5587580523

Committed 18 Jul 2023 12:45PM UTC coverage: 91.72% (+0.03%) from 91.691%

Build # 5587580523

Build Type

Pull #3618

github

Committed by

web-flow

Commit Message

Merge b6d23d19e into 65b754862

Pull Request Pull Request #3618: [TLS 1.3] PSK Support

Run Details

78438 of 85519 relevant lines covered (91.72%)

12184016.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

88.64

/src/lib/tls/credentials_manager.cpp

/*
* Credentials Manager
* (C) 2011,2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/credentials_manager.h>

#include <botan/pkix_types.h>
#include <botan/internal/fmt.h>
#include <botan/internal/stl_util.h>

namespace Botan {

std::string Credentials_Manager::psk_identity_hint(const std::string& /*unused*/, const std::string& /*unused*/) {
   return "";
}

std::string Credentials_Manager::psk_identity(const std::string& /*unused*/,
                                              const std::string& /*unused*/,
                                              const std::string& /*unused*/) {
   return "";
}

SymmetricKey Credentials_Manager::psk(const std::string& type,
                                      const std::string& context,
                                      const std::string& identity) {
   auto side = [&] {
      if(type == "tls-client") {
         return TLS::Connection_Side::Client;
      } else if(type == "tls-server") {
         return TLS::Connection_Side::Server;
      } else {
         throw Internal_Error(fmt("No PSK set for type {}", type));
      }
   }();

   // New applications should use the appropriate credentials methods. This is a
   // retrofit of the behaviour before Botan 3.2.0 and will be removed in a
   // future major release.
   //
   // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")`
   if(side == TLS::Connection_Side::Server && context == "session-ticket") {
      if(auto key = session_ticket_key(); !key.empty()) {
         return SymmetricKey(std::move(key));
      }
   } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {
      if(auto key = dtls_cookie_secret(); !key.empty()) {
         return SymmetricKey(std::move(key));
      }
   } else /* context is a host name */ {
      // Assuming that find_preshared_keys returns _exactly_ one or no keys when
      // searching for a single specific identity.
      if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {
         return SymmetricKey(psks.front().extract_master_secret());
      }
   }

   throw Internal_Error(fmt("No PSK set for identity {}", identity));
}

std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,
                                                                       TLS::Connection_Side /* whoami */,
                                                                       const std::vector<std::string>& /* identities */,
                                                                       const std::optional<std::string>& /* prf */) {
   return {};
}

std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,
                                                                          TLS::Connection_Side whoami,
                                                                          const std::vector<std::string>& identities,
                                                                          const std::optional<std::string>& prf) {
   auto psks = find_preshared_keys(host, whoami, identities, prf);
   if(psks.empty()) {
      return std::nullopt;
   } else {
      return std::move(psks.front());
   }
}

std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(
   const std::vector<std::string>& key_types,
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
   const std::vector<X509_DN>& /*unused*/,
   const std::string& type,
   const std::string& context) {
   return cert_chain(key_types, cert_signature_schemes, type, context);
}

std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /*unused*/,
                                                              const std::vector<AlgorithmIdentifier>& /*unused*/,
                                                              const std::string& /*unused*/,
                                                              const std::string& /*unused*/) {
   return std::vector<X509_Certificate>();
}

std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
   const std::string& cert_key_type,
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
   const std::string& type,
   const std::string& context) {
   return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);
}

std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /*unused*/,
                                                                  const std::string& /*unused*/,
                                                                  const std::string& /*unused*/) {
   return std::shared_ptr<Private_Key>();
}

secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {
   return {};
}

secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {
   return {};
}

std::vector<Certificate_Store*> Credentials_Manager::trusted_certificate_authorities(const std::string& /*unused*/,
                                                                                     const std::string& /*unused*/) {
   return std::vector<Certificate_Store*>();
}

}  // namespace Botan

1	/*
2	* Credentials Manager
3	* (C) 2011,2012 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/credentials_manager.h>
9
10	#include <botan/pkix_types.h>
11	#include <botan/internal/fmt.h>
12	#include <botan/internal/stl_util.h>
13
14	namespace Botan {
15
16	std::string Credentials_Manager::psk_identity_hint(const std::string& /unused/, const std::string& /unused/) {	16✔
17	return "";	16✔
18	}
19
20	std::string Credentials_Manager::psk_identity(const std::string& /unused/,	15✔
21	const std::string& /unused/,
22	const std::string& /unused/) {
23	return "";	15✔
24	}
25
26	SymmetricKey Credentials_Manager::psk(const std::string& type,	2,592✔
27	const std::string& context,
28	const std::string& identity) {
29	auto side = [&] {	5,184✔
30	if(type == "tls-client") {	2,592✔
31	return TLS::Connection_Side::Client;
32	} else if(type == "tls-server") {	2,530✔
33	return TLS::Connection_Side::Server;
34	} else {
35	throw Internal_Error(fmt("No PSK set for type {}", type));	×
36	}
37	}();	2,592✔
38
39	// New applications should use the appropriate credentials methods. This is a
40	// retrofit of the behaviour before Botan 3.2.0 and will be removed in a
41	// future major release.
42	//
43	// TODO: deprecate `psk("...", "session-ticket" \| "dtls-cookie-secret")`
44	if(side == TLS::Connection_Side::Server && context == "session-ticket") {	2,592✔
45	if(auto key = session_ticket_key(); !key.empty()) {	1,756✔
46	return SymmetricKey(std::move(key));	1,751✔
47	}	1,756✔
48	} else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {	836✔
49	if(auto key = dtls_cookie_secret(); !key.empty()) {	734✔
50	return SymmetricKey(std::move(key));	734✔
51	}	734✔
52	} else /* context is a host name */ {
53	// Assuming that find_preshared_keys returns _exactly_ one or no keys when
54	// searching for a single specific identity.
55	if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {	408✔
56	return SymmetricKey(psks.front().extract_master_secret());	102✔
57	}	102✔
58	}
59
60	throw Internal_Error(fmt("No PSK set for identity {}", identity));	10✔
61	}
62
63	std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,	923✔
64	TLS::Connection_Side /* whoami */,
65	const std::vector<std::string>& /* identities */,
66	const std::optional<std::string>& /* prf */) {
67	return {};	923✔
68	}
69
70	std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,	3✔
71	TLS::Connection_Side whoami,
72	const std::vector<std::string>& identities,
73	const std::optional<std::string>& prf) {
74	auto psks = find_preshared_keys(host, whoami, identities, prf);	3✔
75	if(psks.empty()) {	3✔
76	return std::nullopt;	2✔
77	} else {
78	return std::move(psks.front());	1✔
79	}
80	}	3✔
81
82	std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(	2,016✔
83	const std::vector<std::string>& key_types,
84	const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
85	const std::vector<X509_DN>& /unused/,
86	const std::string& type,
87	const std::string& context) {
88	return cert_chain(key_types, cert_signature_schemes, type, context);	2,016✔
89	}
90
91	std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /unused/,	12✔
92	const std::vector<AlgorithmIdentifier>& /unused/,
93	const std::string& /unused/,
94	const std::string& /unused/) {
95	return std::vector<X509_Certificate>();	12✔
96	}
97
98	std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(	2,062✔
99	const std::string& cert_key_type,
100	const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
101	const std::string& type,
102	const std::string& context) {
103	return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);	6,188✔
104	}
105
106	std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /unused/,	×
107	const std::string& /unused/,
108	const std::string& /unused/) {
109	return std::shared_ptr<Private_Key>();	×
110	}
111
112	secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {	5✔
113	return {};	5✔
114	}
115
116	secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {	×
117	return {};	×
118	}
119
120	std::vector<Certificate_Store> Credentials_Manager::trusted_certificate_authorities(const std::string& /unused*/,	1,934✔
121	const std::string& /unused/) {
122	return std::vector<Certificate_Store*>();	1,934✔
123	}
124
125	} // namespace Botan

randombit / botan / 5587580523

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous