Botan 3.9.0
Crypto and TLS for C&
tls_extensions.h
Go to the documentation of this file.
1/*
2* TLS Extensions
3* (C) 2011,2012,2016,2018,2019 Jack Lloyd
4* (C) 2016 Juraj Somorovsky
5* (C) 2016 Matthias Gierlings
6* (C) 2021 Elektrobit Automotive GmbH
7* (C) 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
8* (C) 2023 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity
9*
10* Botan is released under the Simplified BSD License (see license.txt)
11*/
12
13#ifndef BOTAN_TLS_EXTENSIONS_H_
14#define BOTAN_TLS_EXTENSIONS_H_
15
16#include <botan/credentials_manager.h>
17#include <botan/pkix_types.h>
18#include <botan/secmem.h>
19#include <botan/tls_algos.h>
20#include <botan/tls_magic.h>
21#include <botan/tls_session.h>
22#include <botan/tls_signature_scheme.h>
23#include <botan/tls_version.h>
24
25#include <memory>
26#include <optional>
27#include <set>
28#include <string>
29#include <variant>
30#include <vector>
31
32namespace Botan {
33
36
37namespace TLS {
38
39#if defined(BOTAN_HAS_TLS_13)
40class Callbacks;
41class Session_Manager;
42class Cipher_State;
43class Ciphersuite;
45
46enum class PSK_Key_Exchange_Mode : uint8_t { PSK_KE = 0, PSK_DHE_KE = 1 };
47
48#endif
49class Policy;
50class TLS_Data_Reader;
51
52enum class Extension_Code : uint16_t {
55
60 UseSrtp = 14,
62
63 // SignedCertificateTimestamp = 18, // NYI
64
65 // RFC 7250 (Raw Public Keys in TLS)
68
71
73
75
77#if defined(BOTAN_HAS_TLS_13)
80 Cookie = 44,
81
84 // OidFilters = 48, // NYI
85
87#endif
88
90};
91
92/**
93* Base class representing a TLS extension of some kind
94*/
95class BOTAN_UNSTABLE_API Extension /* NOLINT(*-special-member-functions) */ {
96 public:
97 /**
98 * @return code number of the extension
99 */
100 virtual Extension_Code type() const = 0;
101
102 /**
103 * @return serialized binary for the extension
104 */
105 virtual std::vector<uint8_t> serialize(Connection_Side whoami) const = 0;
106
107 /**
108 * @return if we should encode this extension or not
109 */
110 virtual bool empty() const = 0;
111
112 /**
113 * @return true if this extension is known and implemented by Botan
114 */
115 virtual bool is_implemented() const { return true; }
116
117 virtual ~Extension() = default;
118};
119
120/**
121* Server Name Indicator extension (RFC 3546)
122*/
124 public:
126
127 Extension_Code type() const override { return static_type(); }
128
129 explicit Server_Name_Indicator(std::string_view host_name) : m_sni_host_name(host_name) {}
130
131 Server_Name_Indicator(TLS_Data_Reader& reader, uint16_t extension_size);
132
133 std::string host_name() const { return m_sni_host_name; }
134
135 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
136
137 bool empty() const override { return false; }
138
139 private:
140 std::string m_sni_host_name;
141};
142
143/**
144* Renegotiation Indication Extension (RFC 5746)
145*/
147 public:
149
150 Extension_Code type() const override { return static_type(); }
151
153
154 explicit Renegotiation_Extension(const std::vector<uint8_t>& bits) : m_reneg_data(bits) {}
155
156 Renegotiation_Extension(TLS_Data_Reader& reader, uint16_t extension_size);
157
158 const std::vector<uint8_t>& renegotiation_info() const { return m_reneg_data; }
159
160 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
161
162 bool empty() const override { return false; } // always send this
163
164 private:
165 std::vector<uint8_t> m_reneg_data;
166};
167
168/**
169* ALPN (RFC 7301)
170*/
172 public:
174
175 Extension_Code type() const override { return static_type(); }
176
177 const std::vector<std::string>& protocols() const { return m_protocols; }
178
179 std::string single_protocol() const;
180
181 /**
182 * Single protocol, used by server
183 */
184 explicit Application_Layer_Protocol_Notification(std::string_view protocol) :
185 m_protocols(1, std::string(protocol)) {}
186
187 /**
188 * List of protocols, used by client
189 */
190 explicit Application_Layer_Protocol_Notification(const std::vector<std::string>& protocols) :
191 m_protocols(protocols) {}
192
193 Application_Layer_Protocol_Notification(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from);
194
195 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
196
197 bool empty() const override { return m_protocols.empty(); }
198
199 private:
200 std::vector<std::string> m_protocols;
201};
202
203// As defined in RFC 8446 4.4.2
204enum class Certificate_Type : uint8_t { X509 = 0, RawPublicKey = 2 };
205
207Certificate_Type certificate_type_from_string(const std::string& type_str);
208
209/**
210 * RFC 7250
211 * Base class for 'client_certificate_type' and 'server_certificate_type' extensions.
212 */
214 public:
215 /**
216 * Called by the client to advertise support for a number of cert types.
217 */
218 explicit Certificate_Type_Base(std::vector<Certificate_Type> supported_cert_types);
219
220 protected:
221 /**
222 * Called by the server to select a cert type to be used in the handshake.
223 */
224 Certificate_Type_Base(const Certificate_Type_Base& certificate_type_from_client,
225 const std::vector<Certificate_Type>& server_preference);
226
227 public:
228 Certificate_Type_Base(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from);
229
230 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
231
232 void validate_selection(const Certificate_Type_Base& from_server) const;
234
235 bool empty() const override {
236 // RFC 7250 4.1
237 // If the client has no remaining certificate types to send in the
238 // client hello, other than the default X.509 type, it MUST omit the
239 // entire client[/server]_certificate_type extension [...].
240 return m_from == Connection_Side::Client && m_certificate_types.size() == 1 &&
241 m_certificate_types.front() == Certificate_Type::X509;
242 }
243
244 private:
245 std::vector<Certificate_Type> m_certificate_types;
246 Connection_Side m_from;
247};
248
250 public:
252
253 /**
254 * Creates the Server Hello extension from the received client preferences.
255 */
256 Client_Certificate_Type(const Client_Certificate_Type& cct, const Policy& policy);
257
259
260 Extension_Code type() const override { return static_type(); }
261};
262
264 public:
266
267 /**
268 * Creates the Server Hello extension from the received client preferences.
269 */
270 Server_Certificate_Type(const Server_Certificate_Type& sct, const Policy& policy);
271
273
274 Extension_Code type() const override { return static_type(); }
275};
276
277/**
278* Session Ticket Extension (RFC 5077)
279*/
281 public:
283
284 Extension_Code type() const override { return static_type(); }
285
286 /**
287 * @return contents of the session ticket
288 */
289 const Session_Ticket& contents() const { return m_ticket; }
290
291 /**
292 * Create empty extension, used by both client and server
293 */
295
296 /**
297 * Extension with ticket, used by client
298 */
299 explicit Session_Ticket_Extension(Session_Ticket session_ticket) : m_ticket(std::move(session_ticket)) {}
300
301 /**
302 * Deserialize a session ticket
303 */
304 Session_Ticket_Extension(TLS_Data_Reader& reader, uint16_t extension_size);
305
306 std::vector<uint8_t> serialize(Connection_Side /*whoami*/) const override { return m_ticket.get(); }
307
308 bool empty() const override { return false; }
309
310 private:
311 Session_Ticket m_ticket;
312};
313
314/**
315* Supported Groups Extension (RFC 7919)
316*/
318 public:
320
321 Extension_Code type() const override { return static_type(); }
322
323 const std::vector<Group_Params>& groups() const;
324
325 // Returns the list of groups we recognize as ECDH curves
326 std::vector<Group_Params> ec_groups() const;
327
328 // Returns the list of any groups in the FFDHE range
329 std::vector<Group_Params> dh_groups() const;
330
331 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
332
333 explicit Supported_Groups(const std::vector<Group_Params>& groups);
334
335 Supported_Groups(TLS_Data_Reader& reader, uint16_t extension_size);
336
337 bool empty() const override { return m_groups.empty(); }
338
339 private:
340 std::vector<Group_Params> m_groups;
341};
342
343// previously Supported Elliptic Curves Extension (RFC 4492)
344//using Supported_Elliptic_Curves = Supported_Groups;
345
346/**
347* Supported Point Formats Extension (RFC 4492)
348*/
350 public:
351 enum ECPointFormat : uint8_t {
354 ANSIX962_COMPRESSED_CHAR2 = 2, // don't support these curves
355 };
356
358
359 Extension_Code type() const override { return static_type(); }
360
361 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
362
363 explicit Supported_Point_Formats(bool prefer_compressed) : m_prefers_compressed(prefer_compressed) {}
364
365 Supported_Point_Formats(TLS_Data_Reader& reader, uint16_t extension_size);
366
367 bool empty() const override { return false; }
368
369 bool prefers_compressed() const { return m_prefers_compressed; }
370
371 private:
372 bool m_prefers_compressed = false;
373};
374
375/**
376* Signature Algorithms Extension for TLS 1.2 (RFC 5246)
377*/
379 public:
381
382 Extension_Code type() const override { return static_type(); }
383
384 const std::vector<Signature_Scheme>& supported_schemes() const { return m_schemes; }
385
386 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
387
388 bool empty() const override { return m_schemes.empty(); }
389
390 explicit Signature_Algorithms(std::vector<Signature_Scheme> schemes) : m_schemes(std::move(schemes)) {}
391
392 Signature_Algorithms(TLS_Data_Reader& reader, uint16_t extension_size);
393
394 private:
395 std::vector<Signature_Scheme> m_schemes;
396};
397
398/**
399* Signature_Algorithms_Cert for TLS 1.3 (RFC 8446)
400*
401* RFC 8446 4.2.3
402* TLS 1.3 provides two extensions for indicating which signature algorithms
403* may be used in digital signatures. The "signature_algorithms_cert"
404* extension applies to signatures in certificates, and the
405* "signature_algorithms" extension, which originally appeared in TLS 1.2,
406* applies to signatures in CertificateVerify messages.
407*
408* RFC 8446 4.2.3
409* TLS 1.2 implementations SHOULD also process this extension.
410*/
412 public:
414
415 Extension_Code type() const override { return static_type(); }
416
417 const std::vector<Signature_Scheme>& supported_schemes() const { return m_schemes; }
418
419 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
420
421 bool empty() const override { return m_schemes.empty(); }
422
423 explicit Signature_Algorithms_Cert(std::vector<Signature_Scheme> schemes) : m_schemes(std::move(schemes)) {}
424
425 Signature_Algorithms_Cert(TLS_Data_Reader& reader, uint16_t extension_size);
426
427 private:
428 std::vector<Signature_Scheme> m_schemes;
429};
430
431/**
432* Used to indicate SRTP algorithms for DTLS (RFC 5764)
433*/
435 public:
437
438 Extension_Code type() const override { return static_type(); }
439
440 const std::vector<uint16_t>& profiles() const { return m_pp; }
441
442 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
443
444 bool empty() const override { return m_pp.empty(); }
445
446 explicit SRTP_Protection_Profiles(const std::vector<uint16_t>& pp) : m_pp(pp) {}
447
448 explicit SRTP_Protection_Profiles(uint16_t pp) : m_pp(1, pp) {}
449
450 SRTP_Protection_Profiles(TLS_Data_Reader& reader, uint16_t extension_size);
451
452 private:
453 std::vector<uint16_t> m_pp;
454};
455
456/**
457* Extended Master Secret Extension (RFC 7627)
458*/
460 public:
462
463 Extension_Code type() const override { return static_type(); }
464
465 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
466
467 bool empty() const override { return false; }
468
470
471 Extended_Master_Secret(TLS_Data_Reader& reader, uint16_t extension_size);
472};
473
474/**
475* Encrypt-then-MAC Extension (RFC 7366)
476*/
478 public:
480
481 Extension_Code type() const override { return static_type(); }
482
483 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
484
485 bool empty() const override { return false; }
486
487 Encrypt_then_MAC() = default;
488
489 Encrypt_then_MAC(TLS_Data_Reader& reader, uint16_t extension_size);
490};
491
492class Certificate_Status_Request_Internal;
493
494/**
495* Certificate Status Request (RFC 6066)
496*/
497class BOTAN_UNSTABLE_API Certificate_Status_Request final : public Extension /* NOLINT(*-special-member-functions) */ {
498 public:
500
501 Extension_Code type() const override { return static_type(); }
502
503 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
504
505 bool empty() const override { return false; }
506
507 const std::vector<uint8_t>& get_responder_id_list() const;
508 const std::vector<uint8_t>& get_request_extensions() const;
509 const std::vector<uint8_t>& get_ocsp_response() const;
510
511 // TLS 1.2 Server generated version: empty
513
514 // TLS 1.2 Client version, both lists can be empty
515 Certificate_Status_Request(std::vector<uint8_t> ocsp_responder_ids,
516 std::vector<std::vector<uint8_t>> ocsp_key_ids);
517
518 // TLS 1.3 version
519 explicit Certificate_Status_Request(std::vector<uint8_t> response);
520
522 uint16_t extension_size,
523 Handshake_Type message_type,
524 Connection_Side from);
525
527
528 private:
529 std::unique_ptr<Certificate_Status_Request_Internal> m_impl;
530};
531
532/**
533* Supported Versions from RFC 8446
534*/
536 public:
538
539 Extension_Code type() const override { return static_type(); }
540
541 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
542
543 bool empty() const override { return m_versions.empty(); }
544
545 Supported_Versions(Protocol_Version version, const Policy& policy);
546
547 explicit Supported_Versions(Protocol_Version version) { m_versions.push_back(version); }
548
549 Supported_Versions(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from);
550
551 bool supports(Protocol_Version version) const;
552
553 const std::vector<Protocol_Version>& versions() const { return m_versions; }
554
555 private:
556 std::vector<Protocol_Version> m_versions;
557};
558
560
561/**
562* Record Size Limit (RFC 8449)
563*
564* TODO: the record size limit is currently not honored by the TLS 1.2 stack
565*/
567 public:
569
570 Extension_Code type() const override { return static_type(); }
571
572 explicit Record_Size_Limit(uint16_t limit);
573
574 Record_Size_Limit(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from);
575
576 uint16_t limit() const { return m_limit; }
577
578 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
579
580 bool empty() const override { return m_limit == 0; }
581
582 private:
583 uint16_t m_limit;
584};
585
586using Named_Group = Group_Params;
587
588#if defined(BOTAN_HAS_TLS_13)
589/**
590* Cookie from RFC 8446 4.2.2
591*/
592class BOTAN_UNSTABLE_API Cookie final : public Extension {
593 public:
595
596 Extension_Code type() const override { return static_type(); }
597
598 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
599
600 bool empty() const override { return m_cookie.empty(); }
601
602 const std::vector<uint8_t>& get_cookie() const { return m_cookie; }
603
604 explicit Cookie(const std::vector<uint8_t>& cookie);
605
606 explicit Cookie(TLS_Data_Reader& reader, uint16_t extension_size);
607
608 private:
609 std::vector<uint8_t> m_cookie;
610};
611
612/**
613* Pre-Shared Key Exchange Modes from RFC 8446 4.2.9
614*/
616 public:
618
619 Extension_Code type() const override { return static_type(); }
620
621 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
622
623 bool empty() const override { return m_modes.empty(); }
624
625 const std::vector<PSK_Key_Exchange_Mode>& modes() const { return m_modes; }
626
627 explicit PSK_Key_Exchange_Modes(std::vector<PSK_Key_Exchange_Mode> modes) : m_modes(std::move(modes)) {}
628
629 explicit PSK_Key_Exchange_Modes(TLS_Data_Reader& reader, uint16_t extension_size);
630
631 private:
632 std::vector<PSK_Key_Exchange_Mode> m_modes;
633};
634
635/**
636 * Certificate Authorities Extension from RFC 8446 4.2.4
637 */
639 public:
641
642 Extension_Code type() const override { return static_type(); }
643
644 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
645
646 bool empty() const override { return m_distinguished_names.empty(); }
647
648 const std::vector<X509_DN>& distinguished_names() const { return m_distinguished_names; }
649
650 Certificate_Authorities(TLS_Data_Reader& reader, uint16_t extension_size);
651 explicit Certificate_Authorities(std::vector<X509_DN> acceptable_DNs);
652
653 private:
654 std::vector<X509_DN> m_distinguished_names;
655};
656
657/**
658 * Pre-Shared Key extension from RFC 8446 4.2.11
659 */
660class BOTAN_UNSTABLE_API PSK final : public Extension /* NOLINT(*-special-member-functions) */ {
661 public:
663
664 Extension_Code type() const override { return static_type(); }
665
666 std::vector<uint8_t> serialize(Connection_Side side) const override;
667
668 /**
669 * Returns the PSK identity (in case of an externally provided PSK) and
670 * the cipher state representing the PSK selected by the server. Note that
671 * this destructs the list of offered PSKs and its cipher states and must
672 * therefore not be called more than once.
673 *
674 * @note Technically, PSKs used for resumption also carry an identity.
675 * Though, typically, this is an opaque value meaningful only to the
676 * peer and of no authorative value for the user. We therefore
677 * report the identity of externally provided PSKs only.
678 */
679 std::pair<std::optional<std::string>, std::unique_ptr<Cipher_State>> take_selected_psk_info(
680 const PSK& server_psk, const Ciphersuite& cipher);
681
682 /**
683 * Selects one of the offered PSKs that is compatible with \p cipher.
684 * @retval PSK extension object that can be added to the Server Hello response
685 * @retval std::nullptr if no PSK offered by the client is convenient
686 */
687 std::unique_ptr<PSK> select_offered_psk(std::string_view host,
688 const Ciphersuite& cipher,
689 Session_Manager& session_mgr,
690 Credentials_Manager& credentials_mgr,
691 Callbacks& callbacks,
692 const Policy& policy);
693
694 /**
695 * Remove PSK identities from the list in \p m_psk that are not compatible
696 * with the passed in \p cipher suite.
697 * This is useful to react to Hello Retry Requests. See RFC 8446 4.1.4.
698 */
699 void filter(const Ciphersuite& cipher);
700
701 /**
702 * Pulls the preshared key or the Session to resume from a PSK extension
703 * in Server Hello.
704 */
705 std::variant<Session, ExternalPSK> take_session_to_resume_or_psk();
706
707 bool empty() const override;
708
709 PSK(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type);
710
711 /**
712 * Creates a PSK extension with a TLS 1.3 session object containing a
713 * master_secret. Note that it will extract that secret from the session,
714 * and won't create a copy of it.
715 *
716 * @param session_to_resume the session to be resumed; note that the
717 * master secret will be taken away from the
718 * session object.
719 * @param psks a list of non-resumption PSKs that should be
720 * offered to the server
721 * @param callbacks the application's callbacks
722 */
723 PSK(std::optional<Session_with_Handle>& session_to_resume, std::vector<ExternalPSK> psks, Callbacks& callbacks);
724
725 ~PSK() override;
726
727 void calculate_binders(const Transcript_Hash_State& truncated_transcript_hash);
728 bool validate_binder(const PSK& server_psk, const std::vector<uint8_t>& binder) const;
729
730 // TODO: Implement pure PSK negotiation that is not used for session
731 // resumption.
732
733 private:
734 /**
735 * Creates a PSK extension that specifies the server's selection of an
736 * offered client PSK. The @p session_to_resume is kept internally
737 * and used later for the initialization of the Cipher_State object.
738 *
739 * Note: This constructor is called internally in PSK::select_offered_psk().
740 */
741 PSK(Session session_to_resume, uint16_t psk_index);
742
743 /**
744 * Creates a PSK extension that specifies the server's selection of an
745 * externally provided PSK offered by the client. The @p psk is kept
746 * internally and used later for the initialization of the Cipher_State object.
747 *
748 * Note: This constructor is called internally in PSK::select_offered_psk().
749 */
750 PSK(ExternalPSK psk, uint16_t psk_index);
751
752 private:
753 class PSK_Internal;
754 std::unique_ptr<PSK_Internal> m_impl;
755};
756
757/**
758* Key_Share from RFC 8446 4.2.8
759*/
760class BOTAN_UNSTABLE_API Key_Share final : public Extension /* NOLINT(*-special-member-functions) */ {
761 public:
763
764 Extension_Code type() const override { return static_type(); }
765
766 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
767
768 bool empty() const override;
769
770 /**
771 * Creates a Key_Share extension meant for the Server Hello that
772 * performs a key encapsulation with the selected public key from
773 * the client.
774 *
775 * @note This will retain the shared secret in the Key_Share extension
776 * until it is retrieved via take_shared_secret().
777 */
778 static std::unique_ptr<Key_Share> create_as_encapsulation(Group_Params selected_group,
779 const Key_Share& client_keyshare,
780 const Policy& policy,
781 Callbacks& cb,
783
784 /**
785 * Decapsulate the shared secret with the peer's key share. This method
786 * can be called on a ClientHello's Key_Share with a ServerHello's
787 * Key_Share.
788 *
789 * @note After the decapsulation the client's private key is destroyed.
790 * Multiple calls will result in an exception.
791 */
792 secure_vector<uint8_t> decapsulate(const Key_Share& server_keyshare,
793 const Policy& policy,
794 Callbacks& cb,
796
797 /**
798 * Update a ClientHello's Key_Share to comply with a HelloRetryRequest.
799 *
800 * This will create new Key_Share_Entries and should only be called on a ClientHello Key_Share with a HelloRetryRequest Key_Share.
801 */
802 void retry_offer(const Key_Share& retry_request_keyshare,
803 const std::vector<Named_Group>& supported_groups,
804 Callbacks& cb,
806
807 /**
808 * @return key exchange groups the peer offered key share entries for
809 */
810 std::vector<Named_Group> offered_groups() const;
811
812 /**
813 * @return key exchange group that was selected by a Hello Retry Request
814 */
815 Named_Group selected_group() const;
816
817 /**
818 * @returns the shared secret that was obtained by constructing this
819 * Key_Share object with the peer's.
820 *
821 * @note the shared secret value is std:move'd out. Multiple calls will
822 * result in an exception.
823 */
824 secure_vector<uint8_t> take_shared_secret();
825
826 Key_Share(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type);
827
828 // constructor used for ClientHello msg
829 Key_Share(const Policy& policy, Callbacks& cb, RandomNumberGenerator& rng);
830
831 // constructor used for HelloRetryRequest msg
832 explicit Key_Share(Named_Group selected_group);
833
834 // destructor implemented in .cpp to hide Key_Share_Impl
835 ~Key_Share() override;
836
837 private:
838 // constructor used for ServerHello
839 // (called via create_as_encapsulation())
841 const Key_Share& client_keyshare,
842 const Policy& policy,
843 Callbacks& cb,
845
846 private:
847 class Key_Share_Impl;
848 std::unique_ptr<Key_Share_Impl> m_impl;
849};
850
851/**
852 * Indicates usage or support of early data as described in RFC 8446 4.2.10.
853 */
855 public:
857
858 Extension_Code type() const override { return static_type(); }
859
860 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
861
862 bool empty() const override;
863
864 std::optional<uint32_t> max_early_data_size() const { return m_max_early_data_size; }
865
866 EarlyDataIndication(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type);
867
868 /**
869 * The max_early_data_size is exclusively provided by servers when using
870 * this extension in the NewSessionTicket message! Otherwise it stays
871 * std::nullopt and results in an empty extension. (RFC 8446 4.2.10).
872 */
873 explicit EarlyDataIndication(std::optional<uint32_t> max_early_data_size = std::nullopt) :
874 m_max_early_data_size(max_early_data_size) {}
875
876 private:
877 std::optional<uint32_t> m_max_early_data_size;
878};
879
880#endif
881
882/**
883* Unknown extensions are deserialized as this type
884*/
886 public:
887 Unknown_Extension(Extension_Code type, TLS_Data_Reader& reader, uint16_t extension_size);
888
889 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
890
891 const std::vector<uint8_t>& value() { return m_value; }
892
893 bool empty() const override { return false; }
894
895 Extension_Code type() const override { return m_type; }
896
897 bool is_implemented() const override { return false; }
898
899 private:
900 Extension_Code m_type;
901 std::vector<uint8_t> m_value;
902};
903
904/**
905* Represents a block of extensions in a hello message
906*/
908 public:
909 std::set<Extension_Code> extension_types() const;
910
911 const std::vector<std::unique_ptr<Extension>>& all() const { return m_extensions; }
912
913 template <typename T>
914 T* get() const {
915 return dynamic_cast<T*>(get(T::static_type()));
916 }
917
918 template <typename T>
919 bool has() const {
920 return get<T>() != nullptr;
921 }
922
923 bool has(Extension_Code type) const { return get(type) != nullptr; }
924
925 size_t size() const { return m_extensions.size(); }
926
927 bool empty() const { return m_extensions.empty(); }
928
929 void add(std::unique_ptr<Extension> extn);
930
931 void add(Extension* extn) { add(std::unique_ptr<Extension>(extn)); }
932
933 Extension* get(Extension_Code type) const;
934
935 std::vector<uint8_t> serialize(Connection_Side whoami) const;
936
937 void deserialize(TLS_Data_Reader& reader, Connection_Side from, Handshake_Type message_type);
938
939 /**
940 * @param allowed_extensions extension types that are allowed
941 * @param allow_unknown_extensions if true, ignores unrecognized extensions
942 * @returns true if this contains any extensions that are not contained in @p allowed_extensions.
943 */
944 bool contains_other_than(const std::set<Extension_Code>& allowed_extensions,
945 bool allow_unknown_extensions = false) const;
946
947 /**
948 * @param allowed_extensions extension types that are allowed
949 * @returns true if this contains any extensions implemented by Botan that
950 * are not contained in @p allowed_extensions.
951 */
952 bool contains_implemented_extensions_other_than(const std::set<Extension_Code>& allowed_extensions) const {
953 return contains_other_than(allowed_extensions, true);
954 }
955
956 /**
957 * Take the extension with the given type out of the extensions list.
958 * Returns a nullptr if the extension didn't exist.
959 */
960 template <typename T>
961 decltype(auto) take() {
962 std::unique_ptr<T> out_ptr;
963
964 auto ext = take(T::static_type());
965 if(ext != nullptr) {
966 out_ptr.reset(dynamic_cast<T*>(ext.get()));
967 BOTAN_ASSERT_NOMSG(out_ptr != nullptr);
968 ext.release();
969 }
970
971 return out_ptr;
972 }
973
974 /**
975 * Take the extension with the given type out of the extensions list.
976 * Returns a nullptr if the extension didn't exist.
977 */
978 std::unique_ptr<Extension> take(Extension_Code type);
979
980 /**
981 * Remove an extension from this extensions object, if it exists.
982 * Returns true if the extension existed (and thus is now removed),
983 * otherwise false (the extension wasn't set in the first place).
984 *
985 * Note: not used internally, might be used in Callbacks::tls_modify_extensions()
986 */
987 bool remove_extension(Extension_Code type) { return take(type) != nullptr; }
988
989 Extensions() = default;
990 Extensions(const Extensions&) = delete;
991 Extensions& operator=(const Extensions&) = delete;
992 Extensions(Extensions&&) = default;
995
997 deserialize(reader, side, message_type);
998 }
999
1000 private:
1001 std::vector<std::unique_ptr<Extension>> m_extensions;
1002};
1003
1004} // namespace TLS
1005
1006} // namespace Botan
1007
1008#endif
#define BOTAN_UNSTABLE_API
Definition api.h:34
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Application_Layer_Protocol_Notification(std::string_view protocol)
const std::vector< std::string > & protocols() const
Application_Layer_Protocol_Notification(const std::vector< std::string > &protocols)
static Extension_Code static_type()
Certificate_Authorities(TLS_Data_Reader &reader, uint16_t extension_size)
Extension_Code type() const override
const std::vector< X509_DN > & distinguished_names() const
const std::vector< uint8_t > & get_request_extensions() const
const std::vector< uint8_t > & get_responder_id_list() const
const std::vector< uint8_t > & get_ocsp_response() const
Extension_Code type() const override
Certificate_Type selected_certificate_type() const
Certificate_Type_Base(std::vector< Certificate_Type > supported_cert_types)
void validate_selection(const Certificate_Type_Base &from_server) const
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Extension_Code type() const override
Client_Certificate_Type(const Client_Certificate_Type &cct, const Policy &policy)
Certificate_Type_Base(std::vector< Certificate_Type > supported_cert_types)
static Extension_Code static_type()
bool empty() const override
const std::vector< uint8_t > & get_cookie() const
Cookie(const std::vector< uint8_t > &cookie)
static Extension_Code static_type()
Extension_Code type() const override
std::optional< uint32_t > max_early_data_size() const
EarlyDataIndication(std::optional< uint32_t > max_early_data_size=std::nullopt)
Extension_Code type() const override
static Extension_Code static_type()
EarlyDataIndication(TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type)
Extension_Code type() const override
static Extension_Code static_type()
bool empty() const override
static Extension_Code static_type()
Extension_Code type() const override
virtual std::vector< uint8_t > serialize(Connection_Side whoami) const =0
virtual bool is_implemented() const
virtual Extension_Code type() const =0
virtual bool empty() const =0
virtual ~Extension()=default
Extensions(Extensions &&)=default
void add(Extension *extn)
bool contains_implemented_extensions_other_than(const std::set< Extension_Code > &allowed_extensions) const
Extensions & operator=(const Extensions &)=delete
Extensions(const Extensions &)=delete
void deserialize(TLS_Data_Reader &reader, Connection_Side from, Handshake_Type message_type)
Extensions(TLS_Data_Reader &reader, Connection_Side side, Handshake_Type message_type)
decltype(auto) take()
Extensions & operator=(Extensions &&)=default
bool remove_extension(Extension_Code type)
std::set< Extension_Code > extension_types() const
bool has(Extension_Code type) const
const std::vector< std::unique_ptr< Extension > > & all() const
bool contains_other_than(const std::set< Extension_Code > &allowed_extensions, bool allow_unknown_extensions=false) const
static Extension_Code static_type()
Key_Share(TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type)
Extension_Code type() const override
Extension_Code type() const override
static Extension_Code static_type()
const std::vector< PSK_Key_Exchange_Mode > & modes() const
PSK_Key_Exchange_Modes(std::vector< PSK_Key_Exchange_Mode > modes)
Extension_Code type() const override
bool validate_binder(const PSK &server_psk, const std::vector< uint8_t > &binder) const
void calculate_binders(const Transcript_Hash_State &truncated_transcript_hash)
~PSK() override
static Extension_Code static_type()
PSK(TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type)
Extension_Code type() const override
static Extension_Code static_type()
bool empty() const override
static Extension_Code static_type()
Renegotiation_Extension(const std::vector< uint8_t > &bits)
Extension_Code type() const override
const std::vector< uint8_t > & renegotiation_info() const
Extension_Code type() const override
SRTP_Protection_Profiles(const std::vector< uint16_t > &pp)
const std::vector< uint16_t > & profiles() const
static Extension_Code static_type()
static Extension_Code static_type()
Server_Certificate_Type(const Server_Certificate_Type &sct, const Policy &policy)
Certificate_Type_Base(std::vector< Certificate_Type > supported_cert_types)
Extension_Code type() const override
static Extension_Code static_type()
Extension_Code type() const override
Server_Name_Indicator(std::string_view host_name)
static Extension_Code static_type()
Extension_Code type() const override
Session_Ticket_Extension(Session_Ticket session_ticket)
std::vector< uint8_t > serialize(Connection_Side) const override
const Session_Ticket & contents() const
Signature_Algorithms_Cert(std::vector< Signature_Scheme > schemes)
const std::vector< Signature_Scheme > & supported_schemes() const
Extension_Code type() const override
Signature_Algorithms(std::vector< Signature_Scheme > schemes)
const std::vector< Signature_Scheme > & supported_schemes() const
static Extension_Code static_type()
Extension_Code type() const override
bool empty() const override
Supported_Groups(const std::vector< Group_Params > &groups)
Extension_Code type() const override
static Extension_Code static_type()
Supported_Point_Formats(bool prefer_compressed)
Extension_Code type() const override
static Extension_Code static_type()
static Extension_Code static_type()
Supported_Versions(Protocol_Version version, const Policy &policy)
const std::vector< Protocol_Version > & versions() const
bool empty() const override
Supported_Versions(Protocol_Version version)
Extension_Code type() const override
bool empty() const override
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Unknown_Extension(Extension_Code type, TLS_Data_Reader &reader, uint16_t extension_size)
const std::vector< uint8_t > & value()
bool is_implemented() const override
Extension_Code type() const override
std::string certificate_type_to_string(Certificate_Type type)
Group_Params Named_Group
Certificate_Type certificate_type_from_string(const std::string &type_str)
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
Definition tls_session.h:34
constexpr auto out_ptr(T &outptr) noexcept
Definition stl_util.h:415
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69