Botan::TLS::Encrypted_Extensions Class Referencefinal
#include <tls_messages_13.h>
Inheritance diagram for Botan::TLS::Encrypted_Extensions:
Public Member Functions | |
| Encrypted_Extensions (const Client_Hello_13 &client_hello, const Policy &policy, Callbacks &cb) | |
| Encrypted_Extensions (const std::vector< uint8_t > &buf) | |
| const Extensions & | extensions () const |
| std::vector< uint8_t > | serialize () const override |
| Handshake_Type | type () const override |
| std::string | type_string () const |
| virtual Handshake_Type | wire_type () const |
Detailed Description
Definition at line 146 of file tls_messages_13.h.
Constructor & Destructor Documentation
◆ Encrypted_Extensions() [1/2]
|
explicit |
Definition at line 97 of file msg_encrypted_extensions.cpp.
97 {
98 TLS_Data_Reader reader("encrypted extensions reader", buf);
99
100 // Encrypted Extensions contains a list of extensions. This list may legally
101 // be empty. However, in that case we should at least see a two-byte length
102 // field that reads 0x00 0x00.
103 if(buf.size() < 2) {
104 throw TLS_Exception(Alert::DecodeError, "Server sent an empty Encrypted Extensions message");
105 }
106
108
109 // RFC 8446 4.2
110 // If an implementation receives an extension which it recognizes and
111 // which is not specified for the message in which it appears, it MUST
112 // abort the handshake with an "illegal_parameter" alert.
113 //
114 // Note that we cannot encounter any extensions that we don't recognize here,
115 // since only extensions we previously offered are allowed in EE.
116 const auto allowed_exts = std::set<Extension_Code>{
117 // Allowed extensions listed in RFC 8446 and implemented in Botan
119 // MAX_FRAGMENT_LENGTH
122 // HEARTBEAT
124 // RFC 7250
127 // EARLY_DATA
128
129 // Allowed extensions not listed in RFC 8446 but acceptable as Botan implements them
131 };
132 if(m_extensions.contains_implemented_extensions_other_than(allowed_exts)) {
133 throw TLS_Exception(Alert::IllegalParameter, "Encrypted Extensions contained an extension that is not allowed");
134 }
135}
Handshake_Type type() const override
Definition tls_messages_13.h:151
@ ServerNameIndication
Definition tls_extensions.h:37
@ ApplicationLayerProtocolNegotiation
Definition tls_extensions.h:45
@ ClientCertificateType
Definition tls_extensions.h:50
@ ServerCertificateType
Definition tls_extensions.h:51
References Botan::TLS::ApplicationLayerProtocolNegotiation, Botan::TLS::ClientCertificateType, Botan::TLS::RecordSizeLimit, Botan::TLS::Server, Botan::TLS::ServerCertificateType, Botan::TLS::ServerNameIndication, Botan::TLS::SupportedGroups, type(), and Botan::TLS::UseSrtp.
◆ Encrypted_Extensions() [2/2]
| Botan::TLS::Encrypted_Extensions::Encrypted_Extensions | ( | const Client_Hello_13 & | client_hello, |
| const Policy & | policy, | ||
| Callbacks & | cb ) |
Definition at line 18 of file msg_encrypted_extensions.cpp.
18 {
19 const auto& exts = client_hello.extensions();
20
21 // NOLINTBEGIN(*-owning-memory)
22
23 // RFC 8446 4.2.7
24 // As of TLS 1.3, servers are permitted to send the "supported_groups"
25 // extension to the client. Clients [...] MAY use the information
26 // learned from a successfully completed handshake to change what groups
27 // they use in their "key_share" extension in subsequent connections.
28 if(exts.has<Supported_Groups>()) {
29 m_extensions.add(new Supported_Groups(policy.key_exchange_groups()));
30 }
31
32 const auto record_size_limit = policy.record_size_limit();
34 if(exts.has<Record_Size_Limit>()) {
35 // RFC 8449 4
36 // Endpoints SHOULD advertise the "record_size_limit" extension, even
37 // if they have no need to limit the size of records. [...] For
38 // servers, this allows clients to know that their limit will be
39 // respected.
40 m_extensions.add(new Record_Size_Limit(record_size_limit.value_or(max_record_size)));
41 } else if(record_size_limit.has_value() && record_size_limit.value() < max_record_size) {
42 // RFC 8449 4
43 // Endpoints SHOULD advertise the "record_size_limit" extension, even if
44 // they have no need to limit the size of records. For clients, this
45 // allows servers to advertise a limit at their discretion.
46 throw TLS_Exception(Alert::MissingExtension,
47 "Server cannot enforce record size limit without the client supporting it");
48 }
49
50 // RFC 7250 4.2
51 // If the TLS server wants to request a certificate from the client
52 // (via the certificate_request message), it MUST include the
53 // client_certificate_type extension in the server hello.
54 // [...]
55 // If the server does not send a certificate_request payload [...],
56 // then the client_certificate_type payload in the server hello MUST be
57 // omitted.
58 if(auto* ch_client_cert_types = exts.get<Client_Certificate_Type>();
59 ch_client_cert_types != nullptr && policy.request_client_certificate_authentication()) {
60 m_extensions.add(new Client_Certificate_Type(*ch_client_cert_types, policy));
61 }
62
63 // RFC 7250 4.2
64 // The server_certificate_type extension in the client hello indicates the
65 // types of certificates the client is able to process when provided by
66 // the server in a subsequent certificate payload. [...] With the
67 // server_certificate_type extension in the server hello, the TLS server
68 // indicates the certificate type carried in the Certificate payload.
69 if(auto* ch_server_cert_types = exts.get<Server_Certificate_Type>()) {
70 m_extensions.add(new Server_Certificate_Type(*ch_server_cert_types, policy));
71 }
72
73 // RFC 6066 3
74 // A server that receives a client hello containing the "server_name"
75 // extension [...] SHALL include an extension of type "server_name" in the
76 // (extended) server hello. The "extension_data" field of this extension
77 // SHALL be empty.
78 if(exts.has<Server_Name_Indicator>()) {
79 m_extensions.add(new Server_Name_Indicator(""));
80 }
81
82 if(auto* alpn_ext = exts.get<Application_Layer_Protocol_Notification>()) {
83 const auto next_protocol = cb.tls_server_choose_app_protocol(alpn_ext->protocols());
84 if(!next_protocol.empty()) {
85 m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
86 }
87 }
88
89 // NOLINTEND(*-owning-memory)
90
91 // TODO: Implement handling for (at least)
92 // * SRTP
93
95}
References Botan::TLS::Client_Hello::extensions(), Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Policy::record_size_limit(), Botan::TLS::Policy::request_client_certificate_authentication(), Botan::TLS::Server, Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::Callbacks::tls_server_choose_app_protocol(), and type().
Member Function Documentation
◆ extensions()
|
inline |
Definition at line 153 of file tls_messages_13.h.
153{ return m_extensions; }
◆ serialize()
|
overridevirtual |
- Returns
- DER representation of this message
Implements Botan::TLS::Handshake_Message.
Definition at line 137 of file msg_encrypted_extensions.cpp.
References Botan::TLS::Server.
◆ type()
|
inlineoverridevirtual |
- Returns
- the message type
Implements Botan::TLS::Handshake_Message.
Definition at line 151 of file tls_messages_13.h.
References Botan::TLS::EncryptedExtensions.
Referenced by Encrypted_Extensions(), and Encrypted_Extensions().
◆ type_string()
|
inherited |
- Returns
- string representation of this message type
Definition at line 21 of file tls_handshake_state.cpp.
21 {
23}
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)
Definition tls_magic.cpp:15
References Botan::TLS::handshake_type_to_string(), and type().
◆ wire_type()
|
inlinevirtualinherited |
- Returns
- the wire representation of the message's type
Reimplemented in Botan::TLS::Hello_Retry_Request.
Definition at line 39 of file tls_handshake_msg.h.
39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
43 }
References type().
Referenced by Botan::TLS::Stream_Handshake_IO::send().
The documentation for this class was generated from the following files:
- src/lib/tls/tls13/tls_messages_13.h
- src/lib/tls/tls13/msg_encrypted_extensions.cpp
Generated by
1.15.0