Botan 3.9.0
Crypto and TLS for C&
Botan::TLS::Record_Size_Limit Class Referencefinal

#include <tls_extensions.h>

Inheritance diagram for Botan::TLS::Record_Size_Limit:
Botan::TLS::Extension

Public Member Functions

bool empty () const override
virtual bool is_implemented () const
uint16_t limit () const
 Record_Size_Limit (TLS_Data_Reader &reader, uint16_t extension_size, Connection_Side from)
 Record_Size_Limit (uint16_t limit)
std::vector< uint8_t > serialize (Connection_Side whoami) const override
Extension_Code type () const override

Static Public Member Functions

static Extension_Code static_type ()

Detailed Description

Record Size Limit (RFC 8449)

TODO: the record size limit is currently not honored by the TLS 1.2 stack

Definition at line 566 of file tls_extensions.h.

Constructor & Destructor Documentation

◆ Record_Size_Limit() [1/2]

Botan::TLS::Record_Size_Limit::Record_Size_Limit ( uint16_t limit)
explicit

Definition at line 789 of file tls_extensions.cpp.

789 : m_limit(limit) {
790 BOTAN_ASSERT(limit >= 64, "RFC 8449 does not allow record size limits smaller than 64 bytes");
791 BOTAN_ASSERT(limit <= MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */,
792 "RFC 8449 does not allow record size limits larger than 2^14+1");
793}
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
@ MAX_PLAINTEXT_SIZE
Definition tls_magic.h:30

References BOTAN_ASSERT, limit(), and Botan::TLS::MAX_PLAINTEXT_SIZE.

◆ Record_Size_Limit() [2/2]

Botan::TLS::Record_Size_Limit::Record_Size_Limit ( TLS_Data_Reader & reader,
uint16_t extension_size,
Connection_Side from )

Definition at line 795 of file tls_extensions.cpp.

795 {
796 if(extension_size != 2) {
797 throw TLS_Exception(Alert::DecodeError, "invalid record_size_limit extension");
798 }
799
800 m_limit = reader.get_uint16_t();
801
802 // RFC 8449 4.
803 // This value is the length of the plaintext of a protected record.
804 // The value includes the content type and padding added in TLS 1.3 (that
805 // is, the complete length of TLSInnerPlaintext).
806 //
807 // A server MUST NOT enforce this restriction; a client might advertise
808 // a higher limit that is enabled by an extension or version the server
809 // does not understand. A client MAY abort the handshake with an
810 // "illegal_parameter" alert.
811 //
812 // Note: We are currently supporting this extension in TLS 1.3 only, hence
813 // we check for the TLS 1.3 limit. The TLS 1.2 limit would not include
814 // the "content type byte" and hence be one byte less!
815 if(m_limit > MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */ && from == Connection_Side::Server) {
816 throw TLS_Exception(Alert::IllegalParameter,
817 "Server requested a record size limit larger than the protocol's maximum");
818 }
819
820 // RFC 8449 4.
821 // Endpoints MUST NOT send a "record_size_limit" extension with a value
822 // smaller than 64. An endpoint MUST treat receipt of a smaller value
823 // as a fatal error and generate an "illegal_parameter" alert.
824 if(m_limit < 64) {
825 throw TLS_Exception(Alert::IllegalParameter, "Received a record size limit smaller than 64 bytes");
826 }
827}

References Botan::TLS::TLS_Data_Reader::get_uint16_t(), Botan::TLS::MAX_PLAINTEXT_SIZE, and Botan::TLS::Server.

Member Function Documentation

◆ empty()

bool Botan::TLS::Record_Size_Limit::empty ( ) const
inlineoverridevirtual
Returns
if we should encode this extension or not

Implements Botan::TLS::Extension.

Definition at line 580 of file tls_extensions.h.

580{ return m_limit == 0; }

◆ is_implemented()

virtual bool Botan::TLS::Extension::is_implemented ( ) const
inlinevirtualinherited
Returns
true if this extension is known and implemented by Botan

Reimplemented in Botan::TLS::Unknown_Extension.

Definition at line 115 of file tls_extensions.h.

115{ return true; }

◆ limit()

uint16_t Botan::TLS::Record_Size_Limit::limit ( ) const
inline

Definition at line 576 of file tls_extensions.h.

576{ return m_limit; }

Referenced by Record_Size_Limit().

◆ serialize()

std::vector< uint8_t > Botan::TLS::Record_Size_Limit::serialize ( Connection_Side whoami) const
overridevirtual
Returns
serialized binary for the extension

Implements Botan::TLS::Extension.

Definition at line 829 of file tls_extensions.cpp.

829 {
830 std::vector<uint8_t> buf;
831
832 buf.push_back(get_byte<0>(m_limit));
833 buf.push_back(get_byte<1>(m_limit));
834
835 return buf;
836}
constexpr uint8_t get_byte(T input)
Definition loadstor.h:79

References Botan::get_byte().

◆ static_type()

Extension_Code Botan::TLS::Record_Size_Limit::static_type ( )
inlinestatic

Definition at line 568 of file tls_extensions.h.

References Botan::TLS::RecordSizeLimit.

Referenced by type().

◆ type()

Extension_Code Botan::TLS::Record_Size_Limit::type ( ) const
inlineoverridevirtual
Returns
code number of the extension

Implements Botan::TLS::Extension.

Definition at line 570 of file tls_extensions.h.

570{ return static_type(); }
static Extension_Code static_type()

References static_type().


The documentation for this class was generated from the following files: