8#include <botan/x509_obj.h>
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
13#include <botan/pubkey.h>
14#include <botan/internal/emsa.h>
15#include <botan/internal/fmt.h>
30 std::string got_label;
34 bool is_alternate =
false;
36 if(got_label == alt_label) {
131 std::vector<uint8_t> output;
144std::string x509_signature_padding_for(
const std::string& algo_name,
145 std::string_view hash_fn,
146 std::string_view user_specified_padding) {
147 if(algo_name ==
"DSA" || algo_name ==
"ECDSA" || algo_name ==
"ECGDSA" || algo_name ==
"ECKCDSA" ||
148 algo_name ==
"GOST-34.10" || algo_name ==
"GOST-34.10-2012-256" || algo_name ==
"GOST-34.10-2012-512") {
149 BOTAN_ARG_CHECK(user_specified_padding.empty() || user_specified_padding ==
"EMSA1",
150 "Invalid padding scheme for DSA-like scheme");
152 return hash_fn.empty() ?
"SHA-256" : std::string(hash_fn);
153 }
else if(algo_name ==
"RSA") {
156 if(user_specified_padding.empty()) {
157 if(hash_fn.empty()) {
158 return "EMSA3(SHA-256)";
160 return fmt(
"EMSA3({})", hash_fn);
163 if(hash_fn.empty()) {
164 return fmt(
"{}(SHA-256)", user_specified_padding);
166 return fmt(
"{}({})", user_specified_padding, hash_fn);
169 }
else if(algo_name ==
"Ed25519" || algo_name ==
"Ed448") {
170 return user_specified_padding.empty() ?
"Pure" : std::string(user_specified_padding);
171 }
else if(algo_name.starts_with(
"Dilithium-")) {
172 return user_specified_padding.empty() ?
"Randomized" : std::string(user_specified_padding);
173 }
else if(algo_name ==
"XMSS") {
175 return std::string(user_specified_padding);
176 }
else if(algo_name ==
"HSS-LMS") {
178 return std::string(user_specified_padding);
180 throw Invalid_Argument(
"Unknown X.509 signing key type: " + algo_name);
184std::string format_padding_error_message(std::string_view key_name,
185 std::string_view signer_hash_fn,
186 std::string_view user_hash_fn,
187 std::string_view chosen_padding,
188 std::string_view user_specified_padding) {
189 std::ostringstream oss;
191 oss <<
"Specified hash function " << user_hash_fn <<
" is incompatible with " << key_name;
193 if(!signer_hash_fn.empty()) {
194 oss <<
" chose hash function " << signer_hash_fn;
197 if(!chosen_padding.empty()) {
198 oss <<
" chose padding " << chosen_padding;
200 if(!user_specified_padding.empty()) {
201 oss <<
" with user specified padding " << user_specified_padding;
214 std::string_view hash_fn,
215 std::string_view user_specified_padding) {
218 if(!user_specified_padding.empty()) {
220 auto pk_signer = std::make_unique<PK_Signer>(key, rng, user_specified_padding, format);
221 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
223 key.
algo_name(), pk_signer->hash_function(), hash_fn,
"", user_specified_padding));
229 const std::string padding = x509_signature_padding_for(key.
algo_name(), hash_fn, user_specified_padding);
232 auto pk_signer = std::make_unique<PK_Signer>(key, rng, padding, format);
233 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
235 key.
algo_name(), pk_signer->hash_function(), hash_fn, padding, user_specified_padding));
#define BOTAN_ARG_CHECK(expr, msg)
std::vector< uint8_t > BER_encode() const
virtual std::string algo_name() const =0
BER_Decoder & decode(bool &out)
BER_Decoder & raw_bytes(std::vector< uint8_t, Alloc > &out)
BER_Decoder start_sequence()
DER_Encoder & start_sequence()
DER_Encoder & raw_bytes(const uint8_t val[], size_t len)
DER_Encoder & encode(bool b)
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
std::string hash_function() const
virtual Signature_Format default_x509_signature_format() const
const std::vector< uint8_t > & signed_body() const
void decode_from(BER_Decoder &from) override
std::string PEM_encode() const
const AlgorithmIdentifier & signature_algorithm() const
virtual std::vector< std::string > alternate_PEM_labels() const
static std::unique_ptr< PK_Signer > choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)
std::vector< uint8_t > tbs_data() const
const std::vector< uint8_t > & signature() const
static std::vector< uint8_t > make_signed(PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
void encode_into(DER_Encoder &to) const override
std::pair< Certificate_Status_Code, std::string > verify_signature(const Public_Key &key) const
void load_data(DataSource &src)
virtual std::string PEM_label() const =0
bool check_signature(const Public_Key &key) const
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
bool maybe_BER(DataSource &source)
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
bool matches(DataSource &source, std::string_view extra, size_t search_range)
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
std::string fmt(std::string_view format, const T &... args)
std::vector< T, secure_allocator< T > > secure_vector
@ SIGNATURE_ALGO_BAD_PARAMS