Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Connection_Cipher_State Class Referencefinal

#include <tls_record.h>

Public Member Functions

AEAD_Modeaead ()
 
std::vector< uint8_t > aead_nonce (const uint8_t record[], size_t record_len, uint64_t seq)
 
std::vector< uint8_t > aead_nonce (uint64_t seq, RandomNumberGenerator &rng)
 
 Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys, bool uses_encrypt_then_mac)
 
std::vector< uint8_t > format_ad (uint64_t seq, Record_Type type, Protocol_Version version, uint16_t ptext_length)
 
size_t nonce_bytes_from_handshake () const
 
size_t nonce_bytes_from_record () const
 
Nonce_Format nonce_format () const
 

Detailed Description

TLS Cipher State

Definition at line 32 of file tls_record.h.

Constructor & Destructor Documentation

◆ Connection_Cipher_State()

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( Protocol_Version version,
Connection_Side which_side,
bool is_our_side,
const Ciphersuite & suite,
const Session_Keys & keys,
bool uses_encrypt_then_mac )

Initialize a new cipher state

Definition at line 28 of file tls_record.cpp.

33 {
34 m_nonce_format = suite.nonce_format();
35 m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version);
36 m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake();
37
38 const secure_vector<uint8_t>& aead_key = keys.aead_key(side);
39 m_nonce = keys.nonce(side);
40
41 BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake);
42
43 if(nonce_format() == Nonce_Format::CBC_MODE) {
44#if defined(BOTAN_HAS_TLS_CBC)
45 // legacy CBC+HMAC mode
46 auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + suite.mac_algo() + ")");
47 auto cipher = BlockCipher::create_or_throw(suite.cipher_algo());
48
49 if(our_side) {
50 m_aead = std::make_unique<TLS_CBC_HMAC_AEAD_Encryption>(std::move(cipher),
51 std::move(mac),
52 suite.cipher_keylen(),
53 suite.mac_keylen(),
54 version,
55 uses_encrypt_then_mac);
56 } else {
57 m_aead = std::make_unique<TLS_CBC_HMAC_AEAD_Decryption>(std::move(cipher),
58 std::move(mac),
59 suite.cipher_keylen(),
60 suite.mac_keylen(),
61 version,
62 uses_encrypt_then_mac);
63 }
64
65#else
66 BOTAN_UNUSED(uses_encrypt_then_mac);
67 throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite");
68#endif
69 } else {
70 m_aead =
71 AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? Cipher_Dir::Encryption : Cipher_Dir::Decryption);
72 }
73
74 m_aead->set_key(aead_key);
75}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:118
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
Botan::AEAD_Mode::create_or_throw
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:43
Botan::BlockCipher::create_or_throw
static std::unique_ptr< BlockCipher > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition block_cipher.cpp:266
Botan::MessageAuthenticationCode::create_or_throw
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:148
Botan::TLS::Connection_Cipher_State::nonce_format
Nonce_Format nonce_format() const
Definition tls_record.h:59
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

References Botan::TLS::Session_Keys::aead_key(), BOTAN_ASSERT_NOMSG, BOTAN_UNUSED, Botan::TLS::CBC_MODE, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::cipher_keylen(), Botan::AEAD_Mode::create_or_throw(), Botan::BlockCipher::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::Encryption, Botan::TLS::Ciphersuite::mac_algo(), Botan::TLS::Ciphersuite::mac_keylen(), Botan::TLS::Session_Keys::nonce(), Botan::TLS::Ciphersuite::nonce_bytes_from_handshake(), Botan::TLS::Ciphersuite::nonce_bytes_from_record(), Botan::TLS::Ciphersuite::nonce_format(), and nonce_format().

Member Function Documentation

◆ aead()

AEAD_Mode & Botan::TLS::Connection_Cipher_State::aead ( )
inline

Definition at line 44 of file tls_record.h.

44 {
45 BOTAN_ASSERT_NONNULL(m_aead.get());
46 return *m_aead;
47 }
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86

References BOTAN_ASSERT_NONNULL.

Referenced by Botan::TLS::write_record().

◆ aead_nonce() [1/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( const uint8_t record[],
size_t record_len,
uint64_t seq )

Definition at line 107 of file tls_record.cpp.

107 {
108 switch(m_nonce_format) {
109 case Nonce_Format::CBC_MODE: {
110 if(nonce_bytes_from_record() == 0 && !m_nonce.empty()) {
111 std::vector<uint8_t> nonce;
112 nonce.swap(m_nonce);
113 return nonce;
114 }
115 if(record_len < nonce_bytes_from_record()) {
116 throw Decoding_Error("Invalid CBC packet too short to be valid");
117 }
118 std::vector<uint8_t> nonce(record, record + nonce_bytes_from_record());
119 return nonce;
120 }
121 case Nonce_Format::AEAD_XOR_12: {
122 std::vector<uint8_t> nonce(12);
123 store_be(seq, nonce.data() + 4);
124 xor_buf(nonce, m_nonce.data(), m_nonce.size());
125 return nonce;
126 }
127 case Nonce_Format::AEAD_IMPLICIT_4: {
128 BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
129 if(record_len < nonce_bytes_from_record()) {
130 throw Decoding_Error("Invalid AEAD packet too short to be valid");
131 }
132 std::vector<uint8_t> nonce(12);
133 copy_mem(&nonce[0], m_nonce.data(), 4);
134 copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record());
135 return nonce;
136 }
137 }
138
139 throw Invalid_State("Unknown nonce format specified");
140}
Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record
size_t nonce_bytes_from_record() const
Definition tls_record.h:57
Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake
size_t nonce_bytes_from_handshake() const
Definition tls_record.h:55
Botan::xor_buf
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:341
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::store_be(), and Botan::xor_buf().

◆ aead_nonce() [2/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( uint64_t seq,
RandomNumberGenerator & rng )

Definition at line 77 of file tls_record.cpp.

77 {
78 switch(m_nonce_format) {
79 case Nonce_Format::CBC_MODE: {
80 if(!m_nonce.empty()) {
81 std::vector<uint8_t> nonce;
82 nonce.swap(m_nonce);
83 return nonce;
84 }
85 std::vector<uint8_t> nonce(nonce_bytes_from_record());
86 rng.randomize(nonce.data(), nonce.size());
87 return nonce;
88 }
89 case Nonce_Format::AEAD_XOR_12: {
90 std::vector<uint8_t> nonce(12);
91 store_be(seq, nonce.data() + 4);
92 xor_buf(nonce, m_nonce.data(), m_nonce.size());
93 return nonce;
94 }
95 case Nonce_Format::AEAD_IMPLICIT_4: {
96 BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
97 std::vector<uint8_t> nonce(12);
98 copy_mem(&nonce[0], m_nonce.data(), 4);
99 store_be(seq, &nonce[nonce_bytes_from_handshake()]);
100 return nonce;
101 }
102 }
103
104 throw Invalid_State("Unknown nonce format specified");
105}

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::xor_buf().

Referenced by Botan::TLS::write_record().

◆ format_ad()

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::format_ad ( uint64_t seq,
Record_Type type,
Protocol_Version version,
uint16_t ptext_length )

Definition at line 142 of file tls_record.cpp.

145 {
146 std::vector<uint8_t> ad(13);
147
148 store_be(msg_sequence, &ad[0]);
149 ad[8] = static_cast<uint8_t>(msg_type);
150 ad[9] = version.major_version();
151 ad[10] = version.minor_version();
152 ad[11] = get_byte<0>(msg_length);
153 ad[12] = get_byte<1>(msg_length);
154
155 return ad;
156}
Botan::get_byte
constexpr uint8_t get_byte(T input)
Definition loadstor.h:75

References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), and Botan::store_be().

Referenced by Botan::TLS::write_record().

◆ nonce_bytes_from_handshake()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake ( ) const
inline

Definition at line 55 of file tls_record.h.

55{ return m_nonce_bytes_from_handshake; }

Referenced by aead_nonce(), aead_nonce(), and Botan::TLS::write_record().

◆ nonce_bytes_from_record()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record ( ) const
inline

Definition at line 57 of file tls_record.h.

57{ return m_nonce_bytes_from_record; }

Referenced by aead_nonce(), aead_nonce(), and Botan::TLS::write_record().

◆ nonce_format()

Nonce_Format Botan::TLS::Connection_Cipher_State::nonce_format ( ) const
inline

Definition at line 59 of file tls_record.h.

59{ return m_nonce_format; }

Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0