Botan 3.0.0-alpha0
Crypto and TLS for C&
Namespaces | Classes | Typedefs | Enumerations | Functions
Botan::TLS Namespace Reference

Namespaces

namespace  detail
 
namespace  Internal
 

Classes

class  Alert
 
class  Application_Layer_Protocol_Notification
 
struct  BotanAlertCategory
 An error category for TLS alerts. More...
 
class  BSI_TR_02102_2
 
class  Callbacks
 
class  Certificate_12
 
class  Certificate_13
 
class  Certificate_Request_12
 
class  Certificate_Status
 
class  Certificate_Status_Request
 
class  Certificate_Verify
 
class  Certificate_Verify_12
 
class  Change_Cipher_Spec
 
class  Channel
 
class  Channel_Impl
 
class  Channel_Impl_12
 
class  Channel_Impl_13
 
class  Cipher_State
 
class  Ciphersuite
 
class  Client
 
class  Client_Hello
 
class  Client_Hello_12
 
class  Client_Impl_12
 
class  Client_Impl_13
 
class  Client_Key_Exchange
 
class  Connection_Cipher_State
 
class  Connection_Sequence_Numbers
 
class  Context
 
class  Datagram_Handshake_IO
 
class  Datagram_Policy
 
class  Datagram_Sequence_Numbers
 
class  Encrypt_then_MAC
 
class  Encrypted_Extensions
 
class  Extended_Master_Secret
 
class  Extension
 
class  Extensions
 
class  Finished
 
class  Finished_12
 
class  Handshake_Hash
 
class  Handshake_IO
 
class  Handshake_Layer
 
class  Handshake_Message
 
class  Handshake_State
 
class  Handshake_State_13
 
class  Handshake_Transitions
 
class  Hello_Request
 
class  Hello_Verify_Request
 
class  Key_Update
 
class  New_Session_Ticket_12
 
class  NSA_Suite_B_128
 
class  NSA_Suite_B_192
 
class  Policy
 
class  Protocol_Version
 
struct  Record
 
class  Record_Header
 
class  Record_Layer
 
class  Record_Size_Limit
 
class  Renegotiation_Extension
 
class  Server
 
class  Server_Hello
 
class  Server_Hello_12
 
class  Server_Hello_Done
 
class  Server_Impl
 
class  Server_Impl_12
 
class  Server_Information
 
class  Server_Key_Exchange
 
class  Server_Name_Indicator
 
class  Session
 
class  Session_Keys
 
class  Session_Manager
 
class  Session_Manager_In_Memory
 
class  Session_Manager_Noop
 
class  Session_Manager_SQL
 
class  Session_Manager_SQLite
 
class  Session_Ticket
 
class  Signature_Algorithms
 
class  Signature_Scheme
 
class  SRTP_Protection_Profiles
 
class  Stream
 boost::asio compatible SSL/TLS stream More...
 
class  Stream_Handshake_IO
 
class  Stream_Sequence_Numbers
 
struct  StreamCategory
 An error category for errors from the TLS::Stream. More...
 
class  Strict_Policy
 
class  Supported_Groups
 
class  Supported_Point_Formats
 
class  Supported_Versions
 
class  Text_Policy
 
class  TLS_CBC_HMAC_AEAD_Decryption
 
class  TLS_CBC_HMAC_AEAD_Encryption
 
class  TLS_CBC_HMAC_AEAD_Mode
 
class  TLS_Data_Reader
 
class  TLS_Exception
 
class  Transcript_Hash_State
 
class  Unexpected_Message
 
class  Unknown_Extension
 

Typedefs

using BytesNeeded = size_t
 
using Client_Handshake_State_13 = Handshake_State_13< Connection_Side::CLIENT, Client_Handshake_13_Message, Server_Handshake_13_Message >
 
typedef Policy Default_Policy
 
typedef std::function< std::shared_ptr< Connection_Cipher_State >(uint16_t)> get_cipherstate_fn
 
using Named_Group = Group_Params
 
using Server_Handshake_State_13 = Handshake_State_13< Connection_Side::SERVER, Server_Handshake_13_Message, Client_Handshake_13_Message >
 
using Transcript_Hash = std::vector< uint8_t >
 

Enumerations

enum  { TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF }
 
enum class  Auth_Method { RSA , ECDSA , UNDEFINED , IMPLICIT = 0x10000 }
 
enum class  Cipher_Algo {
  CHACHA20_POLY1305 , AES_128_GCM , AES_256_GCM , AES_256_OCB ,
  CAMELLIA_128_GCM , CAMELLIA_256_GCM , ARIA_128_GCM , ARIA_256_GCM ,
  AES_128_CCM , AES_256_CCM , AES_128_CCM_8 , AES_256_CCM_8 ,
  AES_128_CBC_HMAC_SHA1 , AES_128_CBC_HMAC_SHA256 , AES_256_CBC_HMAC_SHA1 , AES_256_CBC_HMAC_SHA256 ,
  AES_256_CBC_HMAC_SHA384 , DES_EDE_CBC_HMAC_SHA1
}
 
enum  Connection_Side { CLIENT = 1 , SERVER = 2 }
 
enum class  Group_Params : uint16_t {
  NONE = 0 , SECP256R1 = 23 , SECP384R1 = 24 , SECP521R1 = 25 ,
  BRAINPOOL256R1 = 26 , BRAINPOOL384R1 = 27 , BRAINPOOL512R1 = 28 , X25519 = 29 ,
  FFDHE_2048 = 256 , FFDHE_3072 = 257 , FFDHE_4096 = 258 , FFDHE_6144 = 259 ,
  FFDHE_8192 = 260
}
 
enum  Handshake_Extension_Type {
  TLSEXT_SERVER_NAME_INDICATION = 0 , TLSEXT_CERT_STATUS_REQUEST = 5 , TLSEXT_CERTIFICATE_TYPES = 9 , TLSEXT_SUPPORTED_GROUPS = 10 ,
  TLSEXT_EC_POINT_FORMATS = 11 , TLSEXT_SIGNATURE_ALGORITHMS = 13 , TLSEXT_USE_SRTP = 14 , TLSEXT_ALPN = 16 ,
  TLSEXT_ENCRYPT_THEN_MAC = 22 , TLSEXT_EXTENDED_MASTER_SECRET = 23 , TLSEXT_RECORD_SIZE_LIMIT = 28 , TLSEXT_SESSION_TICKET = 35 ,
  TLSEXT_SUPPORTED_VERSIONS = 43 , TLSEXT_SAFE_RENEGOTIATION = 65281
}
 
enum  Handshake_Type {
  HELLO_REQUEST = 0 , CLIENT_HELLO = 1 , SERVER_HELLO = 2 , HELLO_VERIFY_REQUEST = 3 ,
  NEW_SESSION_TICKET = 4 , END_OF_EARLY_DATA = 5 , ENCRYPTED_EXTENSIONS = 8 , CERTIFICATE = 11 ,
  SERVER_KEX = 12 , CERTIFICATE_REQUEST = 13 , SERVER_HELLO_DONE = 14 , CERTIFICATE_VERIFY = 15 ,
  CLIENT_KEX = 16 , FINISHED = 20 , CERTIFICATE_URL = 21 , CERTIFICATE_STATUS = 22 ,
  KEY_UPDATE = 24 , HELLO_RETRY_REQUEST = 253 , HANDSHAKE_CCS = 254 , HANDSHAKE_NONE = 255
}
 
enum class  KDF_Algo { SHA_1 , SHA_256 , SHA_384 }
 
enum class  Kex_Algo {
  STATIC_RSA , DH , ECDH , CECPQ1 ,
  PSK , ECDHE_PSK , UNDEFINED
}
 
enum class  Nonce_Format { CBC_MODE , AEAD_IMPLICIT_4 , AEAD_XOR_12 }
 
enum  Record_Type {
  INVALID = 0 , CHANGE_CIPHER_SPEC = 20 , ALERT = 21 , HANDSHAKE = 22 ,
  APPLICATION_DATA = 23 , HEARTBEAT = 24 , NO_RECORD = 256
}
 
enum  Size_Limits : size_t {
  TLS_HEADER_SIZE = 5 , DTLS_HEADER_SIZE = TLS_HEADER_SIZE + 8 , MAX_PLAINTEXT_SIZE = 16*1024 , MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024 ,
  MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024 , MAX_AEAD_EXPANSION_SIZE_TLS13 = 255 , MAX_CIPHERTEXT_SIZE_TLS13 = MAX_PLAINTEXT_SIZE + MAX_AEAD_EXPANSION_SIZE_TLS13 + 1
}
 
enum  StreamError { StreamTruncated = 1 }
 

Functions

template<typename Alloc >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::string &str, size_t tag_size)
 
template<typename T , typename Alloc , typename Alloc2 >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::vector< T, Alloc2 > &vals, size_t tag_size)
 
template<typename T , typename Alloc >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
 
Auth_Method auth_method_from_string (const std::string &str)
 
std::string auth_method_to_string (Auth_Method method)
 
const BotanAlertCategorybotan_alert_category () noexcept
 
const StreamCategorybotan_stream_category ()
 
uint16_t check_tls_cbc_padding (const uint8_t record[], size_t record_len)
 
Group_Params group_param_from_string (const std::string &group_name)
 
bool group_param_is_dh (Group_Params group)
 
std::string group_param_to_string (Group_Params group)
 
const char * handshake_type_to_string (Handshake_Type type)
 
std::string kdf_algo_to_string (KDF_Algo algo)
 
Kex_Algo kex_method_from_string (const std::string &str)
 
std::string kex_method_to_string (Kex_Algo method)
 
bool key_exchange_is_psk (Kex_Algo m)
 
boost::system::error_code make_error_code (Botan::TLS::Alert::Type c)
 
boost::system::error_code make_error_code (Botan::TLS::StreamError e)
 
std::vector< uint8_t > make_hello_random (RandomNumberGenerator &rng, Callbacks &cb, const Policy &policy)
 
bool operator!= (const Server_Information &a, const Server_Information &b)
 
bool operator< (const Server_Information &a, const Server_Information &b)
 
bool operator== (const Server_Information &a, const Server_Information &b)
 
Record_Header read_record (bool is_datagram, secure_vector< uint8_t > &readbuf, const uint8_t input[], size_t input_len, size_t &consumed, secure_vector< uint8_t > &recbuf, Connection_Sequence_Numbers *sequence_numbers, const get_cipherstate_fn &get_cipherstate, bool allow_epoch0_restart)
 
void write_record (secure_vector< uint8_t > &output, uint8_t record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len, Connection_Cipher_State &cs, RandomNumberGenerator &rng)
 
void write_unencrypted_record (secure_vector< uint8_t > &output, uint8_t record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len)
 

Detailed Description

Cipher_State state machine adapted from RFC 8446 7.1.

                                0
                                |
                                v
                      PSK ->  HKDF-Extract = Early Secret
                                |
                                +-----> Derive-Secret(., "ext binder" | "res binder", "")
                                |                     = binder_key
                         STATE PSK BINDER

This state is reached by constructing the Cipher_State using init_with_psk(). The state can then be further advanced using advance_with_client_hello() once the initial Client Hello is fully generated. | +--—> Derive-Secret(., "c e traffic", ClientHello) | = client_early_traffic_secret | +--—> Derive-Secret(., "e exp master", ClientHello) | = early_exporter_master_secret v Derive-Secret(., "derived", "") |

Typedef Documentation

◆ BytesNeeded

using Botan::TLS::BytesNeeded = typedef size_t

Definition at line 37 of file tls_record_layer_13.h.

◆ Client_Handshake_State_13

using Botan::TLS::Client_Handshake_State_13 = typedef Handshake_State_13<Connection_Side::CLIENT, Client_Handshake_13_Message, Server_Handshake_13_Message>

Definition at line 135 of file tls_handshake_state_13.h.

◆ Default_Policy

Definition at line 402 of file tls_policy.h.

◆ get_cipherstate_fn

typedef std::function<std::shared_ptr<Connection_Cipher_State>(uint16_t)> Botan::TLS::get_cipherstate_fn

Definition at line 163 of file tls_record.h.

◆ Named_Group

Definition at line 486 of file tls_extensions.h.

◆ Server_Handshake_State_13

using Botan::TLS::Server_Handshake_State_13 = typedef Handshake_State_13<Connection_Side::SERVER, Server_Handshake_13_Message, Client_Handshake_13_Message>

Definition at line 139 of file tls_handshake_state_13.h.

◆ Transcript_Hash

using Botan::TLS::Transcript_Hash = typedef std::vector<uint8_t>

Definition at line 93 of file tls_magic.h.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
TLS_EMPTY_RENEGOTIATION_INFO_SCSV 

Definition at line 35 of file msg_client_hello.cpp.

36 {
38 };
@ TLS_EMPTY_RENEGOTIATION_INFO_SCSV

◆ Auth_Method

enum class Botan::TLS::Auth_Method
strong
Enumerator
RSA 
ECDSA 
UNDEFINED 
IMPLICIT 

Definition at line 66 of file tls_algos.h.

66 {
67 RSA,
68 ECDSA,
69
70 // To support TLS 1.3 ciphersuites, which do not determine the auth method
72
73 // These are placed outside the encodable range
74 IMPLICIT = 0x10000
75};

◆ Cipher_Algo

enum class Botan::TLS::Cipher_Algo
strong
Enumerator
CHACHA20_POLY1305 
AES_128_GCM 
AES_256_GCM 
AES_256_OCB 
CAMELLIA_128_GCM 
CAMELLIA_256_GCM 
ARIA_128_GCM 
ARIA_256_GCM 
AES_128_CCM 
AES_256_CCM 
AES_128_CCM_8 
AES_256_CCM_8 
AES_128_CBC_HMAC_SHA1 
AES_128_CBC_HMAC_SHA256 
AES_256_CBC_HMAC_SHA1 
AES_256_CBC_HMAC_SHA256 
AES_256_CBC_HMAC_SHA384 
DES_EDE_CBC_HMAC_SHA1 

Definition at line 22 of file tls_algos.h.

◆ Connection_Side

Enumerator
CLIENT 
SERVER 

Definition at line 46 of file tls_magic.h.

46{ CLIENT = 1, SERVER = 2 };

◆ Group_Params

enum class Botan::TLS::Group_Params : uint16_t
strong
Enumerator
NONE 
SECP256R1 
SECP384R1 
SECP521R1 
BRAINPOOL256R1 
BRAINPOOL384R1 
BRAINPOOL512R1 
X25519 
FFDHE_2048 
FFDHE_3072 
FFDHE_4096 
FFDHE_6144 
FFDHE_8192 

Definition at line 83 of file tls_algos.h.

◆ Handshake_Extension_Type

Enumerator
TLSEXT_SERVER_NAME_INDICATION 
TLSEXT_CERT_STATUS_REQUEST 
TLSEXT_CERTIFICATE_TYPES 
TLSEXT_SUPPORTED_GROUPS 
TLSEXT_EC_POINT_FORMATS 
TLSEXT_SIGNATURE_ALGORITHMS 
TLSEXT_USE_SRTP 
TLSEXT_ALPN 
TLSEXT_ENCRYPT_THEN_MAC 
TLSEXT_EXTENDED_MASTER_SECRET 
TLSEXT_RECORD_SIZE_LIMIT 
TLSEXT_SESSION_TICKET 
TLSEXT_SUPPORTED_VERSIONS 
TLSEXT_SAFE_RENEGOTIATION 

Definition at line 52 of file tls_extensions.h.

52 {
55
60 TLSEXT_USE_SRTP = 14,
61 TLSEXT_ALPN = 16,
62
63 // TLSEXT_SIGNED_CERTIFICATE_TIMESTAMP = 18, // NYI
64
67
69
71
73#if defined(BOTAN_HAS_TLS_13)
74 TLSEXT_PSK = 41,
75 TLSEXT_EARLY_DATA = 42,
76 TLSEXT_COOKIE = 44,
77
78 TLSEXT_PSK_KEY_EXCHANGE_MODES = 45,
79 TLSEXT_CERTIFICATE_AUTHORITIES = 47,
80 // TLSEXT_OID_FILTERS = 48, // NYI
81
82 TLSEXT_SIGNATURE_ALGORITHMS_CERT = 50,
83 TLSEXT_KEY_SHARE = 51,
84#endif
85
87};
@ TLSEXT_ENCRYPT_THEN_MAC
@ TLSEXT_SIGNATURE_ALGORITHMS
@ TLSEXT_CERTIFICATE_TYPES
@ TLSEXT_SUPPORTED_VERSIONS
@ TLSEXT_CERT_STATUS_REQUEST
@ TLSEXT_SERVER_NAME_INDICATION
@ TLSEXT_SESSION_TICKET
@ TLSEXT_SAFE_RENEGOTIATION
@ TLSEXT_SUPPORTED_GROUPS
@ TLSEXT_EXTENDED_MASTER_SECRET
@ TLSEXT_RECORD_SIZE_LIMIT
@ TLSEXT_EC_POINT_FORMATS

◆ Handshake_Type

Enumerator
HELLO_REQUEST 
CLIENT_HELLO 
SERVER_HELLO 
HELLO_VERIFY_REQUEST 
NEW_SESSION_TICKET 
END_OF_EARLY_DATA 
ENCRYPTED_EXTENSIONS 
CERTIFICATE 
SERVER_KEX 
CERTIFICATE_REQUEST 
SERVER_HELLO_DONE 
CERTIFICATE_VERIFY 
CLIENT_KEX 
FINISHED 
CERTIFICATE_URL 
CERTIFICATE_STATUS 
KEY_UPDATE 
HELLO_RETRY_REQUEST 
HANDSHAKE_CCS 
HANDSHAKE_NONE 

Definition at line 63 of file tls_magic.h.

63 {
64 HELLO_REQUEST = 0,
65 CLIENT_HELLO = 1,
66 SERVER_HELLO = 2,
68 NEW_SESSION_TICKET = 4, // RFC 5077
69
70 END_OF_EARLY_DATA = 5, // RFC 8446 (TLS 1.3)
71 ENCRYPTED_EXTENSIONS = 8, // RFC 8446 (TLS 1.3)
72
73 CERTIFICATE = 11,
74 SERVER_KEX = 12,
78 CLIENT_KEX = 16,
79 FINISHED = 20,
80
81 CERTIFICATE_URL = 21,
83
84 KEY_UPDATE = 24, // RFC 8446 (TLS 1.3)
85
86 HELLO_RETRY_REQUEST = 253, // Not a wire value (HRR appears as an ordinary Server Hello)
87 HANDSHAKE_CCS = 254, // Not a wire value (TLS 1.3 uses this value for 'message_hash' -- RFC 8446 4.4.1)
88 HANDSHAKE_NONE = 255 // Null value
89};
@ HELLO_VERIFY_REQUEST
Definition: tls_magic.h:67
@ CLIENT_KEX
Definition: tls_magic.h:78
@ HANDSHAKE_CCS
Definition: tls_magic.h:87
@ ENCRYPTED_EXTENSIONS
Definition: tls_magic.h:71
@ CERTIFICATE_URL
Definition: tls_magic.h:81
@ SERVER_HELLO
Definition: tls_magic.h:66
@ HELLO_RETRY_REQUEST
Definition: tls_magic.h:86
@ NEW_SESSION_TICKET
Definition: tls_magic.h:68
@ END_OF_EARLY_DATA
Definition: tls_magic.h:70
@ KEY_UPDATE
Definition: tls_magic.h:84
@ SERVER_HELLO_DONE
Definition: tls_magic.h:76
@ HELLO_REQUEST
Definition: tls_magic.h:64
@ CERTIFICATE_REQUEST
Definition: tls_magic.h:75
@ CERTIFICATE
Definition: tls_magic.h:73
@ CERTIFICATE_STATUS
Definition: tls_magic.h:82
@ CERTIFICATE_VERIFY
Definition: tls_magic.h:77
@ HANDSHAKE_NONE
Definition: tls_magic.h:88
@ SERVER_KEX
Definition: tls_magic.h:74
@ CLIENT_HELLO
Definition: tls_magic.h:65

◆ KDF_Algo

enum class Botan::TLS::KDF_Algo
strong
Enumerator
SHA_1 
SHA_256 
SHA_384 

Definition at line 50 of file tls_algos.h.

50 {
51 SHA_1,
52 SHA_256,
53 SHA_384,
54};
SHA_160 SHA_1
Definition: sha160.h:69

◆ Kex_Algo

enum class Botan::TLS::Kex_Algo
strong
Enumerator
STATIC_RSA 
DH 
ECDH 
CECPQ1 
PSK 
ECDHE_PSK 
UNDEFINED 

Definition at line 106 of file tls_algos.h.

106 {
108 DH,
109 ECDH,
110 CECPQ1,
111 PSK,
112 ECDHE_PSK,
113
114 // To support TLS 1.3 ciphersuites, which do not determine the kex algo
116};

◆ Nonce_Format

enum class Botan::TLS::Nonce_Format
strong
Enumerator
CBC_MODE 
AEAD_IMPLICIT_4 
AEAD_XOR_12 

Definition at line 58 of file tls_algos.h.

◆ Record_Type

Enumerator
INVALID 
CHANGE_CIPHER_SPEC 
ALERT 
HANDSHAKE 
APPLICATION_DATA 
HEARTBEAT 
NO_RECORD 

Definition at line 49 of file tls_magic.h.

49 {
50 INVALID = 0, // RFC 8446 (TLS 1.3)
51
53 ALERT = 21,
54 HANDSHAKE = 22,
56
57 HEARTBEAT = 24, // RFC 6520 (TLS 1.3)
58
59 NO_RECORD = 256
60};
@ CHANGE_CIPHER_SPEC
Definition: tls_magic.h:52
@ APPLICATION_DATA
Definition: tls_magic.h:55

◆ Size_Limits

enum Botan::TLS::Size_Limits : size_t

Protocol Constants for SSL/TLS

TODO: this should not be an enum

Enumerator
TLS_HEADER_SIZE 
DTLS_HEADER_SIZE 
MAX_PLAINTEXT_SIZE 
MAX_COMPRESSED_SIZE 
MAX_CIPHERTEXT_SIZE 
MAX_AEAD_EXPANSION_SIZE_TLS13 
MAX_CIPHERTEXT_SIZE_TLS13 

Definition at line 26 of file tls_magic.h.

26 : size_t {
29
30 // The "TLSInnerPlaintext" length, i.e. the maximum amount of plaintext
31 // application data that can be transmitted in a single TLS record.
32 MAX_PLAINTEXT_SIZE = 16*1024,
33
36
37 // RFC 8446 5.2:
38 // This limit is derived from the maximum TLSInnerPlaintext length of 2^14
39 // octets + 1 octet for ContentType + the maximum AEAD expansion of 255
40 // octets.
43};
@ MAX_CIPHERTEXT_SIZE
Definition: tls_magic.h:35
@ MAX_PLAINTEXT_SIZE
Definition: tls_magic.h:32
@ MAX_CIPHERTEXT_SIZE_TLS13
Definition: tls_magic.h:42
@ MAX_AEAD_EXPANSION_SIZE_TLS13
Definition: tls_magic.h:41
@ TLS_HEADER_SIZE
Definition: tls_magic.h:27
@ MAX_COMPRESSED_SIZE
Definition: tls_magic.h:34
@ DTLS_HEADER_SIZE
Definition: tls_magic.h:28

◆ StreamError

Enumerator
StreamTruncated 

Definition at line 33 of file asio_error.h.

34 {
36 };
@ StreamTruncated
Definition: asio_error.h:35

Function Documentation

◆ append_tls_length_value() [1/3]

template<typename Alloc >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const std::string &  str,
size_t  tag_size 
)

Definition at line 245 of file tls_reader.h.

248 {
250 cast_char_ptr_to_uint8(str.data()),
251 str.size(),
252 tag_size);
253 }
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const std::string &str, size_t tag_size)
Definition: tls_reader.h:245
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:183

References append_tls_length_value(), and Botan::cast_char_ptr_to_uint8().

◆ append_tls_length_value() [2/3]

template<typename T , typename Alloc , typename Alloc2 >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const std::vector< T, Alloc2 > &  vals,
size_t  tag_size 
)

Definition at line 237 of file tls_reader.h.

240 {
241 append_tls_length_value(buf, vals.data(), vals.size(), tag_size);
242 }

References append_tls_length_value().

◆ append_tls_length_value() [3/3]

template<typename T , typename Alloc >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const T vals,
size_t  vals_size,
size_t  tag_size 
)

Helper function for encoding length-tagged vectors

Definition at line 212 of file tls_reader.h.

216 {
217 const size_t T_size = sizeof(T);
218 const size_t val_bytes = T_size * vals_size;
219
220 if(tag_size != 1 && tag_size != 2 && tag_size != 3)
221 throw Invalid_Argument("append_tls_length_value: invalid tag size");
222
223 if((tag_size == 1 && val_bytes > 255) ||
224 (tag_size == 2 && val_bytes > 65535) ||
225 (tag_size == 3 && val_bytes > 16777215))
226 throw Invalid_Argument("append_tls_length_value: value too large");
227
228 for(size_t i = 0; i != tag_size; ++i)
229 buf.push_back(get_byte_var(sizeof(val_bytes)-tag_size+i, val_bytes));
230
231 for(size_t i = 0; i != vals_size; ++i)
232 for(size_t j = 0; j != T_size; ++j)
233 buf.push_back(get_byte_var(j, vals[i]));
234 }
fe T
Definition: ge.cpp:36
constexpr uint8_t get_byte_var(size_t byte_num, T input)
Definition: loadstor.h:39

References Botan::get_byte_var(), and T.

Referenced by append_tls_length_value(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Client_Hello::serialize(), Botan::TLS::Server_Hello::serialize(), Botan::TLS::Certificate_13::serialize(), Botan::TLS::Certificate_Request_12::serialize(), Botan::TLS::New_Session_Ticket_12::serialize(), Botan::TLS::Renegotiation_Extension::serialize(), Botan::TLS::Application_Layer_Protocol_Notification::serialize(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ auth_method_from_string()

Auth_Method BOTAN_TEST_API Botan::TLS::auth_method_from_string ( const std::string &  str)

Definition at line 95 of file tls_algos.cpp.

96 {
97 if(str == "RSA")
98 return Auth_Method::RSA;
99 if(str == "ECDSA")
100 return Auth_Method::ECDSA;
101 if(str == "IMPLICIT")
102 return Auth_Method::IMPLICIT;
103 if(str == "UNDEFINED")
104 return Auth_Method::UNDEFINED;
105
106 throw Invalid_Argument("Bad signature method " + str);
107 }

References ECDSA, IMPLICIT, RSA, and UNDEFINED.

◆ auth_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::auth_method_to_string ( Auth_Method  method)

Definition at line 78 of file tls_algos.cpp.

79 {
80 switch(method)
81 {
82 case Auth_Method::RSA:
83 return "RSA";
84 case Auth_Method::ECDSA:
85 return "ECDSA";
86 case Auth_Method::IMPLICIT:
87 return "IMPLICIT";
88 case Auth_Method::UNDEFINED:
89 return "UNDEFINED";
90 }
91
92 throw Invalid_State("auth_method_to_string unknown enum value");
93 }

References ECDSA, IMPLICIT, RSA, and UNDEFINED.

Referenced by Botan::TLS::Ciphersuite::sig_algo().

◆ botan_alert_category()

const BotanAlertCategory & Botan::TLS::botan_alert_category ( )
inlinenoexcept

Definition at line 88 of file asio_error.h.

89 {
90 static BotanAlertCategory category;
91 return category;
92 }
An error category for TLS alerts.
Definition: asio_error.h:73

Referenced by make_error_code().

◆ botan_stream_category()

const StreamCategory & Botan::TLS::botan_stream_category ( )
inline

Definition at line 60 of file asio_error.h.

61 {
62 static StreamCategory category;
63 return category;
64 }
An error category for errors from the TLS::Stream.
Definition: asio_error.h:40

Referenced by make_error_code().

◆ check_tls_cbc_padding()

BOTAN_TEST_API uint16_t Botan::TLS::check_tls_cbc_padding ( const uint8_t  record[],
size_t  record_len 
)

Check the TLS padding of a record

Parameters
recordthe record bits
record_lenlength of record
Returns
0 if padding is invalid, otherwise padding_bytes + 1

Definition at line 242 of file tls_cbc.cpp.

243 {
244 if(record_len == 0 || record_len > 0xFFFF)
245 return 0;
246
247 const uint16_t rec16 = static_cast<uint16_t>(record_len);
248
249 /*
250 * TLS v1.0 and up require all the padding bytes be the same value
251 * and allows up to 255 bytes.
252 */
253
254 const uint16_t to_check = std::min<uint16_t>(256, static_cast<uint16_t>(record_len));
255 const uint8_t pad_byte = record[record_len-1];
256 const uint16_t pad_bytes = 1 + pad_byte;
257
258 auto pad_invalid = CT::Mask<uint16_t>::is_lt(rec16, pad_bytes);
259
260 for(uint16_t i = rec16 - to_check; i != rec16; ++i)
261 {
262 const uint16_t offset = rec16 - i;
263 const auto in_pad_range = CT::Mask<uint16_t>::is_lte(offset, pad_bytes);
264 const auto pad_correct = CT::Mask<uint16_t>::is_equal(record[i], pad_byte);
265 pad_invalid |= in_pad_range & ~pad_correct;
266 }
267
268 return pad_invalid.if_not_set_return(pad_bytes);
269 }

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), and Botan::CT::Mask< T >::is_lte().

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

◆ group_param_from_string()

Group_Params Botan::TLS::group_param_from_string ( const std::string &  group_name)

Definition at line 115 of file tls_algos.cpp.

116 {
117 if(group_name == "secp256r1")
118 return Group_Params::SECP256R1;
119 if(group_name == "secp384r1")
120 return Group_Params::SECP384R1;
121 if(group_name == "secp521r1")
122 return Group_Params::SECP521R1;
123 if(group_name == "brainpool256r1")
124 return Group_Params::BRAINPOOL256R1;
125 if(group_name == "brainpool384r1")
126 return Group_Params::BRAINPOOL384R1;
127 if(group_name == "brainpool512r1")
128 return Group_Params::BRAINPOOL512R1;
129 if(group_name == "x25519")
130 return Group_Params::X25519;
131
132 if(group_name == "ffdhe/ietf/2048")
133 return Group_Params::FFDHE_2048;
134 if(group_name == "ffdhe/ietf/3072")
135 return Group_Params::FFDHE_3072;
136 if(group_name == "ffdhe/ietf/4096")
137 return Group_Params::FFDHE_4096;
138 if(group_name == "ffdhe/ietf/6144")
139 return Group_Params::FFDHE_6144;
140 if(group_name == "ffdhe/ietf/8192")
141 return Group_Params::FFDHE_8192;
142
143 return Group_Params::NONE; // unknown
144 }

References BRAINPOOL256R1, BRAINPOOL384R1, BRAINPOOL512R1, FFDHE_2048, FFDHE_3072, FFDHE_4096, FFDHE_6144, FFDHE_8192, NONE, SECP256R1, SECP384R1, SECP521R1, and X25519.

Referenced by Botan::TLS::Text_Policy::read_group_list().

◆ group_param_is_dh()

bool Botan::TLS::group_param_is_dh ( Group_Params  group)

Definition at line 109 of file tls_algos.cpp.

110 {
111 uint16_t group_id = static_cast<uint16_t>(group);
112 return (group_id >= 256 && group_id < 512);
113 }

Referenced by Botan::TLS::Policy::default_dh_group(), Botan::TLS::Supported_Groups::dh_groups(), Botan::TLS::Supported_Groups::ec_groups(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ group_param_to_string()

std::string Botan::TLS::group_param_to_string ( Group_Params  group)

Definition at line 146 of file tls_algos.cpp.

147 {
148 switch(group)
149 {
150 case Group_Params::SECP256R1:
151 return "secp256r1";
152 case Group_Params::SECP384R1:
153 return "secp384r1";
154 case Group_Params::SECP521R1:
155 return "secp521r1";
156 case Group_Params::BRAINPOOL256R1:
157 return "brainpool256r1";
158 case Group_Params::BRAINPOOL384R1:
159 return "brainpool384r1";
160 case Group_Params::BRAINPOOL512R1:
161 return "brainpool512r1";
162 case Group_Params::X25519:
163 return "x25519";
164
165 case Group_Params::FFDHE_2048:
166 return "ffdhe/ietf/2048";
167 case Group_Params::FFDHE_3072:
168 return "ffdhe/ietf/3072";
169 case Group_Params::FFDHE_4096:
170 return "ffdhe/ietf/4096";
171 case Group_Params::FFDHE_6144:
172 return "ffdhe/ietf/6144";
173 case Group_Params::FFDHE_8192:
174 return "ffdhe/ietf/8192";
175
176 default:
177 return "";
178 }
179 }

References BRAINPOOL256R1, BRAINPOOL384R1, BRAINPOOL512R1, FFDHE_2048, FFDHE_3072, FFDHE_4096, FFDHE_6144, FFDHE_8192, SECP256R1, SECP384R1, SECP521R1, and X25519.

Referenced by Botan::TLS::Callbacks::tls_decode_group_param().

◆ handshake_type_to_string()

const char * Botan::TLS::handshake_type_to_string ( Handshake_Type  type)

Definition at line 23 of file tls_handshake_state.cpp.

24 {
25 switch(type)
26 {
28 return "hello_verify_request";
29
30 case HELLO_REQUEST:
31 return "hello_request";
32
33 case CLIENT_HELLO:
34 return "client_hello";
35
36 case SERVER_HELLO:
37 return "server_hello";
38
40 return "hello_retry_request";
41
42 case CERTIFICATE:
43 return "certificate";
44
45 case CERTIFICATE_URL:
46 return "certificate_url";
47
49 return "certificate_status";
50
51 case SERVER_KEX:
52 return "server_key_exchange";
53
55 return "certificate_request";
56
58 return "server_hello_done";
59
61 return "certificate_verify";
62
63 case CLIENT_KEX:
64 return "client_key_exchange";
65
67 return "new_session_ticket";
68
69 case HANDSHAKE_CCS:
70 return "change_cipher_spec";
71
72 case FINISHED:
73 return "finished";
74
76 return "end_of_early_data";
77
79 return "encrypted_extensions";
80
81 case KEY_UPDATE:
82 return "key_update";
83
84 case HANDSHAKE_NONE:
85 return "invalid";
86 }
87
88 throw TLS_Exception(Alert::UNEXPECTED_MESSAGE,
89 "Unknown TLS handshake message type " + std::to_string(type));
90 }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209
MechanismType type

References CERTIFICATE, CERTIFICATE_REQUEST, CERTIFICATE_STATUS, CERTIFICATE_URL, CERTIFICATE_VERIFY, CLIENT_HELLO, CLIENT_KEX, ENCRYPTED_EXTENSIONS, END_OF_EARLY_DATA, FINISHED, HANDSHAKE_CCS, HANDSHAKE_NONE, HELLO_REQUEST, HELLO_RETRY_REQUEST, HELLO_VERIFY_REQUEST, KEY_UPDATE, NEW_SESSION_TICKET, SERVER_HELLO, SERVER_HELLO_DONE, SERVER_KEX, Botan::ASN1::to_string(), type, and Botan::TLS::Alert::UNEXPECTED_MESSAGE.

Referenced by Botan::TLS::Handshake_Transitions::confirm_transition_to(), and Botan::TLS::Handshake_Message::type_string().

◆ kdf_algo_to_string()

std::string BOTAN_DLL Botan::TLS::kdf_algo_to_string ( KDF_Algo  algo)

Definition at line 14 of file tls_algos.cpp.

15 {
16 switch(algo)
17 {
18 case KDF_Algo::SHA_1:
19 return "SHA-1";
20 case KDF_Algo::SHA_256:
21 return "SHA-256";
22 case KDF_Algo::SHA_384:
23 return "SHA-384";
24 }
25
26 throw Invalid_State("kdf_algo_to_string unknown enum value");
27 }

References SHA_1, SHA_256, and SHA_384.

Referenced by Botan::TLS::Ciphersuite::prf_algo().

◆ kex_method_from_string()

Kex_Algo BOTAN_TEST_API Botan::TLS::kex_method_from_string ( const std::string &  str)

Definition at line 52 of file tls_algos.cpp.

53 {
54 if(str == "RSA")
55 return Kex_Algo::STATIC_RSA;
56
57 if(str == "DH")
58 return Kex_Algo::DH;
59
60 if(str == "ECDH")
61 return Kex_Algo::ECDH;
62
63 if(str == "CECPQ1")
64 return Kex_Algo::CECPQ1;
65
66 if(str == "PSK")
67 return Kex_Algo::PSK;
68
69 if(str == "ECDHE_PSK")
70 return Kex_Algo::ECDHE_PSK;
71
72 if(str == "UNDEFINED")
73 return Kex_Algo::UNDEFINED;
74
75 throw Invalid_Argument("Unknown kex method " + str);
76 }

References CECPQ1, DH, ECDH, ECDHE_PSK, PSK, STATIC_RSA, and UNDEFINED.

◆ kex_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::kex_method_to_string ( Kex_Algo  method)

Definition at line 29 of file tls_algos.cpp.

30 {
31 switch(method)
32 {
33 case Kex_Algo::STATIC_RSA:
34 return "RSA";
35 case Kex_Algo::DH:
36 return "DH";
37 case Kex_Algo::ECDH:
38 return "ECDH";
39 case Kex_Algo::CECPQ1:
40 return "CECPQ1";
41 case Kex_Algo::PSK:
42 return "PSK";
43 case Kex_Algo::ECDHE_PSK:
44 return "ECDHE_PSK";
45 case Kex_Algo::UNDEFINED:
46 return "UNDEFINED";
47 }
48
49 throw Invalid_State("kex_method_to_string unknown enum value");
50 }

References CECPQ1, DH, ECDH, ECDHE_PSK, PSK, STATIC_RSA, and UNDEFINED.

Referenced by Botan::TLS::Ciphersuite::kex_algo(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ key_exchange_is_psk()

bool Botan::TLS::key_exchange_is_psk ( Kex_Algo  m)
inline

Definition at line 121 of file tls_algos.h.

122 {
123 return (m == Kex_Algo::PSK ||
124 m == Kex_Algo::ECDHE_PSK);
125 }

References ECDHE_PSK, and PSK.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ make_error_code() [1/2]

boost::system::error_code Botan::TLS::make_error_code ( Botan::TLS::Alert::Type  c)
inline

Definition at line 94 of file asio_error.h.

95 {
96 return boost::system::error_code(static_cast<int>(c), Botan::TLS::botan_alert_category());
97 }
const BotanAlertCategory & botan_alert_category() noexcept
Definition: asio_error.h:88

References botan_alert_category().

◆ make_error_code() [2/2]

boost::system::error_code Botan::TLS::make_error_code ( Botan::TLS::StreamError  e)
inline

Definition at line 66 of file asio_error.h.

67 {
68 return boost::system::error_code(static_cast<int>(e), Botan::TLS::botan_stream_category());
69 }
const StreamCategory & botan_stream_category()
Definition: asio_error.h:60

References botan_stream_category().

◆ make_hello_random()

std::vector< uint8_t > Botan::TLS::make_hello_random ( RandomNumberGenerator rng,
Callbacks cb,
const Policy policy 
)

Definition at line 40 of file msg_client_hello.cpp.

43 {
44 std::vector<uint8_t> buf(32);
45 rng.randomize(buf.data(), buf.size());
46
47 if(policy.hash_hello_random())
48 {
49 auto sha256 = HashFunction::create_or_throw("SHA-256");
50 sha256->update(buf);
51 sha256->final(buf);
52 }
53
54 // TLS 1.3 does not require the insertion of a timestamp in the client hello
55 // random. When offering both TLS 1.2 and 1.3 we nevertheless comply with the
56 // legacy specification.
57 if(policy.include_time_in_hello_random() && (policy.allow_tls12() || policy.allow_dtls12()))
58 {
59 const uint32_t time32 = static_cast<uint32_t>(
60 std::chrono::system_clock::to_time_t(cb.tls_current_timestamp()));
61
62 store_be(time32, buf.data());
63 }
64
65 return buf;
66 }
virtual void randomize(uint8_t output[], size_t length)=0
virtual std::chrono::system_clock::time_point tls_current_timestamp()
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:339
virtual bool allow_tls12() const
Definition: tls_policy.cpp:315
virtual bool hash_hello_random() const
Definition: tls_policy.cpp:348
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:331
constexpr void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:449

References Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls12(), Botan::HashFunction::create_or_throw(), Botan::TLS::Policy::hash_hello_random(), Botan::TLS::Policy::include_time_in_hello_random(), Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::TLS::Callbacks::tls_current_timestamp().

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().

◆ operator!=()

bool Botan::TLS::operator!= ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 84 of file tls_server_info.h.

85 {
86 return !(a == b);
87 }
PolynomialVector b
Definition: kyber.cpp:821

References b.

◆ operator<()

bool Botan::TLS::operator< ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 89 of file tls_server_info.h.

90 {
91 if(a.hostname() != b.hostname())
92 return (a.hostname() < b.hostname());
93 if(a.service() != b.service())
94 return (a.service() < b.service());
95 if(a.port() != b.port())
96 return (a.port() < b.port());
97 return false; // equal
98 }
std::string hostname() const

References b, Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

◆ operator==()

bool Botan::TLS::operator== ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 76 of file tls_server_info.h.

77 {
78 return (a.hostname() == b.hostname()) &&
79 (a.service() == b.service()) &&
80 (a.port() == b.port());
81
82 }

References b, Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

◆ read_record()

Record_Header Botan::TLS::read_record ( bool  is_datagram,
secure_vector< uint8_t > &  read_buffer,
const uint8_t  input[],
size_t  input_len,
size_t &  consumed,
secure_vector< uint8_t > &  record_buf,
Connection_Sequence_Numbers sequence_numbers,
const get_cipherstate_fn get_cipherstate,
bool  allow_epoch0_restart 
)

Decode a TLS record

Returns
zero if full message, else number of bytes still needed

Definition at line 557 of file tls_record.cpp.

566 {
567 if(is_datagram)
568 return read_dtls_record(readbuf, input, input_len, consumed,
569 recbuf, sequence_numbers, get_cipherstate, allow_epoch0_restart);
570 else
571 return read_tls_record(readbuf, input, input_len, consumed,
572 recbuf, sequence_numbers, get_cipherstate);
573 }

Referenced by Botan::TLS::Channel_Impl_12::received_data().

◆ write_record()

void Botan::TLS::write_record ( secure_vector< uint8_t > &  write_buffer,
uint8_t  record_type,
Protocol_Version  record_version,
uint64_t  record_sequence,
const uint8_t *  message,
size_t  message_len,
Connection_Cipher_State cipherstate,
RandomNumberGenerator rng 
)

Create a TLS record

Parameters
write_bufferthe output record is placed here
record_typethe record layer type
record_versionthe record layer version
record_sequencethe record layer sequence number
messagethe record contents
message_lenis size of message
cipherstateis the writing cipher state
rngis a random number generator

Definition at line 222 of file tls_record.cpp.

230 {
231 write_record_header(output, record_type, version, record_sequence);
232
233 AEAD_Mode& aead = cs.aead();
234 std::vector<uint8_t> aad = cs.format_ad(record_sequence, record_type, version, static_cast<uint16_t>(message_len));
235
236 const size_t ctext_size = aead.output_length(message_len);
237
238 const size_t rec_size = ctext_size + cs.nonce_bytes_from_record();
239
240 aead.set_ad(aad);
241
242 const std::vector<uint8_t> nonce = cs.aead_nonce(record_sequence, rng);
243
244 append_u16_len(output, rec_size);
245
246 if(cs.nonce_bytes_from_record() > 0)
247 {
248 if(cs.nonce_format() == Nonce_Format::CBC_MODE)
249 output += nonce;
250 else
251 output += std::make_pair(&nonce[cs.nonce_bytes_from_handshake()], cs.nonce_bytes_from_record());
252 }
253
254 const size_t header_size = output.size();
255 output += std::make_pair(message, message_len);
256
257 aead.start(nonce);
258 aead.finish(output, header_size);
259
260 BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE,
261 "Produced ciphertext larger than protocol allows");
262 }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54
void set_ad(const std::vector< uint8_t, Alloc > &ad)
Definition: aead.h:119
void start(const std::vector< uint8_t, Alloc > &nonce)
Definition: cipher_mode.h:69
virtual size_t output_length(size_t input_length) const =0
virtual void finish(secure_vector< uint8_t > &final_block, size_t offset=0)=0

References Botan::TLS::Connection_Cipher_State::aead(), Botan::TLS::Connection_Cipher_State::aead_nonce(), BOTAN_ASSERT, CBC_MODE, Botan::Cipher_Mode::finish(), Botan::TLS::Connection_Cipher_State::format_ad(), MAX_CIPHERTEXT_SIZE, Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake(), Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record(), Botan::TLS::Connection_Cipher_State::nonce_format(), Botan::Cipher_Mode::output_length(), Botan::AEAD_Mode::set_ad(), and Botan::Cipher_Mode::start().

◆ write_unencrypted_record()

void Botan::TLS::write_unencrypted_record ( secure_vector< uint8_t > &  write_buffer,
uint8_t  record_type,
Protocol_Version  record_version,
uint64_t  record_sequence,
const uint8_t *  message,
size_t  message_len 
)

Create an initial (unencrypted) TLS handshake record

Parameters
write_bufferthe output record is placed here
record_typethe record layer type
record_versionthe record layer version
record_sequencethe record layer sequence number
messagethe record contents
message_lenis size of message

Definition at line 208 of file tls_record.cpp.

214 {
215 if(record_type == APPLICATION_DATA)
216 throw Internal_Error("Writing an unencrypted TLS application data record");
217 write_record_header(output, record_type, version, record_sequence);
218 append_u16_len(output, message_len);
219 output.insert(output.end(), message, message + message_len);
220 }

References APPLICATION_DATA.