Botan 3.0.0
Crypto and TLS for C&
tls_extensions.cpp
Go to the documentation of this file.
1/*
2* TLS Extensions
3* (C) 2011,2012,2015,2016 Jack Lloyd
4* 2016 Juraj Somorovsky
5* 2021 Elektrobit Automotive GmbH
6* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#include <botan/tls_extensions.h>
12#include <botan/internal/tls_reader.h>
13#include <botan/internal/stl_util.h>
14#include <botan/tls_exceptn.h>
15#include <botan/tls_policy.h>
16#include <botan/ber_dec.h>
17
18#include <iterator>
19
20namespace Botan::TLS {
21
22namespace {
23
24std::unique_ptr<Extension> make_extension(TLS_Data_Reader& reader,
25 Extension_Code code,
26 const Connection_Side from,
27 const Handshake_Type message_type)
28 {
29 // This cast is safe because we read exactly a 16 bit length field for
30 // the extension in Extensions::deserialize
31 const uint16_t size = static_cast<uint16_t>(reader.remaining_bytes());
32 switch(code)
33 {
35 return std::make_unique<Server_Name_Indicator>(reader, size);
36
38 return std::make_unique<Supported_Groups>(reader, size);
39
41 return std::make_unique<Certificate_Status_Request>(reader, size, message_type, from);
42
44 return std::make_unique<Supported_Point_Formats>(reader, size);
45
47 return std::make_unique<Renegotiation_Extension>(reader, size);
48
50 return std::make_unique<Signature_Algorithms>(reader, size);
51
53 return std::make_unique<Signature_Algorithms_Cert>(reader, size);
54
56 return std::make_unique<SRTP_Protection_Profiles>(reader, size);
57
59 return std::make_unique<Application_Layer_Protocol_Notification>(reader, size, from);
60
62 return std::make_unique<Extended_Master_Secret>(reader, size);
63
65 return std::make_unique<Record_Size_Limit>(reader, size, from);
66
68 return std::make_unique<Encrypt_then_MAC>(reader, size);
69
71 return std::make_unique<Session_Ticket_Extension>(reader, size);
72
74 return std::make_unique<Supported_Versions>(reader, size, from);
75
76#if defined(BOTAN_HAS_TLS_13)
77 case Extension_Code::PresharedKey:
78 return std::make_unique<PSK>(reader, size, message_type);
79
80 case Extension_Code::EarlyData:
81 return std::make_unique<EarlyDataIndication>(reader, size, message_type);
82
83 case Extension_Code::Cookie:
84 return std::make_unique<Cookie>(reader, size);
85
86 case Extension_Code::PskKeyExchangeModes:
87 return std::make_unique<PSK_Key_Exchange_Modes>(reader, size);
88
89 case Extension_Code::CertificateAuthorities:
90 return std::make_unique<Certificate_Authorities>(reader, size);
91
92 case Extension_Code::KeyShare:
93 return std::make_unique<Key_Share>(reader, size, message_type);
94#endif
95 }
96
97 return std::make_unique<Unknown_Extension>(static_cast<Extension_Code>(code),
98 reader, size);
99 }
100
101}
102
103void Extensions::add(std::unique_ptr<Extension> extn)
104 {
105 if (has(extn->type()))
106 {
107 throw Invalid_Argument("cannot add the same extension twice: " +
108 std::to_string(static_cast<uint16_t>(extn->type())));
109 }
110
111 m_extensions.emplace_back(extn.release());
112 }
113
115 const Connection_Side from,
116 const Handshake_Type message_type)
117 {
118 if(reader.has_remaining())
119 {
120 const uint16_t all_extn_size = reader.get_uint16_t();
121
122 if(reader.remaining_bytes() != all_extn_size)
123 throw Decoding_Error("Bad extension size");
124
125 while(reader.has_remaining())
126 {
127 const uint16_t extension_code = reader.get_uint16_t();
128 const uint16_t extension_size = reader.get_uint16_t();
129
130 const auto type = static_cast<Extension_Code>(extension_code);
131
132 if(this->has(type))
133 {
134 throw TLS_Exception(TLS::Alert::DecodeError,
135 "Peer sent duplicated extensions");
136 }
137
138 // TODO offer a function on reader that returns a byte range as a reference
139 // to avoid this copy of the extension data
140 const std::vector<uint8_t> extn_data = reader.get_fixed<uint8_t>(extension_size);
141 TLS_Data_Reader extn_reader("Extension", extn_data);
142 this->add(make_extension(extn_reader, type, from, message_type));
143 extn_reader.assert_done();
144 }
145 }
146 }
147
148bool Extensions::contains_other_than(const std::set<Extension_Code>& allowed_extensions,
149 const bool allow_unknown_extensions) const
150 {
151 const auto found = extension_types();
152
153 std::vector<Extension_Code> diff;
154 std::set_difference(found.cbegin(), found.end(),
155 allowed_extensions.cbegin(), allowed_extensions.cend(),
156 std::back_inserter(diff));
157
158 if(allow_unknown_extensions)
159 {
160 // Go through the found unexpected extensions whether any of those
161 // is known to this TLS implementation.
162 const auto itr = std::find_if(diff.cbegin(), diff.cend(),
163 [this](const auto ext_type)
164 {
165 const auto ext = get(ext_type);
166 return ext && ext->is_implemented();
167 });
168
169 // ... if yes, `contains_other_than` is true
170 return itr != diff.cend();
171 }
172
173 return !diff.empty();
174 }
175
176std::unique_ptr<Extension> Extensions::take(Extension_Code type)
177 {
178 const auto i = std::find_if(m_extensions.begin(), m_extensions.end(),
179 [type](const auto &ext) {
180 return ext->type() == type;
181 });
182
183 std::unique_ptr<Extension> result;
184 if (i != m_extensions.end())
185 {
186 std::swap(result, *i);
187 m_extensions.erase(i);
188 }
189
190 return result;
191 }
192
193std::vector<uint8_t> Extensions::serialize(Connection_Side whoami) const
194 {
195 std::vector<uint8_t> buf(2); // 2 bytes for length field
196
197 for(const auto& extn : m_extensions)
198 {
199 if(extn->empty())
200 continue;
201
202 const uint16_t extn_code = static_cast<uint16_t>(extn->type());
203
204 const std::vector<uint8_t> extn_val = extn->serialize(whoami);
205
206 buf.push_back(get_byte<0>(extn_code));
207 buf.push_back(get_byte<1>(extn_code));
208
209 buf.push_back(get_byte<0>(static_cast<uint16_t>(extn_val.size())));
210 buf.push_back(get_byte<1>(static_cast<uint16_t>(extn_val.size())));
211
212 buf += extn_val;
213 }
214
215 const uint16_t extn_size = static_cast<uint16_t>(buf.size() - 2);
216
217 buf[0] = get_byte<0>(extn_size);
218 buf[1] = get_byte<1>(extn_size);
219
220 // avoid sending a completely empty extensions block
221 if(buf.size() == 2)
222 return std::vector<uint8_t>();
223
224 return buf;
225 }
226
227std::set<Extension_Code> Extensions::extension_types() const
228 {
229 std::set<Extension_Code> offers;
230 std::transform(m_extensions.cbegin(), m_extensions.cend(),
231 std::inserter(offers, offers.begin()), [] (const auto &ext) {
232 return ext->type();
233 });
234 return offers;
235 }
236
238 TLS_Data_Reader& reader,
239 uint16_t extension_size) :
240 m_type(type),
241 m_value(reader.get_fixed<uint8_t>(extension_size))
242 {
243 }
244
245std::vector<uint8_t> Unknown_Extension::serialize(Connection_Side /*whoami*/) const
246 {
247 return m_value;
248 }
249
251 uint16_t extension_size)
252 {
253 /*
254 * This is used by the server to confirm that it knew the name
255 */
256 if(extension_size == 0)
257 return;
258
259 uint16_t name_bytes = reader.get_uint16_t();
260
261 if(name_bytes + 2 != extension_size)
262 throw Decoding_Error("Bad encoding of SNI extension");
263
264 while(name_bytes)
265 {
266 uint8_t name_type = reader.get_byte();
267 name_bytes--;
268
269 if(name_type == 0) // DNS
270 {
271 m_sni_host_name = reader.get_string(2, 1, 65535);
272 name_bytes -= static_cast<uint16_t>(2 + m_sni_host_name.size());
273 }
274 else // some other unknown name type
275 {
276 reader.discard_next(name_bytes);
277 name_bytes = 0;
278 }
279 }
280 }
281
282std::vector<uint8_t> Server_Name_Indicator::serialize(Connection_Side whoami) const
283 {
284 // RFC 6066
285 // [...] the server SHALL include an extension of type "server_name" in
286 // the (extended) server hello. The "extension_data" field of this
287 // extension SHALL be empty.
288 if(whoami == Connection_Side::Server)
289 {
290 return {};
291 }
292
293 std::vector<uint8_t> buf;
294
295 size_t name_len = m_sni_host_name.size();
296
297 buf.push_back(get_byte<0>(static_cast<uint16_t>(name_len+3)));
298 buf.push_back(get_byte<1>(static_cast<uint16_t>(name_len+3)));
299 buf.push_back(0); // DNS
300
301 buf.push_back(get_byte<0>(static_cast<uint16_t>(name_len)));
302 buf.push_back(get_byte<1>(static_cast<uint16_t>(name_len)));
303
304 buf += std::make_pair(
305 cast_char_ptr_to_uint8(m_sni_host_name.data()),
306 m_sni_host_name.size());
307
308 return buf;
309 }
310
312 uint16_t extension_size) : m_reneg_data(reader.get_range<uint8_t>(1, 0, 255))
313 {
314 if(m_reneg_data.size() + 1 != extension_size)
315 throw Decoding_Error("Bad encoding for secure renegotiation extn");
316 }
317
318std::vector<uint8_t> Renegotiation_Extension::serialize(Connection_Side /*whoami*/) const
319 {
320 std::vector<uint8_t> buf;
321 append_tls_length_value(buf, m_reneg_data, 1);
322 return buf;
323 }
324
326 uint16_t extension_size,
327 Connection_Side from)
328 {
329 if(extension_size == 0)
330 return; // empty extension
331
332 const uint16_t name_bytes = reader.get_uint16_t();
333
334 size_t bytes_remaining = extension_size - 2;
335
336 if(name_bytes != bytes_remaining)
337 throw Decoding_Error("Bad encoding of ALPN extension, bad length field");
338
339 while(bytes_remaining)
340 {
341 const std::string p = reader.get_string(1, 0, 255);
342
343 if(bytes_remaining < p.size() + 1)
344 throw Decoding_Error("Bad encoding of ALPN, length field too long");
345
346 if(p.empty())
347 throw Decoding_Error("Empty ALPN protocol not allowed");
348
349 bytes_remaining -= (p.size() + 1);
350
351 m_protocols.push_back(p);
352 }
353
354 // RFC 7301 3.1
355 // The "extension_data" field of the [...] extension is structured the
356 // same as described above for the client "extension_data", except that
357 // the "ProtocolNameList" MUST contain exactly one "ProtocolName".
358 if(from == Connection_Side::Server && m_protocols.size() != 1)
359 {
360 throw TLS_Exception(Alert::DecodeError,
361 "Server sent " + std::to_string(m_protocols.size()) +
362 " protocols in ALPN extension response");
363 }
364 }
365
367 {
368 BOTAN_STATE_CHECK(m_protocols.size() == 1);
369 return m_protocols.front();
370 }
371
373 {
374 std::vector<uint8_t> buf(2);
375
376 for(auto&& p: m_protocols)
377 {
378 if(p.length() >= 256)
379 throw TLS_Exception(Alert::InternalError, "ALPN name too long");
380 if(!p.empty())
382 cast_char_ptr_to_uint8(p.data()),
383 p.size(),
384 1);
385 }
386
387 buf[0] = get_byte<0>(static_cast<uint16_t>(buf.size()-2));
388 buf[1] = get_byte<1>(static_cast<uint16_t>(buf.size()-2));
389
390 return buf;
391 }
392
393Supported_Groups::Supported_Groups(const std::vector<Group_Params>& groups) : m_groups(groups)
394 {
395 }
396
397const std::vector<Group_Params>& Supported_Groups::groups() const
398 {
399 return m_groups;
400 }
401
402std::vector<Group_Params> Supported_Groups::ec_groups() const
403 {
404 std::vector<Group_Params> ec;
405 for(auto g : m_groups)
406 {
407 if(group_param_is_dh(g) == false)
408 ec.push_back(g);
409 }
410 return ec;
411 }
412
413std::vector<Group_Params> Supported_Groups::dh_groups() const
414 {
415 std::vector<Group_Params> dh;
416 for(auto g : m_groups)
417 {
418 if(group_param_is_dh(g) == true)
419 dh.push_back(g);
420 }
421 return dh;
422 }
423
424std::vector<uint8_t> Supported_Groups::serialize(Connection_Side /*whoami*/) const
425 {
426 std::vector<uint8_t> buf(2);
427
428 for(auto g : m_groups)
429 {
430 const uint16_t id = static_cast<uint16_t>(g);
431
432 if(id > 0)
433 {
434 buf.push_back(get_byte<0>(id));
435 buf.push_back(get_byte<1>(id));
436 }
437 }
438
439 buf[0] = get_byte<0>(static_cast<uint16_t>(buf.size()-2));
440 buf[1] = get_byte<1>(static_cast<uint16_t>(buf.size()-2));
441
442 return buf;
443 }
444
446 uint16_t extension_size)
447 {
448 const uint16_t len = reader.get_uint16_t();
449
450 if(len + 2 != extension_size)
451 throw Decoding_Error("Inconsistent length field in supported groups list");
452
453 if(len % 2 == 1)
454 throw Decoding_Error("Supported groups list of strange size");
455
456 const size_t elems = len / 2;
457
458 for(size_t i = 0; i != elems; ++i)
459 {
460 const auto group = static_cast<Group_Params>(reader.get_uint16_t());
461 // Note: RFC 8446 does not explicitly enforce that groups must be unique.
462 if(!value_exists(m_groups, group))
463 m_groups.push_back(group);
464 }
465 }
466
467std::vector<uint8_t> Supported_Point_Formats::serialize(Connection_Side /*whoami*/) const
468 {
469 // if this extension is sent, it MUST include uncompressed (RFC 4492, section 5.1)
470 if(m_prefers_compressed)
471 {
472 return std::vector<uint8_t>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED};
473 }
474 else
475 {
476 return std::vector<uint8_t>{1, UNCOMPRESSED};
477 }
478 }
479
481 uint16_t extension_size)
482 {
483 uint8_t len = reader.get_byte();
484
485 if(len + 1 != extension_size)
486 throw Decoding_Error("Inconsistent length field in supported point formats list");
487
488 for(size_t i = 0; i != len; ++i)
489 {
490 uint8_t format = reader.get_byte();
491
492 if(static_cast<ECPointFormat>(format) == UNCOMPRESSED)
493 {
494 m_prefers_compressed = false;
495 reader.discard_next(len-i-1);
496 return;
497 }
498 else if(static_cast<ECPointFormat>(format) == ANSIX962_COMPRESSED_PRIME)
499 {
500 m_prefers_compressed = true;
501 reader.discard_next(len-i-1);
502 return;
503 }
504
505 // ignore ANSIX962_COMPRESSED_CHAR2, we don't support these curves
506 }
507 }
508
509namespace {
510
511std::vector<uint8_t> serialize_signature_algorithms(const std::vector<Signature_Scheme>& schemes)
512 {
513 BOTAN_ASSERT(schemes.size() < 256, "Too many signature schemes");
514
515 std::vector<uint8_t> buf;
516
517 const uint16_t len = static_cast<uint16_t>(schemes.size() * 2);
518
519 buf.push_back(get_byte<0>(len));
520 buf.push_back(get_byte<1>(len));
521
522 for(Signature_Scheme scheme : schemes)
523 {
524 buf.push_back(get_byte<0>(scheme.wire_code()));
525 buf.push_back(get_byte<1>(scheme.wire_code()));
526 }
527
528 return buf;
529 }
530
531std::vector<Signature_Scheme> parse_signature_algorithms(TLS_Data_Reader& reader,
532 uint16_t extension_size)
533 {
534 uint16_t len = reader.get_uint16_t();
535
536 if(len + 2 != extension_size || len % 2 == 1 || len == 0)
537 {
538 throw Decoding_Error("Bad encoding on signature algorithms extension");
539 }
540
541 std::vector<Signature_Scheme> schemes;
542 schemes.reserve(len / 2);
543 while(len)
544 {
545 schemes.emplace_back(reader.get_uint16_t());
546 len -= 2;
547 }
548
549 return schemes;
550 }
551
552}
553
554std::vector<uint8_t> Signature_Algorithms::serialize(Connection_Side /*whoami*/) const
555 {
556 return serialize_signature_algorithms(m_schemes);
557 }
558
560 uint16_t extension_size)
561 : m_schemes(parse_signature_algorithms(reader, extension_size))
562 {}
563
564std::vector<uint8_t> Signature_Algorithms_Cert::serialize(Connection_Side /*whoami*/) const
565 {
566 return serialize_signature_algorithms(m_schemes);
567 }
568
570 uint16_t extension_size)
571 : m_schemes(parse_signature_algorithms(reader, extension_size))
572 {}
573
575 uint16_t extension_size)
576 : m_ticket(Session_Ticket(reader.get_elem<uint8_t, std::vector<uint8_t>>(extension_size)))
577 {}
578
580 uint16_t extension_size) : m_pp(reader.get_range<uint16_t>(2, 0, 65535))
581 {
582 const std::vector<uint8_t> mki = reader.get_range<uint8_t>(1, 0, 255);
583
584 if(m_pp.size() * 2 + mki.size() + 3 != extension_size)
585 throw Decoding_Error("Bad encoding for SRTP protection extension");
586
587 if(!mki.empty())
588 throw Decoding_Error("Unhandled non-empty MKI for SRTP protection extension");
589 }
590
591std::vector<uint8_t> SRTP_Protection_Profiles::serialize(Connection_Side /*whoami*/) const
592 {
593 std::vector<uint8_t> buf;
594
595 const uint16_t pp_len = static_cast<uint16_t>(m_pp.size() * 2);
596 buf.push_back(get_byte<0>(pp_len));
597 buf.push_back(get_byte<1>(pp_len));
598
599 for(uint16_t pp : m_pp)
600 {
601 buf.push_back(get_byte<0>(pp));
602 buf.push_back(get_byte<1>(pp));
603 }
604
605 buf.push_back(0); // srtp_mki, always empty here
606
607 return buf;
608 }
609
611 uint16_t extension_size)
612 {
613 if(extension_size != 0)
614 throw Decoding_Error("Invalid extended_master_secret extension");
615 }
616
617std::vector<uint8_t> Extended_Master_Secret::serialize(Connection_Side /*whoami*/) const
618 {
619 return std::vector<uint8_t>();
620 }
621
623 uint16_t extension_size)
624 {
625 if(extension_size != 0)
626 throw Decoding_Error("Invalid encrypt_then_mac extension");
627 }
628
629std::vector<uint8_t> Encrypt_then_MAC::serialize(Connection_Side /*whoami*/) const
630 {
631 return std::vector<uint8_t>();
632 }
633
634std::vector<uint8_t> Supported_Versions::serialize(Connection_Side whoami) const
635 {
636 std::vector<uint8_t> buf;
637
638 if(whoami == Connection_Side::Server)
639 {
640 BOTAN_ASSERT_NOMSG(m_versions.size() == 1);
641 buf.push_back(m_versions[0].major_version());
642 buf.push_back(m_versions[0].minor_version());
643 }
644 else
645 {
646 BOTAN_ASSERT_NOMSG(!m_versions.empty());
647 const uint8_t len = static_cast<uint8_t>(m_versions.size() * 2);
648
649 buf.push_back(len);
650
651 for(Protocol_Version version : m_versions)
652 {
653 buf.push_back(version.major_version());
654 buf.push_back(version.minor_version());
655 }
656 }
657
658 return buf;
659 }
660
661
663 {
664 if(offer.is_datagram_protocol())
665 {
666#if defined(BOTAN_HAS_TLS_12)
667 if(offer >= Protocol_Version::DTLS_V12 && policy.allow_dtls12())
668 m_versions.push_back(Protocol_Version::DTLS_V12);
669#endif
670 }
671 else
672 {
673#if defined(BOTAN_HAS_TLS_13)
674 if(offer >= Protocol_Version::TLS_V13 && policy.allow_tls13())
675 m_versions.push_back(Protocol_Version::TLS_V13);
676#endif
677#if defined(BOTAN_HAS_TLS_12)
678 if(offer >= Protocol_Version::TLS_V12 && policy.allow_tls12())
679 m_versions.push_back(Protocol_Version::TLS_V12);
680#endif
681 }
682 }
683
685 uint16_t extension_size,
686 Connection_Side from)
687 {
688 if(from == Connection_Side::Server)
689 {
690 if(extension_size != 2)
691 throw Decoding_Error("Server sent invalid supported_versions extension");
692 m_versions.push_back(Protocol_Version(reader.get_uint16_t()));
693 }
694 else
695 {
696 auto versions = reader.get_range<uint16_t>(1, 1, 127);
697
698 for(auto v : versions)
699 m_versions.push_back(Protocol_Version(v));
700
701 if(extension_size != 1+2*versions.size())
702 throw Decoding_Error("Client sent invalid supported_versions extension");
703 }
704 }
705
707 {
708 for(auto v : m_versions)
709 if(version == v)
710 return true;
711 return false;
712 }
713
714
716 : m_limit(limit)
717 {
718 BOTAN_ASSERT(limit >= 64,
719 "RFC 8449 does not allow record size limits smaller than 64 bytes");
720 BOTAN_ASSERT(limit <= MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */,
721 "RFC 8449 does not allow record size limits larger than 2^14+1");
722 }
723
725 uint16_t extension_size,
726 Connection_Side from)
727 {
728 if(extension_size != 2)
729 {
730 throw TLS_Exception(Alert::DecodeError, "invalid record_size_limit extension");
731 }
732
733 m_limit = reader.get_uint16_t();
734
735 // RFC 8449 4.
736 // This value is the length of the plaintext of a protected record.
737 // The value includes the content type and padding added in TLS 1.3 (that
738 // is, the complete length of TLSInnerPlaintext).
739 //
740 // A server MUST NOT enforce this restriction; a client might advertise
741 // a higher limit that is enabled by an extension or version the server
742 // does not understand. A client MAY abort the handshake with an
743 // "illegal_parameter" alert.
744 //
745 // Note: We are currently supporting this extension in TLS 1.3 only, hence
746 // we check for the TLS 1.3 limit. The TLS 1.2 limit would not include
747 // the "content type byte" and hence be one byte less!
748 if(m_limit > MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */ && from == Connection_Side::Server)
749 {
750 throw TLS_Exception(Alert::IllegalParameter,
751 "Server requested a record size limit larger than the protocol's maximum");
752 }
753
754 // RFC 8449 4.
755 // Endpoints MUST NOT send a "record_size_limit" extension with a value
756 // smaller than 64. An endpoint MUST treat receipt of a smaller value
757 // as a fatal error and generate an "illegal_parameter" alert.
758 if(m_limit < 64)
759 {
760 throw TLS_Exception(Alert::IllegalParameter,
761 "Received a record size limit smaller than 64 bytes");
762 }
763 }
764
766 {
767 std::vector<uint8_t> buf;
768
769 buf.push_back(get_byte<0>(m_limit));
770 buf.push_back(get_byte<1>(m_limit));
771
772 return buf;
773 }
774
775
776#if defined(BOTAN_HAS_TLS_13)
777Cookie::Cookie(const std::vector<uint8_t>& cookie) :
778 m_cookie(cookie)
779 {
780 }
781
782Cookie::Cookie(TLS_Data_Reader& reader,
783 uint16_t extension_size)
784 {
785 if (extension_size == 0)
786 {
787 return;
788 }
789
790 const uint16_t len = reader.get_uint16_t();
791
792 if (len == 0)
793 {
794 // Based on RFC 8446 4.2.2, len of the Cookie buffer must be at least 1
795 throw Decoding_Error("Cookie length must be at least 1 byte");
796 }
797
798 if (len > reader.remaining_bytes())
799 {
800 throw Decoding_Error("Not enough bytes in the buffer to decode Cookie");
801 }
802
803 for(size_t i = 0; i < len; ++i)
804 {
805 m_cookie.push_back(reader.get_byte());
806 }
807 }
808
809std::vector<uint8_t> Cookie::serialize(Connection_Side /*whoami*/) const
810 {
811 std::vector<uint8_t> buf;
812
813 const uint16_t len = static_cast<uint16_t>(m_cookie.size());
814
815 buf.push_back(get_byte<0>(len));
816 buf.push_back(get_byte<1>(len));
817
818 for (const auto& cookie_byte : m_cookie)
819 {
820 buf.push_back(cookie_byte);
821 }
822
823 return buf;
824 }
825
826
827std::vector<uint8_t> PSK_Key_Exchange_Modes::serialize(Connection_Side) const
828 {
829 std::vector<uint8_t> buf;
830
831 BOTAN_ASSERT_NOMSG(m_modes.size() < 256);
832 buf.push_back(static_cast<uint8_t>(m_modes.size()));
833 for (const auto& mode : m_modes)
834 {
835 buf.push_back(static_cast<uint8_t>(mode));
836 }
837
838 return buf;
839 }
840
841PSK_Key_Exchange_Modes::PSK_Key_Exchange_Modes(TLS_Data_Reader& reader, uint16_t extension_size)
842 {
843 if (extension_size < 2)
844 {
845 throw Decoding_Error("Empty psk_key_exchange_modes extension is illegal");
846 }
847
848 const auto mode_count = reader.get_byte();
849 for(uint16_t i = 0; i < mode_count; ++i)
850 {
851 const auto mode = static_cast<PSK_Key_Exchange_Mode>(reader.get_byte());
852 if (mode == PSK_Key_Exchange_Mode::PSK_KE ||
853 mode == PSK_Key_Exchange_Mode::PSK_DHE_KE)
854 {
855 m_modes.push_back(mode);
856 }
857 }
858 }
859
860
861std::vector<uint8_t> Certificate_Authorities::serialize(Connection_Side) const
862 { throw Not_Implemented("serializing Certificate_Authorities is NYI"); }
863
864Certificate_Authorities::Certificate_Authorities(TLS_Data_Reader& reader, uint16_t extension_size)
865 {
866 if (extension_size < 2)
867 {
868 throw Decoding_Error("Empty certificate_authorities extension is illegal");
869 }
870
871 const uint16_t purported_size = reader.get_uint16_t();
872
873 if(reader.remaining_bytes() != purported_size)
874 throw Decoding_Error("Inconsistent length in certificate_authorities extension");
875
876 while(reader.has_remaining())
877 {
878 std::vector<uint8_t> name_bits = reader.get_tls_length_value(2);
879
880 BER_Decoder decoder(name_bits.data(), name_bits.size());
881 m_distinguished_names.emplace_back();
882 decoder.decode(m_distinguished_names.back());
883 }
884 }
885
886Certificate_Authorities::Certificate_Authorities(std::vector<X509_DN> acceptable_DNs)
887 : m_distinguished_names(std::move(acceptable_DNs)) {}
888
889
890std::vector<uint8_t> EarlyDataIndication::serialize(Connection_Side) const
891 {
892 std::vector<uint8_t> result;
893 if(m_max_early_data_size.has_value())
894 {
895 const auto max_data = m_max_early_data_size.value();
896 result.push_back(get_byte<0>(max_data));
897 result.push_back(get_byte<1>(max_data));
898 result.push_back(get_byte<2>(max_data));
899 result.push_back(get_byte<3>(max_data));
900 }
901 return result;
902 }
903
904EarlyDataIndication::EarlyDataIndication(TLS_Data_Reader& reader,
905 uint16_t extension_size,
906 Handshake_Type message_type)
907 {
908 if(message_type == Handshake_Type::NewSessionTicket)
909 {
910 if(extension_size != 4)
911 {
912 throw TLS_Exception(Alert::DecodeError,
913 "Received an early_data extension in a NewSessionTicket message "
914 "without maximum early data size indication");
915 }
916
917 m_max_early_data_size = reader.get_uint32_t();
918 }
919 else if(extension_size != 0)
920 {
921 throw TLS_Exception(Alert::DecodeError,
922 "Received an early_data extension containing an unexpected data "
923 "size indication");
924 }
925 }
926
927bool EarlyDataIndication::empty() const
928 {
929 // This extension may be empty by definition but still carry information
930 return false;
931 }
932
933#endif
934}
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
#define BOTAN_STATE_CHECK(expr)
Definition: assert.h:48
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54
Application_Layer_Protocol_Notification(std::string_view protocol)
std::vector< uint8_t > serialize(Connection_Side whoami) const override
std::vector< uint8_t > serialize(Connection_Side whoami) const override
std::vector< uint8_t > serialize(Connection_Side whoami) const override
std::vector< uint8_t > serialize(Connection_Side whoami) const
bool contains_other_than(const std::set< Extension_Code > &allowed_extensions, const bool allow_unknown_extensions=false) const
void deserialize(TLS_Data_Reader &reader, const Connection_Side from, const Handshake_Type message_type)
decltype(auto) take()
std::set< Extension_Code > extension_types() const
void add(std::unique_ptr< Extension > extn)
virtual bool allow_tls12() const
Definition: tls_policy.cpp:345
virtual bool allow_tls13() const
Definition: tls_policy.cpp:353
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:361
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Record_Size_Limit(const uint16_t limit)
std::vector< uint8_t > serialize(Connection_Side whoami) const override
SRTP_Protection_Profiles(const std::vector< uint16_t > &pp)
std::vector< uint8_t > serialize(Connection_Side whoami) const override
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Server_Name_Indicator(std::string_view host_name)
Signature_Algorithms_Cert(std::vector< Signature_Scheme > schemes)
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Signature_Algorithms(std::vector< Signature_Scheme > schemes)
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Supported_Groups(const std::vector< Group_Params > &groups)
std::vector< Group_Params > ec_groups() const
const std::vector< Group_Params > & groups() const
std::vector< uint8_t > serialize(Connection_Side whoami) const override
std::vector< Group_Params > dh_groups() const
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Supported_Point_Formats(bool prefer_compressed)
bool supports(Protocol_Version version) const
Supported_Versions(Protocol_Version version, const Policy &policy)
const std::vector< Protocol_Version > & versions() const
std::vector< uint8_t > serialize(Connection_Side whoami) const override
std::string get_string(size_t len_bytes, size_t min_bytes, size_t max_bytes)
Definition: tls_reader.h:142
bool has_remaining() const
Definition: tls_reader.h:42
void discard_next(size_t bytes)
Definition: tls_reader.h:54
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:121
size_t remaining_bytes() const
Definition: tls_reader.h:40
std::vector< T > get_fixed(size_t size)
Definition: tls_reader.h:153
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Unknown_Extension(Extension_Code type, TLS_Data_Reader &reader, uint16_t extension_size)
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:214
@ MAX_PLAINTEXT_SIZE
Definition: tls_magic.h:32
bool group_param_is_dh(Group_Params group)
Definition: tls_algos.cpp:109
bool value_exists(const std::vector< T > &vec, const OT &val)
Definition: stl_util.h:104
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:183
Definition: bigint.h:1092