Botan::TLS::Ciphersuite Class Referencefinal
#include <tls_ciphersuite.h>
Public Member Functions | |
| bool | aead_ciphersuite () const |
| Auth_Method | auth_method () const |
| bool | cbc_ciphersuite () const |
| std::string | cipher_algo () const |
| size_t | cipher_keylen () const |
| uint16_t | ciphersuite_code () const |
| bool | ecc_ciphersuite () const |
| std::string | kex_algo () const |
| Kex_Algo | kex_method () const |
| std::string | mac_algo () const |
| size_t | mac_keylen () const |
| size_t | nonce_bytes_from_handshake () const |
| size_t | nonce_bytes_from_record (Protocol_Version version) const |
| Nonce_Format | nonce_format () const |
| bool | operator< (const Ciphersuite &o) const |
| bool | operator< (const uint16_t c) const |
| std::string | prf_algo () const |
| bool | psk_ciphersuite () const |
| std::string | sig_algo () const |
| bool | signature_used () const |
| std::string | to_string () const |
| bool | usable_in_version (Protocol_Version version) const |
| bool | valid () const |
Static Public Member Functions | |
| static const std::vector< Ciphersuite > & | all_known_ciphersuites () |
| static std::optional< Ciphersuite > | by_id (uint16_t suite) |
| static std::optional< Ciphersuite > | from_name (std::string_view name) |
| static bool | is_scsv (uint16_t suite) |
Detailed Description
Ciphersuite Information
Definition at line 23 of file tls_ciphersuite.h.
Member Function Documentation
◆ aead_ciphersuite()
| bool Botan::TLS::Ciphersuite::aead_ciphersuite | ( | ) | const |
- Returns
- true if this suite uses a AEAD cipher
Definition at line 82 of file tls_ciphersuite.cpp.
82 {
84}
References mac_algo().
◆ all_known_ciphersuites()
|
static |
Generate a static list of all known ciphersuites and return it.
- Returns
- list of all known ciphersuites
Definition at line 15 of file tls_suite_info.cpp.
15 {
16 // clang-format off
17
18 // Note that this list of ciphersuites is ordered by id!
19 static const std::vector<Ciphersuite> g_ciphersuite_list = {
20 Ciphersuite(0x000A, "RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
21 Ciphersuite(0x0016, "DHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
22 Ciphersuite(0x002F, "RSA_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
23 Ciphersuite(0x0033, "DHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
24 Ciphersuite(0x0035, "RSA_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
25 Ciphersuite(0x0039, "DHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
26 Ciphersuite(0x003C, "RSA_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
27 Ciphersuite(0x003D, "RSA_WITH_AES_256_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
28 Ciphersuite(0x0067, "DHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
29 Ciphersuite(0x006B, "DHE_RSA_WITH_AES_256_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
30 Ciphersuite(0x008B, "PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
31 Ciphersuite(0x008C, "PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
32 Ciphersuite(0x008D, "PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
33 Ciphersuite(0x009C, "RSA_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
34 Ciphersuite(0x009D, "RSA_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
35 Ciphersuite(0x009E, "DHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
36 Ciphersuite(0x009F, "DHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
37 Ciphersuite(0x00A8, "PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
38 Ciphersuite(0x00A9, "PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
39 Ciphersuite(0x00AE, "PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
40 Ciphersuite(0x00AF, "PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE),
41 Ciphersuite(0x1301, "AES_128_GCM_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
42 Ciphersuite(0x1302, "AES_256_GCM_SHA384", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
43 Ciphersuite(0x1303, "CHACHA20_POLY1305_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
44 Ciphersuite(0x1304, "AES_128_CCM_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
45 Ciphersuite(0x1305, "AES_128_CCM_8_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
46 Ciphersuite(0xC008, "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
47 Ciphersuite(0xC009, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
48 Ciphersuite(0xC00A, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
49 Ciphersuite(0xC012, "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
50 Ciphersuite(0xC013, "ECDHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
51 Ciphersuite(0xC014, "ECDHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
52 Ciphersuite(0xC023, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
53 Ciphersuite(0xC024, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE),
54 Ciphersuite(0xC027, "ECDHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
55 Ciphersuite(0xC028, "ECDHE_RSA_WITH_AES_256_CBC_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE),
56 Ciphersuite(0xC02B, "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
57 Ciphersuite(0xC02C, "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
58 Ciphersuite(0xC02F, "ECDHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
59 Ciphersuite(0xC030, "ECDHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
60 Ciphersuite(0xC034, "ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
61 Ciphersuite(0xC035, "ECDHE_PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
62 Ciphersuite(0xC036, "ECDHE_PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE),
63 Ciphersuite(0xC037, "ECDHE_PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE),
64 Ciphersuite(0xC038, "ECDHE_PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE),
65 Ciphersuite(0xC050, "RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
66 Ciphersuite(0xC051, "RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
67 Ciphersuite(0xC052, "DHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
68 Ciphersuite(0xC053, "DHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
69 Ciphersuite(0xC05C, "ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
70 Ciphersuite(0xC05D, "ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
71 Ciphersuite(0xC060, "ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
72 Ciphersuite(0xC061, "ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
73 Ciphersuite(0xC06A, "PSK_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
74 Ciphersuite(0xC06B, "PSK_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
75 Ciphersuite(0xC07A, "RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
76 Ciphersuite(0xC07B, "RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
77 Ciphersuite(0xC07C, "DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
78 Ciphersuite(0xC07D, "DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
79 Ciphersuite(0xC086, "ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
80 Ciphersuite(0xC087, "ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
81 Ciphersuite(0xC08A, "ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
82 Ciphersuite(0xC08B, "ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
83 Ciphersuite(0xC08E, "PSK_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
84 Ciphersuite(0xC08F, "PSK_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
85 Ciphersuite(0xC09C, "RSA_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
86 Ciphersuite(0xC09D, "RSA_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
87 Ciphersuite(0xC09E, "DHE_RSA_WITH_AES_128_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
88 Ciphersuite(0xC09F, "DHE_RSA_WITH_AES_256_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
89 Ciphersuite(0xC0A0, "RSA_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
90 Ciphersuite(0xC0A1, "RSA_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
91 Ciphersuite(0xC0A2, "DHE_RSA_WITH_AES_128_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
92 Ciphersuite(0xC0A3, "DHE_RSA_WITH_AES_256_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
93 Ciphersuite(0xC0A4, "PSK_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
94 Ciphersuite(0xC0A5, "PSK_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
95 Ciphersuite(0xC0A8, "PSK_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
96 Ciphersuite(0xC0A9, "PSK_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
97 Ciphersuite(0xC0AC, "ECDHE_ECDSA_WITH_AES_128_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
98 Ciphersuite(0xC0AD, "ECDHE_ECDSA_WITH_AES_256_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
99 Ciphersuite(0xC0AE, "ECDHE_ECDSA_WITH_AES_128_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
100 Ciphersuite(0xC0AF, "ECDHE_ECDSA_WITH_AES_256_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
101 Ciphersuite(0xCCA8, "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
102 Ciphersuite(0xCCA9, "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
103 Ciphersuite(0xCCAA, "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
104 Ciphersuite(0xCCAB, "PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
105 Ciphersuite(0xCCAC, "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
106 Ciphersuite(0xD001, "ECDHE_PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
107 Ciphersuite(0xD002, "ECDHE_PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4),
108 Ciphersuite(0xD003, "ECDHE_PSK_WITH_AES_128_CCM_8_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
109 Ciphersuite(0xD005, "ECDHE_PSK_WITH_AES_128_CCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4),
110 Ciphersuite(0xFFC3, "ECDHE_RSA_WITH_AES_256_OCB_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
111 Ciphersuite(0xFFC5, "ECDHE_ECDSA_WITH_AES_256_OCB_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
112 Ciphersuite(0xFFC7, "PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
113 Ciphersuite(0xFFCB, "ECDHE_PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12),
114 };
115
116 // clang-format on
117
118 return g_ciphersuite_list;
119}
@ SHA_384
@ SHA_256
@ SHA_1
@ UNDEFINED
@ ECDHE_PSK
@ STATIC_RSA
@ UNDEFINED
@ IMPLICIT
@ CBC_MODE
@ AEAD_XOR_12
@ AEAD_IMPLICIT_4
References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, Botan::TLS::CBC_MODE, Botan::TLS::DH, Botan::TLS::ECDH, Botan::TLS::ECDHE_PSK, Botan::TLS::ECDSA, Botan::TLS::IMPLICIT, Botan::TLS::PSK, Botan::TLS::RSA, Botan::TLS::SHA_1, Botan::TLS::SHA_256, Botan::TLS::SHA_384, Botan::TLS::STATIC_RSA, and Botan::TLS::UNDEFINED.
Referenced by by_id(), Botan::TLS::Policy::ciphersuite_list(), and from_name().
◆ auth_method()
|
inline |
Definition at line 98 of file tls_ciphersuite.h.
98{ return m_auth_method; }
Referenced by ecc_ciphersuite(), and signature_used().
◆ by_id()
|
static |
Convert an SSL/TLS ciphersuite to algorithm fields
- Parameters
-
suite the ciphersuite code number
- Returns
- ciphersuite object or std::nullopt if it is unknown to the library
Definition at line 90 of file tls_ciphersuite.cpp.
90 {
92 auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite);
93
94 if(s != all_suites.end() && s->ciphersuite_code() == suite) {
95 return *s;
96 }
97
98 return std::nullopt; // some unknown ciphersuite
99}
static const std::vector< Ciphersuite > & all_known_ciphersuites()
Definition tls_suite_info.cpp:15
References all_known_ciphersuites().
Referenced by Botan::TLS::Session_Base::ciphersuite(), Botan::TLS::Client_Hello_13::retry(), Botan::TLS::Handshake_State::server_hello(), Botan::TLS::Server_Hello_12::Server_Hello_12(), and Botan::TLS::Session::Session().
◆ cbc_ciphersuite()
| bool Botan::TLS::Ciphersuite::cbc_ciphersuite | ( | ) | const |
- Returns
- true if this suite uses a CBC cipher
Definition at line 78 of file tls_ciphersuite.cpp.
References mac_algo().
◆ cipher_algo()
|
inline |
- Returns
- symmetric cipher algorithm used by this ciphersuite
Definition at line 103 of file tls_ciphersuite.h.
103{ return m_cipher_algo; }
Referenced by Botan::TLS::Policy::acceptable_ciphersuite(), Botan::TLS::Cipher_State::advance_with_server_hello(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Cipher_State::is_compatible_with(), nonce_bytes_from_handshake(), and nonce_bytes_from_record().
◆ cipher_keylen()
|
inline |
- Returns
- cipher key length used by this ciphersuite
Definition at line 115 of file tls_ciphersuite.h.
115{ return m_cipher_keylen; }
Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), and Botan::TLS::Session_Keys::Session_Keys().
◆ ciphersuite_code()
|
inline |
- Returns
- ciphersuite number
Definition at line 62 of file tls_ciphersuite.h.
62{ return m_ciphersuite_code; }
Referenced by operator<(), and usable_in_version().
◆ ecc_ciphersuite()
| bool Botan::TLS::Ciphersuite::ecc_ciphersuite | ( | ) | const |
- Returns
- true if this is an ECC ciphersuite
Definition at line 60 of file tls_ciphersuite.cpp.
60 {
61 return kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK || auth_method() == Auth_Method::ECDSA;
62}
References auth_method(), Botan::TLS::ECDH, Botan::TLS::ECDHE_PSK, Botan::TLS::ECDSA, and kex_method().
◆ from_name()
|
static |
Convert an SSL/TLS ciphersuite name to algorithm fields
- Parameters
-
name the IANA name for the desired ciphersuite
- Returns
- ciphersuite object or std::nullopt if it is unknown to the library
Definition at line 101 of file tls_ciphersuite.cpp.
101 {
103
104 for(auto suite : all_suites) {
106 return suite;
107 }
108 }
109
110 return std::nullopt; // some unknown ciphersuite
111}
References all_known_ciphersuites(), and name.
◆ is_scsv()
|
static |
Returns true iff this suite is a known SCSV
Definition at line 51 of file tls_ciphersuite.cpp.
51 {
52 // TODO: derive from IANA file in script
53 return (suite == 0x00FF || suite == 0x5600);
54}
◆ kex_algo()
|
inline |
- Returns
- key exchange algorithm used by this ciphersuite
Definition at line 89 of file tls_ciphersuite.h.
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:28
References Botan::TLS::kex_method_to_string().
◆ kex_method()
|
inline |
Definition at line 91 of file tls_ciphersuite.h.
91{ return m_kex_algo; }
Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), ecc_ciphersuite(), psk_ciphersuite(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().
◆ mac_algo()
|
inline |
- Returns
- message authentication algorithm used by this ciphersuite
Definition at line 108 of file tls_ciphersuite.h.
108{ return m_mac_algo; }
Referenced by Botan::TLS::Policy::acceptable_ciphersuite(), aead_ciphersuite(), cbc_ciphersuite(), and Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().
◆ mac_keylen()
|
inline |
Definition at line 123 of file tls_ciphersuite.h.
123{ return m_mac_keylen; }
Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), and Botan::TLS::Session_Keys::Session_Keys().
◆ nonce_bytes_from_handshake()
| size_t Botan::TLS::Ciphersuite::nonce_bytes_from_handshake | ( | ) | const |
Definition at line 19 of file tls_ciphersuite.cpp.
19 {
20 switch(m_nonce_format) {
23 return 8;
24 } else {
25 return 16;
26 }
27 }
29 return 4;
31 return 12;
32 }
33
34 throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
35}
References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, Botan::TLS::CBC_MODE, and cipher_algo().
Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), and Botan::TLS::Session_Keys::Session_Keys().
◆ nonce_bytes_from_record()
| size_t Botan::TLS::Ciphersuite::nonce_bytes_from_record | ( | Protocol_Version | version | ) | const |
Definition at line 37 of file tls_ciphersuite.cpp.
37 {
38 BOTAN_UNUSED(version);
39 switch(m_nonce_format) {
43 return 8;
45 return 0;
46 }
47
48 throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
49}
References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_UNUSED, Botan::TLS::CBC_MODE, and cipher_algo().
Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().
◆ nonce_format()
|
inline |
Definition at line 121 of file tls_ciphersuite.h.
121{ return m_nonce_format; }
Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().
◆ operator<() [1/2]
|
inline |
Definition at line 132 of file tls_ciphersuite.h.
uint16_t ciphersuite_code() const
Definition tls_ciphersuite.h:62
References ciphersuite_code().
◆ operator<() [2/2]
|
inline |
Definition at line 134 of file tls_ciphersuite.h.
◆ prf_algo()
|
inline |
Definition at line 110 of file tls_ciphersuite.h.
std::string kdf_algo_to_string(KDF_Algo algo)
Definition tls_algos.cpp:15
References Botan::TLS::kdf_algo_to_string().
Referenced by Botan::TLS::Cipher_State::init_with_server_hello(), Botan::TLS::Cipher_State::is_compatible_with(), Botan::TLS::Handshake_State::protocol_specific_prf(), Botan::TLS::PSK::select_offered_psk(), and Botan::TLS::Session_Keys::Session_Keys().
◆ psk_ciphersuite()
| bool Botan::TLS::Ciphersuite::psk_ciphersuite | ( | ) | const |
- Returns
- true if this is a PSK ciphersuite
Definition at line 56 of file tls_ciphersuite.cpp.
References Botan::TLS::ECDHE_PSK, kex_method(), and Botan::TLS::PSK.
◆ sig_algo()
|
inline |
- Returns
- signature algorithm used by this ciphersuite
Definition at line 96 of file tls_ciphersuite.h.
std::string auth_method_to_string(Auth_Method method)
Definition tls_algos.cpp:105
References Botan::TLS::auth_method_to_string().
◆ signature_used()
| bool Botan::TLS::Ciphersuite::signature_used | ( | ) | const |
Definition at line 86 of file tls_ciphersuite.cpp.
References auth_method(), and Botan::TLS::IMPLICIT.
Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().
◆ to_string()
|
inline |
Formats the ciphersuite back to an RFC-style ciphersuite string
e.g "RSA_WITH_RC4_128_SHA" or "ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- Returns
- RFC ciphersuite string identifier
Definition at line 57 of file tls_ciphersuite.h.
57{ return (!m_iana_id) ? "unknown cipher suite" : m_iana_id; }
◆ usable_in_version()
| bool Botan::TLS::Ciphersuite::usable_in_version | ( | Protocol_Version | version | ) | const |
Definition at line 64 of file tls_ciphersuite.cpp.
64 {
65 // RFC 8446 B.4.:
66 // Although TLS 1.3 uses the same cipher suite space as previous
67 // versions of TLS, TLS 1.3 cipher suites are defined differently, only
68 // specifying the symmetric ciphers, and cannot be used for TLS 1.2.
69 // Similarly, cipher suites for TLS 1.2 and lower cannot be used with
70 // TLS 1.3.
71 //
72 // Currently cipher suite codes {0x13,0x01} through {0x13,0x05} are
73 // allowed for TLS 1.3. This may change in the future.
75 return version.is_pre_tls_13() == is_legacy_suite;
76}
References ciphersuite_code(), and Botan::TLS::Protocol_Version::is_pre_tls_13().
Referenced by Botan::TLS::Cipher_State::is_compatible_with().
◆ valid()
|
inline |
- Returns
- true if this is a valid/known ciphersuite
Definition at line 128 of file tls_ciphersuite.h.
128{ return m_usable; }
The documentation for this class was generated from the following files:
- src/lib/tls/tls_ciphersuite.h
- src/lib/tls/tls_ciphersuite.cpp
- src/lib/tls/tls_suite_info.cpp
Generated by
1.12.0