Botan 3.7.1
Crypto and TLS for C&
x509_obj.cpp
Go to the documentation of this file.
1/*
2* X.509 SIGNED Object
3* (C) 1999-2007,2020 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/x509_obj.h>
9
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/pem.h>
13#include <botan/pubkey.h>
14#include <botan/internal/fmt.h>
15#include <algorithm>
16#include <sstream>
17
18namespace Botan {
19
20/*
21* Read a PEM or BER X.509 object
22*/
24 try {
25 if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) {
26 BER_Decoder dec(in);
27 decode_from(dec);
28 } else {
29 std::string got_label;
30 DataSource_Memory ber(PEM_Code::decode(in, got_label));
31
32 if(got_label != PEM_label()) {
33 bool is_alternate = false;
34 for(std::string_view alt_label : alternate_PEM_labels()) {
35 if(got_label == alt_label) {
36 is_alternate = true;
37 break;
38 }
39 }
40
41 if(!is_alternate) {
42 throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label);
43 }
44 }
45
46 BER_Decoder dec(ber);
47 decode_from(dec);
48 }
49 } catch(Decoding_Error& e) {
50 throw Decoding_Error(PEM_label() + " decoding", e);
51 }
52}
53
63
64/*
65* Read a BER encoded X.509 object
66*/
68 from.start_sequence()
70 .raw_bytes(m_tbs_bits)
71 .end_cons()
72 .decode(m_sig_algo)
74 .end_cons();
75
76 force_decode();
77}
78
79/*
80* Return a PEM encoded X.509 object
81*/
82std::string X509_Object::PEM_encode() const {
84}
85
86/*
87* Return the TBS data
88*/
89std::vector<uint8_t> X509_Object::tbs_data() const {
90 return ASN1::put_in_sequence(m_tbs_bits);
91}
92
93/*
94* Check the signature on an object
95*/
96bool X509_Object::check_signature(const Public_Key& pub_key) const {
97 const auto result = this->verify_signature(pub_key);
98 return (result.first == Certificate_Status_Code::VERIFIED);
99}
100
101std::pair<Certificate_Status_Code, std::string> X509_Object::verify_signature(const Public_Key& pub_key) const {
102 try {
103 PK_Verifier verifier(pub_key, signature_algorithm());
104 const bool valid = verifier.verify_message(tbs_data(), signature());
105
106 if(valid) {
107 return std::make_pair(Certificate_Status_Code::VERIFIED, verifier.hash_function());
108 } else {
109 return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
110 }
111 } catch(Decoding_Error&) {
113 } catch(Algorithm_Not_Found&) {
114 return std::make_pair(Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN, "");
115 } catch(...) {
116 // This shouldn't happen, fallback to generic signature error
117 return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
118 }
119}
120
121/*
122* Apply the X.509 SIGNED macro
123*/
124std::vector<uint8_t> X509_Object::make_signed(PK_Signer& signer,
126 const AlgorithmIdentifier& algo,
127 const secure_vector<uint8_t>& tbs_bits) {
128 const std::vector<uint8_t> signature = signer.sign_message(tbs_bits, rng);
129
130 std::vector<uint8_t> output;
131 DER_Encoder(output)
133 .raw_bytes(tbs_bits)
134 .encode(algo)
136 .end_cons();
137
138 return output;
139}
140
141namespace {
142
143std::string x509_signature_padding_for(const std::string& algo_name,
144 std::string_view hash_fn,
145 std::string_view user_specified_padding) {
146 if(algo_name == "DSA" || algo_name == "ECDSA" || algo_name == "ECGDSA" || algo_name == "ECKCDSA" ||
147 algo_name == "GOST-34.10" || algo_name == "GOST-34.10-2012-256" || algo_name == "GOST-34.10-2012-512") {
148 BOTAN_ARG_CHECK(user_specified_padding.empty() || user_specified_padding == "EMSA1",
149 "Invalid padding scheme for DSA-like scheme");
150
151 return hash_fn.empty() ? "SHA-256" : std::string(hash_fn);
152 } else if(algo_name == "RSA") {
153 // set to PKCSv1.5 for compatibility reasons, originally it was the only option
154
155 if(user_specified_padding.empty()) {
156 if(hash_fn.empty()) {
157 return "PKCS1v15(SHA-256)";
158 } else {
159 return fmt("PKCS1v15({})", hash_fn);
160 }
161 } else {
162 if(hash_fn.empty()) {
163 return fmt("{}(SHA-256)", user_specified_padding);
164 } else {
165 return fmt("{}({})", user_specified_padding, hash_fn);
166 }
167 }
168 } else if(algo_name == "Ed25519" || algo_name == "Ed448") {
169 return user_specified_padding.empty() ? "Pure" : std::string(user_specified_padding);
170 } else if(algo_name.starts_with("Dilithium-") || algo_name == "ML-DSA") {
171 return user_specified_padding.empty() ? "Randomized" : std::string(user_specified_padding);
172 } else if(algo_name == "XMSS" || algo_name == "HSS-LMS" || algo_name == "SLH-DSA") {
173 // These algorithms do not take any padding, but if the user insists, we pass it along
174 return std::string(user_specified_padding);
175 } else {
176 throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
177 }
178}
179
180std::string format_padding_error_message(std::string_view key_name,
181 std::string_view signer_hash_fn,
182 std::string_view user_hash_fn,
183 std::string_view chosen_padding,
184 std::string_view user_specified_padding) {
185 std::ostringstream oss;
186
187 oss << "Specified hash function " << user_hash_fn << " is incompatible with " << key_name;
188
189 if(!signer_hash_fn.empty()) {
190 oss << " chose hash function " << signer_hash_fn;
191 }
192
193 if(!chosen_padding.empty()) {
194 oss << " chose padding " << chosen_padding;
195 }
196 if(!user_specified_padding.empty()) {
197 oss << " with user specified padding " << user_specified_padding;
198 }
199
200 return oss.str();
201}
202
203} // namespace
204
205/*
206* Choose a signing format for the key
207*/
208std::unique_ptr<PK_Signer> X509_Object::choose_sig_format(const Private_Key& key,
210 std::string_view hash_fn,
211 std::string_view user_specified_padding) {
213
214 if(!user_specified_padding.empty()) {
215 try {
216 auto pk_signer = std::make_unique<PK_Signer>(key, rng, user_specified_padding, format);
217 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
218 throw Invalid_Argument(format_padding_error_message(
219 key.algo_name(), pk_signer->hash_function(), hash_fn, "", user_specified_padding));
220 }
221 return pk_signer;
222 } catch(Lookup_Error&) {}
223 }
224
225 const std::string padding = x509_signature_padding_for(key.algo_name(), hash_fn, user_specified_padding);
226
227 try {
228 auto pk_signer = std::make_unique<PK_Signer>(key, rng, padding, format);
229 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
230 throw Invalid_Argument(format_padding_error_message(
231 key.algo_name(), pk_signer->hash_function(), hash_fn, padding, user_specified_padding));
232 }
233 return pk_signer;
234 } catch(Not_Implemented&) {
235 throw Invalid_Argument("Signatures using " + key.algo_name() + "/" + padding + " are not supported");
236 }
237}
238
239} // namespace Botan
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
std::vector< uint8_t > BER_encode() const
Definition asn1_obj.cpp:19
virtual std::string algo_name() const =0
virtual Signature_Format _default_x509_signature_format() const
Definition pk_keys.cpp:30
BER_Decoder & decode(bool &out)
Definition ber_dec.h:186
BER_Decoder & raw_bytes(std::vector< uint8_t, Alloc > &out)
Definition ber_dec.h:172
BER_Decoder & end_cons()
Definition ber_dec.cpp:309
BER_Decoder start_sequence()
Definition ber_dec.h:123
DER_Encoder & start_sequence()
Definition der_enc.h:64
DER_Encoder & raw_bytes(const uint8_t val[], size_t len)
Definition der_enc.cpp:207
DER_Encoder & end_cons()
Definition der_enc.cpp:171
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:186
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:414
std::string hash_function() const
Definition pubkey.cpp:403
const std::vector< uint8_t > & signed_body() const
Definition x509_obj.h:42
void decode_from(BER_Decoder &from) override
Definition x509_obj.cpp:67
std::string PEM_encode() const
Definition x509_obj.cpp:82
const AlgorithmIdentifier & signature_algorithm() const
Definition x509_obj.h:47
virtual std::vector< std::string > alternate_PEM_labels() const
Definition x509_obj.h:101
static std::unique_ptr< PK_Signer > choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)
Definition x509_obj.cpp:208
std::vector< uint8_t > tbs_data() const
Definition x509_obj.cpp:89
const std::vector< uint8_t > & signature() const
Definition x509_obj.h:37
static std::vector< uint8_t > make_signed(PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
Definition x509_obj.cpp:124
void encode_into(DER_Encoder &to) const override
Definition x509_obj.cpp:54
std::pair< Certificate_Status_Code, std::string > verify_signature(const Public_Key &key) const
Definition x509_obj.cpp:101
void load_data(DataSource &src)
Definition x509_obj.cpp:23
virtual std::string PEM_label() const =0
bool check_signature(const Public_Key &key) const
Definition x509_obj.cpp:96
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition asn1_obj.cpp:172
bool maybe_BER(DataSource &source)
Definition asn1_obj.cpp:192
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
bool matches(DataSource &source, std::string_view extra, size_t search_range)
Definition pem.cpp:137
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Signature_Format
Definition pk_keys.h:31