11#include <botan/tls_messages.h>
13#include <botan/internal/tls_handshake_io.h>
14#include <botan/internal/tls_handshake_state.h>
15#include <botan/internal/tls_reader.h>
16#include <botan/internal/stl_util.h>
17#include <botan/pk_keys.h>
18#include <botan/tls_algos.h>
19#include <botan/tls_extensions.h>
20#include <botan/credentials_manager.h>
35 std::pair<std::string, Signature_Format> format =
57 {
throw Decoding_Error(
"Counterparty did not send hash/sig IDS"); }
66 std::vector<uint8_t> buf;
70 buf.push_back(get_byte<0>(code));
71 buf.push_back(get_byte<1>(code));
74 {
throw Encoding_Error(
"Certificate_Verify signature too long to encode"); }
76 const uint16_t sig_len =
static_cast<uint16_t
>(
m_signature.size());
77 buf.push_back(get_byte<0>(sig_len));
78 buf.push_back(get_byte<1>(sig_len));
87 const Policy& policy)
const
93 std::pair<std::string, Signature_Format> format =
96 const bool signature_valid =
100#if defined(BOTAN_UNSAFE_FUZZER_MODE)
105 return signature_valid;
110#if defined(BOTAN_HAS_TLS_13)
116 std::vector<uint8_t> msg(64, 0x20);
117 msg.reserve(64 + 33 + 1 + hash.size());
120 ?
"TLS 1.3, server CertificateVerify"
121 :
"TLS 1.3, client CertificateVerify";
123 msg.insert(msg.end(), context_string.cbegin(), context_string.cend());
126 msg.insert(msg.end(), hash.cbegin(), hash.cend());
130Signature_Scheme choose_signature_scheme(
132 const std::vector<Signature_Scheme>& allowed_schemes,
133 const std::vector<Signature_Scheme>& peer_allowed_schemes)
135 for(Signature_Scheme scheme : allowed_schemes)
137 if(scheme.is_available()
138 && scheme.is_suitable_for(key)
145 throw TLS_Exception(Alert::HandshakeFailure,
"Failed to agree on a signature algorithm");
153Certificate_Verify_13::Certificate_Verify_13(
154 const Certificate_13& certificate_msg,
155 const std::vector<Signature_Scheme>& peer_allowed_schemes,
156 std::string_view hostname,
159 Credentials_Manager& creds_mgr,
160 const Policy& policy,
161 Callbacks& callbacks,
162 RandomNumberGenerator& rng)
167 const auto private_key = creds_mgr.private_key_for(
168 certificate_msg.leaf(),
170 std::string(hostname));
173 {
throw TLS_Exception(Alert::InternalError,
"Application did not provide a private key for its certificate"); }
175 m_scheme = choose_signature_scheme(*private_key, policy.allowed_signature_schemes(), peer_allowed_schemes);
180 callbacks.tls_sign_message(*private_key,
184 message(m_side, hash));
188Certificate_Verify_13::Certificate_Verify_13(
const std::vector<uint8_t>& buf,
190 : Certificate_Verify(buf)
194 {
throw TLS_Exception(Alert::HandshakeFailure,
"Peer sent unknown signature scheme"); }
197 {
throw TLS_Exception(Alert::IllegalParameter,
"Peer sent signature algorithm that is not suitable for TLS 1.3"); }
203bool Certificate_Verify_13::verify(
const X509_Certificate& cert,
204 Callbacks& callbacks,
212 if(m_scheme.key_algorithm_identifier() != cert.subject_public_key_algo())
213 {
throw TLS_Exception(Alert::IllegalParameter,
"Signature algorithm does not match certificate's public key"); }
216 const bool signature_valid =
217 callbacks.tls_verify_message(*key,
218 m_scheme.padding_string(),
219 m_scheme.format().value(),
220 message(m_side, transcript_hash),
223#if defined(BOTAN_UNSAFE_FUZZER_MODE)
227 return signature_valid;
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_UNUSED(...)
#define BOTAN_ASSERT_NONNULL(ptr)
std::vector< uint8_t > subject_public_key() const
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg)
virtual bool tls_verify_message(const Public_Key &key, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
bool verify(const X509_Certificate &cert, const Handshake_State &state, const Policy &policy) const
Certificate_Verify_12(Handshake_IO &io, Handshake_State &state, const Policy &policy, RandomNumberGenerator &rng, const Private_Key *key)
Signature_Scheme m_scheme
Certificate_Verify()=default
std::vector< uint8_t > serialize() const override
std::vector< uint8_t > m_signature
const std::vector< uint8_t > & get_contents() const
void update(const uint8_t in[], size_t length)
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
std::pair< std::string, Signature_Format > parse_sig_format(const Public_Key &key, Signature_Scheme scheme, const std::vector< Signature_Scheme > &offered_schemes, bool for_client_auth, const Policy &policy) const
Callbacks & callbacks() const
void client_hello(Client_Hello_12 *client_hello)
std::pair< std::string, Signature_Format > choose_sig_format(const Private_Key &key, Signature_Scheme &scheme, bool for_client_auth, const Policy &policy) const
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
bool is_compatible_with(const Protocol_Version &protocol_version) const noexcept
Signature_Scheme::Code wire_code() const noexcept
std::optional< Signature_Format > format() const noexcept
bool is_set() const noexcept
std::string padding_string() const noexcept
bool is_available() const noexcept
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
std::unique_ptr< Public_Key > subject_public_key() const
std::vector< uint8_t > Transcript_Hash
bool value_exists(const std::vector< T > &vec, const OT &val)