doxygen/msg__cert__verify_8cpp_source.html

 /*
 * Certificate Verify Message
 * (C) 2004,2006,2011,2012 Jack Lloyd
 *     2017 Harry Reimann, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

 #include <botan/tls_messages.h>
 #include <botan/tls_extensions.h>
 #include <botan/internal/tls_reader.h>
 #include <botan/internal/tls_handshake_io.h>
 #include <botan/internal/tls_handshake_state.h>

 namespace Botan {

 namespace TLS {

 /*
 * Create a new Certificate Verify message
 */
 Certificate_Verify::Certificate_Verify(Handshake_IO& io,
                                        Handshake_State& state,
                                        const Policy& policy,
                                        RandomNumberGenerator& rng,
                                        const Private_Key* priv_key)
    {
    BOTAN_ASSERT_NONNULL(priv_key);

    std::pair<std::string, Signature_Format> format =
       state.choose_sig_format(*priv_key, m_scheme, true, policy);

    m_signature =
       state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second,
                                          state.hash().get_contents());

    state.hash().update(io.send(*this));
    }

 /*
 * Deserialize a Certificate Verify message
 */
 Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf,
                                        Protocol_Version version)
    {
    TLS_Data_Reader reader("CertificateVerify", buf);

    if(version.supports_negotiable_signature_algorithms())
       {
       m_scheme = static_cast<Signature_Scheme>(reader.get_uint16_t());
       }

    m_signature = reader.get_range<uint8_t>(2, 0, 65535);
    reader.assert_done();
    }

 /*
 * Serialize a Certificate Verify message
 */
 std::vector<uint8_t> Certificate_Verify::serialize() const
    {
    std::vector<uint8_t> buf;

    if(m_scheme != Signature_Scheme::NONE)
       {
       const uint16_t scheme_code = static_cast<uint16_t>(m_scheme);
       buf.push_back(get_byte(0, scheme_code));
       buf.push_back(get_byte(1, scheme_code));
       }

    if(m_signature.size() > 0xFFFF)
       throw Encoding_Error("Certificate_Verify signature too long to encode");

    const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
    buf.push_back(get_byte(0, sig_len));
    buf.push_back(get_byte(1, sig_len));
    buf += m_signature;

    return buf;
    }

 /*
 * Verify a Certificate Verify message
 */
 bool Certificate_Verify::verify(const X509_Certificate& cert,
                                 const Handshake_State& state,
                                 const Policy& policy) const
    {
    std::unique_ptr<Public_Key> key(cert.subject_public_key());

    policy.check_peer_key_acceptable(*key);

    std::pair<std::string, Signature_Format> format =
       state.parse_sig_format(*key.get(), m_scheme, true, policy);

    const bool signature_valid =
       state.callbacks().tls_verify_message(*key, format.first, format.second,
                                            state.hash().get_contents(), m_signature);

 #if defined(BOTAN_UNSAFE_FUZZER_MODE)
    BOTAN_UNUSED(signature_valid);
    return true;
 #else
    return signature_valid;
 #endif
    }

 }

 }
Botan::TLS::Handshake_IO::send
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0

Botan::TLS::Handshake_State::callbacks
Callbacks & callbacks() const
Definition: tls_handshake_state.h:163

Botan::TLS::Certificate_Verify::Certificate_Verify
Certificate_Verify(Handshake_IO &io, Handshake_State &state, const Policy &policy, RandomNumberGenerator &rng, const Private_Key *key)
Definition: msg_cert_verify.cpp:22

Botan::TLS::Handshake_State::parse_sig_format
std::pair< std::string, Signature_Format > parse_sig_format(const Public_Key &key, Signature_Scheme scheme, bool for_client_auth, const Policy &policy) const
Definition: tls_handshake_state.cpp:495

Botan::TLS::Callbacks::tls_verify_message
virtual bool tls_verify_message(const Public_Key &key, const std::string &emsa, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
Definition: tls_callbacks.cpp:96

Botan::RandomNumberGenerator
Definition: rng.h:25

Botan::TLS::Signature_Scheme::NONE

Botan::Private_Key
Definition: pk_keys.h:180

Botan::TLS::Policy::check_peer_key_acceptable
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
Definition: tls_policy.cpp:231

Botan::TLS::Signature_Scheme
Signature_Scheme
Definition: tls_algos.h:86

Botan::TLS::Handshake_State::choose_sig_format
std::pair< std::string, Signature_Format > choose_sig_format(const Private_Key &key, Signature_Scheme &scheme, bool for_client_auth, const Policy &policy) const
Definition: tls_handshake_state.cpp:399

Botan::get_byte
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:41

Botan::TLS::Protocol_Version
Definition: tls_version.h:21

Botan::TLS::Protocol_Version::supports_negotiable_signature_algorithms
bool supports_negotiable_signature_algorithms() const
Definition: tls_version.cpp:60

Botan::TLS::TLS_Data_Reader::get_uint16_t
uint16_t get_uint16_t()
Definition: tls_reader.h:62

Botan::TLS::Handshake_State::hash
Handshake_Hash & hash()
Definition: tls_handshake_state.h:169

Botan::X509_Certificate
Definition: x509cert.h:37

Botan::TLS::Callbacks::tls_sign_message
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, const std::string &emsa, Signature_Format format, const std::vector< uint8_t > &msg)
Definition: tls_callbacks.cpp:84

BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:107

Botan::TLS::TLS_Data_Reader::get_range
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:94

Botan::TLS::Handshake_Hash::update
void update(const uint8_t in[], size_t length)
Definition: tls_handshake_hash.h:24

Botan::TLS::Handshake_IO
Definition: tls_handshake_io.h:29

Botan
Definition: alg_id.cpp:13

BOTAN_UNUSED
#define BOTAN_UNUSED(...)
Definition: assert.h:142

Botan::TLS::TLS_Data_Reader::assert_done
void assert_done() const
Definition: tls_reader.h:30

Botan::TLS::Policy
Definition: tls_policy.h:28

Botan::TLS::TLS_Data_Reader
Definition: tls_reader.h:24

Botan::Encoding_Error
Definition: exceptn.h:184

Botan::X509_Certificate::subject_public_key
Public_Key * subject_public_key() const
Definition: x509cert.cpp:714

Botan::TLS::Certificate_Verify::verify
bool verify(const X509_Certificate &cert, const Handshake_State &state, const Policy &policy) const
Definition: msg_cert_verify.cpp:85

Botan::TLS::Handshake_State
Definition: tls_handshake_state.h:49

Botan::TLS::Handshake_Hash::get_contents
const std::vector< uint8_t > & get_contents() const
Definition: tls_handshake_hash.h:33