Botan 2.19.1
Crypto and TLS for C&
msg_certificate.cpp
Go to the documentation of this file.
1/*
2* Certificate Message
3* (C) 2004-2006,2012,2020 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/tls_messages.h>
9#include <botan/tls_extensions.h>
10#include <botan/tls_exceptn.h>
11#include <botan/tls_alert.h>
12#include <botan/internal/tls_reader.h>
13#include <botan/internal/tls_handshake_io.h>
14#include <botan/internal/tls_handshake_hash.h>
15#include <botan/loadstor.h>
16#include <botan/data_src.h>
17
18namespace Botan {
19
20namespace TLS {
21
22/**
23* Create a new Certificate message
24*/
27 const std::vector<X509_Certificate>& cert_list) :
28 m_certs(cert_list)
29 {
30 hash.update(io.send(*this));
31 }
32
33/**
34* Deserialize a Certificate message
35*/
36Certificate::Certificate(const std::vector<uint8_t>& buf, const Policy& policy)
37 {
38 if(buf.size() < 3)
39 throw Decoding_Error("Certificate: Message malformed");
40
41 const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]);
42
43 if(total_size != buf.size() - 3)
44 throw Decoding_Error("Certificate: Message malformed");
45
46 const size_t max_size = policy.maximum_certificate_chain_size();
47 if(max_size > 0 && total_size > max_size)
48 throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
49
50 const uint8_t* certs = buf.data() + 3;
51
52 while(size_t remaining_bytes = buf.data() + buf.size() - certs)
53 {
54 if(remaining_bytes < 3)
55 throw Decoding_Error("Certificate: Message malformed");
56
57 const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]);
58
59 if(remaining_bytes < (3 + cert_size))
60 throw Decoding_Error("Certificate: Message malformed");
61
62 DataSource_Memory cert_buf(&certs[3], cert_size);
63 m_certs.push_back(X509_Certificate(cert_buf));
64
65 certs += cert_size + 3;
66 }
67
68 /*
69 * TLS 1.0 through 1.2 all seem to require that the certificate be
70 * precisely a v3 certificate. In fact the strict wording would seem
71 * to require that every certificate in the chain be v3. But often
72 * the intermediates are outside of the control of the server.
73 * But, require that the leaf certificate be v3
74 */
75 if(m_certs.size() > 0 && m_certs[0].x509_version() != 3)
76 {
78 "The leaf certificate must be v3");
79 }
80 }
81
82/**
83* Serialize a Certificate message
84*/
85std::vector<uint8_t> Certificate::serialize() const
86 {
87 std::vector<uint8_t> buf(3);
88
89 for(size_t i = 0; i != m_certs.size(); ++i)
90 {
91 std::vector<uint8_t> raw_cert = m_certs[i].BER_encode();
92 const size_t cert_size = raw_cert.size();
93 for(size_t j = 0; j != 3; ++j)
94 {
95 buf.push_back(get_byte(j+1, static_cast<uint32_t>(cert_size)));
96 }
97 buf += raw_cert;
98 }
99
100 const size_t buf_size = buf.size() - 3;
101 for(size_t i = 0; i != 3; ++i)
102 buf[i] = get_byte(i+1, static_cast<uint32_t>(buf_size));
103
104 return buf;
105 }
106
107}
108
109}
Certificate(Handshake_IO &io, Handshake_Hash &hash, const std::vector< X509_Certificate > &certs)
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
virtual size_t maximum_certificate_chain_size() const
Definition: tls_policy.cpp:352
Definition: alg_id.cpp:13
constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
Definition: loadstor.h:67
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:41
MechanismType hash