Botan 2.19.3
Crypto and TLS for C&
tls_callbacks.cpp
Go to the documentation of this file.
1/*
2* TLS Callbacks
3* (C) 2016 Jack Lloyd
4* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/tls_callbacks.h>
10#include <botan/tls_policy.h>
11#include <botan/tls_algos.h>
12#include <botan/x509path.h>
13#include <botan/ocsp.h>
14#include <botan/dh.h>
15#include <botan/ecdh.h>
16#include <botan/tls_exceptn.h>
17#include <botan/internal/ct_utils.h>
18
19#if defined(BOTAN_HAS_CURVE_25519)
20 #include <botan/curve25519.h>
21#endif
22
23namespace Botan {
24
26 {
27 // default is no op
28 }
29
30std::string TLS::Callbacks::tls_server_choose_app_protocol(const std::vector<std::string>&)
31 {
32 return "";
33 }
34
36 {
37 return "";
38 }
39
43
47
49 {
50 return group_param_to_string(group_param);
51 }
52
54 const std::vector<X509_Certificate>& cert_chain,
55 const std::vector<std::shared_ptr<const OCSP::Response>>& ocsp_responses,
56 const std::vector<Certificate_Store*>& trusted_roots,
57 Usage_Type usage,
58 const std::string& hostname,
59 const TLS::Policy& policy)
60 {
61 if(cert_chain.empty())
62 throw Invalid_Argument("Certificate chain was empty");
63
66
68 x509_path_validate(cert_chain,
69 restrictions,
70 trusted_roots,
71 (usage == Usage_Type::TLS_SERVER_AUTH ? hostname : ""),
72 usage,
73 std::chrono::system_clock::now(),
74 tls_verify_cert_chain_ocsp_timeout(),
75 ocsp_responses);
76
77 if(!result.successful_validation())
78 {
80 "Certificate validation failure: " + result.result_string());
81 }
82 }
83
85 const Private_Key& key,
87 const std::string& emsa,
88 Signature_Format format,
89 const std::vector<uint8_t>& msg)
90 {
91 PK_Signer signer(key, rng, emsa, format);
92
93 return signer.sign_message(msg, rng);
94 }
95
97 const Public_Key& key,
98 const std::string& emsa,
99 Signature_Format format,
100 const std::vector<uint8_t>& msg,
101 const std::vector<uint8_t>& sig)
102 {
103 PK_Verifier verifier(key, emsa, format);
104
105 return verifier.verify_message(msg, sig);
106 }
107
108std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> TLS::Callbacks::tls_dh_agree(
109 const std::vector<uint8_t>& modulus,
110 const std::vector<uint8_t>& generator,
111 const std::vector<uint8_t>& peer_public_value,
112 const Policy& policy,
114 {
115 BigInt p = BigInt::decode(modulus);
116 BigInt g = BigInt::decode(generator);
117 BigInt Y = BigInt::decode(peer_public_value);
118
119 /*
120 * A basic check for key validity. As we do not know q here we
121 * cannot check that Y is in the right subgroup. However since
122 * our key is ephemeral there does not seem to be any
123 * advantage to bogus keys anyway.
124 */
125 if(Y <= 1 || Y >= p - 1)
127 "Server sent bad DH key for DHE exchange");
128
129 DL_Group group(p, g);
130
131 if(!group.verify_group(rng, false))
133 "DH group validation failed");
134
135 DH_PublicKey peer_key(group, Y);
136
137 policy.check_peer_key_acceptable(peer_key);
138
139 DH_PrivateKey priv_key(rng, group);
140 PK_Key_Agreement ka(priv_key, rng, "Raw");
142 ka.derive_key(0, peer_key.public_value()).bits_of());
143
144 return std::make_pair(dh_secret, priv_key.public_value());
145 }
146
147std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> TLS::Callbacks::tls_ecdh_agree(
148 const std::string& curve_name,
149 const std::vector<uint8_t>& peer_public_value,
150 const Policy& policy,
152 bool compressed)
153 {
154 secure_vector<uint8_t> ecdh_secret;
155 std::vector<uint8_t> our_public_value;
156
157 if(curve_name == "x25519")
158 {
159#if defined(BOTAN_HAS_CURVE_25519)
160 if(peer_public_value.size() != 32)
161 {
162 throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Invalid X25519 key size");
163 }
164
165 Curve25519_PublicKey peer_key(peer_public_value);
166 policy.check_peer_key_acceptable(peer_key);
167 Curve25519_PrivateKey priv_key(rng);
168 PK_Key_Agreement ka(priv_key, rng, "Raw");
169 ecdh_secret = ka.derive_key(0, peer_key.public_value()).bits_of();
170
171 // X25519 is always compressed but sent as "uncompressed" in TLS
172 our_public_value = priv_key.public_value();
173#else
174 throw Internal_Error("Negotiated X25519 somehow, but it is disabled");
175#endif
176 }
177 else
178 {
179 EC_Group group(OID::from_string(curve_name));
180 ECDH_PublicKey peer_key(group, group.OS2ECP(peer_public_value));
181 policy.check_peer_key_acceptable(peer_key);
182 ECDH_PrivateKey priv_key(rng, group);
183 PK_Key_Agreement ka(priv_key, rng, "Raw");
184 ecdh_secret = ka.derive_key(0, peer_key.public_value()).bits_of();
185 our_public_value = priv_key.public_value(compressed ? PointGFp::COMPRESSED : PointGFp::UNCOMPRESSED);
186 }
187
188 return std::make_pair(ecdh_secret, our_public_value);
189 }
190
191}
static BigInt decode(const uint8_t buf[], size_t length)
Definition bigint.h:805
std::vector< uint8_t > public_value() const override
Definition curve25519.h:83
std::vector< uint8_t > public_value() const
Definition curve25519.h:30
std::vector< uint8_t > public_value() const override
Definition dh.cpp:72
std::vector< uint8_t > public_value() const
Definition dh.cpp:27
bool verify_group(RandomNumberGenerator &rng, bool strong=true) const
Definition dl_group.cpp:380
std::vector< uint8_t > public_value() const override
Definition ecdh.h:92
std::vector< uint8_t > public_value() const
Definition ecdh.h:50
PointGFp OS2ECP(const uint8_t bits[], size_t len) const
Definition ec_group.cpp:573
static OID from_string(const std::string &str)
Definition asn1_oid.cpp:62
secure_vector< uint8_t > bits_of() const
Definition symkey.h:31
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
Definition pubkey.cpp:218
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:214
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:331
std::string result_string() const
virtual std::string tls_decode_group_param(Group_Params group_param)
virtual std::string tls_peer_network_identity()
virtual void tls_examine_extensions(const Extensions &extn, Connection_Side which_side)
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side)
virtual std::string tls_server_choose_app_protocol(const std::vector< std::string > &client_protos)
virtual bool tls_verify_message(const Public_Key &key, const std::string &emsa, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
virtual std::pair< secure_vector< uint8_t >, std::vector< uint8_t > > tls_dh_agree(const std::vector< uint8_t > &modulus, const std::vector< uint8_t > &generator, const std::vector< uint8_t > &peer_public_value, const Policy &policy, RandomNumberGenerator &rng)
virtual void tls_verify_cert_chain(const std::vector< X509_Certificate > &cert_chain, const std::vector< std::shared_ptr< const OCSP::Response > > &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, const std::string &hostname, const TLS::Policy &policy)
virtual std::pair< secure_vector< uint8_t >, std::vector< uint8_t > > tls_ecdh_agree(const std::string &curve_name, const std::vector< uint8_t > &peer_public_value, const Policy &policy, RandomNumberGenerator &rng, bool compressed)
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, const std::string &emsa, Signature_Format format, const std::vector< uint8_t > &msg)
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
virtual bool require_cert_revocation_info() const
virtual size_t minimum_signature_strength() const
fe Y
Definition ge.cpp:28
secure_vector< uint8_t > strip_leading_zeros(const uint8_t in[], size_t length)
Definition ct_utils.cpp:66
std::string group_param_to_string(Group_Params group)
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response > > &ocsp_resp)
Definition x509path.cpp:850
Usage_Type
Definition x509cert.h:23
Signature_Format
Definition pk_keys.h:23
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65