5079590438

Committed 25 May 2023 12:28PM UTC coverage: 92.228% (+0.5%) from 91.723%

Build # 5079590438

Build Type

Pull #3502

github

Pull Request Pull Request #3502: Apply clang-format to the codebase

Run Details

75589 of 81959 relevant lines covered (92.23%)

12139530.51 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

90.43

/src/lib/pubkey/pubkey.cpp

/*
* (C) 1999-2010,2015,2018 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/pubkey.h>

#include <botan/ber_dec.h>
#include <botan/bigint.h>
#include <botan/der_enc.h>
#include <botan/rng.h>
#include <botan/internal/ct_utils.h>
#include <botan/internal/fmt.h>
#include <botan/internal/parsing.h>
#include <botan/internal/pk_ops.h>
#include <botan/internal/pss_params.h>

namespace Botan {

secure_vector<uint8_t> PK_Decryptor::decrypt(const uint8_t in[], size_t length) const {
   uint8_t valid_mask = 0;

   secure_vector<uint8_t> decoded = do_decrypt(valid_mask, in, length);

   if(valid_mask == 0)
      throw Decoding_Error("Invalid public key ciphertext, cannot decrypt");

   return decoded;
}

secure_vector<uint8_t> PK_Decryptor::decrypt_or_random(const uint8_t in[],
                                                       size_t length,
                                                       size_t expected_pt_len,
                                                       RandomNumberGenerator& rng,
                                                       const uint8_t required_content_bytes[],
                                                       const uint8_t required_content_offsets[],
                                                       size_t required_contents_length) const {
   const secure_vector<uint8_t> fake_pms = rng.random_vec(expected_pt_len);

   uint8_t decrypt_valid = 0;
   secure_vector<uint8_t> decoded = do_decrypt(decrypt_valid, in, length);

   auto valid_mask = CT::Mask<uint8_t>::is_equal(decrypt_valid, 0xFF);
   valid_mask &= CT::Mask<uint8_t>(CT::Mask<size_t>::is_zero(decoded.size() ^ expected_pt_len));

   decoded.resize(expected_pt_len);

   for(size_t i = 0; i != required_contents_length; ++i) {
      /*
      These values are chosen by the application and for TLS are constants,
      so this early failure via assert is fine since we know 0,1 < 48

      If there is a protocol that has content checks on the key where
      the expected offsets are controllable by the attacker this could
      still leak.

      Alternately could always reduce the offset modulo the length?
      */

      const uint8_t exp = required_content_bytes[i];
      const uint8_t off = required_content_offsets[i];

      BOTAN_ASSERT(off < expected_pt_len, "Offset in range of plaintext");

      auto eq = CT::Mask<uint8_t>::is_equal(decoded[off], exp);

      valid_mask &= eq;
   }

   // If valid_mask is false, assign fake pre master instead
   valid_mask.select_n(decoded.data(), decoded.data(), fake_pms.data(), expected_pt_len);

   return decoded;
}

secure_vector<uint8_t> PK_Decryptor::decrypt_or_random(const uint8_t in[],
                                                       size_t length,
                                                       size_t expected_pt_len,
                                                       RandomNumberGenerator& rng) const {
   return decrypt_or_random(in, length, expected_pt_len, rng, nullptr, nullptr, 0);
}

PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key,
                                   RandomNumberGenerator& rng,
                                   std::string_view padding,
                                   std::string_view provider) {
   m_op = key.create_encryption_op(rng, padding, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support encryption", key.algo_name()));
   }
}

PK_Encryptor_EME::~PK_Encryptor_EME() = default;

size_t PK_Encryptor_EME::ciphertext_length(size_t ptext_len) const { return m_op->ciphertext_length(ptext_len); }

std::vector<uint8_t> PK_Encryptor_EME::enc(const uint8_t in[], size_t length, RandomNumberGenerator& rng) const {
   return unlock(m_op->encrypt(in, length, rng));
}

size_t PK_Encryptor_EME::maximum_input_size() const { return m_op->max_input_bits() / 8; }

PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key,
                                   RandomNumberGenerator& rng,
                                   std::string_view padding,
                                   std::string_view provider) {
   m_op = key.create_decryption_op(rng, padding, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support decryption", key.algo_name()));
   }
}

PK_Decryptor_EME::~PK_Decryptor_EME() = default;

size_t PK_Decryptor_EME::plaintext_length(size_t ctext_len) const { return m_op->plaintext_length(ctext_len); }

secure_vector<uint8_t> PK_Decryptor_EME::do_decrypt(uint8_t& valid_mask, const uint8_t in[], size_t in_len) const {
   return m_op->decrypt(valid_mask, in, in_len);
}

PK_KEM_Encryptor::PK_KEM_Encryptor(const Public_Key& key, std::string_view param, std::string_view provider) {
   m_op = key.create_kem_encryption_op(param, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support KEM encryption"));
   }
}

PK_KEM_Encryptor::~PK_KEM_Encryptor() = default;

size_t PK_KEM_Encryptor::shared_key_length(size_t desired_shared_key_len) const {
   return m_op->shared_key_length(desired_shared_key_len);
}

size_t PK_KEM_Encryptor::encapsulated_key_length() const { return m_op->encapsulated_key_length(); }

void PK_KEM_Encryptor::encrypt(secure_vector<uint8_t>& out_encapsulated_key,
                               secure_vector<uint8_t>& out_shared_key,
                               size_t desired_shared_key_len,
                               RandomNumberGenerator& rng,
                               const uint8_t salt[],
                               size_t salt_len) {
   m_op->kem_encrypt(out_encapsulated_key, out_shared_key, desired_shared_key_len, rng, salt, salt_len);
}

size_t PK_KEM_Decryptor::shared_key_length(size_t desired_shared_key_len) const {
   return m_op->shared_key_length(desired_shared_key_len);
}

PK_KEM_Decryptor::PK_KEM_Decryptor(const Private_Key& key,
                                   RandomNumberGenerator& rng,
                                   std::string_view param,
                                   std::string_view provider) {
   m_op = key.create_kem_decryption_op(rng, param, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support KEM decryption", key.algo_name()));
   }
}

PK_KEM_Decryptor::~PK_KEM_Decryptor() = default;

secure_vector<uint8_t> PK_KEM_Decryptor::decrypt(const uint8_t encap_key[],
                                                 size_t encap_key_len,
                                                 size_t desired_shared_key_len,
                                                 const uint8_t salt[],
                                                 size_t salt_len) {
   return m_op->kem_decrypt(encap_key, encap_key_len, desired_shared_key_len, salt, salt_len);
}

PK_Key_Agreement::PK_Key_Agreement(PK_Key_Agreement&&) noexcept = default;

PK_Key_Agreement::PK_Key_Agreement(const Private_Key& key,
                                   RandomNumberGenerator& rng,
                                   std::string_view kdf,
                                   std::string_view provider) {
   m_op = key.create_key_agreement_op(rng, kdf, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support key agreement", key.algo_name()));
   }
}

PK_Key_Agreement::~PK_Key_Agreement() = default;

size_t PK_Key_Agreement::agreed_value_size() const { return m_op->agreed_value_size(); }

SymmetricKey PK_Key_Agreement::derive_key(
   size_t key_len, const uint8_t in[], size_t in_len, const uint8_t salt[], size_t salt_len) const {
   return SymmetricKey(m_op->agree(key_len, in, in_len, salt, salt_len));
}

static void check_der_format_supported(Signature_Format format, size_t parts) {
   if(format != Signature_Format::Standard && parts == 1) {
      throw Invalid_Argument("This algorithm does not support DER encoding");
   }
}

PK_Signer::PK_Signer(const Private_Key& key,
                     RandomNumberGenerator& rng,
                     std::string_view emsa,
                     Signature_Format format,
                     std::string_view provider) {
   m_op = key.create_signature_op(rng, emsa, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support signature generation", key.algo_name()));
   }
   m_sig_format = format;
   m_parts = key.message_parts();
   m_part_size = key.message_part_size();
   check_der_format_supported(format, m_parts);
}

AlgorithmIdentifier PK_Signer::algorithm_identifier() const { return m_op->algorithm_identifier(); }

std::string PK_Signer::hash_function() const { return m_op->hash_function(); }

PK_Signer::~PK_Signer() = default;

void PK_Signer::update(const uint8_t in[], size_t length) { m_op->update(in, length); }

namespace {

std::vector<uint8_t> der_encode_signature(const std::vector<uint8_t>& sig, size_t parts, size_t part_size) {
   if(sig.size() % parts != 0 || sig.size() != parts * part_size)
      throw Encoding_Error("Unexpected size for DER signature");

   std::vector<BigInt> sig_parts(parts);
   for(size_t i = 0; i != sig_parts.size(); ++i)
      sig_parts[i].binary_decode(&sig[part_size * i], part_size);

   std::vector<uint8_t> output;
   DER_Encoder(output).start_sequence().encode_list(sig_parts).end_cons();
   return output;
}

}

size_t PK_Signer::signature_length() const {
   if(m_sig_format == Signature_Format::Standard) {
      return m_op->signature_length();
   } else if(m_sig_format == Signature_Format::DerSequence) {
      // This is a large over-estimate but its easier than computing
      // the exact value
      return m_op->signature_length() + (8 + 4 * m_parts);
   } else
      throw Internal_Error("PK_Signer: Invalid signature format enum");
}

std::vector<uint8_t> PK_Signer::signature(RandomNumberGenerator& rng) {
   std::vector<uint8_t> sig = unlock(m_op->sign(rng));

   if(m_sig_format == Signature_Format::Standard) {
      return sig;
   } else if(m_sig_format == Signature_Format::DerSequence) {
      return der_encode_signature(sig, m_parts, m_part_size);
   } else
      throw Internal_Error("PK_Signer: Invalid signature format enum");
}

PK_Verifier::PK_Verifier(const Public_Key& key,
                         std::string_view emsa,
                         Signature_Format format,
                         std::string_view provider) {
   m_op = key.create_verification_op(emsa, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support signature verification", key.algo_name()));
   }
   m_sig_format = format;
   m_parts = key.message_parts();
   m_part_size = key.message_part_size();
   check_der_format_supported(format, m_parts);
}

PK_Verifier::PK_Verifier(const Public_Key& key,
                         const AlgorithmIdentifier& signature_algorithm,
                         std::string_view provider) {
   m_op = key.create_x509_verification_op(signature_algorithm, provider);

   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support X.509 signature verification", key.algo_name()));
   }

   m_sig_format = key.default_x509_signature_format();
   m_parts = key.message_parts();
   m_part_size = key.message_part_size();
   check_der_format_supported(m_sig_format, m_parts);
}

PK_Verifier::~PK_Verifier() = default;

std::string PK_Verifier::hash_function() const { return m_op->hash_function(); }

void PK_Verifier::set_input_format(Signature_Format format) {
   check_der_format_supported(format, m_parts);
   m_sig_format = format;
}

bool PK_Verifier::verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length) {
   update(msg, msg_length);
   return check_signature(sig, sig_length);
}

void PK_Verifier::update(const uint8_t in[], size_t length) { m_op->update(in, length); }

namespace {

std::vector<uint8_t> decode_der_signature(const uint8_t sig[], size_t length, size_t sig_parts, size_t sig_part_size) {
   std::vector<uint8_t> real_sig;
   BER_Decoder decoder(sig, length);
   BER_Decoder ber_sig = decoder.start_sequence();

   BOTAN_ASSERT_NOMSG(sig_parts != 0 && sig_part_size != 0);

   size_t count = 0;

   while(ber_sig.more_items()) {
      BigInt sig_part;
      ber_sig.decode(sig_part);
      real_sig += BigInt::encode_1363(sig_part, sig_part_size);
      ++count;
   }

   if(count != sig_parts)
      throw Decoding_Error("PK_Verifier: signature size invalid");

   const std::vector<uint8_t> reencoded = der_encode_signature(real_sig, sig_parts, sig_part_size);

   if(reencoded.size() != length || same_mem(reencoded.data(), sig, reencoded.size()) == false) {
      throw Decoding_Error("PK_Verifier: signature is not the canonical DER encoding");
   }
   return real_sig;
}

}

bool PK_Verifier::check_signature(const uint8_t sig[], size_t length) {
   try {
      if(m_sig_format == Signature_Format::Standard) {
         return m_op->is_valid_signature(sig, length);
      } else if(m_sig_format == Signature_Format::DerSequence) {
         bool decoding_success = false;
         std::vector<uint8_t> real_sig;

         try {
            real_sig = decode_der_signature(sig, length, m_parts, m_part_size);
            decoding_success = true;
         } catch(Decoding_Error&) {}

         bool accept = m_op->is_valid_signature(real_sig.data(), real_sig.size());

         return accept && decoding_success;
      } else
         throw Internal_Error("PK_Verifier: Invalid signature format enum");
   } catch(Invalid_Argument&) { return false; } catch(Decoding_Error&) {
      return false;
   } catch(Encoding_Error&) { return false; }
}

}

1	/*
2	* (C) 1999-2010,2015,2018 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include <botan/pubkey.h>
8
9	#include <botan/ber_dec.h>
10	#include <botan/bigint.h>
11	#include <botan/der_enc.h>
12	#include <botan/rng.h>
13	#include <botan/internal/ct_utils.h>
14	#include <botan/internal/fmt.h>
15	#include <botan/internal/parsing.h>
16	#include <botan/internal/pk_ops.h>
17	#include <botan/internal/pss_params.h>
18
19	namespace Botan {
20
21	secure_vector<uint8_t> PK_Decryptor::decrypt(const uint8_t in[], size_t length) const {	5,541✔
22	uint8_t valid_mask = 0;	5,541✔
23
24	secure_vector<uint8_t> decoded = do_decrypt(valid_mask, in, length);	5,541✔
25
26	if(valid_mask == 0)	5,513✔
27	throw Decoding_Error("Invalid public key ciphertext, cannot decrypt");	3,180✔
28
29	return decoded;	2,333✔
30	}	3,180✔
31
32	secure_vector<uint8_t> PK_Decryptor::decrypt_or_random(const uint8_t in[],	134✔
33	size_t length,
34	size_t expected_pt_len,
35	RandomNumberGenerator& rng,
36	const uint8_t required_content_bytes[],
37	const uint8_t required_content_offsets[],
38	size_t required_contents_length) const {
39	const secure_vector<uint8_t> fake_pms = rng.random_vec(expected_pt_len);	134✔
40
41	uint8_t decrypt_valid = 0;	134✔
42	secure_vector<uint8_t> decoded = do_decrypt(decrypt_valid, in, length);	134✔
43
44	auto valid_mask = CT::Mask<uint8_t>::is_equal(decrypt_valid, 0xFF);	134✔
45	valid_mask &= CT::Mask<uint8_t>(CT::Mask<size_t>::is_zero(decoded.size() ^ expected_pt_len));	134✔
46
47	decoded.resize(expected_pt_len);	134✔
48
49	for(size_t i = 0; i != required_contents_length; ++i) {	248✔
50	/*
51	These values are chosen by the application and for TLS are constants,
52	so this early failure via assert is fine since we know 0,1 < 48
53
54	If there is a protocol that has content checks on the key where
55	the expected offsets are controllable by the attacker this could
56	still leak.
57
58	Alternately could always reduce the offset modulo the length?
59	*/
60
61	const uint8_t exp = required_content_bytes[i];	114✔
62	const uint8_t off = required_content_offsets[i];	114✔
63
64	BOTAN_ASSERT(off < expected_pt_len, "Offset in range of plaintext");	114✔
65
66	auto eq = CT::Mask<uint8_t>::is_equal(decoded[off], exp);	114✔
67
68	valid_mask &= eq;	114✔
69	}
70
71	// If valid_mask is false, assign fake pre master instead
72	valid_mask.select_n(decoded.data(), decoded.data(), fake_pms.data(), expected_pt_len);	134✔
73
74	return decoded;	134✔
75	}	134✔
76
77	secure_vector<uint8_t> PK_Decryptor::decrypt_or_random(const uint8_t in[],	77✔
78	size_t length,
79	size_t expected_pt_len,
80	RandomNumberGenerator& rng) const {
81	return decrypt_or_random(in, length, expected_pt_len, rng, nullptr, nullptr, 0);	77✔
82	}
83
84	PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key,	610✔
85	RandomNumberGenerator& rng,
86	std::string_view padding,
87	std::string_view provider) {	610✔
88	m_op = key.create_encryption_op(rng, padding, provider);	610✔
89	if(!m_op) {	208✔
90	throw Invalid_Argument(fmt("Key type {} does not support encryption", key.algo_name()));	×
91	}
92	}	610✔
93
94	PK_Encryptor_EME::~PK_Encryptor_EME() = default;	347✔
95
96	size_t PK_Encryptor_EME::ciphertext_length(size_t ptext_len) const { return m_op->ciphertext_length(ptext_len); }	139✔
97
98	std::vector<uint8_t> PK_Encryptor_EME::enc(const uint8_t in[], size_t length, RandomNumberGenerator& rng) const {	276✔
99	return unlock(m_op->encrypt(in, length, rng));	552✔
100	}
101
102	size_t PK_Encryptor_EME::maximum_input_size() const { return m_op->max_input_bits() / 8; }	144✔
103
104	PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key,	784✔
105	RandomNumberGenerator& rng,
106	std::string_view padding,
107	std::string_view provider) {	784✔
108	m_op = key.create_decryption_op(rng, padding, provider);	784✔
109	if(!m_op) {	256✔
110	throw Invalid_Argument(fmt("Key type {} does not support decryption", key.algo_name()));	×
111	}
112	}	784✔
113
114	PK_Decryptor_EME::~PK_Decryptor_EME() = default;	437✔
115
116	size_t PK_Decryptor_EME::plaintext_length(size_t ctext_len) const { return m_op->plaintext_length(ctext_len); }	138✔
117
118	secure_vector<uint8_t> PK_Decryptor_EME::do_decrypt(uint8_t& valid_mask, const uint8_t in[], size_t in_len) const {	3,952✔
119	return m_op->decrypt(valid_mask, in, in_len);	3,952✔
120	}
121
122	PK_KEM_Encryptor::PK_KEM_Encryptor(const Public_Key& key, std::string_view param, std::string_view provider) {	720✔
123	m_op = key.create_kem_encryption_op(param, provider);	720✔
124	if(!m_op) {	720✔
125	throw Invalid_Argument(fmt("Key type {} does not support KEM encryption"));	×
126	}
127	}	720✔
128
129	PK_KEM_Encryptor::~PK_KEM_Encryptor() = default;	720✔
130
131	size_t PK_KEM_Encryptor::shared_key_length(size_t desired_shared_key_len) const {	12✔
132	return m_op->shared_key_length(desired_shared_key_len);	12✔
133	}
134
135	size_t PK_KEM_Encryptor::encapsulated_key_length() const { return m_op->encapsulated_key_length(); }	12✔
136
137	void PK_KEM_Encryptor::encrypt(secure_vector<uint8_t>& out_encapsulated_key,	3,198✔
138	secure_vector<uint8_t>& out_shared_key,
139	size_t desired_shared_key_len,
140	RandomNumberGenerator& rng,
141	const uint8_t salt[],
142	size_t salt_len) {
143	m_op->kem_encrypt(out_encapsulated_key, out_shared_key, desired_shared_key_len, rng, salt, salt_len);	3,198✔
144	}	3,198✔
145
146	size_t PK_KEM_Decryptor::shared_key_length(size_t desired_shared_key_len) const {	12✔
147	return m_op->shared_key_length(desired_shared_key_len);	12✔
148	}
149
150	PK_KEM_Decryptor::PK_KEM_Decryptor(const Private_Key& key,	720✔
151	RandomNumberGenerator& rng,
152	std::string_view param,
153	std::string_view provider) {	720✔
154	m_op = key.create_kem_decryption_op(rng, param, provider);	720✔
155	if(!m_op) {	720✔
156	throw Invalid_Argument(fmt("Key type {} does not support KEM decryption", key.algo_name()));	×
157	}
158	}	720✔
159
160	PK_KEM_Decryptor::~PK_KEM_Decryptor() = default;	720✔
161
162	secure_vector<uint8_t> PK_KEM_Decryptor::decrypt(const uint8_t encap_key[],	3,216✔
163	size_t encap_key_len,
164	size_t desired_shared_key_len,
165	const uint8_t salt[],
166	size_t salt_len) {
167	return m_op->kem_decrypt(encap_key, encap_key_len, desired_shared_key_len, salt, salt_len);	3,216✔
168	}
169
170	PK_Key_Agreement::PK_Key_Agreement(PK_Key_Agreement&&) noexcept = default;	×
171
172	PK_Key_Agreement::PK_Key_Agreement(const Private_Key& key,	3,399✔
173	RandomNumberGenerator& rng,
174	std::string_view kdf,
175	std::string_view provider) {	3,399✔
176	m_op = key.create_key_agreement_op(rng, kdf, provider);	3,399✔
177	if(!m_op) {	2,595✔
178	throw Invalid_Argument(fmt("Key type {} does not support key agreement", key.algo_name()));	×
179	}
180	}	3,399✔
181
182	PK_Key_Agreement::~PK_Key_Agreement() = default;	2,595✔
183
184	size_t PK_Key_Agreement::agreed_value_size() const { return m_op->agreed_value_size(); }	264✔
185
186	SymmetricKey PK_Key_Agreement::derive_key(	4,180✔
187	size_t key_len, const uint8_t in[], size_t in_len, const uint8_t salt[], size_t salt_len) const {
188	return SymmetricKey(m_op->agree(key_len, in, in_len, salt, salt_len));	4,180✔
189	}
190
191	static void check_der_format_supported(Signature_Format format, size_t parts) {	27,587✔
192	if(format != Signature_Format::Standard && parts == 1) {	27,587✔
193	throw Invalid_Argument("This algorithm does not support DER encoding");	×
194	}
195	}	27,587✔
196
197	PK_Signer::PK_Signer(const Private_Key& key,	7,298✔
198	RandomNumberGenerator& rng,
199	std::string_view emsa,
200	Signature_Format format,
201	std::string_view provider) {	7,298✔
202	m_op = key.create_signature_op(rng, emsa, provider);	7,298✔
203	if(!m_op) {	3,813✔
204	throw Invalid_Argument(fmt("Key type {} does not support signature generation", key.algo_name()));	×
205	}
206	m_sig_format = format;	3,813✔
207	m_parts = key.message_parts();	3,813✔
208	m_part_size = key.message_part_size();	3,813✔
209	check_der_format_supported(format, m_parts);	3,813✔
210	}	7,298✔
211
212	AlgorithmIdentifier PK_Signer::algorithm_identifier() const { return m_op->algorithm_identifier(); }	365✔
213
214	std::string PK_Signer::hash_function() const { return m_op->hash_function(); }	559✔
215
216	PK_Signer::~PK_Signer() = default;	3,813✔
217
218	void PK_Signer::update(const uint8_t in[], size_t length) { m_op->update(in, length); }	4,542✔
219
220	namespace {
221
222	std::vector<uint8_t> der_encode_signature(const std::vector<uint8_t>& sig, size_t parts, size_t part_size) {	7,675✔
223	if(sig.size() % parts != 0 \|\| sig.size() != parts * part_size)	7,675✔
224	throw Encoding_Error("Unexpected size for DER signature");	×
225
226	std::vector<BigInt> sig_parts(parts);	7,675✔
227	for(size_t i = 0; i != sig_parts.size(); ++i)	23,025✔
228	sig_parts[i].binary_decode(&sig[part_size * i], part_size);	15,350✔
229
230	std::vector<uint8_t> output;	7,675✔
231	DER_Encoder(output).start_sequence().encode_list(sig_parts).end_cons();	30,700✔
232	return output;	7,675✔
233	}	7,675✔
234
235	}
236
237	size_t PK_Signer::signature_length() const {	1,172✔
238	if(m_sig_format == Signature_Format::Standard) {	1,172✔
239	return m_op->signature_length();	1,169✔
240	} else if(m_sig_format == Signature_Format::DerSequence) {	3✔
241	// This is a large over-estimate but its easier than computing
242	// the exact value
243	return m_op->signature_length() + (8 + 4 * m_parts);	3✔
244	} else
245	throw Internal_Error("PK_Signer: Invalid signature format enum");	×
246	}
247
248	std::vector<uint8_t> PK_Signer::signature(RandomNumberGenerator& rng) {	4,285✔
249	std::vector<uint8_t> sig = unlock(m_op->sign(rng));	8,569✔
250
251	if(m_sig_format == Signature_Format::Standard) {	4,284✔
252	return sig;	4,284✔
253	} else if(m_sig_format == Signature_Format::DerSequence) {	380✔
254	return der_encode_signature(sig, m_parts, m_part_size);	380✔
255	} else
256	throw Internal_Error("PK_Signer: Invalid signature format enum");	×
257	}	4,284✔
258
259	PK_Verifier::PK_Verifier(const Public_Key& key,	60,673✔
260	std::string_view emsa,
261	Signature_Format format,
262	std::string_view provider) {	60,673✔
263	m_op = key.create_verification_op(emsa, provider);	60,673✔
264	if(!m_op) {	12,938✔
265	throw Invalid_Argument(fmt("Key type {} does not support signature verification", key.algo_name()));	×
266	}
267	m_sig_format = format;	12,938✔
268	m_parts = key.message_parts();	12,938✔
269	m_part_size = key.message_part_size();	12,938✔
270	check_der_format_supported(format, m_parts);	12,938✔
271	}	60,673✔
272
273	PK_Verifier::PK_Verifier(const Public_Key& key,	10,892✔
274	const AlgorithmIdentifier& signature_algorithm,
275	std::string_view provider) {	10,892✔
276	m_op = key.create_x509_verification_op(signature_algorithm, provider);	10,892✔
277
278	if(!m_op) {	10,836✔
279	throw Invalid_Argument(fmt("Key type {} does not support X.509 signature verification", key.algo_name()));	×
280	}
281
282	m_sig_format = key.default_x509_signature_format();	10,836✔
283	m_parts = key.message_parts();	10,836✔
284	m_part_size = key.message_part_size();	10,836✔
285	check_der_format_supported(m_sig_format, m_parts);	10,836✔
286	}	10,892✔
287
288	PK_Verifier::~PK_Verifier() = default;	23,774✔
289
290	std::string PK_Verifier::hash_function() const { return m_op->hash_function(); }	10,173✔
291
292	void PK_Verifier::set_input_format(Signature_Format format) {	×
293	check_der_format_supported(format, m_parts);	×
294	m_sig_format = format;	×
295	}	×
296
297	bool PK_Verifier::verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length) {	63,187✔
298	update(msg, msg_length);	63,187✔
299	return check_signature(sig, sig_length);	63,187✔
300	}
301
302	void PK_Verifier::update(const uint8_t in[], size_t length) { m_op->update(in, length); }	66,677✔
303
304	namespace {
305
306	std::vector<uint8_t> decode_der_signature(const uint8_t sig[], size_t length, size_t sig_parts, size_t sig_part_size) {	9,588✔
307	std::vector<uint8_t> real_sig;	9,588✔
308	BER_Decoder decoder(sig, length);	9,588✔
309	BER_Decoder ber_sig = decoder.start_sequence();	9,588✔
310
311	BOTAN_ASSERT_NOMSG(sig_parts != 0 && sig_part_size != 0);	9,246✔
312
313	size_t count = 0;
314
315	while(ber_sig.more_items()) {	25,651✔
316	BigInt sig_part;	18,241✔
317	ber_sig.decode(sig_part);	18,241✔
318	real_sig += BigInt::encode_1363(sig_part, sig_part_size);	18,241✔
319	++count;	16,405✔
320	}	18,241✔
321
322	if(count != sig_parts)	7,410✔
323	throw Decoding_Error("PK_Verifier: signature size invalid");	115✔
324
325	const std::vector<uint8_t> reencoded = der_encode_signature(real_sig, sig_parts, sig_part_size);	7,295✔
326
327	if(reencoded.size() != length \|\| same_mem(reencoded.data(), sig, reencoded.size()) == false) {	14,151✔
328	throw Decoding_Error("PK_Verifier: signature is not the canonical DER encoding");	927✔
329	}
330	return real_sig;	12,736✔
331	}	12,466✔
332
333	}
334
335	bool PK_Verifier::check_signature(const uint8_t sig[], size_t length) {	67,064✔
336	try {	67,064✔
337	if(m_sig_format == Signature_Format::Standard) {	67,064✔
338	return m_op->is_valid_signature(sig, length);	57,476✔
339	} else if(m_sig_format == Signature_Format::DerSequence) {	9,588✔
340	bool decoding_success = false;	9,588✔
341	std::vector<uint8_t> real_sig;	9,588✔
342
343	try {	9,588✔
344	real_sig = decode_der_signature(sig, length, m_parts, m_part_size);	15,956✔
345	decoding_success = true;	6,368✔
346	} catch(Decoding_Error&) {}	3,220✔
347
348	bool accept = m_op->is_valid_signature(real_sig.data(), real_sig.size());	9,365✔
349
350	return accept && decoding_success;	9,365✔
351	} else	9,588✔
352	throw Internal_Error("PK_Verifier: Invalid signature format enum");	×
353	} catch(Invalid_Argument&) { return false; } catch(Decoding_Error&) {	324✔
354	return false;	101✔
355	} catch(Encoding_Error&) { return false; }	324✔
356	}
357
358	}

randombit / botan / 5079590438

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous