5123321399

Committed 30 May 2023 04:06PM UTC coverage: 92.213% (+0.004%) from 92.209%

Build # 5123321399

Build Type

Pull #3558

github

Committed by

web-flow

Commit Message

Merge dd72f7389 into 057bcbc35

Pull Request Pull Request #3558: Add braces around all if/else statements

Run Details

75602 of 81986 relevant lines covered (92.21%)

11859779.3 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.65

/src/lib/tls/msg_cert_req.cpp

/*
* Certificate Request Message
* (C) 2004-2006,2012 Jack Lloyd
*     2021 Elektrobit Automotive GmbH
*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_messages.h>

#include <botan/ber_dec.h>
#include <botan/der_enc.h>
#include <botan/tls_extensions.h>
#include <botan/internal/tls_handshake_hash.h>
#include <botan/internal/tls_handshake_io.h>
#include <botan/internal/tls_reader.h>

namespace Botan::TLS {

Handshake_Type Certificate_Request_12::type() const { return Handshake_Type::CertificateRequest; }

namespace {

std::string cert_type_code_to_name(uint8_t code) {
   switch(code) {
      case 1:
         return "RSA";
      case 64:
         return "ECDSA";
      default:
         return "";  // DH or something else
   }
}

uint8_t cert_type_name_to_code(std::string_view name) {
   if(name == "RSA") {
      return 1;
   }
   if(name == "ECDSA") {
      return 64;
   }

   throw Invalid_Argument(fmt("Unknown/unhandled TLS cert type {}", name));
}

}  // namespace

/**
* Create a new Certificate Request message
*/
Certificate_Request_12::Certificate_Request_12(Handshake_IO& io,
                                               Handshake_Hash& hash,
                                               const Policy& policy,
                                               const std::vector<X509_DN>& ca_certs) :
      m_names(ca_certs), m_cert_key_types({"RSA", "ECDSA"}) {
   m_schemes = policy.acceptable_signature_schemes();
   hash.update(io.send(*this));
}

/**
* Deserialize a Certificate Request message
*/
Certificate_Request_12::Certificate_Request_12(const std::vector<uint8_t>& buf) {
   if(buf.size() < 4) {
      throw Decoding_Error("Certificate_Req: Bad certificate request");
   }

   TLS_Data_Reader reader("CertificateRequest", buf);

   const auto cert_type_codes = reader.get_range_vector<uint8_t>(1, 1, 255);

   for(const auto cert_type_code : cert_type_codes) {
      const std::string cert_type_name = cert_type_code_to_name(cert_type_code);

      if(cert_type_name.empty()) {  // something we don't know
         continue;
      }

      m_cert_key_types.emplace_back(cert_type_name);
   }

   const std::vector<uint8_t> algs = reader.get_range_vector<uint8_t>(2, 2, 65534);

   if(algs.size() % 2 != 0) {
      throw Decoding_Error("Bad length for signature IDs in certificate request");
   }

   for(size_t i = 0; i != algs.size(); i += 2) {
      m_schemes.emplace_back(make_uint16(algs[i], algs[i + 1]));
   }

   const uint16_t purported_size = reader.get_uint16_t();

   if(reader.remaining_bytes() != purported_size) {
      throw Decoding_Error("Inconsistent length in certificate request");
   }

   while(reader.has_remaining()) {
      std::vector<uint8_t> name_bits = reader.get_range_vector<uint8_t>(2, 0, 65535);

      BER_Decoder decoder(name_bits.data(), name_bits.size());
      X509_DN name;
      decoder.decode(name);
      m_names.emplace_back(name);
   }
}

const std::vector<std::string>& Certificate_Request_12::acceptable_cert_types() const { return m_cert_key_types; }

const std::vector<X509_DN>& Certificate_Request_12::acceptable_CAs() const { return m_names; }

const std::vector<Signature_Scheme>& Certificate_Request_12::signature_schemes() const { return m_schemes; }

/**
* Serialize a Certificate Request message
*/
std::vector<uint8_t> Certificate_Request_12::serialize() const {
   std::vector<uint8_t> buf;

   std::vector<uint8_t> cert_types;

   cert_types.reserve(m_cert_key_types.size());
   for(const auto& cert_key_type : m_cert_key_types) {
      cert_types.push_back(cert_type_name_to_code(cert_key_type));
   }

   append_tls_length_value(buf, cert_types, 1);

   if(!m_schemes.empty()) {
      buf += Signature_Algorithms(m_schemes).serialize(Connection_Side::Server);
   }

   std::vector<uint8_t> encoded_names;

   for(const auto& name : m_names) {
      DER_Encoder encoder;
      encoder.encode(name);

      append_tls_length_value(encoded_names, encoder.get_contents(), 2);
   }

   append_tls_length_value(buf, encoded_names, 2);

   return buf;
}
}  // namespace Botan::TLS

1	/*
2	* Certificate Request Message
3	* (C) 2004-2006,2012 Jack Lloyd
4	* 2021 Elektrobit Automotive GmbH
5	* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include <botan/tls_messages.h>
11
12	#include <botan/ber_dec.h>
13	#include <botan/der_enc.h>
14	#include <botan/tls_extensions.h>
15	#include <botan/internal/tls_handshake_hash.h>
16	#include <botan/internal/tls_handshake_io.h>
17	#include <botan/internal/tls_reader.h>
18
19	namespace Botan::TLS {
20
21	Handshake_Type Certificate_Request_12::type() const { return Handshake_Type::CertificateRequest; }	623✔
22
23	namespace {
24
25	std::string cert_type_code_to_name(uint8_t code) {	361✔
26	switch(code) {	361✔
27	case 1:	180✔
28	return "RSA";	180✔
29	case 64:	180✔
30	return "ECDSA";	180✔
31	default:	1✔
32	return ""; // DH or something else	1✔
33	}
34	}
35
36	uint8_t cert_type_name_to_code(std::string_view name) {	470✔
37	if(name == "RSA") {	470✔
38	return 1;	235✔
39	}
40	if(name == "ECDSA") {	235✔
41	return 64;	235✔
42	}
43
44	throw Invalid_Argument(fmt("Unknown/unhandled TLS cert type {}", name));	×
45	}
46
47	} // namespace
48
49	/**
50	* Create a new Certificate Request message
51	*/
52	Certificate_Request_12::Certificate_Request_12(Handshake_IO& io,	235✔
53	Handshake_Hash& hash,
54	const Policy& policy,
55	const std::vector<X509_DN>& ca_certs) :	235✔
56	m_names(ca_certs), m_cert_key_types({"RSA", "ECDSA"}) {	940✔
57	m_schemes = policy.acceptable_signature_schemes();	235✔
58	hash.update(io.send(*this));	470✔
59	}	235✔
60
61	/**
62	* Deserialize a Certificate Request message
63	*/
64	Certificate_Request_12::Certificate_Request_12(const std::vector<uint8_t>& buf) {	180✔
65	if(buf.size() < 4) {	180✔
66	throw Decoding_Error("Certificate_Req: Bad certificate request");	×
67	}
68
69	TLS_Data_Reader reader("CertificateRequest", buf);	180✔
70
71	const auto cert_type_codes = reader.get_range_vector<uint8_t>(1, 1, 255);	180✔
72
73	for(const auto cert_type_code : cert_type_codes) {	541✔
74	const std::string cert_type_name = cert_type_code_to_name(cert_type_code);	361✔
75
76	if(cert_type_name.empty()) { // something we don't know	361✔
77	continue;	1✔
78	}
79
80	m_cert_key_types.emplace_back(cert_type_name);	360✔
81	}	361✔
82
83	const std::vector<uint8_t> algs = reader.get_range_vector<uint8_t>(2, 2, 65534);	180✔
84
85	if(algs.size() % 2 != 0) {	178✔
86	throw Decoding_Error("Bad length for signature IDs in certificate request");	×
87	}
88
89	for(size_t i = 0; i != algs.size(); i += 2) {	1,476✔
90	m_schemes.emplace_back(make_uint16(algs[i], algs[i + 1]));	1,300✔
91	}
92
93	const uint16_t purported_size = reader.get_uint16_t();	178✔
94
95	if(reader.remaining_bytes() != purported_size) {	178✔
96	throw Decoding_Error("Inconsistent length in certificate request");	2✔
97	}
98
99	while(reader.has_remaining()) {	342✔
100	std::vector<uint8_t> name_bits = reader.get_range_vector<uint8_t>(2, 0, 65535);	166✔
101
102	BER_Decoder decoder(name_bits.data(), name_bits.size());	166✔
103	X509_DN name;	166✔
104	decoder.decode(name);	166✔
105	m_names.emplace_back(name);	166✔
106	}	332✔
107	}	364✔
108
109	const std::vector<std::string>& Certificate_Request_12::acceptable_cert_types() const { return m_cert_key_types; }	176✔
110
111	const std::vector<X509_DN>& Certificate_Request_12::acceptable_CAs() const { return m_names; }	176✔
112
113	const std::vector<Signature_Scheme>& Certificate_Request_12::signature_schemes() const { return m_schemes; }	206✔
114
115	/**
116	* Serialize a Certificate Request message
117	*/
118	std::vector<uint8_t> Certificate_Request_12::serialize() const {	235✔
119	std::vector<uint8_t> buf;	235✔
120
121	std::vector<uint8_t> cert_types;	235✔
122
123	cert_types.reserve(m_cert_key_types.size());	235✔
124	for(const auto& cert_key_type : m_cert_key_types) {	705✔
125	cert_types.push_back(cert_type_name_to_code(cert_key_type));	470✔
126	}
127
128	append_tls_length_value(buf, cert_types, 1);	235✔
129
130	if(!m_schemes.empty()) {	235✔
131	buf += Signature_Algorithms(m_schemes).serialize(Connection_Side::Server);	470✔
132	}
133
134	std::vector<uint8_t> encoded_names;	235✔
135
136	for(const auto& name : m_names) {	395✔
137	DER_Encoder encoder;	160✔
138	encoder.encode(name);	160✔
139
140	append_tls_length_value(encoded_names, encoder.get_contents(), 2);	320✔
141	}	160✔
142
143	append_tls_length_value(buf, encoded_names, 2);	235✔
144
145	return buf;	235✔
146	}	470✔
147	} // namespace Botan::TLS

randombit / botan / 5123321399

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous