Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Connection_Cipher_State Class Referencefinal

#include <tls_record.h>

Public Member Functions

AEAD_Modeaead ()
std::vector< uint8_t > aead_nonce (const uint8_t record[], size_t record_len, uint64_t seq)
std::vector< uint8_t > aead_nonce (uint64_t seq, RandomNumberGenerator &rng)
 Connection_Cipher_State (Connection_Cipher_State &&other)=delete
 Connection_Cipher_State (const Connection_Cipher_State &other)=delete
 Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys, bool uses_encrypt_then_mac)
std::vector< uint8_t > format_ad (uint64_t seq, Record_Type type, Protocol_Version version, uint16_t ptext_length)
size_t nonce_bytes_from_handshake () const
size_t nonce_bytes_from_record () const
Nonce_Format nonce_format () const
Connection_Cipher_Stateoperator= (Connection_Cipher_State &&other)=delete
Connection_Cipher_Stateoperator= (const Connection_Cipher_State &other)=delete
 ~Connection_Cipher_State ()

Detailed Description

TLS Cipher State

Definition at line 38 of file tls_record.h.

Constructor & Destructor Documentation

◆ Connection_Cipher_State() [1/3]

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( Protocol_Version version,
Connection_Side which_side,
bool is_our_side,
const Ciphersuite & suite,
const Session_Keys & keys,
bool uses_encrypt_then_mac )

Initialize a new cipher state

Definition at line 35 of file tls_record.cpp.

40 {
41 // NOLINTBEGIN(*-prefer-member-initializer)
42 m_nonce_format = suite.nonce_format();
43 m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version);
44 m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake();
45
46 const secure_vector<uint8_t>& aead_key = keys.aead_key(side);
47 m_nonce = keys.nonce(side);
48 // NOLINTEND(*-prefer-member-initializer)
49
50 BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake);
51
52 if(nonce_format() == Nonce_Format::CBC_MODE) {
53#if defined(BOTAN_HAS_TLS_CBC)
54 // legacy CBC+HMAC mode
55 auto mac = MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", suite.mac_algo()));
56 auto cipher = BlockCipher::create_or_throw(suite.cipher_algo());
57
58 if(our_side) {
59 m_aead = std::make_unique<TLS_CBC_HMAC_AEAD_Encryption>(std::move(cipher),
60 std::move(mac),
61 suite.cipher_keylen(),
62 suite.mac_keylen(),
63 version,
64 uses_encrypt_then_mac);
65 } else {
66 m_aead = std::make_unique<TLS_CBC_HMAC_AEAD_Decryption>(std::move(cipher),
67 std::move(mac),
68 suite.cipher_keylen(),
69 suite.mac_keylen(),
70 version,
71 uses_encrypt_then_mac);
72 }
73
74#else
75 BOTAN_UNUSED(uses_encrypt_then_mac);
76 throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite");
77#endif
78 } else if(nonce_format() == Nonce_Format::NULL_CIPHER) {
79#if defined(BOTAN_HAS_TLS_NULL)
80 auto mac = MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", suite.mac_algo()));
81
82 if(our_side) {
83 m_aead = std::make_unique<TLS_NULL_HMAC_AEAD_Encryption>(std::move(mac), suite.mac_keylen());
84 } else {
85 m_aead = std::make_unique<TLS_NULL_HMAC_AEAD_Decryption>(std::move(mac), suite.mac_keylen());
86 }
87#else
88 throw Internal_Error("Negotiated disabled TLS NULL ciphersuite");
89#endif
90 } else {
91 m_aead =
92 AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? Cipher_Dir::Encryption : Cipher_Dir::Decryption);
93 }
94
95 m_aead->set_key(aead_key);
96}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::AEAD_Mode::create_or_throw
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:49
Botan::BlockCipher::create_or_throw
static std::unique_ptr< BlockCipher > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition block_cipher.cpp:271
Botan::MessageAuthenticationCode::create_or_throw
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:147
Botan::TLS::Connection_Cipher_State::nonce_format
Nonce_Format nonce_format() const
Definition tls_record.h:73
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

References Botan::TLS::Session_Keys::aead_key(), BOTAN_ASSERT_NOMSG, BOTAN_UNUSED, Botan::TLS::CBC_MODE, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::cipher_keylen(), Botan::AEAD_Mode::create_or_throw(), Botan::BlockCipher::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::Encryption, Botan::fmt(), Botan::TLS::Ciphersuite::mac_algo(), Botan::TLS::Ciphersuite::mac_keylen(), Botan::TLS::Session_Keys::nonce(), Botan::TLS::Ciphersuite::nonce_bytes_from_handshake(), Botan::TLS::Ciphersuite::nonce_bytes_from_record(), Botan::TLS::Ciphersuite::nonce_format(), nonce_format(), and Botan::TLS::NULL_CIPHER.

Referenced by Connection_Cipher_State(), Connection_Cipher_State(), operator=(), and operator=().

◆ ~Connection_Cipher_State()

Botan::TLS::Connection_Cipher_State::~Connection_Cipher_State ( )
default

◆ Connection_Cipher_State() [2/3]

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( const Connection_Cipher_State & other)
delete

References Connection_Cipher_State().

◆ Connection_Cipher_State() [3/3]

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( Connection_Cipher_State && other)
delete

References Connection_Cipher_State().

Member Function Documentation

◆ aead()

AEAD_Mode & Botan::TLS::Connection_Cipher_State::aead ( )
inline

Definition at line 58 of file tls_record.h.

58 {
59 BOTAN_ASSERT_NONNULL(m_aead.get());
60 return *m_aead;
61 }
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114

References BOTAN_ASSERT_NONNULL.

Referenced by Botan::TLS::write_record().

◆ aead_nonce() [1/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( const uint8_t record[],
size_t record_len,
uint64_t seq )

Definition at line 131 of file tls_record.cpp.

131 {
132 switch(m_nonce_format) {
133 case Nonce_Format::NULL_CIPHER: {
134 return std::vector<uint8_t>{};
135 }
136 case Nonce_Format::CBC_MODE: {
137 if(nonce_bytes_from_record() == 0 && !m_nonce.empty()) {
138 std::vector<uint8_t> nonce;
139 nonce.swap(m_nonce);
140 return nonce;
141 }
142 if(record_len < nonce_bytes_from_record()) {
143 throw Decoding_Error("Invalid CBC packet too short to be valid");
144 }
145 std::vector<uint8_t> nonce(record, record + nonce_bytes_from_record());
146 return nonce;
147 }
148 case Nonce_Format::AEAD_XOR_12: {
149 std::vector<uint8_t> nonce(12);
150 store_be(seq, nonce.data() + 4);
151 xor_buf(nonce, m_nonce.data(), m_nonce.size());
152 return nonce;
153 }
154 case Nonce_Format::AEAD_IMPLICIT_4: {
155 BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
156 if(record_len < nonce_bytes_from_record()) {
157 throw Decoding_Error("Invalid AEAD packet too short to be valid");
158 }
159 std::vector<uint8_t> nonce(12);
160 copy_mem(&nonce[0], m_nonce.data(), 4); // NOLINT(*container-data-pointer)
161 copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record());
162 return nonce;
163 }
164 }
165
166 throw Invalid_State("Unknown nonce format specified");
167}
Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record
size_t nonce_bytes_from_record() const
Definition tls_record.h:71
Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake
size_t nonce_bytes_from_handshake() const
Definition tls_record.h:69
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144
Botan::xor_buf
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:341
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::TLS::NULL_CIPHER, Botan::store_be(), and Botan::xor_buf().

◆ aead_nonce() [2/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( uint64_t seq,
RandomNumberGenerator & rng )

Definition at line 98 of file tls_record.cpp.

98 {
99 switch(m_nonce_format) {
100 case Nonce_Format::NULL_CIPHER: {
101 return std::vector<uint8_t>{};
102 }
103 case Nonce_Format::CBC_MODE: {
104 if(!m_nonce.empty()) {
105 std::vector<uint8_t> nonce;
106 nonce.swap(m_nonce);
107 return nonce;
108 }
109 std::vector<uint8_t> nonce(nonce_bytes_from_record());
110 rng.randomize(nonce.data(), nonce.size());
111 return nonce;
112 }
113 case Nonce_Format::AEAD_XOR_12: {
114 std::vector<uint8_t> nonce(12);
115 store_be(seq, nonce.data() + 4);
116 xor_buf(nonce, m_nonce.data(), m_nonce.size());
117 return nonce;
118 }
119 case Nonce_Format::AEAD_IMPLICIT_4: {
120 BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
121 std::vector<uint8_t> nonce(12);
122 copy_mem(&nonce[0], m_nonce.data(), 4); // NOLINT(*container-data-pointer)
123 store_be(seq, &nonce[nonce_bytes_from_handshake()]);
124 return nonce;
125 }
126 }
127
128 throw Invalid_State("Unknown nonce format specified");
129}

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::TLS::NULL_CIPHER, Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::xor_buf().

Referenced by Botan::TLS::write_record().

◆ format_ad()

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::format_ad ( uint64_t seq,
Record_Type type,
Protocol_Version version,
uint16_t ptext_length )

Definition at line 169 of file tls_record.cpp.

172 {
173 std::vector<uint8_t> ad(13);
174
175 store_be(msg_sequence, &ad[0]); // NOLINT(*container-data-pointer)
176 ad[8] = static_cast<uint8_t>(msg_type);
177 ad[9] = version.major_version();
178 ad[10] = version.minor_version();
179 ad[11] = get_byte<0>(msg_length);
180 ad[12] = get_byte<1>(msg_length);
181
182 return ad;
183}
Botan::get_byte
constexpr uint8_t get_byte(T input)
Definition loadstor.h:79

References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), and Botan::store_be().

Referenced by Botan::TLS::write_record().

◆ nonce_bytes_from_handshake()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake ( ) const
inline

Definition at line 69 of file tls_record.h.

69{ return m_nonce_bytes_from_handshake; }

Referenced by aead_nonce(), aead_nonce(), and Botan::TLS::write_record().

◆ nonce_bytes_from_record()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record ( ) const
inline

Definition at line 71 of file tls_record.h.

71{ return m_nonce_bytes_from_record; }

Referenced by aead_nonce(), aead_nonce(), and Botan::TLS::write_record().

◆ nonce_format()

Nonce_Format Botan::TLS::Connection_Cipher_State::nonce_format ( ) const
inline

Definition at line 73 of file tls_record.h.

73{ return m_nonce_format; }

Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().

◆ operator=() [1/2]

Connection_Cipher_State & Botan::TLS::Connection_Cipher_State::operator= ( Connection_Cipher_State && other)
delete

References Connection_Cipher_State().

◆ operator=() [2/2]

Connection_Cipher_State & Botan::TLS::Connection_Cipher_State::operator= ( const Connection_Cipher_State & other)
delete

References Connection_Cipher_State().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0