Coverage Report

Created: 2022-09-23 06:05

/src/botan/src/lib/tls/tls_extensions_cert_status_req.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* TLS Extension Certificate_Status_Request
3
* (C) 2011,2012,2015,2016,2022 Jack Lloyd
4
*     2016 Juraj Somorovsky
5
*     2021 Elektrobit Automotive GmbH
6
*     2022 Hannes Rantzsch, René Meusel, neXenio GmbH
7
*
8
* Botan is released under the Simplified BSD License (see license.txt)
9
*/
10
11
#include <botan/tls_extensions.h>
12
#include <botan/tls_messages.h>
13
#include <botan/internal/tls_reader.h>
14
#include <botan/tls_exceptn.h>
15
16
namespace Botan::TLS
17
{
18
19
std::vector<uint8_t> Certificate_Status_Request::serialize(Connection_Side whoami) const
20
3.60k
   {
21
3.60k
   std::vector<uint8_t> buf;
22
23
3.60k
   if(whoami == Connection_Side::SERVER)
24
1.93k
      return buf; // server reply is empty
25
26
   /*
27
   opaque ResponderID<1..2^16-1>;
28
   opaque Extensions<0..2^16-1>;
29
30
   CertificateStatusType status_type = ocsp(1)
31
   ResponderID responder_id_list<0..2^16-1>
32
   Extensions  request_extensions;
33
   */
34
35
1.67k
   buf.push_back(1); // CertificateStatusType ocsp
36
37
1.67k
   buf.push_back(0);
38
1.67k
   buf.push_back(0);
39
1.67k
   buf.push_back(0);
40
1.67k
   buf.push_back(0);
41
42
1.67k
   return buf;
43
3.60k
   }
44
45
Certificate_Status_Request::Certificate_Status_Request(TLS_Data_Reader& reader,
46
                                                       uint16_t extension_size,
47
                                                       Connection_Side from,
48
                                                       Handshake_Type message_type)
49
2.10k
   {
50
2.10k
   if(from == Connection_Side::SERVER)
51
50
      {
52
      // RFC 8446 4.4.2.1
53
      //    In TLS 1.2 and below, the server replies with an empty extension
54
      //    [in its Server Hello] [...]. In TLS 1.3, the server's OCSP information
55
      //    is carried in an extension in the [Certificate handshake message]
56
      //    containing the associated certificate.
57
      //
58
      // We use the `message_type` context information as an indication which
59
      // type of Certificate_Status_Request extension to expect.
60
50
      if(message_type == Handshake_Type::SERVER_HELLO)
61
50
         {
62
         // ... in a Server Hello the extension must have a zero-length body
63
50
         if(extension_size != 0)
64
17
            throw Decoding_Error("Server sent non-empty Certificate_Status_Request extension in Server Hello");
65
50
         }
66
0
      else if(message_type == Handshake_Type::CERTIFICATE)
67
0
         {
68
         // RFC 8446 4.4.2.1
69
         //    In TLS 1.3, the server's OCSP information is carried in an
70
         //    extension in the CertificateEntry [in a Certificate handshake
71
         //    message] [...]. Specifically, the body of the "status_request"
72
         //    extension from the server MUST be a CertificateStatus structure
73
         //    as defined in [RFC6066] [...].
74
0
         m_response = Certificate_Status(reader.get_fixed<uint8_t>(extension_size)).response();
75
0
         }
76
0
      else
77
0
         {
78
0
         throw TLS_Exception(Alert::UNSUPPORTED_EXTENSION, "Server sent a Certificate_Status_Request extension in an unsupported context");
79
0
         }
80
50
      }
81
2.05k
   else if(extension_size > 0)
82
1.23k
      {
83
1.23k
      const uint8_t type = reader.get_byte();
84
1.23k
      if(type == 1)
85
37
         {
86
37
         const size_t len_resp_id_list = reader.get_uint16_t();
87
37
         m_ocsp_names = reader.get_fixed<uint8_t>(len_resp_id_list);
88
37
         const size_t len_requ_ext = reader.get_uint16_t();
89
37
         m_extension_bytes = reader.get_fixed<uint8_t>(len_requ_ext);
90
37
         }
91
1.20k
      else
92
1.20k
         {
93
1.20k
         reader.discard_next(extension_size - 1);
94
1.20k
         }
95
1.23k
      }
96
2.10k
   }
97
98
Certificate_Status_Request::Certificate_Status_Request(const std::vector<uint8_t>& ocsp_responder_ids,
99
                                                       const std::vector<std::vector<uint8_t>>& ocsp_key_ids) :
100
   m_ocsp_names(ocsp_responder_ids),
101
   m_ocsp_keys(ocsp_key_ids)
102
1.67k
   {
103
1.67k
   }
104
105
}