Botan
1.11.15
|
00001 /* 00002 * TLS Extensions 00003 * (C) 2011,2012,2015 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #include <botan/internal/tls_extensions.h> 00009 #include <botan/internal/tls_reader.h> 00010 #include <botan/tls_exceptn.h> 00011 00012 namespace Botan { 00013 00014 namespace TLS { 00015 00016 namespace { 00017 00018 Extension* make_extension(TLS_Data_Reader& reader, 00019 u16bit code, 00020 u16bit size) 00021 { 00022 switch(code) 00023 { 00024 case TLSEXT_SERVER_NAME_INDICATION: 00025 return new Server_Name_Indicator(reader, size); 00026 00027 case TLSEXT_MAX_FRAGMENT_LENGTH: 00028 return new Maximum_Fragment_Length(reader, size); 00029 00030 case TLSEXT_SRP_IDENTIFIER: 00031 return new SRP_Identifier(reader, size); 00032 00033 case TLSEXT_USABLE_ELLIPTIC_CURVES: 00034 return new Supported_Elliptic_Curves(reader, size); 00035 00036 case TLSEXT_SAFE_RENEGOTIATION: 00037 return new Renegotiation_Extension(reader, size); 00038 00039 case TLSEXT_SIGNATURE_ALGORITHMS: 00040 return new Signature_Algorithms(reader, size); 00041 00042 case TLSEXT_USE_SRTP: 00043 return new SRTP_Protection_Profiles(reader, size); 00044 00045 case TLSEXT_NEXT_PROTOCOL: 00046 return new Next_Protocol_Notification(reader, size); 00047 00048 case TLSEXT_HEARTBEAT_SUPPORT: 00049 return new Heartbeat_Support_Indicator(reader, size); 00050 00051 case TLSEXT_SESSION_TICKET: 00052 return new Session_Ticket(reader, size); 00053 00054 default: 00055 return nullptr; // not known 00056 } 00057 } 00058 00059 } 00060 00061 void Extensions::deserialize(TLS_Data_Reader& reader) 00062 { 00063 if(reader.has_remaining()) 00064 { 00065 const u16bit all_extn_size = reader.get_u16bit(); 00066 00067 if(reader.remaining_bytes() != all_extn_size) 00068 throw Decoding_Error("Bad extension size"); 00069 00070 while(reader.has_remaining()) 00071 { 00072 const u16bit extension_code = reader.get_u16bit(); 00073 const u16bit extension_size = reader.get_u16bit(); 00074 00075 Extension* extn = make_extension(reader, 00076 extension_code, 00077 extension_size); 00078 00079 if(extn) 00080 this->add(extn); 00081 else // unknown/unhandled extension 00082 reader.discard_next(extension_size); 00083 } 00084 } 00085 } 00086 00087 std::vector<byte> Extensions::serialize() const 00088 { 00089 std::vector<byte> buf(2); // 2 bytes for length field 00090 00091 for(auto& extn : extensions) 00092 { 00093 if(extn.second->empty()) 00094 continue; 00095 00096 const u16bit extn_code = extn.second->type(); 00097 00098 std::vector<byte> extn_val = extn.second->serialize(); 00099 00100 buf.push_back(get_byte(0, extn_code)); 00101 buf.push_back(get_byte(1, extn_code)); 00102 00103 buf.push_back(get_byte<u16bit>(0, extn_val.size())); 00104 buf.push_back(get_byte<u16bit>(1, extn_val.size())); 00105 00106 buf += extn_val; 00107 } 00108 00109 const u16bit extn_size = buf.size() - 2; 00110 00111 buf[0] = get_byte(0, extn_size); 00112 buf[1] = get_byte(1, extn_size); 00113 00114 // avoid sending a completely empty extensions block 00115 if(buf.size() == 2) 00116 return std::vector<byte>(); 00117 00118 return buf; 00119 } 00120 00121 std::set<Handshake_Extension_Type> Extensions::extension_types() const 00122 { 00123 std::set<Handshake_Extension_Type> offers; 00124 for(auto i = extensions.begin(); i != extensions.end(); ++i) 00125 offers.insert(i->first); 00126 return offers; 00127 } 00128 00129 Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, 00130 u16bit extension_size) 00131 { 00132 /* 00133 * This is used by the server to confirm that it knew the name 00134 */ 00135 if(extension_size == 0) 00136 return; 00137 00138 u16bit name_bytes = reader.get_u16bit(); 00139 00140 if(name_bytes + 2 != extension_size) 00141 throw Decoding_Error("Bad encoding of SNI extension"); 00142 00143 while(name_bytes) 00144 { 00145 byte name_type = reader.get_byte(); 00146 name_bytes--; 00147 00148 if(name_type == 0) // DNS 00149 { 00150 sni_host_name = reader.get_string(2, 1, 65535); 00151 name_bytes -= (2 + sni_host_name.size()); 00152 } 00153 else // some other unknown name type 00154 { 00155 reader.discard_next(name_bytes); 00156 name_bytes = 0; 00157 } 00158 } 00159 } 00160 00161 std::vector<byte> Server_Name_Indicator::serialize() const 00162 { 00163 std::vector<byte> buf; 00164 00165 size_t name_len = sni_host_name.size(); 00166 00167 buf.push_back(get_byte<u16bit>(0, name_len+3)); 00168 buf.push_back(get_byte<u16bit>(1, name_len+3)); 00169 buf.push_back(0); // DNS 00170 00171 buf.push_back(get_byte<u16bit>(0, name_len)); 00172 buf.push_back(get_byte<u16bit>(1, name_len)); 00173 00174 buf += std::make_pair( 00175 reinterpret_cast<const byte*>(sni_host_name.data()), 00176 sni_host_name.size()); 00177 00178 return buf; 00179 } 00180 00181 SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, 00182 u16bit extension_size) 00183 { 00184 srp_identifier = reader.get_string(1, 1, 255); 00185 00186 if(srp_identifier.size() + 1 != extension_size) 00187 throw Decoding_Error("Bad encoding for SRP identifier extension"); 00188 } 00189 00190 std::vector<byte> SRP_Identifier::serialize() const 00191 { 00192 std::vector<byte> buf; 00193 00194 const byte* srp_bytes = 00195 reinterpret_cast<const byte*>(srp_identifier.data()); 00196 00197 append_tls_length_value(buf, srp_bytes, srp_identifier.size(), 1); 00198 00199 return buf; 00200 } 00201 00202 Renegotiation_Extension::Renegotiation_Extension(TLS_Data_Reader& reader, 00203 u16bit extension_size) 00204 { 00205 reneg_data = reader.get_range<byte>(1, 0, 255); 00206 00207 if(reneg_data.size() + 1 != extension_size) 00208 throw Decoding_Error("Bad encoding for secure renegotiation extn"); 00209 } 00210 00211 std::vector<byte> Renegotiation_Extension::serialize() const 00212 { 00213 std::vector<byte> buf; 00214 append_tls_length_value(buf, reneg_data, 1); 00215 return buf; 00216 } 00217 00218 std::vector<byte> Maximum_Fragment_Length::serialize() const 00219 { 00220 switch(m_max_fragment) 00221 { 00222 case 512: 00223 return std::vector<byte>(1, 1); 00224 case 1024: 00225 return std::vector<byte>(1, 2); 00226 case 2048: 00227 return std::vector<byte>(1, 3); 00228 case 4096: 00229 return std::vector<byte>(1, 4); 00230 default: 00231 throw std::invalid_argument("Bad setting " + 00232 std::to_string(m_max_fragment) + 00233 " for maximum fragment size"); 00234 } 00235 } 00236 00237 Maximum_Fragment_Length::Maximum_Fragment_Length(TLS_Data_Reader& reader, 00238 u16bit extension_size) 00239 { 00240 if(extension_size != 1) 00241 throw Decoding_Error("Bad size for maximum fragment extension"); 00242 00243 const byte val = reader.get_byte(); 00244 00245 switch(val) 00246 { 00247 case 1: 00248 m_max_fragment = 512; 00249 case 2: 00250 m_max_fragment = 1024; 00251 case 3: 00252 m_max_fragment = 2048; 00253 case 4: 00254 m_max_fragment = 4096; 00255 default: 00256 throw TLS_Exception(Alert::ILLEGAL_PARAMETER, 00257 "Bad value " + std::to_string(val) + " for max fragment len"); 00258 } 00259 } 00260 00261 Next_Protocol_Notification::Next_Protocol_Notification(TLS_Data_Reader& reader, 00262 u16bit extension_size) 00263 { 00264 if(extension_size == 0) 00265 return; // empty extension 00266 00267 size_t bytes_remaining = extension_size; 00268 00269 while(bytes_remaining) 00270 { 00271 const std::string p = reader.get_string(1, 0, 255); 00272 00273 if(bytes_remaining < p.size() + 1) 00274 throw Decoding_Error("Bad encoding for next protocol extension"); 00275 00276 bytes_remaining -= (p.size() + 1); 00277 00278 m_protocols.push_back(p); 00279 } 00280 } 00281 00282 std::vector<byte> Next_Protocol_Notification::serialize() const 00283 { 00284 std::vector<byte> buf; 00285 00286 for(size_t i = 0; i != m_protocols.size(); ++i) 00287 { 00288 const std::string p = m_protocols[i]; 00289 00290 if(p != "") 00291 append_tls_length_value(buf, 00292 reinterpret_cast<const byte*>(p.data()), 00293 p.size(), 00294 1); 00295 } 00296 00297 return buf; 00298 } 00299 00300 std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id) 00301 { 00302 switch(id) 00303 { 00304 case 15: 00305 return "secp160k1"; 00306 case 16: 00307 return "secp160r1"; 00308 case 17: 00309 return "secp160r2"; 00310 case 18: 00311 return "secp192k1"; 00312 case 19: 00313 return "secp192r1"; 00314 case 20: 00315 return "secp224k1"; 00316 case 21: 00317 return "secp224r1"; 00318 case 22: 00319 return "secp256k1"; 00320 case 23: 00321 return "secp256r1"; 00322 case 24: 00323 return "secp384r1"; 00324 case 25: 00325 return "secp521r1"; 00326 case 26: 00327 return "brainpool256r1"; 00328 case 27: 00329 return "brainpool384r1"; 00330 case 28: 00331 return "brainpool512r1"; 00332 default: 00333 return ""; // something we don't know or support 00334 } 00335 } 00336 00337 u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) 00338 { 00339 if(name == "secp160k1") 00340 return 15; 00341 if(name == "secp160r1") 00342 return 16; 00343 if(name == "secp160r2") 00344 return 17; 00345 if(name == "secp192k1") 00346 return 18; 00347 if(name == "secp192r1") 00348 return 19; 00349 if(name == "secp224k1") 00350 return 20; 00351 if(name == "secp224r1") 00352 return 21; 00353 if(name == "secp256k1") 00354 return 22; 00355 if(name == "secp256r1") 00356 return 23; 00357 if(name == "secp384r1") 00358 return 24; 00359 if(name == "secp521r1") 00360 return 25; 00361 if(name == "brainpool256r1") 00362 return 26; 00363 if(name == "brainpool384r1") 00364 return 27; 00365 if(name == "brainpool512r1") 00366 return 28; 00367 00368 throw Invalid_Argument("name_to_curve_id unknown name " + name); 00369 } 00370 00371 std::vector<byte> Supported_Elliptic_Curves::serialize() const 00372 { 00373 std::vector<byte> buf(2); 00374 00375 for(size_t i = 0; i != m_curves.size(); ++i) 00376 { 00377 const u16bit id = name_to_curve_id(m_curves[i]); 00378 buf.push_back(get_byte(0, id)); 00379 buf.push_back(get_byte(1, id)); 00380 } 00381 00382 buf[0] = get_byte<u16bit>(0, buf.size()-2); 00383 buf[1] = get_byte<u16bit>(1, buf.size()-2); 00384 00385 return buf; 00386 } 00387 00388 Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader, 00389 u16bit extension_size) 00390 { 00391 u16bit len = reader.get_u16bit(); 00392 00393 if(len + 2 != extension_size) 00394 throw Decoding_Error("Inconsistent length field in elliptic curve list"); 00395 00396 if(len % 2 == 1) 00397 throw Decoding_Error("Elliptic curve list of strange size"); 00398 00399 len /= 2; 00400 00401 for(size_t i = 0; i != len; ++i) 00402 { 00403 const u16bit id = reader.get_u16bit(); 00404 const std::string name = curve_id_to_name(id); 00405 00406 if(name != "") 00407 m_curves.push_back(name); 00408 } 00409 } 00410 00411 std::string Signature_Algorithms::hash_algo_name(byte code) 00412 { 00413 switch(code) 00414 { 00415 case 1: 00416 return "MD5"; 00417 // code 1 is MD5 - ignore it 00418 00419 case 2: 00420 return "SHA-1"; 00421 case 3: 00422 return "SHA-224"; 00423 case 4: 00424 return "SHA-256"; 00425 case 5: 00426 return "SHA-384"; 00427 case 6: 00428 return "SHA-512"; 00429 default: 00430 return ""; 00431 } 00432 } 00433 00434 byte Signature_Algorithms::hash_algo_code(const std::string& name) 00435 { 00436 if(name == "MD5") 00437 return 1; 00438 00439 if(name == "SHA-1") 00440 return 2; 00441 00442 if(name == "SHA-224") 00443 return 3; 00444 00445 if(name == "SHA-256") 00446 return 4; 00447 00448 if(name == "SHA-384") 00449 return 5; 00450 00451 if(name == "SHA-512") 00452 return 6; 00453 00454 throw Internal_Error("Unknown hash ID " + name + " for signature_algorithms"); 00455 } 00456 00457 std::string Signature_Algorithms::sig_algo_name(byte code) 00458 { 00459 switch(code) 00460 { 00461 case 1: 00462 return "RSA"; 00463 case 2: 00464 return "DSA"; 00465 case 3: 00466 return "ECDSA"; 00467 default: 00468 return ""; 00469 } 00470 } 00471 00472 byte Signature_Algorithms::sig_algo_code(const std::string& name) 00473 { 00474 if(name == "RSA") 00475 return 1; 00476 00477 if(name == "DSA") 00478 return 2; 00479 00480 if(name == "ECDSA") 00481 return 3; 00482 00483 throw Internal_Error("Unknown sig ID " + name + " for signature_algorithms"); 00484 } 00485 00486 std::vector<byte> Signature_Algorithms::serialize() const 00487 { 00488 std::vector<byte> buf(2); 00489 00490 for(size_t i = 0; i != m_supported_algos.size(); ++i) 00491 { 00492 try 00493 { 00494 const byte hash_code = hash_algo_code(m_supported_algos[i].first); 00495 const byte sig_code = sig_algo_code(m_supported_algos[i].second); 00496 00497 buf.push_back(hash_code); 00498 buf.push_back(sig_code); 00499 } 00500 catch(...) 00501 {} 00502 } 00503 00504 buf[0] = get_byte<u16bit>(0, buf.size()-2); 00505 buf[1] = get_byte<u16bit>(1, buf.size()-2); 00506 00507 return buf; 00508 } 00509 00510 Signature_Algorithms::Signature_Algorithms(const std::vector<std::string>& hashes, 00511 const std::vector<std::string>& sigs) 00512 { 00513 for(size_t i = 0; i != hashes.size(); ++i) 00514 for(size_t j = 0; j != sigs.size(); ++j) 00515 m_supported_algos.push_back(std::make_pair(hashes[i], sigs[j])); 00516 } 00517 00518 Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, 00519 u16bit extension_size) 00520 { 00521 u16bit len = reader.get_u16bit(); 00522 00523 if(len + 2 != extension_size) 00524 throw Decoding_Error("Bad encoding on signature algorithms extension"); 00525 00526 while(len) 00527 { 00528 const std::string hash_code = hash_algo_name(reader.get_byte()); 00529 const std::string sig_code = sig_algo_name(reader.get_byte()); 00530 00531 len -= 2; 00532 00533 // If not something we know, ignore it completely 00534 if(hash_code == "" || sig_code == "") 00535 continue; 00536 00537 m_supported_algos.push_back(std::make_pair(hash_code, sig_code)); 00538 } 00539 } 00540 00541 Session_Ticket::Session_Ticket(TLS_Data_Reader& reader, 00542 u16bit extension_size) 00543 { 00544 m_ticket = reader.get_elem<byte, std::vector<byte> >(extension_size); 00545 } 00546 00547 SRTP_Protection_Profiles::SRTP_Protection_Profiles(TLS_Data_Reader& reader, 00548 u16bit extension_size) 00549 { 00550 m_pp = reader.get_range<u16bit>(2, 0, 65535); 00551 00552 const std::vector<byte> mki = reader.get_range<byte>(1, 0, 255); 00553 00554 if(m_pp.size() * 2 + mki.size() + 3 != extension_size) 00555 throw Decoding_Error("Bad encoding for SRTP protection extension"); 00556 00557 if(!mki.empty()) 00558 throw Decoding_Error("Unhandled non-empty MKI for SRTP protection extension"); 00559 } 00560 00561 std::vector<byte> SRTP_Protection_Profiles::serialize() const 00562 { 00563 std::vector<byte> buf; 00564 00565 const u16bit pp_len = m_pp.size() * 2; 00566 buf.push_back(get_byte(0, pp_len)); 00567 buf.push_back(get_byte(1, pp_len)); 00568 00569 for(u16bit pp : m_pp) 00570 { 00571 buf.push_back(get_byte(0, pp)); 00572 buf.push_back(get_byte(1, pp)); 00573 } 00574 00575 buf.push_back(0); // srtp_mki, always empty here 00576 00577 return buf; 00578 } 00579 00580 } 00581 00582 }