Botan 3.3.0
Crypto and TLS for C&
x509_obj.cpp
Go to the documentation of this file.
1/*
2* X.509 SIGNED Object
3* (C) 1999-2007,2020 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/x509_obj.h>
9
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/pem.h>
13#include <botan/pubkey.h>
14#include <botan/internal/emsa.h>
15#include <botan/internal/fmt.h>
16#include <algorithm>
17#include <sstream>
18
19namespace Botan {
20
21/*
22* Read a PEM or BER X.509 object
23*/
25 try {
26 if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) {
27 BER_Decoder dec(in);
28 decode_from(dec);
29 } else {
30 std::string got_label;
31 DataSource_Memory ber(PEM_Code::decode(in, got_label));
32
33 if(got_label != PEM_label()) {
34 bool is_alternate = false;
35 for(std::string_view alt_label : alternate_PEM_labels()) {
36 if(got_label == alt_label) {
37 is_alternate = true;
38 break;
39 }
40 }
41
42 if(!is_alternate) {
43 throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label);
44 }
45 }
46
47 BER_Decoder dec(ber);
48 decode_from(dec);
49 }
50 } catch(Decoding_Error& e) {
51 throw Decoding_Error(PEM_label() + " decoding", e);
52 }
53}
54
64
65/*
66* Read a BER encoded X.509 object
67*/
69 from.start_sequence()
71 .raw_bytes(m_tbs_bits)
72 .end_cons()
73 .decode(m_sig_algo)
75 .end_cons();
76
77 force_decode();
78}
79
80/*
81* Return a PEM encoded X.509 object
82*/
83std::string X509_Object::PEM_encode() const {
85}
86
87/*
88* Return the TBS data
89*/
90std::vector<uint8_t> X509_Object::tbs_data() const {
91 return ASN1::put_in_sequence(m_tbs_bits);
92}
93
94/*
95* Check the signature on an object
96*/
97bool X509_Object::check_signature(const Public_Key& pub_key) const {
98 const auto result = this->verify_signature(pub_key);
99 return (result.first == Certificate_Status_Code::VERIFIED);
100}
101
102std::pair<Certificate_Status_Code, std::string> X509_Object::verify_signature(const Public_Key& pub_key) const {
103 try {
104 PK_Verifier verifier(pub_key, signature_algorithm());
105 const bool valid = verifier.verify_message(tbs_data(), signature());
106
107 if(valid) {
108 return std::make_pair(Certificate_Status_Code::VERIFIED, verifier.hash_function());
109 } else {
110 return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
111 }
112 } catch(Decoding_Error&) {
114 } catch(Algorithm_Not_Found&) {
115 return std::make_pair(Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN, "");
116 } catch(...) {
117 // This shouldn't happen, fallback to generic signature error
118 return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
119 }
120}
121
122/*
123* Apply the X.509 SIGNED macro
124*/
125std::vector<uint8_t> X509_Object::make_signed(PK_Signer& signer,
127 const AlgorithmIdentifier& algo,
128 const secure_vector<uint8_t>& tbs_bits) {
129 const std::vector<uint8_t> signature = signer.sign_message(tbs_bits, rng);
130
131 std::vector<uint8_t> output;
132 DER_Encoder(output)
134 .raw_bytes(tbs_bits)
135 .encode(algo)
137 .end_cons();
138
139 return output;
140}
141
142namespace {
143
144std::string x509_signature_padding_for(const std::string& algo_name,
145 std::string_view hash_fn,
146 std::string_view user_specified_padding) {
147 if(algo_name == "DSA" || algo_name == "ECDSA" || algo_name == "ECGDSA" || algo_name == "ECKCDSA" ||
148 algo_name == "GOST-34.10" || algo_name == "GOST-34.10-2012-256" || algo_name == "GOST-34.10-2012-512") {
149 BOTAN_ARG_CHECK(user_specified_padding.empty() || user_specified_padding == "EMSA1",
150 "Invalid padding scheme for DSA-like scheme");
151
152 return hash_fn.empty() ? "SHA-256" : std::string(hash_fn);
153 } else if(algo_name == "RSA") {
154 // set to PKCSv1.5 for compatibility reasons, originally it was the only option
155
156 if(user_specified_padding.empty()) {
157 if(hash_fn.empty()) {
158 return "EMSA3(SHA-256)";
159 } else {
160 return fmt("EMSA3({})", hash_fn);
161 }
162 } else {
163 if(hash_fn.empty()) {
164 return fmt("{}(SHA-256)", user_specified_padding);
165 } else {
166 return fmt("{}({})", user_specified_padding, hash_fn);
167 }
168 }
169 } else if(algo_name == "Ed25519") {
170 return user_specified_padding.empty() ? "Pure" : std::string(user_specified_padding);
171 } else if(algo_name.starts_with("Dilithium-")) {
172 return user_specified_padding.empty() ? "Randomized" : std::string(user_specified_padding);
173 } else if(algo_name == "XMSS") {
174 // XMSS does not take any padding, but if the user insists, we pass it along
175 return std::string(user_specified_padding);
176 } else {
177 throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
178 }
179}
180
181std::string format_padding_error_message(std::string_view key_name,
182 std::string_view signer_hash_fn,
183 std::string_view user_hash_fn,
184 std::string_view chosen_padding,
185 std::string_view user_specified_padding) {
186 std::ostringstream oss;
187
188 oss << "Specified hash function " << user_hash_fn << " is incompatible with " << key_name;
189
190 if(!signer_hash_fn.empty()) {
191 oss << " chose hash function " << signer_hash_fn;
192 }
193
194 if(!chosen_padding.empty()) {
195 oss << " chose padding " << chosen_padding;
196 }
197 if(!user_specified_padding.empty()) {
198 oss << " with user specified padding " << user_specified_padding;
199 }
200
201 return oss.str();
202}
203
204} // namespace
205
206/*
207* Choose a signing format for the key
208*/
209std::unique_ptr<PK_Signer> X509_Object::choose_sig_format(const Private_Key& key,
211 std::string_view hash_fn,
212 std::string_view user_specified_padding) {
214
215 if(!user_specified_padding.empty()) {
216 try {
217 auto pk_signer = std::make_unique<PK_Signer>(key, rng, user_specified_padding, format);
218 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
219 throw Invalid_Argument(format_padding_error_message(
220 key.algo_name(), pk_signer->hash_function(), hash_fn, "", user_specified_padding));
221 }
222 return pk_signer;
223 } catch(Lookup_Error&) {}
224 }
225
226 const std::string padding = x509_signature_padding_for(key.algo_name(), hash_fn, user_specified_padding);
227
228 try {
229 auto pk_signer = std::make_unique<PK_Signer>(key, rng, padding, format);
230 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
231 throw Invalid_Argument(format_padding_error_message(
232 key.algo_name(), pk_signer->hash_function(), hash_fn, padding, user_specified_padding));
233 }
234 return pk_signer;
235 } catch(Not_Implemented&) {
236 throw Invalid_Argument("Signatures using " + key.algo_name() + "/" + padding + " are not supported");
237 }
238}
239
240} // namespace Botan
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
std::vector< uint8_t > BER_encode() const
Definition asn1_obj.cpp:19
virtual std::string algo_name() const =0
BER_Decoder & decode(bool &out)
Definition ber_dec.h:176
BER_Decoder & raw_bytes(std::vector< uint8_t, Alloc > &out)
Definition ber_dec.h:162
BER_Decoder & end_cons()
Definition ber_dec.cpp:295
BER_Decoder start_sequence()
Definition ber_dec.h:113
DER_Encoder & start_sequence()
Definition der_enc.h:65
DER_Encoder & raw_bytes(const uint8_t val[], size_t len)
Definition der_enc.cpp:207
DER_Encoder & end_cons()
Definition der_enc.cpp:171
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:186
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:368
std::string hash_function() const
Definition pubkey.cpp:359
virtual Signature_Format default_x509_signature_format() const
Definition pk_keys.h:190
const std::vector< uint8_t > & signed_body() const
Definition x509_obj.h:42
void decode_from(BER_Decoder &from) override
Definition x509_obj.cpp:68
std::string PEM_encode() const
Definition x509_obj.cpp:83
const AlgorithmIdentifier & signature_algorithm() const
Definition x509_obj.h:47
virtual std::vector< std::string > alternate_PEM_labels() const
Definition x509_obj.h:101
static std::unique_ptr< PK_Signer > choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)
Definition x509_obj.cpp:209
std::vector< uint8_t > tbs_data() const
Definition x509_obj.cpp:90
const std::vector< uint8_t > & signature() const
Definition x509_obj.h:37
static std::vector< uint8_t > make_signed(PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
Definition x509_obj.cpp:125
void encode_into(DER_Encoder &to) const override
Definition x509_obj.cpp:55
std::pair< Certificate_Status_Code, std::string > verify_signature(const Public_Key &key) const
Definition x509_obj.cpp:102
void load_data(DataSource &src)
Definition x509_obj.cpp:24
virtual std::string PEM_label() const =0
bool check_signature(const Public_Key &key) const
Definition x509_obj.cpp:97
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition asn1_obj.cpp:172
bool maybe_BER(DataSource &source)
Definition asn1_obj.cpp:192
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
bool matches(DataSource &source, std::string_view extra, size_t search_range)
Definition pem.cpp:137
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Signature_Format
Definition pk_keys.h:31