Botan  2.4.0
Crypto and TLS for C++11
Public Types | Public Member Functions | List of all members
Botan::TLS::Compat_Callbacks Class Referencefinal

#include <tls_callbacks.h>

Inheritance diagram for Botan::TLS::Compat_Callbacks:
Botan::TLS::Callbacks

Public Types

typedef std::function< void(Alert, const uint8_t[], size_t)> alert_cb
 
typedef std::function< void(const uint8_t[], size_t)> data_cb
 
typedef std::function< bool(const Session &)> handshake_cb
 
typedef std::function< void(const Handshake_Message &)> handshake_msg_cb
 
typedef std::function< std::string(std::vector< std::string >)> next_protocol_fn
 
typedef std::function< void(const uint8_t[], size_t)> output_fn
 
enum  SILENCE_DEPRECATION_WARNING { SILENCE_DEPRECATION_WARNING::PLEASE = 0 }
 

Public Member Functions

 Compat_Callbacks (output_fn output_fn, data_cb app_data_cb, alert_cb alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb=nullptr, next_protocol_fn next_proto=nullptr)
 
 Compat_Callbacks (output_fn output_fn, data_cb app_data_cb, std::function< void(Alert)> alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb=nullptr, next_protocol_fn next_proto=nullptr)
 
 Compat_Callbacks (SILENCE_DEPRECATION_WARNING, output_fn output_fn, data_cb app_data_cb, std::function< void(Alert)> alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb=nullptr, next_protocol_fn next_proto=nullptr)
 
 Compat_Callbacks (SILENCE_DEPRECATION_WARNING, output_fn output_fn, data_cb app_data_cb, alert_cb alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb=nullptr, next_protocol_fn next_proto=nullptr)
 
void tls_alert (Alert alert) override
 
virtual std::pair< secure_vector< uint8_t >, std::vector< uint8_t > > tls_dh_agree (const std::vector< uint8_t > &modulus, const std::vector< uint8_t > &generator, const std::vector< uint8_t > &peer_public_value, const Policy &policy, RandomNumberGenerator &rng)
 
virtual std::pair< secure_vector< uint8_t >, std::vector< uint8_t > > tls_ecdh_agree (const std::string &curve_name, const std::vector< uint8_t > &peer_public_value, const Policy &policy, RandomNumberGenerator &rng, bool compressed)
 
void tls_emit_data (const uint8_t data[], size_t size) override
 
void tls_inspect_handshake_msg (const Handshake_Message &hmsg) override
 
virtual void tls_log_debug (const char *what)
 
virtual void tls_log_debug_bin (const char *descr, const uint8_t val[], size_t val_len)
 
virtual void tls_log_error (const char *err)
 
void tls_record_received (uint64_t, const uint8_t data[], size_t size) override
 
std::string tls_server_choose_app_protocol (const std::vector< std::string > &client_protos) override
 
virtual void tls_session_activated ()
 
bool tls_session_established (const Session &session) override
 
virtual std::vector< uint8_t > tls_sign_message (const Private_Key &key, RandomNumberGenerator &rng, const std::string &emsa, Signature_Format format, const std::vector< uint8_t > &msg)
 
virtual void tls_verify_cert_chain (const std::vector< X509_Certificate > &cert_chain, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_responses, const std::vector< Certificate_Store *> &trusted_roots, Usage_Type usage, const std::string &hostname, const TLS::Policy &policy)
 
virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout () const
 
virtual bool tls_verify_message (const Public_Key &key, const std::string &emsa, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
 

Detailed Description

TLS::Callbacks using std::function for compatability with the old API signatures. This type is only provided for backward compatibility. New implementations should derive from TLS::Callbacks instead.

Definition at line 287 of file tls_callbacks.h.

Member Typedef Documentation

◆ alert_cb

typedef std::function<void (Alert, const uint8_t[], size_t)> Botan::TLS::Compat_Callbacks::alert_cb

Definition at line 292 of file tls_callbacks.h.

◆ data_cb

typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Compat_Callbacks::data_cb

Definition at line 291 of file tls_callbacks.h.

◆ handshake_cb

typedef std::function<bool (const Session&)> Botan::TLS::Compat_Callbacks::handshake_cb

Definition at line 293 of file tls_callbacks.h.

◆ handshake_msg_cb

Definition at line 294 of file tls_callbacks.h.

◆ next_protocol_fn

typedef std::function<std::string (std::vector<std::string>)> Botan::TLS::Compat_Callbacks::next_protocol_fn

Definition at line 295 of file tls_callbacks.h.

◆ output_fn

typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Compat_Callbacks::output_fn

Definition at line 290 of file tls_callbacks.h.

Member Enumeration Documentation

◆ SILENCE_DEPRECATION_WARNING

Enumerator
PLEASE 

Definition at line 328 of file tls_callbacks.h.

328 { PLEASE = 0 };

Constructor & Destructor Documentation

◆ Compat_Callbacks() [1/4]

Botan::TLS::Compat_Callbacks::Compat_Callbacks ( output_fn  output_fn,
data_cb  app_data_cb,
alert_cb  alert_cb,
handshake_cb  hs_cb,
handshake_msg_cb  hs_msg_cb = nullptr,
next_protocol_fn  next_proto = nullptr 
)
inline
Parameters
output_fnis called with data for the outbound socket
app_data_cbis called when new application data is received
alert_cbis called when a TLS alert is received
hs_cbis called when a handshake is completed
hs_msg_cbis called for each handshake message received
next_protois called with ALPN protocol data sent by the client

Definition at line 311 of file tls_callbacks.h.

314  : m_output_function(output_fn), m_app_data_cb(app_data_cb),
315  m_alert_cb(std::bind(alert_cb, std::placeholders::_1, nullptr, 0)),
316  m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {}
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
std::function< void(const uint8_t[], size_t)> output_fn

◆ Compat_Callbacks() [2/4]

Botan::TLS::Compat_Callbacks::Compat_Callbacks ( output_fn  output_fn,
data_cb  app_data_cb,
std::function< void(Alert)>  alert_cb,
handshake_cb  hs_cb,
handshake_msg_cb  hs_msg_cb = nullptr,
next_protocol_fn  next_proto = nullptr 
)
inline

Definition at line 319 of file tls_callbacks.h.

324  : m_output_function(output_fn), m_app_data_cb(app_data_cb),
325  m_alert_cb(alert_cb),
326  m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {}
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
std::function< void(const uint8_t[], size_t)> output_fn

◆ Compat_Callbacks() [3/4]

Botan::TLS::Compat_Callbacks::Compat_Callbacks ( SILENCE_DEPRECATION_WARNING  ,
output_fn  output_fn,
data_cb  app_data_cb,
std::function< void(Alert)>  alert_cb,
handshake_cb  hs_cb,
handshake_msg_cb  hs_msg_cb = nullptr,
next_protocol_fn  next_proto = nullptr 
)
inline

Definition at line 329 of file tls_callbacks.h.

335  : m_output_function(output_fn), m_app_data_cb(app_data_cb),
336  m_alert_cb(alert_cb),
337  m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {}
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
std::function< void(const uint8_t[], size_t)> output_fn

◆ Compat_Callbacks() [4/4]

Botan::TLS::Compat_Callbacks::Compat_Callbacks ( SILENCE_DEPRECATION_WARNING  ,
output_fn  output_fn,
data_cb  app_data_cb,
alert_cb  alert_cb,
handshake_cb  hs_cb,
handshake_msg_cb  hs_msg_cb = nullptr,
next_protocol_fn  next_proto = nullptr 
)
inline

Definition at line 339 of file tls_callbacks.h.

343  : m_output_function(output_fn), m_app_data_cb(app_data_cb),
344  m_alert_cb(std::bind(alert_cb, std::placeholders::_1, nullptr, 0)),
345  m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {}
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
std::function< void(const uint8_t[], size_t)> output_fn

Member Function Documentation

◆ tls_alert()

void Botan::TLS::Compat_Callbacks::tls_alert ( Alert  alert)
inlineoverridevirtual

Mandatory callback: alert received Called when an alert is received from the peer If fatal, the connection is closing. If not fatal, the connection may still be closing (depending on the error and the peer).

Parameters
alertthe source of the alert

Implements Botan::TLS::Callbacks.

Definition at line 362 of file tls_callbacks.h.

References BOTAN_ASSERT.

363  {
364  BOTAN_ASSERT(m_alert_cb != nullptr,
365  "Invalid TLS alert callback.");
366  m_alert_cb(alert);
367  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29

◆ tls_dh_agree()

std::pair< secure_vector< uint8_t >, std::vector< uint8_t > > Botan::TLS::Callbacks::tls_dh_agree ( const std::vector< uint8_t > &  modulus,
const std::vector< uint8_t > &  generator,
const std::vector< uint8_t > &  peer_public_value,
const Policy policy,
RandomNumberGenerator rng 
)
virtualinherited

Optional callback with default impl: client side DH agreement

Default implementation uses PK_Key_Agreement::derive_key(). Override to provide a different approach, e.g. using an external device.

Parameters
modulusthe modulus p of the discrete logarithm group
generatorthe generator of the DH subgroup
peer_public_valuethe public value of the peer
policythe TLS policy associated with the session being established
rnga random number generator
Returns
a pair consisting of the agreed raw secret and our public value

Definition at line 87 of file tls_callbacks.cpp.

References Botan::TLS::Policy::check_peer_key_acceptable(), Botan::BigInt::decode(), Botan::PK_Key_Agreement::derive_key(), Botan::TLS::Alert::INSUFFICIENT_SECURITY, Botan::DH_PublicKey::public_value(), Botan::DH_PrivateKey::public_value(), Botan::CT::strip_leading_zeros(), Botan::DL_Group::verify_group(), and Y.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

93  {
94  BigInt p = BigInt::decode(modulus);
95  BigInt g = BigInt::decode(generator);
96  BigInt Y = BigInt::decode(peer_public_value);
97 
98  /*
99  * A basic check for key validity. As we do not know q here we
100  * cannot check that Y is in the right subgroup. However since
101  * our key is ephemeral there does not seem to be any
102  * advantage to bogus keys anyway.
103  */
104  if(Y <= 1 || Y >= p - 1)
105  throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
106  "Server sent bad DH key for DHE exchange");
107 
108  DL_Group group(p, g);
109 
110  if(!group.verify_group(rng, false))
111  throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
112  "DH group validation failed");
113 
114  DH_PublicKey peer_key(group, Y);
115 
116  policy.check_peer_key_acceptable(peer_key);
117 
118  DH_PrivateKey priv_key(rng, group);
119  PK_Key_Agreement ka(priv_key, rng, "Raw");
120  secure_vector<uint8_t> dh_secret = CT::strip_leading_zeros(
121  ka.derive_key(0, peer_key.public_value()).bits_of());
122 
123  return std::make_pair(dh_secret, priv_key.public_value());
124  }
fe Y
Definition: ge.cpp:28
static BigInt decode(const uint8_t buf[], size_t length, Base base=Binary)
Definition: big_code.cpp:114
secure_vector< uint8_t > strip_leading_zeros(const uint8_t in[], size_t length)
Definition: ct_utils.h:170

◆ tls_ecdh_agree()

std::pair< secure_vector< uint8_t >, std::vector< uint8_t > > Botan::TLS::Callbacks::tls_ecdh_agree ( const std::string &  curve_name,
const std::vector< uint8_t > &  peer_public_value,
const Policy policy,
RandomNumberGenerator rng,
bool  compressed 
)
virtualinherited

Optional callback with default impl: client side ECDH agreement

Default implementation uses PK_Key_Agreement::derive_key(). Override to provide a different approach, e.g. using an external device.

Parameters
curve_namethe name of the elliptic curve
peer_public_valuethe public value of the peer
policythe TLS policy associated with the session being established
rnga random number generator
compressedthe compression preference for our public value
Returns
a pair consisting of the agreed raw secret and our public value

Definition at line 126 of file tls_callbacks.cpp.

References Botan::TLS::Policy::check_peer_key_acceptable(), Botan::PointGFp::COMPRESSED, Botan::PK_Key_Agreement::derive_key(), Botan::EC_Group::get_curve(), Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::OIDS::lookup(), Botan::OS2ECP(), Botan::Curve25519_PublicKey::public_value(), Botan::ECDH_PublicKey::public_value(), Botan::Curve25519_PrivateKey::public_value(), Botan::ECDH_PrivateKey::public_value(), and Botan::PointGFp::UNCOMPRESSED.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

132  {
133  secure_vector<uint8_t> ecdh_secret;
134  std::vector<uint8_t> our_public_value;
135 
136  if(curve_name == "x25519")
137  {
138 #if defined(BOTAN_HAS_CURVE_25519)
139  if(peer_public_value.size() != 32)
140  {
141  throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Invalid X25519 key size");
142  }
143 
144  Curve25519_PublicKey peer_key(peer_public_value);
145  policy.check_peer_key_acceptable(peer_key);
146  Curve25519_PrivateKey priv_key(rng);
147  PK_Key_Agreement ka(priv_key, rng, "Raw");
148  ecdh_secret = ka.derive_key(0, peer_key.public_value()).bits_of();
149 
150  // X25519 is always compressed but sent as "uncompressed" in TLS
151  our_public_value = priv_key.public_value();
152 #else
153  throw Internal_Error("Negotiated X25519 somehow, but it is disabled");
154 #endif
155  }
156  else
157  {
158  EC_Group group(OIDS::lookup(curve_name));
159  ECDH_PublicKey peer_key(group, OS2ECP(peer_public_value, group.get_curve()));
160  policy.check_peer_key_acceptable(peer_key);
161  ECDH_PrivateKey priv_key(rng, group);
162  PK_Key_Agreement ka(priv_key, rng, "Raw");
163  ecdh_secret = ka.derive_key(0, peer_key.public_value()).bits_of();
164  our_public_value = priv_key.public_value(compressed ? PointGFp::COMPRESSED : PointGFp::UNCOMPRESSED);
165  }
166 
167  return std::make_pair(ecdh_secret, our_public_value);
168  }
std::string lookup(const OID &oid)
Definition: oids.cpp:18
PointGFp OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp &curve)
Definition: point_gfp.cpp:543

◆ tls_emit_data()

void Botan::TLS::Compat_Callbacks::tls_emit_data ( const uint8_t  data[],
size_t  size 
)
inlineoverridevirtual

Mandatory callback: output function The channel will call this with data which needs to be sent to the peer (eg, over a socket or some other form of IPC). The array will be overwritten when the function returns so a copy must be made if the data cannot be sent immediately.

Parameters
datathe vector of data to send
sizethe number of bytes to send

Implements Botan::TLS::Callbacks.

Definition at line 348 of file tls_callbacks.h.

References BOTAN_ASSERT.

349  {
350  BOTAN_ASSERT(m_output_function != nullptr,
351  "Invalid TLS output function callback.");
352  m_output_function(data, size);
353  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29

◆ tls_inspect_handshake_msg()

void Botan::TLS::Compat_Callbacks::tls_inspect_handshake_msg ( const Handshake_Message message)
inlineoverridevirtual

Optional callback: inspect handshake message Throw an exception to abort the handshake. Default simply ignores the message.

Parameters
messagethe handshake message

Reimplemented from Botan::TLS::Callbacks.

Definition at line 382 of file tls_callbacks.h.

383  {
384  // The handshake message callback is optional so we can
385  // not assume it has been set.
386  if(m_hs_msg_cb != nullptr) { m_hs_msg_cb(hmsg); }
387  }

◆ tls_log_debug()

virtual void Botan::TLS::Callbacks::tls_log_debug ( const char *  what)
inlinevirtualinherited

Optional callback: debug logging. (not currently called)

Parameters
whatSome hopefully informative string

Definition at line 265 of file tls_callbacks.h.

References BOTAN_UNUSED.

266  {
267  BOTAN_UNUSED(what);
268  }
#define BOTAN_UNUSED(...)
Definition: assert.h:106

◆ tls_log_debug_bin()

virtual void Botan::TLS::Callbacks::tls_log_debug_bin ( const char *  descr,
const uint8_t  val[],
size_t  val_len 
)
inlinevirtualinherited

Optional callback: debug logging taking a buffer. (not currently called)

Parameters
descrWhat this buffer is
valthe bytes
val_lenlength of val

Definition at line 276 of file tls_callbacks.h.

References BOTAN_UNUSED.

277  {
278  BOTAN_UNUSED(descr, val, val_len);
279  }
#define BOTAN_UNUSED(...)
Definition: assert.h:106

◆ tls_log_error()

virtual void Botan::TLS::Callbacks::tls_log_error ( const char *  err)
inlinevirtualinherited

Optional callback: error logging. (not currently called)

Parameters
errAn error message related to this connection.

Definition at line 256 of file tls_callbacks.h.

References BOTAN_UNUSED.

257  {
258  BOTAN_UNUSED(err);
259  }
#define BOTAN_UNUSED(...)
Definition: assert.h:106

◆ tls_record_received()

void Botan::TLS::Compat_Callbacks::tls_record_received ( uint64_t  seq_no,
const uint8_t  data[],
size_t  size 
)
inlineoverridevirtual

Mandatory callback: process application data Called when application data record is received from the peer. Again the array is overwritten immediately after the function returns.

Parameters
seq_nothe underlying TLS/DTLS record sequence number
datathe vector containing the received record
sizethe length of the received record, in bytes

Implements Botan::TLS::Callbacks.

Definition at line 355 of file tls_callbacks.h.

References BOTAN_ASSERT.

356  {
357  BOTAN_ASSERT(m_app_data_cb != nullptr,
358  "Invalid TLS app data callback.");
359  m_app_data_cb(data, size);
360  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29

◆ tls_server_choose_app_protocol()

std::string Botan::TLS::Compat_Callbacks::tls_server_choose_app_protocol ( const std::vector< std::string > &  client_protos)
inlineoverridevirtual

Optional callback for server: choose ALPN protocol ALPN (RFC 7301) works by the client sending a list of application protocols it is willing to negotiate. The server then selects which protocol to use, which is not necessarily even on the list that the client sent.

Parameters
client_protosthe vector of protocols the client is willing to negotiate
Returns
the protocol selected by the server, which need not be on the list that the client sent; if this is the empty string, the server ignores the client ALPN extension. Default return value is empty string.

Reimplemented from Botan::TLS::Callbacks.

Definition at line 376 of file tls_callbacks.h.

377  {
378  if(m_next_proto != nullptr) { return m_next_proto(client_protos); }
379  return "";
380  }

◆ tls_session_activated()

virtual void Botan::TLS::Callbacks::tls_session_activated ( )
inlinevirtualinherited

Optional callback: session activated Called when a session is active and can be written to

Definition at line 95 of file tls_callbacks.h.

Referenced by Botan::TLS::Channel::activate_session().

95 {}

◆ tls_session_established()

bool Botan::TLS::Compat_Callbacks::tls_session_established ( const Session session)
inlineoverridevirtual

Mandatory callback: session established Called when a session is established. Throw an exception to abort the connection.

Parameters
sessionthe session descriptor
Returns
return false to prevent the session from being cached, return true to cache the session in the configured session manager

Implements Botan::TLS::Callbacks.

Definition at line 369 of file tls_callbacks.h.

References BOTAN_ASSERT.

370  {
371  BOTAN_ASSERT(m_hs_cb != nullptr,
372  "Invalid TLS handshake callback.");
373  return m_hs_cb(session);
374  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29

◆ tls_sign_message()

std::vector< uint8_t > Botan::TLS::Callbacks::tls_sign_message ( const Private_Key key,
RandomNumberGenerator rng,
const std::string &  emsa,
Signature_Format  format,
const std::vector< uint8_t > &  msg 
)
virtualinherited

Optional callback with default impl: sign a message

Default implementation uses PK_Signer::sign_message(). Override to provide a different approach, e.g. using an external device.

Parameters
keythe private key of the signer
rnga random number generator
emsathe encoding method to be applied to the message
formatthe signature format
msgthe input data for the signature
Returns
the signature

Definition at line 63 of file tls_callbacks.cpp.

References Botan::PK_Signer::sign_message().

Referenced by Botan::TLS::Certificate_Verify::Certificate_Verify(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

69  {
70  PK_Signer signer(key, rng, emsa, format);
71 
72  return signer.sign_message(msg, rng);
73  }

◆ tls_verify_cert_chain()

void Botan::TLS::Callbacks::tls_verify_cert_chain ( const std::vector< X509_Certificate > &  cert_chain,
const std::vector< std::shared_ptr< const OCSP::Response >> &  ocsp_responses,
const std::vector< Certificate_Store *> &  trusted_roots,
Usage_Type  usage,
const std::string &  hostname,
const TLS::Policy policy 
)
virtualinherited

Optional callback with default impl: verify cert chain

Default implementation performs a standard PKIX validation and initiates network OCSP request for end-entity cert. Override to provide different behavior.

Check the certificate chain is valid up to a trusted root, and optionally (if hostname != "") that the hostname given is consistent with the leaf certificate.

This function should throw an exception derived from std::exception with an informative what() result if the certificate chain cannot be verified.

Parameters
cert_chainspecifies a certificate chain leading to a trusted root CA certificate.
ocsp_responsesthe server may have provided some
trusted_rootsthe list of trusted certificates
usagewhat this cert chain is being used for Usage_Type::TLS_SERVER_AUTH for server chains, Usage_Type::TLS_CLIENT_AUTH for client chains, Usage_Type::UNSPECIFIED for other uses
hostnamewhen authenticating a server, this is the hostname the client requested (eg via SNI). When authenticating a client, this is the server name the client is authenticating to. Empty in other cases or if no hostname was used.
policythe TLS policy associated with the session being authenticated using the certificate chain

Definition at line 35 of file tls_callbacks.cpp.

References Botan::TLS::Policy::minimum_signature_strength(), Botan::TLS::Policy::require_cert_revocation_info(), Botan::TLS_SERVER_AUTH, Botan::TLS::Callbacks::tls_verify_cert_chain_ocsp_timeout(), and Botan::x509_path_validate().

Referenced by Botan::TLS::Client::Client(), and Botan::TLS::Server::Server().

42  {
43  if(cert_chain.empty())
44  throw Invalid_Argument("Certificate chain was empty");
45 
46  Path_Validation_Restrictions restrictions(policy.require_cert_revocation_info(),
47  policy.minimum_signature_strength());
48 
49  Path_Validation_Result result =
50  x509_path_validate(cert_chain,
51  restrictions,
52  trusted_roots,
53  (usage == Usage_Type::TLS_SERVER_AUTH ? hostname : ""),
54  usage,
55  std::chrono::system_clock::now(),
57  ocsp_responses);
58 
59  if(!result.successful_validation())
60  throw Exception("Certificate validation failure: " + result.result_string());
61  }
virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store *> &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Definition: x509path.cpp:820

◆ tls_verify_cert_chain_ocsp_timeout()

virtual std::chrono::milliseconds Botan::TLS::Callbacks::tls_verify_cert_chain_ocsp_timeout ( ) const
inlinevirtualinherited

Called by default tls_verify_cert_chain to get the timeout to use for OCSP requests. Return 0 to disable online OCSP checks.

Definition at line 139 of file tls_callbacks.h.

Referenced by Botan::TLS::Callbacks::tls_verify_cert_chain().

140  {
141  return std::chrono::milliseconds(0);
142  }

◆ tls_verify_message()

bool Botan::TLS::Callbacks::tls_verify_message ( const Public_Key key,
const std::string &  emsa,
Signature_Format  format,
const std::vector< uint8_t > &  msg,
const std::vector< uint8_t > &  sig 
)
virtualinherited

Optional callback with default impl: verify a message signature

Default implementation uses PK_Verifier::verify_message(). Override to provide a different approach, e.g. using an external device.

Parameters
keythe public key of the signer
emsathe encoding method to be applied to the message
formatthe signature format
msgthe input data for the signature
sigthe signature to be checked
Returns
true if the signature is valid, false otherwise

Definition at line 75 of file tls_callbacks.cpp.

References Botan::PK_Verifier::verify_message().

Referenced by Botan::TLS::Certificate_Verify::verify(), and Botan::TLS::Server_Key_Exchange::verify().

81  {
82  PK_Verifier verifier(key, emsa, format);
83 
84  return verifier.verify_message(msg, sig);
85  }

The documentation for this class was generated from the following file: