Coverage Report

Created: 2021-05-04 09:02

/src/botan/src/lib/tls/msg_cert_verify.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* Certificate Verify Message
3
* (C) 2004,2006,2011,2012 Jack Lloyd
4
*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5
*
6
* Botan is released under the Simplified BSD License (see license.txt)
7
*/
8
9
#include <botan/tls_messages.h>
10
#include <botan/tls_extensions.h>
11
#include <botan/internal/tls_reader.h>
12
#include <botan/internal/tls_handshake_io.h>
13
#include <botan/internal/tls_handshake_state.h>
14
15
namespace Botan {
16
17
namespace TLS {
18
19
/*
20
* Create a new Certificate Verify message
21
*/
22
Certificate_Verify::Certificate_Verify(Handshake_IO& io,
23
                                       Handshake_State& state,
24
                                       const Policy& policy,
25
                                       RandomNumberGenerator& rng,
26
                                       const Private_Key* priv_key)
27
0
   {
28
0
   BOTAN_ASSERT_NONNULL(priv_key);
29
30
0
   std::pair<std::string, Signature_Format> format =
31
0
      state.choose_sig_format(*priv_key, m_scheme, true, policy);
32
33
0
   m_signature =
34
0
      state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second,
35
0
                                         state.hash().get_contents());
36
37
0
   state.hash().update(io.send(*this));
38
0
   }
39
40
/*
41
* Deserialize a Certificate Verify message
42
*/
43
Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf)
44
0
   {
45
0
   TLS_Data_Reader reader("CertificateVerify", buf);
46
47
0
   m_scheme = static_cast<Signature_Scheme>(reader.get_uint16_t());
48
0
   m_signature = reader.get_range<uint8_t>(2, 0, 65535);
49
0
   reader.assert_done();
50
0
   }
51
52
/*
53
* Serialize a Certificate Verify message
54
*/
55
std::vector<uint8_t> Certificate_Verify::serialize() const
56
0
   {
57
0
   std::vector<uint8_t> buf;
58
59
0
   if(m_scheme != Signature_Scheme::NONE)
60
0
      {
61
0
      const uint16_t scheme_code = static_cast<uint16_t>(m_scheme);
62
0
      buf.push_back(get_byte<0>(scheme_code));
63
0
      buf.push_back(get_byte<1>(scheme_code));
64
0
      }
65
66
0
   if(m_signature.size() > 0xFFFF)
67
0
      throw Encoding_Error("Certificate_Verify signature too long to encode");
68
69
0
   const uint16_t sig_len = static_cast<uint16_t>(m_signature.size());
70
0
   buf.push_back(get_byte<0>(sig_len));
71
0
   buf.push_back(get_byte<1>(sig_len));
72
0
   buf += m_signature;
73
74
0
   return buf;
75
0
   }
76
77
/*
78
* Verify a Certificate Verify message
79
*/
80
bool Certificate_Verify::verify(const X509_Certificate& cert,
81
                                const Handshake_State& state,
82
                                const Policy& policy) const
83
0
   {
84
0
   std::unique_ptr<Public_Key> key(cert.subject_public_key());
85
86
0
   policy.check_peer_key_acceptable(*key);
87
88
0
   std::pair<std::string, Signature_Format> format =
89
0
      state.parse_sig_format(*key.get(), m_scheme, true, policy);
90
91
0
   const bool signature_valid =
92
0
      state.callbacks().tls_verify_message(*key, format.first, format.second,
93
0
                                           state.hash().get_contents(), m_signature);
94
95
0
#if defined(BOTAN_UNSAFE_FUZZER_MODE)
96
0
   BOTAN_UNUSED(signature_valid);
97
0
   return true;
98
#else
99
   return signature_valid;
100
#endif
101
0
   }
102
103
}
104
105
}