Botan 3.5.0
Crypto and TLS for C&
Botan::TLS::Client_Hello_13 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Client_Hello_13:
Botan::TLS::Client_Hello Botan::TLS::Handshake_Message

Public Member Functions

std::vector< Signature_Schemecertificate_signature_schemes () const
 
const std::vector< uint16_t > & ciphersuites () const
 
 Client_Hello_13 (const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, std::string_view hostname, const std::vector< std::string > &next_protocols, std::optional< Session_with_Handle > &session, std::vector< ExternalPSK > psks)
 
const std::vector< uint8_t > & cookie () const
 
std::vector< uint8_t > cookie_input_data () const
 
std::set< Extension_Codeextension_types () const
 
const Extensionsextensions () const
 
std::optional< Protocol_Versionhighest_supported_version (const Policy &policy) const
 
Protocol_Version legacy_version () const
 
std::vector< std::string > next_protocols () const
 
bool offered_suite (uint16_t ciphersuite) const
 
const std::vector< uint8_t > & random () const
 
void retry (const Hello_Retry_Request &hrr, const Transcript_Hash_State &transcript_hash_state, Callbacks &cb, RandomNumberGenerator &rng)
 
bool sent_signature_algorithms () const
 
std::vector< uint8_t > serialize () const override
 
const Session_IDsession_id () const
 
std::vector< Signature_Schemesignature_schemes () const
 
std::string sni_hostname () const
 
std::vector< uint16_t > srtp_profiles () const
 
std::vector< Group_Paramssupported_dh_groups () const
 
std::vector< Group_Paramssupported_ecc_curves () const
 
std::vector< Protocol_Versionsupported_versions () const
 
bool supports_alpn () const
 
Handshake_Type type () const override
 
std::string type_string () const
 
void validate_updates (const Client_Hello_13 &new_ch)
 
virtual Handshake_Type wire_type () const
 

Static Public Member Functions

static std::variant< Client_Hello_13, Client_Hello_12parse (const std::vector< uint8_t > &buf)
 

Protected Member Functions

const std::vector< uint8_t > & compression_methods () const
 

Protected Attributes

std::unique_ptr< Client_Hello_Internal > m_data
 

Detailed Description

Definition at line 218 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Client_Hello_13()

Botan::TLS::Client_Hello_13::Client_Hello_13 ( const Policy & policy,
Callbacks & cb,
RandomNumberGenerator & rng,
std::string_view hostname,
const std::vector< std::string > & next_protocols,
std::optional< Session_with_Handle > & session,
std::vector< ExternalPSK > psks )

Creates a client hello which might optionally use the passed-in session for resumption. In that case, this will "extract" the master secret from the passed-in session.

Definition at line 753 of file msg_client_hello.cpp.

759 {
760 // RFC 8446 4.1.2
761 // In TLS 1.3, the client indicates its version preferences in the
762 // "supported_versions" extension (Section 4.2.1) and the
763 // legacy_version field MUST be set to 0x0303, which is the version
764 // number for TLS 1.2.
765 m_data->m_legacy_version = Protocol_Version::TLS_V12;
766 m_data->m_random = make_hello_random(rng, cb, policy);
767 m_data->m_suites = policy.ciphersuite_list(Protocol_Version::TLS_V13);
768
769 if(policy.allow_tls12()) // Note: DTLS 1.3 is NYI, hence dtls_12 is not checked
770 {
771 const auto legacy_suites = policy.ciphersuite_list(Protocol_Version::TLS_V12);
772 m_data->m_suites.insert(m_data->m_suites.end(), legacy_suites.cbegin(), legacy_suites.cend());
773 }
774
775 if(policy.tls_13_middlebox_compatibility_mode()) {
776 // RFC 8446 4.1.2
777 // In compatibility mode (see Appendix D.4), this field MUST be non-empty,
778 // so a client not offering a pre-TLS 1.3 session MUST generate a new
779 // 32-byte value.
780 //
781 // Note: we won't ever offer a TLS 1.2 session. In such a case we would
782 // have instantiated a TLS 1.2 client in the first place.
783 m_data->m_session_id = Session_ID(make_hello_random(rng, cb, policy));
784 }
785
786 if(hostname_acceptable_for_sni(hostname)) {
787 m_data->extensions().add(new Server_Name_Indicator(hostname));
788 }
789
790 m_data->extensions().add(new Supported_Groups(policy.key_exchange_groups()));
791
792 m_data->extensions().add(new Key_Share(policy, cb, rng));
793
794 m_data->extensions().add(new Supported_Versions(Protocol_Version::TLS_V13, policy));
795
796 m_data->extensions().add(new Signature_Algorithms(policy.acceptable_signature_schemes()));
797 if(auto cert_signing_prefs = policy.acceptable_certificate_signature_schemes()) {
798 // RFC 8446 4.2.3
799 // Implementations which have the same policy in both cases MAY omit
800 // the "signature_algorithms_cert" extension.
801 m_data->extensions().add(new Signature_Algorithms_Cert(std::move(cert_signing_prefs.value())));
802 }
803
804 // TODO: Support for PSK-only mode without a key exchange.
805 // This should be configurable in TLS::Policy and should allow no PSK
806 // support at all (e.g. to disable support for session resumption).
807 m_data->extensions().add(new PSK_Key_Exchange_Modes({PSK_Key_Exchange_Mode::PSK_DHE_KE}));
808
809 if(policy.support_cert_status_message()) {
810 m_data->extensions().add(new Certificate_Status_Request({}, {}));
811 }
812
813 // We currently support "record_size_limit" for TLS 1.3 exclusively. Hence,
814 // when TLS 1.2 is advertised as a supported protocol, we must not offer this
815 // extension.
816 if(policy.record_size_limit().has_value() && !policy.allow_tls12()) {
817 m_data->extensions().add(new Record_Size_Limit(policy.record_size_limit().value()));
818 }
819
820 if(!next_protocols.empty()) {
821 m_data->extensions().add(new Application_Layer_Protocol_Notification(next_protocols));
822 }
823
824 // RFC 7250 4.1
825 // In order to indicate the support of raw public keys, clients include
826 // the client_certificate_type and/or the server_certificate_type
827 // extensions in an extended client hello message.
828 m_data->extensions().add(new Client_Certificate_Type(policy.accepted_client_certificate_types()));
829 m_data->extensions().add(new Server_Certificate_Type(policy.accepted_server_certificate_types()));
830
831 if(policy.allow_tls12()) {
832 m_data->extensions().add(new Renegotiation_Extension());
833 m_data->extensions().add(new Session_Ticket_Extension());
834
835 // EMS must always be used with TLS 1.2, regardless of the policy
836 m_data->extensions().add(new Extended_Master_Secret);
837
838 if(policy.negotiate_encrypt_then_mac()) {
839 m_data->extensions().add(new Encrypt_then_MAC);
840 }
841
842 if(m_data->extensions().has<Supported_Groups>() &&
843 !m_data->extensions().get<Supported_Groups>()->ec_groups().empty()) {
844 m_data->extensions().add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
845 }
846 }
847
848 if(session.has_value() || !psks.empty()) {
849 m_data->extensions().add(new PSK(session, std::move(psks), cb));
850 }
851
852 cb.tls_modify_extensions(m_data->extensions(), Connection_Side::Client, type());
853
854 if(m_data->extensions().has<PSK>()) {
855 // RFC 8446 4.2.11
856 // The "pre_shared_key" extension MUST be the last extension in the
857 // ClientHello (this facilitates implementation [...]).
858 if(m_data->extensions().all().back()->type() != Extension_Code::PresharedKey) {
859 throw TLS_Exception(Alert::InternalError,
860 "Application modified extensions of Client Hello, PSK is not last anymore");
861 }
862 calculate_psk_binders({});
863 }
864}
std::unique_ptr< Client_Hello_Internal > m_data
std::vector< std::string > next_protocols() const
Handshake_Type type() const override
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, Callbacks &cb, const Policy &policy)
Strong< std::vector< uint8_t >, struct Session_ID_ > Session_ID
holds a TLS 1.2 session ID for stateful resumption
Definition tls_session.h:32

References Botan::TLS::Policy::acceptable_certificate_signature_schemes(), Botan::TLS::Policy::acceptable_signature_schemes(), Botan::TLS::Policy::accepted_client_certificate_types(), Botan::TLS::Policy::accepted_server_certificate_types(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Policy::ciphersuite_list(), Botan::TLS::Client, Botan::TLS::Supported_Groups::ec_groups(), Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::Client_Hello::m_data, Botan::TLS::make_hello_random(), Botan::TLS::Policy::negotiate_encrypt_then_mac(), Botan::TLS::Client_Hello::next_protocols(), Botan::TLS::PresharedKey, Botan::TLS::PSK, Botan::TLS::PSK_DHE_KE, Botan::TLS::Policy::record_size_limit(), Botan::TLS::Policy::support_cert_status_message(), Botan::TLS::Policy::tls_13_middlebox_compatibility_mode(), Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::Client_Hello::type(), and Botan::TLS::Policy::use_ecc_point_compression().

Referenced by parse().

Member Function Documentation

◆ certificate_signature_schemes()

std::vector< Signature_Scheme > Botan::TLS::Client_Hello::certificate_signature_schemes ( ) const
inherited

Definition at line 270 of file msg_client_hello.cpp.

270 {
271 // RFC 8446 4.2.3
272 // If no "signature_algorithms_cert" extension is present, then the
273 // "signature_algorithms" extension also applies to signatures appearing
274 // in certificates.
275 if(Signature_Algorithms_Cert* sigs = m_data->extensions().get<Signature_Algorithms_Cert>()) {
276 return sigs->supported_schemes();
277 } else {
278 return signature_schemes();
279 }
280}
std::vector< Signature_Scheme > signature_schemes() const

References Botan::TLS::Client_Hello::m_data, and Botan::TLS::Client_Hello::signature_schemes().

Referenced by Botan::TLS::Certificate_13::Certificate_13().

◆ ciphersuites()

const std::vector< uint16_t > & Botan::TLS::Client_Hello::ciphersuites ( ) const
inherited

Definition at line 200 of file msg_client_hello.cpp.

200 {
201 return m_data->ciphersuites();
202}

References Botan::TLS::Client_Hello::m_data.

◆ compression_methods()

const std::vector< uint8_t > & Botan::TLS::Client_Hello::compression_methods ( ) const
protectedinherited

Definition at line 196 of file msg_client_hello.cpp.

196 {
197 return m_data->comp_methods();
198}

References Botan::TLS::Client_Hello::m_data.

◆ cookie()

const std::vector< uint8_t > & Botan::TLS::Client_Hello::cookie ( ) const
inherited

Definition at line 387 of file msg_client_hello.cpp.

387 {
388 return m_data->hello_cookie();
389}

References Botan::TLS::Client_Hello::m_data.

◆ cookie_input_data()

std::vector< uint8_t > Botan::TLS::Client_Hello::cookie_input_data ( ) const
inherited

Definition at line 249 of file msg_client_hello.cpp.

249 {
250 BOTAN_STATE_CHECK(!m_data->hello_cookie_input_bits().empty());
251
252 return m_data->hello_cookie_input_bits();
253}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41

References BOTAN_STATE_CHECK, and Botan::TLS::Client_Hello::m_data.

◆ extension_types()

std::set< Extension_Code > Botan::TLS::Client_Hello::extension_types ( ) const
inherited

Definition at line 204 of file msg_client_hello.cpp.

204 {
205 return m_data->extensions().extension_types();
206}

References Botan::TLS::Client_Hello::m_data.

Referenced by Botan::TLS::Server_Hello_12::Server_Hello_12(), Botan::TLS::Server_Hello_12::Server_Hello_12(), and validate_updates().

◆ extensions()

◆ highest_supported_version()

std::optional< Protocol_Version > Botan::TLS::Client_Hello_13::highest_supported_version ( const Policy & policy) const

Select the highest protocol version from the list of versions supported by the client. If no such version can be determind this returns std::nullopt.

Definition at line 1044 of file msg_client_hello.cpp.

1044 {
1045 // RFC 8446 4.2.1
1046 // The "supported_versions" extension is used by the client to indicate
1047 // which versions of TLS it supports and by the server to indicate which
1048 // version it is using. The extension contains a list of supported
1049 // versions in preference order, with the most preferred version first.
1050 const auto supvers = m_data->extensions().get<Supported_Versions>();
1051 BOTAN_ASSERT_NONNULL(supvers);
1052
1053 std::optional<Protocol_Version> result;
1054
1055 for(const auto& v : supvers->versions()) {
1056 // RFC 8446 4.2.1
1057 // Servers MUST only select a version of TLS present in that extension
1058 // and MUST ignore any unknown versions that are present in that
1059 // extension.
1060 if(!v.known_version() || !policy.acceptable_protocol_version(v)) {
1061 continue;
1062 }
1063
1064 result = (result.has_value()) ? std::optional(std::max(result.value(), v)) : std::optional(v);
1065 }
1066
1067 return result;
1068}
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86

References Botan::TLS::Policy::acceptable_protocol_version(), BOTAN_ASSERT_NONNULL, and Botan::TLS::Client_Hello::m_data.

◆ legacy_version()

Protocol_Version Botan::TLS::Client_Hello::legacy_version ( ) const
inherited

Return the version indicated in the ClientHello. This may differ from the version indicated in the supported_versions extension.

See RFC 8446 4.1.2: TLS 1.3, the client indicates its version preferences in the "supported_versions" extension (Section 4.2.1) and the legacy_version field MUST be set to 0x0303, which is the version number for TLS 1.2.

Definition at line 184 of file msg_client_hello.cpp.

184 {
185 return m_data->legacy_version();
186}

References Botan::TLS::Client_Hello::m_data.

◆ next_protocols()

std::vector< std::string > Botan::TLS::Client_Hello::next_protocols ( ) const
inherited

Definition at line 373 of file msg_client_hello.cpp.

373 {
374 if(auto alpn = m_data->extensions().get<Application_Layer_Protocol_Notification>()) {
375 return alpn->protocols();
376 }
377 return {};
378}

References Botan::TLS::Client_Hello::m_data.

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), and Client_Hello_13().

◆ offered_suite()

bool Botan::TLS::Client_Hello::offered_suite ( uint16_t ciphersuite) const
inherited

Definition at line 258 of file msg_client_hello.cpp.

258 {
259 return std::find(m_data->ciphersuites().cbegin(), m_data->ciphersuites().cend(), ciphersuite) !=
260 m_data->ciphersuites().cend();
261}

References Botan::TLS::Client_Hello::m_data.

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().

◆ parse()

std::variant< Client_Hello_13, Client_Hello_12 > Botan::TLS::Client_Hello_13::parse ( const std::vector< uint8_t > & buf)
static

Definition at line 866 of file msg_client_hello.cpp.

866 {
867 auto data = std::make_unique<Client_Hello_Internal>(buf);
868 const auto version = data->version();
869
870 if(version.is_pre_tls_13()) {
871 return Client_Hello_12(std::move(data));
872 } else {
873 return Client_Hello_13(std::move(data));
874 }
875}
Client_Hello_13(const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, std::string_view hostname, const std::vector< std::string > &next_protocols, std::optional< Session_with_Handle > &session, std::vector< ExternalPSK > psks)

References Client_Hello_13().

◆ random()

const std::vector< uint8_t > & Botan::TLS::Client_Hello::random ( ) const
inherited

Definition at line 188 of file msg_client_hello.cpp.

188 {
189 return m_data->random();
190}

References Botan::TLS::Client_Hello::m_data.

◆ retry()

void Botan::TLS::Client_Hello_13::retry ( const Hello_Retry_Request & hrr,
const Transcript_Hash_State & transcript_hash_state,
Callbacks & cb,
RandomNumberGenerator & rng )

Definition at line 877 of file msg_client_hello.cpp.

880 {
881 BOTAN_STATE_CHECK(m_data->extensions().has<Supported_Groups>());
882 BOTAN_STATE_CHECK(m_data->extensions().has<Key_Share>());
883
884 auto hrr_ks = hrr.extensions().get<Key_Share>();
885 const auto& supported_groups = m_data->extensions().get<Supported_Groups>()->groups();
886
887 if(hrr.extensions().has<Key_Share>()) {
888 m_data->extensions().get<Key_Share>()->retry_offer(*hrr_ks, supported_groups, cb, rng);
889 }
890
891 // RFC 8446 4.2.2
892 // When sending the new ClientHello, the client MUST copy
893 // the contents of the extension received in the HelloRetryRequest into
894 // a "cookie" extension in the new ClientHello.
895 //
896 // RFC 8446 4.2.2
897 // Clients MUST NOT use cookies in their initial ClientHello in subsequent
898 // connections.
899 if(hrr.extensions().has<Cookie>()) {
900 BOTAN_STATE_CHECK(!m_data->extensions().has<Cookie>());
901 m_data->extensions().add(new Cookie(hrr.extensions().get<Cookie>()->get_cookie()));
902 }
903
904 // Note: the consumer of the TLS implementation won't be able to distinguish
905 // invocations to this callback due to the first Client_Hello or the
906 // retried Client_Hello after receiving a Hello_Retry_Request. We assume
907 // that the user keeps and detects this state themselves.
908 cb.tls_modify_extensions(m_data->extensions(), Connection_Side::Client, type());
909
910 auto psk = m_data->extensions().get<PSK>();
911 if(psk) {
912 // Cipher suite should always be a known suite as this is checked upstream
913 const auto cipher = Ciphersuite::by_id(hrr.ciphersuite());
914 BOTAN_ASSERT_NOMSG(cipher.has_value());
915
916 // RFC 8446 4.1.4
917 // In [...] its updated ClientHello, the client SHOULD NOT offer
918 // any pre-shared keys associated with a hash other than that of the
919 // selected cipher suite.
920 psk->filter(cipher.value());
921
922 // RFC 8446 4.2.11.2
923 // If the server responds with a HelloRetryRequest and the client
924 // then sends ClientHello2, its binder will be computed over: [...].
925 calculate_psk_binders(transcript_hash_state.clone());
926 }
927}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
static std::optional< Ciphersuite > by_id(uint16_t suite)

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Server_Hello::ciphersuite(), Botan::TLS::Client, Botan::TLS::Transcript_Hash_State::clone(), Botan::TLS::Cookie, Botan::TLS::Server_Hello::extensions(), Botan::TLS::Extensions::get(), Botan::TLS::Cookie::get_cookie(), Botan::TLS::Extensions::has(), Botan::TLS::Client_Hello::m_data, Botan::TLS::Callbacks::tls_modify_extensions(), and Botan::TLS::Client_Hello::type().

◆ sent_signature_algorithms()

bool Botan::TLS::Client_Hello::sent_signature_algorithms ( ) const
inherited

Definition at line 369 of file msg_client_hello.cpp.

369 {
370 return m_data->extensions().has<Signature_Algorithms>();
371}

References Botan::TLS::Client_Hello::m_data.

◆ serialize()

std::vector< uint8_t > Botan::TLS::Client_Hello::serialize ( ) const
overridevirtualinherited
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 221 of file msg_client_hello.cpp.

221 {
222 std::vector<uint8_t> buf;
223 buf.reserve(1024); // working around GCC warning
224
225 buf.push_back(m_data->legacy_version().major_version());
226 buf.push_back(m_data->legacy_version().minor_version());
227 buf += m_data->random();
228
229 append_tls_length_value(buf, m_data->session_id().get(), 1);
230
231 if(m_data->legacy_version().is_datagram_protocol()) {
232 append_tls_length_value(buf, m_data->hello_cookie(), 1);
233 }
234
235 append_tls_length_value(buf, m_data->ciphersuites(), 2);
236 append_tls_length_value(buf, m_data->comp_methods(), 1);
237
238 /*
239 * May not want to send extensions at all in some cases. If so,
240 * should include SCSV value (if reneg info is empty, if not we are
241 * renegotiating with a modern server)
242 */
243
244 buf += m_data->extensions().serialize(Connection_Side::Client);
245
246 return buf;
247}
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition tls_reader.h:180

References Botan::TLS::append_tls_length_value(), Botan::TLS::Client, and Botan::TLS::Client_Hello::m_data.

◆ session_id()

const Session_ID & Botan::TLS::Client_Hello::session_id ( ) const
inherited

Definition at line 192 of file msg_client_hello.cpp.

192 {
193 return m_data->session_id();
194}

References Botan::TLS::Client_Hello::m_data.

Referenced by Botan::TLS::Client_Hello_12::session_handle().

◆ signature_schemes()

std::vector< Signature_Scheme > Botan::TLS::Client_Hello::signature_schemes ( ) const
inherited

Definition at line 263 of file msg_client_hello.cpp.

263 {
264 if(Signature_Algorithms* sigs = m_data->extensions().get<Signature_Algorithms>()) {
265 return sigs->supported_schemes();
266 }
267 return {};
268}

References Botan::TLS::Client_Hello::m_data.

Referenced by Botan::TLS::Certificate_13::Certificate_13(), Botan::TLS::Client_Hello::certificate_signature_schemes(), and Botan::TLS::Handshake_State::choose_sig_format().

◆ sni_hostname()

std::string Botan::TLS::Client_Hello::sni_hostname ( ) const
inherited

Definition at line 303 of file msg_client_hello.cpp.

303 {
304 if(Server_Name_Indicator* sni = m_data->extensions().get<Server_Name_Indicator>()) {
305 return sni->host_name();
306 }
307 return "";
308}

References Botan::TLS::Client_Hello::m_data.

Referenced by Botan::TLS::Certificate_13::Certificate_13(), Botan::TLS::Certificate_Request_13::maybe_create(), and Botan::TLS::Server_Hello_13::Server_Hello_13().

◆ srtp_profiles()

std::vector< uint16_t > Botan::TLS::Client_Hello::srtp_profiles ( ) const
inherited

Definition at line 380 of file msg_client_hello.cpp.

380 {
381 if(SRTP_Protection_Profiles* srtp = m_data->extensions().get<SRTP_Protection_Profiles>()) {
382 return srtp->profiles();
383 }
384 return {};
385}

References Botan::TLS::Client_Hello::m_data.

Referenced by Botan::TLS::Server_Hello_12::Server_Hello_12().

◆ supported_dh_groups()

std::vector< Group_Params > Botan::TLS::Client_Hello::supported_dh_groups ( ) const
inherited

Definition at line 289 of file msg_client_hello.cpp.

289 {
290 if(Supported_Groups* groups = m_data->extensions().get<Supported_Groups>()) {
291 return groups->dh_groups();
292 }
293 return std::vector<Group_Params>();
294}

References Botan::TLS::Client_Hello::m_data.

◆ supported_ecc_curves()

std::vector< Group_Params > Botan::TLS::Client_Hello::supported_ecc_curves ( ) const
inherited

Definition at line 282 of file msg_client_hello.cpp.

282 {
283 if(Supported_Groups* groups = m_data->extensions().get<Supported_Groups>()) {
284 return groups->ec_groups();
285 }
286 return {};
287}

References Botan::TLS::Client_Hello::m_data.

◆ supported_versions()

std::vector< Protocol_Version > Botan::TLS::Client_Hello::supported_versions ( ) const
inherited

Definition at line 321 of file msg_client_hello.cpp.

321 {
322 if(Supported_Versions* versions = m_data->extensions().get<Supported_Versions>()) {
323 return versions->versions();
324 }
325 return {};
326}

References Botan::TLS::Client_Hello::m_data.

◆ supports_alpn()

bool Botan::TLS::Client_Hello::supports_alpn ( ) const
inherited

Definition at line 353 of file msg_client_hello.cpp.

353 {
354 return m_data->extensions().has<Application_Layer_Protocol_Notification>();
355}

References Botan::TLS::Client_Hello::m_data.

Referenced by Botan::TLS::Server_Hello_12::Server_Hello_12(), and Botan::TLS::Server_Hello_12::Server_Hello_12().

◆ type()

Handshake_Type Botan::TLS::Client_Hello::type ( ) const
overridevirtualinherited

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

19 {
21}
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ validate_updates()

void Botan::TLS::Client_Hello_13::validate_updates ( const Client_Hello_13 & new_ch)

This validates that a Client Hello received after sending a Hello Retry Request was updated in accordance with RFC 8446 4.1.2. If issues are found, this method throws accordingly.

Definition at line 929 of file msg_client_hello.cpp.

929 {
930 // RFC 8446 4.1.2
931 // The client will also send a ClientHello when the server has responded
932 // to its ClientHello with a HelloRetryRequest. In that case, the client
933 // MUST send the same ClientHello without modification, except as follows:
934
935 if(m_data->session_id() != new_ch.m_data->session_id() || m_data->random() != new_ch.m_data->random() ||
936 m_data->ciphersuites() != new_ch.m_data->ciphersuites() ||
937 m_data->comp_methods() != new_ch.m_data->comp_methods()) {
938 throw TLS_Exception(Alert::IllegalParameter, "Client Hello core values changed after Hello Retry Request");
939 }
940
941 const auto oldexts = extension_types();
942 const auto newexts = new_ch.extension_types();
943
944 // Check that extension omissions are justified
945 for(const auto oldext : oldexts) {
946 if(!newexts.contains(oldext)) {
947 const auto ext = extensions().get(oldext);
948
949 // We don't make any assumptions about unimplemented extensions.
950 if(!ext->is_implemented()) {
951 continue;
952 }
953
954 // RFC 8446 4.1.2
955 // Removing the "early_data" extension (Section 4.2.10) if one was
956 // present. Early data is not permitted after a HelloRetryRequest.
957 if(oldext == EarlyDataIndication::static_type()) {
958 continue;
959 }
960
961 // RFC 8446 4.1.2
962 // Optionally adding, removing, or changing the length of the
963 // "padding" extension.
964 //
965 // TODO: implement the Padding extension
966 // if(oldext == Padding::static_type())
967 // continue;
968
969 throw TLS_Exception(Alert::IllegalParameter, "Extension removed in updated Client Hello");
970 }
971 }
972
973 // Check that extension additions are justified
974 for(const auto newext : newexts) {
975 if(!oldexts.contains(newext)) {
976 const auto ext = new_ch.extensions().get(newext);
977
978 // We don't make any assumptions about unimplemented extensions.
979 if(!ext->is_implemented()) {
980 continue;
981 }
982
983 // RFC 8446 4.1.2
984 // Including a "cookie" extension if one was provided in the
985 // HelloRetryRequest.
986 if(newext == Cookie::static_type()) {
987 continue;
988 }
989
990 // RFC 8446 4.1.2
991 // Optionally adding, removing, or changing the length of the
992 // "padding" extension.
993 //
994 // TODO: implement the Padding extension
995 // if(newext == Padding::static_type())
996 // continue;
997
998 throw TLS_Exception(Alert::UnsupportedExtension, "Added an extension in updated Client Hello");
999 }
1000 }
1001
1002 // RFC 8446 4.1.2
1003 // Removing the "early_data" extension (Section 4.2.10) if one was
1004 // present. Early data is not permitted after a HelloRetryRequest.
1005 if(new_ch.extensions().has<EarlyDataIndication>()) {
1006 throw TLS_Exception(Alert::IllegalParameter, "Updated Client Hello indicates early data");
1007 }
1008
1009 // TODO: Contents of extensions are not checked for update compatibility, see:
1010 //
1011 // RFC 8446 4.1.2
1012 // If a "key_share" extension was supplied in the HelloRetryRequest,
1013 // replacing the list of shares with a list containing a single
1014 // KeyShareEntry from the indicated group.
1015 //
1016 // Updating the "pre_shared_key" extension if present by recomputing
1017 // the "obfuscated_ticket_age" and binder values and (optionally)
1018 // removing any PSKs which are incompatible with the server's
1019 // indicated cipher suite.
1020 //
1021 // Optionally adding, removing, or changing the length of the
1022 // "padding" extension.
1023}
const Extensions & extensions() const
std::set< Extension_Code > extension_types() const
static Extension_Code static_type()
static Extension_Code static_type()

References Botan::TLS::Client_Hello::extension_types(), Botan::TLS::Client_Hello::extensions(), Botan::TLS::Extensions::get(), Botan::TLS::Extensions::has(), Botan::TLS::Client_Hello::m_data, Botan::TLS::Cookie::static_type(), and Botan::TLS::EarlyDataIndication::static_type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

Referenced by Botan::TLS::Stream_Handshake_IO::send().

Member Data Documentation

◆ m_data

std::unique_ptr<Client_Hello_Internal> Botan::TLS::Client_Hello::m_data
protectedinherited

Definition at line 144 of file tls_messages.h.

Referenced by Botan::TLS::Client_Hello::certificate_signature_schemes(), Botan::TLS::Client_Hello::ciphersuites(), Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), Client_Hello_13(), Botan::TLS::Client_Hello::compression_methods(), Botan::TLS::Client_Hello::cookie(), Botan::TLS::Client_Hello::cookie_input_data(), Botan::TLS::Client_Hello::extension_types(), Botan::TLS::Client_Hello::extensions(), highest_supported_version(), Botan::TLS::Client_Hello::legacy_version(), Botan::TLS::Client_Hello::next_protocols(), Botan::TLS::Client_Hello::offered_suite(), Botan::TLS::Client_Hello_12::prefers_compressed_ec_points(), Botan::TLS::Client_Hello::random(), Botan::TLS::Client_Hello_12::renegotiation_info(), retry(), Botan::TLS::Client_Hello_12::secure_renegotiation(), Botan::TLS::Client_Hello::sent_signature_algorithms(), Botan::TLS::Client_Hello::serialize(), Botan::TLS::Client_Hello::session_id(), Botan::TLS::Client_Hello_12::session_ticket(), Botan::TLS::Client_Hello::signature_schemes(), Botan::TLS::Client_Hello::sni_hostname(), Botan::TLS::Client_Hello::srtp_profiles(), Botan::TLS::Client_Hello::supported_dh_groups(), Botan::TLS::Client_Hello::supported_ecc_curves(), Botan::TLS::Client_Hello::supported_versions(), Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello_12::supports_cert_status_message(), Botan::TLS::Client_Hello_12::supports_encrypt_then_mac(), Botan::TLS::Client_Hello_12::supports_extended_master_secret(), Botan::TLS::Client_Hello_12::supports_session_ticket(), Botan::TLS::Client_Hello_12::update_hello_cookie(), and validate_updates().


The documentation for this class was generated from the following files: