name_to_code(cert_key_type));
134 }
135
136 append_tls_length_value(buf, cert_types, 1);
137
138 if(!m_schemes.empty()) {
140 }
141
142 std::vector<uint8_t> encoded_names;
143
144 for(const auto& name : m_names) {
145 DER_Encoder encoder;
146 encoder.encode(name);
147
148 append_tls_length_value(encoded_names, encoder.get_contents(), 2);
149 }
150
151 append_tls_length_value(buf, encoded_names, 2);
152
153 return buf;
154}
155} // namespace Botan::TLS
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:132
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
const std::vector< std::string > & acceptable_cert_types() const
const std::vector< Signature_Scheme > & signature_schemes() const
std::vector< uint8_t > serialize() const override
const std::vector< X509_DN > & acceptable_CAs() const
Certificate_Request_12(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, const std::vector< X509_DN > &allowed_cas)
Handshake_Type type() const override
std::vector< uint8_t > serialize(Connection_Side whoami) const override
size_t remaining_bytes() const
Definition tls_reader.h:37
std::vector< T > get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition tls_reader.h:112
std::string name
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition tls_reader.h:180
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition loadstor.h:50