Botan 3.10.0
Crypto and TLS for C&
tls_callbacks.cpp
Go to the documentation of this file.
1/*
2* TLS Callbacks
3* (C) 2016 Jack Lloyd
4* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6* 2023 René Meusel - Rohde & Schwarz Cybersecurity
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#include <botan/tls_callbacks.h>
12
13#include <botan/dh.h>
14#include <botan/dl_group.h>
15#include <botan/ecdh.h>
16#include <botan/ocsp.h>
17#include <botan/pk_algs.h>
18#include <botan/tls_algos.h>
19#include <botan/tls_exceptn.h>
20#include <botan/tls_policy.h>
21#include <botan/x509path.h>
22#include <botan/internal/stl_util.h>
23
24#if defined(BOTAN_HAS_X25519)
25 #include <botan/x25519.h>
26#endif
27
28#if defined(BOTAN_HAS_X448)
29 #include <botan/x448.h>
30#endif
31
32#if defined(BOTAN_HAS_ML_KEM)
33 #include <botan/ml_kem.h>
34#endif
35
36#if defined(BOTAN_HAS_FRODOKEM)
37 #include <botan/frodokem.h>
38#endif
39
40#if defined(BOTAN_HAS_TLS_13_PQC)
41 #include <botan/internal/hybrid_public_key.h>
42#endif
43
44namespace Botan {
45
46void TLS::Callbacks::tls_inspect_handshake_msg(const Handshake_Message& /*unused*/) {
47 // default is no op
48}
49
50std::string TLS::Callbacks::tls_server_choose_app_protocol(const std::vector<std::string>& /*unused*/) {
51 return "";
52}
53
54std::string TLS::Callbacks::tls_peer_network_identity() {
55 return "";
56}
57
58std::chrono::system_clock::time_point TLS::Callbacks::tls_current_timestamp() {
59 return std::chrono::system_clock::now();
60}
61
62void TLS::Callbacks::tls_modify_extensions(Extensions& /*unused*/,
63 Connection_Side /*unused*/,
64 Handshake_Type /*unused*/) {}
65
66void TLS::Callbacks::tls_examine_extensions(const Extensions& /*unused*/,
67 Connection_Side /*unused*/,
68 Handshake_Type /*unused*/) {}
69
70bool TLS::Callbacks::tls_should_persist_resumption_information(const Session& session) {
71 // RFC 5077 3.3
72 // The ticket_lifetime_hint field contains a hint from the server about
73 // how long the ticket should be stored. A value of zero is reserved to
74 // indicate that the lifetime of the ticket is unspecified.
75 //
76 // RFC 8446 4.6.1
77 // [A ticket_lifetime] of zero indicates that the ticket should be discarded
78 // immediately.
79 //
80 // By default we opt to keep all sessions, except for TLS 1.3 with a lifetime
81 // hint of zero.
82 return session.lifetime_hint().count() > 0 || session.version().is_pre_tls_13();
83}
84
85void TLS::Callbacks::tls_verify_cert_chain(const std::vector<X509_Certificate>& cert_chain,
86 const std::vector<std::optional<OCSP::Response>>& ocsp_responses,
87 const std::vector<Certificate_Store*>& trusted_roots,
88 Usage_Type usage,
89 std::string_view hostname,
90 const TLS::Policy& policy) {
91 if(cert_chain.empty()) {
92 throw Invalid_Argument("Certificate chain was empty");
93 }
94
95 Path_Validation_Restrictions restrictions(policy.require_cert_revocation_info(),
96 policy.minimum_signature_strength());
97
98 Path_Validation_Result result = x509_path_validate(cert_chain,
99 restrictions,
100 trusted_roots,
101 hostname,
102 usage,
103 tls_current_timestamp(),
104 tls_verify_cert_chain_ocsp_timeout(),
105 ocsp_responses);
106
107 if(!result.successful_validation()) {
108 throw TLS_Exception(Alert::BadCertificate, "Certificate validation failure: " + result.result_string());
109 }
110}
111
112void TLS::Callbacks::tls_verify_raw_public_key(const Public_Key& raw_public_key,
113 Usage_Type usage,
114 std::string_view hostname,
115 const TLS::Policy& policy) {
116 BOTAN_UNUSED(raw_public_key, usage, hostname, policy);
117 // There is no good default implementation for authenticating raw public key.
118 // Applications that wish to use them for authentication, must override this.
119 throw TLS_Exception(Alert::CertificateUnknown, "Application did not provide a means to validate the raw public key");
120}
121
122std::optional<OCSP::Response> TLS::Callbacks::tls_parse_ocsp_response(const std::vector<uint8_t>& raw_response) {
123 try {
124 return OCSP::Response(raw_response);
125 } catch(const Decoding_Error&) {
126 // ignore parsing errors and just ignore the broken OCSP response
127 return std::nullopt;
128 }
129}
130
131std::vector<std::vector<uint8_t>> TLS::Callbacks::tls_provide_cert_chain_status(
132 const std::vector<X509_Certificate>& chain, const Certificate_Status_Request& csr) {
133 std::vector<std::vector<uint8_t>> result(chain.size());
134 if(!chain.empty()) {
135 result[0] = tls_provide_cert_status(chain, csr);
136 }
137 return result;
138}
139
140std::vector<uint8_t> TLS::Callbacks::tls_sign_message(const Private_Key& key,
141 RandomNumberGenerator& rng,
142 std::string_view padding,
143 Signature_Format format,
144 const std::vector<uint8_t>& msg) {
145 PK_Signer signer(key, rng, padding, format);
146
147 return signer.sign_message(msg, rng);
148}
149
150bool TLS::Callbacks::tls_verify_message(const Public_Key& key,
151 std::string_view padding,
152 Signature_Format format,
153 const std::vector<uint8_t>& msg,
154 const std::vector<uint8_t>& sig) {
155 PK_Verifier verifier(key, padding, format);
156
157 return verifier.verify_message(msg, sig);
158}
159
160namespace {
161
162bool is_dh_group(const std::variant<TLS::Group_Params, DL_Group>& group) {
163 return std::holds_alternative<DL_Group>(group) || std::get<TLS::Group_Params>(group).is_dh_named_group();
164}
165
166DL_Group get_dl_group(const std::variant<TLS::Group_Params, DL_Group>& group) {
167 BOTAN_ASSERT_NOMSG(is_dh_group(group));
168
169 // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of
170 // a standardized DH group identifier. TLS 1.3 just offers pre-defined
171 // groups.
172 return std::visit(
173 overloaded{[](const DL_Group& dl_group) { return dl_group; },
174 [&](TLS::Group_Params group_param) { return DL_Group::from_name(group_param.to_string().value()); }},
175 group);
176}
177
178} // namespace
179
180std::unique_ptr<Public_Key> TLS::Callbacks::tls_deserialize_peer_public_key(
181 const std::variant<TLS::Group_Params, DL_Group>& group, std::span<const uint8_t> key_bits) {
182 if(is_dh_group(group)) {
183 // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of
184 // a standardized DH group identifier.
185 const auto dl_group = get_dl_group(group);
186
187 auto Y = BigInt::from_bytes(key_bits);
188
189 /*
190 * A basic check for key validity. As we do not know q here we
191 * cannot check that Y is in the right subgroup. However since
192 * our key is ephemeral there does not seem to be any
193 * advantage to bogus keys anyway.
194 */
195 if(Y <= 1 || Y >= dl_group.get_p() - 1) {
196 throw Decoding_Error("Server sent bad DH key for DHE exchange");
197 }
198
199 return std::make_unique<DH_PublicKey>(dl_group, Y);
200 }
201
202 // The special case for TLS 1.2 with an explicit DH group definition is
203 // handled above. All other cases are based on the opaque group definition.
204 BOTAN_ASSERT_NOMSG(std::holds_alternative<TLS::Group_Params>(group));
205 const auto group_params = std::get<TLS::Group_Params>(group);
206
207 if(group_params.is_ecdh_named_curve()) {
208 const auto ec_group = EC_Group::from_name(group_params.to_string().value());
209 return std::make_unique<ECDH_PublicKey>(ec_group, EC_AffinePoint(ec_group, key_bits));
210 }
211
212#if defined(BOTAN_HAS_X25519)
213 if(group_params.is_x25519()) {
214 return std::make_unique<X25519_PublicKey>(key_bits);
215 }
216#endif
217
218#if defined(BOTAN_HAS_X448)
219 if(group_params.is_x448()) {
220 return std::make_unique<X448_PublicKey>(key_bits);
221 }
222#endif
223
224#if defined(BOTAN_HAS_TLS_13_PQC)
225 if(group_params.is_pqc_hybrid()) {
226 return Hybrid_KEM_PublicKey::load_for_group(group_params, key_bits);
227 }
228#endif
229
230#if defined(BOTAN_HAS_ML_KEM)
231 if(group_params.is_pure_ml_kem()) {
232 return std::make_unique<ML_KEM_PublicKey>(key_bits, ML_KEM_Mode(group_params.to_string().value()));
233 }
234#endif
235
236#if defined(BOTAN_HAS_FRODOKEM)
237 if(group_params.is_pure_frodokem()) {
238 return std::make_unique<FrodoKEM_PublicKey>(key_bits, FrodoKEMMode(group_params.to_string().value()));
239 }
240#endif
241
242 throw Decoding_Error("cannot create a key offering without a group definition");
243}
244
245std::unique_ptr<Private_Key> TLS::Callbacks::tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator& rng) {
246#if defined(BOTAN_HAS_ML_KEM)
247 if(group.is_pure_ml_kem()) {
248 return std::make_unique<ML_KEM_PrivateKey>(rng, ML_KEM_Mode(group.to_string().value()));
249 }
250#endif
251
252#if defined(BOTAN_HAS_FRODOKEM)
253 if(group.is_pure_frodokem()) {
254 return std::make_unique<FrodoKEM_PrivateKey>(rng, FrodoKEMMode(group.to_string().value()));
255 }
256#endif
257
258#if defined(BOTAN_HAS_TLS_13_PQC)
259 if(group.is_pqc_hybrid()) {
260 return Hybrid_KEM_PrivateKey::generate_from_group(group, rng);
261 }
262#endif
263
264 return tls_generate_ephemeral_key(group, rng);
265}
266
267KEM_Encapsulation TLS::Callbacks::tls_kem_encapsulate(TLS::Group_Params group,
268 const std::vector<uint8_t>& encoded_public_key,
269 RandomNumberGenerator& rng,
270 const Policy& policy) {
271 if(group.is_kem()) {
272 auto kem_pub_key = [&] {
273 try {
274 return tls_deserialize_peer_public_key(group, encoded_public_key);
275 } catch(const Decoding_Error& ex) {
276 // This exception means that the public key was invalid. However,
277 // TLS' DecodeError would imply that a protocol message was invalid.
278 throw TLS_Exception(Alert::IllegalParameter, ex.what());
279 }
280 }();
281
282 BOTAN_ASSERT_NONNULL(kem_pub_key);
283 policy.check_peer_key_acceptable(*kem_pub_key);
284
285 try {
286 return PK_KEM_Encryptor(*kem_pub_key, "Raw").encrypt(rng);
287 } catch(const Invalid_Argument& ex) {
288 throw TLS_Exception(Alert::IllegalParameter, ex.what());
289 }
290 } else {
291 // TODO: We could use the KEX_to_KEM_Adapter to remove the case distinction
292 // of KEM and KEX. However, the workarounds in this adapter class
293 // should first be addressed.
294 auto ephemeral_keypair = tls_generate_ephemeral_key(group, rng);
295 BOTAN_ASSERT_NONNULL(ephemeral_keypair);
296 return {ephemeral_keypair->public_value(),
297 tls_ephemeral_key_agreement(group, *ephemeral_keypair, encoded_public_key, rng, policy)};
298 }
299}
300
301secure_vector<uint8_t> TLS::Callbacks::tls_kem_decapsulate(TLS::Group_Params group,
302 const Private_Key& private_key,
303 const std::vector<uint8_t>& encapsulated_bytes,
304 RandomNumberGenerator& rng,
305 const Policy& policy) {
306 if(group.is_kem()) {
307 PK_KEM_Decryptor kemdec(private_key, rng, "Raw");
308 if(encapsulated_bytes.size() != kemdec.encapsulated_key_length()) {
309 throw TLS_Exception(Alert::IllegalParameter, "Invalid encapsulated key length");
310 }
311 return kemdec.decrypt(encapsulated_bytes, 0, {});
312 }
313
314 try {
315 const auto& key_agreement_key = dynamic_cast<const PK_Key_Agreement_Key&>(private_key);
316 return tls_ephemeral_key_agreement(group, key_agreement_key, encapsulated_bytes, rng, policy);
317 } catch(const std::bad_cast&) {
318 throw Invalid_Argument("provided ephemeral key is not a PK_Key_Agreement_Key");
319 }
320}
321
322std::unique_ptr<PK_Key_Agreement_Key> TLS::Callbacks::tls_generate_ephemeral_key(
323 const std::variant<TLS::Group_Params, DL_Group>& group, RandomNumberGenerator& rng) {
324 if(is_dh_group(group)) {
325 const DL_Group dl_group = get_dl_group(group);
326 return std::make_unique<DH_PrivateKey>(rng, dl_group);
327 }
328
329 BOTAN_ASSERT_NOMSG(std::holds_alternative<TLS::Group_Params>(group));
330 const auto group_params = std::get<TLS::Group_Params>(group);
331
332 if(group_params.is_ecdh_named_curve()) {
333 const auto ec_group = EC_Group::from_name(group_params.to_string().value());
334 return std::make_unique<ECDH_PrivateKey>(rng, ec_group);
335 }
336
337#if defined(BOTAN_HAS_X25519)
338 if(group_params.is_x25519()) {
339 return std::make_unique<X25519_PrivateKey>(rng);
340 }
341#endif
342
343#if defined(BOTAN_HAS_X448)
344 if(group_params.is_x448()) {
345 return std::make_unique<X448_PrivateKey>(rng);
346 }
347#endif
348
349 if(group_params.is_kem()) {
350 throw TLS_Exception(Alert::IllegalParameter, "cannot generate an ephemeral KEX key for a KEM");
351 }
352
353 throw TLS_Exception(Alert::DecodeError, "cannot create a key offering without a group definition");
354}
355
356std::unique_ptr<PK_Key_Agreement_Key> TLS::Callbacks::tls12_generate_ephemeral_ecdh_key(
357 TLS::Group_Params group, RandomNumberGenerator& rng, EC_Point_Format tls12_ecc_pubkey_encoding_format) {
358 // Delegating to the "universal" callback to obtain an ECDH key pair
359 auto key = tls_generate_ephemeral_key(group, rng);
360
361 // For ordinary ECDH key pairs (that are derived from `ECDH_PublicKey`), we
362 // set the internal point encoding flag for the key before passing it on into
363 // the TLS 1.2 implementation. For user-defined keypair types (e.g. to
364 // offload to some crypto hardware) inheriting from Botan's `ECDH_PublicKey`
365 // might not be feasible. Such users should consider overriding this
366 // ECDH-specific callback and ensure that their custom class handles the
367 // public point encoding as requested by `tls12_ecc_pubkey_encoding_format`.
368 if(auto* ecc_key = dynamic_cast<ECDH_PublicKey*>(key.get())) {
369 ecc_key->set_point_encoding(tls12_ecc_pubkey_encoding_format);
370 }
371
372 return key;
373}
374
375secure_vector<uint8_t> TLS::Callbacks::tls_ephemeral_key_agreement(
376 const std::variant<TLS::Group_Params, DL_Group>& group,
377 const PK_Key_Agreement_Key& private_key,
378 const std::vector<uint8_t>& public_value,
379 RandomNumberGenerator& rng,
380 const Policy& policy) {
381 const auto kex_pub_key = [&]() {
382 try {
383 return tls_deserialize_peer_public_key(group, public_value);
384 } catch(const Decoding_Error& ex) {
385 // This exception means that the public key was invalid. However,
386 // TLS' DecodeError would imply that a protocol message was invalid.
387 throw TLS_Exception(Alert::IllegalParameter, ex.what());
388 }
389 }();
390
391 BOTAN_ASSERT_NONNULL(kex_pub_key);
392 policy.check_peer_key_acceptable(*kex_pub_key);
393
394 // RFC 8422 - 5.11.
395 // With X25519 and X448, a receiving party MUST check whether the
396 // computed premaster secret is the all-zero value and abort the
397 // handshake if so, as described in Section 6 of [RFC7748].
398 //
399 // This is done within the key agreement operation and throws
400 // an Invalid_Argument exception if the shared secret is all-zero.
401 try {
402 PK_Key_Agreement ka(private_key, rng, "Raw");
403 return ka.derive_key(0, kex_pub_key->raw_public_key_bits()).bits_of();
404 } catch(const Invalid_Argument& ex) {
405 throw TLS_Exception(Alert::IllegalParameter, ex.what());
406 }
407}
408
412
413std::vector<uint8_t> TLS::Callbacks::tls_provide_cert_status(const std::vector<X509_Certificate>& chain,
414 const Certificate_Status_Request& csr) {
415 BOTAN_UNUSED(chain, csr);
416 return std::vector<uint8_t>();
417}
418
419void TLS::Callbacks::tls_log_error(const char* err) {
420 BOTAN_UNUSED(err);
421}
422
423void TLS::Callbacks::tls_log_debug(const char* what) {
424 BOTAN_UNUSED(what);
425}
426
427void TLS::Callbacks::tls_log_debug_bin(const char* descr, const uint8_t val[], size_t val_len) {
428 BOTAN_UNUSED(descr, val, val_len);
429}
430
431void TLS::Callbacks::tls_ssl_key_log_data(std::string_view label,
432 std::span<const uint8_t> client_random,
433 std::span<const uint8_t> secret) const {
434 BOTAN_UNUSED(label, client_random, secret);
435}
436
437} // namespace Botan
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:87
Botan::DL_Group
Definition dl_group.h:46
Botan::DL_Group::from_name
static DL_Group from_name(std::string_view name)
Definition dl_group.cpp:217
Botan::Decoding_Error
Definition exceptn.h:191
Botan::ECDH_PublicKey
Definition ecdh.h:20
Botan::EC_AffinePoint
Definition ec_apoint.h:36
Botan::EC_Group::from_name
static EC_Group from_name(std::string_view name)
Definition ec_group.cpp:384
Botan::Exception::what
const char * what() const noexcept override
Definition exceptn.h:93
Botan::Invalid_Argument
Definition exceptn.h:131
Botan::KEM_Encapsulation
Definition pubkey.h:563
Botan::OctetString::bits_of
secure_vector< uint8_t > bits_of() const
Definition symkey.h:36
Botan::PK_KEM_Decryptor
Definition pubkey.h:739
Botan::PK_KEM_Decryptor::encapsulated_key_length
size_t encapsulated_key_length() const
Definition pubkey.cpp:187
Botan::PK_KEM_Decryptor::decrypt
void decrypt(std::span< uint8_t > out_shared_key, std::span< const uint8_t > encap_key, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
Definition pubkey.cpp:206
Botan::PK_KEM_Encryptor
Definition pubkey.h:600
Botan::PK_KEM_Encryptor::encrypt
KEM_Encapsulation encrypt(RandomNumberGenerator &rng, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
Definition pubkey.h:665
Botan::PK_Key_Agreement_Key
Definition pk_keys.h:415
Botan::PK_Key_Agreement
Definition pubkey.h:397
Botan::PK_Key_Agreement::derive_key
SymmetricKey derive_key(size_t key_len, std::span< const uint8_t > peer_key, std::span< const uint8_t > salt) const
Definition pubkey.cpp:247
Botan::PK_Signer
Definition pubkey.h:155
Botan::PK_Signer::sign_message
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:186
Botan::PK_Verifier
Definition pubkey.h:272
Botan::PK_Verifier::verify_message
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:413
Botan::Path_Validation_Restrictions
Definition x509path.h:34
Botan::Path_Validation_Result
Definition x509path.h:157
Botan::Path_Validation_Result::successful_validation
bool successful_validation() const
Definition x509path.cpp:1043
Botan::Path_Validation_Result::result_string
std::string result_string() const
Definition x509path.cpp:1061
Botan::Private_Key
Definition pk_keys.h:291
Botan::Public_Key
Definition pk_keys.h:148
Botan::TLS::Callbacks::tls_verify_cert_chain_ocsp_timeout
virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const
Definition tls_callbacks.h:261
Botan::TLS::Callbacks::tls_provide_cert_status
virtual std::vector< uint8_t > tls_provide_cert_status(const std::vector< X509_Certificate > &chain, const Certificate_Status_Request &csr)
Definition tls_callbacks.cpp:413
Botan::TLS::Callbacks::tls_peer_network_identity
virtual std::string tls_peer_network_identity()
Definition tls_callbacks.cpp:54
Botan::TLS::Callbacks::tls_modify_extensions
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
Definition tls_callbacks.cpp:62
Botan::TLS::Callbacks::tls_provide_cert_chain_status
virtual std::vector< std::vector< uint8_t > > tls_provide_cert_chain_status(const std::vector< X509_Certificate > &chain, const Certificate_Status_Request &csr)
Definition tls_callbacks.cpp:131
Botan::TLS::Callbacks::tls_log_debug_bin
virtual void tls_log_debug_bin(const char *descr, const uint8_t val[], size_t val_len)
Definition tls_callbacks.cpp:427
Botan::TLS::Callbacks::tls_log_error
virtual void tls_log_error(const char *err)
Definition tls_callbacks.cpp:419
Botan::TLS::Callbacks::tls_log_debug
virtual void tls_log_debug(const char *what)
Definition tls_callbacks.cpp:423
Botan::TLS::Callbacks::tls12_generate_ephemeral_ecdh_key
virtual std::unique_ptr< PK_Key_Agreement_Key > tls12_generate_ephemeral_ecdh_key(TLS::Group_Params group, RandomNumberGenerator &rng, EC_Point_Format tls12_ecc_pubkey_encoding_format)
Definition tls_callbacks.cpp:356
Botan::TLS::Callbacks::tls_server_choose_app_protocol
virtual std::string tls_server_choose_app_protocol(const std::vector< std::string > &client_protos)
Definition tls_callbacks.cpp:50
Botan::TLS::Callbacks::tls_parse_ocsp_response
virtual std::optional< OCSP::Response > tls_parse_ocsp_response(const std::vector< uint8_t > &raw_response)
Definition tls_callbacks.cpp:122
Botan::TLS::Callbacks::tls_examine_extensions
virtual void tls_examine_extensions(const Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
Definition tls_callbacks.cpp:66
Botan::TLS::Callbacks::tls_sign_message
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg)
Definition tls_callbacks.cpp:140
Botan::TLS::Callbacks::tls_session_established
virtual void tls_session_established(const Session_Summary &session)
Definition tls_callbacks.cpp:409
Botan::TLS::Callbacks::tls_verify_raw_public_key
virtual void tls_verify_raw_public_key(const Public_Key &raw_public_key, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
Definition tls_callbacks.cpp:112
Botan::TLS::Callbacks::tls_kem_encapsulate
virtual KEM_Encapsulation tls_kem_encapsulate(TLS::Group_Params group, const std::vector< uint8_t > &encoded_public_key, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:267
Botan::TLS::Callbacks::tls_should_persist_resumption_information
virtual bool tls_should_persist_resumption_information(const Session &session)
Definition tls_callbacks.cpp:70
Botan::TLS::Callbacks::tls_kem_generate_key
virtual std::unique_ptr< Private_Key > tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator &rng)
Definition tls_callbacks.cpp:245
Botan::TLS::Callbacks::tls_deserialize_peer_public_key
virtual std::unique_ptr< Public_Key > tls_deserialize_peer_public_key(const std::variant< TLS::Group_Params, DL_Group > &group, std::span< const uint8_t > key_bits)
Definition tls_callbacks.cpp:180
Botan::TLS::Callbacks::tls_ephemeral_key_agreement
virtual secure_vector< uint8_t > tls_ephemeral_key_agreement(const std::variant< TLS::Group_Params, DL_Group > &group, const PK_Key_Agreement_Key &private_key, const std::vector< uint8_t > &public_value, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:375
Botan::TLS::Callbacks::tls_kem_decapsulate
virtual secure_vector< uint8_t > tls_kem_decapsulate(TLS::Group_Params group, const Private_Key &private_key, const std::vector< uint8_t > &encapsulated_bytes, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:301
Botan::TLS::Callbacks::tls_current_timestamp
virtual std::chrono::system_clock::time_point tls_current_timestamp()
Definition tls_callbacks.cpp:58
Botan::TLS::Callbacks::tls_generate_ephemeral_key
virtual std::unique_ptr< PK_Key_Agreement_Key > tls_generate_ephemeral_key(const std::variant< TLS::Group_Params, DL_Group > &group, RandomNumberGenerator &rng)
Definition tls_callbacks.cpp:322
Botan::TLS::Callbacks::tls_verify_cert_chain
virtual void tls_verify_cert_chain(const std::vector< X509_Certificate > &cert_chain, const std::vector< std::optional< OCSP::Response > > &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
Definition tls_callbacks.cpp:85
Botan::TLS::Callbacks::tls_ssl_key_log_data
virtual void tls_ssl_key_log_data(std::string_view label, std::span< const uint8_t > client_random, std::span< const uint8_t > secret) const
Definition tls_callbacks.cpp:431
Botan::TLS::Callbacks::tls_verify_message
virtual bool tls_verify_message(const Public_Key &key, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
Definition tls_callbacks.cpp:150
Botan::TLS::Callbacks::tls_inspect_handshake_msg
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
Definition tls_callbacks.cpp:46
Botan::TLS::Certificate_Status_Request
Definition tls_extensions.h:497
Botan::TLS::Group_Params
Definition tls_algos.h:140
Botan::TLS::Group_Params::is_pqc_hybrid
constexpr bool is_pqc_hybrid() const
Definition tls_algos.h:237
Botan::TLS::Group_Params::is_kem
constexpr bool is_kem() const
Definition tls_algos.h:239
Botan::TLS::Group_Params::is_pure_frodokem
constexpr bool is_pure_frodokem() const
Definition tls_algos.h:198
Botan::TLS::Group_Params::to_string
std::optional< std::string > to_string() const
Definition tls_algos.cpp:325
Botan::TLS::Group_Params::is_pure_ml_kem
constexpr bool is_pure_ml_kem() const
Definition tls_algos.h:193
Botan::TLS::Handshake_Message
Definition tls_handshake_msg.h:24
Botan::TLS::Hybrid_KEM_PrivateKey::generate_from_group
static std::unique_ptr< Hybrid_KEM_PrivateKey > generate_from_group(Group_Params group, RandomNumberGenerator &rng)
Definition hybrid_public_key.cpp:308
Botan::TLS::Hybrid_KEM_PublicKey::load_for_group
static std::unique_ptr< Hybrid_KEM_PublicKey > load_for_group(Group_Params group, std::span< const uint8_t > concatenated_public_values)
Definition hybrid_public_key.cpp:234
Botan::TLS::Policy::check_peer_key_acceptable
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
Definition tls_policy.cpp:275
Botan::TLS::Policy::require_cert_revocation_info
virtual bool require_cert_revocation_info() const
Definition tls_policy.cpp:260
Botan::TLS::Policy::minimum_signature_strength
virtual size_t minimum_signature_strength() const
Definition tls_policy.cpp:256
Botan::TLS::Protocol_Version::is_pre_tls_13
bool is_pre_tls_13() const
Definition tls_version.cpp:40
Botan::TLS::Session_Base::version
Protocol_Version version() const
Definition tls_session.h:175
Botan::TLS::Session_Summary
Definition tls_session.h:249
Botan::TLS::Session::lifetime_hint
std::chrono::seconds lifetime_hint() const
Definition tls_session.h:465
Botan::TLS::TLS_Exception
Definition tls_exceptn.h:19
Botan::ML_KEM_Mode
KyberMode ML_KEM_Mode
Definition ml_kem.h:21
Botan::x509_path_validate
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
Definition x509path.cpp:879
Botan::Signature_Format
Signature_Format
Definition pk_keys.h:32
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69
Botan::Usage_Type
Usage_Type
Definition x509cert.h:22
Generated by doxygen 1.15.0