/src/botan/build/include/public/botan/tls_callbacks.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS Callbacks |
3 | | * (C) 2016 Matthias Gierlings |
4 | | * 2016 Jack Lloyd |
5 | | * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity |
6 | | * 2022 René Meusel, Rohde & Schwarz Cybersecurity |
7 | | * |
8 | | * Botan is released under the Simplified BSD License (see license.txt) |
9 | | */ |
10 | | |
11 | | #ifndef BOTAN_TLS_CALLBACKS_H_ |
12 | | #define BOTAN_TLS_CALLBACKS_H_ |
13 | | |
14 | | #include <botan/dl_group.h> |
15 | | #include <botan/ocsp.h> |
16 | | #include <botan/pubkey.h> |
17 | | #include <botan/tls_alert.h> |
18 | | #include <botan/tls_session.h> |
19 | | #include <chrono> |
20 | | #include <optional> |
21 | | |
22 | | namespace Botan { |
23 | | |
24 | | class Certificate_Store; |
25 | | class X509_Certificate; |
26 | | |
27 | | namespace OCSP { |
28 | | |
29 | | class Response; |
30 | | |
31 | | } |
32 | | |
33 | | namespace TLS { |
34 | | |
35 | | class Handshake_Message; |
36 | | class Policy; |
37 | | class Extensions; |
38 | | class Certificate_Status_Request; |
39 | | |
40 | | /** |
41 | | * Encapsulates the callbacks that a TLS channel will make which are due to |
42 | | * channel specific operations. |
43 | | */ |
44 | | class BOTAN_PUBLIC_API(2, 0) Callbacks { |
45 | | public: |
46 | 7.84k | virtual ~Callbacks() = default; |
47 | | |
48 | | /** |
49 | | * @name Mandatory |
50 | | * |
51 | | * Those callbacks must be implemented by all applications that use TLS. |
52 | | * @{ |
53 | | */ |
54 | | |
55 | | /** |
56 | | * Mandatory callback: output function |
57 | | * |
58 | | * The channel will call this with data which needs to be sent to the peer |
59 | | * (eg, over a socket or some other form of IPC). The array will be overwritten |
60 | | * when the function returns so a copy must be made if the data cannot be |
61 | | * sent immediately. |
62 | | * |
63 | | * As an example you could use the syscall ``send`` to perform a blocking |
64 | | * write on a socket, or append the data to a queue managed by your |
65 | | * application and initiate an asynchronous write. |
66 | | * |
67 | | * For TLS all writes must occur *in the order requested*. For DTLS this |
68 | | * ordering is not strictly required, but is still recommended. |
69 | | * |
70 | | * @param data a contiguous data buffer to send |
71 | | */ |
72 | | virtual void tls_emit_data(std::span<const uint8_t> data) = 0; |
73 | | |
74 | | /** |
75 | | * Mandatory callback: process application data |
76 | | * |
77 | | * Called when application data record is received from the peer. The |
78 | | * array is overwritten immediately after the function returns. |
79 | | * |
80 | | * Currently empty records are ignored and do not instigate a callback, |
81 | | * but this may change in a future release. |
82 | | * |
83 | | * For TLS the record number will always increase. For DTLS, it is |
84 | | * possible to receive records with the @p seq_no field out of order, or |
85 | | * with gaps, corresponding to reordered or lost datagrams. |
86 | | * |
87 | | * @param seq_no the underlying TLS/DTLS record sequence number |
88 | | * |
89 | | * @param data a contiguous data buffer containing the received record |
90 | | */ |
91 | | virtual void tls_record_received(uint64_t seq_no, std::span<const uint8_t> data) = 0; |
92 | | |
93 | | /** |
94 | | * Mandatory callback: alert received |
95 | | * |
96 | | * Called when an alert is received from the peer. If fatal, the |
97 | | * connection is closing. If not fatal, the connection may still be |
98 | | * closing (depending on the error and the peer). |
99 | | * |
100 | | * Note that alerts received before the handshake is complete are not |
101 | | * authenticated and could have been inserted by a MITM attacker. |
102 | | */ |
103 | | virtual void tls_alert(Alert alert) = 0; |
104 | | |
105 | | /// @} |
106 | | // End of mandatory callbacks |
107 | | |
108 | | /** |
109 | | * @name Informational |
110 | | * |
111 | | * Override these to obtain deeper insights into the TLS connection. |
112 | | * Throwing from any of these callbacks will result in the termination of |
113 | | * the TLS connection. |
114 | | * @{ |
115 | | */ |
116 | | |
117 | | /** |
118 | | * Optional callback: session established |
119 | | * |
120 | | * Called whenever a negotiation completes. This can happen more than once |
121 | | * on TLS 1.2 connections, if renegotiation occurs. The @p session |
122 | | * parameter provides information about the session which was just |
123 | | * established. |
124 | | * |
125 | | * If this function wishes to cancel the handshake, it can throw an |
126 | | * exception which will send a close message to the counterparty and reset |
127 | | * the connection state. |
128 | | * |
129 | | * @param session the session descriptor |
130 | | */ |
131 | 82 | virtual void tls_session_established(const Session_Summary& session) { BOTAN_UNUSED(session); } |
132 | | |
133 | | /** |
134 | | * Optional callback: session activated |
135 | | * |
136 | | * By default does nothing. This is called when the session is activated, |
137 | | * that is once it is possible to send or receive data on the channel. In |
138 | | * particular it is possible for an implementation of this function to |
139 | | * perform an initial write on the channel. |
140 | | */ |
141 | 82 | virtual void tls_session_activated() {} |
142 | | |
143 | | /** |
144 | | * Optional callback: peer closed connection (sent a "close_notify" alert) |
145 | | * |
146 | | * The peer signaled that it wishes to shut down the connection. The |
147 | | * application should not expect to receive any more data from the peer |
148 | | * and may tear down the underlying transport socket. |
149 | | * |
150 | | * Prior to TLS 1.3 it was required that peers discard pending writes |
151 | | * and immediately respond with their own "close_notify". With TLS 1.3, |
152 | | * applications can continue to send data despite the peer having already |
153 | | * signaled their wish to shut down. |
154 | | * |
155 | | * Returning `true` will cause the TLS 1.3 implementation to write all |
156 | | * pending data and then also signal a connection shut down. Otherwise |
157 | | * the application is responsible to call the `Channel::close()` method. |
158 | | * |
159 | | * For TLS 1.2 the return value has no effect. |
160 | | * |
161 | | * @return true causes the implementation to respond with a "close_notify" |
162 | | */ |
163 | 1.31k | virtual bool tls_peer_closed_connection() { return true; } |
164 | | |
165 | | /** |
166 | | * Optional callback: Resumption information was received/established |
167 | | * |
168 | | * TLS 1.3 calls this when we sent or received a TLS 1.3 session ticket at |
169 | | * any point after the initial handshake has finished. |
170 | | * |
171 | | * TLS 1.2 calls this when a session was established successfully and |
172 | | * its resumption information may be stored for later usage. |
173 | | * |
174 | | * Note that for servers this is called as soon as resumption information |
175 | | * is available and _could_ be sent to the client. If this callback |
176 | | * returns 'false', the information will neither be cached nor sent. |
177 | | * |
178 | | * @param session the session descriptor |
179 | | * |
180 | | * @return false to prevent the resumption information from being cached, |
181 | | * and true to cache it in the configured Session_Manager |
182 | | */ |
183 | | virtual bool tls_should_persist_resumption_information(const Session& session); |
184 | | |
185 | | /** |
186 | | * Optional callback with default impl: verify cert chain |
187 | | * |
188 | | * Default implementation performs a standard PKIX validation |
189 | | * and initiates network OCSP request for end-entity cert. |
190 | | * Override to provide different behavior. |
191 | | * |
192 | | * Check the certificate chain is valid up to a trusted root, and |
193 | | * optionally (if hostname != "") that the hostname given is |
194 | | * consistent with the leaf certificate. |
195 | | * |
196 | | * This function should throw an exception derived from |
197 | | * std::exception with an informative what() result if the |
198 | | * certificate chain cannot be verified. |
199 | | * |
200 | | * @param cert_chain specifies a certificate chain leading to a |
201 | | * trusted root CA certificate. |
202 | | * @param ocsp_responses the server may have provided some |
203 | | * @param trusted_roots the list of trusted certificates |
204 | | * @param usage what this cert chain is being used for |
205 | | * Usage_Type::TLS_SERVER_AUTH for server chains, |
206 | | * Usage_Type::TLS_CLIENT_AUTH for client chains, |
207 | | * Usage_Type::UNSPECIFIED for other uses |
208 | | * @param hostname when authenticating a server, this is the hostname |
209 | | * the client requested (eg via SNI). When authenticating a client, |
210 | | * this is the server name the client is authenticating *to*. |
211 | | * Empty in other cases or if no hostname was used. |
212 | | * @param policy the TLS policy associated with the session being authenticated |
213 | | * using the certificate chain |
214 | | */ |
215 | | virtual void tls_verify_cert_chain(const std::vector<X509_Certificate>& cert_chain, |
216 | | const std::vector<std::optional<OCSP::Response>>& ocsp_responses, |
217 | | const std::vector<Certificate_Store*>& trusted_roots, |
218 | | Usage_Type usage, |
219 | | std::string_view hostname, |
220 | | const TLS::Policy& policy); |
221 | | |
222 | | /** |
223 | | * Optional callback. Default impl always rejects. |
224 | | * |
225 | | * This allows using raw public keys for authentication of peers as |
226 | | * described in RFC 7250 and RFC 8446 4.2.2. Applications that wish |
227 | | * to use raw public keys MUST override this callback to verify the |
228 | | * authenticity of the received public keys. |
229 | | * |
230 | | * Default implementation always rejects the raw public key. |
231 | | * |
232 | | * This function should throw an exception derived from |
233 | | * std::exception with an informative what() result if the |
234 | | * raw public key cannot be verified. |
235 | | * |
236 | | * @param raw_public_key specifies the raw public key to be used |
237 | | * for peer authentication |
238 | | * @param usage what this cert chain is being used for |
239 | | * Usage_Type::TLS_SERVER_AUTH for server chains, |
240 | | * Usage_Type::TLS_CLIENT_AUTH for client chains, |
241 | | * @param hostname when authenticating a server, this is the hostname |
242 | | * the client requested (eg via SNI). When authenticating a client, |
243 | | * this is the server name the client is authenticating *to*. |
244 | | * Empty in other cases or if no hostname was used. |
245 | | * @param policy the TLS policy associated with the session being authenticated |
246 | | * using the raw public key |
247 | | */ |
248 | | virtual void tls_verify_raw_public_key(const Public_Key& raw_public_key, |
249 | | Usage_Type usage, |
250 | | std::string_view hostname, |
251 | | const TLS::Policy& policy); |
252 | | |
253 | | /** |
254 | | * Called by default `tls_verify_cert_chain` to get the timeout to use for OCSP |
255 | | * requests. Return 0 to disable online OCSP checks. |
256 | | * |
257 | | * This function should not be "const" since the implementation might need |
258 | | * to perform some side effecting operation to compute the result. |
259 | | */ |
260 | 0 | virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const { |
261 | 0 | return std::chrono::milliseconds(0); |
262 | 0 | } |
263 | | |
264 | | /** |
265 | | * Called by the TLS server whenever the client included the |
266 | | * status_request extension (see RFC 6066, a.k.a OCSP stapling) |
267 | | * in the ClientHello. |
268 | | * |
269 | | * @return the encoded OCSP response to be sent to the client which |
270 | | * indicates the revocation status of the server certificate. Return an |
271 | | * empty vector to indicate that no response is available, and thus |
272 | | * suppress the Certificate_Status message. |
273 | | */ |
274 | | virtual std::vector<uint8_t> tls_provide_cert_status(const std::vector<X509_Certificate>& chain, |
275 | 32 | const Certificate_Status_Request& csr) { |
276 | 32 | BOTAN_UNUSED(chain); |
277 | 32 | BOTAN_UNUSED(csr); |
278 | 32 | return std::vector<uint8_t>(); |
279 | 32 | } |
280 | | |
281 | | /** |
282 | | * Called by TLS 1.3 client or server whenever the peer indicated that |
283 | | * OCSP stapling is supported. In contrast to `tls_provide_cert_status`, |
284 | | * this allows providing OCSP responses for each certificate in the chain. |
285 | | * |
286 | | * The default implementation invokes `tls_provide_cert_status` assuming |
287 | | * that no OCSP responses for intermediate certificates are available. |
288 | | * |
289 | | * @return a vector of OCSP response buffers. An empty buffer indicates |
290 | | * that no OCSP response should be provided for the respective |
291 | | * certificate (at the same list index). The returned vector |
292 | | * MUST be exactly the same length as the incoming \p chain. |
293 | | */ |
294 | | virtual std::vector<std::vector<uint8_t>> tls_provide_cert_chain_status( |
295 | | const std::vector<X509_Certificate>& chain, const Certificate_Status_Request& csr); |
296 | | |
297 | | /** |
298 | | * Optional callback with default impl: sign a message |
299 | | * |
300 | | * Default implementation uses PK_Signer::sign_message(). |
301 | | * Override to provide a different approach, e.g. using an external device. |
302 | | * |
303 | | * @param key the private key of the signer |
304 | | * @param rng a random number generator |
305 | | * @param padding the encoding method to be applied to the message |
306 | | * @param format the signature format |
307 | | * @param msg the input data for the signature |
308 | | * |
309 | | * @return the signature |
310 | | */ |
311 | | virtual std::vector<uint8_t> tls_sign_message(const Private_Key& key, |
312 | | RandomNumberGenerator& rng, |
313 | | std::string_view padding, |
314 | | Signature_Format format, |
315 | | const std::vector<uint8_t>& msg); |
316 | | |
317 | | /** |
318 | | * Optional callback with default impl: verify a message signature |
319 | | * |
320 | | * Default implementation uses PK_Verifier::verify_message(). |
321 | | * Override to provide a different approach, e.g. using an external device. |
322 | | * |
323 | | * @param key the public key of the signer |
324 | | * @param padding the encoding method to be applied to the message |
325 | | * @param format the signature format |
326 | | * @param msg the input data for the signature |
327 | | * @param sig the signature to be checked |
328 | | * |
329 | | * @return true if the signature is valid, false otherwise |
330 | | */ |
331 | | virtual bool tls_verify_message(const Public_Key& key, |
332 | | std::string_view padding, |
333 | | Signature_Format format, |
334 | | const std::vector<uint8_t>& msg, |
335 | | const std::vector<uint8_t>& sig); |
336 | | |
337 | | /** |
338 | | * Optional callback: deserialize a public key received from the peer |
339 | | * |
340 | | * Default implementation simply parses the public key using Botan's |
341 | | * public keys. Override to provide a different approach, e.g. using an |
342 | | * external device. |
343 | | * |
344 | | * If deserialization fails, the default implementation throws a |
345 | | * Botan::Decoding_Error exception that will be translated into a |
346 | | * TLS_Exception with an Alert::IllegalParamter. |
347 | | * |
348 | | * @param group the group identifier or (in case of TLS 1.2) an explicit |
349 | | * discrete-log group of the public key |
350 | | * @param key_bits the serialized public key |
351 | | * |
352 | | * @return the deserialized and ready-to-use public key |
353 | | */ |
354 | | virtual std::unique_ptr<Public_Key> tls_deserialize_peer_public_key( |
355 | | const std::variant<TLS::Group_Params, DL_Group>& group, std::span<const uint8_t> key_bits); |
356 | | |
357 | | /** |
358 | | * Generate an ephemeral KEM key for a TLS 1.3 handshake |
359 | | * |
360 | | * Applications may use this to add custom KEM algorithms or entirely |
361 | | * different key exchange schemes to the TLS 1.3 handshake. For instance, |
362 | | * this could provide an entry point to implement a hybrid key exchange |
363 | | * with both a traditional algorithm like ECDH and a quantum-secure KEM. |
364 | | * Typical use cases of the library don't need to do that and serious |
365 | | * security risks are associated with customizing TLS's key encapsulation |
366 | | * mechanism. |
367 | | * |
368 | | * Note that the KEM interface is usable for TLS 1.3 handshakes, only. |
369 | | * |
370 | | * The default implementation simply delegates this to the |
371 | | * tls_generate_ephemeral_key() call when appropriate. |
372 | | * |
373 | | * @param group the group identifier to generate an ephemeral keypair for |
374 | | * @param rng a random number generator |
375 | | * |
376 | | * @returns a keypair whose public key will be provided to the peer and |
377 | | * the private key will be provided to tls_kem_decapsulate later |
378 | | * in the handshake. |
379 | | */ |
380 | | virtual std::unique_ptr<Private_Key> tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator& rng); |
381 | | |
382 | | /** |
383 | | * Performs a key encapsulation operation (used for TLS 1.3 servers) |
384 | | * |
385 | | * Applications may use this to add custom KEM algorithms or entirely |
386 | | * different key exchange schemes to the TLS 1.3 handshake. For instance, |
387 | | * this could provide an entry point to implement a hybrid key exchange |
388 | | * with both a traditional algorithm like ECDH and a quantum-secure KEM. |
389 | | * Typical use cases of the library don't need to do that and serious |
390 | | * security risks are associated with customizing TLS's key encapsulation |
391 | | * mechanism. |
392 | | * |
393 | | * Note that the KEM interface is usable for TLS 1.3 handshakes, only. |
394 | | * |
395 | | * The default implementation implements this key encapsulation as a |
396 | | * combination of tls_generate_ephemeral_key() followed by |
397 | | * tls_ephemeral_key_agreement() with the provided @p encoded_public_key. |
398 | | * The just-generated ephemeral private key is destroyed immediately. |
399 | | * |
400 | | * @param group the group identifier of the KEM/KEX algorithm |
401 | | * @param encoded_public_key the public key used for encapsulation/KEX |
402 | | * @param rng a random number generator |
403 | | * @param policy a TLS policy object |
404 | | * |
405 | | * @returns the shared secret both in plaintext and encapsulated with |
406 | | * @p encoded_public_key. |
407 | | */ |
408 | | virtual KEM_Encapsulation tls_kem_encapsulate(TLS::Group_Params group, |
409 | | const std::vector<uint8_t>& encoded_public_key, |
410 | | RandomNumberGenerator& rng, |
411 | | const Policy& policy); |
412 | | |
413 | | /** |
414 | | * Performs a key decapsulation operation (used for TLS 1.3 clients). |
415 | | * |
416 | | * Applications may use this to add custom KEM algorithms or entirely |
417 | | * different key exchange schemes to the TLS 1.3 handshake. For instance, |
418 | | * this could provide an entry point to implement a hybrid key exchange |
419 | | * with both a traditional algorithm like ECDH and a quantum-secure KEM. |
420 | | * Typical use cases of the library don't need to do that and serious |
421 | | * security risks are associated with customizing TLS's key encapsulation |
422 | | * mechanism. |
423 | | * |
424 | | * Note that the KEM interface is usable for TLS 1.3 handshakes, only. |
425 | | * |
426 | | * The default implementation simply delegates this to the |
427 | | * tls_ephemeral_key_agreement() callback to obtain the shared secret. |
428 | | * |
429 | | * @param group the group identifier of the KEM/KEX algorithm |
430 | | * @param private_key the private key used for decapsulation/KEX |
431 | | * @param encapsulated_bytes the content to decapsulate (or the public key share) |
432 | | * @param rng a random number generator |
433 | | * @param policy a TLS policy object |
434 | | * |
435 | | * @returns the plaintext shared secret from @p encapsulated_bytes after |
436 | | * decapsulation with @p private_key. |
437 | | */ |
438 | | virtual secure_vector<uint8_t> tls_kem_decapsulate(TLS::Group_Params group, |
439 | | const Private_Key& private_key, |
440 | | const std::vector<uint8_t>& encapsulated_bytes, |
441 | | RandomNumberGenerator& rng, |
442 | | const Policy& policy); |
443 | | |
444 | | /** |
445 | | * Generate an ephemeral key pair for the TLS handshake. |
446 | | * |
447 | | * Applications may use this to add custom groups, curves or entirely |
448 | | * different ephemeral key agreement mechanisms to the TLS handshake. |
449 | | * Note that this callback must be used in conjunction with |
450 | | * Callbacks::tls_ephemeral_key_agreement. |
451 | | * |
452 | | * Typical use cases of the library don't need to do that and serious |
453 | | * security risks are associated with customizing TLS's key exchange |
454 | | * mechanism. |
455 | | * |
456 | | * @throws TLS_Exception(Alert::DecodeError) if the @p group is not known. |
457 | | * |
458 | | * @param group the group identifier to generate an ephemeral keypair for |
459 | | * TLS 1.2 allows for specifying custom discrete logarithm |
460 | | * parameters as part of the protocol. Hence the variant<>. |
461 | | * @param rng a random number generator |
462 | | * |
463 | | * @return a private key of an algorithm usable for key agreement |
464 | | */ |
465 | | virtual std::unique_ptr<PK_Key_Agreement_Key> tls_generate_ephemeral_key( |
466 | | const std::variant<TLS::Group_Params, DL_Group>& group, RandomNumberGenerator& rng); |
467 | | |
468 | | /** |
469 | | * Agree on a shared secret with the peer's ephemeral public key for |
470 | | * the TLS handshake. |
471 | | * |
472 | | * Applications may use this to add custom groups, curves or entirely |
473 | | * different ephemeral key agreement mechanisms to the TLS handshake. |
474 | | * Note that this callback must be used in conjunction with |
475 | | * Callbacks::tls_generate_ephemeral_key. |
476 | | * |
477 | | * Typical use cases of the library don't need to do that and serious |
478 | | * security risks are associated with customizing TLS's key exchange |
479 | | * mechanism. |
480 | | * |
481 | | * @param group the TLS group identifier to be used |
482 | | * TLS 1.2 allows for specifying custom discrete |
483 | | * logarithm parameters as part of the protocol. |
484 | | * Hence the variant<>. |
485 | | * @param private_key the private key (generated ahead in tls_generate_ephemeral_key) |
486 | | * @param public_value the public key exchange information received by the peer |
487 | | * @param rng a random number generator |
488 | | * @param policy a TLS policy object |
489 | | * |
490 | | * @return the shared secret derived from public_value and private_key |
491 | | */ |
492 | | virtual secure_vector<uint8_t> tls_ephemeral_key_agreement(const std::variant<TLS::Group_Params, DL_Group>& group, |
493 | | const PK_Key_Agreement_Key& private_key, |
494 | | const std::vector<uint8_t>& public_value, |
495 | | RandomNumberGenerator& rng, |
496 | | const Policy& policy); |
497 | | |
498 | | /** |
499 | | * Optional callback: inspect handshake message |
500 | | * Throw an exception to abort the handshake. |
501 | | * Default simply ignores the message. |
502 | | * |
503 | | * Note: On connections that negotiated TLS 1.3 this callback is also |
504 | | * invoked for post-handshake messages. |
505 | | * |
506 | | * @param message the handshake message |
507 | | */ |
508 | | virtual void tls_inspect_handshake_msg(const Handshake_Message& message); |
509 | | |
510 | | /** |
511 | | * Optional callback for server: choose ALPN protocol |
512 | | * |
513 | | * ALPN (RFC 7301) works by the client sending a list of application |
514 | | * protocols it is willing to negotiate. The server then selects which |
515 | | * protocol to use. RFC 7301 requires that if the server does not support |
516 | | * any protocols offered by the client, then it should close the connection |
517 | | * with an alert of no_application_protocol. Within this callback this would |
518 | | * be done by throwing a TLS_Exception(Alert::NoApplicationProtocol) |
519 | | * |
520 | | * @param client_protos the vector of protocols the client is willing to negotiate |
521 | | * |
522 | | * @return the protocol selected by the server; if the empty string is |
523 | | * returned, the server does not reply to the client ALPN extension. |
524 | | * |
525 | | * The default implementation returns the empty string, causing client |
526 | | * ALPN to be ignored. |
527 | | * |
528 | | * It is highly recommended to support ALPN whenever possible to avoid |
529 | | * cross-protocol attacks. |
530 | | */ |
531 | | virtual std::string tls_server_choose_app_protocol(const std::vector<std::string>& client_protos); |
532 | | |
533 | | /** |
534 | | * Optional callback: examine/modify Extensions before sending. |
535 | | * |
536 | | * Both client and server will call this callback on the Extensions object |
537 | | * before serializing it in the specific handshake message. This allows an |
538 | | * application to modify which extensions are sent during the handshake. |
539 | | * |
540 | | * Default implementation does nothing. |
541 | | * |
542 | | * @param extn the extensions |
543 | | * @param which_side will be Connection_Side::Client or Connection_Side::Server which is the current |
544 | | * applications role in the exchange. |
545 | | * @param which_message will state the handshake message type containing the extensions |
546 | | */ |
547 | | virtual void tls_modify_extensions(Extensions& extn, Connection_Side which_side, Handshake_Type which_message); |
548 | | |
549 | | /** |
550 | | * Optional callback: examine peer extensions. |
551 | | * |
552 | | * Both client and server will call this callback with the Extensions |
553 | | * object after receiving it from the peer. This allows examining the |
554 | | * Extensions, for example to implement a custom extension. It also allows |
555 | | * an application to require that a particular extension be implemented; |
556 | | * throw an exception from this function to abort the handshake. |
557 | | * |
558 | | * Default implementation does nothing. |
559 | | * |
560 | | * @param extn the extensions |
561 | | * @param which_side will be Connection_Side::Client if these are are the clients extensions (ie we are |
562 | | * the server) or Connection_Side::Server if these are the server extensions (we are the client). |
563 | | * @param which_message will state the handshake message type containing the extensions |
564 | | */ |
565 | | virtual void tls_examine_extensions(const Extensions& extn, |
566 | | Connection_Side which_side, |
567 | | Handshake_Type which_message); |
568 | | |
569 | | /** |
570 | | * Optional callback: parse a single OCSP Response |
571 | | * |
572 | | * Note: Typically a user of the library would not want to override this |
573 | | * callback. We provide this callback to be able to support OCSP |
574 | | * related tests from BoringSSL's BoGo tests that provide unparsable |
575 | | * responses. |
576 | | * |
577 | | * Default implementation tries to parse the provided raw OCSP response. |
578 | | * |
579 | | * This function should not throw an exception but return a std::nullopt |
580 | | * if the OCSP response cannot be parsed. |
581 | | * |
582 | | * @param raw_response raw OCSP response buffer |
583 | | * @returns the parsed OCSP response or std::nullopt on error |
584 | | */ |
585 | | virtual std::optional<OCSP::Response> tls_parse_ocsp_response(const std::vector<uint8_t>& raw_response); |
586 | | |
587 | | /** |
588 | | * Optional callback: return peer network identity |
589 | | * |
590 | | * There is no expected or specified format. The only expectation is this |
591 | | * function will return a unique value. For example returning the peer |
592 | | * host IP and port. |
593 | | * |
594 | | * This is used to bind the DTLS cookie to a particular network identity. |
595 | | * It is only called if the dtls-cookie-secret PSK is also defined. |
596 | | */ |
597 | | virtual std::string tls_peer_network_identity(); |
598 | | |
599 | | /** |
600 | | * Optional callback: return a custom time stamp value |
601 | | * |
602 | | * This allows the library user to specify a custom "now" timestamp when |
603 | | * needed. By default it will use the current system clock time. |
604 | | * |
605 | | * Note that typical usages will not need to override this callback but it |
606 | | * is useful for testing purposes to allow for deterministic test outcomes. |
607 | | */ |
608 | | virtual std::chrono::system_clock::time_point tls_current_timestamp(); |
609 | | |
610 | | /** |
611 | | * Optional callback: error logging. (not currently called) |
612 | | * @param err An error message related to this connection. |
613 | | */ |
614 | 0 | virtual void tls_log_error(const char* err) { BOTAN_UNUSED(err); }Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_error(char const*) Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_error(char const*) |
615 | | |
616 | | /** |
617 | | * Optional callback: debug logging. (not currently called) |
618 | | * @param what Some hopefully informative string |
619 | | */ |
620 | 0 | virtual void tls_log_debug(const char* what) { BOTAN_UNUSED(what); }Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_debug(char const*) Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_debug(char const*) |
621 | | |
622 | | /** |
623 | | * Optional callback: debug logging taking a buffer. (not currently called) |
624 | | * @param descr What this buffer is |
625 | | * @param val the bytes |
626 | | * @param val_len length of val |
627 | | */ |
628 | 0 | virtual void tls_log_debug_bin(const char* descr, const uint8_t val[], size_t val_len) { |
629 | 0 | BOTAN_UNUSED(descr, val, val_len); |
630 | 0 | } Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_debug_bin(char const*, unsigned char const*, unsigned long) Unexecuted instantiation: Botan::TLS::Callbacks::tls_log_debug_bin(char const*, unsigned char const*, unsigned long) |
631 | | |
632 | | /** |
633 | | * Optional callback: Allows access to a connection's secret data |
634 | | * |
635 | | * Useful to implement the SSLKEYLOGFILE for connection debugging as |
636 | | * specified in ietf.org/archive/id/draft-thomson-tls-keylogfile-00.html |
637 | | * |
638 | | * Invoked if Policy::allow_ssl_key_log_file returns true. |
639 | | * |
640 | | * Default implementation simply ignores the inputs. |
641 | | * |
642 | | * @param label Identifies the reported secret type |
643 | | * See draft-thomson-tls-keylogfile-00 Section 3.1 and 3.2 |
644 | | * @param client_random random value from ClientHello message acting as |
645 | | * an identifier of the TLS sessions |
646 | | * @param secret the actual secret value |
647 | | */ |
648 | | virtual void tls_ssl_key_log_data(std::string_view label, |
649 | | std::span<const uint8_t> client_random, |
650 | 0 | std::span<const uint8_t> secret) const { |
651 | 0 | BOTAN_UNUSED(label, client_random, secret); |
652 | 0 | } Unexecuted instantiation: Botan::TLS::Callbacks::tls_ssl_key_log_data(std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::span<unsigned char const, 18446744073709551615ul>, std::__1::span<unsigned char const, 18446744073709551615ul>) const Unexecuted instantiation: Botan::TLS::Callbacks::tls_ssl_key_log_data(std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::span<unsigned char const, 18446744073709551615ul>, std::__1::span<unsigned char const, 18446744073709551615ul>) const |
653 | | }; |
654 | | |
655 | | } // namespace TLS |
656 | | |
657 | | } // namespace Botan |
658 | | |
659 | | #endif |