Botan  2.8.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::TLS::Connection_Cipher_State Class Referencefinal

#include <tls_record.h>

Public Member Functions

AEAD_Modeaead ()
 
std::vector< uint8_t > aead_nonce (uint64_t seq, RandomNumberGenerator &rng)
 
std::vector< uint8_t > aead_nonce (const uint8_t record[], size_t record_len, uint64_t seq)
 
std::chrono::seconds age () const
 
 Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys, bool uses_encrypt_then_mac)
 
std::vector< uint8_t > format_ad (uint64_t seq, uint8_t type, Protocol_Version version, uint16_t ptext_length)
 
size_t nonce_bytes_from_handshake () const
 
size_t nonce_bytes_from_record () const
 
Nonce_Format nonce_format () const
 

Detailed Description

TLS Cipher State

Definition at line 32 of file tls_record.h.

Constructor & Destructor Documentation

◆ Connection_Cipher_State()

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( Protocol_Version  version,
Connection_Side  which_side,
bool  is_our_side,
const Ciphersuite suite,
const Session_Keys keys,
bool  uses_encrypt_then_mac 
)

Initialize a new cipher state

Definition at line 28 of file tls_record.cpp.

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, Botan::OctetString::bits_of(), Botan::TLS::CBC_MODE, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::cipher_keylen(), Botan::TLS::CLIENT, Botan::TLS::Session_Keys::client_cipher_key(), Botan::TLS::Session_Keys::client_iv(), Botan::TLS::Session_Keys::client_mac_key(), Botan::BlockCipher::create_or_throw(), Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::DECRYPTION, Botan::ENCRYPTION, Botan::TLS::Ciphersuite::mac_algo(), Botan::TLS::Ciphersuite::mac_keylen(), nonce_format(), Botan::TLS::Ciphersuite::nonce_format(), Botan::TLS::Session_Keys::server_cipher_key(), Botan::TLS::Session_Keys::server_iv(), Botan::TLS::Session_Keys::server_mac_key(), Botan::TLS::Protocol_Version::supports_explicit_cbc_ivs(), and Botan::unlock().

33  :
34  m_start_time(std::chrono::system_clock::now())
35  {
36  SymmetricKey mac_key, cipher_key;
38 
39  if(side == CLIENT)
40  {
41  cipher_key = keys.client_cipher_key();
42  iv = keys.client_iv();
43  mac_key = keys.client_mac_key();
44  }
45  else
46  {
47  cipher_key = keys.server_cipher_key();
48  iv = keys.server_iv();
49  mac_key = keys.server_mac_key();
50  }
51 
52  m_nonce = unlock(iv.bits_of());
53  m_nonce_bytes_from_handshake = m_nonce.size();
54  m_nonce_format = suite.nonce_format();
55 
57  {
58 #if defined(BOTAN_HAS_TLS_CBC)
59  // legacy CBC+HMAC mode
60  auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + suite.mac_algo() + ")");
61  auto cipher = BlockCipher::create_or_throw(suite.cipher_algo());
62 
63  if(our_side)
64  {
65  m_aead.reset(new TLS_CBC_HMAC_AEAD_Encryption(
66  std::move(cipher),
67  std::move(mac),
68  suite.cipher_keylen(),
69  suite.mac_keylen(),
70  version.supports_explicit_cbc_ivs(),
71  uses_encrypt_then_mac));
72  }
73  else
74  {
75  m_aead.reset(new TLS_CBC_HMAC_AEAD_Decryption(
76  std::move(cipher),
77  std::move(mac),
78  suite.cipher_keylen(),
79  suite.mac_keylen(),
80  version.supports_explicit_cbc_ivs(),
81  uses_encrypt_then_mac));
82  }
83 
84  m_aead->set_key(cipher_key + mac_key);
85 
86  m_nonce_bytes_from_record = 0;
87 
88  if(version.supports_explicit_cbc_ivs())
89  m_nonce_bytes_from_record = m_nonce_bytes_from_handshake;
90  else if(our_side == false)
91  m_aead->start(iv.bits_of());
92 #else
93  throw Exception("Negotiated disabled TLS CBC+HMAC ciphersuite");
94 #endif
95  }
96  else
97  {
98  m_aead = AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION);
99 
100  m_aead->set_key(cipher_key + mac_key);
101 
103  {
104  m_nonce_bytes_from_record = 8;
105  m_nonce.resize(m_nonce.size() + 8);
106  }
108  {
109  throw Invalid_State("Invalid AEAD nonce format used");
110  }
111  }
112  }
OctetString InitializationVector
Definition: symkey.h:141
Nonce_Format nonce_format() const
Definition: tls_record.h:58
OctetString SymmetricKey
Definition: symkey.h:136
static std::unique_ptr< BlockCipher > create_or_throw(const std::string &algo_spec, const std::string &provider="")
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:141
static std::unique_ptr< AEAD_Mode > create_or_throw(const std::string &algo, Cipher_Dir direction, const std::string &provider="")
Definition: aead.cpp:42

Member Function Documentation

◆ aead()

AEAD_Mode* Botan::TLS::Connection_Cipher_State::aead ( )
inline

Definition at line 45 of file tls_record.h.

Referenced by Botan::TLS::write_record().

45 { return m_aead.get(); }

◆ aead_nonce() [1/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( uint64_t  seq,
RandomNumberGenerator rng 
)

Definition at line 114 of file tls_record.cpp.

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, Botan::TLS::CBC_MODE, nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::xor_buf().

Referenced by Botan::TLS::write_record().

115  {
116  switch(m_nonce_format)
117  {
119  {
120  if(m_nonce.size())
121  {
122  std::vector<uint8_t> nonce;
123  nonce.swap(m_nonce);
124  return nonce;
125  }
126  std::vector<uint8_t> nonce(nonce_bytes_from_record());
127  rng.randomize(nonce.data(), nonce.size());
128  return nonce;
129  }
131  {
132  std::vector<uint8_t> nonce(12);
133  store_be(seq, nonce.data() + 4);
134  xor_buf(nonce, m_nonce.data(), m_nonce.size());
135  return nonce;
136  }
138  {
139  std::vector<uint8_t> nonce = m_nonce;
140  store_be(seq, &nonce[nonce_bytes_from_handshake()]);
141  return nonce;
142  }
143  }
144 
145  throw Invalid_State("Unknown nonce format specified");
146  }
size_t nonce_bytes_from_handshake() const
Definition: tls_record.h:55
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:434
size_t nonce_bytes_from_record() const
Definition: tls_record.h:56
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174

◆ aead_nonce() [2/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( const uint8_t  record[],
size_t  record_len,
uint64_t  seq 
)

Definition at line 149 of file tls_record.cpp.

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::store_be(), and Botan::xor_buf().

150  {
151  switch(m_nonce_format)
152  {
154  {
155  if(record_len < nonce_bytes_from_record())
156  throw Decoding_Error("Invalid CBC packet too short to be valid");
157  std::vector<uint8_t> nonce(record, record + nonce_bytes_from_record());
158  return nonce;
159  }
161  {
162  std::vector<uint8_t> nonce(12);
163  store_be(seq, nonce.data() + 4);
164  xor_buf(nonce, m_nonce.data(), m_nonce.size());
165  return nonce;
166  }
168  {
169  if(record_len < nonce_bytes_from_record())
170  throw Decoding_Error("Invalid AEAD packet too short to be valid");
171  std::vector<uint8_t> nonce = m_nonce;
173  return nonce;
174  }
175  }
176 
177  throw Invalid_State("Unknown nonce format specified");
178  }
size_t nonce_bytes_from_handshake() const
Definition: tls_record.h:55
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:434
size_t nonce_bytes_from_record() const
Definition: tls_record.h:56
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:108

◆ age()

std::chrono::seconds Botan::TLS::Connection_Cipher_State::age ( ) const
inline

Definition at line 60 of file tls_record.h.

61  {
62  return std::chrono::duration_cast<std::chrono::seconds>(
63  std::chrono::system_clock::now() - m_start_time);
64  }

◆ format_ad()

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::format_ad ( uint64_t  seq,
uint8_t  type,
Protocol_Version  version,
uint16_t  ptext_length 
)

Definition at line 181 of file tls_record.cpp.

References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), and Botan::store_be().

Referenced by Botan::TLS::write_record().

185  {
186  std::vector<uint8_t> ad(13);
187 
188  store_be(msg_sequence, &ad[0]);
189  ad[8] = msg_type;
190  ad[9] = version.major_version();
191  ad[10] = version.minor_version();
192  ad[11] = get_byte(0, msg_length);
193  ad[12] = get_byte(1, msg_length);
194 
195  return ad;
196  }
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:434
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39

◆ nonce_bytes_from_handshake()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake ( ) const
inline

Definition at line 55 of file tls_record.h.

Referenced by aead_nonce(), and Botan::TLS::write_record().

55 { return m_nonce_bytes_from_handshake; }

◆ nonce_bytes_from_record()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record ( ) const
inline

Definition at line 56 of file tls_record.h.

Referenced by aead_nonce(), and Botan::TLS::write_record().

56 { return m_nonce_bytes_from_record; }

◆ nonce_format()

Nonce_Format Botan::TLS::Connection_Cipher_State::nonce_format ( ) const
inline

Definition at line 58 of file tls_record.h.

Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().

58 { return m_nonce_format; }

The documentation for this class was generated from the following files: