Botan 3.12.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::TLS::Ciphersuite Class Referencefinal

#include <tls_ciphersuite.h>

Public Member Functions

bool aead_ciphersuite () const
Auth_Method auth_method () const
bool cbc_ciphersuite () const
std::string cipher_algo () const
size_t cipher_keylen () const
uint16_t ciphersuite_code () const
bool ecc_ciphersuite () const
bool is_certificate_required () const
std::string kex_algo () const
Kex_Algo kex_method () const
std::string mac_algo () const
size_t mac_keylen () const
size_t nonce_bytes_from_handshake () const
size_t nonce_bytes_from_record (Protocol_Version version) const
Nonce_Format nonce_format () const
bool null_ciphersuite () const
bool operator< (const Ciphersuite &o) const
bool operator< (const uint16_t c) const
std::string prf_algo () const
bool psk_ciphersuite () const
std::string sig_algo () const
bool signature_used () const
std::string to_string () const
bool usable_in_version (Protocol_Version version) const
bool valid () const

Static Public Member Functions

static const std::vector< Ciphersuite > & all_known_ciphersuites ()
static std::optional< Ciphersuite > by_id (uint16_t suite)
static std::optional< Ciphersuite > from_name (std::string_view name)
static bool is_scsv (uint16_t suite)

Detailed Description

Ciphersuite Information

Definition at line 23 of file tls_ciphersuite.h.

Member Function Documentation

◆ aead_ciphersuite()

bool Botan::TLS::Ciphersuite::aead_ciphersuite ( ) const
Returns
true if this suite uses a AEAD cipher

Definition at line 99 of file tls_ciphersuite.cpp.

99 {
100 return (mac_algo() == "AEAD");
101}
Botan::TLS::Ciphersuite::mac_algo
std::string mac_algo() const
Definition tls_ciphersuite.h:121

References mac_algo().

◆ all_known_ciphersuites()

const std::vector< Ciphersuite > & Botan::TLS::Ciphersuite::all_known_ciphersuites ( )
static

Generate a static list of all known ciphersuites and return it.

Returns
list of all known ciphersuites

Definition at line 344 of file tls_suite_info.cpp.

344 {
345 // clang-format off
346
347 // Note that this list of ciphersuites is ordered by id!
348 static const std::vector<Ciphersuite> g_ciphersuite_list = {
349 Ciphersuite(0x000A, "RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
350 Ciphersuite(0x0016, "DHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
351 Ciphersuite(0x002C, "PSK_WITH_NULL_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER),
352 Ciphersuite(0x002F, "RSA_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
353 Ciphersuite(0x0033, "DHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
354 Ciphersuite(0x0035, "RSA_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
355 Ciphersuite(0x0039, "DHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
356 Ciphersuite(0x003C, "RSA_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
357 Ciphersuite(0x003D, "RSA_WITH_AES_256_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
358 Ciphersuite(0x0067, "DHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
359 Ciphersuite(0x006B, "DHE_RSA_WITH_AES_256_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
360 Ciphersuite(0x008B, "PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
361 Ciphersuite(0x008C, "PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
362 Ciphersuite(0x008D, "PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
363 Ciphersuite(0x009C, "RSA_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
364 Ciphersuite(0x009D, "RSA_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
365 Ciphersuite(0x009E, "DHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
366 Ciphersuite(0x009F, "DHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
367 Ciphersuite(0x00A8, "PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
368 Ciphersuite(0x00A9, "PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
369 Ciphersuite(0x00AE, "PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
370 Ciphersuite(0x00AF, "PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE),
371 Ciphersuite(0x00B0, "PSK_WITH_NULL_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::NULL_CIPHER),
372 Ciphersuite(0x00B1, "PSK_WITH_NULL_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::NULL_CIPHER),
373 Ciphersuite(0x1301, "AES_128_GCM_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
374 Ciphersuite(0x1302, "AES_256_GCM_SHA384", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
375 Ciphersuite(0x1303, "CHACHA20_POLY1305_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
376 Ciphersuite(0x1304, "AES_128_CCM_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
377 Ciphersuite(0x1305, "AES_128_CCM_8_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
378 Ciphersuite(0xC006, "ECDHE_ECDSA_WITH_NULL_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER),
379 Ciphersuite(0xC008, "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
380 Ciphersuite(0xC009, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
381 Ciphersuite(0xC00A, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
382 Ciphersuite(0xC010, "ECDHE_RSA_WITH_NULL_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER),
383 Ciphersuite(0xC012, "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
384 Ciphersuite(0xC013, "ECDHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
385 Ciphersuite(0xC014, "ECDHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
386 Ciphersuite(0xC023, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
387 Ciphersuite(0xC024, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE),
388 Ciphersuite(0xC027, "ECDHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
389 Ciphersuite(0xC028, "ECDHE_RSA_WITH_AES_256_CBC_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE),
390 Ciphersuite(0xC02B, "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
391 Ciphersuite(0xC02C, "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
392 Ciphersuite(0xC02F, "ECDHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
393 Ciphersuite(0xC030, "ECDHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
394 Ciphersuite(0xC034, "ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
395 Ciphersuite(0xC035, "ECDHE_PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
396 Ciphersuite(0xC036, "ECDHE_PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
397 Ciphersuite(0xC037, "ECDHE_PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
398 Ciphersuite(0xC038, "ECDHE_PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE),
399 Ciphersuite(0xC039, "ECDHE_PSK_WITH_NULL_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER),
400 Ciphersuite(0xC03A, "ECDHE_PSK_WITH_NULL_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::NULL_CIPHER),
401 Ciphersuite(0xC03B, "ECDHE_PSK_WITH_NULL_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::NULL_CIPHER),
402 Ciphersuite(0xC050, "RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
403 Ciphersuite(0xC051, "RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
404 Ciphersuite(0xC052, "DHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
405 Ciphersuite(0xC053, "DHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
406 Ciphersuite(0xC05C, "ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
407 Ciphersuite(0xC05D, "ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
408 Ciphersuite(0xC060, "ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
409 Ciphersuite(0xC061, "ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
410 Ciphersuite(0xC06A, "PSK_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
411 Ciphersuite(0xC06B, "PSK_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
412 Ciphersuite(0xC07A, "RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
413 Ciphersuite(0xC07B, "RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
414 Ciphersuite(0xC07C, "DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
415 Ciphersuite(0xC07D, "DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
416 Ciphersuite(0xC086, "ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
417 Ciphersuite(0xC087, "ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
418 Ciphersuite(0xC08A, "ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
419 Ciphersuite(0xC08B, "ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
420 Ciphersuite(0xC08E, "PSK_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
421 Ciphersuite(0xC08F, "PSK_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
422 Ciphersuite(0xC09C, "RSA_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
423 Ciphersuite(0xC09D, "RSA_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
424 Ciphersuite(0xC09E, "DHE_RSA_WITH_AES_128_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
425 Ciphersuite(0xC09F, "DHE_RSA_WITH_AES_256_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
426 Ciphersuite(0xC0A0, "RSA_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
427 Ciphersuite(0xC0A1, "RSA_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
428 Ciphersuite(0xC0A2, "DHE_RSA_WITH_AES_128_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
429 Ciphersuite(0xC0A3, "DHE_RSA_WITH_AES_256_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
430 Ciphersuite(0xC0A4, "PSK_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
431 Ciphersuite(0xC0A5, "PSK_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
432 Ciphersuite(0xC0A8, "PSK_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
433 Ciphersuite(0xC0A9, "PSK_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
434 Ciphersuite(0xC0AC, "ECDHE_ECDSA_WITH_AES_128_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
435 Ciphersuite(0xC0AD, "ECDHE_ECDSA_WITH_AES_256_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
436 Ciphersuite(0xC0AE, "ECDHE_ECDSA_WITH_AES_128_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
437 Ciphersuite(0xC0AF, "ECDHE_ECDSA_WITH_AES_256_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
438 Ciphersuite(0xCCA8, "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
439 Ciphersuite(0xCCA9, "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
440 Ciphersuite(0xCCAA, "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
441 Ciphersuite(0xCCAB, "PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
442 Ciphersuite(0xCCAC, "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
443 Ciphersuite(0xD001, "ECDHE_PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
444 Ciphersuite(0xD002, "ECDHE_PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
445 Ciphersuite(0xD003, "ECDHE_PSK_WITH_AES_128_CCM_8_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
446 Ciphersuite(0xD005, "ECDHE_PSK_WITH_AES_128_CCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
447 Ciphersuite(0xFFC3, "ECDHE_RSA_WITH_AES_256_OCB_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
448 Ciphersuite(0xFFC5, "ECDHE_ECDSA_WITH_AES_256_OCB_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
449 Ciphersuite(0xFFC7, "PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
450 Ciphersuite(0xFFCB, "ECDHE_PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
451 };
452
453 // clang-format on
454
455 return g_ciphersuite_list;
456}

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, Botan::TLS::CBC_MODE, Botan::TLS::DH, Botan::TLS::ECDH, Botan::TLS::ECDHE_PSK, Botan::TLS::ECDSA, Botan::TLS::IMPLICIT, Botan::TLS::NULL_CIPHER, Botan::TLS::PSK, Botan::TLS::RSA, Botan::TLS::SHA_1, Botan::TLS::SHA_256, Botan::TLS::SHA_384, Botan::TLS::STATIC_RSA, and Botan::TLS::UNDEFINED.

Referenced by by_id(), Botan::TLS::Policy::ciphersuite_list(), and from_name().

◆ auth_method()

Auth_Method Botan::TLS::Ciphersuite::auth_method ( ) const
inline

Definition at line 111 of file tls_ciphersuite.h.

111{ return m_auth_method; }

Referenced by ecc_ciphersuite(), sig_algo(), and signature_used().

◆ by_id()

std::optional< Ciphersuite > Botan::TLS::Ciphersuite::by_id ( uint16_t suite)
static

Convert an SSL/TLS ciphersuite to algorithm fields

Parameters
suitethe ciphersuite code number
Returns
ciphersuite object or std::nullopt if it is unknown to the library

Definition at line 111 of file tls_ciphersuite.cpp.

111 {
112 const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
113 auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite);
114
115 if(s != all_suites.end() && s->ciphersuite_code() == suite) {
116 return *s;
117 }
118
119 return std::nullopt; // some unknown ciphersuite
120}
Botan::TLS::Ciphersuite::all_known_ciphersuites
static const std::vector< Ciphersuite > & all_known_ciphersuites()
Definition tls_suite_info.cpp:344

References all_known_ciphersuites().

Referenced by Botan::TLS::Session_Base::ciphersuite(), Botan::TLS::Client_Hello_13::retry(), Botan::TLS::Handshake_State::server_hello(), Botan::TLS::Server_Hello_12::Server_Hello_12(), and Botan::TLS::Session::Session().

◆ cbc_ciphersuite()

bool Botan::TLS::Ciphersuite::cbc_ciphersuite ( ) const
Returns
true if this suite uses a CBC cipher

Definition at line 91 of file tls_ciphersuite.cpp.

91 {
92 return (mac_algo() != "AEAD" && cipher_algo() != "NULL");
93}
Botan::TLS::Ciphersuite::cipher_algo
std::string cipher_algo() const
Definition tls_ciphersuite.h:116

References cipher_algo(), and mac_algo().

◆ cipher_algo()

std::string Botan::TLS::Ciphersuite::cipher_algo ( ) const
inline
Returns
symmetric cipher algorithm used by this ciphersuite

Definition at line 116 of file tls_ciphersuite.h.

116{ return m_cipher_algo; }

Referenced by Botan::TLS::Policy::acceptable_ciphersuite(), Botan::TLS::Cipher_State::advance_with_server_hello(), cbc_ciphersuite(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Cipher_State::is_compatible_with(), nonce_bytes_from_record(), and null_ciphersuite().

◆ cipher_keylen()

size_t Botan::TLS::Ciphersuite::cipher_keylen ( ) const
inline
Returns
cipher key length used by this ciphersuite

Definition at line 128 of file tls_ciphersuite.h.

128{ return m_cipher_keylen; }

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

◆ ciphersuite_code()

uint16_t Botan::TLS::Ciphersuite::ciphersuite_code ( ) const
inline
Returns
ciphersuite number

Definition at line 62 of file tls_ciphersuite.h.

62{ return m_ciphersuite_code; }

Referenced by operator<(), operator<(), and usable_in_version().

◆ ecc_ciphersuite()

bool Botan::TLS::Ciphersuite::ecc_ciphersuite ( ) const
Returns
true if this is an ECC ciphersuite

Definition at line 73 of file tls_ciphersuite.cpp.

73 {
74 return kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK || auth_method() == Auth_Method::ECDSA;
75}
Botan::TLS::Ciphersuite::auth_method
Auth_Method auth_method() const
Definition tls_ciphersuite.h:111
Botan::TLS::Ciphersuite::kex_method
Kex_Algo kex_method() const
Definition tls_ciphersuite.h:104

References auth_method(), Botan::TLS::ECDH, Botan::TLS::ECDHE_PSK, Botan::TLS::ECDSA, and kex_method().

◆ from_name()

std::optional< Ciphersuite > Botan::TLS::Ciphersuite::from_name ( std::string_view name)
static

Convert an SSL/TLS ciphersuite name to algorithm fields

Parameters
namethe IANA name for the desired ciphersuite
Returns
ciphersuite object or std::nullopt if it is unknown to the library

Definition at line 122 of file tls_ciphersuite.cpp.

122 {
123 const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
124
125 for(const auto& suite : all_suites) {
126 if(suite.to_string() == name) {
127 return suite;
128 }
129 }
130
131 return std::nullopt; // some unknown ciphersuite
132}

References all_known_ciphersuites().

◆ is_certificate_required()

bool Botan::TLS::Ciphersuite::is_certificate_required ( ) const
Returns
true if this ciphersuite requires the server to present a certificate. True for both signature-authenticated suites and static RSA key exchange (which uses the server's RSA cert for key transport).

Definition at line 107 of file tls_ciphersuite.cpp.

107 {
108 return signature_used() || kex_method() == Kex_Algo::STATIC_RSA;
109}

References kex_method(), signature_used(), and Botan::TLS::STATIC_RSA.

◆ is_scsv()

bool Botan::TLS::Ciphersuite::is_scsv ( uint16_t suite)
static

Returns true iff this suite is a known SCSV

Definition at line 46 of file tls_ciphersuite.cpp.

46 {
47 // Both signaling cipher suite values - skip them when iterating
48 // negotiable ciphersuites. The two callers are:
49 //
50 // - 0x00FF: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (RFC 5746). Consumed by
51 // Client_Hello_12::Client_Hello_12 to set secure_renegotiation when
52 // the renegotiation_info extension is absent.
53 //
54 // - 0x5600: TLS_FALLBACK_SCSV (RFC 7507). Recognized so it is filtered
55 // out of negotiation, but the inappropriate_fallback enforcement is
56 // intentionally not implemented:
57 // * Botan does not support TLS 1.0 / 1.1, so the 1.2 -> 1.0/1.1
58 // fallback that SCSV was originally designed to detect cannot
59 // occur here.
60 // * The 1.3 -> 1.2 downgrade is already protected by the
61 // ServerHello.random sentinel (RFC 8446 4.1.3, DOWNGRADE_TLS12),
62 // which Botan's TLS 1.3 client enforces at
63 // tls_client_impl_13.cpp via random_signals_downgrade().
64 //
65 // TODO: derive from IANA file in script
66 return (suite == 0x00FF || suite == 0x5600);
67}

◆ kex_algo()

std::string Botan::TLS::Ciphersuite::kex_algo ( ) const
inline
Returns
key exchange algorithm used by this ciphersuite

Definition at line 102 of file tls_ciphersuite.h.

102{ return kex_method_to_string(kex_method()); }
Botan::TLS::kex_method_to_string
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:30

References kex_method(), and Botan::TLS::kex_method_to_string().

◆ kex_method()

Kex_Algo Botan::TLS::Ciphersuite::kex_method ( ) const
inline

Definition at line 104 of file tls_ciphersuite.h.

104{ return m_kex_algo; }

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), ecc_ciphersuite(), is_certificate_required(), kex_algo(), psk_ciphersuite(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ mac_algo()

std::string Botan::TLS::Ciphersuite::mac_algo ( ) const
inline
Returns
message authentication algorithm used by this ciphersuite

Definition at line 121 of file tls_ciphersuite.h.

121{ return m_mac_algo; }

Referenced by Botan::TLS::Policy::acceptable_ciphersuite(), aead_ciphersuite(), cbc_ciphersuite(), and Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

◆ mac_keylen()

size_t Botan::TLS::Ciphersuite::mac_keylen ( ) const
inline

Definition at line 136 of file tls_ciphersuite.h.

136{ return m_mac_keylen; }

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

◆ nonce_bytes_from_handshake()

size_t Botan::TLS::Ciphersuite::nonce_bytes_from_handshake ( ) const

Definition at line 16 of file tls_ciphersuite.cpp.

16 {
17 switch(m_nonce_format) {
18 case Nonce_Format::CBC_MODE:
19 return 0;
20 case Nonce_Format::AEAD_IMPLICIT_4:
21 return 4;
22 case Nonce_Format::AEAD_XOR_12:
23 return 12;
24 case Nonce_Format::NULL_CIPHER:
25 return 0;
26 }
27
28 throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
29}

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, Botan::TLS::CBC_MODE, and Botan::TLS::NULL_CIPHER.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

◆ nonce_bytes_from_record()

size_t Botan::TLS::Ciphersuite::nonce_bytes_from_record ( Protocol_Version version) const

Definition at line 31 of file tls_ciphersuite.cpp.

31 {
32 BOTAN_UNUSED(version);
33 switch(m_nonce_format) {
34 case Nonce_Format::CBC_MODE:
35 return cipher_algo() == "3DES" ? 8 : 16;
36 case Nonce_Format::AEAD_IMPLICIT_4:
37 return 8;
38 case Nonce_Format::AEAD_XOR_12:
39 case Nonce_Format::NULL_CIPHER:
40 return 0;
41 }
42
43 throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
44}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_UNUSED, Botan::TLS::CBC_MODE, cipher_algo(), and Botan::TLS::NULL_CIPHER.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

◆ nonce_format()

Nonce_Format Botan::TLS::Ciphersuite::nonce_format ( ) const
inline

Definition at line 134 of file tls_ciphersuite.h.

134{ return m_nonce_format; }

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

◆ null_ciphersuite()

bool Botan::TLS::Ciphersuite::null_ciphersuite ( ) const
Returns
true if this suite uses a NULL cipher

Definition at line 95 of file tls_ciphersuite.cpp.

95 {
96 return (cipher_algo() == "NULL");
97}

References cipher_algo().

◆ operator<() [1/2]

bool Botan::TLS::Ciphersuite::operator< ( const Ciphersuite & o) const
inline

Definition at line 145 of file tls_ciphersuite.h.

145{ return ciphersuite_code() < o.ciphersuite_code(); }
Botan::TLS::Ciphersuite::ciphersuite_code
uint16_t ciphersuite_code() const
Definition tls_ciphersuite.h:62

References ciphersuite_code().

◆ operator<() [2/2]

bool Botan::TLS::Ciphersuite::operator< ( const uint16_t c) const
inline

Definition at line 147 of file tls_ciphersuite.h.

147{ return ciphersuite_code() < c; }

References ciphersuite_code().

◆ prf_algo()

std::string Botan::TLS::Ciphersuite::prf_algo ( ) const
inline

Definition at line 123 of file tls_ciphersuite.h.

123{ return kdf_algo_to_string(m_prf_algo); }
Botan::TLS::kdf_algo_to_string
std::string kdf_algo_to_string(KDF_Algo algo)
Definition tls_algos.cpp:17

References Botan::TLS::kdf_algo_to_string().

Referenced by Botan::TLS::Cipher_State::init_with_server_hello(), Botan::TLS::Cipher_State::is_compatible_with(), and Botan::TLS::PSK::select_offered_psk().

◆ psk_ciphersuite()

bool Botan::TLS::Ciphersuite::psk_ciphersuite ( ) const
Returns
true if this is a PSK ciphersuite

Definition at line 69 of file tls_ciphersuite.cpp.

69 {
70 return kex_method() == Kex_Algo::PSK || kex_method() == Kex_Algo::ECDHE_PSK;
71}

References Botan::TLS::ECDHE_PSK, kex_method(), and Botan::TLS::PSK.

◆ sig_algo()

std::string Botan::TLS::Ciphersuite::sig_algo ( ) const
inline
Returns
signature algorithm used by this ciphersuite

Definition at line 109 of file tls_ciphersuite.h.

109{ return auth_method_to_string(auth_method()); }
Botan::TLS::auth_method_to_string
std::string auth_method_to_string(Auth_Method method)
Definition tls_algos.cpp:107

References auth_method(), and Botan::TLS::auth_method_to_string().

◆ signature_used()

bool Botan::TLS::Ciphersuite::signature_used ( ) const

Definition at line 103 of file tls_ciphersuite.cpp.

103 {
104 return auth_method() != Auth_Method::IMPLICIT;
105}

References auth_method(), and Botan::TLS::IMPLICIT.

Referenced by is_certificate_required(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ to_string()

std::string Botan::TLS::Ciphersuite::to_string ( ) const
inline

Formats the ciphersuite back to an RFC-style ciphersuite string

e.g "RSA_WITH_RC4_128_SHA" or "ECDHE_RSA_WITH_AES_128_GCM_SHA256"

Returns
RFC ciphersuite string identifier

Definition at line 57 of file tls_ciphersuite.h.

57{ return (m_iana_id == nullptr) ? "unknown cipher suite" : m_iana_id; }

◆ usable_in_version()

bool Botan::TLS::Ciphersuite::usable_in_version ( Protocol_Version version) const

Definition at line 77 of file tls_ciphersuite.cpp.

77 {
78 // RFC 8446 B.4.:
79 // Although TLS 1.3 uses the same cipher suite space as previous
80 // versions of TLS, TLS 1.3 cipher suites are defined differently, only
81 // specifying the symmetric ciphers, and cannot be used for TLS 1.2.
82 // Similarly, cipher suites for TLS 1.2 and lower cannot be used with
83 // TLS 1.3.
84 //
85 // Currently cipher suite codes {0x13,0x01} through {0x13,0x05} are
86 // allowed for TLS 1.3. This may change in the future.
87 const auto is_legacy_suite = (ciphersuite_code() & 0xFF00) != 0x1300;
88 return version.is_pre_tls_13() == is_legacy_suite;
89}

References ciphersuite_code(), and Botan::TLS::Protocol_Version::is_pre_tls_13().

Referenced by Botan::TLS::Cipher_State::is_compatible_with().

◆ valid()

bool Botan::TLS::Ciphersuite::valid ( ) const
inline
Returns
true if this is a valid/known ciphersuite

Definition at line 141 of file tls_ciphersuite.h.

141{ return m_usable; }
The documentation for this class was generated from the following files:
Generated by doxygen 1.16.1