Botan 3.11.0
Crypto and TLS for C&
Namespaces | Classes | Typedefs | Enumerations | Functions | Variables
Botan::TLS Namespace Reference

Namespaces

namespace  detail
namespace  Internal

Classes

class  Alert
class  Application_Layer_Protocol_Notification
class  BSI_TR_02102_2
class  Callbacks
class  Certificate_12
class  Certificate_13
class  Certificate_Authorities
class  Certificate_Request_12
class  Certificate_Request_13
class  Certificate_Status
class  Certificate_Status_12
class  Certificate_Status_Request
class  Certificate_Type_Base
class  Certificate_Verify
class  Certificate_Verify_12
class  Certificate_Verify_13
class  Change_Cipher_Spec
class  Channel
class  Channel_Impl
class  Channel_Impl_12
class  Channel_Impl_13
class  Cipher_State
class  Ciphersuite
class  Client
class  Client_Certificate_Type
class  Client_Hello
class  Client_Hello_12
class  Client_Hello_12_Shim
class  Client_Hello_13
class  Client_Hello_Internal
class  Client_Impl_12
class  Client_Impl_13
class  Client_Key_Exchange
class  Connection_Cipher_State
class  Connection_Sequence_Numbers
class  Datagram_Handshake_IO
class  Datagram_Policy
class  Datagram_Sequence_Numbers
class  EarlyDataIndication
class  Encrypt_then_MAC
class  Encrypted_Extensions
class  Extended_Master_Secret
class  Extension
class  Extensions
class  ExternalPSK
class  Finished
class  Finished_12
class  Finished_13
class  Group_Params
class  Handshake_Hash
class  Handshake_IO
class  Handshake_Layer
class  Handshake_Message
class  Handshake_State
class  Handshake_State_13
class  Handshake_Transitions
class  Hello_Request
class  Hello_Retry_Request
class  Hello_Verify_Request
class  Hybrid_KEM_PrivateKey
class  Hybrid_KEM_PublicKey
class  Key_Share
class  Key_Update
class  New_Session_Ticket_12
class  New_Session_Ticket_13
class  NSA_Suite_B_128
class  NSA_Suite_B_192
class  Policy
class  Protocol_Version
class  PSK
class  PSK_Key_Exchange_Modes
class  PskIdentity
struct  Record
class  Record_Header
class  Record_Layer
class  Record_Size_Limit
class  Renegotiation_Extension
class  Secret_Logger
class  Server
class  Server_Certificate_Type
class  Server_Hello
class  Server_Hello_12
class  Server_Hello_12_Shim
class  Server_Hello_13
class  Server_Hello_Done
class  Server_Hello_Internal
class  Server_Impl_12
class  Server_Impl_13
class  Server_Information
class  Server_Key_Exchange
class  Server_Name_Indicator
class  Session
class  Session_Base
class  Session_Handle
 Helper class to embody a session handle in all protocol versions. More...
class  Session_Keys
class  Session_Manager
class  Session_Manager_Hybrid
class  Session_Manager_In_Memory
class  Session_Manager_Noop
class  Session_Manager_SQL
class  Session_Manager_SQLite
class  Session_Manager_Stateless
class  Session_Summary
class  Session_Ticket_Extension
class  Session_with_Handle
class  Signature_Algorithms
class  Signature_Algorithms_Cert
class  Signature_Scheme
class  SRTP_Protection_Profiles
class  Stream_Handshake_IO
class  Stream_Sequence_Numbers
class  Strict_Policy
class  Supported_Groups
class  Supported_Point_Formats
class  Supported_Versions
class  Text_Policy
class  TLS_CBC_HMAC_AEAD_Decryption
class  TLS_CBC_HMAC_AEAD_Encryption
class  TLS_CBC_HMAC_AEAD_Mode
class  TLS_Data_Reader
class  TLS_Exception
class  TLS_NULL_HMAC_AEAD_Decryption
class  TLS_NULL_HMAC_AEAD_Encryption
class  TLS_NULL_HMAC_AEAD_Mode
class  Transcript_Hash_State
class  Unexpected_Message
class  Unknown_Extension

Typedefs

using BytesNeeded = size_t
using Client_Handshake_13_Message
using Client_Handshake_13_Message_Ref = detail::as_wrapped_references_t<Client_Handshake_13_Message>
using Client_Handshake_State_13
using Client_Post_Handshake_13_Message = std::variant<Key_Update>
typedef Policy Default_Policy
typedef std::function< std::shared_ptr< Connection_Cipher_State >(uint16_t)> get_cipherstate_fn
using Handshake_Message_13
using Handshake_Message_13_Ref = detail::as_wrapped_references_t<Handshake_Message_13>
using Named_Group = Group_Params
using Opaque_Session_Handle = Strong<std::vector<uint8_t>, struct Opaque_Session_Handle_>
 holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumption or a database handle.
using Post_Handshake_Message_13 = std::variant<New_Session_Ticket_13, Key_Update>
using PresharedKeyID = Strong<std::string, struct PresharedKeyID_>
 holds a PSK identity as used in TLS 1.3
using Server_Handshake_13_Message
using Server_Handshake_13_Message_Ref = detail::as_wrapped_references_t<Server_Handshake_13_Message>
using Server_Handshake_State_13
using Server_Post_Handshake_13_Message = std::variant<New_Session_Ticket_13, Key_Update>
using Session_ID = Strong<std::vector<uint8_t>, struct Session_ID_>
 holds a TLS 1.2 session ID for stateful resumption
using Session_Ticket = Strong<std::vector<uint8_t>, struct Session_Ticket_>
 holds a TLS 1.2 session ticket for stateless resumption
typedef PskIdentity Ticket
using Ticket_Nonce = Strong<std::vector<uint8_t>, struct Ticket_Nonce_>
 Used to derive the ticket's PSK from the resumption_master_secret.
using Transcript_Hash = std::vector<uint8_t>

Enumerations

enum class  AlertType : uint16_t {
  CloseNotify = 0 , UnexpectedMessage = 10 , BadRecordMac = 20 , DecryptionFailed = 21 ,
  RecordOverflow = 22 , DecompressionFailure = 30 , HandshakeFailure = 40 , NoCertificate = 41 ,
  BadCertificate = 42 , UnsupportedCertificate = 43 , CertificateRevoked = 44 , CertificateExpired = 45 ,
  CertificateUnknown = 46 , IllegalParameter = 47 , UnknownCA = 48 , AccessDenied = 49 ,
  DecodeError = 50 , DecryptError = 51 , ExportRestriction = 60 , ProtocolVersion = 70 ,
  InsufficientSecurity = 71 , InternalError = 80 , InappropriateFallback = 86 , UserCanceled = 90 ,
  NoRenegotiation = 100 , MissingExtension = 109 , UnsupportedExtension = 110 , CertificateUnobtainable = 111 ,
  UnrecognizedName = 112 , BadCertificateStatusResponse = 113 , BadCertificateHashValue = 114 , UnknownPSKIdentity = 115 ,
  CertificateRequired = 116 , NoApplicationProtocol = 120 , None = 256 , CLOSE_NOTIFY = CloseNotify ,
  NO_APPLICATION_PROTOCOL = NoApplicationProtocol , PROTOCOL_VERSION = ProtocolVersion
}
enum class  Auth_Method : uint32_t { RSA = 0 , ECDSA = 1 , UNDEFINED = 2 , IMPLICIT = 0x10000 }
enum class  Certificate_Type : uint8_t { X509 = 0 , RawPublicKey = 2 }
enum class  Cipher_Algo : uint8_t {
  CHACHA20_POLY1305 , AES_128_GCM , AES_256_GCM , AES_256_OCB ,
  CAMELLIA_128_GCM , CAMELLIA_256_GCM , ARIA_128_GCM , ARIA_256_GCM ,
  AES_128_CCM , AES_256_CCM , AES_128_CCM_8 , AES_256_CCM_8 ,
  AES_128_CBC_HMAC_SHA1 , AES_128_CBC_HMAC_SHA256 , AES_256_CBC_HMAC_SHA1 , AES_256_CBC_HMAC_SHA256 ,
  AES_256_CBC_HMAC_SHA384 , DES_EDE_CBC_HMAC_SHA1
}
enum class  Connection_Side : uint8_t { Client = 1 , Server = 2 , CLIENT = Client , SERVER = Server }
enum class  Extension_Code : uint16_t {
  ServerNameIndication = 0 , CertificateStatusRequest = 5 , SupportedGroups = 10 , EcPointFormats = 11 ,
  SignatureAlgorithms = 13 , CertSignatureAlgorithms = 50 , UseSrtp = 14 , ApplicationLayerProtocolNegotiation = 16 ,
  ClientCertificateType = 19 , ServerCertificateType = 20 , EncryptThenMac = 22 , ExtendedMasterSecret = 23 ,
  RecordSizeLimit = 28 , SessionTicket = 35 , SupportedVersions = 43 , PresharedKey = 41 ,
  EarlyData = 42 , Cookie = 44 , PskKeyExchangeModes = 45 , CertificateAuthorities = 47 ,
  KeyShare = 51 , SafeRenegotiation = 65281
}
enum class  Group_Params_Code : uint16_t {
  NONE = 0 , SECP256R1 = 23 , SECP384R1 = 24 , SECP521R1 = 25 ,
  BRAINPOOL256R1 = 26 , BRAINPOOL384R1 = 27 , BRAINPOOL512R1 = 28 , X25519 = 29 ,
  X448 = 30 , FFDHE_2048 = 256 , FFDHE_3072 = 257 , FFDHE_4096 = 258 ,
  FFDHE_6144 = 259 , FFDHE_8192 = 260 , ML_KEM_512 = 0x0200 , ML_KEM_768 = 0x0201 ,
  ML_KEM_1024 = 0x0202 , eFRODOKEM_640_SHAKE_OQS = 0xFE03 , eFRODOKEM_976_SHAKE_OQS = 0xFE09 , eFRODOKEM_1344_SHAKE_OQS = 0xFE0E ,
  eFRODOKEM_640_AES_OQS = 0xFE00 , eFRODOKEM_976_AES_OQS = 0xFE06 , eFRODOKEM_1344_AES_OQS = 0xFE0C , HYBRID_SECP256R1_ML_KEM_768 = 0x11EB ,
  HYBRID_SECP384R1_ML_KEM_1024 = 0x11ED , HYBRID_X25519_ML_KEM_768 = 0x11EC , HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS = 0xFE05 , HYBRID_X25519_eFRODOKEM_640_AES_OQS = 0xFE02 ,
  HYBRID_X448_eFRODOKEM_976_SHAKE_OQS = 0xFE0B , HYBRID_X448_eFRODOKEM_976_AES_OQS = 0xFE08 , HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS = 0xFE04 , HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS = 0xFE01 ,
  HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS = 0xFE0A , HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS = 0xFE07 , HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS = 0xFE0F , HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS = 0xFE0D
}
enum class  Handshake_Type : uint8_t {
  HelloRequest = 0 , ClientHello = 1 , ServerHello = 2 , HelloVerifyRequest = 3 ,
  NewSessionTicket = 4 , EndOfEarlyData = 5 , EncryptedExtensions = 8 , Certificate = 11 ,
  ServerKeyExchange = 12 , CertificateRequest = 13 , ServerHelloDone = 14 , CertificateVerify = 15 ,
  ClientKeyExchange = 16 , Finished = 20 , CertificateUrl = 21 , CertificateStatus = 22 ,
  KeyUpdate = 24 , HelloRetryRequest = 253 , HandshakeCCS = 254 , None = 255
}
enum class  KDF_Algo : uint8_t { SHA_1 , SHA_256 , SHA_384 }
enum class  Kex_Algo : uint8_t {
  STATIC_RSA , DH , ECDH , PSK ,
  ECDHE_PSK , DHE_PSK , KEM , KEM_PSK ,
  HYBRID , HYBRID_PSK , UNDEFINED
}
enum class  Nonce_Format : uint8_t { CBC_MODE , AEAD_IMPLICIT_4 , AEAD_XOR_12 , NULL_CIPHER }
enum class  PSK_Key_Exchange_Mode : uint8_t { PSK_KE = 0 , PSK_DHE_KE = 1 }
enum class  Record_Type : uint8_t {
  Invalid = 0 , ChangeCipherSpec = 20 , Alert = 21 , Handshake = 22 ,
  ApplicationData = 23 , Heartbeat = 24
}
enum  Size_Limits : size_t {
  TLS_HEADER_SIZE = 5 , DTLS_HEADER_SIZE = TLS_HEADER_SIZE + 8 , MAX_PLAINTEXT_SIZE = 16 * 1024 , MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024 ,
  MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024 , MAX_AEAD_EXPANSION_SIZE_TLS13 = 255 , MAX_CIPHERTEXT_SIZE_TLS13 = MAX_PLAINTEXT_SIZE + MAX_AEAD_EXPANSION_SIZE_TLS13 + 1
}
enum class  Version_Code : uint16_t {
  TLS_V11 = 0x0302 , TLS_V12 = 0x0303 , TLS_V13 = 0x0304 , DTLS_V12 = 0xFEFD ,
  DTLS_V13 = 0xFEFC
}

Functions

template<typename T, typename Alloc, typename Alloc2>
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::vector< T, Alloc2 > &vals, size_t tag_size)
template<typename T, typename Alloc>
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
template<typename T, typename Alloc>
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, std::span< const T > vals, size_t tag_size)
template<typename Alloc>
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, std::string_view str, size_t tag_size)
Auth_Method auth_method_from_string (std::string_view str)
std::string auth_method_to_string (Auth_Method method)
Certificate_Type certificate_type_from_string (const std::string &type_str)
std::string certificate_type_to_string (Certificate_Type type)
uint16_t check_tls_cbc_padding (const uint8_t record[], size_t record_len)
const char * handshake_type_to_string (Handshake_Type type)
std::string kdf_algo_to_string (KDF_Algo algo)
Kex_Algo kex_method_from_string (std::string_view str)
std::string kex_method_to_string (Kex_Algo method)
bool key_exchange_is_psk (Kex_Algo m)
std::vector< uint8_t > make_hello_random (RandomNumberGenerator &rng, Callbacks &cb, const Policy &policy)
std::vector< uint8_t > make_server_hello_random (RandomNumberGenerator &rng, Protocol_Version offered_version, Callbacks &cb, const Policy &policy)
bool operator!= (const Server_Information &a, const Server_Information &b)
bool operator< (const Server_Information &a, const Server_Information &b)
auto operator< (const Session_ID &id1, const Session_ID &id2)
bool operator== (const Server_Information &a, const Server_Information &b)
Record_Header read_record (bool is_datagram, secure_vector< uint8_t > &readbuf, const uint8_t input[], size_t input_len, size_t &consumed, secure_vector< uint8_t > &recbuf, Connection_Sequence_Numbers *sequence_numbers, const get_cipherstate_fn &get_cipherstate, bool allow_epoch0_restart)
std::vector< AlgorithmIdentifierto_algorithm_identifiers (const std::vector< Signature_Scheme > &schemes)
void write_record (secure_vector< uint8_t > &output, Record_Type record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len, Connection_Cipher_State &cs, RandomNumberGenerator &rng)
void write_unencrypted_record (secure_vector< uint8_t > &output, Record_Type record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len)

Variables

constexpr uint64_t DOWNGRADE_TLS11 = 0x444F574E47524400
constexpr uint64_t DOWNGRADE_TLS12 = 0x444F574E47524401
constexpr std::array< uint8_t, 32 > HELLO_RETRY_REQUEST_MARKER

Detailed Description

Cipher_State state machine adapted from RFC 8446 7.1. 

                                0
                                |
                                v
                      PSK ->  HKDF-Extract = Early Secret
                                |
                                +-----> Derive-Secret(., "ext binder" | "res binder", "")
                                |                     = binder_key
                         STATE PSK BINDER

This state is reached by constructing the Cipher_State using init_with_psk(). The state can then be further advanced using advance_with_client_hello() once the initial Client Hello is fully generated. | +-----> Derive-Secret(., "c e traffic", ClientHello) | = client_early_traffic_secret | +-----> Derive-Secret(., "e exp master", ClientHello) | = early_exporter_master_secret v Derive-Secret(., "derived", "") |

  • STATE EARLY TRAFFIC This state is reached by calling advance_with_client_hello(). In this state the early data traffic secrets are available. TODO: implement early data. The state can then be further advanced using advance_with_server_hello().
  • | v (EC)DHE -> HKDF-Extract = Handshake Secret | +-----> Derive-Secret(., "c hs traffic", | ClientHello...ServerHello) | = client_handshake_traffic_secret | +-----> Derive-Secret(., "s hs traffic", | ClientHello...ServerHello) | = server_handshake_traffic_secret v Derive-Secret(., "derived", "") |
  • STATE HANDSHAKE TRAFFIC This state is reached by constructing Cipher_State using init_with_server_hello() or advance_with_server_hello(). In this state the handshake traffic secrets are available. The state can then be further advanced using advance_with_server_finished().
  • | v 0 -> HKDF-Extract = Master Secret | +-----> Derive-Secret(., "c ap traffic", | ClientHello...server Finished) | = client_application_traffic_secret_0 | +-----> Derive-Secret(., "s ap traffic", | ClientHello...server Finished) | = server_application_traffic_secret_0 | +-----> Derive-Secret(., "exp master", | ClientHello...server Finished) | = exporter_master_secret
  • STATE SERVER APPLICATION TRAFFIC This state is reached by calling advance_with_server_finished(). It allows the server to send application traffic and the client to receive it. The opposite direction is not yet possible in this state. The state can then be further advanced using advance_with_client_finished().
  • | +-----> Derive-Secret(., "res master", ClientHello...client Finished) = resumption_master_secret STATE COMPLETED Once this state is reached the handshake is finished, both client and server can exchange application data and no further cipher state advances are possible.

Wrapper type for a TLS 1.3 session ticket (C) 2023 Jack Lloyd 2023 René Meusel - Rohde & Schwarz Cybersecurity

Botan is released under the Simplified BSD License (see license.txt)

Composite key pair that exposes the Public/Private key API but combines multiple key agreement schemes into a hybrid algorithm.

(C) 2023 Jack Lloyd 2023 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity

Botan is released under the Simplified BSD License (see license.txt)

TLS Session Manger base class implementations (C) 2011-2023 Jack Lloyd 2022-2023 René Meusel - Rohde & Schwarz Cybersecurity

Botan is released under the Simplified BSD License (see license.txt)

Hybrid Session Manager that emits both IDs and Tickets (C) 2023 Jack Lloyd 2023 René Meusel - Rohde & Schwarz Cybersecurity

Botan is released under the Simplified BSD License (see license.txt)

TLS Session Management (C) 2011,2012 Jack Lloyd 2023 René Meusel - Rohde & Schwarz Cybersecurity

Botan is released under the Simplified BSD License (see license.txt)

TLS Stateless Session Manager for stateless servers (C) 2023 Jack Lloyd 2023 René Meusel - Rohde & Schwarz Cybersecurity

Botan is released under the Simplified BSD License (see license.txt)

Typedef Documentation

◆ BytesNeeded

using Botan::TLS::BytesNeeded = size_t

Definition at line 36 of file tls_record_layer_13.h.

◆ Client_Handshake_13_Message

using Botan::TLS::Client_Handshake_13_Message
Initial value:
std::variant<Client_Hello_13,
Client_Hello_12_Shim,
Certificate_13,
Certificate_Verify_13,
Finished_13>
Botan::TLS::Certificate_13
Definition tls_messages_13.h:166
Botan::TLS::Certificate_Verify_13
Definition tls_messages_13.h:324
Botan::TLS::Client_Hello_12_Shim
Definition tls_messages.h:156
Botan::TLS::Client_Hello_13
Definition tls_messages_13.h:29
Botan::TLS::Finished_13
Definition tls_messages_13.h:349

Definition at line 461 of file tls_messages_13.h.

◆ Client_Handshake_13_Message_Ref

using Botan::TLS::Client_Handshake_13_Message_Ref = detail::as_wrapped_references_t<Client_Handshake_13_Message>

Definition at line 467 of file tls_messages_13.h.

◆ Client_Handshake_State_13

using Botan::TLS::Client_Handshake_State_13
Initial value:
Handshake_State_13<Connection_Side::Client,
Client_Handshake_13_Message,
Server_Handshake_13_Message,
Server_Post_Handshake_13_Message>
Botan::TLS::Handshake_State_13
Definition tls_handshake_state_13.h:131
Botan::TLS::Server_Handshake_13_Message
std::variant< Server_Hello_13, Server_Hello_12_Shim, Hello_Retry_Request, Encrypted_Extensions, Certificate_13, Certificate_Request_13, Certificate_Verify_13, Finished_13 > Server_Handshake_13_Message
Definition tls_messages_13.h:451
Botan::TLS::Client_Handshake_13_Message
std::variant< Client_Hello_13, Client_Hello_12_Shim, Certificate_13, Certificate_Verify_13, Finished_13 > Client_Handshake_13_Message
Definition tls_messages_13.h:461
Botan::TLS::Server_Post_Handshake_13_Message
std::variant< New_Session_Ticket_13, Key_Update > Server_Post_Handshake_13_Message
Definition tls_messages_13.h:448

Definition at line 178 of file tls_handshake_state_13.h.

◆ Client_Post_Handshake_13_Message

using Botan::TLS::Client_Post_Handshake_13_Message = std::variant<Key_Update>

Definition at line 449 of file tls_messages_13.h.

◆ Default_Policy

typedef Policy Botan::TLS::Default_Policy

Definition at line 568 of file tls_policy.h.

◆ get_cipherstate_fn

typedef std::function<std::shared_ptr<Connection_Cipher_State>(uint16_t)> Botan::TLS::get_cipherstate_fn

Definition at line 154 of file tls_record.h.

◆ Handshake_Message_13

using Botan::TLS::Handshake_Message_13
Initial value:
std::variant<Client_Hello_13,
Client_Hello_12_Shim,
Server_Hello_13,
Server_Hello_12_Shim,
Hello_Retry_Request,
Encrypted_Extensions,
Certificate_13,
Certificate_Request_13,
Certificate_Verify_13,
Finished_13>
Botan::TLS::Certificate_Request_13
Definition tls_messages_13.h:290
Botan::TLS::Encrypted_Extensions
Definition tls_messages_13.h:146
Botan::TLS::Hello_Retry_Request
Definition tls_messages_13.h:134
Botan::TLS::Server_Hello_12_Shim
Definition tls_messages.h:210
Botan::TLS::Server_Hello_13
Definition tls_messages_13.h:80

Definition at line 430 of file tls_messages_13.h.

◆ Handshake_Message_13_Ref

using Botan::TLS::Handshake_Message_13_Ref = detail::as_wrapped_references_t<Handshake_Message_13>

Definition at line 441 of file tls_messages_13.h.

◆ Named_Group

using Botan::TLS::Named_Group = Group_Params

Definition at line 405 of file tls_extensions.h.

◆ Opaque_Session_Handle

using Botan::TLS::Opaque_Session_Handle = Strong<std::vector<uint8_t>, struct Opaque_Session_Handle_>

holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumption or a database handle.

Definition at line 29 of file tls_session_id.h.

◆ Post_Handshake_Message_13

using Botan::TLS::Post_Handshake_Message_13 = std::variant<New_Session_Ticket_13, Key_Update>

Definition at line 443 of file tls_messages_13.h.

◆ PresharedKeyID

using Botan::TLS::PresharedKeyID = Strong<std::string, struct PresharedKeyID_>

holds a PSK identity as used in TLS 1.3

Definition at line 22 of file tls_psk_identity_13.h.

◆ Server_Handshake_13_Message

using Botan::TLS::Server_Handshake_13_Message
Initial value:
std::variant<Server_Hello_13,
Server_Hello_12_Shim,
Hello_Retry_Request,
Encrypted_Extensions,
Certificate_13,
Certificate_Request_13,
Certificate_Verify_13,
Finished_13>

Definition at line 451 of file tls_messages_13.h.

◆ Server_Handshake_13_Message_Ref

using Botan::TLS::Server_Handshake_13_Message_Ref = detail::as_wrapped_references_t<Server_Handshake_13_Message>

Definition at line 459 of file tls_messages_13.h.

◆ Server_Handshake_State_13

using Botan::TLS::Server_Handshake_State_13
Initial value:
Handshake_State_13<Connection_Side::Server,
Server_Handshake_13_Message,
Client_Handshake_13_Message,
Client_Post_Handshake_13_Message>
Botan::TLS::Client_Post_Handshake_13_Message
std::variant< Key_Update > Client_Post_Handshake_13_Message
Definition tls_messages_13.h:449

Definition at line 183 of file tls_handshake_state_13.h.

◆ Server_Post_Handshake_13_Message

using Botan::TLS::Server_Post_Handshake_13_Message = std::variant<New_Session_Ticket_13, Key_Update>

Definition at line 448 of file tls_messages_13.h.

◆ Session_ID

using Botan::TLS::Session_ID = Strong<std::vector<uint8_t>, struct Session_ID_>

holds a TLS 1.2 session ID for stateful resumption

Definition at line 22 of file tls_session_id.h.

◆ Session_Ticket

using Botan::TLS::Session_Ticket = Strong<std::vector<uint8_t>, struct Session_Ticket_>

holds a TLS 1.2 session ticket for stateless resumption

Definition at line 25 of file tls_session_id.h.

◆ Ticket

typedef PskIdentity Botan::TLS::Ticket

Botan 3.0.0 used the class name "Ticket". In Botan 3.1.0 we decided to re-name it to the more generic term "PskIdentity" to better reflect its dual use case for resumption and externally provided PSKs.

Definition at line 71 of file tls_psk_identity_13.h.

◆ Ticket_Nonce

using Botan::TLS::Ticket_Nonce = Strong<std::vector<uint8_t>, struct Ticket_Nonce_>

Used to derive the ticket's PSK from the resumption_master_secret.

Definition at line 96 of file tls_magic.h.

◆ Transcript_Hash

using Botan::TLS::Transcript_Hash = std::vector<uint8_t>

Definition at line 93 of file tls_magic.h.

Enumeration Type Documentation

◆ AlertType

enum class Botan::TLS::AlertType : uint16_t
strong

Type codes for TLS alerts

The enumeration value matches the wire encoding

Enumerator
CloseNotify 
UnexpectedMessage 
BadRecordMac 
DecryptionFailed 
RecordOverflow 
DecompressionFailure 
HandshakeFailure 
NoCertificate 
BadCertificate 
UnsupportedCertificate 
CertificateRevoked 
CertificateExpired 
CertificateUnknown 
IllegalParameter 
UnknownCA 
AccessDenied 
DecodeError 
DecryptError 
ExportRestriction 
ProtocolVersion 
InsufficientSecurity 
InternalError 
InappropriateFallback 
UserCanceled 
NoRenegotiation 
MissingExtension 
UnsupportedExtension 
CertificateUnobtainable 
UnrecognizedName 
BadCertificateStatusResponse 
BadCertificateHashValue 
UnknownPSKIdentity 
CertificateRequired 
NoApplicationProtocol 
None 
CLOSE_NOTIFY 
NO_APPLICATION_PROTOCOL 
PROTOCOL_VERSION 

Definition at line 21 of file tls_alert.h.

21 : uint16_t {
22 CloseNotify = 0,
23 UnexpectedMessage = 10,
24 BadRecordMac = 20,
25 DecryptionFailed = 21,
26 RecordOverflow = 22,
27 DecompressionFailure = 30,
28 HandshakeFailure = 40,
29 NoCertificate = 41, // SSLv3 only
30 BadCertificate = 42,
31 UnsupportedCertificate = 43,
32 CertificateRevoked = 44,
33 CertificateExpired = 45,
34 CertificateUnknown = 46,
35 IllegalParameter = 47,
36 UnknownCA = 48,
37 AccessDenied = 49,
38 DecodeError = 50,
39 DecryptError = 51,
40 ExportRestriction = 60,
41 ProtocolVersion = 70,
42 InsufficientSecurity = 71,
43 InternalError = 80,
44 InappropriateFallback = 86,
45 UserCanceled = 90,
46 NoRenegotiation = 100,
47 MissingExtension = 109, // RFC 8446
48 UnsupportedExtension = 110,
49 CertificateUnobtainable = 111,
50 UnrecognizedName = 112,
51 BadCertificateStatusResponse = 113,
52 BadCertificateHashValue = 114,
53 UnknownPSKIdentity = 115,
54 CertificateRequired = 116, // RFC 8446
55 NoApplicationProtocol = 120, // RFC 7301
56
57 // pseudo alert values
58 None = 256,
59
60 // Compat enum variants, will be removed in a future major release
61 // TODO(Botan4): remove these
62 CLOSE_NOTIFY BOTAN_DEPRECATED("Use CloseNotify") = CloseNotify,
63 NO_APPLICATION_PROTOCOL BOTAN_DEPRECATED("Use NoApplicationProtocol") = NoApplicationProtocol,
64 PROTOCOL_VERSION BOTAN_DEPRECATED("Use ProtocolVersion") = ProtocolVersion,
65};
BOTAN_DEPRECATED
#define BOTAN_DEPRECATED(msg)
Definition api.h:73

◆ Auth_Method

enum class Botan::TLS::Auth_Method : uint32_t
strong
Enumerator
RSA 
ECDSA 
UNDEFINED 
IMPLICIT 

Definition at line 63 of file tls_algos.h.

63 : uint32_t {
64 RSA = 0,
65 ECDSA = 1,
66
67 // To support TLS 1.3 ciphersuites, which do not determine the auth method
68 UNDEFINED = 2,
69
70 // These are placed outside the encodable range
71 IMPLICIT = 0x10000
72};

◆ Certificate_Type

enum class Botan::TLS::Certificate_Type : uint8_t
strong
Enumerator
X509 
RawPublicKey 

Definition at line 279 of file tls_algos.h.

279: uint8_t { X509 = 0, RawPublicKey = 2 };

◆ Cipher_Algo

enum class Botan::TLS::Cipher_Algo : uint8_t
strong
Enumerator
CHACHA20_POLY1305 
AES_128_GCM 
AES_256_GCM 
AES_256_OCB 
CAMELLIA_128_GCM 
CAMELLIA_256_GCM 
ARIA_128_GCM 
ARIA_256_GCM 
AES_128_CCM 
AES_256_CCM 
AES_128_CCM_8 
AES_256_CCM_8 
AES_128_CBC_HMAC_SHA1 
AES_128_CBC_HMAC_SHA256 
AES_256_CBC_HMAC_SHA1 
AES_256_CBC_HMAC_SHA256 
AES_256_CBC_HMAC_SHA384 
DES_EDE_CBC_HMAC_SHA1 

Definition at line 18 of file tls_algos.h.

18 : uint8_t {
19 CHACHA20_POLY1305,
20
21 AES_128_GCM,
22 AES_256_GCM,
23
24 AES_256_OCB,
25
26 CAMELLIA_128_GCM,
27 CAMELLIA_256_GCM,
28
29 ARIA_128_GCM,
30 ARIA_256_GCM,
31
32 AES_128_CCM,
33 AES_256_CCM,
34 AES_128_CCM_8,
35 AES_256_CCM_8,
36
37 AES_128_CBC_HMAC_SHA1,
38 AES_128_CBC_HMAC_SHA256,
39 AES_256_CBC_HMAC_SHA1,
40 AES_256_CBC_HMAC_SHA256,
41 AES_256_CBC_HMAC_SHA384,
42
43 DES_EDE_CBC_HMAC_SHA1,
44};

◆ Connection_Side

enum class Botan::TLS::Connection_Side : uint8_t
strong
Enumerator
Client 
Server 
CLIENT 
SERVER 

Definition at line 44 of file tls_magic.h.

44 : uint8_t {
45 Client = 1,
46 Server = 2,
47
48 CLIENT BOTAN_DEPRECATED("Use Connection_Side::Client") = Client,
49 SERVER BOTAN_DEPRECATED("Use Connection_Side::Server") = Server,
50};

◆ Extension_Code

enum class Botan::TLS::Extension_Code : uint16_t
strong
Enumerator
ServerNameIndication 
CertificateStatusRequest 
SupportedGroups 
EcPointFormats 
SignatureAlgorithms 
CertSignatureAlgorithms 
UseSrtp 
ApplicationLayerProtocolNegotiation 
ClientCertificateType 
ServerCertificateType 
EncryptThenMac 
ExtendedMasterSecret 
RecordSizeLimit 
SessionTicket 
SupportedVersions 
PresharedKey 
EarlyData 
Cookie 
PskKeyExchangeModes 
CertificateAuthorities 
KeyShare 
SafeRenegotiation 

Definition at line 36 of file tls_extensions.h.

36 : uint16_t {
37 ServerNameIndication = 0,
38 CertificateStatusRequest = 5,
39
40 SupportedGroups = 10,
41 EcPointFormats = 11, // TLS 1.2 exclusive
42 SignatureAlgorithms = 13,
43 CertSignatureAlgorithms = 50,
44 UseSrtp = 14,
45 ApplicationLayerProtocolNegotiation = 16,
46
47 // SignedCertificateTimestamp = 18, // NYI
48
49 // RFC 7250 (Raw Public Keys in TLS)
50 ClientCertificateType = 19,
51 ServerCertificateType = 20,
52
53 EncryptThenMac = 22, // TLS 1.2 exclusive
54 ExtendedMasterSecret = 23, // TLS 1.2 exclusive
55
56 RecordSizeLimit = 28,
57
58 SessionTicket = 35, // TLS 1.2 exclusive
59
60 SupportedVersions = 43,
61
62 PresharedKey = 41, // TLS 1.3 exclusive
63 EarlyData = 42, // TLS 1.3 exclusive
64 Cookie = 44, // TLS 1.3 exclusive
65 PskKeyExchangeModes = 45, // TLS 1.3 exclusive
66 CertificateAuthorities = 47, // TLS 1.3 exclusive
67 KeyShare = 51, // TLS 1.3 exclusive
68
69 SafeRenegotiation = 65281, // TLS 1.2 exclusive
70};

◆ Group_Params_Code

enum class Botan::TLS::Group_Params_Code : uint16_t
strong
Enumerator
NONE 
SECP256R1 
SECP384R1 
SECP521R1 
BRAINPOOL256R1 
BRAINPOOL384R1 
BRAINPOOL512R1 
X25519 
X448 
FFDHE_2048 
FFDHE_3072 
FFDHE_4096 
FFDHE_6144 
FFDHE_8192 
ML_KEM_512 
ML_KEM_768 
ML_KEM_1024 
eFRODOKEM_640_SHAKE_OQS 
eFRODOKEM_976_SHAKE_OQS 
eFRODOKEM_1344_SHAKE_OQS 
eFRODOKEM_640_AES_OQS 
eFRODOKEM_976_AES_OQS 
eFRODOKEM_1344_AES_OQS 
HYBRID_SECP256R1_ML_KEM_768 
HYBRID_SECP384R1_ML_KEM_1024 
HYBRID_X25519_ML_KEM_768 
HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS 
HYBRID_X25519_eFRODOKEM_640_AES_OQS 
HYBRID_X448_eFRODOKEM_976_SHAKE_OQS 
HYBRID_X448_eFRODOKEM_976_AES_OQS 
HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS 
HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS 
HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS 
HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS 
HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS 
HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS 

Definition at line 80 of file tls_algos.h.

80 : uint16_t {
81 NONE = 0,
82
83 SECP256R1 = 23,
84 SECP384R1 = 24,
85 SECP521R1 = 25,
86 BRAINPOOL256R1 = 26,
87 BRAINPOOL384R1 = 27,
88 BRAINPOOL512R1 = 28,
89
90 X25519 = 29,
91 X448 = 30,
92
93 FFDHE_2048 = 256,
94 FFDHE_3072 = 257,
95 FFDHE_4096 = 258,
96 FFDHE_6144 = 259,
97 FFDHE_8192 = 260,
98
99 // https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/05/
100 ML_KEM_512 = 0x0200,
101 ML_KEM_768 = 0x0201,
102 ML_KEM_1024 = 0x0202,
103
104 // libOQS defines those in:
105 // https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
106 // (last update: 6th June 2025 - matching oqs commit 9447f68)
107 eFRODOKEM_640_SHAKE_OQS = 0xFE03,
108 eFRODOKEM_976_SHAKE_OQS = 0xFE09,
109 eFRODOKEM_1344_SHAKE_OQS = 0xFE0E,
110 eFRODOKEM_640_AES_OQS = 0xFE00,
111 eFRODOKEM_976_AES_OQS = 0xFE06,
112 eFRODOKEM_1344_AES_OQS = 0xFE0C,
113
114 // https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/03/
115 HYBRID_SECP256R1_ML_KEM_768 = 0x11EB,
116 HYBRID_SECP384R1_ML_KEM_1024 = 0x11ED,
117 HYBRID_X25519_ML_KEM_768 = 0x11EC,
118
119 // https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
120 // (last update: 6th June 2025 - matching oqs commit 9447f68)
121 HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS = 0xFE05,
122 HYBRID_X25519_eFRODOKEM_640_AES_OQS = 0xFE02,
123
124 HYBRID_X448_eFRODOKEM_976_SHAKE_OQS = 0xFE0B,
125 HYBRID_X448_eFRODOKEM_976_AES_OQS = 0xFE08,
126
127 HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS = 0xFE04,
128 HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS = 0xFE01,
129
130 HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS = 0xFE0A,
131 HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS = 0xFE07,
132
133 HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS = 0xFE0F,
134 HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS = 0xFE0D,
135};
Botan::NONE
@ NONE
Definition filter.h:170

◆ Handshake_Type

enum class Botan::TLS::Handshake_Type : uint8_t
strong
Enumerator
HelloRequest 
ClientHello 
ServerHello 
HelloVerifyRequest 
NewSessionTicket 
EndOfEarlyData 
EncryptedExtensions 
Certificate 
ServerKeyExchange 
CertificateRequest 
ServerHelloDone 
CertificateVerify 
ClientKeyExchange 
Finished 
CertificateUrl 
CertificateStatus 
KeyUpdate 
HelloRetryRequest 
HandshakeCCS 
None 

Definition at line 63 of file tls_magic.h.

63 : uint8_t {
64 HelloRequest = 0,
65 ClientHello = 1,
66 ServerHello = 2,
67 HelloVerifyRequest = 3,
68 NewSessionTicket = 4, // RFC 5077
69
70 EndOfEarlyData = 5, // RFC 8446 (TLS 1.3)
71 EncryptedExtensions = 8, // RFC 8446 (TLS 1.3)
72
73 Certificate = 11,
74 ServerKeyExchange = 12,
75 CertificateRequest = 13,
76 ServerHelloDone = 14,
77 CertificateVerify = 15,
78 ClientKeyExchange = 16,
79 Finished = 20,
80
81 CertificateUrl = 21,
82 CertificateStatus = 22,
83
84 KeyUpdate = 24, // RFC 8446 (TLS 1.3)
85
86 HelloRetryRequest = 253, // Not a wire value (HRR appears as an ordinary Server Hello)
87 HandshakeCCS = 254, // Not a wire value (TLS 1.3 uses this value for 'message_hash' -- RFC 8446 4.4.1)
88 None = 255 // Null value
89};

◆ KDF_Algo

enum class Botan::TLS::KDF_Algo : uint8_t
strong
Enumerator
SHA_1 
SHA_256 
SHA_384 

Definition at line 46 of file tls_algos.h.

46 : uint8_t {
47 SHA_1,
48 SHA_256,
49 SHA_384,
50};

◆ Kex_Algo

enum class Botan::TLS::Kex_Algo : uint8_t
strong
Enumerator
STATIC_RSA 
DH 
ECDH 
PSK 
ECDHE_PSK 
DHE_PSK 
KEM 
KEM_PSK 
HYBRID 
HYBRID_PSK 
UNDEFINED 

Definition at line 255 of file tls_algos.h.

255 : uint8_t {
256 STATIC_RSA,
257 DH,
258 ECDH,
259 PSK,
260 ECDHE_PSK,
261 DHE_PSK,
262 KEM,
263 KEM_PSK,
264 HYBRID,
265 HYBRID_PSK,
266
267 // To support TLS 1.3 ciphersuites, which do not determine the kex algo
268 UNDEFINED
269};

◆ Nonce_Format

enum class Botan::TLS::Nonce_Format : uint8_t
strong
Enumerator
CBC_MODE 
AEAD_IMPLICIT_4 
AEAD_XOR_12 
NULL_CIPHER 

Definition at line 54 of file tls_algos.h.

54 : uint8_t {
55 CBC_MODE,
56 AEAD_IMPLICIT_4,
57 AEAD_XOR_12,
58 NULL_CIPHER,
59};

◆ PSK_Key_Exchange_Mode

enum class Botan::TLS::PSK_Key_Exchange_Mode : uint8_t
strong
Enumerator
PSK_KE 
PSK_DHE_KE 

Definition at line 37 of file tls_extensions_13.h.

37: uint8_t { PSK_KE = 0, PSK_DHE_KE = 1 };

◆ Record_Type

enum class Botan::TLS::Record_Type : uint8_t
strong
Enumerator
Invalid 
ChangeCipherSpec 
Alert 
Handshake 
ApplicationData 
Heartbeat 

Definition at line 52 of file tls_magic.h.

52 : uint8_t {
53 Invalid = 0, // RFC 8446 (TLS 1.3)
54
55 ChangeCipherSpec = 20,
56 Alert = 21,
57 Handshake = 22,
58 ApplicationData = 23,
59
60 Heartbeat = 24, // RFC 6520 (TLS 1.3)
61};

◆ Size_Limits

enum Botan::TLS::Size_Limits : size_t

Protocol Constants for SSL/TLS

TODO(Botan4): this should not be an enum at all

Enumerator
TLS_HEADER_SIZE 
DTLS_HEADER_SIZE 
MAX_PLAINTEXT_SIZE 
MAX_COMPRESSED_SIZE 
MAX_CIPHERTEXT_SIZE 
MAX_AEAD_EXPANSION_SIZE_TLS13 
MAX_CIPHERTEXT_SIZE_TLS13 

Definition at line 25 of file tls_magic.h.

25 : size_t /* NOLINT(*-enum-size,*-use-enum-class) */ {
26 TLS_HEADER_SIZE = 5,
27 DTLS_HEADER_SIZE = TLS_HEADER_SIZE + 8,
28
29 // The "TLSInnerPlaintext" length, i.e. the maximum amount of plaintext
30 // application data that can be transmitted in a single TLS record.
31 MAX_PLAINTEXT_SIZE = 16 * 1024,
32
33 MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024,
34 MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024,
35
36 // RFC 8446 5.2:
37 // This limit is derived from the maximum TLSInnerPlaintext length of 2^14
38 // octets + 1 octet for ContentType + the maximum AEAD expansion of 255
39 // octets.
40 MAX_AEAD_EXPANSION_SIZE_TLS13 = 255,
41 MAX_CIPHERTEXT_SIZE_TLS13 = MAX_PLAINTEXT_SIZE + MAX_AEAD_EXPANSION_SIZE_TLS13 + 1
42};
Botan::TLS::MAX_CIPHERTEXT_SIZE
@ MAX_CIPHERTEXT_SIZE
Definition tls_magic.h:34
Botan::TLS::MAX_PLAINTEXT_SIZE
@ MAX_PLAINTEXT_SIZE
Definition tls_magic.h:31
Botan::TLS::MAX_CIPHERTEXT_SIZE_TLS13
@ MAX_CIPHERTEXT_SIZE_TLS13
Definition tls_magic.h:41
Botan::TLS::MAX_AEAD_EXPANSION_SIZE_TLS13
@ MAX_AEAD_EXPANSION_SIZE_TLS13
Definition tls_magic.h:40
Botan::TLS::TLS_HEADER_SIZE
@ TLS_HEADER_SIZE
Definition tls_magic.h:26
Botan::TLS::MAX_COMPRESSED_SIZE
@ MAX_COMPRESSED_SIZE
Definition tls_magic.h:33
Botan::TLS::DTLS_HEADER_SIZE
@ DTLS_HEADER_SIZE
Definition tls_magic.h:27

◆ Version_Code

enum class Botan::TLS::Version_Code : uint16_t
strong
Enumerator
TLS_V11 

TLSv1.1 (no longer supported).

TLS_V12 

TLSv1.2.

TLS_V13 

TLSv1.3.

DTLS_V12 

DTLSv1.2.

DTLS_V13 

DTLSv1.3 (not supported yet).

Definition at line 18 of file tls_version.h.

18 : uint16_t {
19 /// TLSv1.1 (no longer supported)
20 TLS_V11 = 0x0302,
21 /// TLSv1.2
22 TLS_V12 = 0x0303,
23 /// TLSv1.3
24 TLS_V13 = 0x0304,
25 /// DTLSv1.2
26 DTLS_V12 = 0xFEFD,
27 /// DTLSv1.3 (not supported yet)
28 DTLS_V13 = 0xFEFC,
29};
Botan::TLS::Version_Code::TLS_V11
@ TLS_V11
TLSv1.1 (no longer supported).
Definition tls_version.h:20
Botan::TLS::Version_Code::DTLS_V13
@ DTLS_V13
DTLSv1.3 (not supported yet).
Definition tls_version.h:28

Function Documentation

◆ append_tls_length_value() [1/4]

template<typename T, typename Alloc, typename Alloc2>
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > & buf,
const std::vector< T, Alloc2 > & vals,
size_t tag_size )
inline

Definition at line 207 of file tls_reader.h.

209 {
210 append_tls_length_value(buf, std::span{vals}, tag_size);
211}
Botan::TLS::append_tls_length_value
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition tls_reader.h:177

References append_tls_length_value().

◆ append_tls_length_value() [2/4]

template<typename T, typename Alloc>
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > & buf,
const T * vals,
size_t vals_size,
size_t tag_size )
inline

Helper function for encoding length-tagged vectors

Definition at line 177 of file tls_reader.h.

180 {
181 const size_t T_size = sizeof(T);
182 const size_t val_bytes = T_size * vals_size;
183
184 BOTAN_ARG_CHECK(tag_size == 1 || tag_size == 2 || tag_size == 3, "Invalid TLS tag size");
185
186 const size_t max_possible_size = (1 << (8 * tag_size)) - 1;
187
188 BOTAN_ARG_CHECK(val_bytes <= max_possible_size, "Value too large to encode");
189
190 for(size_t i = 0; i != tag_size; ++i) {
191 buf.push_back(get_byte_var(sizeof(val_bytes) - tag_size + i, val_bytes));
192 }
193
194 for(size_t i = 0; i != vals_size; ++i) {
195 for(size_t j = 0; j != T_size; ++j) {
196 buf.push_back(get_byte_var(j, vals[i]));
197 }
198 }
199}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::get_byte_var
constexpr uint8_t get_byte_var(size_t byte_num, T input)
Definition loadstor.h:69

References BOTAN_ARG_CHECK, and Botan::get_byte_var().

Referenced by append_tls_length_value(), append_tls_length_value(), append_tls_length_value(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Application_Layer_Protocol_Notification::serialize(), Botan::TLS::Certificate_13::serialize(), Botan::TLS::Certificate_Authorities::serialize(), Botan::TLS::Certificate_Request_12::serialize(), Botan::TLS::Certificate_Request_13::serialize(), Botan::TLS::Certificate_Type_Base::serialize(), Botan::TLS::Client_Hello::serialize(), Botan::TLS::New_Session_Ticket_12::serialize(), Botan::TLS::New_Session_Ticket_13::serialize(), Botan::TLS::PSK::serialize(), Botan::TLS::Renegotiation_Extension::serialize(), Botan::TLS::Server_Hello::serialize(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ append_tls_length_value() [3/4]

template<typename T, typename Alloc>
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > & buf,
std::span< const T > vals,
size_t tag_size )
inline

Definition at line 202 of file tls_reader.h.

202 {
203 append_tls_length_value(buf, vals.data(), vals.size(), tag_size);
204}

References append_tls_length_value().

◆ append_tls_length_value() [4/4]

template<typename Alloc>
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > & buf,
std::string_view str,
size_t tag_size )
inline

Definition at line 214 of file tls_reader.h.

214 {
215 append_tls_length_value(buf, as_span_of_bytes(str), tag_size);
216}
Botan::as_span_of_bytes
std::span< const uint8_t > as_span_of_bytes(const char *s, size_t len)
Definition mem_utils.h:59

References append_tls_length_value(), and Botan::as_span_of_bytes().

◆ auth_method_from_string()

Auth_Method BOTAN_TEST_API Botan::TLS::auth_method_from_string ( std::string_view str)

Definition at line 119 of file tls_algos.cpp.

119 {
120 if(str == "RSA") {
121 return Auth_Method::RSA;
122 }
123 if(str == "ECDSA") {
124 return Auth_Method::ECDSA;
125 }
126 if(str == "IMPLICIT") {
127 return Auth_Method::IMPLICIT;
128 }
129 if(str == "UNDEFINED") {
130 return Auth_Method::UNDEFINED;
131 }
132
133 throw Invalid_Argument(fmt("Unknown TLS signature method '{}'", str));
134}
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References ECDSA, Botan::fmt(), IMPLICIT, RSA, and UNDEFINED.

◆ auth_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::auth_method_to_string ( Auth_Method method)

Definition at line 104 of file tls_algos.cpp.

104 {
105 switch(method) {
106 case Auth_Method::RSA:
107 return "RSA";
108 case Auth_Method::ECDSA:
109 return "ECDSA";
110 case Auth_Method::IMPLICIT:
111 return "IMPLICIT";
112 case Auth_Method::UNDEFINED:
113 return "UNDEFINED";
114 }
115
116 throw Invalid_State("auth_method_to_string unknown enum value");
117}
Botan::Invalid_State
Definition exceptn.h:207

References ECDSA, IMPLICIT, RSA, and UNDEFINED.

Referenced by Botan::TLS::Ciphersuite::sig_algo().

◆ certificate_type_from_string()

Certificate_Type Botan::TLS::certificate_type_from_string ( const std::string & type_str)

Definition at line 419 of file tls_algos.cpp.

419 {
420 if(type_str == "X509") {
421 return Certificate_Type::X509;
422 } else if(type_str == "RawPublicKey") {
423 return Certificate_Type::RawPublicKey;
424 } else {
425 throw Decoding_Error("Unknown certificate type: " + type_str);
426 }
427}

References RawPublicKey, and X509.

Referenced by Botan::TLS::Text_Policy::read_cert_type_list().

◆ certificate_type_to_string()

std::string Botan::TLS::certificate_type_to_string ( Certificate_Type type)

Definition at line 408 of file tls_algos.cpp.

408 {
409 switch(type) {
410 case Certificate_Type::X509:
411 return "X509";
412 case Certificate_Type::RawPublicKey:
413 return "RawPublicKey";
414 }
415
416 return "Unknown";
417}

References RawPublicKey, and X509.

Referenced by Botan::TLS::Certificate_Type_Base::validate_selection().

◆ check_tls_cbc_padding()

BOTAN_TEST_API uint16_t Botan::TLS::check_tls_cbc_padding ( const uint8_t record[],
size_t record_len )

Check the TLS padding of a record

Parameters
recordthe record bits
record_lenlength of record
Returns
0 if padding is invalid, otherwise padding_bytes + 1

Definition at line 254 of file tls_cbc.cpp.

254 {
255 if(record_len == 0 || record_len > 0xFFFF) {
256 return 0;
257 }
258
259 const uint16_t rec16 = static_cast<uint16_t>(record_len);
260
261 /*
262 * TLS v1.0 and up require all the padding bytes be the same value
263 * and allows up to 255 bytes.
264 */
265
266 const uint16_t to_check = std::min<uint16_t>(256, static_cast<uint16_t>(record_len));
267 const uint8_t pad_byte = record[record_len - 1];
268 const uint16_t pad_bytes = 1 + pad_byte;
269
270 auto pad_invalid = CT::Mask<uint16_t>::is_lt(rec16, pad_bytes);
271
272 for(uint16_t i = rec16 - to_check; i != rec16; ++i) {
273 const uint16_t offset = rec16 - i;
274 const auto in_pad_range = CT::Mask<uint16_t>::is_lte(offset, pad_bytes);
275 const auto pad_correct = CT::Mask<uint16_t>::is_equal(record[i], pad_byte);
276 pad_invalid |= in_pad_range & ~pad_correct;
277 }
278
279 return pad_invalid.if_not_set_return(pad_bytes);
280}
Botan::CT::Mask::is_lte
static constexpr Mask< T > is_lte(T x, T y)
Definition ct_utils.h:463
Botan::CT::Mask::is_equal
static constexpr Mask< T > is_equal(T x, T y)
Definition ct_utils.h:442
Botan::CT::Mask::is_lt
static constexpr Mask< T > is_lt(T x, T y)
Definition ct_utils.h:450

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), and Botan::CT::Mask< T >::is_lte().

◆ handshake_type_to_string()

BOTAN_TEST_API const char * Botan::TLS::handshake_type_to_string ( Handshake_Type type)

Definition at line 15 of file tls_magic.cpp.

15 {
16 switch(type) {
17 case Handshake_Type::HelloVerifyRequest:
18 return "hello_verify_request";
19
20 case Handshake_Type::HelloRequest:
21 return "hello_request";
22
23 case Handshake_Type::ClientHello:
24 return "client_hello";
25
26 case Handshake_Type::ServerHello:
27 return "server_hello";
28
29 case Handshake_Type::HelloRetryRequest:
30 return "hello_retry_request";
31
32 case Handshake_Type::Certificate:
33 return "certificate";
34
35 case Handshake_Type::CertificateUrl:
36 return "certificate_url";
37
38 case Handshake_Type::CertificateStatus:
39 return "certificate_status";
40
41 case Handshake_Type::ServerKeyExchange:
42 return "server_key_exchange";
43
44 case Handshake_Type::CertificateRequest:
45 return "certificate_request";
46
47 case Handshake_Type::ServerHelloDone:
48 return "server_hello_done";
49
50 case Handshake_Type::CertificateVerify:
51 return "certificate_verify";
52
53 case Handshake_Type::ClientKeyExchange:
54 return "client_key_exchange";
55
56 case Handshake_Type::NewSessionTicket:
57 return "new_session_ticket";
58
59 case Handshake_Type::HandshakeCCS:
60 return "change_cipher_spec";
61
62 case Handshake_Type::Finished:
63 return "finished";
64
65 case Handshake_Type::EndOfEarlyData:
66 return "end_of_early_data";
67
68 case Handshake_Type::EncryptedExtensions:
69 return "encrypted_extensions";
70
71 case Handshake_Type::KeyUpdate:
72 return "key_update";
73
74 case Handshake_Type::None:
75 return "invalid";
76 }
77
78 throw TLS_Exception(Alert::UnexpectedMessage,
79 "Unknown TLS handshake message type " + std::to_string(static_cast<size_t>(type)));
80}

References Certificate, CertificateRequest, CertificateStatus, CertificateUrl, CertificateVerify, ClientHello, ClientKeyExchange, EncryptedExtensions, EndOfEarlyData, Finished, HandshakeCCS, HelloRequest, HelloRetryRequest, HelloVerifyRequest, KeyUpdate, NewSessionTicket, None, ServerHello, ServerHelloDone, and ServerKeyExchange.

Referenced by Botan::TLS::Handshake_Transitions::confirm_transition_to(), Botan::TLS::Key_Share::Key_Share(), and Botan::TLS::Handshake_Message::type_string().

◆ kdf_algo_to_string()

std::string BOTAN_DLL Botan::TLS::kdf_algo_to_string ( KDF_Algo algo)

Definition at line 14 of file tls_algos.cpp.

14 {
15 switch(algo) {
16 case KDF_Algo::SHA_1:
17 return "SHA-1";
18 case KDF_Algo::SHA_256:
19 return "SHA-256";
20 case KDF_Algo::SHA_384:
21 return "SHA-384";
22 }
23
24 throw Invalid_State("kdf_algo_to_string unknown enum value");
25}

References SHA_1, SHA_256, and SHA_384.

Referenced by Botan::TLS::Ciphersuite::prf_algo().

◆ kex_method_from_string()

Kex_Algo BOTAN_TEST_API Botan::TLS::kex_method_from_string ( std::string_view str)

Definition at line 56 of file tls_algos.cpp.

56 {
57 if(str == "RSA") {
58 return Kex_Algo::STATIC_RSA;
59 }
60
61 if(str == "DH") {
62 return Kex_Algo::DH;
63 }
64
65 if(str == "ECDH") {
66 return Kex_Algo::ECDH;
67 }
68
69 if(str == "PSK") {
70 return Kex_Algo::PSK;
71 }
72
73 if(str == "ECDHE_PSK") {
74 return Kex_Algo::ECDHE_PSK;
75 }
76
77 if(str == "DHE_PSK") {
78 return Kex_Algo::DHE_PSK;
79 }
80
81 if(str == "KEM") {
82 return Kex_Algo::KEM;
83 }
84
85 if(str == "KEM_PSK") {
86 return Kex_Algo::KEM_PSK;
87 }
88
89 if(str == "HYBRID") {
90 return Kex_Algo::HYBRID;
91 }
92
93 if(str == "HYBRID_PSK") {
94 return Kex_Algo::HYBRID_PSK;
95 }
96
97 if(str == "UNDEFINED") {
98 return Kex_Algo::UNDEFINED;
99 }
100
101 throw Invalid_Argument(fmt("Unknown kex method '{}'", str));
102}

References DH, DHE_PSK, ECDH, ECDHE_PSK, Botan::fmt(), HYBRID, HYBRID_PSK, KEM, KEM_PSK, PSK, STATIC_RSA, and UNDEFINED.

◆ kex_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::kex_method_to_string ( Kex_Algo method)

Definition at line 27 of file tls_algos.cpp.

27 {
28 switch(method) {
29 case Kex_Algo::STATIC_RSA:
30 return "RSA";
31 case Kex_Algo::DH:
32 return "DH";
33 case Kex_Algo::ECDH:
34 return "ECDH";
35 case Kex_Algo::PSK:
36 return "PSK";
37 case Kex_Algo::ECDHE_PSK:
38 return "ECDHE_PSK";
39 case Kex_Algo::DHE_PSK:
40 return "DHE_PSK";
41 case Kex_Algo::KEM:
42 return "KEM";
43 case Kex_Algo::KEM_PSK:
44 return "KEM_PSK";
45 case Kex_Algo::HYBRID:
46 return "HYBRID";
47 case Kex_Algo::HYBRID_PSK:
48 return "HYBRID_PSK";
49 case Kex_Algo::UNDEFINED:
50 return "UNDEFINED";
51 }
52
53 throw Invalid_State("kex_method_to_string unknown enum value");
54}

References DH, DHE_PSK, ECDH, ECDHE_PSK, HYBRID, HYBRID_PSK, KEM, KEM_PSK, PSK, STATIC_RSA, and UNDEFINED.

Referenced by Botan::TLS::Ciphersuite::kex_algo(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ key_exchange_is_psk()

bool Botan::TLS::key_exchange_is_psk ( Kex_Algo m)
inline

Definition at line 274 of file tls_algos.h.

274 {
275 return (m == Kex_Algo::PSK || m == Kex_Algo::ECDHE_PSK || m == Kex_Algo::DHE_PSK);
276}

References DHE_PSK, ECDHE_PSK, and PSK.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ make_hello_random()

std::vector< uint8_t > Botan::TLS::make_hello_random ( RandomNumberGenerator & rng,
Callbacks & cb,
const Policy & policy )

Generate a (client) hello random value.

Depending on the policy, the RNG output may be hashed and if TLS 1.2 is offered, the random value may contain a timestamp.

Definition at line 25 of file msg_client_hello.cpp.

25 {
26 auto buf = rng.random_vec<std::vector<uint8_t>>(32);
27
28 if(policy.hash_hello_random()) {
29 auto sha256 = HashFunction::create_or_throw("SHA-256");
30 sha256->update(buf);
31 sha256->final(buf);
32 }
33
34 // TLS 1.3 does not require the insertion of a timestamp in the client hello
35 // random. When offering both TLS 1.2 and 1.3 we nevertheless comply with the
36 // legacy specification.
37 if(policy.include_time_in_hello_random() && (policy.allow_tls12() || policy.allow_dtls12())) {
38 const uint32_t time32 = static_cast<uint32_t>(std::chrono::system_clock::to_time_t(cb.tls_current_timestamp()));
39
40 store_be(time32, buf.data());
41 }
42
43 return buf;
44}
Botan::HashFunction::create_or_throw
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:308
Botan::RandomNumberGenerator::random_vec
void random_vec(std::span< uint8_t > v)
Definition rng.h:204
Botan::TLS::Callbacks::tls_current_timestamp
virtual std::chrono::system_clock::time_point tls_current_timestamp()
Definition tls_callbacks.cpp:61
Botan::TLS::Policy::include_time_in_hello_random
virtual bool include_time_in_hello_random() const
Definition tls_policy.cpp:398
Botan::TLS::Policy::allow_tls12
virtual bool allow_tls12() const
Definition tls_policy.cpp:374
Botan::TLS::Policy::hash_hello_random
virtual bool hash_hello_random() const
Definition tls_policy.cpp:430
Botan::TLS::Policy::allow_dtls12
virtual bool allow_dtls12() const
Definition tls_policy.cpp:390
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745

References Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls12(), Botan::HashFunction::create_or_throw(), Botan::TLS::Policy::hash_hello_random(), Botan::TLS::Policy::include_time_in_hello_random(), Botan::RandomNumberGenerator::random_vec(), Botan::store_be(), and Botan::TLS::Callbacks::tls_current_timestamp().

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_13::Client_Hello_13(), make_server_hello_random(), and Botan::TLS::Server_Hello_12::Server_Hello_12().

◆ make_server_hello_random()

std::vector< uint8_t > Botan::TLS::make_server_hello_random ( RandomNumberGenerator & rng,
Protocol_Version offered_version,
Callbacks & cb,
const Policy & policy )

Generate a server hello random value for the given protocol version.

Depending on the protocol version, the random value is generated differently. For instance, TLS 1.2 requested a timestamp in the random value. Also, when downgrading to TLS 1.2 from a peer that could also negotiate TLS 1.3, the random value must be slightly modified to signal the downgrade.

Definition at line 24 of file msg_server_hello.cpp.

27 {
28 BOTAN_UNUSED(offered_version);
29 auto random = make_hello_random(rng, cb, policy);
30
31 // RFC 8446 4.1.3
32 // TLS 1.3 has a downgrade protection mechanism embedded in the server's
33 // random value. TLS 1.3 servers which negotiate TLS 1.2 or below in
34 // response to a ClientHello MUST set the last 8 bytes of their Random
35 // value specially in their ServerHello.
36 //
37 // If negotiating TLS 1.2, TLS 1.3 servers MUST set the last 8 bytes of
38 // their Random value to the bytes: [DOWNGRADE_TLS12]
39 if(offered_version.is_pre_tls_13() && policy.allow_tls13()) {
40 constexpr size_t downgrade_signal_length = sizeof(DOWNGRADE_TLS12);
41 BOTAN_ASSERT_NOMSG(random.size() >= downgrade_signal_length);
42 const auto lastbytes = std::span{random}.last(downgrade_signal_length);
43 store_be(DOWNGRADE_TLS12, lastbytes);
44 }
45
46 return random;
47}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::TLS::Policy::allow_tls13
virtual bool allow_tls13() const
Definition tls_policy.cpp:382
Botan::TLS::Protocol_Version::is_pre_tls_13
bool is_pre_tls_13() const
Definition tls_version.cpp:58
Botan::TLS::DOWNGRADE_TLS12
constexpr uint64_t DOWNGRADE_TLS12
Definition tls_magic.h:118
Botan::TLS::make_hello_random
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, Callbacks &cb, const Policy &policy)
Definition msg_client_hello.cpp:25

References Botan::TLS::Policy::allow_tls13(), BOTAN_ASSERT_NOMSG, BOTAN_UNUSED, DOWNGRADE_TLS12, Botan::TLS::Protocol_Version::is_pre_tls_13(), make_hello_random(), and Botan::store_be().

Referenced by Botan::TLS::Server_Hello_12::Server_Hello_12(), and Botan::TLS::Server_Hello_13::Server_Hello_13().

◆ operator!=()

bool Botan::TLS::operator!= ( const Server_Information & a,
const Server_Information & b )
inline

Definition at line 75 of file tls_server_info.h.

75 {
76 return !(a == b);
77}

◆ operator<() [1/2]

bool Botan::TLS::operator< ( const Server_Information & a,
const Server_Information & b )
inline

Definition at line 79 of file tls_server_info.h.

79 {
80 if(a.hostname() != b.hostname()) {
81 return (a.hostname() < b.hostname());
82 }
83 if(a.service() != b.service()) {
84 return (a.service() < b.service());
85 }
86 if(a.port() != b.port()) {
87 return (a.port() < b.port());
88 }
89 return false; // equal
90}
Botan::TLS::Server_Information::port
uint16_t port() const
Definition tls_server_info.h:58
Botan::TLS::Server_Information::service
std::string service() const
Definition tls_server_info.h:53
Botan::TLS::Server_Information::hostname
std::string hostname() const
Definition tls_server_info.h:47

References Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

◆ operator<() [2/2]

auto Botan::TLS::operator< ( const Session_ID & id1,
const Session_ID & id2 )
inline

Definition at line 31 of file tls_session_id.h.

31 {
32 return id1.get() < id2.get();
33}
Botan::detail::Strong_Base::get
constexpr T & get() &
Definition strong_type.h:85

References Botan::detail::Strong_Base< T >::get().

◆ operator==()

bool Botan::TLS::operator== ( const Server_Information & a,
const Server_Information & b )
inline

Definition at line 71 of file tls_server_info.h.

71 {
72 return (a.hostname() == b.hostname()) && (a.service() == b.service()) && (a.port() == b.port());
73}

References Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

◆ read_record()

Record_Header Botan::TLS::read_record ( bool is_datagram,
secure_vector< uint8_t > & read_buffer,
const uint8_t input[],
size_t input_len,
size_t & consumed,
secure_vector< uint8_t > & record_buf,
Connection_Sequence_Numbers * sequence_numbers,
const get_cipherstate_fn & get_cipherstate,
bool allow_epoch0_restart )

Decode a TLS record

Returns
zero if full message, else number of bytes still needed

Definition at line 515 of file tls_record.cpp.

523 {
524 if(is_datagram) {
525 return read_dtls_record(
526 readbuf, input, input_len, consumed, recbuf, sequence_numbers, get_cipherstate, allow_epoch0_restart);
527 } else {
528 return read_tls_record(readbuf, input, input_len, consumed, recbuf, sequence_numbers, get_cipherstate);
529 }
530}

Referenced by Botan::TLS::Channel_Impl_12::from_peer().

◆ to_algorithm_identifiers()

std::vector< AlgorithmIdentifier > Botan::TLS::to_algorithm_identifiers ( const std::vector< Signature_Scheme > & schemes)

Definition at line 336 of file tls_signature_scheme.cpp.

336 {
337 std::vector<AlgorithmIdentifier> result;
338 result.reserve(schemes.size());
339 for(const auto& scheme : schemes) {
340 result.push_back(scheme.algorithm_identifier());
341 }
342 return result;
343}

Referenced by Botan::TLS::Certificate_13::Certificate_13(), and Botan::TLS::Certificate_13::Certificate_13().

◆ write_record()

void Botan::TLS::write_record ( secure_vector< uint8_t > & write_buffer,
Record_Type record_type,
Protocol_Version record_version,
uint64_t record_sequence,
const uint8_t * message,
size_t message_len,
Connection_Cipher_State & cipherstate,
RandomNumberGenerator & rng )

Create a TLS record

Parameters
write_bufferthe output record is placed here
record_typethe record layer type
record_versionthe record layer version
record_sequencethe record layer sequence number
messagethe record contents
message_lenis size of message
cipherstateis the writing cipher state
rngis a random number generator

Definition at line 227 of file tls_record.cpp.

234 {
235 write_record_header(output, record_type, version, record_sequence);
236
237 AEAD_Mode& aead = cs.aead();
238 std::vector<uint8_t> aad = cs.format_ad(record_sequence, record_type, version, static_cast<uint16_t>(message_len));
239
240 const size_t ctext_size = aead.output_length(message_len);
241
242 const size_t rec_size = ctext_size + cs.nonce_bytes_from_record();
243
244 aead.set_associated_data(aad);
245
246 const std::vector<uint8_t> nonce = cs.aead_nonce(record_sequence, rng);
247
248 append_u16_len(output, rec_size);
249
250 if(cs.nonce_bytes_from_record() > 0) {
251 if(cs.nonce_format() == Nonce_Format::CBC_MODE) {
252 output += nonce;
253 } else {
254 output += std::make_pair(&nonce[cs.nonce_bytes_from_handshake()], cs.nonce_bytes_from_record());
255 }
256 }
257
258 const size_t header_size = output.size();
259 output += std::make_pair(message, message_len);
260
261 aead.start(nonce);
262 aead.finish(output, header_size);
263
264 BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE, "Produced ciphertext larger than protocol allows");
265}
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
Botan::AEAD_Mode
Definition aead.h:24
Botan::AEAD_Mode::set_associated_data
void set_associated_data(std::span< const uint8_t > ad)
Definition aead.h:59
Botan::Cipher_Mode::start
void start(std::span< const uint8_t > nonce)
Definition cipher_mode.h:97
Botan::Cipher_Mode::finish
void finish(secure_vector< uint8_t > &final_block, size_t offset=0)
Definition cipher_mode.h:178
Botan::Cipher_Mode::output_length
virtual size_t output_length(size_t input_length) const =0

References Botan::TLS::Connection_Cipher_State::aead(), Botan::TLS::Connection_Cipher_State::aead_nonce(), BOTAN_ASSERT, CBC_MODE, Botan::Cipher_Mode::finish(), Botan::TLS::Connection_Cipher_State::format_ad(), MAX_CIPHERTEXT_SIZE, Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake(), Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record(), Botan::TLS::Connection_Cipher_State::nonce_format(), Botan::Cipher_Mode::output_length(), Botan::AEAD_Mode::set_associated_data(), and Botan::Cipher_Mode::start().

◆ write_unencrypted_record()

void Botan::TLS::write_unencrypted_record ( secure_vector< uint8_t > & write_buffer,
Record_Type record_type,
Protocol_Version record_version,
uint64_t record_sequence,
const uint8_t * message,
size_t message_len )

Create an initial (unencrypted) TLS handshake record

Parameters
write_bufferthe output record is placed here
record_typethe record layer type
record_versionthe record layer version
record_sequencethe record layer sequence number
messagethe record contents
message_lenis size of message

Definition at line 213 of file tls_record.cpp.

218 {
219 if(record_type == Record_Type::ApplicationData) {
220 throw Internal_Error("Writing an unencrypted TLS application data record");
221 }
222 write_record_header(output, record_type, version, record_sequence);
223 append_u16_len(output, message_len);
224 output.insert(output.end(), message, message + message_len);
225}
Botan::Internal_Error
Definition exceptn.h:322

References ApplicationData.

Variable Documentation

◆ DOWNGRADE_TLS11

uint64_t Botan::TLS::DOWNGRADE_TLS11 = 0x444F574E47524400
constexpr

Magic values used to signal a downgrade request to TLS 1.1.

RFC 8446 4.1.3: TLS 1.3 has a downgrade protection mechanism embedded in the server's random value. TLS 1.3 servers which negotiate TLS 1.2 or below in response to a ClientHello MUST set the last 8 bytes of their Random value specially in their ServerHello.

Definition at line 107 of file tls_magic.h.

Referenced by Botan::TLS::Server_Hello_12_Shim::random_signals_downgrade(), and Botan::TLS::Server_Hello_13::random_signals_downgrade().

◆ DOWNGRADE_TLS12

uint64_t Botan::TLS::DOWNGRADE_TLS12 = 0x444F574E47524401
constexpr

Magic values used to signal a downgrade request to TLS 1.2.

RFC 8446 4.1.3: TLS 1.3 has a downgrade protection mechanism embedded in the server's random value. TLS 1.3 servers which negotiate TLS 1.2 or below in response to a ClientHello MUST set the last 8 bytes of their Random value specially in their ServerHello.

Definition at line 118 of file tls_magic.h.

Referenced by make_server_hello_random(), Botan::TLS::Server_Hello_12_Shim::random_signals_downgrade(), and Botan::TLS::Server_Hello_13::random_signals_downgrade().

◆ HELLO_RETRY_REQUEST_MARKER

std::array<uint8_t, 32> Botan::TLS::HELLO_RETRY_REQUEST_MARKER
constexpr
Initial value:
= {
0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C}

RFC 8446 4.1.3: For reasons of backward compatibility with middleboxes, the HelloRetryRequest message uses the same structure as the ServerHello, but with Random set to the special value of the SHA-256 of "HelloRetryRequest":

Definition at line 126 of file tls_magic.h.

126 {
127 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
128 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C};

Referenced by Botan::TLS::Hello_Retry_Request::Hello_Retry_Request(), and Botan::TLS::Server_Hello_Internal::Server_Hello_Internal().

Generated by doxygen 1.15.0