Botan  1.11.15
src/lib/tls/msg_cert_verify.cpp
Go to the documentation of this file.
00001 /*
00002 * Certificate Verify Message
00003 * (C) 2004,2006,2011,2012 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #include <botan/internal/tls_messages.h>
00009 #include <botan/internal/tls_reader.h>
00010 #include <botan/internal/tls_extensions.h>
00011 #include <botan/internal/tls_handshake_io.h>
00012 
00013 namespace Botan {
00014 
00015 namespace TLS {
00016 
00017 /*
00018 * Create a new Certificate Verify message
00019 */
00020 Certificate_Verify::Certificate_Verify(Handshake_IO& io,
00021                                        Handshake_State& state,
00022                                        const Policy& policy,
00023                                        RandomNumberGenerator& rng,
00024                                        const Private_Key* priv_key)
00025    {
00026    BOTAN_ASSERT_NONNULL(priv_key);
00027 
00028    std::pair<std::string, Signature_Format> format =
00029       state.choose_sig_format(*priv_key, m_hash_algo, m_sig_algo, true, policy);
00030 
00031    PK_Signer signer(*priv_key, format.first, format.second);
00032 
00033    m_signature = signer.sign_message(state.hash().get_contents(), rng);
00034 
00035    state.hash().update(io.send(*this));
00036    }
00037 
00038 /*
00039 * Deserialize a Certificate Verify message
00040 */
00041 Certificate_Verify::Certificate_Verify(const std::vector<byte>& buf,
00042                                        Protocol_Version version)
00043    {
00044    TLS_Data_Reader reader("CertificateVerify", buf);
00045 
00046    if(version.supports_negotiable_signature_algorithms())
00047       {
00048       m_hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte());
00049       m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte());
00050       }
00051 
00052    m_signature = reader.get_range<byte>(2, 0, 65535);
00053    }
00054 
00055 /*
00056 * Serialize a Certificate Verify message
00057 */
00058 std::vector<byte> Certificate_Verify::serialize() const
00059    {
00060    std::vector<byte> buf;
00061 
00062    if(m_hash_algo != "" && m_sig_algo != "")
00063       {
00064       buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo));
00065       buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo));
00066       }
00067 
00068    const u16bit sig_len = m_signature.size();
00069    buf.push_back(get_byte(0, sig_len));
00070    buf.push_back(get_byte(1, sig_len));
00071    buf += m_signature;
00072 
00073    return buf;
00074    }
00075 
00076 /*
00077 * Verify a Certificate Verify message
00078 */
00079 bool Certificate_Verify::verify(const X509_Certificate& cert,
00080                                 const Handshake_State& state) const
00081    {
00082    std::unique_ptr<Public_Key> key(cert.subject_public_key());
00083 
00084    std::pair<std::string, Signature_Format> format =
00085       state.understand_sig_format(*key.get(), m_hash_algo, m_sig_algo);
00086 
00087    PK_Verifier verifier(*key, format.first, format.second);
00088 
00089    return verifier.verify_message(state.hash().get_contents(), m_signature);
00090    }
00091 
00092 }
00093 
00094 }