Botan 3.0.0
Crypto and TLS for C&
tls_extensions.h
Go to the documentation of this file.
1/*
2* TLS Extensions
3* (C) 2011,2012,2016,2018,2019 Jack Lloyd
4* (C) 2016 Juraj Somorovsky
5* (C) 2016 Matthias Gierlings
6* (C) 2021 Elektrobit Automotive GmbH
7* (C) 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
8*
9* Botan is released under the Simplified BSD License (see license.txt)
10*/
11
12#ifndef BOTAN_TLS_EXTENSIONS_H_
13#define BOTAN_TLS_EXTENSIONS_H_
14
15#include <botan/tls_algos.h>
16#include <botan/tls_magic.h>
17#include <botan/tls_version.h>
18#include <botan/secmem.h>
19#include <botan/pkix_types.h>
20#include <botan/tls_signature_scheme.h>
21#include <botan/tls_session.h>
22
23#include <algorithm>
24#include <optional>
25#include <variant>
26#include <vector>
27#include <string>
28#include <set>
29#include <memory>
30
31namespace Botan {
32
33class RandomNumberGenerator;
34
35namespace TLS {
36
37#if defined(BOTAN_HAS_TLS_13)
38class Callbacks;
39class Session_Manager;
40class Cipher_State;
41class Ciphersuite;
42class Transcript_Hash_State;
43
44enum class PSK_Key_Exchange_Mode : uint8_t {
45 PSK_KE = 0,
46 PSK_DHE_KE = 1
47};
48
49#endif
50class Policy;
51class TLS_Data_Reader;
52
53enum class Extension_Code : uint16_t {
54 ServerNameIndication = 0,
55 CertificateStatusRequest = 5,
56
57 SupportedGroups = 10,
58 EcPointFormats = 11,
59 SignatureAlgorithms = 13,
60 CertSignatureAlgorithms = 50,
61 UseSrtp = 14,
62 ApplicationLayerProtocolNegotiation = 16,
63
64 // SignedCertificateTimestamp = 18, // NYI
65
66 EncryptThenMac = 22,
67 ExtendedMasterSecret = 23,
68
69 RecordSizeLimit = 28,
70
71 SessionTicket = 35,
72
73 SupportedVersions = 43,
74#if defined(BOTAN_HAS_TLS_13)
75 PresharedKey = 41,
76 EarlyData = 42,
77 Cookie = 44,
78
79 PskKeyExchangeModes = 45,
80 CertificateAuthorities = 47,
81 // OidFilters = 48, // NYI
82
83 KeyShare = 51,
84#endif
85
86 SafeRenegotiation = 65281,
87};
88
89/**
90* Base class representing a TLS extension of some kind
91*/
92class BOTAN_UNSTABLE_API Extension
93 {
94 public:
95 /**
96 * @return code number of the extension
97 */
98 virtual Extension_Code type() const = 0;
99
100 /**
101 * @return serialized binary for the extension
102 */
103 virtual std::vector<uint8_t> serialize(Connection_Side whoami) const = 0;
104
105 /**
106 * @return if we should encode this extension or not
107 */
108 virtual bool empty() const = 0;
109
110 /**
111 * @return true if this extension is known and implemented by Botan
112 */
113 virtual bool is_implemented() const { return true; }
114
115 virtual ~Extension() = default;
116 };
117
118/**
119* Server Name Indicator extension (RFC 3546)
120*/
121class BOTAN_UNSTABLE_API Server_Name_Indicator final : public Extension
122 {
123 public:
124 static Extension_Code static_type()
125 { return Extension_Code::ServerNameIndication; }
126
127 Extension_Code type() const override { return static_type(); }
128
129 explicit Server_Name_Indicator(std::string_view host_name) :
130 m_sni_host_name(host_name) {}
131
132 Server_Name_Indicator(TLS_Data_Reader& reader,
133 uint16_t extension_size);
134
135 std::string host_name() const { return m_sni_host_name; }
136
137 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
138
139 bool empty() const override { return false; }
140
141 private:
142 std::string m_sni_host_name;
143 };
144
145/**
146* Renegotiation Indication Extension (RFC 5746)
147*/
148class BOTAN_UNSTABLE_API Renegotiation_Extension final : public Extension
149 {
150 public:
151 static Extension_Code static_type()
152 { return Extension_Code::SafeRenegotiation; }
153
154 Extension_Code type() const override { return static_type(); }
155
156 Renegotiation_Extension() = default;
157
158 explicit Renegotiation_Extension(const std::vector<uint8_t>& bits) :
159 m_reneg_data(bits) {}
160
161 Renegotiation_Extension(TLS_Data_Reader& reader,
162 uint16_t extension_size);
163
164 const std::vector<uint8_t>& renegotiation_info() const
165 { return m_reneg_data; }
166
167 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
168
169 bool empty() const override { return false; } // always send this
170 private:
171 std::vector<uint8_t> m_reneg_data;
172 };
173
174/**
175* ALPN (RFC 7301)
176*/
177class BOTAN_UNSTABLE_API Application_Layer_Protocol_Notification final : public Extension
178 {
179 public:
180 static Extension_Code static_type()
181 { return Extension_Code::ApplicationLayerProtocolNegotiation; }
182
183 Extension_Code type() const override { return static_type(); }
184
185 const std::vector<std::string>& protocols() const { return m_protocols; }
186
187 std::string single_protocol() const;
188
189 /**
190 * Single protocol, used by server
191 */
192 explicit Application_Layer_Protocol_Notification(std::string_view protocol) :
193 m_protocols(1, std::string(protocol)) {}
194
195 /**
196 * List of protocols, used by client
197 */
198 explicit Application_Layer_Protocol_Notification(const std::vector<std::string>& protocols) :
199 m_protocols(protocols) {}
200
201 Application_Layer_Protocol_Notification(TLS_Data_Reader& reader,
202 uint16_t extension_size,
203 Connection_Side from);
204
205 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
206
207 bool empty() const override { return m_protocols.empty(); }
208 private:
209 std::vector<std::string> m_protocols;
210 };
211
212/**
213* Session Ticket Extension (RFC 5077)
214*/
215class BOTAN_UNSTABLE_API Session_Ticket_Extension final : public Extension
216 {
217 public:
218 static Extension_Code static_type()
219 { return Extension_Code::SessionTicket; }
220
221 Extension_Code type() const override { return static_type(); }
222
223 /**
224 * @return contents of the session ticket
225 */
226 const Session_Ticket& contents() const { return m_ticket; }
227
228 /**
229 * Create empty extension, used by both client and server
230 */
231 Session_Ticket_Extension() = default;
232
233 /**
234 * Extension with ticket, used by client
235 */
236 explicit Session_Ticket_Extension(Session_Ticket session_ticket) :
237 m_ticket(std::move(session_ticket)) {}
238
239 /**
240 * Deserialize a session ticket
241 */
242 Session_Ticket_Extension(TLS_Data_Reader& reader, uint16_t extension_size);
243
244 std::vector<uint8_t> serialize(Connection_Side) const override { return m_ticket.get(); }
245
246 bool empty() const override { return false; }
247 private:
248 Session_Ticket m_ticket;
249 };
250
251
252/**
253* Supported Groups Extension (RFC 7919)
254*/
255class BOTAN_UNSTABLE_API Supported_Groups final : public Extension
256 {
257 public:
258 static Extension_Code static_type()
259 { return Extension_Code::SupportedGroups; }
260
261 Extension_Code type() const override { return static_type(); }
262
263 const std::vector<Group_Params>& groups() const;
264 std::vector<Group_Params> ec_groups() const;
265 std::vector<Group_Params> dh_groups() const;
266
267 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
268
269 explicit Supported_Groups(const std::vector<Group_Params>& groups);
270
271 Supported_Groups(TLS_Data_Reader& reader,
272 uint16_t extension_size);
273
274 bool empty() const override { return m_groups.empty(); }
275 private:
276 std::vector<Group_Params> m_groups;
277 };
278
279// previously Supported Elliptic Curves Extension (RFC 4492)
280//using Supported_Elliptic_Curves = Supported_Groups;
281
282/**
283* Supported Point Formats Extension (RFC 4492)
284*/
285class BOTAN_UNSTABLE_API Supported_Point_Formats final : public Extension
286 {
287 public:
288 enum ECPointFormat : uint8_t {
289 UNCOMPRESSED = 0,
290 ANSIX962_COMPRESSED_PRIME = 1,
291 ANSIX962_COMPRESSED_CHAR2 = 2, // don't support these curves
292 };
293
294 static Extension_Code static_type()
295 { return Extension_Code::EcPointFormats; }
296
297 Extension_Code type() const override { return static_type(); }
298
299 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
300
301 explicit Supported_Point_Formats(bool prefer_compressed) :
302 m_prefers_compressed(prefer_compressed) {}
303
304 Supported_Point_Formats(TLS_Data_Reader& reader,
305 uint16_t extension_size);
306
307 bool empty() const override { return false; }
308
309 bool prefers_compressed() { return m_prefers_compressed; }
310
311 private:
312 bool m_prefers_compressed = false;
313 };
314
315/**
316* Signature Algorithms Extension for TLS 1.2 (RFC 5246)
317*/
318class BOTAN_UNSTABLE_API Signature_Algorithms final : public Extension
319 {
320 public:
321 static Extension_Code static_type()
322 { return Extension_Code::SignatureAlgorithms; }
323
324 Extension_Code type() const override { return static_type(); }
325
326 const std::vector<Signature_Scheme>& supported_schemes() const { return m_schemes; }
327
328 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
329
330 bool empty() const override { return m_schemes.empty(); }
331
332 explicit Signature_Algorithms(std::vector<Signature_Scheme> schemes) :
333 m_schemes(std::move(schemes)) {}
334
335 Signature_Algorithms(TLS_Data_Reader& reader,
336 uint16_t extension_size);
337 private:
338 std::vector<Signature_Scheme> m_schemes;
339 };
340
341/**
342* Signature_Algorithms_Cert for TLS 1.3 (RFC 8446)
343*
344* RFC 8446 4.2.3
345* TLS 1.3 provides two extensions for indicating which signature algorithms
346* may be used in digital signatures. The "signature_algorithms_cert"
347* extension applies to signatures in certificates, and the
348* "signature_algorithms" extension, which originally appeared in TLS 1.2,
349* applies to signatures in CertificateVerify messages.
350*
351* RFC 8446 4.2.3
352* TLS 1.2 implementations SHOULD also process this extension.
353*/
354class BOTAN_UNSTABLE_API Signature_Algorithms_Cert final : public Extension
355 {
356 public:
357 static Extension_Code static_type()
358 { return Extension_Code::CertSignatureAlgorithms; }
359
360 Extension_Code type() const override { return static_type(); }
361
362 const std::vector<Signature_Scheme>& supported_schemes() const { return m_schemes; }
363
364 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
365
366 bool empty() const override { return m_schemes.empty(); }
367
368 explicit Signature_Algorithms_Cert(std::vector<Signature_Scheme> schemes)
369 : m_schemes(std::move(schemes)) {}
370
371 Signature_Algorithms_Cert(TLS_Data_Reader& reader, uint16_t extension_size);
372
373 private:
374 std::vector<Signature_Scheme> m_schemes;
375 };
376
377/**
378* Used to indicate SRTP algorithms for DTLS (RFC 5764)
379*/
380class BOTAN_UNSTABLE_API SRTP_Protection_Profiles final : public Extension
381 {
382 public:
383 static Extension_Code static_type()
384 { return Extension_Code::UseSrtp; }
385
386 Extension_Code type() const override { return static_type(); }
387
388 const std::vector<uint16_t>& profiles() const { return m_pp; }
389
390 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
391
392 bool empty() const override { return m_pp.empty(); }
393
394 explicit SRTP_Protection_Profiles(const std::vector<uint16_t>& pp) : m_pp(pp) {}
395
396 explicit SRTP_Protection_Profiles(uint16_t pp) : m_pp(1, pp) {}
397
398 SRTP_Protection_Profiles(TLS_Data_Reader& reader, uint16_t extension_size);
399 private:
400 std::vector<uint16_t> m_pp;
401 };
402
403/**
404* Extended Master Secret Extension (RFC 7627)
405*/
406class BOTAN_UNSTABLE_API Extended_Master_Secret final : public Extension
407 {
408 public:
409 static Extension_Code static_type()
410 { return Extension_Code::ExtendedMasterSecret; }
411
412 Extension_Code type() const override { return static_type(); }
413
414 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
415
416 bool empty() const override { return false; }
417
418 Extended_Master_Secret() = default;
419
420 Extended_Master_Secret(TLS_Data_Reader& reader, uint16_t extension_size);
421 };
422
423/**
424* Encrypt-then-MAC Extension (RFC 7366)
425*/
426class BOTAN_UNSTABLE_API Encrypt_then_MAC final : public Extension
427 {
428 public:
429 static Extension_Code static_type()
430 { return Extension_Code::EncryptThenMac; }
431
432 Extension_Code type() const override { return static_type(); }
433
434 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
435
436 bool empty() const override { return false; }
437
438 Encrypt_then_MAC() = default;
439
440 Encrypt_then_MAC(TLS_Data_Reader& reader, uint16_t extension_size);
441 };
442
443class Certificate_Status_Request_Internal;
444
445/**
446* Certificate Status Request (RFC 6066)
447*/
448class BOTAN_UNSTABLE_API Certificate_Status_Request final : public Extension
449 {
450 public:
451 static Extension_Code static_type()
452 { return Extension_Code::CertificateStatusRequest; }
453
454 Extension_Code type() const override { return static_type(); }
455
456 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
457
458 bool empty() const override { return false; }
459
460 const std::vector<uint8_t>& get_responder_id_list() const;
461 const std::vector<uint8_t>& get_request_extensions() const;
462 const std::vector<uint8_t>& get_ocsp_response() const;
463
464 // TLS 1.2 Server generated version: empty
465 Certificate_Status_Request();
466
467 // TLS 1.2 Client version, both lists can be empty
468 Certificate_Status_Request(std::vector<uint8_t> ocsp_responder_ids,
469 std::vector<std::vector<uint8_t>> ocsp_key_ids);
470
471 // TLS 1.3 version
472 Certificate_Status_Request(std::vector<uint8_t> response);
473
474 Certificate_Status_Request(TLS_Data_Reader& reader,
475 uint16_t extension_size,
476 Handshake_Type message_type,
477 Connection_Side from);
478
479 ~Certificate_Status_Request() override;
480
481 private:
482 std::unique_ptr<Certificate_Status_Request_Internal> m_impl;
483 };
484
485/**
486* Supported Versions from RFC 8446
487*/
488class BOTAN_UNSTABLE_API Supported_Versions final : public Extension
489 {
490 public:
491 static Extension_Code static_type()
492 { return Extension_Code::SupportedVersions; }
493
494 Extension_Code type() const override { return static_type(); }
495
496 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
497
498 bool empty() const override { return m_versions.empty(); }
499
500 Supported_Versions(Protocol_Version version, const Policy& policy);
501
502 Supported_Versions(Protocol_Version version)
503 {
504 m_versions.push_back(version);
505 }
506
507 Supported_Versions(TLS_Data_Reader& reader,
508 uint16_t extension_size,
509 Connection_Side from);
510
511 bool supports(Protocol_Version version) const;
512
513 const std::vector<Protocol_Version>& versions() const { return m_versions; }
514 private:
515 std::vector<Protocol_Version> m_versions;
516 };
517
518using Named_Group = Group_Params;
519
520/**
521* Record Size Limit (RFC 8449)
522*
523* TODO: the record size limit is currently not honored by the TLS 1.2 stack
524*/
525class BOTAN_UNSTABLE_API Record_Size_Limit final : public Extension
526 {
527 public:
528 static Extension_Code static_type()
529 { return Extension_Code::RecordSizeLimit; }
530
531 Extension_Code type() const override { return static_type(); }
532
533 explicit Record_Size_Limit(const uint16_t limit);
534
535 Record_Size_Limit(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from);
536
537 uint16_t limit() const { return m_limit; }
538
539 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
540
541 bool empty() const override { return m_limit == 0; }
542
543 private:
544 uint16_t m_limit;
545 };
546
547using Named_Group = Group_Params;
548
549#if defined(BOTAN_HAS_TLS_13)
550/**
551* Cookie from RFC 8446 4.2.2
552*/
553class BOTAN_UNSTABLE_API Cookie final : public Extension
554 {
555 public:
556 static Extension_Code static_type()
557 { return Extension_Code::Cookie; }
558
559 Extension_Code type() const override { return static_type(); }
560
561 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
562
563 bool empty() const override { return m_cookie.empty(); }
564
565 const std::vector<uint8_t>& get_cookie() const { return m_cookie; }
566
567 explicit Cookie(const std::vector<uint8_t>& cookie);
568
569 explicit Cookie(TLS_Data_Reader& reader,
570 uint16_t extension_size);
571
572 private:
573 std::vector<uint8_t> m_cookie;
574 };
575
576/**
577* Pre-Shared Key Exchange Modes from RFC 8446 4.2.9
578*/
579class BOTAN_UNSTABLE_API PSK_Key_Exchange_Modes final : public Extension
580 {
581 public:
582 static Extension_Code static_type()
583 { return Extension_Code::PskKeyExchangeModes; }
584
585 Extension_Code type() const override { return static_type(); }
586
587 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
588
589 bool empty() const override { return m_modes.empty(); }
590
591 const std::vector<PSK_Key_Exchange_Mode>& modes() const { return m_modes; }
592
593 explicit PSK_Key_Exchange_Modes(std::vector<PSK_Key_Exchange_Mode> modes)
594 : m_modes(std::move(modes)) {}
595
596 explicit PSK_Key_Exchange_Modes(TLS_Data_Reader& reader, uint16_t extension_size);
597
598 private:
599 std::vector<PSK_Key_Exchange_Mode> m_modes;
600 };
601
602
603/**
604 * Certificate Authorities Extension from RFC 8446 4.2.4
605 */
606class BOTAN_UNSTABLE_API Certificate_Authorities final : public Extension
607 {
608 public:
609 static Extension_Code static_type()
610 { return Extension_Code::CertificateAuthorities; }
611
612 Extension_Code type() const override { return static_type(); }
613
614 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
615
616 bool empty() const override { return m_distinguished_names.empty(); }
617
618 const std::vector<X509_DN>& distinguished_names() const
619 { return m_distinguished_names; }
620
621 Certificate_Authorities(TLS_Data_Reader& reader, uint16_t extension_size);
622 explicit Certificate_Authorities(std::vector<X509_DN> acceptable_DNs);
623
624 private:
625 std::vector<X509_DN> m_distinguished_names;
626 };
627
628/**
629 * Pre-Shared Key extension from RFC 8446 4.2.11
630 */
631class BOTAN_UNSTABLE_API PSK final : public Extension
632 {
633 public:
634 static Extension_Code static_type() { return Extension_Code::PresharedKey; }
635 Extension_Code type() const override { return static_type(); }
636
637 std::vector<uint8_t> serialize(Connection_Side side) const override;
638
639 /**
640 * Returns the cipher state representing the PSK selected by the server.
641 * Note that this destructs the list of offered PSKs and its cipher states
642 * and must therefore not be called more than once.
643 */
644 std::unique_ptr<Cipher_State> select_cipher_state(const PSK& server_psk,
645 const Ciphersuite& cipher);
646
647 /**
648 * Selects one of the offered PSKs that is compatible with \p cipher.
649 * @retval PSK extension object that can be added to the Server Hello response
650 * @retval std::nullptr if no PSK offered by the client is convenient
651 */
652 std::unique_ptr<PSK> select_offered_psk(const Ciphersuite& cipher,
653 Session_Manager& session_mgr,
654 Callbacks& callbacks,
655 const Policy& policy);
656
657 /**
658 * Remove PSK identities from the list in \p m_psk that are not compatible
659 * with the passed in \p cipher suite.
660 * This is useful to react to Hello Retry Requests. See RFC 8446 4.1.4.
661 */
662 void filter(const Ciphersuite& cipher);
663
664 /**
665 * Pulls the Session to resume from a PSK extension in Server Hello.
666 */
667 Session take_session_to_resume();
668
669 bool empty() const override;
670
671 PSK(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type);
672
673 /**
674 * Creates a PSK extension with a TLS 1.3 session object containing a
675 * master_secret. Note that it will extract that secret from the session,
676 * and won't create a copy of it.
677 *
678 * @param session_to_resume the session to be resumed; note that the
679 * master secret will be taken away from the
680 * session object.
681 * @param callbacks the application's callbacks
682 */
683 PSK(Session_with_Handle& session_to_resume, Callbacks& callbacks);
684
685 ~PSK();
686
687 void calculate_binders(const Transcript_Hash_State& truncated_transcript_hash);
688 bool validate_binder(const PSK& server_psk, const std::vector<uint8_t>& binder) const;
689
690 // TODO: Implement pure PSK negotiation that is not used for session
691 // resumption.
692
693 private:
694 /**
695 * Creates a PSK extension that specifies the server's selection of an
696 * offered client PSK. The @p session_to_resume is kept internally
697 * and used later for the initialization of the Cipher_State object.
698 *
699 * Note: This constructor is called internally in PSK::select_offered_psk().
700 */
701 PSK(Session session_to_resume, const uint16_t psk_index);
702
703 private:
704 class PSK_Internal;
705 std::unique_ptr<PSK_Internal> m_impl;
706 };
707
708/**
709* Key_Share from RFC 8446 4.2.8
710*/
711class BOTAN_UNSTABLE_API Key_Share final : public Extension
712 {
713 public:
714 static Extension_Code static_type()
715 { return Extension_Code::KeyShare; }
716
717 Extension_Code type() const override { return static_type(); }
718
719 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
720
721 bool empty() const override;
722
723 /**
724 * Perform key exchange with the peer's key share.
725 * This method can be called on a ClientHello's Key_Share with a ServerHello's Key_Share or vice versa.
726 */
727 secure_vector<uint8_t> exchange(const Key_Share& peer_keyshare, const Policy& policy, Callbacks& cb, RandomNumberGenerator& rng) const;
728
729 /**
730 * Update a ClientHello's Key_Share to comply with a HelloRetryRequest.
731 *
732 * This will create new Key_Share_Entries and should only be called on a ClientHello Key_Share with a HelloRetryRequest Key_Share.
733 */
734 void retry_offer(const Key_Share& retry_request_keyshare, const std::vector<Named_Group>& supported_groups, Callbacks& cb, RandomNumberGenerator& rng);
735
736 /**
737 * @return key exchange groups the peer offered key share entries for
738 */
739 std::vector<Named_Group> offered_groups() const;
740
741 /**
742 * @return key exchange group that was selected by a Hello Retry Request
743 */
744 Named_Group selected_group() const;
745
746 /**
747 * Delete all private keys that might be contained in Key_Share_Entries in this extension.
748 */
749 void erase();
750
751 Key_Share(TLS_Data_Reader& reader,
752 uint16_t extension_size,
753 Handshake_Type message_type);
754
755 // constructor used for ClientHello msg
756 Key_Share(const Policy& policy, Callbacks& cb, RandomNumberGenerator& rng);
757
758 // constructor used for ServerHello msg
759 Key_Share(Named_Group group, Callbacks& cb, RandomNumberGenerator& rng);
760
761 // constructor used for HelloRetryRequest msg
762 explicit Key_Share(Named_Group selected_group);
763
764 // destructor implemented in .cpp to hide Key_Share_Impl
765 ~Key_Share();
766
767 private:
768 class Key_Share_Impl;
769 std::unique_ptr<Key_Share_Impl> m_impl;
770 };
771
772/**
773 * Indicates usage or support of early data as described in RFC 8446 4.2.10.
774 */
775class BOTAN_UNSTABLE_API EarlyDataIndication final : public Extension
776 {
777 public:
778 static Extension_Code static_type()
779 { return Extension_Code::EarlyData; }
780
781 Extension_Code type() const override { return static_type(); }
782 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
783
784 bool empty() const override;
785
786 std::optional<uint32_t> max_early_data_size() const
787 { return m_max_early_data_size; }
788
789 EarlyDataIndication(TLS_Data_Reader& reader,
790 uint16_t extension_size,
791 Handshake_Type message_type);
792
793 /**
794 * The max_early_data_size is exclusively provided by servers when using
795 * this extension in the NewSessionTicket message! Otherwise it stays
796 * std::nullopt and results in an empty extension. (RFC 8446 4.2.10).
797 */
798 EarlyDataIndication(std::optional<uint32_t> max_early_data_size = std::nullopt)
799 : m_max_early_data_size(std::move(max_early_data_size)) {}
800
801 private:
802 std::optional<uint32_t> m_max_early_data_size;
803 };
804
805#endif
806
807/**
808* Unknown extensions are deserialized as this type
809*/
810class BOTAN_UNSTABLE_API Unknown_Extension final : public Extension
811 {
812 public:
813 Unknown_Extension(Extension_Code type,
814 TLS_Data_Reader& reader,
815 uint16_t extension_size);
816
817 std::vector<uint8_t> serialize(Connection_Side whoami) const override;
818
819 const std::vector<uint8_t>& value() { return m_value; }
820
821 bool empty() const override { return false; }
822
823 Extension_Code type() const override { return m_type; }
824
825 bool is_implemented() const override { return false; }
826
827 private:
828 Extension_Code m_type;
829 std::vector<uint8_t> m_value;
830 };
831
832/**
833* Represents a block of extensions in a hello message
834*/
835class BOTAN_UNSTABLE_API Extensions final
836 {
837 public:
838 std::set<Extension_Code> extension_types() const;
839
840 const std::vector<std::unique_ptr<Extension>>& all() const
841 {
842 return m_extensions;
843 }
844
845 template<typename T>
846 T* get() const
847 {
848 return dynamic_cast<T*>(get(T::static_type()));
849 }
850
851 template<typename T>
852 bool has() const
853 {
854 return get<T>() != nullptr;
855 }
856
857 bool has(Extension_Code type) const
858 {
859 return get(type) != nullptr;
860 }
861
862 size_t size() const
863 {
864 return m_extensions.size();
865 }
866
867 void add(std::unique_ptr<Extension> extn);
868
869 void add(Extension* extn)
870 {
871 add(std::unique_ptr<Extension>(extn));
872 }
873
874 Extension* get(Extension_Code type) const
875 {
876 const auto i = std::find_if(m_extensions.cbegin(), m_extensions.cend(),
877 [type](const auto &ext) {
878 return ext->type() == type;
879 });
880
881 return (i != m_extensions.end()) ? i->get() : nullptr;
882 }
883
884 std::vector<uint8_t> serialize(Connection_Side whoami) const;
885
886 void deserialize(TLS_Data_Reader& reader,
887 const Connection_Side from,
888 const Handshake_Type message_type);
889
890 /**
891 * @param allowed_extensions extension types that are allowed
892 * @param allow_unknown_extensions if true, ignores unrecognized extensions
893 * @returns true if this contains any extensions that are not contained in @p allowed_extensions.
894 */
895 bool contains_other_than(const std::set<Extension_Code>& allowed_extensions,
896 const bool allow_unknown_extensions = false) const;
897
898 /**
899 * @param allowed_extensions extension types that are allowed
900 * @returns true if this contains any extensions implemented by Botan that
901 * are not contained in @p allowed_extensions.
902 */
903 bool contains_implemented_extensions_other_than(const std::set<Extension_Code>& allowed_extensions) const
904 {
905 return contains_other_than(allowed_extensions, true);
906 }
907
908 /**
909 * Take the extension with the given type out of the extensions list.
910 * Returns a nullptr if the extension didn't exist.
911 */
912 template<typename T>
913 decltype(auto) take()
914 {
915 std::unique_ptr<T> out_ptr;
916
917 auto ext = take(T::static_type());
918 if (ext != nullptr) {
919 out_ptr.reset(dynamic_cast<T*>(ext.get()));
920 BOTAN_ASSERT_NOMSG(out_ptr != nullptr);
921 ext.release();
922 }
923
924 return out_ptr;
925 }
926
927 /**
928 * Take the extension with the given type out of the extensions list.
929 * Returns a nullptr if the extension didn't exist.
930 */
931 std::unique_ptr<Extension> take(Extension_Code type);
932
933 /**
934 * Remove an extension from this extensions object, if it exists.
935 * Returns true if the extension existed (and thus is now removed),
936 * otherwise false (the extension wasn't set in the first place).
937 *
938 * Note: not used internally, might be used in Callbacks::tls_modify_extensions()
939 */
940 bool remove_extension(Extension_Code type)
941 {
942 return take(type) != nullptr;
943 }
944
945 Extensions() = default;
946 Extensions(Extensions&&) = default;
947 Extensions& operator=(Extensions&&) = default;
948
949 Extensions(TLS_Data_Reader& reader, Connection_Side side, Handshake_Type message_type)
950 {
951 deserialize(reader, side, message_type);
952 }
953
954 private:
955 Extensions(const Extensions&) = delete;
956 Extensions& operator=(const Extensions&) = delete;
957
958 std::vector<std::unique_ptr<Extension>> m_extensions;
959 };
960
961}
962
963}
964
965#endif
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
Botan::TLS::Application_Layer_Protocol_Notification
Definition: tls_extensions.h:178
Botan::TLS::Application_Layer_Protocol_Notification::Application_Layer_Protocol_Notification
Application_Layer_Protocol_Notification(std::string_view protocol)
Definition: tls_extensions.h:192
Botan::TLS::Application_Layer_Protocol_Notification::protocols
const std::vector< std::string > & protocols() const
Definition: tls_extensions.h:185
Botan::TLS::Application_Layer_Protocol_Notification::Application_Layer_Protocol_Notification
Application_Layer_Protocol_Notification(const std::vector< std::string > &protocols)
Definition: tls_extensions.h:198
Botan::TLS::Application_Layer_Protocol_Notification::type
Extension_Code type() const override
Definition: tls_extensions.h:183
Botan::TLS::Application_Layer_Protocol_Notification::empty
bool empty() const override
Definition: tls_extensions.h:207
Botan::TLS::Application_Layer_Protocol_Notification::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:180
Botan::TLS::Certificate_Status_Request
Definition: tls_extensions.h:449
Botan::TLS::Certificate_Status_Request::get_request_extensions
const std::vector< uint8_t > & get_request_extensions() const
Botan::TLS::Certificate_Status_Request::~Certificate_Status_Request
~Certificate_Status_Request() override
Botan::TLS::Certificate_Status_Request::get_responder_id_list
const std::vector< uint8_t > & get_responder_id_list() const
Botan::TLS::Certificate_Status_Request::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:451
Botan::TLS::Certificate_Status_Request::type
Extension_Code type() const override
Definition: tls_extensions.h:454
Botan::TLS::Certificate_Status_Request::empty
bool empty() const override
Definition: tls_extensions.h:458
Botan::TLS::Encrypt_then_MAC
Definition: tls_extensions.h:427
Botan::TLS::Encrypt_then_MAC::type
Extension_Code type() const override
Definition: tls_extensions.h:432
Botan::TLS::Encrypt_then_MAC::Encrypt_then_MAC
Encrypt_then_MAC()=default
Botan::TLS::Encrypt_then_MAC::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:429
Botan::TLS::Encrypt_then_MAC::empty
bool empty() const override
Definition: tls_extensions.h:436
Botan::TLS::Extended_Master_Secret
Definition: tls_extensions.h:407
Botan::TLS::Extended_Master_Secret::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:409
Botan::TLS::Extended_Master_Secret::type
Extension_Code type() const override
Definition: tls_extensions.h:412
Botan::TLS::Extended_Master_Secret::Extended_Master_Secret
Extended_Master_Secret()=default
Botan::TLS::Extended_Master_Secret::empty
bool empty() const override
Definition: tls_extensions.h:416
Botan::TLS::Extension::serialize
virtual std::vector< uint8_t > serialize(Connection_Side whoami) const =0
Botan::TLS::Extension::is_implemented
virtual bool is_implemented() const
Definition: tls_extensions.h:113
Botan::TLS::Extension::type
virtual Extension_Code type() const =0
Botan::TLS::Extension::empty
virtual bool empty() const =0
Botan::TLS::Extension::~Extension
virtual ~Extension()=default
Botan::TLS::Extensions::Extensions
Extensions(Extensions &&)=default
Botan::TLS::Extensions::add
void add(Extension *extn)
Definition: tls_extensions.h:869
Botan::TLS::Extensions::get
Extension * get(Extension_Code type) const
Definition: tls_extensions.h:874
Botan::TLS::Extensions::contains_implemented_extensions_other_than
bool contains_implemented_extensions_other_than(const std::set< Extension_Code > &allowed_extensions) const
Definition: tls_extensions.h:903
Botan::TLS::Extensions::Extensions
Extensions(TLS_Data_Reader &reader, Connection_Side side, Handshake_Type message_type)
Definition: tls_extensions.h:949
Botan::TLS::Extensions::take
decltype(auto) take()
Definition: tls_extensions.h:913
Botan::TLS::Extensions::operator=
Extensions & operator=(Extensions &&)=default
Botan::TLS::Extensions::remove_extension
bool remove_extension(Extension_Code type)
Definition: tls_extensions.h:940
Botan::TLS::Extensions::has
bool has(Extension_Code type) const
Definition: tls_extensions.h:857
Botan::TLS::Extensions::all
const std::vector< std::unique_ptr< Extension > > & all() const
Definition: tls_extensions.h:840
Botan::TLS::Protocol_Version
Definition: tls_version.h:32
Botan::TLS::Record_Size_Limit
Definition: tls_extensions.h:526
Botan::TLS::Record_Size_Limit::limit
uint16_t limit() const
Definition: tls_extensions.h:537
Botan::TLS::Record_Size_Limit::type
Extension_Code type() const override
Definition: tls_extensions.h:531
Botan::TLS::Record_Size_Limit::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:528
Botan::TLS::Record_Size_Limit::empty
bool empty() const override
Definition: tls_extensions.h:541
Botan::TLS::Renegotiation_Extension
Definition: tls_extensions.h:149
Botan::TLS::Renegotiation_Extension::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:151
Botan::TLS::Renegotiation_Extension::Renegotiation_Extension
Renegotiation_Extension(const std::vector< uint8_t > &bits)
Definition: tls_extensions.h:158
Botan::TLS::Renegotiation_Extension::empty
bool empty() const override
Definition: tls_extensions.h:169
Botan::TLS::Renegotiation_Extension::type
Extension_Code type() const override
Definition: tls_extensions.h:154
Botan::TLS::Renegotiation_Extension::Renegotiation_Extension
Renegotiation_Extension()=default
Botan::TLS::Renegotiation_Extension::renegotiation_info
const std::vector< uint8_t > & renegotiation_info() const
Definition: tls_extensions.h:164
Botan::TLS::SRTP_Protection_Profiles
Definition: tls_extensions.h:381
Botan::TLS::SRTP_Protection_Profiles::type
Extension_Code type() const override
Definition: tls_extensions.h:386
Botan::TLS::SRTP_Protection_Profiles::SRTP_Protection_Profiles
SRTP_Protection_Profiles(uint16_t pp)
Definition: tls_extensions.h:396
Botan::TLS::SRTP_Protection_Profiles::empty
bool empty() const override
Definition: tls_extensions.h:392
Botan::TLS::SRTP_Protection_Profiles::SRTP_Protection_Profiles
SRTP_Protection_Profiles(const std::vector< uint16_t > &pp)
Definition: tls_extensions.h:394
Botan::TLS::SRTP_Protection_Profiles::profiles
const std::vector< uint16_t > & profiles() const
Definition: tls_extensions.h:388
Botan::TLS::SRTP_Protection_Profiles::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:383
Botan::TLS::Server_Name_Indicator
Definition: tls_extensions.h:122
Botan::TLS::Server_Name_Indicator::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:124
Botan::TLS::Server_Name_Indicator::type
Extension_Code type() const override
Definition: tls_extensions.h:127
Botan::TLS::Server_Name_Indicator::host_name
std::string host_name() const
Definition: tls_extensions.h:135
Botan::TLS::Server_Name_Indicator::empty
bool empty() const override
Definition: tls_extensions.h:139
Botan::TLS::Server_Name_Indicator::Server_Name_Indicator
Server_Name_Indicator(std::string_view host_name)
Definition: tls_extensions.h:129
Botan::TLS::Session_Ticket_Extension
Definition: tls_extensions.h:216
Botan::TLS::Session_Ticket_Extension::Session_Ticket_Extension
Session_Ticket_Extension()=default
Botan::TLS::Session_Ticket_Extension::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:218
Botan::TLS::Session_Ticket_Extension::type
Extension_Code type() const override
Definition: tls_extensions.h:221
Botan::TLS::Session_Ticket_Extension::Session_Ticket_Extension
Session_Ticket_Extension(Session_Ticket session_ticket)
Definition: tls_extensions.h:236
Botan::TLS::Session_Ticket_Extension::serialize
std::vector< uint8_t > serialize(Connection_Side) const override
Definition: tls_extensions.h:244
Botan::TLS::Session_Ticket_Extension::empty
bool empty() const override
Definition: tls_extensions.h:246
Botan::TLS::Session_Ticket_Extension::contents
const Session_Ticket & contents() const
Definition: tls_extensions.h:226
Botan::TLS::Signature_Algorithms_Cert
Definition: tls_extensions.h:355
Botan::TLS::Signature_Algorithms_Cert::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:357
Botan::TLS::Signature_Algorithms_Cert::empty
bool empty() const override
Definition: tls_extensions.h:366
Botan::TLS::Signature_Algorithms_Cert::Signature_Algorithms_Cert
Signature_Algorithms_Cert(std::vector< Signature_Scheme > schemes)
Definition: tls_extensions.h:368
Botan::TLS::Signature_Algorithms_Cert::supported_schemes
const std::vector< Signature_Scheme > & supported_schemes() const
Definition: tls_extensions.h:362
Botan::TLS::Signature_Algorithms_Cert::type
Extension_Code type() const override
Definition: tls_extensions.h:360
Botan::TLS::Signature_Algorithms
Definition: tls_extensions.h:319
Botan::TLS::Signature_Algorithms::Signature_Algorithms
Signature_Algorithms(std::vector< Signature_Scheme > schemes)
Definition: tls_extensions.h:332
Botan::TLS::Signature_Algorithms::supported_schemes
const std::vector< Signature_Scheme > & supported_schemes() const
Definition: tls_extensions.h:326
Botan::TLS::Signature_Algorithms::empty
bool empty() const override
Definition: tls_extensions.h:330
Botan::TLS::Signature_Algorithms::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:321
Botan::TLS::Signature_Algorithms::type
Extension_Code type() const override
Definition: tls_extensions.h:324
Botan::TLS::Supported_Groups
Definition: tls_extensions.h:256
Botan::TLS::Supported_Groups::empty
bool empty() const override
Definition: tls_extensions.h:274
Botan::TLS::Supported_Groups::type
Extension_Code type() const override
Definition: tls_extensions.h:261
Botan::TLS::Supported_Groups::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:258
Botan::TLS::Supported_Point_Formats
Definition: tls_extensions.h:286
Botan::TLS::Supported_Point_Formats::Supported_Point_Formats
Supported_Point_Formats(bool prefer_compressed)
Definition: tls_extensions.h:301
Botan::TLS::Supported_Point_Formats::empty
bool empty() const override
Definition: tls_extensions.h:307
Botan::TLS::Supported_Point_Formats::prefers_compressed
bool prefers_compressed()
Definition: tls_extensions.h:309
Botan::TLS::Supported_Point_Formats::type
Extension_Code type() const override
Definition: tls_extensions.h:297
Botan::TLS::Supported_Point_Formats::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:294
Botan::TLS::Supported_Point_Formats::ECPointFormat
ECPointFormat
Definition: tls_extensions.h:288
Botan::TLS::Supported_Versions
Definition: tls_extensions.h:489
Botan::TLS::Supported_Versions::static_type
static Extension_Code static_type()
Definition: tls_extensions.h:491
Botan::TLS::Supported_Versions::versions
const std::vector< Protocol_Version > & versions() const
Definition: tls_extensions.h:513
Botan::TLS::Supported_Versions::empty
bool empty() const override
Definition: tls_extensions.h:498
Botan::TLS::Supported_Versions::Supported_Versions
Supported_Versions(Protocol_Version version)
Definition: tls_extensions.h:502
Botan::TLS::Supported_Versions::type
Extension_Code type() const override
Definition: tls_extensions.h:494
Botan::TLS::TLS_Data_Reader
Definition: tls_reader.h:27
Botan::TLS::Unknown_Extension
Definition: tls_extensions.h:811
Botan::TLS::Unknown_Extension::empty
bool empty() const override
Definition: tls_extensions.h:821
Botan::TLS::Unknown_Extension::value
const std::vector< uint8_t > & value()
Definition: tls_extensions.h:819
Botan::TLS::Unknown_Extension::is_implemented
bool is_implemented() const override
Definition: tls_extensions.h:825
Botan::TLS::Unknown_Extension::type
Extension_Code type() const override
Definition: tls_extensions.h:823
final
int(* final)(unsigned char *, CTX *)
Definition: commoncrypto_hash.cpp:29
BOTAN_UNSTABLE_API
#define BOTAN_UNSTABLE_API
Definition: compiler.h:44
T
FE_25519 T
Definition: ge.cpp:36
Botan::TLS::Named_Group
Group_Params Named_Group
Definition: tls_extensions.h:518
Botan
Definition: alg_id.cpp:12
std
Definition: bigint.h:1092
Generated by doxygen 1.9.6