Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Connection_Cipher_State Class Referencefinal

#include <tls_record.h>

Public Member Functions

AEAD_Modeaead ()
 
std::vector< uint8_t > aead_nonce (const uint8_t record[], size_t record_len, uint64_t seq)
 
std::vector< uint8_t > aead_nonce (uint64_t seq, RandomNumberGenerator &rng)
 
 Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys, bool uses_encrypt_then_mac)
 
std::vector< uint8_t > format_ad (uint64_t seq, Record_Type type, Protocol_Version version, uint16_t ptext_length)
 
size_t nonce_bytes_from_handshake () const
 
size_t nonce_bytes_from_record () const
 
Nonce_Format nonce_format () const
 

Detailed Description

TLS Cipher State

Definition at line 34 of file tls_record.h.

Constructor & Destructor Documentation

◆ Connection_Cipher_State()

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( Protocol_Version  version,
Connection_Side  which_side,
bool  is_our_side,
const Ciphersuite suite,
const Session_Keys keys,
bool  uses_encrypt_then_mac 
)

Initialize a new cipher state

Definition at line 27 of file tls_record.cpp.

33 {
34 m_nonce_format = suite.nonce_format();
35 m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version);
36 m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake();
37
38 const secure_vector<uint8_t>& aead_key = keys.aead_key(side);
39 m_nonce = keys.nonce(side);
40
41 BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake);
42
43 if(nonce_format() == Nonce_Format::CBC_MODE)
44 {
45#if defined(BOTAN_HAS_TLS_CBC)
46 // legacy CBC+HMAC mode
47 auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + suite.mac_algo() + ")");
48 auto cipher = BlockCipher::create_or_throw(suite.cipher_algo());
49
50 if(our_side)
51 {
52 m_aead = std::make_unique<TLS_CBC_HMAC_AEAD_Encryption>(
53 std::move(cipher),
54 std::move(mac),
55 suite.cipher_keylen(),
56 suite.mac_keylen(),
57 version,
58 uses_encrypt_then_mac);
59 }
60 else
61 {
62 m_aead = std::make_unique<TLS_CBC_HMAC_AEAD_Decryption>(
63 std::move(cipher),
64 std::move(mac),
65 suite.cipher_keylen(),
66 suite.mac_keylen(),
67 version,
68 uses_encrypt_then_mac);
69 }
70
71#else
72 BOTAN_UNUSED(uses_encrypt_then_mac);
73 throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite");
74#endif
75 }
76 else
77 {
78 m_aead = AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? Cipher_Dir::Encryption : Cipher_Dir::Decryption);
79 }
80
81 m_aead->set_key(aead_key);
82 }
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
BOTAN_UNUSED
#define BOTAN_UNUSED(...)
Definition: assert.h:141
Botan::AEAD_Mode::create_or_throw
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition: aead.cpp:42
Botan::BlockCipher::create_or_throw
static std::unique_ptr< BlockCipher > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition: block_cipher.cpp:283
Botan::MessageAuthenticationCode::create_or_throw
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition: mac.cpp:134
Botan::TLS::Connection_Cipher_State::nonce_format
Nonce_Format nonce_format() const
Definition: tls_record.h:65

References Botan::TLS::Session_Keys::aead_key(), BOTAN_ASSERT_NOMSG, BOTAN_UNUSED, Botan::TLS::CBC_MODE, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::cipher_keylen(), Botan::AEAD_Mode::create_or_throw(), Botan::BlockCipher::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::Encryption, Botan::TLS::Ciphersuite::mac_algo(), Botan::TLS::Ciphersuite::mac_keylen(), Botan::TLS::Session_Keys::nonce(), Botan::TLS::Ciphersuite::nonce_bytes_from_handshake(), Botan::TLS::Ciphersuite::nonce_bytes_from_record(), nonce_format(), and Botan::TLS::Ciphersuite::nonce_format().

Member Function Documentation

◆ aead()

AEAD_Mode & Botan::TLS::Connection_Cipher_State::aead ( )
inline

Definition at line 47 of file tls_record.h.

48 {
49 BOTAN_ASSERT_NONNULL(m_aead.get());
50 return *m_aead.get();
51 }
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:106

References BOTAN_ASSERT_NONNULL.

Referenced by Botan::TLS::write_record().

◆ aead_nonce() [1/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( const uint8_t  record[],
size_t  record_len,
uint64_t  seq 
)

Definition at line 121 of file tls_record.cpp.

122 {
123 switch(m_nonce_format)
124 {
125 case Nonce_Format::CBC_MODE:
126 {
127 if(nonce_bytes_from_record() == 0 && !m_nonce.empty())
128 {
129 std::vector<uint8_t> nonce;
130 nonce.swap(m_nonce);
131 return nonce;
132 }
133 if(record_len < nonce_bytes_from_record())
134 throw Decoding_Error("Invalid CBC packet too short to be valid");
135 std::vector<uint8_t> nonce(record, record + nonce_bytes_from_record());
136 return nonce;
137 }
138 case Nonce_Format::AEAD_XOR_12:
139 {
140 std::vector<uint8_t> nonce(12);
141 store_be(seq, nonce.data() + 4);
142 xor_buf(nonce, m_nonce.data(), m_nonce.size());
143 return nonce;
144 }
145 case Nonce_Format::AEAD_IMPLICIT_4:
146 {
147 BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
148 if(record_len < nonce_bytes_from_record())
149 throw Decoding_Error("Invalid AEAD packet too short to be valid");
150 std::vector<uint8_t> nonce(12);
151 copy_mem(&nonce[0], m_nonce.data(), 4);
152 copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record());
153 return nonce;
154 }
155 }
156
157 throw Invalid_State("Unknown nonce format specified");
158 }
Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record
size_t nonce_bytes_from_record() const
Definition: tls_record.h:63
Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake
size_t nonce_bytes_from_handshake() const
Definition: tls_record.h:62
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:126
Botan::xor_buf
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:255
Botan::store_be
constexpr void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:449

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::store_be(), and Botan::xor_buf().

◆ aead_nonce() [2/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( uint64_t  seq,
RandomNumberGenerator rng 
)

Definition at line 84 of file tls_record.cpp.

85 {
86 switch(m_nonce_format)
87 {
88 case Nonce_Format::CBC_MODE:
89 {
90 if(!m_nonce.empty())
91 {
92 std::vector<uint8_t> nonce;
93 nonce.swap(m_nonce);
94 return nonce;
95 }
96 std::vector<uint8_t> nonce(nonce_bytes_from_record());
97 rng.randomize(nonce.data(), nonce.size());
98 return nonce;
99 }
100 case Nonce_Format::AEAD_XOR_12:
101 {
102 std::vector<uint8_t> nonce(12);
103 store_be(seq, nonce.data() + 4);
104 xor_buf(nonce, m_nonce.data(), m_nonce.size());
105 return nonce;
106 }
107 case Nonce_Format::AEAD_IMPLICIT_4:
108 {
109 BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
110 std::vector<uint8_t> nonce(12);
111 copy_mem(&nonce[0], m_nonce.data(), 4);
112 store_be(seq, &nonce[nonce_bytes_from_handshake()]);
113 return nonce;
114 }
115 }
116
117 throw Invalid_State("Unknown nonce format specified");
118 }

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::xor_buf().

Referenced by Botan::TLS::write_record().

◆ format_ad()

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::format_ad ( uint64_t  seq,
Record_Type  type,
Protocol_Version  version,
uint16_t  ptext_length 
)

Definition at line 161 of file tls_record.cpp.

165 {
166 std::vector<uint8_t> ad(13);
167
168 store_be(msg_sequence, &ad[0]);
169 ad[8] = static_cast<uint8_t>(msg_type);
170 ad[9] = version.major_version();
171 ad[10] = version.minor_version();
172 ad[11] = get_byte<0>(msg_length);
173 ad[12] = get_byte<1>(msg_length);
174
175 return ad;
176 }

References Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), and Botan::store_be().

Referenced by Botan::TLS::write_record().

◆ nonce_bytes_from_handshake()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake ( ) const
inline

Definition at line 62 of file tls_record.h.

62{ return m_nonce_bytes_from_handshake; }

Referenced by aead_nonce(), and Botan::TLS::write_record().

◆ nonce_bytes_from_record()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record ( ) const
inline

Definition at line 63 of file tls_record.h.

63{ return m_nonce_bytes_from_record; }

Referenced by aead_nonce(), and Botan::TLS::write_record().

◆ nonce_format()

Nonce_Format Botan::TLS::Connection_Cipher_State::nonce_format ( ) const
inline

Definition at line 65 of file tls_record.h.

65{ return m_nonce_format; }

Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.6