21861369155

Committed 10 Feb 2026 01:47AM UTC coverage: 90.068% (-0.001%) from 90.069%

Build # 21861369155

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5296 from randombit/jack/tls-header-patrol

Various changes to reduce header dependencies in TLS

Run Details

102224 of 113497 relevant lines covered (90.07%)

11437996.84 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.62

/src/lib/tls/tls_session_manager_stateless.cpp

/**
 * TLS Stateless Session Manager for stateless servers
 * (C) 2023 Jack Lloyd
 *     2023 René Meusel - Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

#include <botan/tls_session_manager_stateless.h>

#include <botan/assert.h>
#include <botan/credentials_manager.h>
#include <botan/exceptn.h>
#include <botan/rng.h>
#include <botan/tls_session.h>

namespace Botan::TLS {

Session_Manager_Stateless::Session_Manager_Stateless(const std::shared_ptr<Credentials_Manager>& creds,
                                                     const std::shared_ptr<RandomNumberGenerator>& rng) :
      Session_Manager(rng), m_credentials_manager(creds) {
   BOTAN_ASSERT_NONNULL(m_credentials_manager);
}

std::vector<Session_with_Handle> Session_Manager_Stateless::find_some(const Server_Information& /*info*/,
                                                                      size_t /*max_sessions_hint*/) {
   return {};
}

std::optional<Session_Handle> Session_Manager_Stateless::establish(const Session& session,
                                                                   const std::optional<Session_ID>& /*session_id*/,
                                                                   bool tls12_no_ticket) {
   BOTAN_ASSERT(session.side() == Connection_Side::Server, "Client tried to establish a session");
   if(tls12_no_ticket) {
      return std::nullopt;
   }

   const auto key = get_ticket_key();
   if(!key.has_value()) {
      return std::nullopt;
   }

   return Session_Handle(Session_Ticket{session.encrypt(key.value(), *m_rng)});
}

void Session_Manager_Stateless::store(const Session& /*session*/, const Session_Handle& /*handle*/) {
   throw Invalid_Argument("A stateless Session Manager cannot store Sessions with their handle");
}

std::optional<Session> Session_Manager_Stateless::retrieve_one(const Session_Handle& handle) {
   auto ticket = handle.ticket();
   if(!ticket.has_value()) {
      return std::nullopt;
   }

   const auto key = get_ticket_key();
   if(!key.has_value()) {
      return std::nullopt;
   }

   try {
      return Session::decrypt(ticket.value(), key.value());
   } catch(const std::exception&) {
      // RFC 8446 4.2.11
      //    Any unknown PSKs (e.g., ones not in the PSK database or encrypted
      //    with an unknown key) SHOULD simply be ignored.
      return std::nullopt;
   }
}

bool Session_Manager_Stateless::emits_session_tickets() {
   return get_ticket_key().has_value();
}

std::optional<SymmetricKey> Session_Manager_Stateless::get_ticket_key() noexcept {
   try {
      auto key = m_credentials_manager->psk("tls-server", "session-ticket", "");
      if(key.empty()) {
         return std::nullopt;
      }
      return key;
   } catch(...) {
      return std::nullopt;
   }
}

}  // namespace Botan::TLS

1	/**
2	* TLS Stateless Session Manager for stateless servers
3	* (C) 2023 Jack Lloyd
4	* 2023 René Meusel - Rohde & Schwarz Cybersecurity
5	*
6	* Botan is released under the Simplified BSD License (see license.txt)
7	*/
8
9	#include <botan/tls_session_manager_stateless.h>
10
11	#include <botan/assert.h>
12	#include <botan/credentials_manager.h>
13	#include <botan/exceptn.h>
14	#include <botan/rng.h>
15	#include <botan/tls_session.h>
16
17	namespace Botan::TLS {
18
19	Session_Manager_Stateless::Session_Manager_Stateless(const std::shared_ptr<Credentials_Manager>& creds,	2,128✔
20	const std::shared_ptr<RandomNumberGenerator>& rng) :	2,128✔
21	Session_Manager(rng), m_credentials_manager(creds) {	2,128✔
22	BOTAN_ASSERT_NONNULL(m_credentials_manager);	2,128✔
23	}	2,128✔
24
25	std::vector<Session_with_Handle> Session_Manager_Stateless::find_some(const Server_Information& /info/,	1✔
26	size_t /max_sessions_hint/) {
27	return {};	1✔
28	}
29
30	std::optional<Session_Handle> Session_Manager_Stateless::establish(const Session& session,	910✔
31	const std::optional<Session_ID>& /session_id/,
32	bool tls12_no_ticket) {
33	BOTAN_ASSERT(session.side() == Connection_Side::Server, "Client tried to establish a session");	910✔
34	if(tls12_no_ticket) {	910✔
35	return std::nullopt;	1✔
36	}
37
38	const auto key = get_ticket_key();	909✔
39	if(!key.has_value()) {	909✔
40	return std::nullopt;	1✔
41	}
42
43	return Session_Handle(Session_Ticket{session.encrypt(key.value(), *m_rng)});	2,724✔
44	}	909✔
45
46	void Session_Manager_Stateless::store(const Session& /session/, const Session_Handle& /handle/) {	3✔
47	throw Invalid_Argument("A stateless Session Manager cannot store Sessions with their handle");	3✔
48	}
49
50	std::optional<Session> Session_Manager_Stateless::retrieve_one(const Session_Handle& handle) {	401✔
51	auto ticket = handle.ticket();	401✔
52	if(!ticket.has_value()) {	401✔
53	return std::nullopt;	77✔
54	}
55
56	const auto key = get_ticket_key();	324✔
57	if(!key.has_value()) {	324✔
58	return std::nullopt;	1✔
59	}
60
61	try {	323✔
62	return Session::decrypt(ticket.value(), key.value());	639✔
63	} catch(const std::exception&) {	7✔
64	// RFC 8446 4.2.11
65	// Any unknown PSKs (e.g., ones not in the PSK database or encrypted
66	// with an unknown key) SHOULD simply be ignored.
67	return std::nullopt;	7✔
68	}	7✔
69	}	725✔
70
71	bool Session_Manager_Stateless::emits_session_tickets() {	592✔
72	return get_ticket_key().has_value();	592✔
73	}
74
75	std::optional<SymmetricKey> Session_Manager_Stateless::get_ticket_key() noexcept {	1,825✔
76	try {	1,825✔
77	auto key = m_credentials_manager->psk("tls-server", "session-ticket", "");	3,650✔
78	if(key.empty()) {	1,820✔
79	return std::nullopt;	×
80	}
81	return key;	1,820✔
82	} catch(...) {	1,825✔
83	return std::nullopt;	5✔
84	}	5✔
85	}
86
87	} // namespace Botan::TLS

randombit / botan / 21861369155

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous