Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Connection_Cipher_State Class Referencefinal

#include <tls_record.h>

Public Member Functions

AEAD_Modeaead ()
 
std::vector< uint8_t > aead_nonce (const uint8_t record[], size_t record_len, uint64_t seq)
 
std::vector< uint8_t > aead_nonce (uint64_t seq, RandomNumberGenerator &rng)
 
std::chrono::seconds age () const
 
 Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys, bool uses_encrypt_then_mac)
 
std::vector< uint8_t > format_ad (uint64_t seq, uint8_t type, Protocol_Version version, uint16_t ptext_length)
 
size_t nonce_bytes_from_handshake () const
 
size_t nonce_bytes_from_record () const
 
Nonce_Format nonce_format () const
 

Detailed Description

TLS Cipher State

Definition at line 32 of file tls_record.h.

Constructor & Destructor Documentation

◆ Connection_Cipher_State()

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( Protocol_Version  version,
Connection_Side  which_side,
bool  is_our_side,
const Ciphersuite suite,
const Session_Keys keys,
bool  uses_encrypt_then_mac 
)

Initialize a new cipher state

Definition at line 28 of file tls_record.cpp.

33 :
34 m_start_time(std::chrono::system_clock::now())
35 {
36 m_nonce_format = suite.nonce_format();
37 m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version);
38 m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake();
39
40 const secure_vector<uint8_t>& aead_key = keys.aead_key(side);
41 m_nonce = keys.nonce(side);
42
43 BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake);
44
46 {
47#if defined(BOTAN_HAS_TLS_CBC)
48 // legacy CBC+HMAC mode
49 auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + suite.mac_algo() + ")");
50 auto cipher = BlockCipher::create_or_throw(suite.cipher_algo());
51
52 if(our_side)
53 {
54 m_aead.reset(new TLS_CBC_HMAC_AEAD_Encryption(
55 std::move(cipher),
56 std::move(mac),
57 suite.cipher_keylen(),
58 suite.mac_keylen(),
59 version,
60 uses_encrypt_then_mac));
61 }
62 else
63 {
64 m_aead.reset(new TLS_CBC_HMAC_AEAD_Decryption(
65 std::move(cipher),
66 std::move(mac),
67 suite.cipher_keylen(),
68 suite.mac_keylen(),
69 version,
70 uses_encrypt_then_mac));
71 }
72
73#else
74 BOTAN_UNUSED(uses_encrypt_then_mac);
75 throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite");
76#endif
77 }
78 else
79 {
80 m_aead = AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION);
81 }
82
83 m_aead->set_key(aead_key);
84 }
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:68
#define BOTAN_UNUSED(...)
Definition: assert.h:142
static std::unique_ptr< AEAD_Mode > create_or_throw(const std::string &algo, Cipher_Dir direction, const std::string &provider="")
Definition: aead.cpp:50
static std::unique_ptr< BlockCipher > create_or_throw(const std::string &algo_spec, const std::string &provider="")
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:141
Nonce_Format nonce_format() const
Definition: tls_record.h:62
@ DECRYPTION
Definition: cipher_mode.h:23

References Botan::TLS::Session_Keys::aead_key(), BOTAN_ASSERT_NOMSG, BOTAN_UNUSED, Botan::TLS::CBC_MODE, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::cipher_keylen(), Botan::AEAD_Mode::create_or_throw(), Botan::BlockCipher::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::DECRYPTION, Botan::ENCRYPTION, Botan::TLS::Ciphersuite::mac_algo(), Botan::TLS::Ciphersuite::mac_keylen(), Botan::TLS::Session_Keys::nonce(), Botan::TLS::Ciphersuite::nonce_bytes_from_handshake(), Botan::TLS::Ciphersuite::nonce_bytes_from_record(), Botan::TLS::Ciphersuite::nonce_format(), and nonce_format().

Member Function Documentation

◆ aead()

AEAD_Mode & Botan::TLS::Connection_Cipher_State::aead ( )
inline

Definition at line 45 of file tls_record.h.

46 {
47 BOTAN_ASSERT_NONNULL(m_aead.get());
48 return *m_aead.get();
49 }
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:107

References BOTAN_ASSERT_NONNULL.

Referenced by Botan::TLS::write_record().

◆ aead_nonce() [1/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( const uint8_t  record[],
size_t  record_len,
uint64_t  seq 
)

Definition at line 123 of file tls_record.cpp.

124 {
125 switch(m_nonce_format)
126 {
128 {
129 if(nonce_bytes_from_record() == 0 && m_nonce.size())
130 {
131 std::vector<uint8_t> nonce;
132 nonce.swap(m_nonce);
133 return nonce;
134 }
135 if(record_len < nonce_bytes_from_record())
136 throw Decoding_Error("Invalid CBC packet too short to be valid");
137 std::vector<uint8_t> nonce(record, record + nonce_bytes_from_record());
138 return nonce;
139 }
141 {
142 std::vector<uint8_t> nonce(12);
143 store_be(seq, nonce.data() + 4);
144 xor_buf(nonce, m_nonce.data(), m_nonce.size());
145 return nonce;
146 }
148 {
149 BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
150 if(record_len < nonce_bytes_from_record())
151 throw Decoding_Error("Invalid AEAD packet too short to be valid");
152 std::vector<uint8_t> nonce(12);
153 copy_mem(&nonce[0], m_nonce.data(), 4);
155 return nonce;
156 }
157 }
158
159 throw Invalid_State("Unknown nonce format specified");
160 }
size_t nonce_bytes_from_record() const
Definition: tls_record.h:60
size_t nonce_bytes_from_handshake() const
Definition: tls_record.h:59
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:438
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:133
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:262

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::store_be(), and Botan::xor_buf().

◆ aead_nonce() [2/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce ( uint64_t  seq,
RandomNumberGenerator rng 
)

Definition at line 86 of file tls_record.cpp.

87 {
88 switch(m_nonce_format)
89 {
91 {
92 if(m_nonce.size())
93 {
94 std::vector<uint8_t> nonce;
95 nonce.swap(m_nonce);
96 return nonce;
97 }
98 std::vector<uint8_t> nonce(nonce_bytes_from_record());
99 rng.randomize(nonce.data(), nonce.size());
100 return nonce;
101 }
103 {
104 std::vector<uint8_t> nonce(12);
105 store_be(seq, nonce.data() + 4);
106 xor_buf(nonce, m_nonce.data(), m_nonce.size());
107 return nonce;
108 }
110 {
111 BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
112 std::vector<uint8_t> nonce(12);
113 copy_mem(&nonce[0], m_nonce.data(), 4);
114 store_be(seq, &nonce[nonce_bytes_from_handshake()]);
115 return nonce;
116 }
117 }
118
119 throw Invalid_State("Unknown nonce format specified");
120 }

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::xor_buf().

Referenced by Botan::TLS::write_record().

◆ age()

std::chrono::seconds Botan::TLS::Connection_Cipher_State::age ( ) const
inline

Definition at line 64 of file tls_record.h.

65 {
66 return std::chrono::duration_cast<std::chrono::seconds>(
67 std::chrono::system_clock::now() - m_start_time);
68 }

◆ format_ad()

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::format_ad ( uint64_t  seq,
uint8_t  type,
Protocol_Version  version,
uint16_t  ptext_length 
)

Definition at line 163 of file tls_record.cpp.

167 {
168 std::vector<uint8_t> ad(13);
169
170 store_be(msg_sequence, &ad[0]);
171 ad[8] = msg_type;
172 ad[9] = version.major_version();
173 ad[10] = version.minor_version();
174 ad[11] = get_byte(0, msg_length);
175 ad[12] = get_byte(1, msg_length);
176
177 return ad;
178 }
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:41

References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), and Botan::store_be().

Referenced by Botan::TLS::write_record().

◆ nonce_bytes_from_handshake()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake ( ) const
inline

Definition at line 59 of file tls_record.h.

59{ return m_nonce_bytes_from_handshake; }

Referenced by aead_nonce(), and Botan::TLS::write_record().

◆ nonce_bytes_from_record()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record ( ) const
inline

Definition at line 60 of file tls_record.h.

60{ return m_nonce_bytes_from_record; }

Referenced by aead_nonce(), and Botan::TLS::write_record().

◆ nonce_format()

Nonce_Format Botan::TLS::Connection_Cipher_State::nonce_format ( ) const
inline

Definition at line 62 of file tls_record.h.

62{ return m_nonce_format; }

Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().


The documentation for this class was generated from the following files: