Botan 3.11.0
Crypto and TLS for C&
msg_cert_verify_13.cpp
Go to the documentation of this file.
1/*
2* Certificate Verify Message
3* (C) 2021-2022 Jack Lloyd
4* 2021 Elektrobit Automotive GmbH
5* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6*
7* Botan is released under the Simplified BSD License (see license.txt)
8*/
9
10#include <botan/tls_messages_13.h>
11
12#include <botan/credentials_manager.h>
13#include <botan/pk_keys.h>
14#include <botan/tls_callbacks.h>
15#include <botan/tls_exceptn.h>
16#include <botan/tls_policy.h>
17#include <botan/internal/stl_util.h>
18
19namespace Botan::TLS {
20
21namespace {
22
23std::vector<uint8_t> message(Connection_Side side, const Transcript_Hash& hash) {
24 std::vector<uint8_t> msg(64, 0x20);
25 msg.reserve(64 + 33 + 1 + hash.size());
26
27 const std::string context_string = (side == TLS::Connection_Side::Server) ? "TLS 1.3, server CertificateVerify"
28 : "TLS 1.3, client CertificateVerify";
29
30 msg.insert(msg.end(), context_string.cbegin(), context_string.cend());
31 msg.push_back(0x00);
32
33 msg.insert(msg.end(), hash.cbegin(), hash.cend());
34 return msg;
35}
36
37Signature_Scheme choose_signature_scheme(const Private_Key& key,
38 const std::vector<Signature_Scheme>& allowed_schemes,
39 const std::vector<Signature_Scheme>& peer_allowed_schemes) {
40 for(Signature_Scheme scheme : allowed_schemes) {
41 if(scheme.is_available() && scheme.is_suitable_for(key) && value_exists(peer_allowed_schemes, scheme)) {
42 return scheme;
43 }
44 }
45
46 throw TLS_Exception(Alert::HandshakeFailure, "Failed to agree on a signature algorithm");
47}
48
49} // namespace
50
51/*
52* Create a new Certificate Verify message for TLS 1.3
53*/
54Certificate_Verify_13::Certificate_Verify_13(const Certificate_13& certificate_msg,
55 const std::vector<Signature_Scheme>& peer_allowed_schemes,
56 std::string_view hostname,
57 const Transcript_Hash& hash,
58 Connection_Side whoami,
59 Credentials_Manager& creds_mgr,
60 const Policy& policy,
61 Callbacks& callbacks,
62 RandomNumberGenerator& rng) :
63 m_side(whoami) {
64 BOTAN_ASSERT_NOMSG(!certificate_msg.empty());
65
66 const std::string op_type((m_side == Connection_Side::Client) ? "tls-client" : "tls-server");
67 const auto context = std::string(hostname);
68
69 const auto private_key = (certificate_msg.has_certificate_chain())
70 ? creds_mgr.private_key_for(certificate_msg.leaf(), op_type, context)
71 : creds_mgr.private_key_for(*certificate_msg.public_key(), op_type, context);
72 if(!private_key) {
73 throw TLS_Exception(Alert::InternalError, "Application did not provide a private key for its credential");
74 }
75
76 m_scheme = choose_signature_scheme(*private_key, policy.allowed_signature_schemes(), peer_allowed_schemes);
77 BOTAN_ASSERT_NOMSG(m_scheme.is_available());
78 BOTAN_ASSERT_NOMSG(m_scheme.is_compatible_with(Protocol_Version::TLS_V13));
79
80 m_signature = callbacks.tls_sign_message(
81 *private_key, rng, m_scheme.padding_string(), m_scheme.format().value(), message(m_side, hash));
82}
83
84Certificate_Verify_13::Certificate_Verify_13(const std::vector<uint8_t>& buf, const Connection_Side side) :
85 Certificate_Verify(buf), m_side(side) {
86 if(!m_scheme.is_available()) {
87 throw TLS_Exception(Alert::IllegalParameter, "Peer sent unknown signature scheme");
88 }
89
90 if(!m_scheme.is_compatible_with(Protocol_Version::TLS_V13)) {
91 throw TLS_Exception(Alert::IllegalParameter, "Peer sent signature algorithm that is not suitable for TLS 1.3");
92 }
93}
94
95/*
96* Verify a Certificate Verify message
97*/
98bool Certificate_Verify_13::verify(const Public_Key& public_key,
99 Callbacks& callbacks,
100 const Transcript_Hash& transcript_hash) const {
101 BOTAN_ASSERT_NOMSG(m_scheme.is_available());
102
103 // RFC 8446 4.2.3
104 // The keys found in certificates MUST [...] be of appropriate type for
105 // the signature algorithms they are used with.
106 if(m_scheme.key_algorithm_identifier() != public_key.algorithm_identifier()) {
107 throw TLS_Exception(Alert::IllegalParameter, "Signature algorithm does not match certificate's public key");
108 }
109
110 const bool signature_valid = callbacks.tls_verify_message(
111 public_key, m_scheme.padding_string(), m_scheme.format().value(), message(m_side, transcript_hash), m_signature);
112
113#if defined(BOTAN_UNSAFE_FUZZER_MODE)
114 BOTAN_UNUSED(signature_valid);
115 return true;
116#else
117 return signature_valid;
118#endif
119}
120
121} // namespace Botan::TLS
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::Credentials_Manager
Definition credentials_manager.h:40
Botan::Credentials_Manager::private_key_for
virtual std::shared_ptr< Private_Key > private_key_for(const X509_Certificate &cert, const std::string &type, const std::string &context)
Definition credentials_manager.cpp:113
Botan::Public_Key
Definition pk_keys.h:148
Botan::Public_Key::algorithm_identifier
virtual AlgorithmIdentifier algorithm_identifier() const =0
Botan::TLS::Callbacks::tls_sign_message
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg)
Definition tls_callbacks.cpp:143
Botan::TLS::Callbacks::tls_verify_message
virtual bool tls_verify_message(const Public_Key &key, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
Definition tls_callbacks.cpp:153
Botan::TLS::Certificate_13
Definition tls_messages_13.h:166
Botan::TLS::Certificate_13::leaf
const X509_Certificate & leaf() const
Definition msg_certificate_13.cpp:92
Botan::TLS::Certificate_13::public_key
std::shared_ptr< const Public_Key > public_key() const
Definition msg_certificate_13.cpp:87
Botan::TLS::Certificate_13::has_certificate_chain
bool has_certificate_chain() const
Definition msg_certificate_13.cpp:55
Botan::TLS::Certificate_13::empty
bool empty() const
Definition tls_messages_13.h:209
Botan::TLS::Certificate_Verify_13::verify
bool verify(const Public_Key &public_key, Callbacks &callbacks, const Transcript_Hash &transcript_hash) const
Definition msg_cert_verify_13.cpp:98
Botan::TLS::Certificate_Verify_13::Certificate_Verify_13
Certificate_Verify_13(const std::vector< uint8_t > &buf, Connection_Side side)
Definition msg_cert_verify_13.cpp:84
Botan::TLS::Certificate_Verify::m_scheme
Signature_Scheme m_scheme
Definition tls_messages.h:264
Botan::TLS::Certificate_Verify::Certificate_Verify
Certificate_Verify(const std::vector< uint8_t > &buf)
Definition msg_cert_verify.cpp:20
Botan::TLS::Certificate_Verify::m_signature
std::vector< uint8_t > m_signature
Definition tls_messages.h:263
Botan::TLS::Policy::allowed_signature_schemes
virtual std::vector< Signature_Scheme > allowed_signature_schemes() const
Definition tls_policy.cpp:29
Botan::TLS::Signature_Scheme
Definition tls_signature_scheme.h:29
Botan::TLS::TLS_Exception
Definition tls_exceptn.h:19
Botan::TLS::Transcript_Hash
std::vector< uint8_t > Transcript_Hash
Definition tls_magic.h:93
Botan::value_exists
bool value_exists(const std::vector< T > &vec, const V &val)
Definition stl_util.h:43
Generated by doxygen 1.15.0