5587103969

Committed 18 Jul 2023 12:36PM UTC coverage: 91.691% (-0.06%) from 91.749%

Build # 5587103969

Build Type

push

github

Committed by

randombit

Commit Message

Merge GH #3622 Extend Credentials_Manager to support TLS 1.3 PSK

Run Details

78319 of 85416 relevant lines covered (91.69%)

12316990.45 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

70.45

/src/lib/tls/credentials_manager.cpp

/*
* Credentials Manager
* (C) 2011,2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/credentials_manager.h>

#include <botan/pkix_types.h>
#include <botan/internal/fmt.h>

namespace Botan {

std::string Credentials_Manager::psk_identity_hint(const std::string& /*unused*/, const std::string& /*unused*/) {
   return "";
}

std::string Credentials_Manager::psk_identity(const std::string& /*unused*/,
                                              const std::string& /*unused*/,
                                              const std::string& /*unused*/) {
   return "";
}

SymmetricKey Credentials_Manager::psk(const std::string& type,
                                      const std::string& context,
                                      const std::string& identity) {
   auto side = [&] {
      if(type == "tls-client") {
         return TLS::Connection_Side::Client;
      } else if(type == "tls-server") {
         return TLS::Connection_Side::Server;
      } else {
         throw Internal_Error(fmt("No PSK set for type {}", type));
      }
   }();

   // New applications should use the appropriate credentials methods. This is a
   // retrofit of the behaviour before Botan 3.2.0 and will be removed in a
   // future major release.
   //
   // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")`
   if(side == TLS::Connection_Side::Server && context == "session-ticket") {
      if(auto key = session_ticket_key(); !key.empty()) {
         return SymmetricKey(std::move(key));
      }
   } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {
      if(auto key = dtls_cookie_secret(); !key.empty()) {
         return SymmetricKey(std::move(key));
      }
   } else /* context is a host name */ {
      // Assuming that find_preshared_keys returns _exactly_ one or no keys when
      // searching for a single specific identity.
      if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {
         return SymmetricKey(psks.front().extract_master_secret());
      }
   }

   throw Internal_Error(fmt("No PSK set for identity {}", identity));
}

std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,
                                                                       TLS::Connection_Side /* whoami */,
                                                                       const std::vector<std::string>& /* identities */,
                                                                       const std::optional<std::string>& /* prf */) {
   return {};
}

std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,
                                                                          TLS::Connection_Side whoami,
                                                                          const std::vector<std::string>& identities,
                                                                          const std::optional<std::string>& prf) {
   auto psks = find_preshared_keys(host, whoami, identities, prf);
   if(psks.empty()) {
      return std::nullopt;
   } else {
      return std::move(psks.front());
   }
}

std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(
   const std::vector<std::string>& key_types,
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
   const std::vector<X509_DN>& /*unused*/,
   const std::string& type,
   const std::string& context) {
   return cert_chain(key_types, cert_signature_schemes, type, context);
}

std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /*unused*/,
                                                              const std::vector<AlgorithmIdentifier>& /*unused*/,
                                                              const std::string& /*unused*/,
                                                              const std::string& /*unused*/) {
   return std::vector<X509_Certificate>();
}

std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
   const std::string& cert_key_type,
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
   const std::string& type,
   const std::string& context) {
   return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);
}

std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /*unused*/,
                                                                  const std::string& /*unused*/,
                                                                  const std::string& /*unused*/) {
   return std::shared_ptr<Private_Key>();
}

secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {
   return {};
}

secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {
   return {};
}

std::vector<Certificate_Store*> Credentials_Manager::trusted_certificate_authorities(const std::string& /*unused*/,
                                                                                     const std::string& /*unused*/) {
   return std::vector<Certificate_Store*>();
}

}  // namespace Botan

1	/*
2	* Credentials Manager
3	* (C) 2011,2012 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/credentials_manager.h>
9
10	#include <botan/pkix_types.h>
11	#include <botan/internal/fmt.h>
12
13	namespace Botan {
14
15	std::string Credentials_Manager::psk_identity_hint(const std::string& /unused/, const std::string& /unused/) {	19✔
16	return "";	19✔
17	}
18
19	std::string Credentials_Manager::psk_identity(const std::string& /unused/,	18✔
20	const std::string& /unused/,
21	const std::string& /unused/) {
22	return "";	18✔
23	}
24
25	SymmetricKey Credentials_Manager::psk(const std::string& type,	2,542✔
26	const std::string& context,
27	const std::string& identity) {
28	auto side = [&] {	5,084✔
29	if(type == "tls-client") {	2,542✔
30	return TLS::Connection_Side::Client;
31	} else if(type == "tls-server") {	2,477✔
32	return TLS::Connection_Side::Server;
33	} else {
34	throw Internal_Error(fmt("No PSK set for type {}", type));	×
35	}
36	}();	2,542✔
37
38	// New applications should use the appropriate credentials methods. This is a
39	// retrofit of the behaviour before Botan 3.2.0 and will be removed in a
40	// future major release.
41	//
42	// TODO: deprecate `psk("...", "session-ticket" \| "dtls-cookie-secret")`
43	if(side == TLS::Connection_Side::Server && context == "session-ticket") {	2,542✔
44	if(auto key = session_ticket_key(); !key.empty()) {	1,700✔
45	return SymmetricKey(std::move(key));	1,695✔
46	}	1,700✔
47	} else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {	842✔
48	if(auto key = dtls_cookie_secret(); !key.empty()) {	734✔
49	return SymmetricKey(std::move(key));	734✔
50	}	734✔
51	} else /* context is a host name */ {
52	// Assuming that find_preshared_keys returns _exactly_ one or no keys when
53	// searching for a single specific identity.
54	if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {	432✔
55	return SymmetricKey(psks.front().extract_master_secret());	108✔
56	}	108✔
57	}
58
59	throw Internal_Error(fmt("No PSK set for identity {}", identity));	10✔
60	}
61
62	std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,	×
63	TLS::Connection_Side /* whoami */,
64	const std::vector<std::string>& /* identities */,
65	const std::optional<std::string>& /* prf */) {
66	return {};	×
67	}
68
69	std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,	×
70	TLS::Connection_Side whoami,
71	const std::vector<std::string>& identities,
72	const std::optional<std::string>& prf) {
73	auto psks = find_preshared_keys(host, whoami, identities, prf);	×
74	if(psks.empty()) {	×
75	return std::nullopt;	×
76	} else {
77	return std::move(psks.front());	×
78	}
79	}	×
80
81	std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(	2,016✔
82	const std::vector<std::string>& key_types,
83	const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
84	const std::vector<X509_DN>& /unused/,
85	const std::string& type,
86	const std::string& context) {
87	return cert_chain(key_types, cert_signature_schemes, type, context);	2,016✔
88	}
89
90	std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /unused/,	12✔
91	const std::vector<AlgorithmIdentifier>& /unused/,
92	const std::string& /unused/,
93	const std::string& /unused/) {
94	return std::vector<X509_Certificate>();	12✔
95	}
96
97	std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(	2,077✔
98	const std::string& cert_key_type,
99	const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
100	const std::string& type,
101	const std::string& context) {
102	return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);	6,233✔
103	}
104
105	std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /unused/,	×
106	const std::string& /unused/,
107	const std::string& /unused/) {
108	return std::shared_ptr<Private_Key>();	×
109	}
110
111	secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {	5✔
112	return {};	5✔
113	}
114
115	secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {	×
116	return {};	×
117	}
118
119	std::vector<Certificate_Store> Credentials_Manager::trusted_certificate_authorities(const std::string& /unused*/,	1,934✔
120	const std::string& /unused/) {
121	return std::vector<Certificate_Store*>();	1,934✔
122	}
123
124	} // namespace Botan

randombit / botan / 5587103969

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous