(self, cert_request)
| 665 | #********************************************************* |
| 666 | |
| 667 | def _handle_pha(self, cert_request): |
| 668 | cert, p_key = self._client_keypair |
| 669 | |
| 670 | handshake_context = self._first_handshake_hashes.copy() |
| 671 | handshake_context.update(cert_request.write()) |
| 672 | |
| 673 | prf_name = 'sha256' |
| 674 | prf_size = 32 |
| 675 | if self.session.cipherSuite in CipherSuite.sha384PrfSuites: |
| 676 | prf_name = 'sha384' |
| 677 | prf_size = 48 |
| 678 | |
| 679 | msgs = [] |
| 680 | msgs.append(Certificate(CertificateType.x509, self.version) |
| 681 | .create(cert, cert_request.certificate_request_context)) |
| 682 | handshake_context.update(msgs[0].write()) |
| 683 | if cert.x509List and p_key: |
| 684 | # sign the CertificateVerify only when we have a private key to do |
| 685 | # that |
| 686 | valid_sig_algs = cert_request.supported_signature_algs |
| 687 | if not valid_sig_algs: |
| 688 | for result in self._sendError( |
| 689 | AlertDescription.missing_extension, |
| 690 | "No signature algorithms found in CertificateRequest"): |
| 691 | yield result |
| 692 | avail_sig_algs = self._sigHashesToList(HandshakeSettings(), p_key, |
| 693 | cert, version=(3, 4)) |
| 694 | sig_scheme = getFirstMatching(avail_sig_algs, valid_sig_algs) |
| 695 | scheme = SignatureScheme.toRepr(sig_scheme) |
| 696 | sig_scheme = getattr(SignatureScheme, scheme) |
| 697 | |
| 698 | signature_context = \ |
| 699 | KeyExchange.calcVerifyBytes((3, 4), |
| 700 | handshake_context, |
| 701 | sig_scheme, None, None, None, |
| 702 | prf_name, b'client') |
| 703 | |
| 704 | if sig_scheme in (SignatureScheme.ed25519, SignatureScheme.ed448): |
| 705 | pad_type = None |
| 706 | hash_name = "intrinsic" |
| 707 | salt_len = None |
| 708 | sig_func = p_key.hashAndSign |
| 709 | ver_func = p_key.hashAndVerify |
| 710 | elif sig_scheme[1] == SignatureAlgorithm.ecdsa: |
| 711 | pad_type = None |
| 712 | hash_name = HashAlgorithm.toRepr(sig_scheme[0]) |
| 713 | salt_len = None |
| 714 | sig_func = p_key.sign |
| 715 | ver_func = p_key.verify |
| 716 | else: |
| 717 | pad_type = SignatureScheme.getPadding(scheme) |
| 718 | hash_name = SignatureScheme.getHash(scheme) |
| 719 | salt_len = getattr(hashlib, hash_name)().digest_size |
| 720 | sig_func = p_key.sign |
| 721 | ver_func = p_key.verify |
| 722 | |
| 723 | signature = sig_func(signature_context, |
| 724 | pad_type, |
no test coverage detected