Botan::TLS::Connection_Cipher_State Class Reference

#include <tls_record.h>

Public Member Functions
AEAD_Mode &	aead ()
std::vector< uint8_t >	aead_nonce (const uint8_t record[], size_t record_len, uint64_t seq)
std::vector< uint8_t >	aead_nonce (uint64_t seq, RandomNumberGenerator &rng)
	Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys, bool uses_encrypt_then_mac)
std::vector< uint8_t >	format_ad (uint64_t seq, Record_Type type, Protocol_Version version, uint16_t ptext_length)
size_t	nonce_bytes_from_handshake () const
size_t	nonce_bytes_from_record () const
Nonce_Format	nonce_format () const

Detailed Description

TLS Cipher State

Definition at line 32 of file tls_record.h.

Constructor & Destructor Documentation

Connection_Cipher_State()

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State	(	Protocol_Version	version,
		Connection_Side	which_side,
		bool	is_our_side,
		const Ciphersuite &	suite,
		const Session_Keys &	keys,
		bool	uses_encrypt_then_mac )

Initialize a new cipher state

Definition at line 30 of file tls_record.cpp.

                                                                             {
   // NOLINTBEGIN(*-prefer-member-initializer)
   m_nonce_format = suite.nonce_format();
   m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version);
   m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake();
 
   const secure_vector<uint8_t>& aead_key = keys.aead_key(side);
   m_nonce = keys.nonce(side);
   // NOLINTEND(*-prefer-member-initializer)
 
   BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake);
 
   if(nonce_format() == Nonce_Format::CBC_MODE) {
#if defined(BOTAN_HAS_TLS_CBC)
      // legacy CBC+HMAC mode
      auto mac = MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", suite.mac_algo()));
      auto cipher = BlockCipher::create_or_throw(suite.cipher_algo());
 
      if(our_side) {
         m_aead = std::make_unique<TLS_CBC_HMAC_AEAD_Encryption>(std::move(cipher),
                                                                 std::move(mac),
                                                                 suite.cipher_keylen(),
                                                                 suite.mac_keylen(),
                                                                 version,
                                                                 uses_encrypt_then_mac);
      } else {
         m_aead = std::make_unique<TLS_CBC_HMAC_AEAD_Decryption>(std::move(cipher),
                                                                 std::move(mac),
                                                                 suite.cipher_keylen(),
                                                                 suite.mac_keylen(),
                                                                 version,
                                                                 uses_encrypt_then_mac);
      }
 
#else
      BOTAN_UNUSED(uses_encrypt_then_mac);
      throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite");
#endif
   } else if(nonce_format() == Nonce_Format::NULL_CIPHER) {
#if defined(BOTAN_HAS_TLS_NULL)
      auto mac = MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", suite.mac_algo()));
 
      if(our_side) {
         m_aead = std::make_unique<TLS_NULL_HMAC_AEAD_Encryption>(std::move(mac), suite.mac_keylen());
      } else {
         m_aead = std::make_unique<TLS_NULL_HMAC_AEAD_Decryption>(std::move(mac), suite.mac_keylen());
      }
#else
      throw Internal_Error("Negotiated disabled TLS NULL ciphersuite");
#endif
   } else {
      m_aead =
         AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? Cipher_Dir::Encryption : Cipher_Dir::Decryption);
   }
 
   m_aead->set_key(aead_key);
}

References Botan::TLS::Session_Keys::aead_key(), BOTAN_ASSERT_NOMSG, BOTAN_UNUSED, Botan::TLS::CBC_MODE, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::cipher_keylen(), Botan::AEAD_Mode::create_or_throw(), Botan::BlockCipher::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::Encryption, Botan::fmt(), Botan::TLS::Ciphersuite::mac_algo(), Botan::TLS::Ciphersuite::mac_keylen(), Botan::TLS::Session_Keys::nonce(), Botan::TLS::Ciphersuite::nonce_bytes_from_handshake(), Botan::TLS::Ciphersuite::nonce_bytes_from_record(), Botan::TLS::Ciphersuite::nonce_format(), nonce_format(), and Botan::TLS::NULL_CIPHER.

Member Function Documentation

aead()

AEAD_Mode & Botan::TLS::Connection_Cipher_State::aead ( )

inline

Definition at line 44 of file tls_record.h.

                        {
         BOTAN_ASSERT_NONNULL(m_aead.get());
         return *m_aead;
      }

References BOTAN_ASSERT_NONNULL.

Referenced by Botan::TLS::write_record().

aead_nonce() [1/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce	(	const uint8_t	record[],
		size_t	record_len,
		uint64_t	seq )

Definition at line 126 of file tls_record.cpp.

                                                                                                              {
   switch(m_nonce_format) {
      case Nonce_Format::NULL_CIPHER: {
         return std::vector<uint8_t>{};
      }
      case Nonce_Format::CBC_MODE: {
         if(nonce_bytes_from_record() == 0 && !m_nonce.empty()) {
            std::vector<uint8_t> nonce;
            nonce.swap(m_nonce);
            return nonce;
         }
         if(record_len < nonce_bytes_from_record()) {
            throw Decoding_Error("Invalid CBC packet too short to be valid");
         }
         std::vector<uint8_t> nonce(record, record + nonce_bytes_from_record());
         return nonce;
      }
      case Nonce_Format::AEAD_XOR_12: {
         std::vector<uint8_t> nonce(12);
         store_be(seq, nonce.data() + 4);
         xor_buf(nonce, m_nonce.data(), m_nonce.size());
         return nonce;
      }
      case Nonce_Format::AEAD_IMPLICIT_4: {
         BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
         if(record_len < nonce_bytes_from_record()) {
            throw Decoding_Error("Invalid AEAD packet too short to be valid");
         }
         std::vector<uint8_t> nonce(12);
         copy_mem(&nonce[0], m_nonce.data(), 4);  // NOLINT(*container-data-pointer)
         copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record());
         return nonce;
      }
   }
 
   throw Invalid_State("Unknown nonce format specified");
}

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::TLS::NULL_CIPHER, Botan::store_be(), and Botan::xor_buf().

aead_nonce() [2/2]

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::aead_nonce	(	uint64_t	seq,
		RandomNumberGenerator &	rng )

Definition at line 93 of file tls_record.cpp.

                                                                                               {
   switch(m_nonce_format) {
      case Nonce_Format::NULL_CIPHER: {
         return std::vector<uint8_t>{};
      }
      case Nonce_Format::CBC_MODE: {
         if(!m_nonce.empty()) {
            std::vector<uint8_t> nonce;
            nonce.swap(m_nonce);
            return nonce;
         }
         std::vector<uint8_t> nonce(nonce_bytes_from_record());
         rng.randomize(nonce.data(), nonce.size());
         return nonce;
      }
      case Nonce_Format::AEAD_XOR_12: {
         std::vector<uint8_t> nonce(12);
         store_be(seq, nonce.data() + 4);
         xor_buf(nonce, m_nonce.data(), m_nonce.size());
         return nonce;
      }
      case Nonce_Format::AEAD_IMPLICIT_4: {
         BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
         std::vector<uint8_t> nonce(12);
         copy_mem(&nonce[0], m_nonce.data(), 4);  // NOLINT(*container-data-pointer)
         store_be(seq, &nonce[nonce_bytes_from_handshake()]);
         return nonce;
      }
   }
 
   throw Invalid_State("Unknown nonce format specified");
}

References Botan::TLS::AEAD_IMPLICIT_4, Botan::TLS::AEAD_XOR_12, BOTAN_ASSERT_NOMSG, Botan::TLS::CBC_MODE, Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::TLS::NULL_CIPHER, Botan::RandomNumberGenerator::randomize(), Botan::store_be(), and Botan::xor_buf().

Referenced by Botan::TLS::write_record().

format_ad()

std::vector< uint8_t > Botan::TLS::Connection_Cipher_State::format_ad	(	uint64_t	seq,
		Record_Type	type,
		Protocol_Version	version,
		uint16_t	ptext_length )

Definition at line 164 of file tls_record.cpp.

                                                                             {
   std::vector<uint8_t> ad(13);
 
   store_be(msg_sequence, &ad[0]);  // NOLINT(*container-data-pointer)
   ad[8] = static_cast<uint8_t>(msg_type);
   ad[9] = version.major_version();
   ad[10] = version.minor_version();
   ad[11] = get_byte<0>(msg_length);
   ad[12] = get_byte<1>(msg_length);
 
   return ad;
}

References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), and Botan::store_be().

Referenced by Botan::TLS::write_record().

nonce_bytes_from_handshake()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake ( ) const

inline

Definition at line 55 of file tls_record.h.

{ return m_nonce_bytes_from_handshake; }

Referenced by aead_nonce(), aead_nonce(), and Botan::TLS::write_record().

nonce_bytes_from_record()

size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record ( ) const

inline

Definition at line 57 of file tls_record.h.

{ return m_nonce_bytes_from_record; }

Referenced by aead_nonce(), aead_nonce(), and Botan::TLS::write_record().

nonce_format()

Nonce_Format Botan::TLS::Connection_Cipher_State::nonce_format ( ) const

inline

Definition at line 59 of file tls_record.h.

{ return m_nonce_format; }

Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls12/tls_record.h
• src/lib/tls/tls12/tls_record.cpp