Botan 3.9.0
Crypto and TLS for C&
Botan::TLS::Encrypted_Extensions Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Encrypted_Extensions:
Botan::TLS::Handshake_Message

Public Member Functions

 Encrypted_Extensions (const Client_Hello_13 &client_hello, const Policy &policy, Callbacks &cb)
 Encrypted_Extensions (const std::vector< uint8_t > &buf)
const Extensionsextensions () const
std::vector< uint8_t > serialize () const override
Handshake_Type type () const override
std::string type_string () const
virtual Handshake_Type wire_type () const

Detailed Description

Definition at line 465 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Encrypted_Extensions() [1/2]

Botan::TLS::Encrypted_Extensions::Encrypted_Extensions ( const std::vector< uint8_t > & buf)
explicit

Definition at line 96 of file msg_encrypted_extensions.cpp.

96 {
97 TLS_Data_Reader reader("encrypted extensions reader", buf);
98
99 // Encrypted Extensions contains a list of extensions. This list may legally
100 // be empty. However, in that case we should at least see a two-byte length
101 // field that reads 0x00 0x00.
102 if(buf.size() < 2) {
103 throw TLS_Exception(Alert::DecodeError, "Server sent an empty Encrypted Extensions message");
104 }
105
106 m_extensions.deserialize(reader, Connection_Side::Server, type());
107
108 // RFC 8446 4.2
109 // If an implementation receives an extension which it recognizes and
110 // which is not specified for the message in which it appears, it MUST
111 // abort the handshake with an "illegal_parameter" alert.
112 //
113 // Note that we cannot encounter any extensions that we don't recognize here,
114 // since only extensions we previously offered are allowed in EE.
115 const auto allowed_exts = std::set<Extension_Code>{
116 // Allowed extensions listed in RFC 8446 and implemented in Botan
118 // MAX_FRAGMENT_LENGTH
121 // HEARTBEAT
123 // RFC 7250
126 // EARLY_DATA
127
128 // Allowed extensions not listed in RFC 8446 but acceptable as Botan implements them
130 };
131 if(m_extensions.contains_implemented_extensions_other_than(allowed_exts)) {
132 throw TLS_Exception(Alert::IllegalParameter, "Encrypted Extensions contained an extension that is not allowed");
133 }
134}
Handshake_Type type() const override

References Botan::TLS::ApplicationLayerProtocolNegotiation, Botan::TLS::ClientCertificateType, Botan::TLS::RecordSizeLimit, Botan::TLS::Server, Botan::TLS::ServerCertificateType, Botan::TLS::ServerNameIndication, Botan::TLS::SupportedGroups, type(), and Botan::TLS::UseSrtp.

◆ Encrypted_Extensions() [2/2]

Botan::TLS::Encrypted_Extensions::Encrypted_Extensions ( const Client_Hello_13 & client_hello,
const Policy & policy,
Callbacks & cb )

Definition at line 17 of file msg_encrypted_extensions.cpp.

17 {
18 const auto& exts = client_hello.extensions();
19
20 // NOLINTBEGIN(*-owning-memory)
21
22 // RFC 8446 4.2.7
23 // As of TLS 1.3, servers are permitted to send the "supported_groups"
24 // extension to the client. Clients [...] MAY use the information
25 // learned from a successfully completed handshake to change what groups
26 // they use in their "key_share" extension in subsequent connections.
27 if(exts.has<Supported_Groups>()) {
28 m_extensions.add(new Supported_Groups(policy.key_exchange_groups()));
29 }
30
31 const auto record_size_limit = policy.record_size_limit();
32 const auto max_record_size = MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */;
33 if(exts.has<Record_Size_Limit>()) {
34 // RFC 8449 4
35 // Endpoints SHOULD advertise the "record_size_limit" extension, even
36 // if they have no need to limit the size of records. [...] For
37 // servers, this allows clients to know that their limit will be
38 // respected.
39 m_extensions.add(new Record_Size_Limit(record_size_limit.value_or(max_record_size)));
40 } else if(record_size_limit.has_value() && record_size_limit.value() < max_record_size) {
41 // RFC 8449 4
42 // Endpoints SHOULD advertise the "record_size_limit" extension, even if
43 // they have no need to limit the size of records. For clients, this
44 // allows servers to advertise a limit at their discretion.
45 throw TLS_Exception(Alert::MissingExtension,
46 "Server cannot enforce record size limit without the client supporting it");
47 }
48
49 // RFC 7250 4.2
50 // If the TLS server wants to request a certificate from the client
51 // (via the certificate_request message), it MUST include the
52 // client_certificate_type extension in the server hello.
53 // [...]
54 // If the server does not send a certificate_request payload [...],
55 // then the client_certificate_type payload in the server hello MUST be
56 // omitted.
57 if(auto* ch_client_cert_types = exts.get<Client_Certificate_Type>();
58 ch_client_cert_types != nullptr && policy.request_client_certificate_authentication()) {
59 m_extensions.add(new Client_Certificate_Type(*ch_client_cert_types, policy));
60 }
61
62 // RFC 7250 4.2
63 // The server_certificate_type extension in the client hello indicates the
64 // types of certificates the client is able to process when provided by
65 // the server in a subsequent certificate payload. [...] With the
66 // server_certificate_type extension in the server hello, the TLS server
67 // indicates the certificate type carried in the Certificate payload.
68 if(auto* ch_server_cert_types = exts.get<Server_Certificate_Type>()) {
69 m_extensions.add(new Server_Certificate_Type(*ch_server_cert_types, policy));
70 }
71
72 // RFC 6066 3
73 // A server that receives a client hello containing the "server_name"
74 // extension [...] SHALL include an extension of type "server_name" in the
75 // (extended) server hello. The "extension_data" field of this extension
76 // SHALL be empty.
77 if(exts.has<Server_Name_Indicator>()) {
78 m_extensions.add(new Server_Name_Indicator(""));
79 }
80
81 if(auto* alpn_ext = exts.get<Application_Layer_Protocol_Notification>()) {
82 const auto next_protocol = cb.tls_server_choose_app_protocol(alpn_ext->protocols());
83 if(!next_protocol.empty()) {
84 m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
85 }
86 }
87
88 // NOLINTEND(*-owning-memory)
89
90 // TODO: Implement handling for (at least)
91 // * SRTP
92
93 cb.tls_modify_extensions(m_extensions, Connection_Side::Server, type());
94}
@ MAX_PLAINTEXT_SIZE
Definition tls_magic.h:30

References Botan::TLS::Client_Hello::extensions(), Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Policy::record_size_limit(), Botan::TLS::Policy::request_client_certificate_authentication(), Botan::TLS::Server, Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::Callbacks::tls_server_choose_app_protocol(), and type().

Member Function Documentation

◆ extensions()

const Extensions & Botan::TLS::Encrypted_Extensions::extensions ( ) const
inline

Definition at line 472 of file tls_messages.h.

472{ return m_extensions; }

◆ serialize()

std::vector< uint8_t > Botan::TLS::Encrypted_Extensions::serialize ( ) const
overridevirtual
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 136 of file msg_encrypted_extensions.cpp.

136 {
137 return m_extensions.serialize(Connection_Side::Server);
138}

References Botan::TLS::Server.

◆ type()

Handshake_Type Botan::TLS::Encrypted_Extensions::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 470 of file tls_messages.h.

References Botan::TLS::EncryptedExtensions.

Referenced by Encrypted_Extensions(), and Encrypted_Extensions().

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

19 {
21}
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

References type().

Referenced by Botan::TLS::Stream_Handshake_IO::send().


The documentation for this class was generated from the following files: