Coverage Report

Created: 2021-02-21 07:20

/src/botan/src/lib/tls/msg_cert_verify.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* Certificate Verify Message
3
* (C) 2004,2006,2011,2012 Jack Lloyd
4
*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5
*
6
* Botan is released under the Simplified BSD License (see license.txt)
7
*/
8
9
#include <botan/tls_messages.h>
10
#include <botan/tls_extensions.h>
11
#include <botan/internal/tls_reader.h>
12
#include <botan/internal/tls_handshake_io.h>
13
#include <botan/internal/tls_handshake_state.h>
14
15
namespace Botan {
16
17
namespace TLS {
18
19
/*
20
* Create a new Certificate Verify message
21
*/
22
Certificate_Verify::Certificate_Verify(Handshake_IO& io,
23
                                       Handshake_State& state,
24
                                       const Policy& policy,
25
                                       RandomNumberGenerator& rng,
26
                                       const Private_Key* priv_key)
27
0
   {
28
0
   BOTAN_ASSERT_NONNULL(priv_key);
29
30
0
   std::pair<std::string, Signature_Format> format =
31
0
      state.choose_sig_format(*priv_key, m_scheme, true, policy);
32
33
0
   m_signature =
34
0
      state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second,
35
0
                                         state.hash().get_contents());
36
37
0
   state.hash().update(io.send(*this));
38
0
   }
39
40
/*
41
* Deserialize a Certificate Verify message
42
*/
43
Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf,
44
                                       Protocol_Version version)
45
0
   {
46
0
   TLS_Data_Reader reader("CertificateVerify", buf);
47
48
0
   if(version.supports_negotiable_signature_algorithms())
49
0
      {
50
0
      m_scheme = static_cast<Signature_Scheme>(reader.get_uint16_t());
51
0
      }
52
53
0
   m_signature = reader.get_range<uint8_t>(2, 0, 65535);
54
0
   reader.assert_done();
55
0
   }
56
57
/*
58
* Serialize a Certificate Verify message
59
*/
60
std::vector<uint8_t> Certificate_Verify::serialize() const
61
0
   {
62
0
   std::vector<uint8_t> buf;
63
64
0
   if(m_scheme != Signature_Scheme::NONE)
65
0
      {
66
0
      const uint16_t scheme_code = static_cast<uint16_t>(m_scheme);
67
0
      buf.push_back(get_byte(0, scheme_code));
68
0
      buf.push_back(get_byte(1, scheme_code));
69
0
      }
70
71
0
   if(m_signature.size() > 0xFFFF)
72
0
      throw Encoding_Error("Certificate_Verify signature too long to encode");
73
74
0
   const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
75
0
   buf.push_back(get_byte(0, sig_len));
76
0
   buf.push_back(get_byte(1, sig_len));
77
0
   buf += m_signature;
78
79
0
   return buf;
80
0
   }
81
82
/*
83
* Verify a Certificate Verify message
84
*/
85
bool Certificate_Verify::verify(const X509_Certificate& cert,
86
                                const Handshake_State& state,
87
                                const Policy& policy) const
88
0
   {
89
0
   std::unique_ptr<Public_Key> key(cert.subject_public_key());
90
91
0
   policy.check_peer_key_acceptable(*key);
92
93
0
   std::pair<std::string, Signature_Format> format =
94
0
      state.parse_sig_format(*key.get(), m_scheme, true, policy);
95
96
0
   const bool signature_valid =
97
0
      state.callbacks().tls_verify_message(*key, format.first, format.second,
98
0
                                           state.hash().get_contents(), m_signature);
99
100
0
#if defined(BOTAN_UNSAFE_FUZZER_MODE)
101
0
   BOTAN_UNUSED(signature_valid);
102
0
   return true;
103
#else
104
   return signature_valid;
105
#endif
106
0
   }
107
108
}
109
110
}