13#ifndef BOTAN_TLS_EXTENSIONS_H_
14#define BOTAN_TLS_EXTENSIONS_H_
16#include <botan/credentials_manager.h>
17#include <botan/pkix_types.h>
18#include <botan/secmem.h>
19#include <botan/tls_algos.h>
20#include <botan/tls_magic.h>
21#include <botan/tls_session.h>
22#include <botan/tls_signature_scheme.h>
23#include <botan/tls_version.h>
39#if defined(BOTAN_HAS_TLS_13)
77#if defined(BOTAN_HAS_TLS_13)
133 std::string
host_name()
const {
return m_sni_host_name; }
137 bool empty()
const override {
return false; }
140 std::string m_sni_host_name;
162 bool empty()
const override {
return false; }
165 std::vector<uint8_t> m_reneg_data;
177 const std::vector<std::string>&
protocols()
const {
return m_protocols; }
179 std::string single_protocol()
const;
185 m_protocols(1, std::string(protocol)) {}
197 bool empty()
const override {
return m_protocols.empty(); }
200 std::vector<std::string> m_protocols;
225 const std::vector<Certificate_Type>& server_preference);
245 std::vector<Certificate_Type> m_certificate_types;
308 bool empty()
const override {
return false; }
323 const std::vector<Group_Params>& groups()
const;
326 std::vector<Group_Params> ec_groups()
const;
329 std::vector<Group_Params> dh_groups()
const;
337 bool empty()
const override {
return m_groups.empty(); }
340 std::vector<Group_Params> m_groups;
367 bool empty()
const override {
return false; }
372 bool m_prefers_compressed =
false;
388 bool empty()
const override {
return m_schemes.empty(); }
395 std::vector<Signature_Scheme> m_schemes;
421 bool empty()
const override {
return m_schemes.empty(); }
428 std::vector<Signature_Scheme> m_schemes;
440 const std::vector<uint16_t>&
profiles()
const {
return m_pp; }
444 bool empty()
const override {
return m_pp.empty(); }
453 std::vector<uint16_t> m_pp;
467 bool empty()
const override {
return false; }
485 bool empty()
const override {
return false; }
492class Certificate_Status_Request_Internal;
505 bool empty()
const override {
return false; }
516 std::vector<std::vector<uint8_t>> ocsp_key_ids);
522 uint16_t extension_size,
529 std::unique_ptr<Certificate_Status_Request_Internal> m_impl;
543 bool empty()
const override {
return m_versions.empty(); }
553 const std::vector<Protocol_Version>&
versions()
const {
return m_versions; }
556 std::vector<Protocol_Version> m_versions;
576 uint16_t
limit()
const {
return m_limit; }
580 bool empty()
const override {
return m_limit == 0; }
588#if defined(BOTAN_HAS_TLS_13)
600 bool empty()
const override {
return m_cookie.empty(); }
602 const std::vector<uint8_t>&
get_cookie()
const {
return m_cookie; }
604 explicit Cookie(
const std::vector<uint8_t>& cookie);
609 std::vector<uint8_t> m_cookie;
623 bool empty()
const override {
return m_modes.empty(); }
625 const std::vector<PSK_Key_Exchange_Mode>&
modes()
const {
return m_modes; }
632 std::vector<PSK_Key_Exchange_Mode> m_modes;
646 bool empty()
const override {
return m_distinguished_names.empty(); }
654 std::vector<X509_DN> m_distinguished_names;
679 std::pair<std::optional<std::string>, std::unique_ptr<Cipher_State>> take_selected_psk_info(
687 std::unique_ptr<PSK> select_offered_psk(std::string_view host,
705 std::variant<Session, ExternalPSK> take_session_to_resume_or_psk();
707 bool empty()
const override;
723 PSK(std::optional<Session_with_Handle>& session_to_resume, std::vector<ExternalPSK> psks,
Callbacks& callbacks);
728 bool validate_binder(
const PSK& server_psk,
const std::vector<uint8_t>& binder)
const;
741 PSK(
Session session_to_resume, uint16_t psk_index);
754 std::unique_ptr<PSK_Internal> m_impl;
768 bool empty()
const override;
778 static std::unique_ptr<Key_Share> create_as_encapsulation(
Group_Params selected_group,
802 void retry_offer(
const Key_Share& retry_request_keyshare,
803 const std::vector<Named_Group>& supported_groups,
810 std::vector<Named_Group> offered_groups()
const;
847 class Key_Share_Impl;
848 std::unique_ptr<Key_Share_Impl> m_impl;
862 bool empty()
const override;
877 std::optional<uint32_t> m_max_early_data_size;
891 const std::vector<uint8_t>&
value() {
return m_value; }
893 bool empty()
const override {
return false; }
901 std::vector<uint8_t> m_value;
911 const std::vector<std::unique_ptr<Extension>>&
all()
const {
return m_extensions; }
913 template <
typename T>
915 return dynamic_cast<T*
>(
get(T::static_type()));
918 template <
typename T>
920 return get<T>() !=
nullptr;
925 size_t size()
const {
return m_extensions.size(); }
927 bool empty()
const {
return m_extensions.empty(); }
929 void add(std::unique_ptr<Extension> extn);
944 bool contains_other_than(
const std::set<Extension_Code>& allowed_extensions,
945 bool allow_unknown_extensions =
false)
const;
960 template <
typename T>
964 auto ext =
take(T::static_type());
966 out_ptr.reset(
dynamic_cast<T*
>(ext.get()));
1001 std::vector<std::unique_ptr<Extension>> m_extensions;
#define BOTAN_UNSTABLE_API
#define BOTAN_ASSERT_NOMSG(expr)
Application_Layer_Protocol_Notification(std::string_view protocol)
const std::vector< std::string > & protocols() const
Application_Layer_Protocol_Notification(const std::vector< std::string > &protocols)
Extension_Code type() const override
bool empty() const override
static Extension_Code static_type()
static Extension_Code static_type()
Certificate_Authorities(TLS_Data_Reader &reader, uint16_t extension_size)
Extension_Code type() const override
bool empty() const override
const std::vector< X509_DN > & distinguished_names() const
const std::vector< uint8_t > & get_request_extensions() const
~Certificate_Status_Request() override
const std::vector< uint8_t > & get_responder_id_list() const
Certificate_Status_Request()
static Extension_Code static_type()
const std::vector< uint8_t > & get_ocsp_response() const
Extension_Code type() const override
bool empty() const override
bool empty() const override
Certificate_Type selected_certificate_type() const
Certificate_Type_Base(std::vector< Certificate_Type > supported_cert_types)
void validate_selection(const Certificate_Type_Base &from_server) const
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Extension_Code type() const override
Client_Certificate_Type(const Client_Certificate_Type &cct, const Policy &policy)
Certificate_Type_Base(std::vector< Certificate_Type > supported_cert_types)
static Extension_Code static_type()
bool empty() const override
const std::vector< uint8_t > & get_cookie() const
Cookie(const std::vector< uint8_t > &cookie)
static Extension_Code static_type()
Extension_Code type() const override
std::optional< uint32_t > max_early_data_size() const
EarlyDataIndication(std::optional< uint32_t > max_early_data_size=std::nullopt)
Extension_Code type() const override
static Extension_Code static_type()
EarlyDataIndication(TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type)
Extension_Code type() const override
Encrypt_then_MAC()=default
static Extension_Code static_type()
bool empty() const override
static Extension_Code static_type()
Extension_Code type() const override
Extended_Master_Secret()=default
bool empty() const override
virtual std::vector< uint8_t > serialize(Connection_Side whoami) const =0
virtual bool is_implemented() const
virtual Extension_Code type() const =0
virtual bool empty() const =0
virtual ~Extension()=default
Extensions(Extensions &&)=default
void add(Extension *extn)
bool contains_implemented_extensions_other_than(const std::set< Extension_Code > &allowed_extensions) const
Extensions & operator=(const Extensions &)=delete
Extensions(const Extensions &)=delete
void deserialize(TLS_Data_Reader &reader, Connection_Side from, Handshake_Type message_type)
Extensions(TLS_Data_Reader &reader, Connection_Side side, Handshake_Type message_type)
Extensions & operator=(Extensions &&)=default
bool remove_extension(Extension_Code type)
std::set< Extension_Code > extension_types() const
bool has(Extension_Code type) const
const std::vector< std::unique_ptr< Extension > > & all() const
bool contains_other_than(const std::set< Extension_Code > &allowed_extensions, bool allow_unknown_extensions=false) const
Named_Group selected_group() const
static Extension_Code static_type()
Key_Share(TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type)
Extension_Code type() const override
Extension_Code type() const override
static Extension_Code static_type()
const std::vector< PSK_Key_Exchange_Mode > & modes() const
PSK_Key_Exchange_Modes(std::vector< PSK_Key_Exchange_Mode > modes)
bool empty() const override
Extension_Code type() const override
bool validate_binder(const PSK &server_psk, const std::vector< uint8_t > &binder) const
void calculate_binders(const Transcript_Hash_State &truncated_transcript_hash)
static Extension_Code static_type()
PSK(TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type)
Record_Size_Limit(uint16_t limit)
Extension_Code type() const override
static Extension_Code static_type()
bool empty() const override
static Extension_Code static_type()
Renegotiation_Extension(const std::vector< uint8_t > &bits)
bool empty() const override
Extension_Code type() const override
Renegotiation_Extension()=default
const std::vector< uint8_t > & renegotiation_info() const
Extension_Code type() const override
SRTP_Protection_Profiles(uint16_t pp)
bool empty() const override
SRTP_Protection_Profiles(const std::vector< uint16_t > &pp)
const std::vector< uint16_t > & profiles() const
static Extension_Code static_type()
static Extension_Code static_type()
Server_Certificate_Type(const Server_Certificate_Type &sct, const Policy &policy)
Certificate_Type_Base(std::vector< Certificate_Type > supported_cert_types)
Extension_Code type() const override
static Extension_Code static_type()
Extension_Code type() const override
std::string host_name() const
bool empty() const override
Server_Name_Indicator(std::string_view host_name)
Session_Ticket_Extension()=default
static Extension_Code static_type()
Extension_Code type() const override
Session_Ticket_Extension(Session_Ticket session_ticket)
std::vector< uint8_t > serialize(Connection_Side) const override
bool empty() const override
const Session_Ticket & contents() const
static Extension_Code static_type()
bool empty() const override
Signature_Algorithms_Cert(std::vector< Signature_Scheme > schemes)
const std::vector< Signature_Scheme > & supported_schemes() const
Extension_Code type() const override
Signature_Algorithms(std::vector< Signature_Scheme > schemes)
const std::vector< Signature_Scheme > & supported_schemes() const
bool empty() const override
static Extension_Code static_type()
Extension_Code type() const override
bool empty() const override
Supported_Groups(const std::vector< Group_Params > &groups)
Extension_Code type() const override
static Extension_Code static_type()
static Extension_Code static_type()
Supported_Versions(Protocol_Version version, const Policy &policy)
const std::vector< Protocol_Version > & versions() const
bool empty() const override
Supported_Versions(Protocol_Version version)
Extension_Code type() const override
bool empty() const override
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Unknown_Extension(Extension_Code type, TLS_Data_Reader &reader, uint16_t extension_size)
const std::vector< uint8_t > & value()
bool is_implemented() const override
Extension_Code type() const override
std::string certificate_type_to_string(Certificate_Type type)
@ CertSignatureAlgorithms
@ ApplicationLayerProtocolNegotiation
@ CertificateStatusRequest
Certificate_Type certificate_type_from_string(const std::string &type_str)
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
constexpr auto out_ptr(T &outptr) noexcept
std::vector< T, secure_allocator< T > > secure_vector