Botan 3.6.1
Crypto and TLS for C&
x509_obj.cpp
Go to the documentation of this file.
1/*
2* X.509 SIGNED Object
3* (C) 1999-2007,2020 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/x509_obj.h>
9
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/pem.h>
13#include <botan/pubkey.h>
14#include <botan/internal/emsa.h>
15#include <botan/internal/fmt.h>
16#include <algorithm>
17#include <sstream>
18
19namespace Botan {
20
21/*
22* Read a PEM or BER X.509 object
23*/
24void X509_Object::load_data(DataSource& in) {
25 try {
26 if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) {
27 BER_Decoder dec(in);
28 decode_from(dec);
29 } else {
30 std::string got_label;
31 DataSource_Memory ber(PEM_Code::decode(in, got_label));
32
33 if(got_label != PEM_label()) {
34 bool is_alternate = false;
35 for(std::string_view alt_label : alternate_PEM_labels()) {
36 if(got_label == alt_label) {
37 is_alternate = true;
38 break;
39 }
40 }
41
42 if(!is_alternate) {
43 throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label);
44 }
45 }
46
47 BER_Decoder dec(ber);
48 decode_from(dec);
49 }
50 } catch(Decoding_Error& e) {
51 throw Decoding_Error(PEM_label() + " decoding", e);
52 }
53}
54
64
65/*
66* Read a BER encoded X.509 object
67*/
68void X509_Object::decode_from(BER_Decoder& from) {
69 from.start_sequence()
70 .start_sequence()
71 .raw_bytes(m_tbs_bits)
72 .end_cons()
73 .decode(m_sig_algo)
74 .decode(m_sig, ASN1_Type::BitString)
75 .end_cons();
76
77 force_decode();
78}
79
80/*
81* Return a PEM encoded X.509 object
82*/
83std::string X509_Object::PEM_encode() const {
84 return PEM_Code::encode(BER_encode(), PEM_label());
85}
86
87/*
88* Return the TBS data
89*/
90std::vector<uint8_t> X509_Object::tbs_data() const {
91 return ASN1::put_in_sequence(m_tbs_bits);
92}
93
94/*
95* Check the signature on an object
96*/
97bool X509_Object::check_signature(const Public_Key& pub_key) const {
98 const auto result = this->verify_signature(pub_key);
99 return (result.first == Certificate_Status_Code::VERIFIED);
100}
101
102std::pair<Certificate_Status_Code, std::string> X509_Object::verify_signature(const Public_Key& pub_key) const {
103 try {
104 PK_Verifier verifier(pub_key, signature_algorithm());
105 const bool valid = verifier.verify_message(tbs_data(), signature());
106
107 if(valid) {
108 return std::make_pair(Certificate_Status_Code::VERIFIED, verifier.hash_function());
109 } else {
110 return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
111 }
112 } catch(Decoding_Error&) {
113 return std::make_pair(Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS, "");
114 } catch(Algorithm_Not_Found&) {
115 return std::make_pair(Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN, "");
116 } catch(...) {
117 // This shouldn't happen, fallback to generic signature error
118 return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
119 }
120}
121
122/*
123* Apply the X.509 SIGNED macro
124*/
125std::vector<uint8_t> X509_Object::make_signed(PK_Signer& signer,
126 RandomNumberGenerator& rng,
127 const AlgorithmIdentifier& algo,
128 const secure_vector<uint8_t>& tbs_bits) {
129 const std::vector<uint8_t> signature = signer.sign_message(tbs_bits, rng);
130
131 std::vector<uint8_t> output;
132 DER_Encoder(output)
133 .start_sequence()
134 .raw_bytes(tbs_bits)
135 .encode(algo)
136 .encode(signature, ASN1_Type::BitString)
137 .end_cons();
138
139 return output;
140}
141
142namespace {
143
144std::string x509_signature_padding_for(const std::string& algo_name,
145 std::string_view hash_fn,
146 std::string_view user_specified_padding) {
147 if(algo_name == "DSA" || algo_name == "ECDSA" || algo_name == "ECGDSA" || algo_name == "ECKCDSA" ||
148 algo_name == "GOST-34.10" || algo_name == "GOST-34.10-2012-256" || algo_name == "GOST-34.10-2012-512") {
149 BOTAN_ARG_CHECK(user_specified_padding.empty() || user_specified_padding == "EMSA1",
150 "Invalid padding scheme for DSA-like scheme");
151
152 return hash_fn.empty() ? "SHA-256" : std::string(hash_fn);
153 } else if(algo_name == "RSA") {
154 // set to PKCSv1.5 for compatibility reasons, originally it was the only option
155
156 if(user_specified_padding.empty()) {
157 if(hash_fn.empty()) {
158 return "EMSA3(SHA-256)";
159 } else {
160 return fmt("EMSA3({})", hash_fn);
161 }
162 } else {
163 if(hash_fn.empty()) {
164 return fmt("{}(SHA-256)", user_specified_padding);
165 } else {
166 return fmt("{}({})", user_specified_padding, hash_fn);
167 }
168 }
169 } else if(algo_name == "Ed25519" || algo_name == "Ed448") {
170 return user_specified_padding.empty() ? "Pure" : std::string(user_specified_padding);
171 } else if(algo_name.starts_with("Dilithium-") || algo_name == "ML-DSA") {
172 return user_specified_padding.empty() ? "Randomized" : std::string(user_specified_padding);
173 } else if(algo_name == "XMSS" || algo_name == "HSS-LMS" || algo_name == "SLH-DSA") {
174 // These algorithms do not take any padding, but if the user insists, we pass it along
175 return std::string(user_specified_padding);
176 } else {
177 throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
178 }
179}
180
181std::string format_padding_error_message(std::string_view key_name,
182 std::string_view signer_hash_fn,
183 std::string_view user_hash_fn,
184 std::string_view chosen_padding,
185 std::string_view user_specified_padding) {
186 std::ostringstream oss;
187
188 oss << "Specified hash function " << user_hash_fn << " is incompatible with " << key_name;
189
190 if(!signer_hash_fn.empty()) {
191 oss << " chose hash function " << signer_hash_fn;
192 }
193
194 if(!chosen_padding.empty()) {
195 oss << " chose padding " << chosen_padding;
196 }
197 if(!user_specified_padding.empty()) {
198 oss << " with user specified padding " << user_specified_padding;
199 }
200
201 return oss.str();
202}
203
204} // namespace
205
206/*
207* Choose a signing format for the key
208*/
209std::unique_ptr<PK_Signer> X509_Object::choose_sig_format(const Private_Key& key,
210 RandomNumberGenerator& rng,
211 std::string_view hash_fn,
212 std::string_view user_specified_padding) {
213 const Signature_Format format = key.default_x509_signature_format();
214
215 if(!user_specified_padding.empty()) {
216 try {
217 auto pk_signer = std::make_unique<PK_Signer>(key, rng, user_specified_padding, format);
218 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
219 throw Invalid_Argument(format_padding_error_message(
220 key.algo_name(), pk_signer->hash_function(), hash_fn, "", user_specified_padding));
221 }
222 return pk_signer;
223 } catch(Lookup_Error&) {}
224 }
225
226 const std::string padding = x509_signature_padding_for(key.algo_name(), hash_fn, user_specified_padding);
227
228 try {
229 auto pk_signer = std::make_unique<PK_Signer>(key, rng, padding, format);
230 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
231 throw Invalid_Argument(format_padding_error_message(
232 key.algo_name(), pk_signer->hash_function(), hash_fn, padding, user_specified_padding));
233 }
234 return pk_signer;
235 } catch(Not_Implemented&) {
236 throw Invalid_Argument("Signatures using " + key.algo_name() + "/" + padding + " are not supported");
237 }
238}
239
240} // namespace Botan
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Botan::ASN1_Object::BER_encode
std::vector< uint8_t > BER_encode() const
Definition asn1_obj.cpp:19
Botan::Algorithm_Not_Found
Definition exceptn.h:250
Botan::Asymmetric_Key::algo_name
virtual std::string algo_name() const =0
Botan::BER_Decoder
Definition ber_dec.h:22
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &out)
Definition ber_dec.h:186
Botan::BER_Decoder::raw_bytes
BER_Decoder & raw_bytes(std::vector< uint8_t, Alloc > &out)
Definition ber_dec.h:172
Botan::BER_Decoder::end_cons
BER_Decoder & end_cons()
Definition ber_dec.cpp:309
Botan::BER_Decoder::start_sequence
BER_Decoder start_sequence()
Definition ber_dec.h:123
Botan::DER_Encoder
Definition der_enc.h:22
Botan::DER_Encoder::start_sequence
DER_Encoder & start_sequence()
Definition der_enc.h:64
Botan::DER_Encoder::raw_bytes
DER_Encoder & raw_bytes(const uint8_t val[], size_t len)
Definition der_enc.cpp:207
Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition der_enc.cpp:171
Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
Botan::DataSource_Memory
Definition data_src.h:100
Botan::Decoding_Error
Definition exceptn.h:191
Botan::Invalid_Argument
Definition exceptn.h:131
Botan::Lookup_Error
Definition exceptn.h:235
Botan::Not_Implemented
Definition exceptn.h:334
Botan::PK_Signer
Definition pubkey.h:155
Botan::PK_Signer::sign_message
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:186
Botan::PK_Verifier
Definition pubkey.h:272
Botan::PK_Verifier::verify_message
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:371
Botan::PK_Verifier::hash_function
std::string hash_function() const
Definition pubkey.cpp:362
Botan::Private_Key
Definition pk_keys.h:263
Botan::Public_Key
Definition pk_keys.h:119
Botan::Public_Key::default_x509_signature_format
virtual Signature_Format default_x509_signature_format() const
Definition pk_keys.h:201
Botan::X509_Object::signed_body
const std::vector< uint8_t > & signed_body() const
Definition x509_obj.h:42
Botan::X509_Object::decode_from
void decode_from(BER_Decoder &from) override
Definition x509_obj.cpp:68
Botan::X509_Object::PEM_encode
std::string PEM_encode() const
Definition x509_obj.cpp:83
Botan::X509_Object::signature_algorithm
const AlgorithmIdentifier & signature_algorithm() const
Definition x509_obj.h:47
Botan::X509_Object::alternate_PEM_labels
virtual std::vector< std::string > alternate_PEM_labels() const
Definition x509_obj.h:101
Botan::X509_Object::choose_sig_format
static std::unique_ptr< PK_Signer > choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)
Definition x509_obj.cpp:209
Botan::X509_Object::tbs_data
std::vector< uint8_t > tbs_data() const
Definition x509_obj.cpp:90
Botan::X509_Object::signature
const std::vector< uint8_t > & signature() const
Definition x509_obj.h:37
Botan::X509_Object::make_signed
static std::vector< uint8_t > make_signed(PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
Definition x509_obj.cpp:125
Botan::X509_Object::encode_into
void encode_into(DER_Encoder &to) const override
Definition x509_obj.cpp:55
Botan::X509_Object::verify_signature
std::pair< Certificate_Status_Code, std::string > verify_signature(const Public_Key &key) const
Definition x509_obj.cpp:102
Botan::X509_Object::load_data
void load_data(DataSource &src)
Definition x509_obj.cpp:24
Botan::X509_Object::PEM_label
virtual std::string PEM_label() const =0
Botan::X509_Object::check_signature
bool check_signature(const Public_Key &key) const
Definition x509_obj.cpp:97
Botan::ASN1::put_in_sequence
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition asn1_obj.cpp:172
Botan::ASN1::maybe_BER
bool maybe_BER(DataSource &source)
Definition asn1_obj.cpp:192
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
Botan::PEM_Code::matches
bool matches(DataSource &source, std::string_view extra, size_t search_range)
Definition pem.cpp:137
Botan::PEM_Code::decode
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Botan::Signature_Format
Signature_Format
Definition pk_keys.h:31
Generated by doxygen 1.12.0