Botan 3.3.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Encrypted_Extensions Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Encrypted_Extensions:
Botan::TLS::Handshake_Message

Public Member Functions

 Encrypted_Extensions (const Client_Hello_13 &client_hello, const Policy &policy, Callbacks &cb)
 
 Encrypted_Extensions (const std::vector< uint8_t > &buf)
 
const Extensionsextensions () const
 
std::vector< uint8_t > serialize () const override
 
Handshake_Type type () const override
 
std::string type_string () const
 
virtual Handshake_Type wire_type () const
 

Detailed Description

Definition at line 465 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Encrypted_Extensions() [1/2]

Botan::TLS::Encrypted_Extensions::Encrypted_Extensions ( const std::vector< uint8_t > & buf)
explicit

Definition at line 92 of file msg_encrypted_extensions.cpp.

92 {
93 TLS_Data_Reader reader("encrypted extensions reader", buf);
94
95 // Encrypted Extensions contains a list of extensions. This list may legally
96 // be empty. However, in that case we should at least see a two-byte length
97 // field that reads 0x00 0x00.
98 if(buf.size() < 2) {
99 throw TLS_Exception(Alert::DecodeError, "Server sent an empty Encrypted Extensions message");
100 }
101
102 m_extensions.deserialize(reader, Connection_Side::Server, type());
103
104 // RFC 8446 4.2
105 // If an implementation receives an extension which it recognizes and
106 // which is not specified for the message in which it appears, it MUST
107 // abort the handshake with an "illegal_parameter" alert.
108 //
109 // Note that we cannot encounter any extensions that we don't recognize here,
110 // since only extensions we previously offered are allowed in EE.
111 const auto allowed_exts = std::set<Extension_Code>{
112 // Allowed extensions listed in RFC 8446 and implemented in Botan
114 // MAX_FRAGMENT_LENGTH
117 // HEARTBEAT
119 // RFC 7250
122 // EARLY_DATA
123
124 // Allowed extensions not listed in RFC 8446 but acceptable as Botan implements them
126 };
127 if(m_extensions.contains_implemented_extensions_other_than(allowed_exts)) {
128 throw TLS_Exception(Alert::IllegalParameter, "Encrypted Extensions contained an extension that is not allowed");
129 }
130}
Handshake_Type type() const override
bool contains_implemented_extensions_other_than(const std::set< Extension_Code > &allowed_extensions) const
void deserialize(TLS_Data_Reader &reader, Connection_Side from, Handshake_Type message_type)

References Botan::TLS::ApplicationLayerProtocolNegotiation, Botan::TLS::ClientCertificateType, Botan::TLS::Extensions::contains_implemented_extensions_other_than(), Botan::TLS::Extensions::deserialize(), Botan::TLS::RecordSizeLimit, Botan::TLS::Server, Botan::TLS::ServerCertificateType, Botan::TLS::ServerNameIndication, Botan::TLS::SupportedGroups, type(), and Botan::TLS::UseSrtp.

◆ Encrypted_Extensions() [2/2]

Botan::TLS::Encrypted_Extensions::Encrypted_Extensions ( const Client_Hello_13 & client_hello,
const Policy & policy,
Callbacks & cb )

Definition at line 17 of file msg_encrypted_extensions.cpp.

17 {
18 const auto& exts = client_hello.extensions();
19
20 // RFC 8446 4.2.7
21 // As of TLS 1.3, servers are permitted to send the "supported_groups"
22 // extension to the client. Clients [...] MAY use the information
23 // learned from a successfully completed handshake to change what groups
24 // they use in their "key_share" extension in subsequent connections.
25 if(exts.has<Supported_Groups>()) {
26 m_extensions.add(new Supported_Groups(policy.key_exchange_groups()));
27 }
28
29 const auto record_size_limit = policy.record_size_limit();
30 const auto max_record_size = MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */;
31 if(exts.has<Record_Size_Limit>()) {
32 // RFC 8449 4
33 // Endpoints SHOULD advertise the "record_size_limit" extension, even
34 // if they have no need to limit the size of records. [...] For
35 // servers, this allows clients to know that their limit will be
36 // respected.
37 m_extensions.add(new Record_Size_Limit(record_size_limit.value_or(max_record_size)));
38 } else if(record_size_limit.has_value() && record_size_limit.value() < max_record_size) {
39 // RFC 8449 4
40 // Endpoints SHOULD advertise the "record_size_limit" extension, even if
41 // they have no need to limit the size of records. For clients, this
42 // allows servers to advertise a limit at their discretion.
43 throw TLS_Exception(Alert::MissingExtension,
44 "Server cannot enforce record size limit without the client supporting it");
45 }
46
47 // RFC 7250 4.2
48 // If the TLS server wants to request a certificate from the client
49 // (via the certificate_request message), it MUST include the
50 // client_certificate_type extension in the server hello.
51 // [...]
52 // If the server does not send a certificate_request payload [...],
53 // then the client_certificate_type payload in the server hello MUST be
54 // omitted.
55 if(auto ch_client_cert_types = exts.get<Client_Certificate_Type>();
56 ch_client_cert_types && policy.request_client_certificate_authentication()) {
57 m_extensions.add(new Client_Certificate_Type(*ch_client_cert_types, policy));
58 }
59
60 // RFC 7250 4.2
61 // The server_certificate_type extension in the client hello indicates the
62 // types of certificates the client is able to process when provided by
63 // the server in a subsequent certificate payload. [...] With the
64 // server_certificate_type extension in the server hello, the TLS server
65 // indicates the certificate type carried in the Certificate payload.
66 if(auto ch_server_cert_types = exts.get<Server_Certificate_Type>()) {
67 m_extensions.add(new Server_Certificate_Type(*ch_server_cert_types, policy));
68 }
69
70 // RFC 6066 3
71 // A server that receives a client hello containing the "server_name"
72 // extension [...] SHALL include an extension of type "server_name" in the
73 // (extended) server hello. The "extension_data" field of this extension
74 // SHALL be empty.
75 if(exts.has<Server_Name_Indicator>()) {
76 m_extensions.add(new Server_Name_Indicator(""));
77 }
78
79 if(auto alpn_ext = exts.get<Application_Layer_Protocol_Notification>()) {
80 const auto next_protocol = cb.tls_server_choose_app_protocol(alpn_ext->protocols());
81 if(!next_protocol.empty()) {
82 m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
83 }
84 }
85
86 // TODO: Implement handling for (at least)
87 // * SRTP
88
89 cb.tls_modify_extensions(m_extensions, Connection_Side::Server, type());
90}
void add(std::unique_ptr< Extension > extn)
@ MAX_PLAINTEXT_SIZE
Definition tls_magic.h:30

References Botan::TLS::Extensions::add(), Botan::TLS::Client_Hello::extensions(), Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Policy::record_size_limit(), Botan::TLS::Policy::request_client_certificate_authentication(), Botan::TLS::Server, Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::Callbacks::tls_server_choose_app_protocol(), and type().

Member Function Documentation

◆ extensions()

const Extensions & Botan::TLS::Encrypted_Extensions::extensions ( ) const
inline

Definition at line 472 of file tls_messages.h.

472{ return m_extensions; }

Referenced by Botan::TLS::Client_Impl_13::application_protocol(), and Botan::TLS::Server_Impl_13::application_protocol().

◆ serialize()

std::vector< uint8_t > Botan::TLS::Encrypted_Extensions::serialize ( ) const
overridevirtual
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 132 of file msg_encrypted_extensions.cpp.

132 {
133 return m_extensions.serialize(Connection_Side::Server);
134}
std::vector< uint8_t > serialize(Connection_Side whoami) const

References Botan::TLS::Extensions::serialize(), and Botan::TLS::Server.

◆ type()

Handshake_Type Botan::TLS::Encrypted_Extensions::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 470 of file tls_messages.h.

Referenced by Encrypted_Extensions(), and Encrypted_Extensions().

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

19 {
21}
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

Referenced by Botan::TLS::Stream_Handshake_IO::send().


The documentation for this class was generated from the following files: