Coverage Report

Created: 2022-11-24 06:56

/src/botan/src/lib/tls/tls12/msg_certificate_12.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* Certificate Message
3
* (C) 2004-2006,2012,2020 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#include <botan/tls_messages.h>
9
#include <botan/tls_extensions.h>
10
#include <botan/tls_exceptn.h>
11
#include <botan/tls_alert.h>
12
#include <botan/internal/tls_reader.h>
13
#include <botan/internal/tls_handshake_io.h>
14
#include <botan/internal/tls_handshake_hash.h>
15
#include <botan/internal/loadstor.h>
16
#include <botan/data_src.h>
17
18
namespace Botan::TLS {
19
20
/**
21
* Create a new Certificate message
22
*/
23
Certificate_12::Certificate_12(Handshake_IO& io,
24
                               Handshake_Hash& hash,
25
                               const std::vector<X509_Certificate>& cert_list) :
26
   m_certs(cert_list)
27
145
   {
28
145
   hash.update(io.send(*this));
29
145
   }
30
31
/**
32
* Deserialize a Certificate message
33
*/
34
Certificate_12::Certificate_12(const std::vector<uint8_t>& buf, const Policy& policy)
35
0
   {
36
0
   if(buf.size() < 3)
37
0
      throw Decoding_Error("Certificate: Message malformed");
38
39
0
   const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]);
40
41
0
   if(total_size != buf.size() - 3)
42
0
      throw Decoding_Error("Certificate: Message malformed");
43
44
0
   const size_t max_size = policy.maximum_certificate_chain_size();
45
0
   if(max_size > 0 && total_size > max_size)
46
0
      throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
47
48
0
   const uint8_t* certs = buf.data() + 3;
49
50
0
   while(size_t remaining_bytes = buf.data() + buf.size() - certs)
51
0
      {
52
0
      if(remaining_bytes < 3)
53
0
         throw Decoding_Error("Certificate: Message malformed");
54
55
0
      const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]);
56
57
0
      if(remaining_bytes < (3 + cert_size))
58
0
         throw Decoding_Error("Certificate: Message malformed");
59
60
0
      DataSource_Memory cert_buf(&certs[3], cert_size);
61
0
      m_certs.push_back(X509_Certificate(cert_buf));
62
63
0
      certs += cert_size + 3;
64
0
      }
65
66
   /*
67
   * TLS 1.0 through 1.2 all seem to require that the certificate be
68
   * precisely a v3 certificate. In fact the strict wording would seem
69
   * to require that every certificate in the chain be v3. But often
70
   * the intermediates are outside of the control of the server.
71
   * But, require that the leaf certificate be v3
72
   */
73
0
   if(!m_certs.empty() && m_certs[0].x509_version() != 3)
74
0
      {
75
0
      throw TLS_Exception(Alert::BAD_CERTIFICATE,
76
0
                          "The leaf certificate must be v3");
77
0
      }
78
0
   }
79
80
/**
81
* Serialize a Certificate message
82
*/
83
std::vector<uint8_t> Certificate_12::serialize() const
84
145
   {
85
145
   std::vector<uint8_t> buf(3);
86
87
145
   for(const auto& cert : m_certs)
88
145
      {
89
145
      const auto raw_cert = cert.BER_encode();
90
145
      const size_t cert_size = raw_cert.size();
91
580
      for(size_t j = 0; j != 3; ++j)
92
435
         {
93
435
         buf.push_back(get_byte_var(j+1, static_cast<uint32_t>(cert_size)));
94
435
         }
95
145
      buf += raw_cert;
96
145
      }
97
98
145
   const size_t buf_size = buf.size() - 3;
99
580
   for(size_t i = 0; i != 3; ++i)
100
435
      buf[i] = get_byte_var(i+1, static_cast<uint32_t>(buf_size));
101
102
145
   return buf;
103
145
   }
104
105
}