Botan 3.12.0
Crypto and TLS for C&
tls_callbacks.cpp
Go to the documentation of this file.
1/*
2* TLS Callbacks
3* (C) 2016 Jack Lloyd
4* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6* 2023 René Meusel - Rohde & Schwarz Cybersecurity
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#include <botan/tls_callbacks.h>
12
13#include <botan/dh.h>
14#include <botan/dl_group.h>
15#include <botan/ec_group.h>
16#include <botan/ecdh.h>
17#include <botan/ocsp.h>
18#include <botan/pk_algs.h>
19#include <botan/tls_algos.h>
20#include <botan/tls_exceptn.h>
21#include <botan/tls_policy.h>
22#include <botan/tls_session.h>
23#include <botan/x509path.h>
24#include <botan/internal/fmt.h>
25#include <botan/internal/stl_util.h>
26
27#if defined(BOTAN_HAS_X25519)
28 #include <botan/x25519.h>
29#endif
30
31#if defined(BOTAN_HAS_X448)
32 #include <botan/x448.h>
33#endif
34
35#if defined(BOTAN_HAS_ML_KEM)
36 #include <botan/ml_kem.h>
37#endif
38
39#if defined(BOTAN_HAS_FRODOKEM)
40 #include <botan/frodokem.h>
41#endif
42
43#if defined(BOTAN_HAS_TLS_13_PQC)
44 #include <botan/internal/hybrid_public_key.h>
45#endif
46
47namespace Botan {
48
49void TLS::Callbacks::tls_inspect_handshake_msg(const Handshake_Message& /*unused*/) {
50 // default is no op
51}
52
53std::string TLS::Callbacks::tls_server_choose_app_protocol(const std::vector<std::string>& /*unused*/) {
54 return "";
55}
56
57std::string TLS::Callbacks::tls_peer_network_identity() {
58 return "";
59}
60
61std::chrono::system_clock::time_point TLS::Callbacks::tls_current_timestamp() {
62 return std::chrono::system_clock::now();
63}
64
65void TLS::Callbacks::tls_modify_extensions(Extensions& /*unused*/,
66 Connection_Side /*unused*/,
67 Handshake_Type /*unused*/) {}
68
69void TLS::Callbacks::tls_examine_extensions(const Extensions& /*unused*/,
70 Connection_Side /*unused*/,
71 Handshake_Type /*unused*/) {}
72
73bool TLS::Callbacks::tls_should_persist_resumption_information(const Session& session) {
74 // RFC 5077 3.3
75 // The ticket_lifetime_hint field contains a hint from the server about
76 // how long the ticket should be stored. A value of zero is reserved to
77 // indicate that the lifetime of the ticket is unspecified.
78 //
79 // RFC 8446 4.6.1
80 // [A ticket_lifetime] of zero indicates that the ticket should be discarded
81 // immediately.
82 //
83 // By default we opt to keep all sessions, except for TLS 1.3 with a lifetime
84 // hint of zero.
85 return session.lifetime_hint().count() > 0 || session.version().is_pre_tls_13();
86}
87
88void TLS::Callbacks::tls_verify_cert_chain(const std::vector<X509_Certificate>& cert_chain,
89 const std::vector<std::optional<OCSP::Response>>& ocsp_responses,
90 const std::vector<Certificate_Store*>& trusted_roots,
91 Usage_Type usage,
92 std::string_view hostname,
93 const TLS::Policy& policy) {
94 if(cert_chain.empty()) {
95 throw Invalid_Argument("Certificate chain was empty");
96 }
97
98 const Path_Validation_Restrictions restrictions(policy.require_cert_revocation_info(),
99 policy.minimum_signature_strength());
100
101 /*
102 Hostname is always provided in order to allow host-specific logic if required,
103 but it should not be passed to x509_path_validate unless we are verifying
104 the server.
105 */
106 const std::string_view name_to_match = (usage == Usage_Type::TLS_CLIENT_AUTH) ? std::string_view{} : hostname;
107
108 const Path_Validation_Result result = x509_path_validate(cert_chain,
109 restrictions,
110 trusted_roots,
111 name_to_match,
112 usage,
113 tls_current_timestamp(),
114 tls_verify_cert_chain_ocsp_timeout(),
115 ocsp_responses);
116
117 if(!result.successful_validation()) {
118 throw TLS_Exception(Alert::BadCertificate, "Certificate validation failure: " + result.result_string());
119 }
120}
121
122void TLS::Callbacks::tls_verify_raw_public_key(const Public_Key& raw_public_key,
123 Usage_Type usage,
124 std::string_view hostname,
125 const TLS::Policy& policy) {
126 BOTAN_UNUSED(raw_public_key, usage, hostname, policy);
127 // There is no good default implementation for authenticating raw public key.
128 // Applications that wish to use them for authentication, must override this.
129 throw TLS_Exception(Alert::CertificateUnknown, "Application did not provide a means to validate the raw public key");
130}
131
132std::optional<OCSP::Response> TLS::Callbacks::tls_parse_ocsp_response(const std::vector<uint8_t>& raw_response) {
133 try {
134 return OCSP::Response(raw_response);
135 } catch(const Decoding_Error&) {
136 // ignore parsing errors and just ignore the broken OCSP response
137 return std::nullopt;
138 }
139}
140
141std::vector<std::vector<uint8_t>> TLS::Callbacks::tls_provide_cert_chain_status(
142 const std::vector<X509_Certificate>& chain, const Certificate_Status_Request& csr) {
143 std::vector<std::vector<uint8_t>> result(chain.size());
144 if(!chain.empty()) {
145 result[0] = tls_provide_cert_status(chain, csr);
146 }
147 return result;
148}
149
150std::vector<uint8_t> TLS::Callbacks::tls_sign_message(const Private_Key& key,
151 RandomNumberGenerator& rng,
152 std::string_view padding,
153 Signature_Format format,
154 const std::vector<uint8_t>& msg) {
155 PK_Signer signer(key, rng, padding, format);
156
157 return signer.sign_message(msg, rng);
158}
159
160bool TLS::Callbacks::tls_verify_message(const Public_Key& key,
161 std::string_view padding,
162 Signature_Format format,
163 const std::vector<uint8_t>& msg,
164 const std::vector<uint8_t>& sig) {
165 PK_Verifier verifier(key, padding, format);
166
167 return verifier.verify_message(msg, sig);
168}
169
170namespace {
171
172bool is_dh_group(const std::variant<TLS::Group_Params, DL_Group>& group) {
173 return std::holds_alternative<DL_Group>(group) || std::get<TLS::Group_Params>(group).is_dh_named_group();
174}
175
176DL_Group get_dl_group(const std::variant<TLS::Group_Params, DL_Group>& group) {
177 BOTAN_ASSERT_NOMSG(is_dh_group(group));
178
179 // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of
180 // a standardized DH group identifier. TLS 1.3 just offers pre-defined
181 // groups.
182 return std::visit(
183 overloaded{[](const DL_Group& dl_group) { return dl_group; },
184 [&](TLS::Group_Params group_param) { return DL_Group::from_name(group_param.to_string().value()); }},
185 group);
186}
187
188} // namespace
189
190std::unique_ptr<Public_Key> TLS::Callbacks::tls_deserialize_peer_public_key(
191 const std::variant<TLS::Group_Params, DL_Group>& group, std::span<const uint8_t> key_bits) {
192 if(is_dh_group(group)) {
193 // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of
194 // a standardized DH group identifier.
195 const auto dl_group = get_dl_group(group);
196
197 auto Y = BigInt::from_bytes(key_bits);
198
199 /*
200 * A basic check for key validity. As we do not know q here we
201 * cannot check that Y is in the right subgroup. However since
202 * our key is ephemeral there does not seem to be any
203 * advantage to bogus keys anyway.
204 */
205 if(Y <= 1 || Y >= dl_group.get_p() - 1) {
206 throw Decoding_Error("Server sent bad DH key for DHE exchange");
207 }
208
209 return std::make_unique<DH_PublicKey>(dl_group, Y);
210 }
211
212 // The special case for TLS 1.2 with an explicit DH group definition is
213 // handled above. All other cases are based on the opaque group definition.
214 BOTAN_ASSERT_NOMSG(std::holds_alternative<TLS::Group_Params>(group));
215 const auto group_params = std::get<TLS::Group_Params>(group);
216
217 if(group_params.is_ecdh_named_curve()) {
218 const auto ec_group = EC_Group::from_name(group_params.to_string().value());
219 return std::make_unique<ECDH_PublicKey>(ec_group, EC_AffinePoint(ec_group, key_bits));
220 }
221
222#if defined(BOTAN_HAS_X25519)
223 if(group_params.is_x25519()) {
224 return std::make_unique<X25519_PublicKey>(key_bits);
225 }
226#endif
227
228#if defined(BOTAN_HAS_X448)
229 if(group_params.is_x448()) {
230 return std::make_unique<X448_PublicKey>(key_bits);
231 }
232#endif
233
234#if defined(BOTAN_HAS_TLS_13_PQC)
235 if(group_params.is_pqc_hybrid()) {
236 return Hybrid_KEM_PublicKey::load_for_group(group_params, key_bits);
237 }
238#endif
239
240#if defined(BOTAN_HAS_ML_KEM)
241 if(group_params.is_pure_ml_kem()) {
242 return std::make_unique<ML_KEM_PublicKey>(key_bits, ML_KEM_Mode(group_params.to_string().value()));
243 }
244#endif
245
246#if defined(BOTAN_HAS_FRODOKEM)
247 if(group_params.is_pure_frodokem()) {
248 return std::make_unique<FrodoKEM_PublicKey>(key_bits, FrodoKEMMode(group_params.to_string().value()));
249 }
250#endif
251
252 throw Decoding_Error("cannot create a key offering without a group definition");
253}
254
255std::unique_ptr<Private_Key> TLS::Callbacks::tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator& rng) {
256#if defined(BOTAN_HAS_ML_KEM)
257 if(group.is_pure_ml_kem()) {
258 return std::make_unique<ML_KEM_PrivateKey>(rng, ML_KEM_Mode(group.to_string().value()));
259 }
260#endif
261
262#if defined(BOTAN_HAS_FRODOKEM)
263 if(group.is_pure_frodokem()) {
264 return std::make_unique<FrodoKEM_PrivateKey>(rng, FrodoKEMMode(group.to_string().value()));
265 }
266#endif
267
268#if defined(BOTAN_HAS_TLS_13_PQC)
269 if(group.is_pqc_hybrid()) {
270 return Hybrid_KEM_PrivateKey::generate_from_group(group, rng);
271 }
272#endif
273
274 return tls_generate_ephemeral_key(group, rng);
275}
276
277KEM_Encapsulation TLS::Callbacks::tls_kem_encapsulate(TLS::Group_Params group,
278 const std::vector<uint8_t>& encoded_public_key,
279 RandomNumberGenerator& rng,
280 const Policy& policy) {
281 if(group.is_kem()) {
282 auto kem_pub_key = [&] {
283 try {
284 return tls_deserialize_peer_public_key(group, encoded_public_key);
285 } catch(const Decoding_Error& ex) {
286 // This exception means that the public key was invalid. However,
287 // TLS' DecodeError would imply that a protocol message was invalid.
288 throw TLS_Exception(Alert::IllegalParameter, ex.what());
289 } catch(const Invalid_Argument& ex) {
290 throw TLS_Exception(Alert::IllegalParameter, ex.what());
291 }
292 }();
293
294 BOTAN_ASSERT_NONNULL(kem_pub_key);
295 policy.check_peer_key_acceptable(*kem_pub_key);
296
297 try {
298 return PK_KEM_Encryptor(*kem_pub_key, "Raw").encrypt(rng);
299 } catch(const Decoding_Error& ex) {
300 throw TLS_Exception(Alert::IllegalParameter, ex.what());
301 } catch(const Invalid_Argument& ex) {
302 throw TLS_Exception(Alert::IllegalParameter, ex.what());
303 }
304 } else {
305 // TODO: We could use the KEX_to_KEM_Adapter to remove the case distinction
306 // of KEM and KEX. However, the workarounds in this adapter class
307 // should first be addressed.
308 auto ephemeral_keypair = tls_generate_ephemeral_key(group, rng);
309 BOTAN_ASSERT_NONNULL(ephemeral_keypair);
310 return {ephemeral_keypair->public_value(),
311 tls_ephemeral_key_agreement(group, *ephemeral_keypair, encoded_public_key, rng, policy)};
312 }
313}
314
315secure_vector<uint8_t> TLS::Callbacks::tls_kem_decapsulate(TLS::Group_Params group,
316 const Private_Key& private_key,
317 const std::vector<uint8_t>& encapsulated_bytes,
318 RandomNumberGenerator& rng,
319 const Policy& policy) {
320 if(group.is_kem()) {
321 PK_KEM_Decryptor kemdec(private_key, rng, "Raw");
322 if(encapsulated_bytes.size() != kemdec.encapsulated_key_length()) {
323 throw TLS_Exception(Alert::IllegalParameter, "Invalid encapsulated key length");
324 }
325 try {
326 return kemdec.decrypt(encapsulated_bytes, 0, {});
327 } catch(const Decoding_Error& ex) {
328 throw TLS_Exception(Alert::IllegalParameter, ex.what());
329 } catch(const Invalid_Argument& ex) {
330 throw TLS_Exception(Alert::IllegalParameter, ex.what());
331 }
332 }
333
334 try {
335 const auto& key_agreement_key = dynamic_cast<const PK_Key_Agreement_Key&>(private_key);
336 return tls_ephemeral_key_agreement(group, key_agreement_key, encapsulated_bytes, rng, policy);
337 } catch(const std::bad_cast&) {
338 throw Invalid_Argument("provided ephemeral key is not a PK_Key_Agreement_Key");
339 }
340}
341
342std::unique_ptr<PK_Key_Agreement_Key> TLS::Callbacks::tls_generate_ephemeral_key(
343 const std::variant<TLS::Group_Params, DL_Group>& group, RandomNumberGenerator& rng) {
344 if(is_dh_group(group)) {
345 const DL_Group dl_group = get_dl_group(group);
346 return std::make_unique<DH_PrivateKey>(rng, dl_group);
347 }
348
349 BOTAN_ASSERT_NOMSG(std::holds_alternative<TLS::Group_Params>(group));
350 const auto group_params = std::get<TLS::Group_Params>(group);
351
352 if(group_params.is_ecdh_named_curve()) {
353 const auto ec_group = EC_Group::from_name(group_params.to_string().value());
354 return std::make_unique<ECDH_PrivateKey>(rng, ec_group);
355 }
356
357#if defined(BOTAN_HAS_X25519)
358 if(group_params.is_x25519()) {
359 return std::make_unique<X25519_PrivateKey>(rng);
360 }
361#endif
362
363#if defined(BOTAN_HAS_X448)
364 if(group_params.is_x448()) {
365 return std::make_unique<X448_PrivateKey>(rng);
366 }
367#endif
368
369 if(group_params.is_kem()) {
370 throw TLS_Exception(Alert::IllegalParameter, "cannot generate an ephemeral KEX key for a KEM");
371 }
372
373 throw TLS_Exception(Alert::DecodeError, "cannot create a key offering without a group definition");
374}
375
376std::unique_ptr<PK_Key_Agreement_Key> TLS::Callbacks::tls12_generate_ephemeral_ecdh_key(
377 TLS::Group_Params group, RandomNumberGenerator& rng, EC_Point_Format tls12_ecc_pubkey_encoding_format) {
378 // Delegating to the "universal" callback to obtain an ECDH key pair
379 auto key = tls_generate_ephemeral_key(group, rng);
380
381 // For ordinary ECDH key pairs (that are derived from `ECDH_PublicKey`), we
382 // set the internal point encoding flag for the key before passing it on into
383 // the TLS 1.2 implementation. For user-defined keypair types (e.g. to
384 // offload to some crypto hardware) inheriting from Botan's `ECDH_PublicKey`
385 // might not be feasible. Such users should consider overriding this
386 // ECDH-specific callback and ensure that their custom class handles the
387 // public point encoding as requested by `tls12_ecc_pubkey_encoding_format`.
388 if(auto* ecc_key = dynamic_cast<ECDH_PublicKey*>(key.get())) {
389 ecc_key->set_point_encoding(tls12_ecc_pubkey_encoding_format);
390 }
391
392 return key;
393}
394
395secure_vector<uint8_t> TLS::Callbacks::tls_ephemeral_key_agreement(
396 const std::variant<TLS::Group_Params, DL_Group>& group,
397 const PK_Key_Agreement_Key& private_key,
398 const std::vector<uint8_t>& public_value,
399 RandomNumberGenerator& rng,
400 const Policy& policy) {
401 const auto kex_pub_key = [&]() {
402 try {
403 return tls_deserialize_peer_public_key(group, public_value);
404 } catch(const Decoding_Error& ex) {
405 // This exception means that the public key was invalid. However,
406 // TLS' DecodeError would imply that a protocol message was invalid.
407 throw TLS_Exception(Alert::IllegalParameter, ex.what());
408 } catch(const Invalid_Argument& ex) {
409 throw TLS_Exception(Alert::IllegalParameter, ex.what());
410 }
411 }();
412
413 BOTAN_ASSERT_NONNULL(kex_pub_key);
414 policy.check_peer_key_acceptable(*kex_pub_key);
415
416 // RFC 8422 - 5.11.
417 // With X25519 and X448, a receiving party MUST check whether the
418 // computed premaster secret is the all-zero value and abort the
419 // handshake if so, as described in Section 6 of [RFC7748].
420 //
421 // This is done within the key agreement operation and throws
422 // an Invalid_Argument exception if the shared secret is all-zero.
423 try {
424 const PK_Key_Agreement ka(private_key, rng, "Raw");
425 return ka.derive_key(0, kex_pub_key->raw_public_key_bits()).bits_of();
426 } catch(const Invalid_Argument& ex) {
427 throw TLS_Exception(Alert::IllegalParameter, ex.what());
428 }
429}
430
434
435std::vector<uint8_t> TLS::Callbacks::tls_provide_cert_status(const std::vector<X509_Certificate>& chain,
436 const Certificate_Status_Request& csr) {
437 BOTAN_UNUSED(chain, csr);
438 return std::vector<uint8_t>();
439}
440
441void TLS::Callbacks::tls_log_error(const char* err) {
442 BOTAN_UNUSED(err);
443}
444
445void TLS::Callbacks::tls_log_debug(const char* what) {
446 BOTAN_UNUSED(what);
447}
448
449void TLS::Callbacks::tls_log_debug_bin(const char* descr, const uint8_t val[], size_t val_len) {
450 BOTAN_UNUSED(descr, val, val_len);
451}
452
453void TLS::Callbacks::tls_ssl_key_log_data(std::string_view label,
454 std::span<const uint8_t> client_random,
455 std::span<const uint8_t> secret) const {
456 BOTAN_UNUSED(label, client_random, secret);
457}
458
459std::unique_ptr<KDF> TLS::Callbacks::tls12_protocol_specific_kdf(std::string_view prf_algo) const {
460 if(prf_algo == "MD5" || prf_algo == "SHA-1") {
461 return KDF::create_or_throw("TLS-12-PRF(SHA-256)");
462 }
463
464 return KDF::create_or_throw(Botan::fmt("TLS-12-PRF({})", prf_algo));
465}
466
467} // namespace Botan
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:83
Botan::DL_Group
Definition dl_group.h:46
Botan::DL_Group::from_name
static DL_Group from_name(std::string_view name)
Definition dl_group.cpp:262
Botan::Decoding_Error
Definition exceptn.h:192
Botan::ECDH_PublicKey
Definition ecdh.h:20
Botan::EC_AffinePoint
Definition ec_apoint.h:36
Botan::EC_Group::from_name
static EC_Group from_name(std::string_view name)
Definition ec_group.cpp:468
Botan::Exception::what
const char * what() const noexcept override
Definition exceptn.h:94
Botan::Invalid_Argument
Definition exceptn.h:132
Botan::KDF::create_or_throw
static std::unique_ptr< KDF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition kdf.cpp:204
Botan::KEM_Encapsulation
Definition pubkey.h:562
Botan::OctetString::bits_of
secure_vector< uint8_t > bits_of() const
Definition symkey.h:36
Botan::PK_KEM_Decryptor
Definition pubkey.h:738
Botan::PK_KEM_Decryptor::encapsulated_key_length
size_t encapsulated_key_length() const
Definition pubkey.cpp:185
Botan::PK_KEM_Decryptor::decrypt
void decrypt(std::span< uint8_t > out_shared_key, std::span< const uint8_t > encap_key, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
Definition pubkey.cpp:204
Botan::PK_KEM_Encryptor
Definition pubkey.h:599
Botan::PK_KEM_Encryptor::encrypt
KEM_Encapsulation encrypt(RandomNumberGenerator &rng, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
Definition pubkey.h:664
Botan::PK_Key_Agreement_Key
Definition pk_keys.h:425
Botan::PK_Key_Agreement
Definition pubkey.h:396
Botan::PK_Key_Agreement::derive_key
SymmetricKey derive_key(size_t key_len, std::span< const uint8_t > peer_key, std::span< const uint8_t > salt) const
Definition pubkey.cpp:245
Botan::PK_Signer
Definition pubkey.h:154
Botan::PK_Signer::sign_message
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:185
Botan::PK_Verifier
Definition pubkey.h:271
Botan::PK_Verifier::verify_message
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:411
Botan::Path_Validation_Restrictions
Definition x509path.h:33
Botan::Path_Validation_Result
Definition x509path.h:175
Botan::Path_Validation_Result::successful_validation
bool successful_validation() const
Definition x509path.cpp:1146
Botan::Path_Validation_Result::result_string
std::string result_string() const
Definition x509path.cpp:1164
Botan::Private_Key
Definition pk_keys.h:301
Botan::Public_Key
Definition pk_keys.h:155
Botan::TLS::Callbacks::tls_verify_cert_chain_ocsp_timeout
virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const
Definition tls_callbacks.h:275
Botan::TLS::Callbacks::tls_provide_cert_status
virtual std::vector< uint8_t > tls_provide_cert_status(const std::vector< X509_Certificate > &chain, const Certificate_Status_Request &csr)
Definition tls_callbacks.cpp:435
Botan::TLS::Callbacks::tls_peer_network_identity
virtual std::string tls_peer_network_identity()
Definition tls_callbacks.cpp:57
Botan::TLS::Callbacks::tls_modify_extensions
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
Definition tls_callbacks.cpp:65
Botan::TLS::Callbacks::tls_provide_cert_chain_status
virtual std::vector< std::vector< uint8_t > > tls_provide_cert_chain_status(const std::vector< X509_Certificate > &chain, const Certificate_Status_Request &csr)
Definition tls_callbacks.cpp:141
Botan::TLS::Callbacks::tls_log_debug_bin
virtual void tls_log_debug_bin(const char *descr, const uint8_t val[], size_t val_len)
Definition tls_callbacks.cpp:449
Botan::TLS::Callbacks::tls_log_error
virtual void tls_log_error(const char *err)
Definition tls_callbacks.cpp:441
Botan::TLS::Callbacks::tls_log_debug
virtual void tls_log_debug(const char *what)
Definition tls_callbacks.cpp:445
Botan::TLS::Callbacks::tls12_generate_ephemeral_ecdh_key
virtual std::unique_ptr< PK_Key_Agreement_Key > tls12_generate_ephemeral_ecdh_key(TLS::Group_Params group, RandomNumberGenerator &rng, EC_Point_Format tls12_ecc_pubkey_encoding_format)
Definition tls_callbacks.cpp:376
Botan::TLS::Callbacks::tls_server_choose_app_protocol
virtual std::string tls_server_choose_app_protocol(const std::vector< std::string > &client_protos)
Definition tls_callbacks.cpp:53
Botan::TLS::Callbacks::tls_parse_ocsp_response
virtual std::optional< OCSP::Response > tls_parse_ocsp_response(const std::vector< uint8_t > &raw_response)
Definition tls_callbacks.cpp:132
Botan::TLS::Callbacks::tls_examine_extensions
virtual void tls_examine_extensions(const Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
Definition tls_callbacks.cpp:69
Botan::TLS::Callbacks::tls_sign_message
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg)
Definition tls_callbacks.cpp:150
Botan::TLS::Callbacks::tls_session_established
virtual void tls_session_established(const Session_Summary &session)
Definition tls_callbacks.cpp:431
Botan::TLS::Callbacks::tls_verify_raw_public_key
virtual void tls_verify_raw_public_key(const Public_Key &raw_public_key, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
Definition tls_callbacks.cpp:122
Botan::TLS::Callbacks::tls12_protocol_specific_kdf
virtual std::unique_ptr< KDF > tls12_protocol_specific_kdf(std::string_view prf_algo) const
Definition tls_callbacks.cpp:459
Botan::TLS::Callbacks::tls_kem_encapsulate
virtual KEM_Encapsulation tls_kem_encapsulate(TLS::Group_Params group, const std::vector< uint8_t > &encoded_public_key, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:277
Botan::TLS::Callbacks::tls_should_persist_resumption_information
virtual bool tls_should_persist_resumption_information(const Session &session)
Definition tls_callbacks.cpp:73
Botan::TLS::Callbacks::tls_kem_generate_key
virtual std::unique_ptr< Private_Key > tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator &rng)
Definition tls_callbacks.cpp:255
Botan::TLS::Callbacks::tls_deserialize_peer_public_key
virtual std::unique_ptr< Public_Key > tls_deserialize_peer_public_key(const std::variant< TLS::Group_Params, DL_Group > &group, std::span< const uint8_t > key_bits)
Definition tls_callbacks.cpp:190
Botan::TLS::Callbacks::tls_ephemeral_key_agreement
virtual secure_vector< uint8_t > tls_ephemeral_key_agreement(const std::variant< TLS::Group_Params, DL_Group > &group, const PK_Key_Agreement_Key &private_key, const std::vector< uint8_t > &public_value, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:395
Botan::TLS::Callbacks::tls_kem_decapsulate
virtual secure_vector< uint8_t > tls_kem_decapsulate(TLS::Group_Params group, const Private_Key &private_key, const std::vector< uint8_t > &encapsulated_bytes, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:315
Botan::TLS::Callbacks::tls_current_timestamp
virtual std::chrono::system_clock::time_point tls_current_timestamp()
Definition tls_callbacks.cpp:61
Botan::TLS::Callbacks::tls_generate_ephemeral_key
virtual std::unique_ptr< PK_Key_Agreement_Key > tls_generate_ephemeral_key(const std::variant< TLS::Group_Params, DL_Group > &group, RandomNumberGenerator &rng)
Definition tls_callbacks.cpp:342
Botan::TLS::Callbacks::tls_verify_cert_chain
virtual void tls_verify_cert_chain(const std::vector< X509_Certificate > &cert_chain, const std::vector< std::optional< OCSP::Response > > &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
Definition tls_callbacks.cpp:88
Botan::TLS::Callbacks::tls_ssl_key_log_data
virtual void tls_ssl_key_log_data(std::string_view label, std::span< const uint8_t > client_random, std::span< const uint8_t > secret) const
Definition tls_callbacks.cpp:453
Botan::TLS::Callbacks::tls_verify_message
virtual bool tls_verify_message(const Public_Key &key, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
Definition tls_callbacks.cpp:160
Botan::TLS::Callbacks::tls_inspect_handshake_msg
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
Definition tls_callbacks.cpp:49
Botan::TLS::Certificate_Status_Request
Definition tls_extensions.h:346
Botan::TLS::Group_Params
Definition tls_algos.h:137
Botan::TLS::Group_Params::is_pqc_hybrid
constexpr bool is_pqc_hybrid() const
Definition tls_algos.h:234
Botan::TLS::Group_Params::is_kem
constexpr bool is_kem() const
Definition tls_algos.h:236
Botan::TLS::Group_Params::is_pure_frodokem
constexpr bool is_pure_frodokem() const
Definition tls_algos.h:195
Botan::TLS::Group_Params::to_string
std::optional< std::string > to_string() const
Definition tls_algos.cpp:393
Botan::TLS::Group_Params::is_pure_ml_kem
constexpr bool is_pure_ml_kem() const
Definition tls_algos.h:190
Botan::TLS::Handshake_Message
Definition tls_handshake_msg.h:24
Botan::TLS::Hybrid_KEM_PrivateKey::generate_from_group
static std::unique_ptr< Hybrid_KEM_PrivateKey > generate_from_group(Group_Params group, RandomNumberGenerator &rng)
Definition hybrid_public_key.cpp:313
Botan::TLS::Hybrid_KEM_PublicKey::load_for_group
static std::unique_ptr< Hybrid_KEM_PublicKey > load_for_group(Group_Params group, std::span< const uint8_t > concatenated_public_values)
Definition hybrid_public_key.cpp:238
Botan::TLS::Policy::check_peer_key_acceptable
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
Definition tls_policy.cpp:281
Botan::TLS::Policy::require_cert_revocation_info
virtual bool require_cert_revocation_info() const
Definition tls_policy.cpp:266
Botan::TLS::Policy::minimum_signature_strength
virtual size_t minimum_signature_strength() const
Definition tls_policy.cpp:262
Botan::TLS::Protocol_Version::is_pre_tls_13
bool is_pre_tls_13() const
Definition tls_version.cpp:58
Botan::TLS::Session_Base::version
Protocol_Version version() const
Definition tls_session.h:74
Botan::TLS::Session_Summary
Definition tls_session.h:148
Botan::TLS::Session::lifetime_hint
std::chrono::seconds lifetime_hint() const
Definition tls_session.h:350
Botan::TLS::TLS_Exception
Definition tls_exceptn.h:19
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::ML_KEM_Mode
KyberMode ML_KEM_Mode
Definition ml_kem.h:21
Botan::x509_path_validate
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
Definition x509path.cpp:933
Botan::Signature_Format
Signature_Format
Definition pk_keys.h:32
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Generated by doxygen 1.16.1