randombit / botan / 5230455705

coverage: 91.715% (-0.03%) from 91.746%
5230455705

push

github

randombit 
Merge GH #3584 Change clang-format AllowShortFunctionsOnASingleLine config from All to Inline

77182 of 84154 relevant lines covered (91.72%)

11975295.43 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.89
/src/lib/tls/msg_cert_req.cpp
1 
/*
2 
* Certificate Request Message
3 
* (C) 2004-2006,2012 Jack Lloyd
4 
*     2021 Elektrobit Automotive GmbH
5 
*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6 
*
7 
* Botan is released under the Simplified BSD License (see license.txt)
8 
*/
9 









10



#include <botan/tls_messages.h>










11












12



#include <botan/ber_dec.h>










13



#include <botan/der_enc.h>










14



#include <botan/tls_extensions.h>










15



#include <botan/internal/tls_handshake_hash.h>










16



#include <botan/internal/tls_handshake_io.h>










17



#include <botan/internal/tls_reader.h>










18












19



namespace Botan::TLS {










20












21



Handshake_Type Certificate_Request_12::type() const {




621





22



   return Handshake_Type::CertificateRequest;




621





23



}










24












25



namespace {










26












27



std::string cert_type_code_to_name(uint8_t code) {




363





28



   switch(code) {




363





29



      case 1:




181





30



         return "RSA";




181





31



      case 64:




181





32



         return "ECDSA";




181





33



      default:




1





34



         return "";  // DH or something else




1





35



   }










36



}










37












38



uint8_t cert_type_name_to_code(std::string_view name) {




472





39



   if(name == "RSA") {




472





40



      return 1;




236





41



   }










42



   if(name == "ECDSA") {




236





43



      return 64;




236





44



   }










45












46



   throw Invalid_Argument(fmt("Unknown/unhandled TLS cert type {}", name));




×







47



}










48












49



}  // namespace










50












51



/**










52



* Create a new Certificate Request message










53



*/










54



Certificate_Request_12::Certificate_Request_12(Handshake_IO& io,




236





55



                                               Handshake_Hash& hash,










56



                                               const Policy& policy,










57



                                               const std::vector<X509_DN>& ca_certs) :




236





58



      m_names(ca_certs), m_cert_key_types({"RSA", "ECDSA"}) {




944





59



   m_schemes = policy.acceptable_signature_schemes();




236





60



   hash.update(io.send(*this));




472





61



}




236





62












63



/**










64



* Deserialize a Certificate Request message










65



*/










66



Certificate_Request_12::Certificate_Request_12(const std::vector<uint8_t>& buf) {




181





67



   if(buf.size() < 4) {




181





68



      throw Decoding_Error("Certificate_Req: Bad certificate request");




×







69



   }










70












71



   TLS_Data_Reader reader("CertificateRequest", buf);




181





72












73



   const auto cert_type_codes = reader.get_range_vector<uint8_t>(1, 1, 255);




181





74












75



   for(const auto cert_type_code : cert_type_codes) {




544





76



      const std::string cert_type_name = cert_type_code_to_name(cert_type_code);




363





77












78



      if(cert_type_name.empty()) {  // something we don't know




363





79



         continue;




1





80



      }










81












82



      m_cert_key_types.emplace_back(cert_type_name);




362





83



   }




363





84












85



   const std::vector<uint8_t> algs = reader.get_range_vector<uint8_t>(2, 2, 65534);




181





86












87



   if(algs.size() % 2 != 0) {




179





88



      throw Decoding_Error("Bad length for signature IDs in certificate request");




×







89



   }










90












91



   for(size_t i = 0; i != algs.size(); i += 2) {




1,494





92



      m_schemes.emplace_back(make_uint16(algs[i], algs[i + 1]));




1,317





93



   }










94












95



   const uint16_t purported_size = reader.get_uint16_t();




179





96












97



   if(reader.remaining_bytes() != purported_size) {




179





98



      throw Decoding_Error("Inconsistent length in certificate request");




2





99



   }










100












101



   while(reader.has_remaining()) {




345





102



      std::vector<uint8_t> name_bits = reader.get_range_vector<uint8_t>(2, 0, 65535);




168





103












104



      BER_Decoder decoder(name_bits.data(), name_bits.size());




168





105



      X509_DN name;




168





106



      decoder.decode(name);




168





107



      m_names.emplace_back(name);




168





108



   }




336





109



}




366





110












111



const std::vector<std::string>& Certificate_Request_12::acceptable_cert_types() const {




177





112



   return m_cert_key_types;




177





113



}










114












115



const std::vector<X509_DN>& Certificate_Request_12::acceptable_CAs() const {




177





116



   return m_names;




177





117



}










118












119



const std::vector<Signature_Scheme>& Certificate_Request_12::signature_schemes() const {




206





120



   return m_schemes;




206





121



}










122












123



/**










124



* Serialize a Certificate Request message










125



*/










126



std::vector<uint8_t> Certificate_Request_12::serialize() const {




236





127



   std::vector<uint8_t> buf;




236





128












129



   std::vector<uint8_t> cert_types;




236





130












131



   cert_types.reserve(m_cert_key_types.size());




236





132



   for(const auto& cert_key_type : m_cert_key_types) {




708





133



      cert_types.push_back(cert_type_name_to_code(cert_key_type));




472





134



   }










135












136



   append_tls_length_value(buf, cert_types, 1);




236





137












138



   if(!m_schemes.empty()) {




236





139



      buf += Signature_Algorithms(m_schemes).serialize(Connection_Side::Server);




472





140



   }










141












142



   std::vector<uint8_t> encoded_names;




236





143












144



   for(const auto& name : m_names) {




398





145



      DER_Encoder encoder;




162





146



      encoder.encode(name);




162





147












148



      append_tls_length_value(encoded_names, encoder.get_contents(), 2);




324





149



   }




162





150












151



   append_tls_length_value(buf, encoded_names, 2);




236





152












153



   return buf;




236





154



}




472





155



}  // namespace Botan::TLS
























    

  • 

    •