Coverage Report

Created: 2020-06-30 13:58

/src/botan/src/lib/tls/msg_certificate.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* Certificate Message
3
* (C) 2004-2006,2012,2020 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#include <botan/tls_messages.h>
9
#include <botan/tls_extensions.h>
10
#include <botan/tls_exceptn.h>
11
#include <botan/tls_alert.h>
12
#include <botan/internal/tls_reader.h>
13
#include <botan/internal/tls_handshake_io.h>
14
#include <botan/internal/tls_handshake_hash.h>
15
#include <botan/loadstor.h>
16
#include <botan/data_src.h>
17
18
namespace Botan {
19
20
namespace TLS {
21
22
/**
23
* Create a new Certificate message
24
*/
25
Certificate::Certificate(Handshake_IO& io,
26
                         Handshake_Hash& hash,
27
                         const std::vector<X509_Certificate>& cert_list) :
28
   m_certs(cert_list)
29
150
   {
30
150
   hash.update(io.send(*this));
31
150
   }
32
33
/**
34
* Deserialize a Certificate message
35
*/
36
Certificate::Certificate(const std::vector<uint8_t>& buf, const Policy& policy)
37
3.18k
   {
38
3.18k
   if(buf.size() < 3)
39
2
      throw Decoding_Error("Certificate: Message malformed");
40
3.17k
41
3.17k
   const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]);
42
3.17k
43
3.17k
   if(total_size != buf.size() - 3)
44
45
      throw Decoding_Error("Certificate: Message malformed");
45
3.13k
46
3.13k
   const size_t max_size = policy.maximum_certificate_chain_size();
47
3.13k
   if(max_size > 0 && total_size > max_size)
48
0
      throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
49
3.13k
50
3.13k
   const uint8_t* certs = buf.data() + 3;
51
3.13k
52
7.98k
   while(size_t remaining_bytes = buf.data() + buf.size() - certs)
53
5.00k
      {
54
5.00k
      if(remaining_bytes < 3)
55
1
         throw Decoding_Error("Certificate: Message malformed");
56
5.00k
57
5.00k
      const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]);
58
5.00k
59
5.00k
      if(remaining_bytes < (3 + cert_size))
60
152
         throw Decoding_Error("Certificate: Message malformed");
61
4.85k
62
4.85k
      DataSource_Memory cert_buf(&certs[3], cert_size);
63
4.85k
      m_certs.push_back(X509_Certificate(cert_buf));
64
4.85k
65
4.85k
      certs += cert_size + 3;
66
4.85k
      }
67
3.13k
68
3.13k
   /*
69
3.13k
   * TLS 1.0 through 1.2 all seem to require that the certificate be
70
3.13k
   * precisely a v3 certificate. In fact the strict wording would seem
71
3.13k
   * to require that every certificate in the chain be v3. But often
72
3.13k
   * the intermediates are outside of the control of the server.
73
3.13k
   * But, require that the leaf certificate be v3
74
3.13k
   */
75
3.13k
   if(m_certs.size() > 0 && m_certs[0].x509_version() != 3)
76
289
      {
77
289
      throw TLS_Exception(Alert::BAD_CERTIFICATE,
78
289
                          "The leaf certificate must be v3");
79
289
      }
80
2.98k
   }
81
82
/**
83
* Serialize a Certificate message
84
*/
85
std::vector<uint8_t> Certificate::serialize() const
86
150
   {
87
150
   std::vector<uint8_t> buf(3);
88
150
89
293
   for(size_t i = 0; i != m_certs.size(); ++i)
90
143
      {
91
143
      std::vector<uint8_t> raw_cert = m_certs[i].BER_encode();
92
143
      const size_t cert_size = raw_cert.size();
93
572
      for(size_t j = 0; j != 3; ++j)
94
429
         {
95
429
         buf.push_back(get_byte(j+1, static_cast<uint32_t>(cert_size)));
96
429
         }
97
143
      buf += raw_cert;
98
143
      }
99
150
100
150
   const size_t buf_size = buf.size() - 3;
101
600
   for(size_t i = 0; i != 3; ++i)
102
450
      buf[i] = get_byte(i+1, static_cast<uint32_t>(buf_size));
103
150
104
150
   return buf;
105
150
   }
106
107
}
108
109
}