doxygen/msg__certificate__req__12_8cpp_source.html

/*

* Certificate Request Message

* (C) 2004-2006,2012 Jack Lloyd

*     2021 Elektrobit Automotive GmbH

*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/tls_messages_12.h>


#include <botan/ber_dec.h>

#include <botan/der_enc.h>

#include <botan/pkix_types.h>

#include <botan/tls_extensions.h>

#include <botan/tls_policy.h>

#include <botan/internal/fmt.h>

#include <botan/internal/tls_handshake_hash.h>

#include <botan/internal/tls_handshake_io.h>

#include <botan/internal/tls_reader.h>


namespace Botan::TLS {


Certificate_Request_12::~Certificate_Request_12() = default;


Handshake_Type Certificate_Request_12::type() const {

   return Handshake_Type::CertificateRequest;

}


namespace {


std::string cert_type_code_to_name(uint8_t code) {

   switch(code) {

      case 1:

         return "RSA";

      case 64:

         return "ECDSA";

      default:

         return "";  // DH or something else

   }

}


uint8_t cert_type_name_to_code(std::string_view name) {

   if(name == "RSA") {

      return 1;

   }

   if(name == "ECDSA") {

      return 64;

   }


   throw Invalid_Argument(fmt("Unknown/unhandled TLS cert type {}", name));

}


}  // namespace


/**

* Create a new Certificate Request message

*/


Certificate_Request_12::Certificate_Request_12(Handshake_IO& io,

                                               Handshake_Hash& hash,

                                               const Policy& policy,

                                               const std::vector<X509_DN>& ca_certs) :

      m_names(ca_certs), m_cert_key_types({"RSA", "ECDSA"}) {

   m_schemes = policy.acceptable_signature_schemes();

   // RFC 5246 7.4.4: supported_signature_algorithms<2..2^16-2>

   if(m_schemes.empty()) {

      throw Internal_Error("Policy returned no acceptable signature schemes for CertificateRequest");

   }

   hash.update(io.send(*this));

}


/**

* Deserialize a Certificate Request message

*/


Certificate_Request_12::Certificate_Request_12(const std::vector<uint8_t>& buf) {

   if(buf.size() < 4) {

      throw Decoding_Error("Certificate_Req: Bad certificate request");

   }


   TLS_Data_Reader reader("CertificateRequest", buf);


   const auto cert_type_codes = reader.get_range_vector<uint8_t>(1, 1, 255);


   for(const auto cert_type_code : cert_type_codes) {

      const std::string cert_type_name = cert_type_code_to_name(cert_type_code);


      if(cert_type_name.empty()) {  // something we don't know

         continue;

      }


      m_cert_key_types.emplace_back(cert_type_name);

   }


   const std::vector<uint8_t> algs = reader.get_range_vector<uint8_t>(2, 2, 65534);


   if(algs.size() % 2 != 0) {

      throw Decoding_Error("Bad length for signature IDs in certificate request");

   }


   for(size_t i = 0; i != algs.size(); i += 2) {

      m_schemes.emplace_back(make_uint16(algs[i], algs[i + 1]));

   }


   const uint16_t purported_size = reader.get_uint16_t();


   if(reader.remaining_bytes() != purported_size) {

      throw Decoding_Error("Inconsistent length in certificate request");

   }


   while(reader.has_remaining()) {

      // RFC 5246 7.4.4: opaque DistinguishedName<1..2^16-1>

      std::vector<uint8_t> name_bits = reader.get_range_vector<uint8_t>(2, 1, 65535);


      BER_Decoder decoder(name_bits, BER_Decoder::Limits::DER());

      X509_DN name;

      decoder.decode(name).verify_end();

      m_names.emplace_back(name);

   }

}


const std::vector<std::string>& Certificate_Request_12::acceptable_cert_types() const {

   return m_cert_key_types;

}


const std::vector<X509_DN>& Certificate_Request_12::acceptable_CAs() const {

   return m_names;

}


const std::vector<Signature_Scheme>& Certificate_Request_12::signature_schemes() const {

   return m_schemes;

}


/**

* Serialize a Certificate Request message

*/


std::vector<uint8_t> Certificate_Request_12::serialize() const {

   std::vector<uint8_t> buf;


   std::vector<uint8_t> cert_types;


   cert_types.reserve(m_cert_key_types.size());

   for(const auto& cert_key_type : m_cert_key_types) {

      cert_types.push_back(cert_type_name_to_code(cert_key_type));

   }


   append_tls_length_value(buf, cert_types, 1);


   // RFC 5246 7.4.4: supported_signature_algorithms<2..2^16-2>

   buf += Signature_Algorithms(m_schemes).serialize(Connection_Side::Server);


   std::vector<uint8_t> encoded_names;


   for(const auto& name : m_names) {

      DER_Encoder encoder;

      encoder.encode(name);


      append_tls_length_value(encoded_names, encoder.get_contents(), 2);

   }


   append_tls_length_value(buf, encoded_names, 2);


   return buf;

}


}  // namespace Botan::TLS

Botan::BER_Decoder::Limits::DER
static Limits DER()
Definition ber_dec.h:35

Botan::BER_Decoder
Definition ber_dec.h:25

Botan::DER_Encoder
Definition der_enc.h:25

Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:134

Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition der_enc.cpp:245

Botan::Decoding_Error
Definition exceptn.h:192

Botan::Internal_Error
Definition exceptn.h:322

Botan::TLS::Certificate_Request_12::~Certificate_Request_12
~Certificate_Request_12() override

Botan::TLS::Certificate_Request_12::acceptable_cert_types
const std::vector< std::string > & acceptable_cert_types() const
Definition msg_certificate_req_12.cpp:121

Botan::TLS::Certificate_Request_12::signature_schemes
const std::vector< Signature_Scheme > & signature_schemes() const
Definition msg_certificate_req_12.cpp:129

Botan::TLS::Certificate_Request_12::serialize
std::vector< uint8_t > serialize() const override
Definition msg_certificate_req_12.cpp:136

Botan::TLS::Certificate_Request_12::acceptable_CAs
const std::vector< X509_DN > & acceptable_CAs() const
Definition msg_certificate_req_12.cpp:125

Botan::TLS::Certificate_Request_12::Certificate_Request_12
Certificate_Request_12(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, const std::vector< X509_DN > &allowed_cas)
Definition msg_certificate_req_12.cpp:59

Botan::TLS::Certificate_Request_12::type
Handshake_Type type() const override
Definition msg_certificate_req_12.cpp:26

Botan::TLS::Handshake_Hash
Definition tls_handshake_hash.h:19

Botan::TLS::Handshake_IO
Definition tls_handshake_io.h:43

Botan::TLS::Policy
Definition tls_policy.h:33

Botan::TLS::Signature_Algorithms
Definition tls_extensions.h:263

Botan::TLS::Signature_Algorithms::serialize
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Definition tls_extensions.cpp:729

Botan::TLS::TLS_Data_Reader
Definition tls_reader.h:24

Botan::TLS::TLS_Data_Reader::has_remaining
bool has_remaining() const
Definition tls_reader.h:39

Botan::TLS::TLS_Data_Reader::remaining_bytes
size_t remaining_bytes() const
Definition tls_reader.h:37

Botan::TLS::TLS_Data_Reader::get_uint16_t
uint16_t get_uint16_t()
Definition tls_reader.h:71

Botan::TLS::TLS_Data_Reader::get_range_vector
std::vector< T > get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition tls_reader.h:117

Botan::X509_DN
Definition pkix_types.h:43

Botan::TLS
Definition asio_context.cpp:18

Botan::TLS::append_tls_length_value
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition tls_reader.h:177

Botan::TLS::Connection_Side::Server
@ Server
Definition tls_magic.h:46

Botan::TLS::Handshake_Type
Handshake_Type
Definition tls_magic.h:63

Botan::TLS::Handshake_Type::CertificateRequest
@ CertificateRequest
Definition tls_magic.h:75

Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

Botan::make_uint16
constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition loadstor.h:92