19012754211

Committed 02 Nov 2025 01:10PM UTC coverage: 90.677% (+0.006%) from 90.671%

Build # 19012754211

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5137 from randombit/jack/clang-tidy-includes

Remove various unused includes flagged by clang-tidy misc-include-cleaner

Run Details

100457 of 110786 relevant lines covered (90.68%)

12189873.8 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

85.98

/src/cli/tls_utils.cpp

/*
* (C) 2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "cli.h"

#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)

   #include <botan/hex.h>
   #include <botan/tls_messages.h>
   #include <botan/tls_version.h>
   #include <botan/internal/fmt.h>
   #include <botan/internal/loadstor.h>
   #include <botan/internal/stl_util.h>
   #include <sstream>

   #include "tls_helpers.h"

namespace Botan_CLI {

class TLS_Ciphersuites final : public Command {
   public:
      TLS_Ciphersuites() : Command("tls_ciphers --policy=default --version=tls1.2") {}

      static Botan::TLS::Protocol_Version tls_version_from_str(const std::string& str) {
         if(str == "tls1.2" || str == "TLS1.2" || str == "TLS-1.2") {
            return Botan::TLS::Protocol_Version::TLS_V12;
         }
         if(str == "dtls1.2" || str == "DTLS1.2" || str == "DTLS-1.2") {
            return Botan::TLS::Protocol_Version::DTLS_V12;
         } else {
            throw CLI_Error("Unknown TLS version '" + str + "'");
         }
      }

      std::string group() const override { return "tls"; }

      std::string description() const override { return "Lists all ciphersuites for a policy and TLS version"; }

      void go() override {
         const std::string policy_type = get_arg("policy");
         const Botan::TLS::Protocol_Version version = tls_version_from_str(get_arg("version"));

         auto policy = load_tls_policy(policy_type);

         if(!policy->acceptable_protocol_version(version)) {
            error_output() << "Error: the policy specified does not allow the given TLS version\n";
            return;
         }

         for(uint16_t suite_id : policy->ciphersuite_list(version)) {
            const auto s = Botan::TLS::Ciphersuite::by_id(suite_id);
            output() << ((s) ? s->to_string() : "unknown cipher suite") << "\n";
         }
      }
};

BOTAN_REGISTER_COMMAND("tls_ciphers", TLS_Ciphersuites);

   #if defined(BOTAN_HAS_TLS_13)

class TLS_Client_Hello_Reader final : public Command {
   public:
      TLS_Client_Hello_Reader() : Command("tls_client_hello --hex input") {}

      std::string group() const override { return "tls"; }

      std::string description() const override { return "Parse a TLS client hello message"; }

      void go() override {
         const std::string input_file = get_arg("input");
         std::vector<uint8_t> input;

         if(flag_set("hex")) {
            input = Botan::hex_decode(slurp_file_as_str(input_file));
         } else {
            input = slurp_file(input_file);
         }

         if(input.size() < 45) {
            error_output() << "Input too short to be valid\n";
            return;
         }

         // Input also contains the record layer header, strip it
         if(input[0] == 22) {
            const size_t len = Botan::make_uint16(input[3], input[4]);

            if(input.size() != len + 5) {
               error_output() << "Record layer length invalid\n";
               return;
            }

            input = std::vector<uint8_t>(input.begin() + 5, input.end());
         }

         // Assume the handshake header is there, strip it
         if(input[0] == 1) {
            const size_t hs_len = Botan::make_uint32(0, input[1], input[2], input[3]);

            if(input.size() != hs_len + 4) {
               error_output() << "Handshake layer length invalid\n";
               return;
            }

            input = std::vector<uint8_t>(input.begin() + 4, input.end());
         }

         try {
            auto hello = Botan::TLS::Client_Hello_13::parse(input);

            output() << format_hello(hello);
         } catch(std::exception& e) {
            error_output() << "Parsing client hello failed: " << e.what() << "\n";
         }
      }

   private:
      static std::string format_hello(
         const std::variant<Botan::TLS::Client_Hello_13, Botan::TLS::Client_Hello_12>& hello) {
         std::ostringstream oss;

         const auto* hello_base =
            std::visit([](const auto& ch) -> const Botan::TLS::Client_Hello* { return &ch; }, hello);

         const std::string version = std::visit(Botan::overloaded{
                                                   [](const Botan::TLS::Client_Hello_12&) { return "1.2"; },
                                                   [](const Botan::TLS::Client_Hello_13&) { return "1.3"; },
                                                },
                                                hello);

         oss << "Version: " << version << "\n"
             << "Random: " << Botan::hex_encode(hello_base->random()) << "\n";

         if(!hello_base->session_id().empty()) {
            oss << "SessionID: " << Botan::hex_encode(hello_base->session_id().get()) << "\n";
         }
         for(uint16_t csuite_id : hello_base->ciphersuites()) {
            const auto csuite = Botan::TLS::Ciphersuite::by_id(csuite_id);
            if(csuite && csuite->valid()) {
               oss << "Cipher: " << csuite->to_string() << "\n";
            } else if(csuite_id == 0x00FF) {
               oss << "Cipher: EMPTY_RENEGOTIATION_INFO_SCSV\n";
            } else {
               oss << "Cipher: Unknown (" << std::hex << csuite_id << ")\n";
            }
         }

         oss << "Supported signature schemes: ";

         if(hello_base->signature_schemes().empty()) {
            oss << "Did not send signature_algorithms extension\n";
         } else {
            for(Botan::TLS::Signature_Scheme scheme : hello_base->signature_schemes()) {
               try {
                  auto s = scheme.to_string();
                  oss << s << " ";
               } catch(...) {
                  oss << "(" << std::hex << static_cast<unsigned int>(scheme.wire_code()) << ") ";
               }
            }
            oss << "\n";
         }

         if(auto* sg = hello_base->extensions().get<Botan::TLS::Supported_Groups>()) {
            oss << "Supported Groups: ";
            for(const auto group : sg->groups()) {
               oss << group.to_string().value_or(Botan::fmt("Unknown group: {}", group.wire_code())) << " ";
            }
            oss << "\n";
         }

         std::map<std::string, bool> hello_flags;
         hello_flags["ALPN"] = hello_base->supports_alpn();

         std::visit(Botan::overloaded{
                       [&](const Botan::TLS::Client_Hello_12& ch12) {
                          hello_flags["Encrypt Then Mac"] = ch12.supports_encrypt_then_mac();
                          hello_flags["Extended Master Secret"] = ch12.supports_extended_master_secret();
                          hello_flags["Session Ticket"] = ch12.supports_session_ticket();
                       },
                       [&](const Botan::TLS::Client_Hello_13& ch13) {
                          if(auto* ks = ch13.extensions().get<Botan::TLS::Key_Share>()) {
                             oss << "Key Shares: ";
                             for(const auto group : ks->offered_groups()) {
                                oss << group.to_string().value_or(Botan::fmt("Unknown group: {}", group.wire_code()))
                                    << " ";
                             }
                             oss << "\n";
                          }
                       },
                    },
                    hello);

         for(auto&& i : hello_flags) {
            oss << "Supports " << i.first << "? " << (i.second ? "yes" : "no") << "\n";
         }

         return oss.str();
      }
};

BOTAN_REGISTER_COMMAND("tls_client_hello", TLS_Client_Hello_Reader);

   #endif

}  // namespace Botan_CLI

#endif

1	/*
2	* (C) 2016 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "cli.h"
8
9	#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
10
11	#include <botan/hex.h>
12	#include <botan/tls_messages.h>
13	#include <botan/tls_version.h>
14	#include <botan/internal/fmt.h>
15	#include <botan/internal/loadstor.h>
16	#include <botan/internal/stl_util.h>
17	#include <sstream>
18
19	#include "tls_helpers.h"
20
21	namespace Botan_CLI {
22
23	class TLS_Ciphersuites final : public Command {
24	public:
25	TLS_Ciphersuites() : Command("tls_ciphers --policy=default --version=tls1.2") {}	12✔
26
27	static Botan::TLS::Protocol_Version tls_version_from_str(const std::string& str) {	5✔
28	if(str == "tls1.2" \|\| str == "TLS1.2" \|\| str == "TLS-1.2") {	5✔
29	return Botan::TLS::Protocol_Version::TLS_V12;	5✔
30	}
31	if(str == "dtls1.2" \|\| str == "DTLS1.2" \|\| str == "DTLS-1.2") {	×
32	return Botan::TLS::Protocol_Version::DTLS_V12;	×
33	} else {
34	throw CLI_Error("Unknown TLS version '" + str + "'");	×
35	}
36	}
37
38	std::string group() const override { return "tls"; }	1✔
39
40	std::string description() const override { return "Lists all ciphersuites for a policy and TLS version"; }	1✔
41
42	void go() override {	5✔
43	const std::string policy_type = get_arg("policy");	5✔
44	const Botan::TLS::Protocol_Version version = tls_version_from_str(get_arg("version"));	10✔
45
46	auto policy = load_tls_policy(policy_type);	5✔
47
48	if(!policy->acceptable_protocol_version(version)) {	5✔
49	error_output() << "Error: the policy specified does not allow the given TLS version\n";	×
50	return;	×
51	}
52
53	for(uint16_t suite_id : policy->ciphersuite_list(version)) {	119✔
54	const auto s = Botan::TLS::Ciphersuite::by_id(suite_id);	114✔
55	output() << ((s) ? s->to_string() : "unknown cipher suite") << "\n";	456✔
56	}	5✔
57	}	5✔
58	};
59
60	BOTAN_REGISTER_COMMAND("tls_ciphers", TLS_Ciphersuites);	6✔
61
62	#if defined(BOTAN_HAS_TLS_13)
63
64	class TLS_Client_Hello_Reader final : public Command {
65	public:
66	TLS_Client_Hello_Reader() : Command("tls_client_hello --hex input") {}	6✔
67
68	std::string group() const override { return "tls"; }	1✔
69
70	std::string description() const override { return "Parse a TLS client hello message"; }	1✔
71
72	void go() override {	2✔
73	const std::string input_file = get_arg("input");	2✔
74	std::vector<uint8_t> input;	2✔
75
76	if(flag_set("hex")) {	2✔
77	input = Botan::hex_decode(slurp_file_as_str(input_file));	4✔
78	} else {
79	input = slurp_file(input_file);	×
80	}
81
82	if(input.size() < 45) {	2✔
83	error_output() << "Input too short to be valid\n";	×
84	return;
85	}
86
87	// Input also contains the record layer header, strip it
88	if(input[0] == 22) {	2✔
89	const size_t len = Botan::make_uint16(input[3], input[4]);	2✔
90
91	if(input.size() != len + 5) {	2✔
92	error_output() << "Record layer length invalid\n";	×
93	return;
94	}
95
96	input = std::vector<uint8_t>(input.begin() + 5, input.end());	4✔
97	}
98
99	// Assume the handshake header is there, strip it
100	if(input[0] == 1) {	2✔
101	const size_t hs_len = Botan::make_uint32(0, input[1], input[2], input[3]);	2✔
102
103	if(input.size() != hs_len + 4) {	2✔
104	error_output() << "Handshake layer length invalid\n";	×
105	return;
106	}
107
108	input = std::vector<uint8_t>(input.begin() + 4, input.end());	4✔
109	}
110
111	try {	2✔
112	auto hello = Botan::TLS::Client_Hello_13::parse(input);	2✔
113
114	output() << format_hello(hello);	4✔
115	} catch(std::exception& e) {	2✔
116	error_output() << "Parsing client hello failed: " << e.what() << "\n";	×
117	}	×
118	}	2✔
119
120	private:
121	static std::string format_hello(	2✔
122	const std::variant<Botan::TLS::Client_Hello_13, Botan::TLS::Client_Hello_12>& hello) {
123	std::ostringstream oss;	2✔
124
125	const auto* hello_base =	2✔
126	std::visit([](const auto& ch) -> const Botan::TLS::Client_Hello* { return &ch; }, hello);	2✔
127
128	const std::string version = std::visit(Botan::overloaded{	4✔
129	[](const Botan::TLS::Client_Hello_12&) { return "1.2"; },	1✔
130	[](const Botan::TLS::Client_Hello_13&) { return "1.3"; },
131	},
132	hello);	3✔
133
134	oss << "Version: " << version << "\n"	2✔
135	<< "Random: " << Botan::hex_encode(hello_base->random()) << "\n";	2✔
136
137	if(!hello_base->session_id().empty()) {	2✔
138	oss << "SessionID: " << Botan::hex_encode(hello_base->session_id().get()) << "\n";	2✔
139	}
140	for(uint16_t csuite_id : hello_base->ciphersuites()) {	43✔
141	const auto csuite = Botan::TLS::Ciphersuite::by_id(csuite_id);	41✔
142	if(csuite && csuite->valid()) {	41✔
143	oss << "Cipher: " << csuite->to_string() << "\n";	111✔
144	} else if(csuite_id == 0x00FF) {	4✔
145	oss << "Cipher: EMPTY_RENEGOTIATION_INFO_SCSV\n";	×
146	} else {
147	oss << "Cipher: Unknown (" << std::hex << csuite_id << ")\n";	4✔
148	}
149	}
150
151	oss << "Supported signature schemes: ";	2✔
152
153	if(hello_base->signature_schemes().empty()) {	2✔
154	oss << "Did not send signature_algorithms extension\n";	×
155	} else {
156	for(Botan::TLS::Signature_Scheme scheme : hello_base->signature_schemes()) {	20✔
157	try {	18✔
158	auto s = scheme.to_string();	18✔
159	oss << s << " ";	18✔
160	} catch(...) {	18✔
161	oss << "(" << std::hex << static_cast<unsigned int>(scheme.wire_code()) << ") ";	×
162	}	×
163	}	2✔
164	oss << "\n";	2✔
165	}
166
167	if(auto* sg = hello_base->extensions().get<Botan::TLS::Supported_Groups>()) {	2✔
168	oss << "Supported Groups: ";	2✔
169	for(const auto group : sg->groups()) {	26✔
170	oss << group.to_string().value_or(Botan::fmt("Unknown group: {}", group.wire_code())) << " ";	96✔
171	}
172	oss << "\n";	2✔
173	}
174
175	std::map<std::string, bool> hello_flags;	2✔
176	hello_flags["ALPN"] = hello_base->supports_alpn();	2✔
177
178	std::visit(Botan::overloaded{	2✔
179	[&](const Botan::TLS::Client_Hello_12& ch12) {	1✔
180	hello_flags["Encrypt Then Mac"] = ch12.supports_encrypt_then_mac();	1✔
181	hello_flags["Extended Master Secret"] = ch12.supports_extended_master_secret();	1✔
182	hello_flags["Session Ticket"] = ch12.supports_session_ticket();	1✔
183	},	1✔
184	[&](const Botan::TLS::Client_Hello_13& ch13) {	1✔
185	if(auto* ks = ch13.extensions().get<Botan::TLS::Key_Share>()) {	1✔
186	oss << "Key Shares: ";	1✔
187	for(const auto group : ks->offered_groups()) {	2✔
188	oss << group.to_string().value_or(Botan::fmt("Unknown group: {}", group.wire_code()))	4✔
189	<< " ";	2✔
190	}	1✔
191	oss << "\n";	1✔
192	}
193	},	1✔
194	},
195	hello);
196
197	for(auto&& i : hello_flags) {	7✔
198	oss << "Supports " << i.first << "? " << (i.second ? "yes" : "no") << "\n";	7✔
199	}
200
201	return oss.str();	4✔
202	}	2✔
203	};
204
205	BOTAN_REGISTER_COMMAND("tls_client_hello", TLS_Client_Hello_Reader);	3✔
206
207	#endif
208
209	} // namespace Botan_CLI
210
211	#endif

randombit / botan / 19012754211

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous