12#ifndef BOTAN_TLS_EXTENSIONS_H_
13#define BOTAN_TLS_EXTENSIONS_H_
15#include <botan/pkix_types.h>
16#include <botan/secmem.h>
17#include <botan/tls_algos.h>
18#include <botan/tls_magic.h>
19#include <botan/tls_session.h>
20#include <botan/tls_signature_scheme.h>
21#include <botan/tls_version.h>
33class RandomNumberGenerator;
37#if defined(BOTAN_HAS_TLS_13)
42class Transcript_Hash_State;
44enum class PSK_Key_Exchange_Mode : uint8_t { PSK_KE = 0, PSK_DHE_KE = 1 };
71#if defined(BOTAN_HAS_TLS_13)
76 PskKeyExchangeModes = 45,
77 CertificateAuthorities = 47,
127 std::string
host_name()
const {
return m_sni_host_name; }
131 bool empty()
const override {
return false; }
134 std::string m_sni_host_name;
156 bool empty()
const override {
return false; }
159 std::vector<uint8_t> m_reneg_data;
171 const std::vector<std::string>&
protocols()
const {
return m_protocols; }
173 std::string single_protocol()
const;
179 m_protocols(1,
std::string(protocol)) {}
185 m_protocols(protocols) {}
191 bool empty()
const override {
return m_protocols.empty(); }
194 std::vector<std::string> m_protocols;
228 bool empty()
const override {
return false; }
243 const std::vector<Group_Params>& groups()
const;
244 std::vector<Group_Params> ec_groups()
const;
245 std::vector<Group_Params> dh_groups()
const;
253 bool empty()
const override {
return m_groups.empty(); }
256 std::vector<Group_Params> m_groups;
269 ANSIX962_COMPRESSED_PRIME = 1,
270 ANSIX962_COMPRESSED_CHAR2 = 2,
283 bool empty()
const override {
return false; }
288 bool m_prefers_compressed =
false;
304 bool empty()
const override {
return m_schemes.empty(); }
311 std::vector<Signature_Scheme> m_schemes;
337 bool empty()
const override {
return m_schemes.empty(); }
344 std::vector<Signature_Scheme> m_schemes;
356 const std::vector<uint16_t>&
profiles()
const {
return m_pp; }
360 bool empty()
const override {
return m_pp.empty(); }
369 std::vector<uint16_t> m_pp;
383 bool empty()
const override {
return false; }
401 bool empty()
const override {
return false; }
408class Certificate_Status_Request_Internal;
421 bool empty()
const override {
return false; }
425 const std::vector<uint8_t>& get_ocsp_response()
const;
432 std::vector<std::vector<uint8_t>> ocsp_key_ids);
438 uint16_t extension_size,
445 std::unique_ptr<Certificate_Status_Request_Internal> m_impl;
459 bool empty()
const override {
return m_versions.empty(); }
469 const std::vector<Protocol_Version>&
versions()
const {
return m_versions; }
472 std::vector<Protocol_Version> m_versions;
492 uint16_t
limit()
const {
return m_limit; }
496 bool empty()
const override {
return m_limit == 0; }
504#if defined(BOTAN_HAS_TLS_13)
510 static Extension_Code static_type() {
return Extension_Code::Cookie; }
512 Extension_Code type()
const override {
return static_type(); }
514 std::vector<uint8_t> serialize(Connection_Side whoami)
const override;
516 bool empty()
const override {
return m_cookie.empty(); }
518 const std::vector<uint8_t>& get_cookie()
const {
return m_cookie; }
520 explicit Cookie(
const std::vector<uint8_t>& cookie);
522 explicit Cookie(TLS_Data_Reader& reader, uint16_t extension_size);
525 std::vector<uint8_t> m_cookie;
533 static Extension_Code static_type() {
return Extension_Code::PskKeyExchangeModes; }
537 std::vector<uint8_t> serialize(Connection_Side whoami)
const override;
539 bool empty()
const override {
return m_modes.empty(); }
541 const std::vector<PSK_Key_Exchange_Mode>& modes()
const {
return m_modes; }
543 explicit PSK_Key_Exchange_Modes(std::vector<PSK_Key_Exchange_Mode> modes) : m_modes(
std::move(modes)) {}
545 explicit PSK_Key_Exchange_Modes(TLS_Data_Reader& reader, uint16_t extension_size);
548 std::vector<PSK_Key_Exchange_Mode> m_modes;
556 static Extension_Code static_type() {
return Extension_Code::CertificateAuthorities; }
560 std::vector<uint8_t> serialize(Connection_Side whoami)
const override;
562 bool empty()
const override {
return m_distinguished_names.empty(); }
564 const std::vector<X509_DN>& distinguished_names()
const {
return m_distinguished_names; }
566 Certificate_Authorities(TLS_Data_Reader& reader, uint16_t extension_size);
567 explicit Certificate_Authorities(std::vector<X509_DN> acceptable_DNs);
570 std::vector<X509_DN> m_distinguished_names;
578 static Extension_Code static_type() {
return Extension_Code::PresharedKey; }
582 std::vector<uint8_t> serialize(Connection_Side side)
const override;
589 std::unique_ptr<Cipher_State> select_cipher_state(
const PSK& server_psk,
const Ciphersuite& cipher);
596 std::unique_ptr<PSK> select_offered_psk(
const Ciphersuite& cipher,
597 Session_Manager& session_mgr,
598 Callbacks& callbacks,
599 const Policy& policy);
606 void filter(
const Ciphersuite& cipher);
611 Session take_session_to_resume();
613 bool empty()
const override;
615 PSK(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type);
627 PSK(Session_with_Handle& session_to_resume, Callbacks& callbacks);
631 void calculate_binders(
const Transcript_Hash_State& truncated_transcript_hash);
632 bool validate_binder(
const PSK& server_psk,
const std::vector<uint8_t>& binder)
const;
645 PSK(Session session_to_resume,
const uint16_t psk_index);
649 std::unique_ptr<PSK_Internal> m_impl;
657 static Extension_Code static_type() {
return Extension_Code::KeyShare; }
661 std::vector<uint8_t> serialize(Connection_Side whoami)
const override;
663 bool empty()
const override;
673 static std::unique_ptr<Key_Share> create_as_encapsulation(Group_Params selected_group,
674 const Key_Share& client_keyshare,
675 const Policy& policy,
677 RandomNumberGenerator& rng);
687 secure_vector<uint8_t> decapsulate(
const Key_Share& server_keyshare,
688 const Policy& policy,
690 RandomNumberGenerator& rng);
697 void retry_offer(
const Key_Share& retry_request_keyshare,
698 const std::vector<Named_Group>& supported_groups,
700 RandomNumberGenerator& rng);
705 std::vector<Named_Group> offered_groups()
const;
719 secure_vector<uint8_t> take_shared_secret();
721 Key_Share(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type);
724 Key_Share(
const Policy& policy, Callbacks& cb, RandomNumberGenerator& rng);
727 explicit Key_Share(Named_Group selected_group);
735 Key_Share(Group_Params selected_group,
736 const Key_Share& client_keyshare,
737 const Policy& policy,
739 RandomNumberGenerator& rng);
742 class Key_Share_Impl;
743 std::unique_ptr<Key_Share_Impl> m_impl;
751 static Extension_Code static_type() {
return Extension_Code::EarlyData; }
755 std::vector<uint8_t> serialize(Connection_Side whoami)
const override;
757 bool empty()
const override;
759 std::optional<uint32_t> max_early_data_size()
const {
return m_max_early_data_size; }
761 EarlyDataIndication(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type);
768 EarlyDataIndication(std::optional<uint32_t> max_early_data_size = std::nullopt) :
769 m_max_early_data_size(
std::move(max_early_data_size)) {}
772 std::optional<uint32_t> m_max_early_data_size;
786 const std::vector<uint8_t>&
value() {
return m_value; }
788 bool empty()
const override {
return false; }
796 std::vector<uint8_t> m_value;
804 std::set<Extension_Code> extension_types()
const;
806 const std::vector<std::unique_ptr<Extension>>&
all()
const {
return m_extensions; }
808 template <
typename T>
810 return dynamic_cast<T*
>(get(T::static_type()));
813 template <
typename T>
815 return get<T>() !=
nullptr;
820 size_t size()
const {
return m_extensions.size(); }
822 void add(std::unique_ptr<Extension> extn);
827 const auto i = std::find_if(
828 m_extensions.cbegin(), m_extensions.cend(), [type](
const auto& ext) { return ext->type() == type; });
830 return (i != m_extensions.end()) ? i->get() :
nullptr;
842 bool contains_other_than(
const std::set<Extension_Code>& allowed_extensions,
843 const bool allow_unknown_extensions =
false)
const;
851 return contains_other_than(allowed_extensions,
true);
858 template <
typename T>
860 std::unique_ptr<T> out_ptr;
862 auto ext = take(T::static_type());
864 out_ptr.reset(
dynamic_cast<T*
>(ext.get()));
892 deserialize(reader, side, message_type);
899 std::vector<std::unique_ptr<Extension>> m_extensions;
#define BOTAN_ASSERT_NOMSG(expr)
Application_Layer_Protocol_Notification(std::string_view protocol)
const std::vector< std::string > & protocols() const
Application_Layer_Protocol_Notification(const std::vector< std::string > &protocols)
Extension_Code type() const override
bool empty() const override
static Extension_Code static_type()
const std::vector< uint8_t > & get_request_extensions() const
~Certificate_Status_Request() override
const std::vector< uint8_t > & get_responder_id_list() const
static Extension_Code static_type()
Extension_Code type() const override
bool empty() const override
Extension_Code type() const override
Encrypt_then_MAC()=default
static Extension_Code static_type()
bool empty() const override
static Extension_Code static_type()
Extension_Code type() const override
Extended_Master_Secret()=default
bool empty() const override
virtual std::vector< uint8_t > serialize(Connection_Side whoami) const =0
virtual bool is_implemented() const
virtual Extension_Code type() const =0
virtual bool empty() const =0
virtual ~Extension()=default
Extensions(Extensions &&)=default
void add(Extension *extn)
Extension * get(Extension_Code type) const
bool contains_implemented_extensions_other_than(const std::set< Extension_Code > &allowed_extensions) const
Extensions(TLS_Data_Reader &reader, Connection_Side side, Handshake_Type message_type)
Extensions & operator=(Extensions &&)=default
bool remove_extension(Extension_Code type)
bool has(Extension_Code type) const
const std::vector< std::unique_ptr< Extension > > & all() const
Extension_Code type() const override
static Extension_Code static_type()
bool empty() const override
static Extension_Code static_type()
Renegotiation_Extension(const std::vector< uint8_t > &bits)
bool empty() const override
Extension_Code type() const override
Renegotiation_Extension()=default
const std::vector< uint8_t > & renegotiation_info() const
Extension_Code type() const override
SRTP_Protection_Profiles(uint16_t pp)
bool empty() const override
SRTP_Protection_Profiles(const std::vector< uint16_t > &pp)
const std::vector< uint16_t > & profiles() const
static Extension_Code static_type()
static Extension_Code static_type()
Extension_Code type() const override
std::string host_name() const
bool empty() const override
Server_Name_Indicator(std::string_view host_name)
Session_Ticket_Extension()=default
static Extension_Code static_type()
Extension_Code type() const override
Session_Ticket_Extension(Session_Ticket session_ticket)
std::vector< uint8_t > serialize(Connection_Side) const override
bool empty() const override
const Session_Ticket & contents() const
static Extension_Code static_type()
bool empty() const override
Signature_Algorithms_Cert(std::vector< Signature_Scheme > schemes)
const std::vector< Signature_Scheme > & supported_schemes() const
Extension_Code type() const override
Signature_Algorithms(std::vector< Signature_Scheme > schemes)
const std::vector< Signature_Scheme > & supported_schemes() const
bool empty() const override
static Extension_Code static_type()
Extension_Code type() const override
bool empty() const override
Extension_Code type() const override
static Extension_Code static_type()
static Extension_Code static_type()
const std::vector< Protocol_Version > & versions() const
bool empty() const override
Supported_Versions(Protocol_Version version)
Extension_Code type() const override
bool empty() const override
const std::vector< uint8_t > & value()
bool is_implemented() const override
Extension_Code type() const override
int(* final)(unsigned char *, CTX *)
#define BOTAN_UNSTABLE_API
@ CertSignatureAlgorithms
@ ApplicationLayerProtocolNegotiation
@ CertificateStatusRequest