/src/botan/build/include/botan/tls_callbacks.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS Callbacks |
3 | | * (C) 2016 Matthias Gierlings |
4 | | * 2016 Jack Lloyd |
5 | | * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity |
6 | | * |
7 | | * Botan is released under the Simplified BSD License (see license.txt) |
8 | | */ |
9 | | |
10 | | #ifndef BOTAN_TLS_CALLBACKS_H_ |
11 | | #define BOTAN_TLS_CALLBACKS_H_ |
12 | | |
13 | | #include <botan/tls_session.h> |
14 | | #include <botan/tls_alert.h> |
15 | | #include <botan/pubkey.h> |
16 | | #include <optional> |
17 | | |
18 | | namespace Botan { |
19 | | |
20 | | class Certificate_Store; |
21 | | class X509_Certificate; |
22 | | |
23 | | namespace OCSP { |
24 | | |
25 | | class Response; |
26 | | |
27 | | } |
28 | | |
29 | | namespace TLS { |
30 | | |
31 | | class Handshake_Message; |
32 | | class Policy; |
33 | | class Extensions; |
34 | | class Certificate_Status_Request; |
35 | | |
36 | | /** |
37 | | * Encapsulates the callbacks that a TLS channel will make which are due to |
38 | | * channel specific operations. |
39 | | */ |
40 | | class BOTAN_PUBLIC_API(2,0) Callbacks |
41 | | { |
42 | | public: |
43 | 11.6k | virtual ~Callbacks() = default; |
44 | | |
45 | | /** |
46 | | * Mandatory callback: output function |
47 | | * The channel will call this with data which needs to be sent to the peer |
48 | | * (eg, over a socket or some other form of IPC). The array will be overwritten |
49 | | * when the function returns so a copy must be made if the data cannot be |
50 | | * sent immediately. |
51 | | * |
52 | | * @param data the vector of data to send |
53 | | * |
54 | | * @param size the number of bytes to send |
55 | | */ |
56 | | virtual void tls_emit_data(const uint8_t data[], size_t size) = 0; |
57 | | |
58 | | /** |
59 | | * Mandatory callback: process application data |
60 | | * Called when application data record is received from the peer. |
61 | | * Again the array is overwritten immediately after the function returns. |
62 | | * |
63 | | * @param seq_no the underlying TLS/DTLS record sequence number |
64 | | * |
65 | | * @param data the vector containing the received record |
66 | | * |
67 | | * @param size the length of the received record, in bytes |
68 | | */ |
69 | | virtual void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size) = 0; |
70 | | |
71 | | /** |
72 | | * Mandatory callback: alert received |
73 | | * Called when an alert is received from the peer |
74 | | * If fatal, the connection is closing. If not fatal, the connection may |
75 | | * still be closing (depending on the error and the peer). |
76 | | * |
77 | | * @param alert the source of the alert |
78 | | */ |
79 | | virtual void tls_alert(Alert alert) = 0; |
80 | | |
81 | | /** |
82 | | * Mandatory callback: session established |
83 | | * Called when a session is established. Throw an exception to abort |
84 | | * the connection. |
85 | | * |
86 | | * @param session the session descriptor |
87 | | * |
88 | | * @return return false to prevent the session from being cached, |
89 | | * return true to cache the session in the configured session manager |
90 | | */ |
91 | | virtual bool tls_session_established(const Session& session) = 0; |
92 | | |
93 | | /** |
94 | | * Optional callback: session activated |
95 | | * Called when a session is active and can be written to |
96 | | */ |
97 | 342 | virtual void tls_session_activated() {} |
98 | | |
99 | | /** |
100 | | * Optional callback with default impl: verify cert chain |
101 | | * |
102 | | * Default implementation performs a standard PKIX validation |
103 | | * and initiates network OCSP request for end-entity cert. |
104 | | * Override to provide different behavior. |
105 | | * |
106 | | * Check the certificate chain is valid up to a trusted root, and |
107 | | * optionally (if hostname != "") that the hostname given is |
108 | | * consistent with the leaf certificate. |
109 | | * |
110 | | * This function should throw an exception derived from |
111 | | * std::exception with an informative what() result if the |
112 | | * certificate chain cannot be verified. |
113 | | * |
114 | | * @param cert_chain specifies a certificate chain leading to a |
115 | | * trusted root CA certificate. |
116 | | * @param ocsp_responses the server may have provided some |
117 | | * @param trusted_roots the list of trusted certificates |
118 | | * @param usage what this cert chain is being used for |
119 | | * Usage_Type::TLS_SERVER_AUTH for server chains, |
120 | | * Usage_Type::TLS_CLIENT_AUTH for client chains, |
121 | | * Usage_Type::UNSPECIFIED for other uses |
122 | | * @param hostname when authenticating a server, this is the hostname |
123 | | * the client requested (eg via SNI). When authenticating a client, |
124 | | * this is the server name the client is authenticating *to*. |
125 | | * Empty in other cases or if no hostname was used. |
126 | | * @param policy the TLS policy associated with the session being authenticated |
127 | | * using the certificate chain |
128 | | */ |
129 | | virtual void tls_verify_cert_chain( |
130 | | const std::vector<X509_Certificate>& cert_chain, |
131 | | const std::vector<std::optional<OCSP::Response>>& ocsp_responses, |
132 | | const std::vector<Certificate_Store*>& trusted_roots, |
133 | | Usage_Type usage, |
134 | | const std::string& hostname, |
135 | | const TLS::Policy& policy); |
136 | | |
137 | | /** |
138 | | * Called by default `tls_verify_cert_chain` to get the timeout to use for OCSP |
139 | | * requests. Return 0 to disable online OCSP checks. |
140 | | * |
141 | | * This function should not be "const" since the implementation might need |
142 | | * to perform some side effecting operation to compute the result. |
143 | | */ |
144 | | virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const |
145 | 575 | { |
146 | 575 | return std::chrono::milliseconds(0); |
147 | 575 | } |
148 | | |
149 | | /** |
150 | | * Called by the TLS server whenever the client included the |
151 | | * status_request extension (see RFC 6066, a.k.a OCSP stapling) |
152 | | * in the ClientHello. |
153 | | * |
154 | | * @return the encoded OCSP response to be sent to the client which |
155 | | * indicates the revocation status of the server certificate. Return an |
156 | | * empty vector to indicate that no response is available, and thus |
157 | | * suppress the Certificate_Status message. |
158 | | */ |
159 | | virtual std::vector<uint8_t> tls_provide_cert_status(const std::vector<X509_Certificate>& chain, |
160 | | const Certificate_Status_Request& csr) |
161 | 3 | { |
162 | 3 | BOTAN_UNUSED(chain); |
163 | 3 | BOTAN_UNUSED(csr); |
164 | 3 | return std::vector<uint8_t>(); |
165 | 3 | } |
166 | | |
167 | | /** |
168 | | * Optional callback with default impl: sign a message |
169 | | * |
170 | | * Default implementation uses PK_Signer::sign_message(). |
171 | | * Override to provide a different approach, e.g. using an external device. |
172 | | * |
173 | | * @param key the private key of the signer |
174 | | * @param rng a random number generator |
175 | | * @param emsa the encoding method to be applied to the message |
176 | | * @param format the signature format |
177 | | * @param msg the input data for the signature |
178 | | * |
179 | | * @return the signature |
180 | | */ |
181 | | virtual std::vector<uint8_t> tls_sign_message( |
182 | | const Private_Key& key, |
183 | | RandomNumberGenerator& rng, |
184 | | const std::string& emsa, |
185 | | Signature_Format format, |
186 | | const std::vector<uint8_t>& msg); |
187 | | |
188 | | /** |
189 | | * Optional callback with default impl: verify a message signature |
190 | | * |
191 | | * Default implementation uses PK_Verifier::verify_message(). |
192 | | * Override to provide a different approach, e.g. using an external device. |
193 | | * |
194 | | * @param key the public key of the signer |
195 | | * @param emsa the encoding method to be applied to the message |
196 | | * @param format the signature format |
197 | | * @param msg the input data for the signature |
198 | | * @param sig the signature to be checked |
199 | | * |
200 | | * @return true if the signature is valid, false otherwise |
201 | | */ |
202 | | virtual bool tls_verify_message( |
203 | | const Public_Key& key, |
204 | | const std::string& emsa, |
205 | | Signature_Format format, |
206 | | const std::vector<uint8_t>& msg, |
207 | | const std::vector<uint8_t>& sig); |
208 | | |
209 | | /** |
210 | | * Optional callback with default impl: client side DH agreement |
211 | | * |
212 | | * Default implementation uses PK_Key_Agreement::derive_key(). |
213 | | * Override to provide a different approach, e.g. using an external device. |
214 | | * |
215 | | * @param modulus the modulus p of the discrete logarithm group |
216 | | * @param generator the generator of the DH subgroup |
217 | | * @param peer_public_value the public value of the peer |
218 | | * @param policy the TLS policy associated with the session being established |
219 | | * @param rng a random number generator |
220 | | * |
221 | | * @return a pair consisting of the agreed raw secret and our public value |
222 | | */ |
223 | | virtual std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> tls_dh_agree( |
224 | | const std::vector<uint8_t>& modulus, |
225 | | const std::vector<uint8_t>& generator, |
226 | | const std::vector<uint8_t>& peer_public_value, |
227 | | const Policy& policy, |
228 | | RandomNumberGenerator& rng); |
229 | | |
230 | | /** |
231 | | * Optional callback with default impl: client side ECDH agreement |
232 | | * |
233 | | * Default implementation uses PK_Key_Agreement::derive_key(). |
234 | | * Override to provide a different approach, e.g. using an external device. |
235 | | * |
236 | | * @param curve_name the name of the elliptic curve |
237 | | * @param peer_public_value the public value of the peer |
238 | | * @param policy the TLS policy associated with the session being established |
239 | | * @param rng a random number generator |
240 | | * @param compressed the compression preference for our public value |
241 | | * |
242 | | * @return a pair consisting of the agreed raw secret and our public value |
243 | | */ |
244 | | virtual std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> tls_ecdh_agree( |
245 | | const std::string& curve_name, |
246 | | const std::vector<uint8_t>& peer_public_value, |
247 | | const Policy& policy, |
248 | | RandomNumberGenerator& rng, |
249 | | bool compressed); |
250 | | |
251 | | /** |
252 | | * Optional callback: inspect handshake message |
253 | | * Throw an exception to abort the handshake. |
254 | | * Default simply ignores the message. |
255 | | * |
256 | | * @param message the handshake message |
257 | | */ |
258 | | virtual void tls_inspect_handshake_msg(const Handshake_Message& message); |
259 | | |
260 | | /** |
261 | | * Optional callback for server: choose ALPN protocol |
262 | | * |
263 | | * ALPN (RFC 7301) works by the client sending a list of application |
264 | | * protocols it is willing to negotiate. The server then selects which |
265 | | * protocol to use. RFC 7301 requires that if the server does not support |
266 | | * any protocols offered by the client, then it should close the connection |
267 | | * with an alert of no_application_protocol. Within this callback this would |
268 | | * be done by throwing a TLS_Exception(Alert::NO_APPLICATION_PROTOCOL) |
269 | | * |
270 | | * @param client_protos the vector of protocols the client is willing to negotiate |
271 | | * |
272 | | * @return the protocol selected by the server; if the empty string is |
273 | | * returned, the server does not reply to the client ALPN extension. |
274 | | * |
275 | | * The default implementation returns the empty string, causing client |
276 | | * ALPN to be ignored. |
277 | | * |
278 | | * It is highly recommended to support ALPN whenever possible to avoid |
279 | | * cross-protocol attacks. |
280 | | */ |
281 | | virtual std::string tls_server_choose_app_protocol(const std::vector<std::string>& client_protos); |
282 | | |
283 | | /** |
284 | | * Optional callback: examine/modify Extensions before sending. |
285 | | * |
286 | | * Both client and server will call this callback on the Extensions object |
287 | | * before serializing it in the client/server hellos. This allows an |
288 | | * application to modify which extensions are sent during the |
289 | | * handshake. |
290 | | * |
291 | | * Default implementation does nothing. |
292 | | * |
293 | | * @param extn the extensions |
294 | | * @param which_side will be CLIENT or SERVER which is the current |
295 | | * applications role in the exchange. |
296 | | */ |
297 | | virtual void tls_modify_extensions(Extensions& extn, Connection_Side which_side); |
298 | | |
299 | | /** |
300 | | * Optional callback: examine peer extensions. |
301 | | * |
302 | | * Both client and server will call this callback with the Extensions |
303 | | * object after receiving it from the peer. This allows examining the |
304 | | * Extensions, for example to implement a custom extension. It also allows |
305 | | * an application to require that a particular extension be implemented; |
306 | | * throw an exception from this function to abort the handshake. |
307 | | * |
308 | | * Default implementation does nothing. |
309 | | * |
310 | | * @param extn the extensions |
311 | | * @param which_side will be CLIENT if these are are the clients extensions (ie we are |
312 | | * the server) or SERVER if these are the server extensions (we are the client). |
313 | | */ |
314 | | virtual void tls_examine_extensions(const Extensions& extn, Connection_Side which_side); |
315 | | |
316 | | /** |
317 | | * Optional callback: decode TLS group ID |
318 | | * |
319 | | * TLS uses a 16-bit field to identify ECC and DH groups. This callback |
320 | | * handles the decoding. You only need to implement this if you are using |
321 | | * a custom ECC or DH group (this is extremely uncommon). |
322 | | * |
323 | | * Default implementation uses the standard (IETF-defined) mappings. |
324 | | */ |
325 | | virtual std::string tls_decode_group_param(Group_Params group_param); |
326 | | |
327 | | /** |
328 | | * Optional callback: return peer network identity |
329 | | * |
330 | | * There is no expected or specified format. The only expectation is this |
331 | | * function will return a unique value. For example returning the peer |
332 | | * host IP and port. |
333 | | * |
334 | | * This is used to bind the DTLS cookie to a particular network identity. |
335 | | * It is only called if the dtls-cookie-secret PSK is also defined. |
336 | | */ |
337 | | virtual std::string tls_peer_network_identity(); |
338 | | |
339 | | /** |
340 | | * Optional callback: error logging. (not currently called) |
341 | | * @param err An error message related to this connection. |
342 | | */ |
343 | | virtual void tls_log_error(const char* err) |
344 | 0 | { |
345 | 0 | BOTAN_UNUSED(err); |
346 | 0 | } Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_error(char const*) Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_error(char const*) |
347 | | |
348 | | /** |
349 | | * Optional callback: debug logging. (not currently called) |
350 | | * @param what Some hopefully informative string |
351 | | */ |
352 | | virtual void tls_log_debug(const char* what) |
353 | 0 | { |
354 | 0 | BOTAN_UNUSED(what); |
355 | 0 | } Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_debug(char const*) Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_debug(char const*) |
356 | | |
357 | | /** |
358 | | * Optional callback: debug logging taking a buffer. (not currently called) |
359 | | * @param descr What this buffer is |
360 | | * @param val the bytes |
361 | | * @param val_len length of val |
362 | | */ |
363 | | virtual void tls_log_debug_bin(const char* descr, const uint8_t val[], size_t val_len) |
364 | 0 | { |
365 | 0 | BOTAN_UNUSED(descr, val, val_len); |
366 | 0 | } Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_debug_bin(char const*, unsigned char const*, unsigned long) Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_debug_bin(char const*, unsigned char const*, unsigned long) |
367 | | }; |
368 | | |
369 | | } |
370 | | |
371 | | } |
372 | | |
373 | | #endif |