# Cryptography
CRYPTO_DEP = disabler()
botan = disabler()
-foreach dep : ['botan-2', 'botan']
+foreach dep : ['botan-3', 'botan']
botan = dependency(dep, required: false)
if botan.found()
- break
+ version = botan.version()
+ if version.version_compare('<3.4.0')
+ message(f'Rejecting too old Botan (@version@ < 3.4.0)')
+ botan = disabler()
+ else
+ break
+ endif
endif
endforeach
openssl = dependency('openssl', required: false)
expected += "No such file or directory";
#else
expected += "I/O error: DataSource: Failure opening file ";
-#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'";
-#else
- expected += "/this-file-does-not-exist";
-#endif
#endif
testInvalidConfig(patched, expected);
}
expected += "No such file or directory";
#else
expected += "I/O error: DataSource: Failure opening file ";
-#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'";
-#else
- expected += "/this-file-does-not-exist";
-#endif
#endif
testInvalidConfig(patched, expected);
}
expected += "No such file or directory";
#else
expected += "I/O error: DataSource: Failure opening file ";
-#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'";
-#else
- expected += "/this-file-does-not-exist";
-#endif
#endif
testInvalidConfig(patched, expected);
}
#include <botan/data_src.h>
#include <botan/pem.h>
#include <botan/pkcs8.h>
-#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h>
-#endif
using namespace isc::cryptolink;
// Certificate chain.
std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&,
-#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&,
-#endif
const std::string&,
const std::string&) override {
return (certs_);
}
// Private key.
-#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Private_Key>
-#else
- Botan::Private_Key*
-#endif
private_key_for(const Botan::X509_Certificate&,
const std::string&,
const std::string&) override {
-#if BOTAN_VERSION_MAJOR > 2
return (key_);
-#else
- return (key_.get());
-#endif
}
// Set the store from a path.
// Set the private key.
void setPrivateKey(const std::string& file,
-#if BOTAN_VERSION_MAJOR > 2
Botan::RandomNumberGenerator&,
-#else
- Botan::RandomNumberGenerator& rng,
-#endif
bool& is_rsa) {
-#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(file);
auto priv_key = Botan::PKCS8::load_key(source);
-#else
- auto priv_key = Botan::PKCS8::load_key(file, rng);
-#endif
if (!priv_key) {
isc_throw(Unexpected,
"Botan::PKCS8::load_key failed but not threw?");
}
-#if BOTAN_VERSION_MAJOR > 2
key_ = std::move(priv_key);
-#else
- key_.reset(priv_key);
-#endif
is_rsa = (key_->algo_name() == "RSA");
}
if (context_) {
return;
}
-#if BOTAN_VERSION_MAJOR > 2
context_.reset(new Botan::TLS::Context(cred_mgr_,
rng_,
sess_mgr_,
policy_));
-#else
- context_.reset(new Botan::TLS::Context(*cred_mgr_,
- *rng_,
- *sess_mgr_,
- *policy_));
-#endif
}
-#if BOTAN_VERSION_MAJOR > 2
+ // Get the context.
virtual std::shared_ptr<Botan::TLS::Context> get() {
return (context_);
}
-#else
- virtual Botan::TLS::Context& get() {
- return (*context_);
- }
-#endif
// Credentials Manager.
std::shared_ptr<KeaCredentialsManager> cred_mgr_;
: TlsContextBase(role), impl_(new TlsContextImpl()) {
}
-#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context>
TlsContext::getContext() {
impl_->build();
return (impl_->get());
}
-#else
-Botan::TLS::Context&
-TlsContext::getContext() {
- impl_->build();
- return (impl_->get());
-}
-#endif
void
TlsContext::setCertRequired(bool cert_required) {
/// @brief Translate TLS role into implementation.
inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) {
if (role == TlsRole::SERVER) {
-#if BOTAN_VERSION_MAJOR > 2
return (Botan::TLS::Connection_Side::Server);
-#else
- return (Botan::TLS::Connection_Side::SERVER);
-#endif
} else {
-#if BOTAN_VERSION_MAJOR > 2
return (Botan::TLS::Connection_Side::Client);
-#else
- return (Botan::TLS::Connection_Side::CLIENT);
-#endif
}
}
explicit TlsContext(TlsRole role);
/// @brief Return the underlying context.
-#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context> getContext();
-#else
- Botan::TLS::Context& getContext();
-#endif
/// @brief Get the peer certificate requirement mode.
///
#pragma GCC diagnostic ignored "-Wnon-virtual-dtor"
#endif
-/// MariaDB defines PROTOCOL_VERSION which is also in a Botan enum...
-
-#ifdef PROTOCOL_VERSION
-#define BOTAN_BACKUP_FOR_PROTOCOL_VERSION PROTOCOL_VERSION
-#undef PROTOCOL_VERSION
-#endif
-
-#include <botan/asio_error.h>
+#include <boost/beast/core/error.hpp>
#ifdef BOTAN_BACKUP_FOR_PROTOCOL_VERSION
#define PROTOCOL_VERSION BOTAN_BACKUP_FOR_PROTOCOL_VERSION
#include <botan/certstor_flatfile.h>
#include <botan/pkcs8.h>
#include <botan/auto_rng.h>
-#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h>
-#endif
inline std::string CA_(const std::string& filename) {
return (std::string(TEST_CA_DIR) + "/" + filename);
class Client_Credentials_Manager : public Botan::Credentials_Manager
{
public:
-#if BOTAN_VERSION_MAJOR > 2
explicit Client_Credentials_Manager()
-#else
- explicit Client_Credentials_Manager(Botan::RandomNumberGenerator& rng)
-#endif
: stores_(), certs_(),
store_(new Client_Certificate_Store(CA_("kea-ca.crt"))),
cert_(Botan::X509_Certificate(CA_("kea-client.crt"))),
key_()
{
-#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(CA_("kea-client.key"));
auto priv_key = Botan::PKCS8::load_key(source);
key_ = std::move(priv_key);
-#else
- auto priv_key = Botan::PKCS8::load_key(CA_("kea-client.key"), rng);
- key_.reset(priv_key);
-#endif
stores_.push_back(store_.get());
certs_.push_back(cert_);
}
std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&,
-#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&,
-#endif
const std::string&,
const std::string&) override
{
return certs_;
}
-#if BOTAN_VERSION_MAJOR > 2
- std::shared_ptr<Botan::Private_Key>
-#else
- Botan::Private_Key*
-#endif
+ std::shared_ptr<Botan::Private_Key>
private_key_for(const Botan::X509_Certificate&,
const std::string&,
const std::string&) override
{
-#if BOTAN_VERSION_MAJOR > 2
return (key_);
-#else
- return (key_.get());
-#endif
}
std::vector<Botan::Certificate_Store*> stores_;
class client
{
public:
- client(boost::asio::io_service& io_context,
-#if BOTAN_VERSION_MAJOR > 2
+ client(boost::asio::io_context& io_context,
std::shared_ptr<Botan::TLS::Context> context,
-#else
- Botan::TLS::Context& context,
-#endif
const tcp::endpoint& endpoint)
: socket_(io_context, context)
{
void handshake()
{
-#if BOTAN_VERSION_MAJOR > 2
socket_.async_handshake(Botan::TLS::Connection_Side::Client,
-#else
- socket_.async_handshake(Botan::TLS::Connection_Side::CLIENT,
-#endif
[this](const boost::system::error_code& error)
{
if (!error)
using namespace std; // For atoi.
tcp::endpoint endpoint(
boost::asio::ip::make_address(argv[1]), atoi(argv[2]));
-#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::AutoSeeded_RNG>
rng(new Botan::AutoSeeded_RNG());
std::shared_ptr<Client_Credentials_Manager>
policy(new Client_Policy());
std::shared_ptr<Botan::TLS::Context>
ctx(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy));
-#else
- Botan::AutoSeeded_RNG rng;
- Client_Credentials_Manager creds_mgr(rng);
- Client_Session_Manager sess_mgr;
- Client_Policy policy;
- Botan::TLS::Context ctx(creds_mgr, rng, sess_mgr, policy);
-#endif
client c(io_context, ctx, endpoint);
#include <botan/certstor_flatfile.h>
#include <botan/pkcs8.h>
#include <botan/auto_rng.h>
-#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h>
-#endif
inline std::string CA_(const std::string& filename) {
return (std::string(TEST_CA_DIR) + "/" + filename);
class Server_Credentials_Manager : public Botan::Credentials_Manager
{
public:
-#if BOTAN_VERSION_MAJOR > 2
explicit Server_Credentials_Manager()
-#else
- explicit Server_Credentials_Manager(Botan::RandomNumberGenerator& rng)
-#endif
: stores_(), certs_(),
store_(new Server_Certificate_Store(CA_("kea-ca.crt"))),
cert_(Botan::X509_Certificate(CA_("kea-server.crt"))),
key_()
{
-#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(CA_("kea-server.key"));
auto priv_key = Botan::PKCS8::load_key(source);
key_ = std::move(priv_key);
-#else
- auto priv_key = Botan::PKCS8::load_key(CA_("kea-server.key"), rng);
- key_.reset(priv_key);
-#endif
stores_.push_back(store_.get());
certs_.push_back(cert_);
}
std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&,
-#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&,
-#endif
const std::string&,
const std::string&) override
{
return certs_;
}
-#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Private_Key>
-#else
- Botan::Private_Key*
-#endif
private_key_for(const Botan::X509_Certificate&,
const std::string&,
const std::string&) override
{
-#if BOTAN_VERSION_MAJOR > 2
return (key_);
-#else
- return (key_.get());
-#endif
}
std::vector<Botan::Certificate_Store*> stores_;
class session : public std::enable_shared_from_this<session>
{
public:
-#if BOTAN_VERSION_MAJOR > 2
session(tcp::socket socket, std::shared_ptr<Botan::TLS::Context> ctx)
-#else
- session(tcp::socket socket, Botan::TLS::Context& ctx)
-#endif
: socket_(std::move(socket), ctx)
{
}
void do_handshake()
{
auto self(shared_from_this());
-#if BOTAN_VERSION_MAJOR > 2
socket_.async_handshake(Botan::TLS::Connection_Side::Server,
-#else
- socket_.async_handshake(Botan::TLS::Connection_Side::SERVER,
-#endif
[this, self](const boost::system::error_code& error)
{
if (!error)
public:
server(boost::asio::io_context& io_context,
unsigned short port,
-#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Credentials_Manager> creds_mgr,
std::shared_ptr<Botan::RandomNumberGenerator> rng,
std::shared_ptr<Botan::TLS::Session_Manager> sess_mgr,
std::shared_ptr<Botan::TLS::Policy> policy
-#else
- Botan::Credentials_Manager& creds_mgr,
- Botan::RandomNumberGenerator& rng,
- Botan::TLS::Session_Manager& sess_mgr,
- Botan::TLS::Policy& policy
-#endif
)
: acceptor_(io_context, tcp::endpoint(tcp::v4(), port)),
-#if BOTAN_VERSION_MAJOR > 2
context_(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy))
-#else
- context_(creds_mgr, rng, sess_mgr, policy)
-#endif
{
do_accept();
}
}
tcp::acceptor acceptor_;
-#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context> context_;
-#else
- Botan::TLS::Context context_;
-#endif
};
int main(int argc, char* argv[])
}
boost::asio::io_context io_context;
-
-#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::AutoSeeded_RNG>
rng(new Botan::AutoSeeded_RNG());
std::shared_ptr<Server_Credentials_Manager>
sess_mgr(new Server_Session_Manager());
std::shared_ptr<Server_Policy>
policy(new Server_Policy());
-#else
- Botan::AutoSeeded_RNG rng;
- Server_Credentials_Manager creds_mgr(rng);
- Server_Session_Manager sess_mgr;
- Server_Policy policy;
-#endif
server s(io_context, std::atoi(argv[1]), creds_mgr, rng, sess_mgr, policy);
io_context.run();
projects / thirdparty / kea.git / commitdiff
