doxygen/msg__cert__verify__12_8cpp_source.html

/*

* Certificate Verify Message

* (C) 2004,2006,2011,2012 Jack Lloyd

*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/tls_messages_12.h>


#include <botan/assert.h>

#include <botan/tls_callbacks.h>

#include <botan/tls_policy.h>

#include <botan/x509cert.h>

#include <botan/internal/target_info.h>

#include <botan/internal/tls_handshake_state.h>


namespace Botan::TLS {


/*

* Create a new Certificate Verify message for TLS 1.2

*/


Certificate_Verify_12::Certificate_Verify_12(Handshake_IO& io,

                                             Handshake_State& state,

                                             const Policy& policy,

                                             RandomNumberGenerator& rng,

                                             const Private_Key* priv_key) {

   BOTAN_ASSERT_NONNULL(priv_key);


   const std::pair<std::string, Signature_Format> format = state.choose_sig_format(*priv_key, m_scheme, true, policy);


   m_signature =

      state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second, state.hash().get_contents());


   state.hash().update(io.send(*this));

}


bool Certificate_Verify_12::verify(const X509_Certificate& cert,

                                   const Handshake_State& state,

                                   const Policy& policy) const {

   auto key = cert.subject_public_key();


   policy.check_peer_key_acceptable(*key);


   const std::pair<std::string, Signature_Format> format =

      state.parse_sig_format(*key, m_scheme, state.client_hello()->signature_schemes(), true, policy);


   const bool signature_valid =

      state.callbacks().tls_verify_message(*key, format.first, format.second, state.hash().get_contents(), m_signature);


#if defined(BOTAN_UNSAFE_FUZZER_MODE)

   BOTAN_UNUSED(signature_valid);

   return true;


#else

   return signature_valid;


#endif

}


}  // namespace Botan::TLS

BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144

BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114

Botan::Private_Key
Definition pk_keys.h:294

Botan::RandomNumberGenerator
Definition rng.h:39

Botan::TLS::Callbacks::tls_sign_message
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg)
Definition tls_callbacks.cpp:143

Botan::TLS::Callbacks::tls_verify_message
virtual bool tls_verify_message(const Public_Key &key, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
Definition tls_callbacks.cpp:153

Botan::TLS::Certificate_Verify_12::verify
bool verify(const X509_Certificate &cert, const Handshake_State &state, const Policy &policy) const
Definition msg_cert_verify_12.cpp:38

Botan::TLS::Certificate_Verify_12::Certificate_Verify_12
Certificate_Verify_12(Handshake_IO &io, Handshake_State &state, const Policy &policy, RandomNumberGenerator &rng, const Private_Key *key)
Definition msg_cert_verify_12.cpp:23

Botan::TLS::Certificate_Verify::m_scheme
Signature_Scheme m_scheme
Definition tls_messages.h:264

Botan::TLS::Certificate_Verify::m_signature
std::vector< uint8_t > m_signature
Definition tls_messages.h:263

Botan::TLS::Handshake_Hash::get_contents
const std::vector< uint8_t > & get_contents() const
Definition tls_handshake_hash.h:27

Botan::TLS::Handshake_Hash::update
void update(const uint8_t in[], size_t length)
Definition tls_handshake_hash.h:21

Botan::TLS::Handshake_IO
Definition tls_handshake_io.h:43

Botan::TLS::Handshake_IO::send
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0

Botan::TLS::Handshake_State
Definition tls_handshake_state.h:59

Botan::TLS::Handshake_State::parse_sig_format
std::pair< std::string, Signature_Format > parse_sig_format(const Public_Key &key, Signature_Scheme scheme, const std::vector< Signature_Scheme > &offered_schemes, bool for_client_auth, const Policy &policy) const
Definition tls_handshake_state.cpp:255

Botan::TLS::Handshake_State::client_hello
void client_hello(std::unique_ptr< Client_Hello_12 > client_hello)
Definition tls_handshake_state.cpp:47

Botan::TLS::Handshake_State::callbacks
Callbacks & callbacks() const
Definition tls_handshake_state.h:165

Botan::TLS::Handshake_State::hash
Handshake_Hash & hash()
Definition tls_handshake_state.h:171

Botan::TLS::Handshake_State::choose_sig_format
std::pair< std::string, Signature_Format > choose_sig_format(const Private_Key &key, Signature_Scheme &scheme, bool for_client_auth, const Policy &policy) const
Definition tls_handshake_state.cpp:196

Botan::TLS::Policy
Definition tls_policy.h:33

Botan::TLS::Policy::check_peer_key_acceptable
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
Definition tls_policy.cpp:277

Botan::X509_Certificate
Definition x509cert.h:27

Botan::X509_Certificate::subject_public_key
std::unique_ptr< Public_Key > subject_public_key() const
Definition x509cert.cpp:622

Botan::TLS
Definition asio_context.cpp:18