5079590438

Committed 25 May 2023 12:28PM UTC coverage: 92.228% (+0.5%) from 91.723%

Build # 5079590438

Build Type

Pull #3502

github

Pull Request Pull Request #3502: Apply clang-format to the codebase

Run Details

75589 of 81959 relevant lines covered (92.23%)

12139530.51 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.55

/src/lib/tls/tls13/msg_encrypted_extensions.cpp

/*
* TLS Hello Request and Client Hello Messages
* (C) 2022 Jack Lloyd
*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_messages.h>

#include <botan/tls_callbacks.h>
#include <botan/tls_exceptn.h>
#include <botan/internal/tls_reader.h>

namespace Botan::TLS {

Encrypted_Extensions::Encrypted_Extensions(const Client_Hello_13& client_hello, const Policy& policy, Callbacks& cb) {
   const auto& exts = client_hello.extensions();

   // RFC 8446 4.2.7
   //    As of TLS 1.3, servers are permitted to send the "supported_groups"
   //    extension to the client.  Clients [...] MAY use the information
   //    learned from a successfully completed handshake to change what groups
   //    they use in their "key_share" extension in subsequent connections.
   if(exts.has<Supported_Groups>()) {
      m_extensions.add(new Supported_Groups(policy.key_exchange_groups()));
   }

   const auto record_size_limit = policy.record_size_limit();
   const auto max_record_size = MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */;
   if(exts.has<Record_Size_Limit>()) {
      // RFC 8449 4
      //    Endpoints SHOULD advertise the "record_size_limit" extension, even
      //    if they have no need to limit the size of records. [...]  For
      //    servers, this allows clients to know that their limit will be
      //    respected.
      m_extensions.add(new Record_Size_Limit(record_size_limit.value_or(max_record_size)));
   } else if(record_size_limit.has_value() && record_size_limit.value() < max_record_size) {
      // RFC 8449 4
      //    Endpoints SHOULD advertise the "record_size_limit" extension, even if
      //    they have no need to limit the size of records. For clients, this
      //    allows servers to advertise a limit at their discretion.
      throw TLS_Exception(Alert::MissingExtension,
                          "Server cannot enforce record size limit without the client supporting it");
   }

   // RFC 6066 3
   //    A server that receives a client hello containing the "server_name"
   //    extension [...] SHALL include an extension of type "server_name" in the
   //    (extended) server hello. The "extension_data" field of this extension
   //    SHALL be empty.
   if(exts.has<Server_Name_Indicator>()) {
      m_extensions.add(new Server_Name_Indicator(""));
   }

   if(auto alpn_ext = exts.get<Application_Layer_Protocol_Notification>()) {
      const auto next_protocol = cb.tls_server_choose_app_protocol(alpn_ext->protocols());
      if(!next_protocol.empty()) {
         m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
      }
   }

   // TODO: Implement handling for (at least)
   //       * SRTP

   cb.tls_modify_extensions(m_extensions, Connection_Side::Server, type());
}

Encrypted_Extensions::Encrypted_Extensions(const std::vector<uint8_t>& buf) {
   TLS_Data_Reader reader("encrypted extensions reader", buf);

   // Encrypted Extensions contains a list of extensions. This list may legally
   // be empty. However, in that case we should at least see a two-byte length
   // field that reads 0x00 0x00.
   if(buf.size() < 2) {
      throw TLS_Exception(Alert::DecodeError, "Server sent an empty Encrypted Extensions message");
   }

   m_extensions.deserialize(reader, Connection_Side::Server, type());

   // RFC 8446 4.2
   //    If an implementation receives an extension which it recognizes and
   //    which is not specified for the message in which it appears, it MUST
   //    abort the handshake with an "illegal_parameter" alert.
   //
   // Note that we cannot encounter any extensions that we don't recognize here,
   // since only extensions we previously offered are allowed in EE.
   const auto allowed_exts = std::set<Extension_Code>{
      // Allowed extensions listed in RFC 8446 and implemented in Botan
      Extension_Code::ServerNameIndication,
      // MAX_FRAGMENT_LENGTH
      Extension_Code::SupportedGroups,
      Extension_Code::UseSrtp,
      // HEARTBEAT
      Extension_Code::ApplicationLayerProtocolNegotiation,
      // CLIENT_CERTIFICATE_TYPE
      // SERVER_CERTIFICATE_TYPE
      // EARLY_DATA

      // Allowed extensions not listed in RFC 8446 but acceptable as Botan implements them
      Extension_Code::RecordSizeLimit,
   };
   if(m_extensions.contains_implemented_extensions_other_than(allowed_exts)) {
      throw TLS_Exception(Alert::IllegalParameter, "Encrypted Extensions contained an extension that is not allowed");
   }
}

std::vector<uint8_t> Encrypted_Extensions::serialize() const { return m_extensions.serialize(Connection_Side::Server); }

}

1	/*
2	* TLS Hello Request and Client Hello Messages
3	* (C) 2022 Jack Lloyd
4	* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
5	*
6	* Botan is released under the Simplified BSD License (see license.txt)
7	*/
8
9	#include <botan/tls_messages.h>
10
11	#include <botan/tls_callbacks.h>
12	#include <botan/tls_exceptn.h>
13	#include <botan/internal/tls_reader.h>
14
15	namespace Botan::TLS {
16
17	Encrypted_Extensions::Encrypted_Extensions(const Client_Hello_13& client_hello, const Policy& policy, Callbacks& cb) {	352✔
18	const auto& exts = client_hello.extensions();	352✔
19
20	// RFC 8446 4.2.7
21	// As of TLS 1.3, servers are permitted to send the "supported_groups"
22	// extension to the client. Clients [...] MAY use the information
23	// learned from a successfully completed handshake to change what groups
24	// they use in their "key_share" extension in subsequent connections.
25	if(exts.has<Supported_Groups>()) {	352✔
26	m_extensions.add(new Supported_Groups(policy.key_exchange_groups()));	704✔
27	}
28
29	const auto record_size_limit = policy.record_size_limit();	352✔
30	const auto max_record_size = MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */;	352✔
31	if(exts.has<Record_Size_Limit>()) {	352✔
32	// RFC 8449 4
33	// Endpoints SHOULD advertise the "record_size_limit" extension, even
34	// if they have no need to limit the size of records. [...] For
35	// servers, this allows clients to know that their limit will be
36	// respected.
37	m_extensions.add(new Record_Size_Limit(record_size_limit.value_or(max_record_size)));	11✔
38	} else if(record_size_limit.has_value() && record_size_limit.value() < max_record_size) {	346✔
39	// RFC 8449 4
40	// Endpoints SHOULD advertise the "record_size_limit" extension, even if
41	// they have no need to limit the size of records. For clients, this
42	// allows servers to advertise a limit at their discretion.
43	throw TLS_Exception(Alert::MissingExtension,	×
44	"Server cannot enforce record size limit without the client supporting it");	×
45	}
46
47	// RFC 6066 3
48	// A server that receives a client hello containing the "server_name"
49	// extension [...] SHALL include an extension of type "server_name" in the
50	// (extended) server hello. The "extension_data" field of this extension
51	// SHALL be empty.
52	if(exts.has<Server_Name_Indicator>()) {	352✔
53	m_extensions.add(new Server_Name_Indicator(""));	686✔
54	}
55
56	if(auto alpn_ext = exts.get<Application_Layer_Protocol_Notification>()) {	352✔
57	const auto next_protocol = cb.tls_server_choose_app_protocol(alpn_ext->protocols());	7✔
58	if(!next_protocol.empty()) {	6✔
59	m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));	4✔
60	}
61	}	6✔
62
63	// TODO: Implement handling for (at least)
64	// * SRTP
65
66	cb.tls_modify_extensions(m_extensions, Connection_Side::Server, type());	351✔
67	}	352✔
68
69	Encrypted_Extensions::Encrypted_Extensions(const std::vector<uint8_t>& buf) {	423✔
70	TLS_Data_Reader reader("encrypted extensions reader", buf);	423✔
71
72	// Encrypted Extensions contains a list of extensions. This list may legally
73	// be empty. However, in that case we should at least see a two-byte length
74	// field that reads 0x00 0x00.
75	if(buf.size() < 2) {	423✔
76	throw TLS_Exception(Alert::DecodeError, "Server sent an empty Encrypted Extensions message");	1✔
77	}
78
79	m_extensions.deserialize(reader, Connection_Side::Server, type());	422✔
80
81	// RFC 8446 4.2
82	// If an implementation receives an extension which it recognizes and
83	// which is not specified for the message in which it appears, it MUST
84	// abort the handshake with an "illegal_parameter" alert.
85	//
86	// Note that we cannot encounter any extensions that we don't recognize here,
87	// since only extensions we previously offered are allowed in EE.
88	const auto allowed_exts = std::set<Extension_Code>{	418✔
89	// Allowed extensions listed in RFC 8446 and implemented in Botan
90	Extension_Code::ServerNameIndication,
91	// MAX_FRAGMENT_LENGTH
92	Extension_Code::SupportedGroups,
93	Extension_Code::UseSrtp,
94	// HEARTBEAT
95	Extension_Code::ApplicationLayerProtocolNegotiation,
96	// CLIENT_CERTIFICATE_TYPE
97	// SERVER_CERTIFICATE_TYPE
98	// EARLY_DATA
99
100	// Allowed extensions not listed in RFC 8446 but acceptable as Botan implements them
101	Extension_Code::RecordSizeLimit,
102	};	418✔
103	if(m_extensions.contains_implemented_extensions_other_than(allowed_exts)) {	418✔
104	throw TLS_Exception(Alert::IllegalParameter, "Encrypted Extensions contained an extension that is not allowed");	5✔
105	}
106	}	423✔
107
108	std::vector<uint8_t> Encrypted_Extensions::serialize() const { return m_extensions.serialize(Connection_Side::Server); }	360✔
109
110	}

randombit / botan / 5079590438

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous