Botan  1.11.15
src/lib/tls/tls_extensions.cpp
Go to the documentation of this file.
00001 /*
00002 * TLS Extensions
00003 * (C) 2011,2012,2015 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #include <botan/internal/tls_extensions.h>
00009 #include <botan/internal/tls_reader.h>
00010 #include <botan/tls_exceptn.h>
00011 
00012 namespace Botan {
00013 
00014 namespace TLS {
00015 
00016 namespace {
00017 
00018 Extension* make_extension(TLS_Data_Reader& reader,
00019                           u16bit code,
00020                           u16bit size)
00021    {
00022    switch(code)
00023       {
00024       case TLSEXT_SERVER_NAME_INDICATION:
00025          return new Server_Name_Indicator(reader, size);
00026 
00027       case TLSEXT_MAX_FRAGMENT_LENGTH:
00028          return new Maximum_Fragment_Length(reader, size);
00029 
00030       case TLSEXT_SRP_IDENTIFIER:
00031          return new SRP_Identifier(reader, size);
00032 
00033       case TLSEXT_USABLE_ELLIPTIC_CURVES:
00034          return new Supported_Elliptic_Curves(reader, size);
00035 
00036       case TLSEXT_SAFE_RENEGOTIATION:
00037          return new Renegotiation_Extension(reader, size);
00038 
00039       case TLSEXT_SIGNATURE_ALGORITHMS:
00040          return new Signature_Algorithms(reader, size);
00041 
00042         case TLSEXT_USE_SRTP:
00043           return new SRTP_Protection_Profiles(reader, size);
00044 
00045       case TLSEXT_NEXT_PROTOCOL:
00046          return new Next_Protocol_Notification(reader, size);
00047 
00048       case TLSEXT_HEARTBEAT_SUPPORT:
00049          return new Heartbeat_Support_Indicator(reader, size);
00050 
00051       case TLSEXT_SESSION_TICKET:
00052          return new Session_Ticket(reader, size);
00053 
00054       default:
00055          return nullptr; // not known
00056       }
00057    }
00058 
00059 }
00060 
00061 void Extensions::deserialize(TLS_Data_Reader& reader)
00062    {
00063    if(reader.has_remaining())
00064       {
00065       const u16bit all_extn_size = reader.get_u16bit();
00066 
00067       if(reader.remaining_bytes() != all_extn_size)
00068          throw Decoding_Error("Bad extension size");
00069 
00070       while(reader.has_remaining())
00071          {
00072          const u16bit extension_code = reader.get_u16bit();
00073          const u16bit extension_size = reader.get_u16bit();
00074 
00075          Extension* extn = make_extension(reader,
00076                                           extension_code,
00077                                           extension_size);
00078 
00079          if(extn)
00080             this->add(extn);
00081          else // unknown/unhandled extension
00082             reader.discard_next(extension_size);
00083          }
00084       }
00085    }
00086 
00087 std::vector<byte> Extensions::serialize() const
00088    {
00089    std::vector<byte> buf(2); // 2 bytes for length field
00090 
00091    for(auto& extn : extensions)
00092       {
00093       if(extn.second->empty())
00094          continue;
00095 
00096       const u16bit extn_code = extn.second->type();
00097 
00098       std::vector<byte> extn_val = extn.second->serialize();
00099 
00100       buf.push_back(get_byte(0, extn_code));
00101       buf.push_back(get_byte(1, extn_code));
00102 
00103       buf.push_back(get_byte<u16bit>(0, extn_val.size()));
00104       buf.push_back(get_byte<u16bit>(1, extn_val.size()));
00105 
00106       buf += extn_val;
00107       }
00108 
00109    const u16bit extn_size = buf.size() - 2;
00110 
00111    buf[0] = get_byte(0, extn_size);
00112    buf[1] = get_byte(1, extn_size);
00113 
00114    // avoid sending a completely empty extensions block
00115    if(buf.size() == 2)
00116       return std::vector<byte>();
00117 
00118    return buf;
00119    }
00120 
00121 std::set<Handshake_Extension_Type> Extensions::extension_types() const
00122    {
00123    std::set<Handshake_Extension_Type> offers;
00124    for(auto i = extensions.begin(); i != extensions.end(); ++i)
00125       offers.insert(i->first);
00126    return offers;
00127    }
00128 
00129 Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader,
00130                                              u16bit extension_size)
00131    {
00132    /*
00133    * This is used by the server to confirm that it knew the name
00134    */
00135    if(extension_size == 0)
00136       return;
00137 
00138    u16bit name_bytes = reader.get_u16bit();
00139 
00140    if(name_bytes + 2 != extension_size)
00141       throw Decoding_Error("Bad encoding of SNI extension");
00142 
00143    while(name_bytes)
00144       {
00145       byte name_type = reader.get_byte();
00146       name_bytes--;
00147 
00148       if(name_type == 0) // DNS
00149          {
00150          sni_host_name = reader.get_string(2, 1, 65535);
00151          name_bytes -= (2 + sni_host_name.size());
00152          }
00153       else // some other unknown name type
00154          {
00155          reader.discard_next(name_bytes);
00156          name_bytes = 0;
00157          }
00158       }
00159    }
00160 
00161 std::vector<byte> Server_Name_Indicator::serialize() const
00162    {
00163    std::vector<byte> buf;
00164 
00165    size_t name_len = sni_host_name.size();
00166 
00167    buf.push_back(get_byte<u16bit>(0, name_len+3));
00168    buf.push_back(get_byte<u16bit>(1, name_len+3));
00169    buf.push_back(0); // DNS
00170 
00171    buf.push_back(get_byte<u16bit>(0, name_len));
00172    buf.push_back(get_byte<u16bit>(1, name_len));
00173 
00174    buf += std::make_pair(
00175       reinterpret_cast<const byte*>(sni_host_name.data()),
00176       sni_host_name.size());
00177 
00178    return buf;
00179    }
00180 
00181 SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader,
00182                                u16bit extension_size)
00183    {
00184    srp_identifier = reader.get_string(1, 1, 255);
00185 
00186    if(srp_identifier.size() + 1 != extension_size)
00187       throw Decoding_Error("Bad encoding for SRP identifier extension");
00188    }
00189 
00190 std::vector<byte> SRP_Identifier::serialize() const
00191    {
00192    std::vector<byte> buf;
00193 
00194    const byte* srp_bytes =
00195       reinterpret_cast<const byte*>(srp_identifier.data());
00196 
00197    append_tls_length_value(buf, srp_bytes, srp_identifier.size(), 1);
00198 
00199    return buf;
00200    }
00201 
00202 Renegotiation_Extension::Renegotiation_Extension(TLS_Data_Reader& reader,
00203                                                  u16bit extension_size)
00204    {
00205    reneg_data = reader.get_range<byte>(1, 0, 255);
00206 
00207    if(reneg_data.size() + 1 != extension_size)
00208       throw Decoding_Error("Bad encoding for secure renegotiation extn");
00209    }
00210 
00211 std::vector<byte> Renegotiation_Extension::serialize() const
00212    {
00213    std::vector<byte> buf;
00214    append_tls_length_value(buf, reneg_data, 1);
00215    return buf;
00216    }
00217 
00218 std::vector<byte> Maximum_Fragment_Length::serialize() const
00219    {
00220    switch(m_max_fragment)
00221       {
00222       case 512:
00223          return std::vector<byte>(1, 1);
00224       case 1024:
00225          return std::vector<byte>(1, 2);
00226       case 2048:
00227          return std::vector<byte>(1, 3);
00228       case 4096:
00229          return std::vector<byte>(1, 4);
00230       default:
00231          throw std::invalid_argument("Bad setting " +
00232                                      std::to_string(m_max_fragment) +
00233                                      " for maximum fragment size");
00234       }
00235    }
00236 
00237 Maximum_Fragment_Length::Maximum_Fragment_Length(TLS_Data_Reader& reader,
00238                                                  u16bit extension_size)
00239    {
00240    if(extension_size != 1)
00241       throw Decoding_Error("Bad size for maximum fragment extension");
00242 
00243    const byte val = reader.get_byte();
00244 
00245    switch(val)
00246       {
00247       case 1:
00248          m_max_fragment = 512;
00249       case 2:
00250          m_max_fragment = 1024;
00251       case 3:
00252          m_max_fragment = 2048;
00253       case 4:
00254          m_max_fragment = 4096;
00255       default:
00256          throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
00257                              "Bad value " + std::to_string(val) + " for max fragment len");
00258       }
00259    }
00260 
00261 Next_Protocol_Notification::Next_Protocol_Notification(TLS_Data_Reader& reader,
00262                                                        u16bit extension_size)
00263    {
00264    if(extension_size == 0)
00265       return; // empty extension
00266 
00267    size_t bytes_remaining = extension_size;
00268 
00269    while(bytes_remaining)
00270       {
00271       const std::string p = reader.get_string(1, 0, 255);
00272 
00273       if(bytes_remaining < p.size() + 1)
00274          throw Decoding_Error("Bad encoding for next protocol extension");
00275 
00276       bytes_remaining -= (p.size() + 1);
00277 
00278       m_protocols.push_back(p);
00279       }
00280    }
00281 
00282 std::vector<byte> Next_Protocol_Notification::serialize() const
00283    {
00284    std::vector<byte> buf;
00285 
00286    for(size_t i = 0; i != m_protocols.size(); ++i)
00287       {
00288       const std::string p = m_protocols[i];
00289 
00290       if(p != "")
00291          append_tls_length_value(buf,
00292                                  reinterpret_cast<const byte*>(p.data()),
00293                                  p.size(),
00294                                  1);
00295       }
00296 
00297    return buf;
00298    }
00299 
00300 std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id)
00301    {
00302    switch(id)
00303       {
00304       case 15:
00305          return "secp160k1";
00306       case 16:
00307          return "secp160r1";
00308       case 17:
00309          return "secp160r2";
00310       case 18:
00311          return "secp192k1";
00312       case 19:
00313          return "secp192r1";
00314       case 20:
00315          return "secp224k1";
00316       case 21:
00317          return "secp224r1";
00318       case 22:
00319          return "secp256k1";
00320       case 23:
00321          return "secp256r1";
00322       case 24:
00323          return "secp384r1";
00324       case 25:
00325          return "secp521r1";
00326       case 26:
00327          return "brainpool256r1";
00328       case 27:
00329          return "brainpool384r1";
00330       case 28:
00331          return "brainpool512r1";
00332       default:
00333          return ""; // something we don't know or support
00334       }
00335    }
00336 
00337 u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name)
00338    {
00339    if(name == "secp160k1")
00340       return 15;
00341    if(name == "secp160r1")
00342       return 16;
00343    if(name == "secp160r2")
00344       return 17;
00345    if(name == "secp192k1")
00346       return 18;
00347    if(name == "secp192r1")
00348       return 19;
00349    if(name == "secp224k1")
00350       return 20;
00351    if(name == "secp224r1")
00352       return 21;
00353    if(name == "secp256k1")
00354       return 22;
00355    if(name == "secp256r1")
00356       return 23;
00357    if(name == "secp384r1")
00358       return 24;
00359    if(name == "secp521r1")
00360       return 25;
00361    if(name == "brainpool256r1")
00362       return 26;
00363    if(name == "brainpool384r1")
00364       return 27;
00365    if(name == "brainpool512r1")
00366       return 28;
00367 
00368    throw Invalid_Argument("name_to_curve_id unknown name " + name);
00369    }
00370 
00371 std::vector<byte> Supported_Elliptic_Curves::serialize() const
00372    {
00373    std::vector<byte> buf(2);
00374 
00375    for(size_t i = 0; i != m_curves.size(); ++i)
00376       {
00377       const u16bit id = name_to_curve_id(m_curves[i]);
00378       buf.push_back(get_byte(0, id));
00379       buf.push_back(get_byte(1, id));
00380       }
00381 
00382    buf[0] = get_byte<u16bit>(0, buf.size()-2);
00383    buf[1] = get_byte<u16bit>(1, buf.size()-2);
00384 
00385    return buf;
00386    }
00387 
00388 Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader,
00389                                                      u16bit extension_size)
00390    {
00391    u16bit len = reader.get_u16bit();
00392 
00393    if(len + 2 != extension_size)
00394       throw Decoding_Error("Inconsistent length field in elliptic curve list");
00395 
00396    if(len % 2 == 1)
00397       throw Decoding_Error("Elliptic curve list of strange size");
00398 
00399    len /= 2;
00400 
00401    for(size_t i = 0; i != len; ++i)
00402       {
00403       const u16bit id = reader.get_u16bit();
00404       const std::string name = curve_id_to_name(id);
00405 
00406       if(name != "")
00407          m_curves.push_back(name);
00408       }
00409    }
00410 
00411 std::string Signature_Algorithms::hash_algo_name(byte code)
00412    {
00413    switch(code)
00414       {
00415       case 1:
00416          return "MD5";
00417       // code 1 is MD5 - ignore it
00418 
00419       case 2:
00420          return "SHA-1";
00421       case 3:
00422          return "SHA-224";
00423       case 4:
00424          return "SHA-256";
00425       case 5:
00426          return "SHA-384";
00427       case 6:
00428          return "SHA-512";
00429       default:
00430          return "";
00431       }
00432    }
00433 
00434 byte Signature_Algorithms::hash_algo_code(const std::string& name)
00435    {
00436    if(name == "MD5")
00437       return 1;
00438 
00439    if(name == "SHA-1")
00440       return 2;
00441 
00442    if(name == "SHA-224")
00443       return 3;
00444 
00445    if(name == "SHA-256")
00446       return 4;
00447 
00448    if(name == "SHA-384")
00449       return 5;
00450 
00451    if(name == "SHA-512")
00452       return 6;
00453 
00454    throw Internal_Error("Unknown hash ID " + name + " for signature_algorithms");
00455    }
00456 
00457 std::string Signature_Algorithms::sig_algo_name(byte code)
00458    {
00459    switch(code)
00460       {
00461       case 1:
00462          return "RSA";
00463       case 2:
00464          return "DSA";
00465       case 3:
00466          return "ECDSA";
00467       default:
00468          return "";
00469       }
00470    }
00471 
00472 byte Signature_Algorithms::sig_algo_code(const std::string& name)
00473    {
00474    if(name == "RSA")
00475       return 1;
00476 
00477    if(name == "DSA")
00478       return 2;
00479 
00480    if(name == "ECDSA")
00481       return 3;
00482 
00483    throw Internal_Error("Unknown sig ID " + name + " for signature_algorithms");
00484    }
00485 
00486 std::vector<byte> Signature_Algorithms::serialize() const
00487    {
00488    std::vector<byte> buf(2);
00489 
00490    for(size_t i = 0; i != m_supported_algos.size(); ++i)
00491       {
00492       try
00493          {
00494          const byte hash_code = hash_algo_code(m_supported_algos[i].first);
00495          const byte sig_code = sig_algo_code(m_supported_algos[i].second);
00496 
00497          buf.push_back(hash_code);
00498          buf.push_back(sig_code);
00499          }
00500       catch(...)
00501          {}
00502       }
00503 
00504    buf[0] = get_byte<u16bit>(0, buf.size()-2);
00505    buf[1] = get_byte<u16bit>(1, buf.size()-2);
00506 
00507    return buf;
00508    }
00509 
00510 Signature_Algorithms::Signature_Algorithms(const std::vector<std::string>& hashes,
00511                                            const std::vector<std::string>& sigs)
00512    {
00513    for(size_t i = 0; i != hashes.size(); ++i)
00514       for(size_t j = 0; j != sigs.size(); ++j)
00515          m_supported_algos.push_back(std::make_pair(hashes[i], sigs[j]));
00516    }
00517 
00518 Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader,
00519                                            u16bit extension_size)
00520    {
00521    u16bit len = reader.get_u16bit();
00522 
00523    if(len + 2 != extension_size)
00524       throw Decoding_Error("Bad encoding on signature algorithms extension");
00525 
00526    while(len)
00527       {
00528       const std::string hash_code = hash_algo_name(reader.get_byte());
00529       const std::string sig_code = sig_algo_name(reader.get_byte());
00530 
00531       len -= 2;
00532 
00533       // If not something we know, ignore it completely
00534       if(hash_code == "" || sig_code == "")
00535          continue;
00536 
00537       m_supported_algos.push_back(std::make_pair(hash_code, sig_code));
00538       }
00539    }
00540 
00541 Session_Ticket::Session_Ticket(TLS_Data_Reader& reader,
00542                                u16bit extension_size)
00543    {
00544    m_ticket = reader.get_elem<byte, std::vector<byte> >(extension_size);
00545    }
00546 
00547 SRTP_Protection_Profiles::SRTP_Protection_Profiles(TLS_Data_Reader& reader,
00548                                                    u16bit extension_size)
00549    {
00550    m_pp = reader.get_range<u16bit>(2, 0, 65535);
00551 
00552    const std::vector<byte> mki = reader.get_range<byte>(1, 0, 255);
00553 
00554    if(m_pp.size() * 2 + mki.size() + 3 != extension_size)
00555       throw Decoding_Error("Bad encoding for SRTP protection extension");
00556 
00557    if(!mki.empty())
00558       throw Decoding_Error("Unhandled non-empty MKI for SRTP protection extension");
00559    }
00560 
00561 std::vector<byte> SRTP_Protection_Profiles::serialize() const
00562    {
00563    std::vector<byte> buf;
00564 
00565    const u16bit pp_len = m_pp.size() * 2;
00566    buf.push_back(get_byte(0, pp_len));
00567    buf.push_back(get_byte(1, pp_len));
00568 
00569    for(u16bit pp : m_pp)
00570       {
00571       buf.push_back(get_byte(0, pp));
00572       buf.push_back(get_byte(1, pp));
00573       }
00574 
00575    buf.push_back(0); // srtp_mki, always empty here
00576 
00577    return buf;
00578    }
00579 
00580 }
00581 
00582 }