Botan  2.18.1
Crypto and TLS for C++11
msg_certificate.cpp
Go to the documentation of this file.
1 /*
2 * Certificate Message
3 * (C) 2004-2006,2012,2020 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/tls_messages.h>
9 #include <botan/tls_extensions.h>
10 #include <botan/tls_exceptn.h>
11 #include <botan/tls_alert.h>
12 #include <botan/internal/tls_reader.h>
13 #include <botan/internal/tls_handshake_io.h>
14 #include <botan/internal/tls_handshake_hash.h>
15 #include <botan/loadstor.h>
16 #include <botan/data_src.h>
17 
18 namespace Botan {
19 
20 namespace TLS {
21 
22 /**
23 * Create a new Certificate message
24 */
27  const std::vector<X509_Certificate>& cert_list) :
28  m_certs(cert_list)
29  {
30  hash.update(io.send(*this));
31  }
32 
33 /**
34 * Deserialize a Certificate message
35 */
36 Certificate::Certificate(const std::vector<uint8_t>& buf, const Policy& policy)
37  {
38  if(buf.size() < 3)
39  throw Decoding_Error("Certificate: Message malformed");
40 
41  const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]);
42 
43  if(total_size != buf.size() - 3)
44  throw Decoding_Error("Certificate: Message malformed");
45 
46  const size_t max_size = policy.maximum_certificate_chain_size();
47  if(max_size > 0 && total_size > max_size)
48  throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
49 
50  const uint8_t* certs = buf.data() + 3;
51 
52  while(size_t remaining_bytes = buf.data() + buf.size() - certs)
53  {
54  if(remaining_bytes < 3)
55  throw Decoding_Error("Certificate: Message malformed");
56 
57  const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]);
58 
59  if(remaining_bytes < (3 + cert_size))
60  throw Decoding_Error("Certificate: Message malformed");
61 
62  DataSource_Memory cert_buf(&certs[3], cert_size);
63  m_certs.push_back(X509_Certificate(cert_buf));
64 
65  certs += cert_size + 3;
66  }
67 
68  /*
69  * TLS 1.0 through 1.2 all seem to require that the certificate be
70  * precisely a v3 certificate. In fact the strict wording would seem
71  * to require that every certificate in the chain be v3. But often
72  * the intermediates are outside of the control of the server.
73  * But, require that the leaf certificate be v3
74  */
75  if(m_certs.size() > 0 && m_certs[0].x509_version() != 3)
76  {
78  "The leaf certificate must be v3");
79  }
80  }
81 
82 /**
83 * Serialize a Certificate message
84 */
85 std::vector<uint8_t> Certificate::serialize() const
86  {
87  std::vector<uint8_t> buf(3);
88 
89  for(size_t i = 0; i != m_certs.size(); ++i)
90  {
91  std::vector<uint8_t> raw_cert = m_certs[i].BER_encode();
92  const size_t cert_size = raw_cert.size();
93  for(size_t j = 0; j != 3; ++j)
94  {
95  buf.push_back(get_byte(j+1, static_cast<uint32_t>(cert_size)));
96  }
97  buf += raw_cert;
98  }
99 
100  const size_t buf_size = buf.size() - 3;
101  for(size_t i = 0; i != 3; ++i)
102  buf[i] = get_byte(i+1, static_cast<uint32_t>(buf_size));
103 
104  return buf;
105  }
106 
107 }
108 
109 }
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
Certificate(Handshake_IO &io, Handshake_Hash &hash, const std::vector< X509_Certificate > &certs)
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:41
constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
Definition: loadstor.h:67
virtual size_t maximum_certificate_chain_size() const
Definition: tls_policy.cpp:352
Definition: alg_id.cpp:13
MechanismType hash