Botan  2.7.0
Crypto and TLS for C++11
tls_extensions.cpp
Go to the documentation of this file.
1 /*
2 * TLS Extensions
3 * (C) 2011,2012,2015,2016 Jack Lloyd
4 * 2016 Juraj Somorovsky
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/tls_extensions.h>
10 #include <botan/internal/tls_reader.h>
11 #include <botan/tls_exceptn.h>
12 
13 namespace Botan {
14 
15 namespace TLS {
16 
17 namespace {
18 
19 Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size)
20  {
21  switch(code)
22  {
24  return new Server_Name_Indicator(reader, size);
25 
26 #if defined(BOTAN_HAS_SRP6)
28  return new SRP_Identifier(reader, size);
29 #endif
30 
32  return new Supported_Groups(reader, size);
33 
35  return new Certificate_Status_Request(reader, size);
36 
38  return new Supported_Point_Formats(reader, size);
39 
41  return new Renegotiation_Extension(reader, size);
42 
44  return new Signature_Algorithms(reader, size);
45 
46  case TLSEXT_USE_SRTP:
47  return new SRTP_Protection_Profiles(reader, size);
48 
49  case TLSEXT_ALPN:
50  return new Application_Layer_Protocol_Notification(reader, size);
51 
53  return new Extended_Master_Secret(reader, size);
54 
56  return new Encrypt_then_MAC(reader, size);
57 
59  return new Session_Ticket(reader, size);
60  }
61 
62  return new Unknown_Extension(static_cast<Handshake_Extension_Type>(code),
63  reader, size);
64  }
65 
66 }
67 
69  {
70  if(reader.has_remaining())
71  {
72  const uint16_t all_extn_size = reader.get_uint16_t();
73 
74  if(reader.remaining_bytes() != all_extn_size)
75  throw Decoding_Error("Bad extension size");
76 
77  while(reader.has_remaining())
78  {
79  const uint16_t extension_code = reader.get_uint16_t();
80  const uint16_t extension_size = reader.get_uint16_t();
81 
82  Extension* extn = make_extension(reader,
83  extension_code,
84  extension_size);
85 
86  this->add(extn);
87  }
88  }
89  }
90 
91 std::vector<uint8_t> Extensions::serialize() const
92  {
93  std::vector<uint8_t> buf(2); // 2 bytes for length field
94 
95  for(auto& extn : m_extensions)
96  {
97  if(extn.second->empty())
98  continue;
99 
100  const uint16_t extn_code = extn.second->type();
101 
102  std::vector<uint8_t> extn_val = extn.second->serialize();
103 
104  buf.push_back(get_byte(0, extn_code));
105  buf.push_back(get_byte(1, extn_code));
106 
107  buf.push_back(get_byte(0, static_cast<uint16_t>(extn_val.size())));
108  buf.push_back(get_byte(1, static_cast<uint16_t>(extn_val.size())));
109 
110  buf += extn_val;
111  }
112 
113  const uint16_t extn_size = static_cast<uint16_t>(buf.size() - 2);
114 
115  buf[0] = get_byte(0, extn_size);
116  buf[1] = get_byte(1, extn_size);
117 
118  // avoid sending a completely empty extensions block
119  if(buf.size() == 2)
120  return std::vector<uint8_t>();
121 
122  return buf;
123  }
124 
126  {
127  auto i = m_extensions.find(typ);
128  if(i == m_extensions.end())
129  return false;
130  m_extensions.erase(i);
131  return true;
132  }
133 
134 std::set<Handshake_Extension_Type> Extensions::extension_types() const
135  {
136  std::set<Handshake_Extension_Type> offers;
137  for(auto i = m_extensions.begin(); i != m_extensions.end(); ++i)
138  offers.insert(i->first);
139  return offers;
140  }
141 
143  TLS_Data_Reader& reader,
144  uint16_t extension_size) :
145  m_type(type),
146  m_value(reader.get_fixed<uint8_t>(extension_size))
147  {
148  }
149 
150 std::vector<uint8_t> Unknown_Extension::serialize() const
151  {
152  throw Invalid_State("Cannot encode an unknown TLS extension");
153  }
154 
156  uint16_t extension_size)
157  {
158  /*
159  * This is used by the server to confirm that it knew the name
160  */
161  if(extension_size == 0)
162  return;
163 
164  uint16_t name_bytes = reader.get_uint16_t();
165 
166  if(name_bytes + 2 != extension_size)
167  throw Decoding_Error("Bad encoding of SNI extension");
168 
169  while(name_bytes)
170  {
171  uint8_t name_type = reader.get_byte();
172  name_bytes--;
173 
174  if(name_type == 0) // DNS
175  {
176  m_sni_host_name = reader.get_string(2, 1, 65535);
177  name_bytes -= static_cast<uint16_t>(2 + m_sni_host_name.size());
178  }
179  else // some other unknown name type
180  {
181  reader.discard_next(name_bytes);
182  name_bytes = 0;
183  }
184  }
185  }
186 
187 std::vector<uint8_t> Server_Name_Indicator::serialize() const
188  {
189  std::vector<uint8_t> buf;
190 
191  size_t name_len = m_sni_host_name.size();
192 
193  buf.push_back(get_byte(0, static_cast<uint16_t>(name_len+3)));
194  buf.push_back(get_byte(1, static_cast<uint16_t>(name_len+3)));
195  buf.push_back(0); // DNS
196 
197  buf.push_back(get_byte(0, static_cast<uint16_t>(name_len)));
198  buf.push_back(get_byte(1, static_cast<uint16_t>(name_len)));
199 
200  buf += std::make_pair(
201  cast_char_ptr_to_uint8(m_sni_host_name.data()),
202  m_sni_host_name.size());
203 
204  return buf;
205  }
206 
207 #if defined(BOTAN_HAS_SRP6)
208 
209 SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader,
210  uint16_t extension_size) : m_srp_identifier(reader.get_string(1, 1, 255))
211  {
212  if(m_srp_identifier.size() + 1 != extension_size)
213  throw Decoding_Error("Bad encoding for SRP identifier extension");
214  }
215 
216 std::vector<uint8_t> SRP_Identifier::serialize() const
217  {
218  std::vector<uint8_t> buf;
219 
220  const uint8_t* srp_bytes = cast_char_ptr_to_uint8(m_srp_identifier.data());
221  append_tls_length_value(buf, srp_bytes, m_srp_identifier.size(), 1);
222 
223  return buf;
224  }
225 
226 #endif
227 
229  uint16_t extension_size) : m_reneg_data(reader.get_range<uint8_t>(1, 0, 255))
230  {
231  if(m_reneg_data.size() + 1 != extension_size)
232  throw Decoding_Error("Bad encoding for secure renegotiation extn");
233  }
234 
235 std::vector<uint8_t> Renegotiation_Extension::serialize() const
236  {
237  std::vector<uint8_t> buf;
238  append_tls_length_value(buf, m_reneg_data, 1);
239  return buf;
240  }
241 
243  uint16_t extension_size)
244  {
245  if(extension_size == 0)
246  return; // empty extension
247 
248  const uint16_t name_bytes = reader.get_uint16_t();
249 
250  size_t bytes_remaining = extension_size - 2;
251 
252  if(name_bytes != bytes_remaining)
253  throw Decoding_Error("Bad encoding of ALPN extension, bad length field");
254 
255  while(bytes_remaining)
256  {
257  const std::string p = reader.get_string(1, 0, 255);
258 
259  if(bytes_remaining < p.size() + 1)
260  throw Decoding_Error("Bad encoding of ALPN, length field too long");
261 
262  bytes_remaining -= (p.size() + 1);
263 
264  m_protocols.push_back(p);
265  }
266  }
267 
269  {
270  if(m_protocols.size() != 1)
272  "Server sent " + std::to_string(m_protocols.size()) +
273  " protocols in ALPN extension response");
274  return m_protocols[0];
275  }
276 
278  {
279  std::vector<uint8_t> buf(2);
280 
281  for(auto&& p: m_protocols)
282  {
283  if(p.length() >= 256)
284  throw TLS_Exception(Alert::INTERNAL_ERROR, "ALPN name too long");
285  if(p != "")
287  cast_char_ptr_to_uint8(p.data()),
288  p.size(),
289  1);
290  }
291 
292  buf[0] = get_byte(0, static_cast<uint16_t>(buf.size()-2));
293  buf[1] = get_byte(1, static_cast<uint16_t>(buf.size()-2));
294 
295  return buf;
296  }
297 
298 Supported_Groups::Supported_Groups(const std::vector<Group_Params>& groups) : m_groups(groups)
299  {
300  }
301 
302 std::vector<Group_Params> Supported_Groups::ec_groups() const
303  {
304  std::vector<Group_Params> ec;
305  for(auto g : m_groups)
306  {
307  if(group_param_is_dh(g) == false)
308  ec.push_back(g);
309  }
310  return ec;
311  }
312 
313 std::vector<Group_Params> Supported_Groups::dh_groups() const
314  {
315  std::vector<Group_Params> dh;
316  for(auto g : m_groups)
317  {
318  if(group_param_is_dh(g) == true)
319  dh.push_back(g);
320  }
321  return dh;
322  }
323 
324 std::vector<uint8_t> Supported_Groups::serialize() const
325  {
326  std::vector<uint8_t> buf(2);
327 
328  for(auto g : m_groups)
329  {
330  const uint16_t id = static_cast<uint16_t>(g);
331 
332  if(id > 0)
333  {
334  buf.push_back(get_byte(0, id));
335  buf.push_back(get_byte(1, id));
336  }
337  }
338 
339  buf[0] = get_byte(0, static_cast<uint16_t>(buf.size()-2));
340  buf[1] = get_byte(1, static_cast<uint16_t>(buf.size()-2));
341 
342  return buf;
343  }
344 
346  uint16_t extension_size)
347  {
348  const uint16_t len = reader.get_uint16_t();
349 
350  if(len + 2 != extension_size)
351  throw Decoding_Error("Inconsistent length field in supported groups list");
352 
353  if(len % 2 == 1)
354  throw Decoding_Error("Supported groups list of strange size");
355 
356  for(size_t i = 0; i != len / 2; ++i)
357  {
358  const uint16_t id = reader.get_uint16_t();
359  m_groups.push_back(static_cast<Group_Params>(id));
360  }
361  }
362 
363 std::vector<uint8_t> Supported_Point_Formats::serialize() const
364  {
365  // if this extension is sent, it MUST include uncompressed (RFC 4492, section 5.1)
366  if(m_prefers_compressed)
367  {
368  return std::vector<uint8_t>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED};
369  }
370  else
371  {
372  return std::vector<uint8_t>{1, UNCOMPRESSED};
373  }
374  }
375 
377  uint16_t extension_size)
378  {
379  uint8_t len = reader.get_byte();
380 
381  if(len + 1 != extension_size)
382  throw Decoding_Error("Inconsistent length field in supported point formats list");
383 
384  for(size_t i = 0; i != len; ++i)
385  {
386  uint8_t format = reader.get_byte();
387 
388  if(static_cast<ECPointFormat>(format) == UNCOMPRESSED)
389  {
390  m_prefers_compressed = false;
391  reader.discard_next(len-i-1);
392  return;
393  }
394  else if(static_cast<ECPointFormat>(format) == ANSIX962_COMPRESSED_PRIME)
395  {
396  m_prefers_compressed = true;
397  reader.discard_next(len-i-1);
398  return;
399  }
400 
401  // ignore ANSIX962_COMPRESSED_CHAR2, we don't support these curves
402  }
403  }
404 
405 std::vector<uint8_t> Signature_Algorithms::serialize() const
406  {
407  std::vector<uint8_t> buf;
408 
409  const uint16_t len = m_schemes.size() * 2;
410 
411  buf.push_back(get_byte(0, len));
412  buf.push_back(get_byte(1, len));
413 
414  for(Signature_Scheme scheme : m_schemes)
415  {
416  const uint16_t scheme_code = static_cast<uint16_t>(scheme);
417 
418  buf.push_back(get_byte(0, scheme_code));
419  buf.push_back(get_byte(1, scheme_code));
420  }
421 
422  return buf;
423  }
424 
426  uint16_t extension_size)
427  {
428  uint16_t len = reader.get_uint16_t();
429 
430  if(len + 2 != extension_size || len % 2 == 1 || len == 0)
431  {
432  throw Decoding_Error("Bad encoding on signature algorithms extension");
433  }
434 
435  while(len)
436  {
437  const uint16_t scheme_code = reader.get_uint16_t();
438  m_schemes.push_back(static_cast<Signature_Scheme>(scheme_code));
439  len -= 2;
440  }
441  }
442 
444  uint16_t extension_size) : m_ticket(reader.get_elem<uint8_t, std::vector<uint8_t>>(extension_size))
445  {}
446 
448  uint16_t extension_size) : m_pp(reader.get_range<uint16_t>(2, 0, 65535))
449  {
450  const std::vector<uint8_t> mki = reader.get_range<uint8_t>(1, 0, 255);
451 
452  if(m_pp.size() * 2 + mki.size() + 3 != extension_size)
453  throw Decoding_Error("Bad encoding for SRTP protection extension");
454 
455  if(!mki.empty())
456  throw Decoding_Error("Unhandled non-empty MKI for SRTP protection extension");
457  }
458 
459 std::vector<uint8_t> SRTP_Protection_Profiles::serialize() const
460  {
461  std::vector<uint8_t> buf;
462 
463  const uint16_t pp_len = static_cast<uint16_t>(m_pp.size() * 2);
464  buf.push_back(get_byte(0, pp_len));
465  buf.push_back(get_byte(1, pp_len));
466 
467  for(uint16_t pp : m_pp)
468  {
469  buf.push_back(get_byte(0, pp));
470  buf.push_back(get_byte(1, pp));
471  }
472 
473  buf.push_back(0); // srtp_mki, always empty here
474 
475  return buf;
476  }
477 
479  uint16_t extension_size)
480  {
481  if(extension_size != 0)
482  throw Decoding_Error("Invalid extended_master_secret extension");
483  }
484 
485 std::vector<uint8_t> Extended_Master_Secret::serialize() const
486  {
487  return std::vector<uint8_t>();
488  }
489 
491  uint16_t extension_size)
492  {
493  if(extension_size != 0)
494  throw Decoding_Error("Invalid encrypt_then_mac extension");
495  }
496 
497 std::vector<uint8_t> Encrypt_then_MAC::serialize() const
498  {
499  return std::vector<uint8_t>();
500  }
501 
502 std::vector<uint8_t> Certificate_Status_Request::serialize() const
503  {
504  std::vector<uint8_t> buf;
505 
506  if(m_server_side)
507  return buf; // server reply is empty
508 
509  /*
510  opaque ResponderID<1..2^16-1>;
511  opaque Extensions<0..2^16-1>;
512 
513  CertificateStatusType status_type = ocsp(1)
514  ResponderID responder_id_list<0..2^16-1>
515  Extensions request_extensions;
516  */
517 
518  buf.push_back(1); // CertificateStatusType ocsp
519 
520  buf.push_back(0);
521  buf.push_back(0);
522  buf.push_back(0);
523  buf.push_back(0);
524 
525  return buf;
526  }
527 
529  uint16_t extension_size) :
530  m_server_side(false)
531  {
532  if(extension_size > 0)
533  {
534  const uint8_t type = reader.get_byte();
535  if(type == 1)
536  {
537  reader.discard_next(extension_size - 1); // fixme
538  }
539  else
540  {
541  reader.discard_next(extension_size - 1);
542  }
543  }
544  }
545 
546 Certificate_Status_Request::Certificate_Status_Request(const std::vector<X509_DN>& ocsp_responder_ids,
547  const std::vector<std::vector<uint8_t>>& ocsp_key_ids) :
548  m_ocsp_names(ocsp_responder_ids),
549  m_ocsp_keys(ocsp_key_ids),
550  m_server_side(false)
551  {
552 
553  }
554 
556  {
557 
558  }
559 
560 }
561 
562 }
std::vector< uint8_t > serialize() const
std::vector< uint8_t > serialize() const override
std::vector< uint8_t > serialize() const override
Handshake_Extension_Type type() const override
bool group_param_is_dh(Group_Params group)
Definition: tls_algos.cpp:118
Server_Name_Indicator(const std::string &host_name)
void add(Extension *extn)
Signature_Scheme
Definition: tls_algos.h:84
std::vector< uint8_t > serialize() const override
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:131
Definition: bigint.h:796
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
MechanismType type
Signature_Algorithms(const std::vector< Signature_Scheme > &schemes)
std::vector< uint8_t > serialize() const override
std::vector< uint8_t > serialize() const override
std::string get_string(size_t len_bytes, size_t min_bytes, size_t max_bytes)
Definition: tls_reader.h:115
Unknown_Extension(Handshake_Extension_Type type, TLS_Data_Reader &reader, uint16_t extension_size)
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:94
std::vector< uint8_t > serialize() const override
Application_Layer_Protocol_Notification(const std::string &protocol)
std::vector< uint8_t > serialize() const override
Definition: alg_id.cpp:13
std::vector< Group_Params > ec_groups() const
std::vector< uint8_t > serialize() const override
std::set< Handshake_Extension_Type > extension_types() const
std::vector< uint8_t > serialize() const override
std::vector< uint8_t > serialize() const override
void discard_next(size_t bytes)
Definition: tls_reader.h:47
SRTP_Protection_Profiles(const std::vector< uint16_t > &pp)
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
void deserialize(TLS_Data_Reader &reader)
std::vector< Group_Params > dh_groups() const
size_t remaining_bytes() const
Definition: tls_reader.h:38
Supported_Groups(const std::vector< Group_Params > &groups)
std::vector< uint8_t > serialize() const override
Supported_Point_Formats(bool prefer_compressed)
bool has_remaining() const
Definition: tls_reader.h:40
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:185
bool remove_extension(Handshake_Extension_Type typ)