botan
botan copied to clipboard
[TLS 1.3] Client Authentication in the main Handshake
Pull Request Dependencies
Before merging this, we should first review merge:
- https://github.com/randombit/botan/pull/2968
- https://github.com/randombit/botan/pull/2922
Description
This implements:
- client authentication during the main handshake
- coalescing of multiple handshake messages (which is required for the RFC 8448 client auth test) into a single (encrypted) record
Post-handshake authentication is left for future work. Rationale: A server may always ask for client authentication during the handshake. Post-handshake auth can be disabled by the client, by not negotiating the "post_handshake_auth" extension in the Client Hello.
TODO
- ~We should explicitly support the "signature_algorithm_cert" extension~ The client can choose to not use this extension. Hence its support becomes crucial when implementing the server only.
This pull request introduces 1 alert when merging 348a5bbdd107b00915482dabc9516c9fe54fbe8f into 8976bf250a3e7c299a4b36485f0328a843f2627e - view on LGTM.com
new alerts:
- 1 for Comparison result is always the same
This pull request introduces 1 alert when merging c22912f94b5798e771b11f94ad27710a066ee30b into 8976bf250a3e7c299a4b36485f0328a843f2627e - view on LGTM.com
new alerts:
- 1 for Comparison result is always the same
This pull request introduces 1 alert when merging 3abfc13636bdc118e2eae62e5738c7256d7e6a54 into 45b74cc41d57d374c58dff4f1a5edccb7d17c362 - view on LGTM.com
new alerts:
- 1 for Comparison result is always the same
This pull request introduces 1 alert when merging 9549e06689ba5d59411120e70d267b378e986348 into bae64dea8a46cabfe9011bde903598a5c907f0c6 - view on LGTM.com
new alerts:
- 1 for Comparison result is always the same
This pull request introduces 1 alert when merging 3ed31d46b717dda42b1764f3d5cc075b1664c482 into bae64dea8a46cabfe9011bde903598a5c907f0c6 - view on LGTM.com
new alerts:
- 1 for Comparison result is always the same
This pull request introduces 1 alert when merging 86bacc1d299f4a9b0e5bef5a83395bee463f40a0 into bae64dea8a46cabfe9011bde903598a5c907f0c6 - view on LGTM.com
new alerts:
- 1 for Comparison result is always the same
Rebased and retargeted to master.
Codecov Report
Base: 92.57% // Head: 92.55% // Decreases project coverage by -0.01%
:warning:
Coverage data is based on head (
ffe1c30
) compared to base (987c7af
). Patch coverage: 92.68% of modified lines in pull request are covered.
Additional details and impacted files
@@ Coverage Diff @@
## master #2957 +/- ##
==========================================
- Coverage 92.57% 92.55% -0.02%
==========================================
Files 596 600 +4
Lines 69729 70073 +344
Branches 6613 6625 +12
==========================================
+ Hits 64552 64858 +306
- Misses 5144 5182 +38
Partials 33 33
Impacted Files | Coverage Δ | |
---|---|---|
src/lib/tls/tls_extensions.cpp | 91.40% <75.00%> (-0.68%) |
:arrow_down: |
src/lib/tls/tls13/msg_certificate_req_13.cpp | 80.00% <80.00%> (ø) |
|
src/tests/test_tls_rfc8448.cpp | 91.26% <92.20%> (+0.97%) |
:arrow_up: |
src/lib/tls/msg_cert_verify.cpp | 94.25% <93.54%> (-1.21%) |
:arrow_down: |
src/lib/tls/tls13/tls_client_impl_13.cpp | 92.50% <97.56%> (+1.14%) |
:arrow_up: |
src/bogo_shim/bogo_shim.cpp | 88.85% <100.00%> (+0.03%) |
:arrow_up: |
src/lib/tls/msg_cert_req.cpp | 89.85% <100.00%> (ø) |
|
src/lib/tls/tls12/tls_client_impl_12.cpp | 91.54% <100.00%> (ø) |
|
src/lib/tls/tls12/tls_handshake_state.cpp | 86.13% <100.00%> (ø) |
|
src/lib/tls/tls12/tls_server_impl_12.cpp | 88.41% <100.00%> (ø) |
|
... and 44 more |
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.