Botan 3.11.0
Crypto and TLS for C&
tls_magic.h
Go to the documentation of this file.
1/*
2* SSL/TLS Protocol Constants
3* (C) 2004-2010 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_TLS_PROTOCOL_MAGIC_H_
9#define BOTAN_TLS_PROTOCOL_MAGIC_H_
10
11#include <botan/strong_type.h>
12#include <botan/types.h>
13#include <array>
14#include <vector>
15
16//BOTAN_FUTURE_INTERNAL_HEADER(tls_magic.h)
17
18namespace Botan::TLS {
19
20/**
21* Protocol Constants for SSL/TLS
22*
23* TODO(Botan4): this should not be an enum at all
24*/
25enum Size_Limits : size_t /* NOLINT(*-enum-size,*-use-enum-class) */ {
26 TLS_HEADER_SIZE = 5,
27 DTLS_HEADER_SIZE = TLS_HEADER_SIZE + 8,
28
29 // The "TLSInnerPlaintext" length, i.e. the maximum amount of plaintext
30 // application data that can be transmitted in a single TLS record.
31 MAX_PLAINTEXT_SIZE = 16 * 1024,
32
33 MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024,
34 MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024,
35
36 // RFC 8446 5.2:
37 // This limit is derived from the maximum TLSInnerPlaintext length of 2^14
38 // octets + 1 octet for ContentType + the maximum AEAD expansion of 255
39 // octets.
40 MAX_AEAD_EXPANSION_SIZE_TLS13 = 255,
41 MAX_CIPHERTEXT_SIZE_TLS13 = MAX_PLAINTEXT_SIZE + MAX_AEAD_EXPANSION_SIZE_TLS13 + 1
42};
43
44enum class Connection_Side : uint8_t {
45 Client = 1,
46 Server = 2,
47
48 CLIENT BOTAN_DEPRECATED("Use Connection_Side::Client") = Client,
49 SERVER BOTAN_DEPRECATED("Use Connection_Side::Server") = Server,
50};
51
52enum class Record_Type : uint8_t {
53 Invalid = 0, // RFC 8446 (TLS 1.3)
54
55 ChangeCipherSpec = 20,
56 Alert = 21,
57 Handshake = 22,
58 ApplicationData = 23,
59
60 Heartbeat = 24, // RFC 6520 (TLS 1.3)
61};
62
63enum class Handshake_Type : uint8_t {
64 HelloRequest = 0,
65 ClientHello = 1,
66 ServerHello = 2,
67 HelloVerifyRequest = 3,
68 NewSessionTicket = 4, // RFC 5077
69
70 EndOfEarlyData = 5, // RFC 8446 (TLS 1.3)
71 EncryptedExtensions = 8, // RFC 8446 (TLS 1.3)
72
73 Certificate = 11,
74 ServerKeyExchange = 12,
75 CertificateRequest = 13,
76 ServerHelloDone = 14,
77 CertificateVerify = 15,
78 ClientKeyExchange = 16,
79 Finished = 20,
80
81 CertificateUrl = 21,
82 CertificateStatus = 22,
83
84 KeyUpdate = 24, // RFC 8446 (TLS 1.3)
85
86 HelloRetryRequest = 253, // Not a wire value (HRR appears as an ordinary Server Hello)
87 HandshakeCCS = 254, // Not a wire value (TLS 1.3 uses this value for 'message_hash' -- RFC 8446 4.4.1)
88 None = 255 // Null value
89};
90
91BOTAN_TEST_API const char* handshake_type_to_string(Handshake_Type t);
92
93using Transcript_Hash = std::vector<uint8_t>;
94
95/// @brief Used to derive the ticket's PSK from the resumption_master_secret
96using Ticket_Nonce = Strong<std::vector<uint8_t>, struct Ticket_Nonce_>;
97
98/**
99 * Magic values used to signal a downgrade request to TLS 1.1.
100 *
101 * RFC 8446 4.1.3:
102 * TLS 1.3 has a downgrade protection mechanism embedded in the server's
103 * random value. TLS 1.3 servers which negotiate TLS 1.2 or below in
104 * response to a ClientHello MUST set the last 8 bytes of their Random
105 * value specially in their ServerHello.
106 */
107constexpr uint64_t DOWNGRADE_TLS11 = 0x444F574E47524400;
108
109/**
110 * Magic values used to signal a downgrade request to TLS 1.2.
111 *
112 * RFC 8446 4.1.3:
113 * TLS 1.3 has a downgrade protection mechanism embedded in the server's
114 * random value. TLS 1.3 servers which negotiate TLS 1.2 or below in
115 * response to a ClientHello MUST set the last 8 bytes of their Random
116 * value specially in their ServerHello.
117 */
118constexpr uint64_t DOWNGRADE_TLS12 = 0x444F574E47524401;
119
120/**
121 * RFC 8446 4.1.3:
122 * For reasons of backward compatibility with middleboxes, the
123 * HelloRetryRequest message uses the same structure as the ServerHello, but
124 * with Random set to the special value of the SHA-256 of "HelloRetryRequest":
125 */
126constexpr std::array<uint8_t, 32> HELLO_RETRY_REQUEST_MARKER = {
127 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
128 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C};
129
130} // namespace Botan::TLS
131
132#endif
BOTAN_DEPRECATED
#define BOTAN_DEPRECATED(msg)
Definition api.h:73
BOTAN_TEST_API
#define BOTAN_TEST_API
Definition api.h:41
Botan::TLS::handshake_type_to_string
const char * handshake_type_to_string(Handshake_Type type)
Definition tls_magic.cpp:15
Botan::TLS::DOWNGRADE_TLS12
constexpr uint64_t DOWNGRADE_TLS12
Definition tls_magic.h:118
Botan::TLS::Transcript_Hash
std::vector< uint8_t > Transcript_Hash
Definition tls_magic.h:93
Botan::TLS::MAX_CIPHERTEXT_SIZE
@ MAX_CIPHERTEXT_SIZE
Definition tls_magic.h:34
Botan::TLS::MAX_PLAINTEXT_SIZE
@ MAX_PLAINTEXT_SIZE
Definition tls_magic.h:31
Botan::TLS::MAX_CIPHERTEXT_SIZE_TLS13
@ MAX_CIPHERTEXT_SIZE_TLS13
Definition tls_magic.h:41
Botan::TLS::MAX_AEAD_EXPANSION_SIZE_TLS13
@ MAX_AEAD_EXPANSION_SIZE_TLS13
Definition tls_magic.h:40
Botan::TLS::TLS_HEADER_SIZE
@ TLS_HEADER_SIZE
Definition tls_magic.h:26
Botan::TLS::MAX_COMPRESSED_SIZE
@ MAX_COMPRESSED_SIZE
Definition tls_magic.h:33
Botan::TLS::DTLS_HEADER_SIZE
@ DTLS_HEADER_SIZE
Definition tls_magic.h:27
Botan::TLS::Ticket_Nonce
Strong< std::vector< uint8_t >, struct Ticket_Nonce_ > Ticket_Nonce
Used to derive the ticket's PSK from the resumption_master_secret.
Definition tls_magic.h:96
Botan::TLS::DOWNGRADE_TLS11
constexpr uint64_t DOWNGRADE_TLS11
Definition tls_magic.h:107
Botan::TLS::HELLO_RETRY_REQUEST_MARKER
constexpr std::array< uint8_t, 32 > HELLO_RETRY_REQUEST_MARKER
Definition tls_magic.h:126
Generated by doxygen 1.15.0