Botan 3.11.0
Crypto and TLS for C&
tls_callbacks.cpp
Go to the documentation of this file.
1/*
2* TLS Callbacks
3* (C) 2016 Jack Lloyd
4* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6* 2023 René Meusel - Rohde & Schwarz Cybersecurity
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#include <botan/tls_callbacks.h>
12
13#include <botan/dh.h>
14#include <botan/dl_group.h>
15#include <botan/ec_group.h>
16#include <botan/ecdh.h>
17#include <botan/ocsp.h>
18#include <botan/pk_algs.h>
19#include <botan/tls_algos.h>
20#include <botan/tls_exceptn.h>
21#include <botan/tls_policy.h>
22#include <botan/tls_session.h>
23#include <botan/x509path.h>
24#include <botan/internal/fmt.h>
25#include <botan/internal/stl_util.h>
26
27#if defined(BOTAN_HAS_X25519)
28 #include <botan/x25519.h>
29#endif
30
31#if defined(BOTAN_HAS_X448)
32 #include <botan/x448.h>
33#endif
34
35#if defined(BOTAN_HAS_ML_KEM)
36 #include <botan/ml_kem.h>
37#endif
38
39#if defined(BOTAN_HAS_FRODOKEM)
40 #include <botan/frodokem.h>
41#endif
42
43#if defined(BOTAN_HAS_TLS_13_PQC)
44 #include <botan/internal/hybrid_public_key.h>
45#endif
46
47namespace Botan {
48
49void TLS::Callbacks::tls_inspect_handshake_msg(const Handshake_Message& /*unused*/) {
50 // default is no op
51}
52
53std::string TLS::Callbacks::tls_server_choose_app_protocol(const std::vector<std::string>& /*unused*/) {
54 return "";
55}
56
57std::string TLS::Callbacks::tls_peer_network_identity() {
58 return "";
59}
60
61std::chrono::system_clock::time_point TLS::Callbacks::tls_current_timestamp() {
62 return std::chrono::system_clock::now();
63}
64
65void TLS::Callbacks::tls_modify_extensions(Extensions& /*unused*/,
66 Connection_Side /*unused*/,
67 Handshake_Type /*unused*/) {}
68
69void TLS::Callbacks::tls_examine_extensions(const Extensions& /*unused*/,
70 Connection_Side /*unused*/,
71 Handshake_Type /*unused*/) {}
72
73bool TLS::Callbacks::tls_should_persist_resumption_information(const Session& session) {
74 // RFC 5077 3.3
75 // The ticket_lifetime_hint field contains a hint from the server about
76 // how long the ticket should be stored. A value of zero is reserved to
77 // indicate that the lifetime of the ticket is unspecified.
78 //
79 // RFC 8446 4.6.1
80 // [A ticket_lifetime] of zero indicates that the ticket should be discarded
81 // immediately.
82 //
83 // By default we opt to keep all sessions, except for TLS 1.3 with a lifetime
84 // hint of zero.
85 return session.lifetime_hint().count() > 0 || session.version().is_pre_tls_13();
86}
87
88void TLS::Callbacks::tls_verify_cert_chain(const std::vector<X509_Certificate>& cert_chain,
89 const std::vector<std::optional<OCSP::Response>>& ocsp_responses,
90 const std::vector<Certificate_Store*>& trusted_roots,
91 Usage_Type usage,
92 std::string_view hostname,
93 const TLS::Policy& policy) {
94 if(cert_chain.empty()) {
95 throw Invalid_Argument("Certificate chain was empty");
96 }
97
98 const Path_Validation_Restrictions restrictions(policy.require_cert_revocation_info(),
99 policy.minimum_signature_strength());
100
101 const Path_Validation_Result result = x509_path_validate(cert_chain,
102 restrictions,
103 trusted_roots,
104 hostname,
105 usage,
106 tls_current_timestamp(),
107 tls_verify_cert_chain_ocsp_timeout(),
108 ocsp_responses);
109
110 if(!result.successful_validation()) {
111 throw TLS_Exception(Alert::BadCertificate, "Certificate validation failure: " + result.result_string());
112 }
113}
114
115void TLS::Callbacks::tls_verify_raw_public_key(const Public_Key& raw_public_key,
116 Usage_Type usage,
117 std::string_view hostname,
118 const TLS::Policy& policy) {
119 BOTAN_UNUSED(raw_public_key, usage, hostname, policy);
120 // There is no good default implementation for authenticating raw public key.
121 // Applications that wish to use them for authentication, must override this.
122 throw TLS_Exception(Alert::CertificateUnknown, "Application did not provide a means to validate the raw public key");
123}
124
125std::optional<OCSP::Response> TLS::Callbacks::tls_parse_ocsp_response(const std::vector<uint8_t>& raw_response) {
126 try {
127 return OCSP::Response(raw_response);
128 } catch(const Decoding_Error&) {
129 // ignore parsing errors and just ignore the broken OCSP response
130 return std::nullopt;
131 }
132}
133
134std::vector<std::vector<uint8_t>> TLS::Callbacks::tls_provide_cert_chain_status(
135 const std::vector<X509_Certificate>& chain, const Certificate_Status_Request& csr) {
136 std::vector<std::vector<uint8_t>> result(chain.size());
137 if(!chain.empty()) {
138 result[0] = tls_provide_cert_status(chain, csr);
139 }
140 return result;
141}
142
143std::vector<uint8_t> TLS::Callbacks::tls_sign_message(const Private_Key& key,
144 RandomNumberGenerator& rng,
145 std::string_view padding,
146 Signature_Format format,
147 const std::vector<uint8_t>& msg) {
148 PK_Signer signer(key, rng, padding, format);
149
150 return signer.sign_message(msg, rng);
151}
152
153bool TLS::Callbacks::tls_verify_message(const Public_Key& key,
154 std::string_view padding,
155 Signature_Format format,
156 const std::vector<uint8_t>& msg,
157 const std::vector<uint8_t>& sig) {
158 PK_Verifier verifier(key, padding, format);
159
160 return verifier.verify_message(msg, sig);
161}
162
163namespace {
164
165bool is_dh_group(const std::variant<TLS::Group_Params, DL_Group>& group) {
166 return std::holds_alternative<DL_Group>(group) || std::get<TLS::Group_Params>(group).is_dh_named_group();
167}
168
169DL_Group get_dl_group(const std::variant<TLS::Group_Params, DL_Group>& group) {
170 BOTAN_ASSERT_NOMSG(is_dh_group(group));
171
172 // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of
173 // a standardized DH group identifier. TLS 1.3 just offers pre-defined
174 // groups.
175 return std::visit(
176 overloaded{[](const DL_Group& dl_group) { return dl_group; },
177 [&](TLS::Group_Params group_param) { return DL_Group::from_name(group_param.to_string().value()); }},
178 group);
179}
180
181} // namespace
182
183std::unique_ptr<Public_Key> TLS::Callbacks::tls_deserialize_peer_public_key(
184 const std::variant<TLS::Group_Params, DL_Group>& group, std::span<const uint8_t> key_bits) {
185 if(is_dh_group(group)) {
186 // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of
187 // a standardized DH group identifier.
188 const auto dl_group = get_dl_group(group);
189
190 auto Y = BigInt::from_bytes(key_bits);
191
192 /*
193 * A basic check for key validity. As we do not know q here we
194 * cannot check that Y is in the right subgroup. However since
195 * our key is ephemeral there does not seem to be any
196 * advantage to bogus keys anyway.
197 */
198 if(Y <= 1 || Y >= dl_group.get_p() - 1) {
199 throw Decoding_Error("Server sent bad DH key for DHE exchange");
200 }
201
202 return std::make_unique<DH_PublicKey>(dl_group, Y);
203 }
204
205 // The special case for TLS 1.2 with an explicit DH group definition is
206 // handled above. All other cases are based on the opaque group definition.
207 BOTAN_ASSERT_NOMSG(std::holds_alternative<TLS::Group_Params>(group));
208 const auto group_params = std::get<TLS::Group_Params>(group);
209
210 if(group_params.is_ecdh_named_curve()) {
211 const auto ec_group = EC_Group::from_name(group_params.to_string().value());
212 return std::make_unique<ECDH_PublicKey>(ec_group, EC_AffinePoint(ec_group, key_bits));
213 }
214
215#if defined(BOTAN_HAS_X25519)
216 if(group_params.is_x25519()) {
217 return std::make_unique<X25519_PublicKey>(key_bits);
218 }
219#endif
220
221#if defined(BOTAN_HAS_X448)
222 if(group_params.is_x448()) {
223 return std::make_unique<X448_PublicKey>(key_bits);
224 }
225#endif
226
227#if defined(BOTAN_HAS_TLS_13_PQC)
228 if(group_params.is_pqc_hybrid()) {
229 return Hybrid_KEM_PublicKey::load_for_group(group_params, key_bits);
230 }
231#endif
232
233#if defined(BOTAN_HAS_ML_KEM)
234 if(group_params.is_pure_ml_kem()) {
235 return std::make_unique<ML_KEM_PublicKey>(key_bits, ML_KEM_Mode(group_params.to_string().value()));
236 }
237#endif
238
239#if defined(BOTAN_HAS_FRODOKEM)
240 if(group_params.is_pure_frodokem()) {
241 return std::make_unique<FrodoKEM_PublicKey>(key_bits, FrodoKEMMode(group_params.to_string().value()));
242 }
243#endif
244
245 throw Decoding_Error("cannot create a key offering without a group definition");
246}
247
248std::unique_ptr<Private_Key> TLS::Callbacks::tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator& rng) {
249#if defined(BOTAN_HAS_ML_KEM)
250 if(group.is_pure_ml_kem()) {
251 return std::make_unique<ML_KEM_PrivateKey>(rng, ML_KEM_Mode(group.to_string().value()));
252 }
253#endif
254
255#if defined(BOTAN_HAS_FRODOKEM)
256 if(group.is_pure_frodokem()) {
257 return std::make_unique<FrodoKEM_PrivateKey>(rng, FrodoKEMMode(group.to_string().value()));
258 }
259#endif
260
261#if defined(BOTAN_HAS_TLS_13_PQC)
262 if(group.is_pqc_hybrid()) {
263 return Hybrid_KEM_PrivateKey::generate_from_group(group, rng);
264 }
265#endif
266
267 return tls_generate_ephemeral_key(group, rng);
268}
269
270KEM_Encapsulation TLS::Callbacks::tls_kem_encapsulate(TLS::Group_Params group,
271 const std::vector<uint8_t>& encoded_public_key,
272 RandomNumberGenerator& rng,
273 const Policy& policy) {
274 if(group.is_kem()) {
275 auto kem_pub_key = [&] {
276 try {
277 return tls_deserialize_peer_public_key(group, encoded_public_key);
278 } catch(const Decoding_Error& ex) {
279 // This exception means that the public key was invalid. However,
280 // TLS' DecodeError would imply that a protocol message was invalid.
281 throw TLS_Exception(Alert::IllegalParameter, ex.what());
282 }
283 }();
284
285 BOTAN_ASSERT_NONNULL(kem_pub_key);
286 policy.check_peer_key_acceptable(*kem_pub_key);
287
288 try {
289 return PK_KEM_Encryptor(*kem_pub_key, "Raw").encrypt(rng);
290 } catch(const Invalid_Argument& ex) {
291 throw TLS_Exception(Alert::IllegalParameter, ex.what());
292 }
293 } else {
294 // TODO: We could use the KEX_to_KEM_Adapter to remove the case distinction
295 // of KEM and KEX. However, the workarounds in this adapter class
296 // should first be addressed.
297 auto ephemeral_keypair = tls_generate_ephemeral_key(group, rng);
298 BOTAN_ASSERT_NONNULL(ephemeral_keypair);
299 return {ephemeral_keypair->public_value(),
300 tls_ephemeral_key_agreement(group, *ephemeral_keypair, encoded_public_key, rng, policy)};
301 }
302}
303
304secure_vector<uint8_t> TLS::Callbacks::tls_kem_decapsulate(TLS::Group_Params group,
305 const Private_Key& private_key,
306 const std::vector<uint8_t>& encapsulated_bytes,
307 RandomNumberGenerator& rng,
308 const Policy& policy) {
309 if(group.is_kem()) {
310 PK_KEM_Decryptor kemdec(private_key, rng, "Raw");
311 if(encapsulated_bytes.size() != kemdec.encapsulated_key_length()) {
312 throw TLS_Exception(Alert::IllegalParameter, "Invalid encapsulated key length");
313 }
314 return kemdec.decrypt(encapsulated_bytes, 0, {});
315 }
316
317 try {
318 const auto& key_agreement_key = dynamic_cast<const PK_Key_Agreement_Key&>(private_key);
319 return tls_ephemeral_key_agreement(group, key_agreement_key, encapsulated_bytes, rng, policy);
320 } catch(const std::bad_cast&) {
321 throw Invalid_Argument("provided ephemeral key is not a PK_Key_Agreement_Key");
322 }
323}
324
325std::unique_ptr<PK_Key_Agreement_Key> TLS::Callbacks::tls_generate_ephemeral_key(
326 const std::variant<TLS::Group_Params, DL_Group>& group, RandomNumberGenerator& rng) {
327 if(is_dh_group(group)) {
328 const DL_Group dl_group = get_dl_group(group);
329 return std::make_unique<DH_PrivateKey>(rng, dl_group);
330 }
331
332 BOTAN_ASSERT_NOMSG(std::holds_alternative<TLS::Group_Params>(group));
333 const auto group_params = std::get<TLS::Group_Params>(group);
334
335 if(group_params.is_ecdh_named_curve()) {
336 const auto ec_group = EC_Group::from_name(group_params.to_string().value());
337 return std::make_unique<ECDH_PrivateKey>(rng, ec_group);
338 }
339
340#if defined(BOTAN_HAS_X25519)
341 if(group_params.is_x25519()) {
342 return std::make_unique<X25519_PrivateKey>(rng);
343 }
344#endif
345
346#if defined(BOTAN_HAS_X448)
347 if(group_params.is_x448()) {
348 return std::make_unique<X448_PrivateKey>(rng);
349 }
350#endif
351
352 if(group_params.is_kem()) {
353 throw TLS_Exception(Alert::IllegalParameter, "cannot generate an ephemeral KEX key for a KEM");
354 }
355
356 throw TLS_Exception(Alert::DecodeError, "cannot create a key offering without a group definition");
357}
358
359std::unique_ptr<PK_Key_Agreement_Key> TLS::Callbacks::tls12_generate_ephemeral_ecdh_key(
360 TLS::Group_Params group, RandomNumberGenerator& rng, EC_Point_Format tls12_ecc_pubkey_encoding_format) {
361 // Delegating to the "universal" callback to obtain an ECDH key pair
362 auto key = tls_generate_ephemeral_key(group, rng);
363
364 // For ordinary ECDH key pairs (that are derived from `ECDH_PublicKey`), we
365 // set the internal point encoding flag for the key before passing it on into
366 // the TLS 1.2 implementation. For user-defined keypair types (e.g. to
367 // offload to some crypto hardware) inheriting from Botan's `ECDH_PublicKey`
368 // might not be feasible. Such users should consider overriding this
369 // ECDH-specific callback and ensure that their custom class handles the
370 // public point encoding as requested by `tls12_ecc_pubkey_encoding_format`.
371 if(auto* ecc_key = dynamic_cast<ECDH_PublicKey*>(key.get())) {
372 ecc_key->set_point_encoding(tls12_ecc_pubkey_encoding_format);
373 }
374
375 return key;
376}
377
378secure_vector<uint8_t> TLS::Callbacks::tls_ephemeral_key_agreement(
379 const std::variant<TLS::Group_Params, DL_Group>& group,
380 const PK_Key_Agreement_Key& private_key,
381 const std::vector<uint8_t>& public_value,
382 RandomNumberGenerator& rng,
383 const Policy& policy) {
384 const auto kex_pub_key = [&]() {
385 try {
386 return tls_deserialize_peer_public_key(group, public_value);
387 } catch(const Decoding_Error& ex) {
388 // This exception means that the public key was invalid. However,
389 // TLS' DecodeError would imply that a protocol message was invalid.
390 throw TLS_Exception(Alert::IllegalParameter, ex.what());
391 }
392 }();
393
394 BOTAN_ASSERT_NONNULL(kex_pub_key);
395 policy.check_peer_key_acceptable(*kex_pub_key);
396
397 // RFC 8422 - 5.11.
398 // With X25519 and X448, a receiving party MUST check whether the
399 // computed premaster secret is the all-zero value and abort the
400 // handshake if so, as described in Section 6 of [RFC7748].
401 //
402 // This is done within the key agreement operation and throws
403 // an Invalid_Argument exception if the shared secret is all-zero.
404 try {
405 const PK_Key_Agreement ka(private_key, rng, "Raw");
406 return ka.derive_key(0, kex_pub_key->raw_public_key_bits()).bits_of();
407 } catch(const Invalid_Argument& ex) {
408 throw TLS_Exception(Alert::IllegalParameter, ex.what());
409 }
410}
411
415
416std::vector<uint8_t> TLS::Callbacks::tls_provide_cert_status(const std::vector<X509_Certificate>& chain,
417 const Certificate_Status_Request& csr) {
418 BOTAN_UNUSED(chain, csr);
419 return std::vector<uint8_t>();
420}
421
422void TLS::Callbacks::tls_log_error(const char* err) {
423 BOTAN_UNUSED(err);
424}
425
426void TLS::Callbacks::tls_log_debug(const char* what) {
427 BOTAN_UNUSED(what);
428}
429
430void TLS::Callbacks::tls_log_debug_bin(const char* descr, const uint8_t val[], size_t val_len) {
431 BOTAN_UNUSED(descr, val, val_len);
432}
433
434void TLS::Callbacks::tls_ssl_key_log_data(std::string_view label,
435 std::span<const uint8_t> client_random,
436 std::span<const uint8_t> secret) const {
437 BOTAN_UNUSED(label, client_random, secret);
438}
439
440std::unique_ptr<KDF> TLS::Callbacks::tls12_protocol_specific_kdf(std::string_view prf_algo) const {
441 if(prf_algo == "MD5" || prf_algo == "SHA-1") {
442 return KDF::create_or_throw("TLS-12-PRF(SHA-256)");
443 }
444
445 return KDF::create_or_throw(Botan::fmt("TLS-12-PRF({})", prf_algo));
446}
447
448} // namespace Botan
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:83
Botan::DL_Group
Definition dl_group.h:46
Botan::DL_Group::from_name
static DL_Group from_name(std::string_view name)
Definition dl_group.cpp:217
Botan::Decoding_Error
Definition exceptn.h:192
Botan::ECDH_PublicKey
Definition ecdh.h:20
Botan::EC_AffinePoint
Definition ec_apoint.h:36
Botan::EC_Group::from_name
static EC_Group from_name(std::string_view name)
Definition ec_group.cpp:438
Botan::Exception::what
const char * what() const noexcept override
Definition exceptn.h:94
Botan::Invalid_Argument
Definition exceptn.h:132
Botan::KDF::create_or_throw
static std::unique_ptr< KDF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition kdf.cpp:204
Botan::KEM_Encapsulation
Definition pubkey.h:562
Botan::OctetString::bits_of
secure_vector< uint8_t > bits_of() const
Definition symkey.h:36
Botan::PK_KEM_Decryptor
Definition pubkey.h:738
Botan::PK_KEM_Decryptor::encapsulated_key_length
size_t encapsulated_key_length() const
Definition pubkey.cpp:185
Botan::PK_KEM_Decryptor::decrypt
void decrypt(std::span< uint8_t > out_shared_key, std::span< const uint8_t > encap_key, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
Definition pubkey.cpp:204
Botan::PK_KEM_Encryptor
Definition pubkey.h:599
Botan::PK_KEM_Encryptor::encrypt
KEM_Encapsulation encrypt(RandomNumberGenerator &rng, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
Definition pubkey.h:664
Botan::PK_Key_Agreement_Key
Definition pk_keys.h:418
Botan::PK_Key_Agreement
Definition pubkey.h:396
Botan::PK_Key_Agreement::derive_key
SymmetricKey derive_key(size_t key_len, std::span< const uint8_t > peer_key, std::span< const uint8_t > salt) const
Definition pubkey.cpp:245
Botan::PK_Signer
Definition pubkey.h:154
Botan::PK_Signer::sign_message
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:185
Botan::PK_Verifier
Definition pubkey.h:271
Botan::PK_Verifier::verify_message
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:411
Botan::Path_Validation_Restrictions
Definition x509path.h:33
Botan::Path_Validation_Result
Definition x509path.h:175
Botan::Path_Validation_Result::successful_validation
bool successful_validation() const
Definition x509path.cpp:1046
Botan::Path_Validation_Result::result_string
std::string result_string() const
Definition x509path.cpp:1064
Botan::Private_Key
Definition pk_keys.h:294
Botan::Public_Key
Definition pk_keys.h:148
Botan::TLS::Callbacks::tls_verify_cert_chain_ocsp_timeout
virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const
Definition tls_callbacks.h:275
Botan::TLS::Callbacks::tls_provide_cert_status
virtual std::vector< uint8_t > tls_provide_cert_status(const std::vector< X509_Certificate > &chain, const Certificate_Status_Request &csr)
Definition tls_callbacks.cpp:416
Botan::TLS::Callbacks::tls_peer_network_identity
virtual std::string tls_peer_network_identity()
Definition tls_callbacks.cpp:57
Botan::TLS::Callbacks::tls_modify_extensions
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
Definition tls_callbacks.cpp:65
Botan::TLS::Callbacks::tls_provide_cert_chain_status
virtual std::vector< std::vector< uint8_t > > tls_provide_cert_chain_status(const std::vector< X509_Certificate > &chain, const Certificate_Status_Request &csr)
Definition tls_callbacks.cpp:134
Botan::TLS::Callbacks::tls_log_debug_bin
virtual void tls_log_debug_bin(const char *descr, const uint8_t val[], size_t val_len)
Definition tls_callbacks.cpp:430
Botan::TLS::Callbacks::tls_log_error
virtual void tls_log_error(const char *err)
Definition tls_callbacks.cpp:422
Botan::TLS::Callbacks::tls_log_debug
virtual void tls_log_debug(const char *what)
Definition tls_callbacks.cpp:426
Botan::TLS::Callbacks::tls12_generate_ephemeral_ecdh_key
virtual std::unique_ptr< PK_Key_Agreement_Key > tls12_generate_ephemeral_ecdh_key(TLS::Group_Params group, RandomNumberGenerator &rng, EC_Point_Format tls12_ecc_pubkey_encoding_format)
Definition tls_callbacks.cpp:359
Botan::TLS::Callbacks::tls_server_choose_app_protocol
virtual std::string tls_server_choose_app_protocol(const std::vector< std::string > &client_protos)
Definition tls_callbacks.cpp:53
Botan::TLS::Callbacks::tls_parse_ocsp_response
virtual std::optional< OCSP::Response > tls_parse_ocsp_response(const std::vector< uint8_t > &raw_response)
Definition tls_callbacks.cpp:125
Botan::TLS::Callbacks::tls_examine_extensions
virtual void tls_examine_extensions(const Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
Definition tls_callbacks.cpp:69
Botan::TLS::Callbacks::tls_sign_message
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg)
Definition tls_callbacks.cpp:143
Botan::TLS::Callbacks::tls_session_established
virtual void tls_session_established(const Session_Summary &session)
Definition tls_callbacks.cpp:412
Botan::TLS::Callbacks::tls_verify_raw_public_key
virtual void tls_verify_raw_public_key(const Public_Key &raw_public_key, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
Definition tls_callbacks.cpp:115
Botan::TLS::Callbacks::tls12_protocol_specific_kdf
virtual std::unique_ptr< KDF > tls12_protocol_specific_kdf(std::string_view prf_algo) const
Definition tls_callbacks.cpp:440
Botan::TLS::Callbacks::tls_kem_encapsulate
virtual KEM_Encapsulation tls_kem_encapsulate(TLS::Group_Params group, const std::vector< uint8_t > &encoded_public_key, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:270
Botan::TLS::Callbacks::tls_should_persist_resumption_information
virtual bool tls_should_persist_resumption_information(const Session &session)
Definition tls_callbacks.cpp:73
Botan::TLS::Callbacks::tls_kem_generate_key
virtual std::unique_ptr< Private_Key > tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator &rng)
Definition tls_callbacks.cpp:248
Botan::TLS::Callbacks::tls_deserialize_peer_public_key
virtual std::unique_ptr< Public_Key > tls_deserialize_peer_public_key(const std::variant< TLS::Group_Params, DL_Group > &group, std::span< const uint8_t > key_bits)
Definition tls_callbacks.cpp:183
Botan::TLS::Callbacks::tls_ephemeral_key_agreement
virtual secure_vector< uint8_t > tls_ephemeral_key_agreement(const std::variant< TLS::Group_Params, DL_Group > &group, const PK_Key_Agreement_Key &private_key, const std::vector< uint8_t > &public_value, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:378
Botan::TLS::Callbacks::tls_kem_decapsulate
virtual secure_vector< uint8_t > tls_kem_decapsulate(TLS::Group_Params group, const Private_Key &private_key, const std::vector< uint8_t > &encapsulated_bytes, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:304
Botan::TLS::Callbacks::tls_current_timestamp
virtual std::chrono::system_clock::time_point tls_current_timestamp()
Definition tls_callbacks.cpp:61
Botan::TLS::Callbacks::tls_generate_ephemeral_key
virtual std::unique_ptr< PK_Key_Agreement_Key > tls_generate_ephemeral_key(const std::variant< TLS::Group_Params, DL_Group > &group, RandomNumberGenerator &rng)
Definition tls_callbacks.cpp:325
Botan::TLS::Callbacks::tls_verify_cert_chain
virtual void tls_verify_cert_chain(const std::vector< X509_Certificate > &cert_chain, const std::vector< std::optional< OCSP::Response > > &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
Definition tls_callbacks.cpp:88
Botan::TLS::Callbacks::tls_ssl_key_log_data
virtual void tls_ssl_key_log_data(std::string_view label, std::span< const uint8_t > client_random, std::span< const uint8_t > secret) const
Definition tls_callbacks.cpp:434
Botan::TLS::Callbacks::tls_verify_message
virtual bool tls_verify_message(const Public_Key &key, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
Definition tls_callbacks.cpp:153
Botan::TLS::Callbacks::tls_inspect_handshake_msg
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
Definition tls_callbacks.cpp:49
Botan::TLS::Certificate_Status_Request
Definition tls_extensions.h:343
Botan::TLS::Group_Params
Definition tls_algos.h:137
Botan::TLS::Group_Params::is_pqc_hybrid
constexpr bool is_pqc_hybrid() const
Definition tls_algos.h:234
Botan::TLS::Group_Params::is_kem
constexpr bool is_kem() const
Definition tls_algos.h:236
Botan::TLS::Group_Params::is_pure_frodokem
constexpr bool is_pure_frodokem() const
Definition tls_algos.h:195
Botan::TLS::Group_Params::to_string
std::optional< std::string > to_string() const
Definition tls_algos.cpp:325
Botan::TLS::Group_Params::is_pure_ml_kem
constexpr bool is_pure_ml_kem() const
Definition tls_algos.h:190
Botan::TLS::Handshake_Message
Definition tls_handshake_msg.h:24
Botan::TLS::Hybrid_KEM_PrivateKey::generate_from_group
static std::unique_ptr< Hybrid_KEM_PrivateKey > generate_from_group(Group_Params group, RandomNumberGenerator &rng)
Definition hybrid_public_key.cpp:312
Botan::TLS::Hybrid_KEM_PublicKey::load_for_group
static std::unique_ptr< Hybrid_KEM_PublicKey > load_for_group(Group_Params group, std::span< const uint8_t > concatenated_public_values)
Definition hybrid_public_key.cpp:238
Botan::TLS::Policy::check_peer_key_acceptable
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
Definition tls_policy.cpp:277
Botan::TLS::Policy::require_cert_revocation_info
virtual bool require_cert_revocation_info() const
Definition tls_policy.cpp:262
Botan::TLS::Policy::minimum_signature_strength
virtual size_t minimum_signature_strength() const
Definition tls_policy.cpp:258
Botan::TLS::Protocol_Version::is_pre_tls_13
bool is_pre_tls_13() const
Definition tls_version.cpp:58
Botan::TLS::Session_Base::version
Protocol_Version version() const
Definition tls_session.h:75
Botan::TLS::Session_Summary
Definition tls_session.h:149
Botan::TLS::Session::lifetime_hint
std::chrono::seconds lifetime_hint() const
Definition tls_session.h:365
Botan::TLS::TLS_Exception
Definition tls_exceptn.h:19
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::ML_KEM_Mode
KyberMode ML_KEM_Mode
Definition ml_kem.h:21
Botan::x509_path_validate
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
Definition x509path.cpp:868
Botan::Signature_Format
Signature_Format
Definition pk_keys.h:32
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Generated by doxygen 1.15.0