11#include <botan/tls_callbacks.h>
14#include <botan/dl_group.h>
15#include <botan/ecdh.h>
16#include <botan/ocsp.h>
17#include <botan/pk_algs.h>
18#include <botan/tls_algos.h>
19#include <botan/tls_exceptn.h>
20#include <botan/tls_policy.h>
21#include <botan/x509path.h>
22#include <botan/internal/ct_utils.h>
23#include <botan/internal/stl_util.h>
25#if defined(BOTAN_HAS_CURVE_25519)
26 #include <botan/curve25519.h>
29#if defined(BOTAN_HAS_KYBER)
30 #include <botan/kyber.h>
33#if defined(BOTAN_HAS_FRODOKEM)
34 #include <botan/frodokem.h>
37#if defined(BOTAN_HAS_TLS_13_PQC)
38 #include <botan/internal/hybrid_public_key.h>
56 return std::chrono::system_clock::now();
83 const std::vector<std::optional<OCSP::Response>>& ocsp_responses,
84 const std::vector<Certificate_Store*>& trusted_roots,
86 std::string_view hostname,
88 if(cert_chain.empty()) {
100 tls_current_timestamp(),
101 tls_verify_cert_chain_ocsp_timeout(),
111 std::string_view hostname,
116 throw TLS_Exception(Alert::CertificateUnknown,
"Application did not provide a means to validate the raw public key");
130 std::vector<std::vector<uint8_t>> result(chain.size());
132 result[0] = tls_provide_cert_status(chain, csr);
139 std::string_view padding,
141 const std::vector<uint8_t>& msg) {
142 PK_Signer signer(key, rng, padding, format);
148 std::string_view padding,
150 const std::vector<uint8_t>& msg,
151 const std::vector<uint8_t>& sig) {
158#if defined(BOTAN_HAS_KYBER)
164#if defined(BOTAN_HAS_FRODOKEM)
170#if defined(BOTAN_HAS_TLS_13_PQC)
176 return tls_generate_ephemeral_key(group, rng);
180 const std::vector<uint8_t>& encoded_public_key,
184 auto kem_pub_key = [&]() -> std::unique_ptr<Public_Key> {
186#if defined(BOTAN_HAS_TLS_13_PQC)
192#if defined(BOTAN_HAS_KYBER)
194 return std::make_unique<Kyber_PublicKey>(encoded_public_key,
KyberMode(group.
to_string().value()));
198#if defined(BOTAN_HAS_FRODOKEM)
200 return std::make_unique<FrodoKEM_PublicKey>(encoded_public_key,
FrodoKEMMode(group.
to_string().value()));
204 throw TLS_Exception(Alert::IllegalParameter,
"KEM is not supported");
213 auto ephemeral_keypair = tls_generate_ephemeral_key(group, rng);
215 tls_ephemeral_key_agreement(group, *ephemeral_keypair, encoded_public_key, rng, policy));
220 const std::vector<uint8_t>& encapsulated_bytes,
225 return kemdec.
decrypt(encapsulated_bytes, 0, {});
230 return tls_ephemeral_key_agreement(group, key_agreement_key, encapsulated_bytes, rng, policy);
231 }
catch(
const std::bad_cast&) {
232 throw Invalid_Argument(
"provided ephemeral key is not a PK_Key_Agreement_Key");
238bool is_dh_group(
const std::variant<TLS::Group_Params, DL_Group>& group) {
239 return std::holds_alternative<DL_Group>(group) || std::get<TLS::Group_Params>(group).is_dh_named_group();
242DL_Group get_dl_group(
const std::variant<TLS::Group_Params, DL_Group>& group) {
250 [&](TLS::Group_Params group_param) {
return DL_Group(group_param.to_string().value()); }},
258 if(is_dh_group(group)) {
259 const DL_Group dl_group = get_dl_group(group);
260 return std::make_unique<DH_PrivateKey>(rng, dl_group);
264 const auto group_params = std::get<TLS::Group_Params>(group);
266 if(group_params.is_ecdh_named_curve()) {
267 const EC_Group ec_group(group_params.to_string().value());
268 return std::make_unique<ECDH_PrivateKey>(rng, ec_group);
271#if defined(BOTAN_HAS_CURVE_25519)
272 if(group_params.is_x25519()) {
273 return std::make_unique<X25519_PrivateKey>(rng);
277 if(group_params.is_kem()) {
278 throw TLS_Exception(Alert::IllegalParameter,
"cannot generate an ephemeral KEX key for a KEM");
281 throw TLS_Exception(Alert::DecodeError,
"cannot create a key offering without a group definition");
285 const std::variant<TLS::Group_Params, DL_Group>& group,
287 const std::vector<uint8_t>& public_value,
295 if(is_dh_group(group)) {
298 const auto dl_group = get_dl_group(group);
308 if(Y <= 1 || Y >= dl_group.get_p() - 1) {
309 throw TLS_Exception(Alert::IllegalParameter,
"Server sent bad DH key for DHE exchange");
315 return agree(private_key, peer_key);
319 const auto group_params = std::get<TLS::Group_Params>(group);
321 if(group_params.is_ecdh_named_curve()) {
322 const EC_Group ec_group(group_params.to_string().value());
326 return agree(private_key, peer_key);
329#if defined(BOTAN_HAS_CURVE_25519)
330 if(group_params.is_x25519()) {
331 if(public_value.size() != 32) {
332 throw TLS_Exception(Alert::HandshakeFailure,
"Invalid X25519 key size");
338 return agree(private_key, peer_key);
342 throw TLS_Exception(Alert::IllegalParameter,
"Did not recognize the key exchange group");
#define BOTAN_ASSERT_NOMSG(expr)
static BigInt decode(const uint8_t buf[], size_t length)
EC_Point OS2ECP(const uint8_t bits[], size_t len) const
secure_vector< uint8_t > bits_of() const
void decrypt(std::span< uint8_t > out_shared_key, std::span< const uint8_t > encap_key, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
KEM_Encapsulation encrypt(RandomNumberGenerator &rng, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
bool successful_validation() const
std::string result_string() const
virtual std::string tls_peer_network_identity()
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
virtual std::vector< std::vector< uint8_t > > tls_provide_cert_chain_status(const std::vector< X509_Certificate > &chain, const Certificate_Status_Request &csr)
virtual std::string tls_server_choose_app_protocol(const std::vector< std::string > &client_protos)
virtual std::optional< OCSP::Response > tls_parse_ocsp_response(const std::vector< uint8_t > &raw_response)
virtual void tls_examine_extensions(const Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg)
virtual void tls_verify_raw_public_key(const Public_Key &raw_public_key, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
virtual KEM_Encapsulation tls_kem_encapsulate(TLS::Group_Params group, const std::vector< uint8_t > &encoded_public_key, RandomNumberGenerator &rng, const Policy &policy)
virtual bool tls_should_persist_resumption_information(const Session &session)
virtual std::unique_ptr< Private_Key > tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator &rng)
virtual secure_vector< uint8_t > tls_ephemeral_key_agreement(const std::variant< TLS::Group_Params, DL_Group > &group, const PK_Key_Agreement_Key &private_key, const std::vector< uint8_t > &public_value, RandomNumberGenerator &rng, const Policy &policy)
virtual secure_vector< uint8_t > tls_kem_decapsulate(TLS::Group_Params group, const Private_Key &private_key, const std::vector< uint8_t > &encapsulated_bytes, RandomNumberGenerator &rng, const Policy &policy)
virtual std::chrono::system_clock::time_point tls_current_timestamp()
virtual std::unique_ptr< PK_Key_Agreement_Key > tls_generate_ephemeral_key(const std::variant< TLS::Group_Params, DL_Group > &group, RandomNumberGenerator &rng)
virtual void tls_verify_cert_chain(const std::vector< X509_Certificate > &cert_chain, const std::vector< std::optional< OCSP::Response > > &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
virtual bool tls_verify_message(const Public_Key &key, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
constexpr bool is_pqc_hybrid() const
constexpr bool is_kem() const
constexpr bool is_pure_frodokem() const
constexpr bool is_pure_kyber() const
std::optional< std::string > to_string() const
static std::unique_ptr< Hybrid_KEM_PrivateKey > generate_from_group(Group_Params group, RandomNumberGenerator &rng)
static std::unique_ptr< Hybrid_KEM_PublicKey > load_for_group(Group_Params group, std::span< const uint8_t > concatenated_public_values)
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
virtual bool require_cert_revocation_info() const
virtual size_t minimum_signature_strength() const
bool is_pre_tls_13() const
Protocol_Version version() const
std::chrono::seconds lifetime_hint() const
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
std::vector< T, secure_allocator< T > > secure_vector