Botan  2.11.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::TLS::Connection_Cipher_State Class Referencefinal

#include <tls_record.h>

Public Member Functions

AEAD_Modeaead ()
 
std::vector< uint8_t > aead_nonce (uint64_t seq, RandomNumberGenerator &rng)
 
std::vector< uint8_t > aead_nonce (const uint8_t record[], size_t record_len, uint64_t seq)
 
std::chrono::seconds age () const
 
 Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys, bool uses_encrypt_then_mac)
 
std::vector< uint8_t > format_ad (uint64_t seq, uint8_t type, Protocol_Version version, uint16_t ptext_length)
 
size_t nonce_bytes_from_handshake () const
 
size_t nonce_bytes_from_record () const
 
Nonce_Format nonce_format () const
 

Detailed Description

TLS Cipher State

Definition at line 32 of file tls_record.h.

Constructor & Destructor Documentation

◆ Connection_Cipher_State()

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( Protocol_Version  version,
Connection_Side  which_side,
bool  is_our_side,
const Ciphersuite suite,
const Session_Keys keys,
bool  uses_encrypt_then_mac 
)

Initialize a new cipher state

Definition at line 28 of file tls_record.cpp.

References Botan::TLS::Session_Keys::aead_key(), BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::cipher_keylen(), Botan::BlockCipher::create_or_throw(), Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::DECRYPTION, Botan::ENCRYPTION, Botan::TLS::Ciphersuite::mac_algo(), Botan::TLS::Ciphersuite::mac_keylen(), Botan::TLS::Session_Keys::nonce(), Botan::TLS::Ciphersuite::nonce_bytes_from_handshake(), Botan::TLS::Ciphersuite::nonce_bytes_from_record(), nonce_format(), and Botan::TLS::Ciphersuite::nonce_format().

33  :
34  m_start_time(std::chrono::system_clock::now())
35  {
36  m_nonce_format = suite.nonce_format();
37  m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version);
38  m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake();
39 
40  const secure_vector<uint8_t>& aead_key = keys.aead_key(side);
41  m_nonce = keys.nonce(side);
42 
43  BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake);
44 
46  {
47 #if defined(BOTAN_HAS_TLS_CBC)
48  // legacy CBC+HMAC mode
49  auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + suite.mac_algo() + ")");
50  auto cipher = BlockCipher::create_or_throw(suite.cipher_algo());
51 
52  if(our_side)
53  {
54  m_aead.reset(new TLS_CBC_HMAC_AEAD_Encryption(
55  std::move(cipher),
56  std::move(mac),
57  suite.cipher_keylen(),
58  suite.mac_keylen(),
59  version,
60  uses_encrypt_then_mac));
61  }
62  else
63  {
64  m_aead.reset(new TLS_CBC_HMAC_AEAD_Decryption(
65  std::move(cipher),
66  std::move(mac),
67  suite.cipher_keylen(),
68  suite.mac_keylen(),
69  version,
70  uses_encrypt_then_mac));
71  }
72 
73 #else
74  throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite");
75 #endif
76  }
77  else
78  {
79  m_aead = AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION);
80  }
81 
82  m_aead->set_key(aead_key);
83  }
Nonce_Format nonce_format() const
Definition: tls_record.h:62
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:68
static std::unique_ptr< BlockCipher > create_or_throw(const std::string &algo_spec, const std::string &provider="")
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:141
static std::unique_ptr< AEAD_Mode > create_or_throw(const std::string &algo, Cipher_Dir direction, const std::string &provider="")
Definition: aead.cpp:42

Member Function Documentation

◆ aead()

AEAD_Mode& Botan::TLS::Connection_Cipher_State::aead ( )
inline

Definition at line 45 of file tls_record.h.

References BOTAN_ASSERT_NONNULL.

Referenced by Botan::TLS::write_record().

46  {
47  BOTAN_ASSERT_NONNULL(m_aead.get());
48  return *m_aead.get();
49  }
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:107

◆ aead_nonce() [1/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( uint64_t  seq,
RandomNumberGenerator rng 
)

Definition at line 85 of file tls_record.cpp.

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::xor_buf().

Referenced by Botan::TLS::write_record().

86  {
87  switch(m_nonce_format)
88  {
90  {
91  if(m_nonce.size())
92  {
93  std::vector<uint8_t> nonce;
94  nonce.swap(m_nonce);
95  return nonce;
96  }
97  std::vector<uint8_t> nonce(nonce_bytes_from_record());
98  rng.randomize(nonce.data(), nonce.size());
99  return nonce;
100  }
102  {
103  std::vector<uint8_t> nonce(12);
104  store_be(seq, nonce.data() + 4);
105  xor_buf(nonce, m_nonce.data(), m_nonce.size());
106  return nonce;
107  }
109  {
110  BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
111  std::vector<uint8_t> nonce(12);
112  copy_mem(&nonce[0], m_nonce.data(), 4);
113  store_be(seq, &nonce[nonce_bytes_from_handshake()]);
114  return nonce;
115  }
116  }
117 
118  throw Invalid_State("Unknown nonce format specified");
119  }
size_t nonce_bytes_from_handshake() const
Definition: tls_record.h:59
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:436
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:68
size_t nonce_bytes_from_record() const
Definition: tls_record.h:60
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:202
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:122

◆ aead_nonce() [2/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( const uint8_t  record[],
size_t  record_len,
uint64_t  seq 
)

Definition at line 122 of file tls_record.cpp.

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::store_be(), and Botan::xor_buf().

123  {
124  switch(m_nonce_format)
125  {
127  {
128  if(nonce_bytes_from_record() == 0 && m_nonce.size())
129  {
130  std::vector<uint8_t> nonce;
131  nonce.swap(m_nonce);
132  return nonce;
133  }
134  if(record_len < nonce_bytes_from_record())
135  throw Decoding_Error("Invalid CBC packet too short to be valid");
136  std::vector<uint8_t> nonce(record, record + nonce_bytes_from_record());
137  return nonce;
138  }
140  {
141  std::vector<uint8_t> nonce(12);
142  store_be(seq, nonce.data() + 4);
143  xor_buf(nonce, m_nonce.data(), m_nonce.size());
144  return nonce;
145  }
147  {
148  BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
149  if(record_len < nonce_bytes_from_record())
150  throw Decoding_Error("Invalid AEAD packet too short to be valid");
151  std::vector<uint8_t> nonce(12);
152  copy_mem(&nonce[0], m_nonce.data(), 4);
154  return nonce;
155  }
156  }
157 
158  throw Invalid_State("Unknown nonce format specified");
159  }
size_t nonce_bytes_from_handshake() const
Definition: tls_record.h:59
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:436
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:68
size_t nonce_bytes_from_record() const
Definition: tls_record.h:60
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:202
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:122

◆ age()

std::chrono::seconds Botan::TLS::Connection_Cipher_State::age ( ) const
inline

Definition at line 64 of file tls_record.h.

65  {
66  return std::chrono::duration_cast<std::chrono::seconds>(
67  std::chrono::system_clock::now() - m_start_time);
68  }

◆ format_ad()

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::format_ad ( uint64_t  seq,
uint8_t  type,
Protocol_Version  version,
uint16_t  ptext_length 
)

Definition at line 162 of file tls_record.cpp.

References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), and Botan::store_be().

Referenced by Botan::TLS::write_record().

166  {
167  std::vector<uint8_t> ad(13);
168 
169  store_be(msg_sequence, &ad[0]);
170  ad[8] = msg_type;
171  ad[9] = version.major_version();
172  ad[10] = version.minor_version();
173  ad[11] = get_byte(0, msg_length);
174  ad[12] = get_byte(1, msg_length);
175 
176  return ad;
177  }
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:436
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39

◆ nonce_bytes_from_handshake()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake ( ) const
inline

Definition at line 59 of file tls_record.h.

Referenced by aead_nonce(), and Botan::TLS::write_record().

59 { return m_nonce_bytes_from_handshake; }

◆ nonce_bytes_from_record()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record ( ) const
inline

Definition at line 60 of file tls_record.h.

Referenced by aead_nonce(), and Botan::TLS::write_record().

60 { return m_nonce_bytes_from_record; }

◆ nonce_format()

Nonce_Format Botan::TLS::Connection_Cipher_State::nonce_format ( ) const
inline

Definition at line 62 of file tls_record.h.

Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().

62 { return m_nonce_format; }

The documentation for this class was generated from the following files: