21848380424

Committed 10 Feb 2026 01:47AM UTC coverage: 91.634% (+1.6%) from 90.069%

Build # 21848380424

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5296 from randombit/jack/tls-header-patrol

Various changes to reduce header dependencies in TLS

Run Details

104002 of 113497 relevant lines covered (91.63%)

11230277.53 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

82.0

/src/lib/tls/credentials_manager.cpp

/*
* Credentials Manager
* (C) 2011,2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/credentials_manager.h>

#include <botan/pkix_types.h>
#include <botan/tls_external_psk.h>
#include <botan/x509cert.h>
#include <botan/internal/fmt.h>

namespace Botan {

std::string Credentials_Manager::psk_identity_hint(const std::string& /*unused*/, const std::string& /*unused*/) {
   return "";
}

std::string Credentials_Manager::psk_identity(const std::string& /*unused*/,
                                              const std::string& /*unused*/,
                                              const std::string& /*unused*/) {
   return "";
}

SymmetricKey Credentials_Manager::psk(const std::string& type,
                                      const std::string& context,
                                      const std::string& identity) {
   auto side = [&] {
      if(type == "tls-client") {
         return TLS::Connection_Side::Client;
      } else if(type == "tls-server") {
         return TLS::Connection_Side::Server;
      } else {
         throw Internal_Error(fmt("No PSK set for type {}", type));
      }
   }();

   // New applications should use the appropriate credentials methods. This is a
   // retrofit of the behaviour before Botan 3.2.0 and will be removed in a
   // future major release.
   //
   // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")`
   if(side == TLS::Connection_Side::Server && context == "session-ticket") {
      if(auto key = session_ticket_key(); !key.empty()) {
         return SymmetricKey(std::move(key));
      }
   } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {
      if(auto key = dtls_cookie_secret(); !key.empty()) {
         return SymmetricKey(std::move(key));
      }
   } else /* context is a host name */ {
      // Assuming that find_preshared_keys returns _exactly_ one or no keys when
      // searching for a single specific identity.
      if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {
         return SymmetricKey(psks.front().extract_master_secret());
      }
   }

   throw Internal_Error(fmt("No PSK set for identity {}", identity));
}

std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,
                                                                       TLS::Connection_Side /* whoami */,
                                                                       const std::vector<std::string>& /* identities */,
                                                                       const std::optional<std::string>& /* prf */) {
   return {};
}

std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,
                                                                          TLS::Connection_Side whoami,
                                                                          const std::vector<std::string>& identities,
                                                                          const std::optional<std::string>& prf) {
   auto psks = find_preshared_keys(host, whoami, identities, prf);
   if(psks.empty()) {
      return std::nullopt;
   } else {
      return std::move(psks.front());
   }
}

std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(
   const std::vector<std::string>& key_types,
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
   const std::vector<X509_DN>& /*unused*/,
   const std::string& type,
   const std::string& context) {
   return cert_chain(key_types, cert_signature_schemes, type, context);
}

std::shared_ptr<Public_Key> Credentials_Manager::find_raw_public_key(const std::vector<std::string>& /* key_types */,
                                                                     const std::string& /* type */,
                                                                     const std::string& /* context */) {
   return nullptr;
}

std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /*unused*/,
                                                              const std::vector<AlgorithmIdentifier>& /*unused*/,
                                                              const std::string& /*unused*/,
                                                              const std::string& /*unused*/) {
   return std::vector<X509_Certificate>();
}

std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
   const std::string& cert_key_type,
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
   const std::string& type,
   const std::string& context) {
   return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);
}

std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /*unused*/,
                                                                  const std::string& /*unused*/,
                                                                  const std::string& /*unused*/) {
   return nullptr;
}

std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const Public_Key& /* raw_public_key */,
                                                                  const std::string& /* type */,
                                                                  const std::string& /* context */) {
   return nullptr;
}

secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {
   return {};
}

secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {
   return {};
}

std::vector<Certificate_Store*> Credentials_Manager::trusted_certificate_authorities(const std::string& /*unused*/,
                                                                                     const std::string& /*unused*/) {
   return std::vector<Certificate_Store*>();
}

}  // namespace Botan

1	/*
2	* Credentials Manager
3	* (C) 2011,2012 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/credentials_manager.h>
9
10	#include <botan/pkix_types.h>
11	#include <botan/tls_external_psk.h>
12	#include <botan/x509cert.h>
13	#include <botan/internal/fmt.h>
14
15	namespace Botan {
16
17	std::string Credentials_Manager::psk_identity_hint(const std::string& /unused/, const std::string& /unused/) {	20✔
18	return "";	20✔
19	}
20
21	std::string Credentials_Manager::psk_identity(const std::string& /unused/,	19✔
22	const std::string& /unused/,
23	const std::string& /unused/) {
24	return "";	19✔
25	}
26
27	SymmetricKey Credentials_Manager::psk(const std::string& type,	2,723✔
28	const std::string& context,
29	const std::string& identity) {
30	auto side = [&] {	8,169✔
31	if(type == "tls-client") {	2,723✔
32	return TLS::Connection_Side::Client;
33	} else if(type == "tls-server") {	2,656✔
34	return TLS::Connection_Side::Server;
35	} else {
36	throw Internal_Error(fmt("No PSK set for type {}", type));	×
37	}
38	}();	2,723✔
39
40	// New applications should use the appropriate credentials methods. This is a
41	// retrofit of the behaviour before Botan 3.2.0 and will be removed in a
42	// future major release.
43	//
44	// TODO: deprecate `psk("...", "session-ticket" \| "dtls-cookie-secret")`
45	if(side == TLS::Connection_Side::Server && context == "session-ticket") {	2,723✔
46	if(auto key = session_ticket_key(); !key.empty()) {	1,825✔
47	return SymmetricKey(std::move(key));	1,820✔
48	}	1,825✔
49	} else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {	898✔
50	if(auto key = dtls_cookie_secret(); !key.empty()) {	786✔
51	return SymmetricKey(std::move(key));	786✔
52	}	786✔
53	} else /* context is a host name */ {
54	// Assuming that find_preshared_keys returns _exactly_ one or no keys when
55	// searching for a single specific identity.
56	if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {	336✔
57	return SymmetricKey(psks.front().extract_master_secret());	112✔
58	}	112✔
59	}
60
61	throw Internal_Error(fmt("No PSK set for identity {}", identity));	10✔
62	}	224✔
63
64	std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,	955✔
65	TLS::Connection_Side /* whoami */,
66	const std::vector<std::string>& /* identities */,
67	const std::optional<std::string>& /* prf */) {
68	return {};	955✔
69	}
70
71	std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,	4✔
72	TLS::Connection_Side whoami,
73	const std::vector<std::string>& identities,
74	const std::optional<std::string>& prf) {
75	auto psks = find_preshared_keys(host, whoami, identities, prf);	4✔
76	if(psks.empty()) {	4✔
77	return std::nullopt;	2✔
78	} else {
79	return std::move(psks.front());	2✔
80	}
81	}	4✔
82
83	std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(	1,658✔
84	const std::vector<std::string>& key_types,
85	const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
86	const std::vector<X509_DN>& /unused/,
87	const std::string& type,
88	const std::string& context) {
89	return cert_chain(key_types, cert_signature_schemes, type, context);	1,658✔
90	}
91
92	std::shared_ptr<Public_Key> Credentials_Manager::find_raw_public_key(const std::vector<std::string>& /* key_types */,	×
93	const std::string& /* type */,
94	const std::string& /* context */) {
95	return nullptr;	×
96	}
97
98	std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /unused/,	8✔
99	const std::vector<AlgorithmIdentifier>& /unused/,
100	const std::string& /unused/,
101	const std::string& /unused/) {
102	return std::vector<X509_Certificate>();	8✔
103	}
104
105	std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(	1,555✔
106	const std::string& cert_key_type,
107	const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
108	const std::string& type,
109	const std::string& context) {
110	return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);	4,667✔
111	}	3,110✔
112
113	std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /unused/,	×
114	const std::string& /unused/,
115	const std::string& /unused/) {
116	return nullptr;	×
117	}
118
119	std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const Public_Key& /* raw_public_key */,	×
120	const std::string& /* type */,
121	const std::string& /* context */) {
122	return nullptr;	×
123	}
124
125	secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {	5✔
126	return {};	5✔
127	}
128
129	secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {	×
130	return {};	×
131	}
132
133	std::vector<Certificate_Store> Credentials_Manager::trusted_certificate_authorities(const std::string& /unused*/,	270✔
134	const std::string& /unused/) {
135	return std::vector<Certificate_Store*>();	270✔
136	}
137
138	} // namespace Botan

randombit / botan / 21848380424

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous