Botan::TLS Namespace Reference

Namespaces
namespace	detail
namespace	Internal

Classes
class	Alert
class	Application_Layer_Protocol_Notification
struct	BotanAlertCategory
	An error category for TLS alerts. More...
class	BSI_TR_02102_2
class	Callbacks
class	Certificate_12
class	Certificate_13
class	Certificate_Request_12
class	Certificate_Status
class	Certificate_Status_Request
class	Certificate_Verify
class	Certificate_Verify_12
class	Change_Cipher_Spec
class	Channel
class	Channel_Impl
class	Channel_Impl_12
class	Channel_Impl_13
class	Cipher_State
class	Ciphersuite
class	Client
class	Client_Hello
class	Client_Hello_12
class	Client_Impl_12
class	Client_Impl_13
class	Client_Key_Exchange
class	Connection_Cipher_State
class	Connection_Sequence_Numbers
class	Context
class	Datagram_Handshake_IO
class	Datagram_Policy
class	Datagram_Sequence_Numbers
class	Encrypt_then_MAC
class	Encrypted_Extensions
class	Extended_Master_Secret
class	Extension
class	Extensions
class	Finished
class	Finished_12
class	Handshake_Hash
class	Handshake_IO
class	Handshake_Layer
class	Handshake_Message
class	Handshake_State
class	Handshake_State_13
class	Handshake_Transitions
class	Hello_Request
class	Hello_Verify_Request
class	Key_Update
class	New_Session_Ticket_12
class	NSA_Suite_B_128
class	NSA_Suite_B_192
class	Policy
class	Protocol_Version
struct	Record
class	Record_Header
class	Record_Layer
class	Record_Size_Limit
class	Renegotiation_Extension
class	Server
class	Server_Hello
class	Server_Hello_12
class	Server_Hello_Done
class	Server_Impl
class	Server_Impl_12
class	Server_Information
class	Server_Key_Exchange
class	Server_Name_Indicator
class	Session
class	Session_Keys
class	Session_Manager
class	Session_Manager_In_Memory
class	Session_Manager_Noop
class	Session_Manager_SQL
class	Session_Manager_SQLite
class	Session_Ticket
class	Signature_Algorithms
class	Signature_Scheme
class	SRTP_Protection_Profiles
class	Stream
	boost::asio compatible SSL/TLS stream More...
class	Stream_Handshake_IO
class	Stream_Sequence_Numbers
struct	StreamCategory
	An error category for errors from the TLS::Stream. More...
class	Strict_Policy
class	Supported_Groups
class	Supported_Point_Formats
class	Supported_Versions
class	Text_Policy
class	TLS_CBC_HMAC_AEAD_Decryption
class	TLS_CBC_HMAC_AEAD_Encryption
class	TLS_CBC_HMAC_AEAD_Mode
class	TLS_Data_Reader
class	TLS_Exception
class	Transcript_Hash_State
class	Unexpected_Message
class	Unknown_Extension

Typedefs
using	BytesNeeded = size_t
using	Client_Handshake_State_13 = Handshake_State_13< Connection_Side::CLIENT, Client_Handshake_13_Message, Server_Handshake_13_Message >
typedef Policy	Default_Policy
typedef std::function< std::shared_ptr< Connection_Cipher_State >(uint16_t)>	get_cipherstate_fn
using	Named_Group = Group_Params
using	Server_Handshake_State_13 = Handshake_State_13< Connection_Side::SERVER, Server_Handshake_13_Message, Client_Handshake_13_Message >
using	Transcript_Hash = std::vector< uint8_t >

Enumerations
enum	{ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF }
enum class	Auth_Method { RSA , ECDSA , UNDEFINED , IMPLICIT = 0x10000 }
enum class	Cipher_Algo {   CHACHA20_POLY1305 , AES_128_GCM , AES_256_GCM , AES_256_OCB ,   CAMELLIA_128_GCM , CAMELLIA_256_GCM , ARIA_128_GCM , ARIA_256_GCM ,   AES_128_CCM , AES_256_CCM , AES_128_CCM_8 , AES_256_CCM_8 ,   AES_128_CBC_HMAC_SHA1 , AES_128_CBC_HMAC_SHA256 , AES_256_CBC_HMAC_SHA1 , AES_256_CBC_HMAC_SHA256 ,   AES_256_CBC_HMAC_SHA384 , DES_EDE_CBC_HMAC_SHA1 }
enum	Connection_Side { CLIENT = 1 , SERVER = 2 }
enum class	Group_Params : uint16_t {   NONE = 0 , SECP256R1 = 23 , SECP384R1 = 24 , SECP521R1 = 25 ,   BRAINPOOL256R1 = 26 , BRAINPOOL384R1 = 27 , BRAINPOOL512R1 = 28 , X25519 = 29 ,   FFDHE_2048 = 256 , FFDHE_3072 = 257 , FFDHE_4096 = 258 , FFDHE_6144 = 259 ,   FFDHE_8192 = 260 }
enum	Handshake_Extension_Type {   TLSEXT_SERVER_NAME_INDICATION = 0 , TLSEXT_CERT_STATUS_REQUEST = 5 , TLSEXT_CERTIFICATE_TYPES = 9 , TLSEXT_SUPPORTED_GROUPS = 10 ,   TLSEXT_EC_POINT_FORMATS = 11 , TLSEXT_SIGNATURE_ALGORITHMS = 13 , TLSEXT_USE_SRTP = 14 , TLSEXT_ALPN = 16 ,   TLSEXT_ENCRYPT_THEN_MAC = 22 , TLSEXT_EXTENDED_MASTER_SECRET = 23 , TLSEXT_RECORD_SIZE_LIMIT = 28 , TLSEXT_SESSION_TICKET = 35 ,   TLSEXT_SUPPORTED_VERSIONS = 43 , TLSEXT_SAFE_RENEGOTIATION = 65281 }
enum	Handshake_Type {   HELLO_REQUEST = 0 , CLIENT_HELLO = 1 , SERVER_HELLO = 2 , HELLO_VERIFY_REQUEST = 3 ,   NEW_SESSION_TICKET = 4 , END_OF_EARLY_DATA = 5 , ENCRYPTED_EXTENSIONS = 8 , CERTIFICATE = 11 ,   SERVER_KEX = 12 , CERTIFICATE_REQUEST = 13 , SERVER_HELLO_DONE = 14 , CERTIFICATE_VERIFY = 15 ,   CLIENT_KEX = 16 , FINISHED = 20 , CERTIFICATE_URL = 21 , CERTIFICATE_STATUS = 22 ,   KEY_UPDATE = 24 , HELLO_RETRY_REQUEST = 253 , HANDSHAKE_CCS = 254 , HANDSHAKE_NONE = 255 }
enum class	KDF_Algo { SHA_1 , SHA_256 , SHA_384 }
enum class	Kex_Algo {   STATIC_RSA , DH , ECDH , CECPQ1 ,   PSK , ECDHE_PSK , UNDEFINED }
enum class	Nonce_Format { CBC_MODE , AEAD_IMPLICIT_4 , AEAD_XOR_12 }
enum	Record_Type {   INVALID = 0 , CHANGE_CIPHER_SPEC = 20 , ALERT = 21 , HANDSHAKE = 22 ,   APPLICATION_DATA = 23 , HEARTBEAT = 24 , NO_RECORD = 256 }
enum	Size_Limits : size_t {   TLS_HEADER_SIZE = 5 , DTLS_HEADER_SIZE = TLS_HEADER_SIZE + 8 , MAX_PLAINTEXT_SIZE = 16*1024 , MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024 ,   MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024 , MAX_AEAD_EXPANSION_SIZE_TLS13 = 255 , MAX_CIPHERTEXT_SIZE_TLS13 = MAX_PLAINTEXT_SIZE + MAX_AEAD_EXPANSION_SIZE_TLS13 + 1 }
enum	StreamError { StreamTruncated = 1 }

Functions
template<typename Alloc >
void	append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::string &str, size_t tag_size)
template<typename T , typename Alloc , typename Alloc2 >
void	append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::vector< T, Alloc2 > &vals, size_t tag_size)
template<typename T , typename Alloc >
void	append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Auth_Method	auth_method_from_string (const std::string &str)
std::string	auth_method_to_string (Auth_Method method)
const BotanAlertCategory &	botan_alert_category () noexcept
const StreamCategory &	botan_stream_category ()
uint16_t	check_tls_cbc_padding (const uint8_t record[], size_t record_len)
Group_Params	group_param_from_string (const std::string &group_name)
bool	group_param_is_dh (Group_Params group)
std::string	group_param_to_string (Group_Params group)
const char *	handshake_type_to_string (Handshake_Type type)
std::string	kdf_algo_to_string (KDF_Algo algo)
Kex_Algo	kex_method_from_string (const std::string &str)
std::string	kex_method_to_string (Kex_Algo method)
bool	key_exchange_is_psk (Kex_Algo m)
boost::system::error_code	make_error_code (Botan::TLS::Alert::Type c)
boost::system::error_code	make_error_code (Botan::TLS::StreamError e)
std::vector< uint8_t >	make_hello_random (RandomNumberGenerator &rng, Callbacks &cb, const Policy &policy)
bool	operator!= (const Server_Information &a, const Server_Information &b)
bool	operator< (const Server_Information &a, const Server_Information &b)
bool	operator== (const Server_Information &a, const Server_Information &b)
Record_Header	read_record (bool is_datagram, secure_vector< uint8_t > &readbuf, const uint8_t input[], size_t input_len, size_t &consumed, secure_vector< uint8_t > &recbuf, Connection_Sequence_Numbers *sequence_numbers, const get_cipherstate_fn &get_cipherstate, bool allow_epoch0_restart)
void	write_record (secure_vector< uint8_t > &output, uint8_t record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len, Connection_Cipher_State &cs, RandomNumberGenerator &rng)
void	write_unencrypted_record (secure_vector< uint8_t > &output, uint8_t record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len)

Detailed Description

Cipher_State state machine adapted from RFC 8446 7.1.

                                0
                                |
                                v
                      PSK ->  HKDF-Extract = Early Secret
                                |
                                +-----> Derive-Secret(., "ext binder" | "res binder", "")
                                |                     = binder_key
                         STATE PSK BINDER

This state is reached by constructing the Cipher_State using init_with_psk(). The state can then be further advanced using advance_with_client_hello() once the initial Client Hello is fully generated. | +--—> Derive-Secret(., "c e traffic", ClientHello) | = client_early_traffic_secret | +--—> Derive-Secret(., "e exp master", ClientHello) | = early_exporter_master_secret v Derive-Secret(., "derived", "") |

• STATE EARLY TRAFFIC This state is reached by constructing Cipher_State using init_with_psk(). In this state the early data traffic secrets are available. TODO: implement early data. The state can then be further advanced using advance_with_server_hello().
• | v (EC)DHE -> HKDF-Extract = Handshake Secret | +--—> Derive-Secret(., "c hs traffic", | ClientHello...ServerHello) | = client_handshake_traffic_secret | +--—> Derive-Secret(., "s hs traffic", | ClientHello...ServerHello) | = server_handshake_traffic_secret v Derive-Secret(., "derived", "") |
• STATE HANDSHAKE TRAFFIC This state is reached by constructing Cipher_State using init_with_server_hello() or advance_with_server_hello(). In this state the handshake traffic secrets are available. The state can then be further advanced using advance_with_server_finished().
• | v 0 -> HKDF-Extract = Master Secret | +--—> Derive-Secret(., "c ap traffic", | ClientHello...server Finished) | = client_application_traffic_secret_0 | +--—> Derive-Secret(., "s ap traffic", | ClientHello...server Finished) | = server_application_traffic_secret_0 | +--—> Derive-Secret(., "exp master", | ClientHello...server Finished) | = exporter_master_secret
• STATE APPLICATION TRAFFIC This state is reached by calling advance_with_server_finished(). The state can then be further advanced using advance_with_client_finished().
• | +--—> Derive-Secret(., "res master", ClientHello...client Finished) = resumption_master_secret STATE COMPLETED Once this state is reached the handshake is finished and no further cipher state advances are possible.

Typedef Documentation

BytesNeeded

using Botan::TLS::BytesNeeded = typedef size_t

Definition at line 37 of file tls_record_layer_13.h.

Client_Handshake_State_13

using Botan::TLS::Client_Handshake_State_13 = typedef Handshake_State_13<Connection_Side::CLIENT, Client_Handshake_13_Message, Server_Handshake_13_Message>

Definition at line 135 of file tls_handshake_state_13.h.

Default_Policy

typedef Policy Botan::TLS::Default_Policy

Definition at line 402 of file tls_policy.h.

get_cipherstate_fn

typedef std::function<std::shared_ptr<Connection_Cipher_State>(uint16_t)> Botan::TLS::get_cipherstate_fn

Definition at line 163 of file tls_record.h.

Named_Group

typedef Group_Params Botan::TLS::Named_Group

Definition at line 486 of file tls_extensions.h.

Server_Handshake_State_13

using Botan::TLS::Server_Handshake_State_13 = typedef Handshake_State_13<Connection_Side::SERVER, Server_Handshake_13_Message, Client_Handshake_13_Message>

Definition at line 139 of file tls_handshake_state_13.h.

Transcript_Hash

using Botan::TLS::Transcript_Hash = typedef std::vector<uint8_t>

Definition at line 93 of file tls_magic.h.

Enumeration Type Documentation

anonymous enum

anonymous enum

Enumerator
TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Definition at line 35 of file msg_client_hello.cpp.

   {
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV        = 0x00FF,
   };

Auth_Method

enum class Botan::TLS::Auth_Method

strong

Enumerator
RSA
ECDSA
UNDEFINED
IMPLICIT

Definition at line 66 of file tls_algos.h.

                       {
   RSA,
   ECDSA,
 
   // To support TLS 1.3 ciphersuites, which do not determine the auth method
   UNDEFINED,
 
   // These are placed outside the encodable range
   IMPLICIT = 0x10000
};

Cipher_Algo

enum class Botan::TLS::Cipher_Algo

strong

Enumerator
CHACHA20_POLY1305
AES_128_GCM
AES_256_GCM
AES_256_OCB
CAMELLIA_128_GCM
CAMELLIA_256_GCM
ARIA_128_GCM
ARIA_256_GCM
AES_128_CCM
AES_256_CCM
AES_128_CCM_8
AES_256_CCM_8
AES_128_CBC_HMAC_SHA1
AES_128_CBC_HMAC_SHA256
AES_256_CBC_HMAC_SHA1
AES_256_CBC_HMAC_SHA256
AES_256_CBC_HMAC_SHA384
DES_EDE_CBC_HMAC_SHA1

Definition at line 22 of file tls_algos.h.

                       {
   CHACHA20_POLY1305,
 
   AES_128_GCM,
   AES_256_GCM,
 
   AES_256_OCB,
 
   CAMELLIA_128_GCM,
   CAMELLIA_256_GCM,
 
   ARIA_128_GCM,
   ARIA_256_GCM,
 
   AES_128_CCM,
   AES_256_CCM,
   AES_128_CCM_8,
   AES_256_CCM_8,
 
   AES_128_CBC_HMAC_SHA1,
   AES_128_CBC_HMAC_SHA256,
   AES_256_CBC_HMAC_SHA1,
   AES_256_CBC_HMAC_SHA256,
   AES_256_CBC_HMAC_SHA384,
 
   DES_EDE_CBC_HMAC_SHA1,
};

Connection_Side

enum Botan::TLS::Connection_Side

Enumerator
CLIENT
SERVER

Definition at line 46 of file tls_magic.h.

{ CLIENT = 1, SERVER = 2 };

Group_Params

enum class Botan::TLS::Group_Params : uint16_t

strong

Enumerator
NONE
SECP256R1
SECP384R1
SECP521R1
BRAINPOOL256R1
BRAINPOOL384R1
BRAINPOOL512R1
X25519
FFDHE_2048
FFDHE_3072
FFDHE_4096
FFDHE_6144
FFDHE_8192

Definition at line 83 of file tls_algos.h.

                        : uint16_t {
   NONE = 0,
 
   SECP256R1 = 23,
   SECP384R1 = 24,
   SECP521R1 = 25,
   BRAINPOOL256R1 = 26,
   BRAINPOOL384R1 = 27,
   BRAINPOOL512R1 = 28,
 
   X25519 = 29,
 
   FFDHE_2048 = 256,
   FFDHE_3072 = 257,
   FFDHE_4096 = 258,
   FFDHE_6144 = 259,
   FFDHE_8192 = 260,
};

Handshake_Extension_Type

enum Botan::TLS::Handshake_Extension_Type

Enumerator
TLSEXT_SERVER_NAME_INDICATION
TLSEXT_CERT_STATUS_REQUEST
TLSEXT_CERTIFICATE_TYPES
TLSEXT_SUPPORTED_GROUPS
TLSEXT_EC_POINT_FORMATS
TLSEXT_SIGNATURE_ALGORITHMS
TLSEXT_USE_SRTP
TLSEXT_ALPN
TLSEXT_ENCRYPT_THEN_MAC
TLSEXT_EXTENDED_MASTER_SECRET
TLSEXT_RECORD_SIZE_LIMIT
TLSEXT_SESSION_TICKET
TLSEXT_SUPPORTED_VERSIONS
TLSEXT_SAFE_RENEGOTIATION

Definition at line 52 of file tls_extensions.h.

                              {
   TLSEXT_SERVER_NAME_INDICATION    = 0,
   TLSEXT_CERT_STATUS_REQUEST       = 5,
 
   TLSEXT_CERTIFICATE_TYPES         = 9,
   TLSEXT_SUPPORTED_GROUPS          = 10,
   TLSEXT_EC_POINT_FORMATS          = 11,
   TLSEXT_SIGNATURE_ALGORITHMS      = 13,
   TLSEXT_USE_SRTP                  = 14,
   TLSEXT_ALPN                      = 16,
 
   // TLSEXT_SIGNED_CERTIFICATE_TIMESTAMP = 18,  // NYI
 
   TLSEXT_ENCRYPT_THEN_MAC          = 22,
   TLSEXT_EXTENDED_MASTER_SECRET    = 23,
 
   TLSEXT_RECORD_SIZE_LIMIT         = 28,
 
   TLSEXT_SESSION_TICKET            = 35,
 
   TLSEXT_SUPPORTED_VERSIONS        = 43,
#if defined(BOTAN_HAS_TLS_13)
   TLSEXT_PSK                       = 41,
   TLSEXT_EARLY_DATA                = 42,
   TLSEXT_COOKIE                    = 44,
 
   TLSEXT_PSK_KEY_EXCHANGE_MODES    = 45,
   TLSEXT_CERTIFICATE_AUTHORITIES   = 47,
   // TLSEXT_OID_FILTERS               = 48,  // NYI
 
   TLSEXT_SIGNATURE_ALGORITHMS_CERT = 50,
   TLSEXT_KEY_SHARE                 = 51,
#endif
 
   TLSEXT_SAFE_RENEGOTIATION     = 65281,
};

Handshake_Type

enum Botan::TLS::Handshake_Type

Enumerator
HELLO_REQUEST
CLIENT_HELLO
SERVER_HELLO
HELLO_VERIFY_REQUEST
NEW_SESSION_TICKET
END_OF_EARLY_DATA
ENCRYPTED_EXTENSIONS
CERTIFICATE
SERVER_KEX
CERTIFICATE_REQUEST
SERVER_HELLO_DONE
CERTIFICATE_VERIFY
CLIENT_KEX
FINISHED
CERTIFICATE_URL
CERTIFICATE_STATUS
KEY_UPDATE
HELLO_RETRY_REQUEST
HANDSHAKE_CCS
HANDSHAKE_NONE

Definition at line 63 of file tls_magic.h.

                    {
   HELLO_REQUEST        = 0,
   CLIENT_HELLO         = 1,
   SERVER_HELLO         = 2,
   HELLO_VERIFY_REQUEST = 3,
   NEW_SESSION_TICKET   = 4, // RFC 5077
 
   END_OF_EARLY_DATA    = 5, // RFC 8446 (TLS 1.3)
   ENCRYPTED_EXTENSIONS = 8, // RFC 8446 (TLS 1.3)
 
   CERTIFICATE          = 11,
   SERVER_KEX           = 12,
   CERTIFICATE_REQUEST  = 13,
   SERVER_HELLO_DONE    = 14,
   CERTIFICATE_VERIFY   = 15,
   CLIENT_KEX           = 16,
   FINISHED             = 20,
 
   CERTIFICATE_URL      = 21,
   CERTIFICATE_STATUS   = 22,
 
   KEY_UPDATE           = 24,  // RFC 8446 (TLS 1.3)
 
   HELLO_RETRY_REQUEST  = 253, // Not a wire value (HRR appears as an ordinary Server Hello)
   HANDSHAKE_CCS        = 254, // Not a wire value (TLS 1.3 uses this value for 'message_hash' -- RFC 8446 4.4.1)
   HANDSHAKE_NONE       = 255  // Null value
};

KDF_Algo

enum class Botan::TLS::KDF_Algo

strong

Enumerator
SHA_1
SHA_256
SHA_384

Definition at line 50 of file tls_algos.h.

                    {
   SHA_1,
   SHA_256,
   SHA_384,
};

Kex_Algo

enum class Botan::TLS::Kex_Algo

strong

Enumerator
STATIC_RSA
DH
ECDH
CECPQ1
PSK
ECDHE_PSK
UNDEFINED

Definition at line 106 of file tls_algos.h.

                    {
   STATIC_RSA,
   DH,
   ECDH,
   CECPQ1,
   PSK,
   ECDHE_PSK,
 
   // To support TLS 1.3 ciphersuites, which do not determine the kex algo
   UNDEFINED
};

Nonce_Format

enum class Botan::TLS::Nonce_Format

strong

Enumerator
CBC_MODE
AEAD_IMPLICIT_4
AEAD_XOR_12

Definition at line 58 of file tls_algos.h.

                        {
   CBC_MODE,
   AEAD_IMPLICIT_4,
   AEAD_XOR_12,
};

Record_Type

enum Botan::TLS::Record_Type

Enumerator
INVALID
CHANGE_CIPHER_SPEC
ALERT
HANDSHAKE
APPLICATION_DATA
HEARTBEAT
NO_RECORD

Definition at line 49 of file tls_magic.h.

                 {
   INVALID            = 0,  // RFC 8446 (TLS 1.3)
 
   CHANGE_CIPHER_SPEC = 20,
   ALERT              = 21,
   HANDSHAKE          = 22,
   APPLICATION_DATA   = 23,
 
   HEARTBEAT          = 24, // RFC 6520 (TLS 1.3)
 
   NO_RECORD          = 256
};

Size_Limits

enum Botan::TLS::Size_Limits : size_t

Protocol Constants for SSL/TLS

TODO: this should not be an enum

Enumerator
TLS_HEADER_SIZE
DTLS_HEADER_SIZE
MAX_PLAINTEXT_SIZE
MAX_COMPRESSED_SIZE
MAX_CIPHERTEXT_SIZE
MAX_AEAD_EXPANSION_SIZE_TLS13
MAX_CIPHERTEXT_SIZE_TLS13

Definition at line 26 of file tls_magic.h.

                 : size_t {
   TLS_HEADER_SIZE    = 5,
   DTLS_HEADER_SIZE   = TLS_HEADER_SIZE + 8,
 
   // The "TLSInnerPlaintext" length, i.e. the maximum amount of plaintext
   // application data that can be transmitted in a single TLS record.
   MAX_PLAINTEXT_SIZE = 16*1024,
 
   MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024,
   MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024,
 
   // RFC 8446 5.2:
   //   This limit is derived from the maximum TLSInnerPlaintext length of 2^14
   //   octets + 1 octet for ContentType + the maximum AEAD expansion of 255
   //   octets.
   MAX_AEAD_EXPANSION_SIZE_TLS13 = 255,
   MAX_CIPHERTEXT_SIZE_TLS13 = MAX_PLAINTEXT_SIZE + MAX_AEAD_EXPANSION_SIZE_TLS13 + 1
};

StreamError

enum Botan::TLS::StreamError

Enumerator
StreamTruncated

Definition at line 33 of file asio_error.h.

   {
   StreamTruncated = 1
   };

Function Documentation

append_tls_length_value() [1/3]

template<typename Alloc >

void Botan::TLS::append_tls_length_value	(	std::vector< uint8_t, Alloc > &	buf,
		const std::string &	str,
		size_t	tag_size
	)

Definition at line 245 of file tls_reader.h.

   {
   append_tls_length_value(buf,
                           cast_char_ptr_to_uint8(str.data()),
                           str.size(),
                           tag_size);
   }

References append_tls_length_value(), and Botan::cast_char_ptr_to_uint8().

append_tls_length_value() [2/3]

template<typename T , typename Alloc , typename Alloc2 >

void Botan::TLS::append_tls_length_value	(	std::vector< uint8_t, Alloc > &	buf,
		const std::vector< T, Alloc2 > &	vals,
		size_t	tag_size
	)

Definition at line 237 of file tls_reader.h.

   {
   append_tls_length_value(buf, vals.data(), vals.size(), tag_size);
   }

References append_tls_length_value().

append_tls_length_value() [3/3]

template<typename T , typename Alloc >

void Botan::TLS::append_tls_length_value	(	std::vector< uint8_t, Alloc > &	buf,
		const T *	vals,
		size_t	vals_size,
		size_t	tag_size
	)

Helper function for encoding length-tagged vectors

Definition at line 212 of file tls_reader.h.

   {
   const size_t T_size = sizeof(T);
   const size_t val_bytes = T_size * vals_size;
 
   if(tag_size != 1 && tag_size != 2 && tag_size != 3)
      throw Invalid_Argument("append_tls_length_value: invalid tag size");
 
   if((tag_size == 1 && val_bytes > 255) ||
      (tag_size == 2 && val_bytes > 65535) ||
      (tag_size == 3 && val_bytes > 16777215))
      throw Invalid_Argument("append_tls_length_value: value too large");
 
   for(size_t i = 0; i != tag_size; ++i)
      buf.push_back(get_byte_var(sizeof(val_bytes)-tag_size+i, val_bytes));
 
   for(size_t i = 0; i != vals_size; ++i)
      for(size_t j = 0; j != T_size; ++j)
         buf.push_back(get_byte_var(j, vals[i]));
   }

References Botan::get_byte_var(), and T.

Referenced by append_tls_length_value(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Client_Hello::serialize(), Botan::TLS::Server_Hello::serialize(), Botan::TLS::Certificate_13::serialize(), Botan::TLS::Certificate_Request_12::serialize(), Botan::TLS::New_Session_Ticket_12::serialize(), Botan::TLS::Renegotiation_Extension::serialize(), Botan::TLS::Application_Layer_Protocol_Notification::serialize(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

auth_method_from_string()

Auth_Method BOTAN_TEST_API Botan::TLS::auth_method_from_string

(

const std::string &

str

)

Definition at line 95 of file tls_algos.cpp.

   {
   if(str == "RSA")
      return Auth_Method::RSA;
   if(str == "ECDSA")
      return Auth_Method::ECDSA;
   if(str == "IMPLICIT")
      return Auth_Method::IMPLICIT;
   if(str == "UNDEFINED")
      return Auth_Method::UNDEFINED;
 
   throw Invalid_Argument("Bad signature method " + str);
   }

References ECDSA, IMPLICIT, RSA, and UNDEFINED.

auth_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::auth_method_to_string

(

Auth_Method

method

)

Definition at line 78 of file tls_algos.cpp.

   {
   switch(method)
      {
      case Auth_Method::RSA:
         return "RSA";
      case Auth_Method::ECDSA:
         return "ECDSA";
      case Auth_Method::IMPLICIT:
         return "IMPLICIT";
      case Auth_Method::UNDEFINED:
         return "UNDEFINED";
      }
 
    throw Invalid_State("auth_method_to_string unknown enum value");
   }

References ECDSA, IMPLICIT, RSA, and UNDEFINED.

Referenced by Botan::TLS::Ciphersuite::sig_algo().

botan_alert_category()

const BotanAlertCategory & Botan::TLS::botan_alert_category ( )

inlinenoexcept

Definition at line 88 of file asio_error.h.

   {
   static BotanAlertCategory category;
   return category;
   }

Referenced by make_error_code().

botan_stream_category()

const StreamCategory & Botan::TLS::botan_stream_category ( )

inline

Definition at line 60 of file asio_error.h.

   {
   static StreamCategory category;
   return category;
   }

Referenced by make_error_code().

check_tls_cbc_padding()

BOTAN_TEST_API uint16_t Botan::TLS::check_tls_cbc_padding	(	const uint8_t	record[],
		size_t	record_len
	)

Check the TLS padding of a record

Parameters

record	the record bits
record_len	length of record

Returns

0 if padding is invalid, otherwise padding_bytes + 1

Definition at line 242 of file tls_cbc.cpp.

   {
   if(record_len == 0 || record_len > 0xFFFF)
      return 0;
 
   const uint16_t rec16 = static_cast<uint16_t>(record_len);
 
   /*
   * TLS v1.0 and up require all the padding bytes be the same value
   * and allows up to 255 bytes.
   */
 
   const uint16_t to_check = std::min<uint16_t>(256, static_cast<uint16_t>(record_len));
   const uint8_t pad_byte = record[record_len-1];
   const uint16_t pad_bytes = 1 + pad_byte;
 
   auto pad_invalid = CT::Mask<uint16_t>::is_lt(rec16, pad_bytes);
 
   for(uint16_t i = rec16 - to_check; i != rec16; ++i)
      {
      const uint16_t offset = rec16 - i;
      const auto in_pad_range = CT::Mask<uint16_t>::is_lte(offset, pad_bytes);
      const auto pad_correct = CT::Mask<uint16_t>::is_equal(record[i], pad_byte);
      pad_invalid |= in_pad_range & ~pad_correct;
      }
 
   return pad_invalid.if_not_set_return(pad_bytes);
   }

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), and Botan::CT::Mask< T >::is_lte().

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

group_param_from_string()

Group_Params Botan::TLS::group_param_from_string

(

const std::string &

group_name

)

Definition at line 115 of file tls_algos.cpp.

   {
   if(group_name == "secp256r1")
      return Group_Params::SECP256R1;
   if(group_name == "secp384r1")
      return Group_Params::SECP384R1;
   if(group_name == "secp521r1")
      return Group_Params::SECP521R1;
   if(group_name == "brainpool256r1")
      return Group_Params::BRAINPOOL256R1;
   if(group_name == "brainpool384r1")
      return Group_Params::BRAINPOOL384R1;
   if(group_name == "brainpool512r1")
      return Group_Params::BRAINPOOL512R1;
   if(group_name == "x25519")
      return Group_Params::X25519;
 
   if(group_name == "ffdhe/ietf/2048")
      return Group_Params::FFDHE_2048;
   if(group_name == "ffdhe/ietf/3072")
      return Group_Params::FFDHE_3072;
   if(group_name == "ffdhe/ietf/4096")
      return Group_Params::FFDHE_4096;
   if(group_name == "ffdhe/ietf/6144")
      return Group_Params::FFDHE_6144;
   if(group_name == "ffdhe/ietf/8192")
      return Group_Params::FFDHE_8192;
 
   return Group_Params::NONE; // unknown
   }

References BRAINPOOL256R1, BRAINPOOL384R1, BRAINPOOL512R1, FFDHE_2048, FFDHE_3072, FFDHE_4096, FFDHE_6144, FFDHE_8192, NONE, SECP256R1, SECP384R1, SECP521R1, and X25519.

Referenced by Botan::TLS::Text_Policy::read_group_list().

group_param_is_dh()

bool Botan::TLS::group_param_is_dh

(

Group_Params

group

)

Definition at line 109 of file tls_algos.cpp.

   {
   uint16_t group_id = static_cast<uint16_t>(group);
   return (group_id >= 256 && group_id < 512);
   }

Referenced by Botan::TLS::Policy::default_dh_group(), Botan::TLS::Supported_Groups::dh_groups(), Botan::TLS::Supported_Groups::ec_groups(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

group_param_to_string()

std::string Botan::TLS::group_param_to_string

(

Group_Params

group

)

Definition at line 146 of file tls_algos.cpp.

   {
   switch(group)
      {
      case Group_Params::SECP256R1:
         return "secp256r1";
      case Group_Params::SECP384R1:
         return "secp384r1";
      case Group_Params::SECP521R1:
         return "secp521r1";
      case Group_Params::BRAINPOOL256R1:
         return "brainpool256r1";
      case Group_Params::BRAINPOOL384R1:
         return "brainpool384r1";
      case Group_Params::BRAINPOOL512R1:
         return "brainpool512r1";
      case Group_Params::X25519:
         return "x25519";
 
      case Group_Params::FFDHE_2048:
         return "ffdhe/ietf/2048";
      case Group_Params::FFDHE_3072:
         return "ffdhe/ietf/3072";
      case Group_Params::FFDHE_4096:
         return "ffdhe/ietf/4096";
      case Group_Params::FFDHE_6144:
         return "ffdhe/ietf/6144";
      case Group_Params::FFDHE_8192:
         return "ffdhe/ietf/8192";
 
      default:
         return "";
      }
   }

References BRAINPOOL256R1, BRAINPOOL384R1, BRAINPOOL512R1, FFDHE_2048, FFDHE_3072, FFDHE_4096, FFDHE_6144, FFDHE_8192, SECP256R1, SECP384R1, SECP521R1, and X25519.

Referenced by Botan::TLS::Callbacks::tls_decode_group_param().

handshake_type_to_string()

const char * Botan::TLS::handshake_type_to_string

(

Handshake_Type

type

)

Definition at line 23 of file tls_handshake_state.cpp.

   {
   switch(type)
      {
      case HELLO_VERIFY_REQUEST:
         return "hello_verify_request";
 
      case HELLO_REQUEST:
         return "hello_request";
 
      case CLIENT_HELLO:
         return "client_hello";
 
      case SERVER_HELLO:
         return "server_hello";
 
      case HELLO_RETRY_REQUEST:
         return "hello_retry_request";
 
      case CERTIFICATE:
         return "certificate";
 
      case CERTIFICATE_URL:
         return "certificate_url";
 
      case CERTIFICATE_STATUS:
         return "certificate_status";
 
      case SERVER_KEX:
         return "server_key_exchange";
 
      case CERTIFICATE_REQUEST:
         return "certificate_request";
 
      case SERVER_HELLO_DONE:
         return "server_hello_done";
 
      case CERTIFICATE_VERIFY:
         return "certificate_verify";
 
      case CLIENT_KEX:
         return "client_key_exchange";
 
      case NEW_SESSION_TICKET:
         return "new_session_ticket";
 
      case HANDSHAKE_CCS:
         return "change_cipher_spec";
 
      case FINISHED:
         return "finished";
 
      case END_OF_EARLY_DATA:
         return "end_of_early_data";
 
      case ENCRYPTED_EXTENSIONS:
         return "encrypted_extensions";
 
      case KEY_UPDATE:
         return "key_update";
 
      case HANDSHAKE_NONE:
         return "invalid";
      }
 
   throw TLS_Exception(Alert::UNEXPECTED_MESSAGE,
                       "Unknown TLS handshake message type " + std::to_string(type));
   }

References CERTIFICATE, CERTIFICATE_REQUEST, CERTIFICATE_STATUS, CERTIFICATE_URL, CERTIFICATE_VERIFY, CLIENT_HELLO, CLIENT_KEX, ENCRYPTED_EXTENSIONS, END_OF_EARLY_DATA, FINISHED, HANDSHAKE_CCS, HANDSHAKE_NONE, HELLO_REQUEST, HELLO_RETRY_REQUEST, HELLO_VERIFY_REQUEST, KEY_UPDATE, NEW_SESSION_TICKET, SERVER_HELLO, SERVER_HELLO_DONE, SERVER_KEX, Botan::ASN1::to_string(), type, and Botan::TLS::Alert::UNEXPECTED_MESSAGE.

Referenced by Botan::TLS::Handshake_Transitions::confirm_transition_to(), and Botan::TLS::Handshake_Message::type_string().

kdf_algo_to_string()

std::string BOTAN_DLL Botan::TLS::kdf_algo_to_string

(

KDF_Algo

algo

)

Definition at line 14 of file tls_algos.cpp.

   {
   switch(algo)
      {
      case KDF_Algo::SHA_1:
         return "SHA-1";
      case KDF_Algo::SHA_256:
         return "SHA-256";
      case KDF_Algo::SHA_384:
         return "SHA-384";
      }
 
   throw Invalid_State("kdf_algo_to_string unknown enum value");
   }

References SHA_1, SHA_256, and SHA_384.

Referenced by Botan::TLS::Ciphersuite::prf_algo().

kex_method_from_string()

Kex_Algo BOTAN_TEST_API Botan::TLS::kex_method_from_string

(

const std::string &

str

)

Definition at line 52 of file tls_algos.cpp.

   {
   if(str == "RSA")
      return Kex_Algo::STATIC_RSA;
 
   if(str == "DH")
      return Kex_Algo::DH;
 
   if(str == "ECDH")
      return Kex_Algo::ECDH;
 
   if(str == "CECPQ1")
      return Kex_Algo::CECPQ1;
 
   if(str == "PSK")
      return Kex_Algo::PSK;
 
   if(str == "ECDHE_PSK")
      return Kex_Algo::ECDHE_PSK;
 
   if(str == "UNDEFINED")
      return Kex_Algo::UNDEFINED;
 
   throw Invalid_Argument("Unknown kex method " + str);
   }

References CECPQ1, DH, ECDH, ECDHE_PSK, PSK, STATIC_RSA, and UNDEFINED.

kex_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::kex_method_to_string

(

Kex_Algo

method

)

Definition at line 29 of file tls_algos.cpp.

   {
   switch(method)
      {
      case Kex_Algo::STATIC_RSA:
         return "RSA";
      case Kex_Algo::DH:
         return "DH";
      case Kex_Algo::ECDH:
         return "ECDH";
      case Kex_Algo::CECPQ1:
         return "CECPQ1";
      case Kex_Algo::PSK:
         return "PSK";
      case Kex_Algo::ECDHE_PSK:
         return "ECDHE_PSK";
      case Kex_Algo::UNDEFINED:
         return "UNDEFINED";
      }
 
   throw Invalid_State("kex_method_to_string unknown enum value");
   }

References CECPQ1, DH, ECDH, ECDHE_PSK, PSK, STATIC_RSA, and UNDEFINED.

Referenced by Botan::TLS::Ciphersuite::kex_algo(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

key_exchange_is_psk()

bool Botan::TLS::key_exchange_is_psk ( Kex_Algo  m )

inline

Definition at line 121 of file tls_algos.h.

   {
   return (m == Kex_Algo::PSK ||
           m == Kex_Algo::ECDHE_PSK);
   }

References ECDHE_PSK, and PSK.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

make_error_code() [1/2]

boost::system::error_code Botan::TLS::make_error_code ( Botan::TLS::Alert::Type  c )

inline

Definition at line 94 of file asio_error.h.

   {
   return boost::system::error_code(static_cast<int>(c), Botan::TLS::botan_alert_category());
   }

References botan_alert_category().

make_error_code() [2/2]

boost::system::error_code Botan::TLS::make_error_code ( Botan::TLS::StreamError  e )

inline

Definition at line 66 of file asio_error.h.

   {
   return boost::system::error_code(static_cast<int>(e), Botan::TLS::botan_stream_category());
   }

References botan_stream_category().

make_hello_random()

std::vector< uint8_t > Botan::TLS::make_hello_random	(	RandomNumberGenerator &	rng,
		Callbacks &	cb,
		const Policy &	policy
	)

Definition at line 40 of file msg_client_hello.cpp.

   {
   std::vector<uint8_t> buf(32);
   rng.randomize(buf.data(), buf.size());
 
   if(policy.hash_hello_random())
      {
      auto sha256 = HashFunction::create_or_throw("SHA-256");
      sha256->update(buf);
      sha256->final(buf);
      }
 
   // TLS 1.3 does not require the insertion of a timestamp in the client hello
   // random. When offering both TLS 1.2 and 1.3 we nevertheless comply with the
   // legacy specification.
   if(policy.include_time_in_hello_random() && (policy.allow_tls12() || policy.allow_dtls12()))
      {
      const uint32_t time32 = static_cast<uint32_t>(
                                 std::chrono::system_clock::to_time_t(cb.tls_current_timestamp()));
 
      store_be(time32, buf.data());
      }
 
   return buf;
   }

References Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls12(), Botan::HashFunction::create_or_throw(), Botan::TLS::Policy::hash_hello_random(), Botan::TLS::Policy::include_time_in_hello_random(), Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::TLS::Callbacks::tls_current_timestamp().

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().

operator!=()

bool Botan::TLS::operator!= ( const Server_Information &  a, const Server_Information &  b  )

inline

Definition at line 84 of file tls_server_info.h.

   {
   return !(a == b);
   }

References b.

operator<()

bool Botan::TLS::operator< ( const Server_Information &  a, const Server_Information &  b  )

inline

Definition at line 89 of file tls_server_info.h.

   {
   if(a.hostname() != b.hostname())
      return (a.hostname() < b.hostname());
   if(a.service() != b.service())
      return (a.service() < b.service());
   if(a.port() != b.port())
      return (a.port() < b.port());
   return false; // equal
   }

References b, Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

operator==()

bool Botan::TLS::operator== ( const Server_Information &  a, const Server_Information &  b  )

inline

Definition at line 76 of file tls_server_info.h.

   {
   return (a.hostname() == b.hostname()) &&
          (a.service() == b.service()) &&
          (a.port() == b.port());
 
   }

References b, Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

read_record()

Record_Header Botan::TLS::read_record	(	bool	is_datagram,
		secure_vector< uint8_t > &	read_buffer,
		const uint8_t	input[],
		size_t	input_len,
		size_t &	consumed,
		secure_vector< uint8_t > &	record_buf,
		Connection_Sequence_Numbers *	sequence_numbers,
		const get_cipherstate_fn &	get_cipherstate,
		bool	allow_epoch0_restart
	)

Decode a TLS record

Returns

zero if full message, else number of bytes still needed

Definition at line 557 of file tls_record.cpp.

   {
   if(is_datagram)
      return read_dtls_record(readbuf, input, input_len, consumed,
                              recbuf, sequence_numbers, get_cipherstate, allow_epoch0_restart);
   else
      return read_tls_record(readbuf, input, input_len, consumed,
                             recbuf, sequence_numbers, get_cipherstate);
   }

Referenced by Botan::TLS::Channel_Impl_12::received_data().

write_record()

void Botan::TLS::write_record	(	secure_vector< uint8_t > &	write_buffer,
		uint8_t	record_type,
		Protocol_Version	record_version,
		uint64_t	record_sequence,
		const uint8_t *	message,
		size_t	message_len,
		Connection_Cipher_State &	cipherstate,
		RandomNumberGenerator &	rng
	)

Create a TLS record

Parameters

write_buffer	the output record is placed here
record_type	the record layer type
record_version	the record layer version
record_sequence	the record layer sequence number
message	the record contents
message_len	is size of message
cipherstate	is the writing cipher state
rng	is a random number generator

Definition at line 222 of file tls_record.cpp.

   {
   write_record_header(output, record_type, version, record_sequence);
 
   AEAD_Mode& aead = cs.aead();
   std::vector<uint8_t> aad = cs.format_ad(record_sequence, record_type, version, static_cast<uint16_t>(message_len));
 
   const size_t ctext_size = aead.output_length(message_len);
 
   const size_t rec_size = ctext_size + cs.nonce_bytes_from_record();
 
   aead.set_ad(aad);
 
   const std::vector<uint8_t> nonce = cs.aead_nonce(record_sequence, rng);
 
   append_u16_len(output, rec_size);
 
   if(cs.nonce_bytes_from_record() > 0)
      {
      if(cs.nonce_format() == Nonce_Format::CBC_MODE)
         output += nonce;
      else
         output += std::make_pair(&nonce[cs.nonce_bytes_from_handshake()], cs.nonce_bytes_from_record());
      }
 
   const size_t header_size = output.size();
   output += std::make_pair(message, message_len);
 
   aead.start(nonce);
   aead.finish(output, header_size);
 
   BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE,
                "Produced ciphertext larger than protocol allows");
   }

References Botan::TLS::Connection_Cipher_State::aead(), Botan::TLS::Connection_Cipher_State::aead_nonce(), BOTAN_ASSERT, CBC_MODE, Botan::Cipher_Mode::finish(), Botan::TLS::Connection_Cipher_State::format_ad(), MAX_CIPHERTEXT_SIZE, Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake(), Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record(), Botan::TLS::Connection_Cipher_State::nonce_format(), Botan::Cipher_Mode::output_length(), Botan::AEAD_Mode::set_ad(), and Botan::Cipher_Mode::start().

write_unencrypted_record()

void Botan::TLS::write_unencrypted_record	(	secure_vector< uint8_t > &	write_buffer,
		uint8_t	record_type,
		Protocol_Version	record_version,
		uint64_t	record_sequence,
		const uint8_t *	message,
		size_t	message_len
	)

Create an initial (unencrypted) TLS handshake record

Parameters

write_buffer	the output record is placed here
record_type	the record layer type
record_version	the record layer version
record_sequence	the record layer sequence number
message	the record contents
message_len	is size of message

Definition at line 208 of file tls_record.cpp.

   {
   if(record_type == APPLICATION_DATA)
      throw Internal_Error("Writing an unencrypted TLS application data record");
   write_record_header(output, record_type, version, record_sequence);
   append_u16_len(output, message_len);
   output.insert(output.end(), message, message + message_len);
   }

References APPLICATION_DATA.