Botan 2.19.0
Crypto and TLS for C&
Namespaces | Classes | Typedefs | Enumerations | Functions
Botan::TLS Namespace Reference

Namespaces

namespace  detail
 

Classes

class  Alert
 
class  Application_Layer_Protocol_Notification
 
class  Blocking_Client
 
struct  BotanAlertCategory
 An error category for TLS alerts. More...
 
class  BSI_TR_02102_2
 
class  Callbacks
 
class  Certificate
 
class  Certificate_Req
 
class  Certificate_Status
 
class  Certificate_Status_Request
 
class  Certificate_Verify
 
class  Change_Cipher_Spec
 
class  Channel
 
class  Ciphersuite
 
class  Client
 
class  Client_Hello
 
class  Client_Key_Exchange
 
class  Compat_Callbacks
 
class  Connection_Cipher_State
 
class  Connection_Sequence_Numbers
 
class  Context
 
class  Datagram_Handshake_IO
 
class  Datagram_Policy
 
class  Datagram_Sequence_Numbers
 
class  Encrypt_then_MAC
 
class  Extended_Master_Secret
 
class  Extension
 
class  Extensions
 
class  Finished
 
class  Handshake_Hash
 
class  Handshake_IO
 
class  Handshake_Message
 
class  Handshake_State
 
class  Hello_Request
 
class  Hello_Verify_Request
 
class  New_Session_Ticket
 
class  NSA_Suite_B_128
 
class  NSA_Suite_B_192
 
class  Policy
 
class  Protocol_Version
 
class  Record_Header
 
class  Renegotiation_Extension
 
class  Server
 
class  Server_Hello
 
class  Server_Hello_Done
 
class  Server_Information
 
class  Server_Key_Exchange
 
class  Server_Name_Indicator
 
class  Session
 
class  Session_Keys
 
class  Session_Manager
 
class  Session_Manager_In_Memory
 
class  Session_Manager_Noop
 
class  Session_Manager_SQL
 
class  Session_Manager_SQLite
 
class  Session_Ticket
 
class  Signature_Algorithms
 
class  SRTP_Protection_Profiles
 
class  Stream
 boost::asio compatible SSL/TLS stream More...
 
class  Stream_Handshake_IO
 
class  Stream_Sequence_Numbers
 
struct  StreamCategory
 An error category for errors from the TLS::Stream. More...
 
class  Strict_Policy
 
class  Supported_Groups
 
class  Supported_Point_Formats
 
class  Supported_Versions
 
class  Text_Policy
 
class  TLS_CBC_HMAC_AEAD_Decryption
 
class  TLS_CBC_HMAC_AEAD_Encryption
 
class  TLS_CBC_HMAC_AEAD_Mode
 
class  TLS_Data_Reader
 
class  TLS_Exception
 
class  Unexpected_Message
 
class  Unknown_Extension
 

Typedefs

typedef Policy Default_Policy
 
typedef std::function< std::shared_ptr< Connection_Cipher_State >(uint16_t)> get_cipherstate_fn
 

Enumerations

enum  { TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF , TLS_FALLBACK_SCSV = 0x5600 }
 
enum class  Auth_Method {
  RSA , DSA , ECDSA , IMPLICIT = 0x10000 ,
  ANONYMOUS
}
 
enum class  Cipher_Algo {
  CHACHA20_POLY1305 , AES_128_CBC_HMAC_SHA1 = 100 , AES_128_CBC_HMAC_SHA256 , AES_128_CCM ,
  AES_128_CCM_8 , AES_128_GCM , AES_128_OCB , AES_256_CBC_HMAC_SHA1 = 200 ,
  AES_256_CBC_HMAC_SHA256 , AES_256_CBC_HMAC_SHA384 , AES_256_CCM , AES_256_CCM_8 ,
  AES_256_GCM , AES_256_OCB , CAMELLIA_128_CBC_HMAC_SHA1 = 300 , CAMELLIA_128_CBC_HMAC_SHA256 ,
  CAMELLIA_128_GCM , CAMELLIA_256_CBC_HMAC_SHA1 = 400 , CAMELLIA_256_CBC_HMAC_SHA256 , CAMELLIA_256_CBC_HMAC_SHA384 ,
  CAMELLIA_256_GCM , ARIA_128_GCM = 500 , ARIA_256_GCM , DES_EDE_CBC_HMAC_SHA1 = 1000 ,
  SEED_CBC_HMAC_SHA1
}
 
enum  Connection_Side { CLIENT = 1 , SERVER = 2 }
 
enum class  Group_Params : uint16_t {
  NONE = 0 , SECP256R1 = 23 , SECP384R1 = 24 , SECP521R1 = 25 ,
  BRAINPOOL256R1 = 26 , BRAINPOOL384R1 = 27 , BRAINPOOL512R1 = 28 , X25519 = 29 ,
  FFDHE_2048 = 256 , FFDHE_3072 = 257 , FFDHE_4096 = 258 , FFDHE_6144 = 259 ,
  FFDHE_8192 = 260
}
 
enum  Handshake_Extension_Type {
  TLSEXT_SERVER_NAME_INDICATION = 0 , TLSEXT_CERT_STATUS_REQUEST = 5 , TLSEXT_CERTIFICATE_TYPES = 9 , TLSEXT_SUPPORTED_GROUPS = 10 ,
  TLSEXT_EC_POINT_FORMATS = 11 , TLSEXT_SRP_IDENTIFIER = 12 , TLSEXT_SIGNATURE_ALGORITHMS = 13 , TLSEXT_USE_SRTP = 14 ,
  TLSEXT_ALPN = 16 , TLSEXT_ENCRYPT_THEN_MAC = 22 , TLSEXT_EXTENDED_MASTER_SECRET = 23 , TLSEXT_SESSION_TICKET = 35 ,
  TLSEXT_SUPPORTED_VERSIONS = 43 , TLSEXT_SAFE_RENEGOTIATION = 65281
}
 
enum  Handshake_Type {
  HELLO_REQUEST = 0 , CLIENT_HELLO = 1 , SERVER_HELLO = 2 , HELLO_VERIFY_REQUEST = 3 ,
  NEW_SESSION_TICKET = 4 , CERTIFICATE = 11 , SERVER_KEX = 12 , CERTIFICATE_REQUEST = 13 ,
  SERVER_HELLO_DONE = 14 , CERTIFICATE_VERIFY = 15 , CLIENT_KEX = 16 , FINISHED = 20 ,
  CERTIFICATE_URL = 21 , CERTIFICATE_STATUS = 22 , HANDSHAKE_CCS = 254 , HANDSHAKE_NONE = 255
}
 
enum class  KDF_Algo { SHA_1 , SHA_256 , SHA_384 }
 
enum class  Kex_Algo {
  STATIC_RSA , DH , ECDH , CECPQ1 ,
  SRP_SHA , PSK , DHE_PSK , ECDHE_PSK
}
 
enum class  Nonce_Format { CBC_MODE , AEAD_IMPLICIT_4 , AEAD_XOR_12 }
 
enum  Record_Type {
  CHANGE_CIPHER_SPEC = 20 , ALERT = 21 , HANDSHAKE = 22 , APPLICATION_DATA = 23 ,
  NO_RECORD = 256
}
 
enum class  Signature_Scheme : uint16_t {
  NONE = 0x0000 , RSA_PKCS1_SHA1 = 0x0201 , RSA_PKCS1_SHA256 = 0x0401 , RSA_PKCS1_SHA384 = 0x0501 ,
  RSA_PKCS1_SHA512 = 0x0601 , DSA_SHA1 = 0x0202 , DSA_SHA256 = 0x0402 , DSA_SHA384 = 0x0502 ,
  DSA_SHA512 = 0x0602 , ECDSA_SHA1 = 0x0203 , ECDSA_SHA256 = 0x0403 , ECDSA_SHA384 = 0x0503 ,
  ECDSA_SHA512 = 0x0603 , RSA_PSS_SHA256 = 0x0804 , RSA_PSS_SHA384 = 0x0805 , RSA_PSS_SHA512 = 0x0806 ,
  EDDSA_25519 = 0x0807 , EDDSA_448 = 0x0808
}
 
enum  Size_Limits {
  TLS_HEADER_SIZE = 5 , DTLS_HEADER_SIZE = TLS_HEADER_SIZE + 8 , MAX_PLAINTEXT_SIZE = 16*1024 , MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024 ,
  MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024
}
 
enum  StreamError { StreamTruncated = 1 }
 

Functions

const std::vector< Signature_Scheme > & all_signature_schemes ()
 
template<typename Alloc >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::string &str, size_t tag_size)
 
template<typename T , typename Alloc , typename Alloc2 >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::vector< T, Alloc2 > &vals, size_t tag_size)
 
template<typename T , typename Alloc >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
 
Auth_Method auth_method_from_string (const std::string &str)
 
std::string auth_method_to_string (Auth_Method method)
 
const BotanAlertCategorybotan_alert_category () noexcept
 
const StreamCategorybotan_stream_category ()
 
uint16_t check_tls_cbc_padding (const uint8_t record[], size_t record_len)
 
Group_Params group_param_from_string (const std::string &group_name)
 
bool group_param_is_dh (Group_Params group)
 
std::string group_param_to_string (Group_Params group)
 
const char * handshake_type_to_string (Handshake_Type type)
 
std::string hash_function_of_scheme (Signature_Scheme scheme)
 
std::string kdf_algo_to_string (KDF_Algo algo)
 
Kex_Algo kex_method_from_string (const std::string &str)
 
std::string kex_method_to_string (Kex_Algo method)
 
bool key_exchange_is_psk (Kex_Algo m)
 
boost::system::error_code make_error_code (Botan::TLS::Alert::Type c)
 
boost::system::error_code make_error_code (Botan::TLS::StreamError e)
 
std::vector< uint8_t > make_hello_random (RandomNumberGenerator &rng, const Policy &policy)
 
bool operator!= (const Server_Information &a, const Server_Information &b)
 
bool operator< (const Server_Information &a, const Server_Information &b)
 
bool operator== (const Server_Information &a, const Server_Information &b)
 
std::string padding_string_for_scheme (Signature_Scheme scheme)
 
Record_Header read_record (bool is_datagram, secure_vector< uint8_t > &readbuf, const uint8_t input[], size_t input_len, size_t &consumed, secure_vector< uint8_t > &recbuf, Connection_Sequence_Numbers *sequence_numbers, get_cipherstate_fn get_cipherstate, bool allow_epoch0_restart)
 
std::string sig_scheme_to_string (Signature_Scheme scheme)
 
std::string signature_algorithm_of_scheme (Signature_Scheme scheme)
 
bool signature_scheme_is_known (Signature_Scheme scheme)
 
void write_record (secure_vector< uint8_t > &output, uint8_t record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len, Connection_Cipher_State &cs, RandomNumberGenerator &rng)
 
void write_unencrypted_record (secure_vector< uint8_t > &output, uint8_t record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len)
 

Typedef Documentation

◆ Default_Policy

Definition at line 344 of file tls_policy.h.

◆ get_cipherstate_fn

typedef std::function<std::shared_ptr<Connection_Cipher_State>(uint16_t)> Botan::TLS::get_cipherstate_fn

Definition at line 168 of file tls_record.h.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
TLS_EMPTY_RENEGOTIATION_INFO_SCSV 
TLS_FALLBACK_SCSV 

Definition at line 28 of file msg_client_hello.cpp.

28 {
30 TLS_FALLBACK_SCSV = 0x5600
31};
@ TLS_EMPTY_RENEGOTIATION_INFO_SCSV

◆ Auth_Method

enum class Botan::TLS::Auth_Method
strong
Enumerator
RSA 
DSA 
ECDSA 
IMPLICIT 
ANONYMOUS 

Definition at line 70 of file tls_algos.h.

70 {
71 RSA,
72 DSA,
73 ECDSA,
74
75 // These are placed outside the encodable range
76 IMPLICIT = 0x10000,
78};

◆ Cipher_Algo

enum class Botan::TLS::Cipher_Algo
strong
Enumerator
CHACHA20_POLY1305 
AES_128_CBC_HMAC_SHA1 
AES_128_CBC_HMAC_SHA256 
AES_128_CCM 
AES_128_CCM_8 
AES_128_GCM 
AES_128_OCB 
AES_256_CBC_HMAC_SHA1 
AES_256_CBC_HMAC_SHA256 
AES_256_CBC_HMAC_SHA384 
AES_256_CCM 
AES_256_CCM_8 
AES_256_GCM 
AES_256_OCB 
CAMELLIA_128_CBC_HMAC_SHA1 
CAMELLIA_128_CBC_HMAC_SHA256 
CAMELLIA_128_GCM 
CAMELLIA_256_CBC_HMAC_SHA1 
CAMELLIA_256_CBC_HMAC_SHA256 
CAMELLIA_256_CBC_HMAC_SHA384 
CAMELLIA_256_GCM 
ARIA_128_GCM 
ARIA_256_GCM 
DES_EDE_CBC_HMAC_SHA1 
SEED_CBC_HMAC_SHA1 

Definition at line 20 of file tls_algos.h.

20 {
22
29
37
41
46
47 ARIA_128_GCM = 500,
49
52};

◆ Connection_Side

Enumerator
CLIENT 
SERVER 

Definition at line 32 of file tls_magic.h.

32{ CLIENT = 1, SERVER = 2 };

◆ Group_Params

enum class Botan::TLS::Group_Params : uint16_t
strong
Enumerator
NONE 
SECP256R1 
SECP384R1 
SECP521R1 
BRAINPOOL256R1 
BRAINPOOL384R1 
BRAINPOOL512R1 
X25519 
FFDHE_2048 
FFDHE_3072 
FFDHE_4096 
FFDHE_6144 
FFDHE_8192 

Definition at line 123 of file tls_algos.h.

◆ Handshake_Extension_Type

Enumerator
TLSEXT_SERVER_NAME_INDICATION 
TLSEXT_CERT_STATUS_REQUEST 
TLSEXT_CERTIFICATE_TYPES 
TLSEXT_SUPPORTED_GROUPS 
TLSEXT_EC_POINT_FORMATS 
TLSEXT_SRP_IDENTIFIER 
TLSEXT_SIGNATURE_ALGORITHMS 
TLSEXT_USE_SRTP 
TLSEXT_ALPN 
TLSEXT_ENCRYPT_THEN_MAC 
TLSEXT_EXTENDED_MASTER_SECRET 
TLSEXT_SESSION_TICKET 
TLSEXT_SUPPORTED_VERSIONS 
TLSEXT_SAFE_RENEGOTIATION 

Definition at line 32 of file tls_extensions.h.

32 {
35
41 TLSEXT_USE_SRTP = 14,
42 TLSEXT_ALPN = 16,
43
46
48
50
52};
@ TLSEXT_ENCRYPT_THEN_MAC
@ TLSEXT_SIGNATURE_ALGORITHMS
@ TLSEXT_CERTIFICATE_TYPES
@ TLSEXT_SUPPORTED_VERSIONS
@ TLSEXT_CERT_STATUS_REQUEST
@ TLSEXT_SRP_IDENTIFIER
@ TLSEXT_SERVER_NAME_INDICATION
@ TLSEXT_SESSION_TICKET
@ TLSEXT_SAFE_RENEGOTIATION
@ TLSEXT_SUPPORTED_GROUPS
@ TLSEXT_EXTENDED_MASTER_SECRET
@ TLSEXT_EC_POINT_FORMATS

◆ Handshake_Type

Enumerator
HELLO_REQUEST 
CLIENT_HELLO 
SERVER_HELLO 
HELLO_VERIFY_REQUEST 
NEW_SESSION_TICKET 
CERTIFICATE 
SERVER_KEX 
CERTIFICATE_REQUEST 
SERVER_HELLO_DONE 
CERTIFICATE_VERIFY 
CLIENT_KEX 
FINISHED 
CERTIFICATE_URL 
CERTIFICATE_STATUS 
HANDSHAKE_CCS 
HANDSHAKE_NONE 

Definition at line 45 of file tls_magic.h.

45 {
46 HELLO_REQUEST = 0,
47 CLIENT_HELLO = 1,
48 SERVER_HELLO = 2,
50 NEW_SESSION_TICKET = 4, // RFC 5077
51 CERTIFICATE = 11,
52 SERVER_KEX = 12,
56 CLIENT_KEX = 16,
57 FINISHED = 20,
58
59 CERTIFICATE_URL = 21,
61
62 HANDSHAKE_CCS = 254, // Not a wire value
63 HANDSHAKE_NONE = 255 // Null value
64};
@ HELLO_VERIFY_REQUEST
Definition: tls_magic.h:49
@ CLIENT_KEX
Definition: tls_magic.h:56
@ HANDSHAKE_CCS
Definition: tls_magic.h:62
@ CERTIFICATE_URL
Definition: tls_magic.h:59
@ SERVER_HELLO
Definition: tls_magic.h:48
@ NEW_SESSION_TICKET
Definition: tls_magic.h:50
@ SERVER_HELLO_DONE
Definition: tls_magic.h:54
@ HELLO_REQUEST
Definition: tls_magic.h:46
@ CERTIFICATE_REQUEST
Definition: tls_magic.h:53
@ CERTIFICATE
Definition: tls_magic.h:51
@ CERTIFICATE_STATUS
Definition: tls_magic.h:60
@ CERTIFICATE_VERIFY
Definition: tls_magic.h:55
@ HANDSHAKE_NONE
Definition: tls_magic.h:63
@ SERVER_KEX
Definition: tls_magic.h:52
@ CLIENT_HELLO
Definition: tls_magic.h:47

◆ KDF_Algo

enum class Botan::TLS::KDF_Algo
strong
Enumerator
SHA_1 
SHA_256 
SHA_384 

Definition at line 54 of file tls_algos.h.

54 {
55 SHA_1,
56 SHA_256,
57 SHA_384,
58};
SHA_160 SHA_1
Definition: sha160.h:71

◆ Kex_Algo

enum class Botan::TLS::Kex_Algo
strong
Enumerator
STATIC_RSA 
DH 
ECDH 
CECPQ1 
SRP_SHA 
PSK 
DHE_PSK 
ECDHE_PSK 

Definition at line 146 of file tls_algos.h.

◆ Nonce_Format

enum class Botan::TLS::Nonce_Format
strong
Enumerator
CBC_MODE 
AEAD_IMPLICIT_4 
AEAD_XOR_12 

Definition at line 62 of file tls_algos.h.

◆ Record_Type

Enumerator
CHANGE_CIPHER_SPEC 
ALERT 
HANDSHAKE 
APPLICATION_DATA 
NO_RECORD 

Definition at line 35 of file tls_magic.h.

35 {
37 ALERT = 21,
38 HANDSHAKE = 22,
40
41 NO_RECORD = 256
42};
@ CHANGE_CIPHER_SPEC
Definition: tls_magic.h:36
@ APPLICATION_DATA
Definition: tls_magic.h:39

◆ Signature_Scheme

enum class Botan::TLS::Signature_Scheme : uint16_t
strong
Enumerator
NONE 
RSA_PKCS1_SHA1 
RSA_PKCS1_SHA256 
RSA_PKCS1_SHA384 
RSA_PKCS1_SHA512 
DSA_SHA1 
DSA_SHA256 
DSA_SHA384 
DSA_SHA512 
ECDSA_SHA1 
ECDSA_SHA256 
ECDSA_SHA384 
ECDSA_SHA512 
RSA_PSS_SHA256 
RSA_PSS_SHA384 
RSA_PSS_SHA512 
EDDSA_25519 
EDDSA_448 

Definition at line 86 of file tls_algos.h.

◆ Size_Limits

Protocol Constants for SSL/TLS

Enumerator
TLS_HEADER_SIZE 
DTLS_HEADER_SIZE 
MAX_PLAINTEXT_SIZE 
MAX_COMPRESSED_SIZE 
MAX_CIPHERTEXT_SIZE 

Definition at line 22 of file tls_magic.h.

22 {
25
26 MAX_PLAINTEXT_SIZE = 16*1024,
29};
@ MAX_CIPHERTEXT_SIZE
Definition: tls_magic.h:28
@ MAX_PLAINTEXT_SIZE
Definition: tls_magic.h:26
@ TLS_HEADER_SIZE
Definition: tls_magic.h:23
@ MAX_COMPRESSED_SIZE
Definition: tls_magic.h:27
@ DTLS_HEADER_SIZE
Definition: tls_magic.h:24

◆ StreamError

Enumerator
StreamTruncated 

Definition at line 33 of file asio_error.h.

34 {
36 };
@ StreamTruncated
Definition: asio_error.h:35

Function Documentation

◆ all_signature_schemes()

BOTAN_UNSTABLE_API const std::vector< Signature_Scheme > & Botan::TLS::all_signature_schemes ( )

Definition at line 229 of file tls_algos.cpp.

230 {
231 /*
232 * This is ordered in some approximate order of preference
233 */
234 static const std::vector<Signature_Scheme> all_schemes = {
235 //Signature_Scheme::EDDSA_448,
236 //Signature_Scheme::EDDSA_25519,
237
238 Signature_Scheme::RSA_PSS_SHA384,
239 Signature_Scheme::RSA_PSS_SHA256,
240 Signature_Scheme::RSA_PSS_SHA512,
241
242 Signature_Scheme::RSA_PKCS1_SHA384,
243 Signature_Scheme::RSA_PKCS1_SHA512,
244 Signature_Scheme::RSA_PKCS1_SHA256,
245
246 Signature_Scheme::ECDSA_SHA384,
247 Signature_Scheme::ECDSA_SHA512,
248 Signature_Scheme::ECDSA_SHA256,
249
250 Signature_Scheme::DSA_SHA384,
251 Signature_Scheme::DSA_SHA512,
252 Signature_Scheme::DSA_SHA256,
253
254 Signature_Scheme::RSA_PKCS1_SHA1,
255 Signature_Scheme::ECDSA_SHA1,
256 Signature_Scheme::DSA_SHA1,
257 };
258
259 return all_schemes;
260 }

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes().

◆ append_tls_length_value() [1/3]

template<typename Alloc >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const std::string &  str,
size_t  tag_size 
)

Definition at line 217 of file tls_reader.h.

220 {
222 cast_char_ptr_to_uint8(str.data()),
223 str.size(),
224 tag_size);
225 }
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const std::string &str, size_t tag_size)
Definition: tls_reader.h:217
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:190

References append_tls_length_value(), and Botan::cast_char_ptr_to_uint8().

◆ append_tls_length_value() [2/3]

template<typename T , typename Alloc , typename Alloc2 >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const std::vector< T, Alloc2 > &  vals,
size_t  tag_size 
)

Definition at line 209 of file tls_reader.h.

212 {
213 append_tls_length_value(buf, vals.data(), vals.size(), tag_size);
214 }

References append_tls_length_value().

◆ append_tls_length_value() [3/3]

template<typename T , typename Alloc >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const T vals,
size_t  vals_size,
size_t  tag_size 
)

Helper function for encoding length-tagged vectors

Definition at line 185 of file tls_reader.h.

189 {
190 const size_t T_size = sizeof(T);
191 const size_t val_bytes = T_size * vals_size;
192
193 if(tag_size != 1 && tag_size != 2)
194 throw Invalid_Argument("append_tls_length_value: invalid tag size");
195
196 if((tag_size == 1 && val_bytes > 255) ||
197 (tag_size == 2 && val_bytes > 65535))
198 throw Invalid_Argument("append_tls_length_value: value too large");
199
200 for(size_t i = 0; i != tag_size; ++i)
201 buf.push_back(get_byte(sizeof(val_bytes)-tag_size+i, val_bytes));
202
203 for(size_t i = 0; i != vals_size; ++i)
204 for(size_t j = 0; j != T_size; ++j)
205 buf.push_back(get_byte(j, vals[i]));
206 }
fe T
Definition: ge.cpp:37
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:41

References Botan::get_byte(), and T.

Referenced by append_tls_length_value(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Client_Hello::cookie_input_data(), Botan::TLS::Renegotiation_Extension::serialize(), Botan::TLS::Application_Layer_Protocol_Notification::serialize(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ auth_method_from_string()

Auth_Method BOTAN_TEST_API Botan::TLS::auth_method_from_string ( const std::string &  str)

Definition at line 102 of file tls_algos.cpp.

103 {
104 if(str == "RSA")
105 return Auth_Method::RSA;
106 if(str == "DSA")
107 return Auth_Method::DSA;
108 if(str == "ECDSA")
109 return Auth_Method::ECDSA;
110 if(str == "IMPLICIT")
111 return Auth_Method::IMPLICIT;
112 if(str == "ANONYMOUS" || str == "")
113 return Auth_Method::ANONYMOUS;
114
115 throw Invalid_Argument("Bad signature method " + str);
116 }

References ANONYMOUS, DSA, ECDSA, IMPLICIT, and RSA.

◆ auth_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::auth_method_to_string ( Auth_Method  method)

Definition at line 83 of file tls_algos.cpp.

84 {
85 switch(method)
86 {
87 case Auth_Method::RSA:
88 return "RSA";
89 case Auth_Method::DSA:
90 return "DSA";
91 case Auth_Method::ECDSA:
92 return "ECDSA";
93 case Auth_Method::IMPLICIT:
94 return "IMPLICIT";
95 case Auth_Method::ANONYMOUS:
96 return "ANONYMOUS";
97 }
98
99 throw Invalid_State("auth_method_to_string unknown enum value");
100 }

References ANONYMOUS, DSA, ECDSA, IMPLICIT, and RSA.

Referenced by Botan::TLS::Ciphersuite::sig_algo().

◆ botan_alert_category()

const BotanAlertCategory & Botan::TLS::botan_alert_category ( )
inlinenoexcept

Definition at line 85 of file asio_error.h.

86 {
87 static BotanAlertCategory category;
88 return category;
89 }
An error category for TLS alerts.
Definition: asio_error.h:72

Referenced by make_error_code().

◆ botan_stream_category()

const StreamCategory & Botan::TLS::botan_stream_category ( )
inline

Definition at line 59 of file asio_error.h.

60 {
61 static StreamCategory category;
62 return category;
63 }
An error category for errors from the TLS::Stream.
Definition: asio_error.h:40

Referenced by make_error_code().

◆ check_tls_cbc_padding()

BOTAN_TEST_API uint16_t Botan::TLS::check_tls_cbc_padding ( const uint8_t  record[],
size_t  record_len 
)

Check the TLS padding of a record

Parameters
recordthe record bits
record_lenlength of record
Returns
0 if padding is invalid, otherwise padding_bytes + 1

Definition at line 243 of file tls_cbc.cpp.

244 {
245 if(record_len == 0 || record_len > 0xFFFF)
246 return 0;
247
248 const uint16_t rec16 = static_cast<uint16_t>(record_len);
249
250 /*
251 * TLS v1.0 and up require all the padding bytes be the same value
252 * and allows up to 255 bytes.
253 */
254
255 const uint16_t to_check = std::min<uint16_t>(256, static_cast<uint16_t>(record_len));
256 const uint8_t pad_byte = record[record_len-1];
257 const uint16_t pad_bytes = 1 + pad_byte;
258
259 auto pad_invalid = CT::Mask<uint16_t>::is_lt(rec16, pad_bytes);
260
261 for(uint16_t i = rec16 - to_check; i != rec16; ++i)
262 {
263 const uint16_t offset = rec16 - i;
264 const auto in_pad_range = CT::Mask<uint16_t>::is_lte(offset, pad_bytes);
265 const auto pad_correct = CT::Mask<uint16_t>::is_equal(record[i], pad_byte);
266 pad_invalid |= in_pad_range & ~pad_correct;
267 }
268
269 return pad_invalid.if_not_set_return(pad_bytes);
270 }

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_lt(), and Botan::CT::Mask< T >::is_lte().

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

◆ group_param_from_string()

Group_Params Botan::TLS::group_param_from_string ( const std::string &  group_name)

Definition at line 124 of file tls_algos.cpp.

125 {
126 if(group_name == "secp256r1")
127 return Group_Params::SECP256R1;
128 if(group_name == "secp384r1")
129 return Group_Params::SECP384R1;
130 if(group_name == "secp521r1")
131 return Group_Params::SECP521R1;
132 if(group_name == "brainpool256r1")
133 return Group_Params::BRAINPOOL256R1;
134 if(group_name == "brainpool384r1")
135 return Group_Params::BRAINPOOL384R1;
136 if(group_name == "brainpool512r1")
137 return Group_Params::BRAINPOOL512R1;
138 if(group_name == "x25519")
139 return Group_Params::X25519;
140
141 if(group_name == "ffdhe/ietf/2048")
142 return Group_Params::FFDHE_2048;
143 if(group_name == "ffdhe/ietf/3072")
144 return Group_Params::FFDHE_3072;
145 if(group_name == "ffdhe/ietf/4096")
146 return Group_Params::FFDHE_4096;
147 if(group_name == "ffdhe/ietf/6144")
148 return Group_Params::FFDHE_6144;
149 if(group_name == "ffdhe/ietf/8192")
150 return Group_Params::FFDHE_8192;
151
152 return Group_Params::NONE; // unknown
153 }

References BRAINPOOL256R1, BRAINPOOL384R1, BRAINPOOL512R1, FFDHE_2048, FFDHE_3072, FFDHE_4096, FFDHE_6144, FFDHE_8192, NONE, SECP256R1, SECP384R1, SECP521R1, and X25519.

Referenced by Botan::TLS::Text_Policy::key_exchange_groups().

◆ group_param_is_dh()

bool Botan::TLS::group_param_is_dh ( Group_Params  group)

Definition at line 118 of file tls_algos.cpp.

119 {
120 uint16_t group_id = static_cast<uint16_t>(group);
121 return (group_id >= 256 && group_id < 512);
122 }

Referenced by Botan::TLS::Policy::default_dh_group(), Botan::TLS::Supported_Groups::dh_groups(), Botan::TLS::Supported_Groups::ec_groups(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ group_param_to_string()

std::string Botan::TLS::group_param_to_string ( Group_Params  group)

Definition at line 155 of file tls_algos.cpp.

156 {
157 switch(group)
158 {
159 case Group_Params::SECP256R1:
160 return "secp256r1";
161 case Group_Params::SECP384R1:
162 return "secp384r1";
163 case Group_Params::SECP521R1:
164 return "secp521r1";
165 case Group_Params::BRAINPOOL256R1:
166 return "brainpool256r1";
167 case Group_Params::BRAINPOOL384R1:
168 return "brainpool384r1";
169 case Group_Params::BRAINPOOL512R1:
170 return "brainpool512r1";
171 case Group_Params::X25519:
172 return "x25519";
173
174 case Group_Params::FFDHE_2048:
175 return "ffdhe/ietf/2048";
176 case Group_Params::FFDHE_3072:
177 return "ffdhe/ietf/3072";
178 case Group_Params::FFDHE_4096:
179 return "ffdhe/ietf/4096";
180 case Group_Params::FFDHE_6144:
181 return "ffdhe/ietf/6144";
182 case Group_Params::FFDHE_8192:
183 return "ffdhe/ietf/8192";
184
185 default:
186 return "";
187 }
188 }

References BRAINPOOL256R1, BRAINPOOL384R1, BRAINPOOL512R1, FFDHE_2048, FFDHE_3072, FFDHE_4096, FFDHE_6144, FFDHE_8192, SECP256R1, SECP384R1, SECP521R1, and X25519.

Referenced by Botan::TLS::Callbacks::tls_decode_group_param().

◆ handshake_type_to_string()

const char * Botan::TLS::handshake_type_to_string ( Handshake_Type  type)

Definition at line 24 of file tls_handshake_state.cpp.

25 {
26 switch(type)
27 {
29 return "hello_verify_request";
30
31 case HELLO_REQUEST:
32 return "hello_request";
33
34 case CLIENT_HELLO:
35 return "client_hello";
36
37 case SERVER_HELLO:
38 return "server_hello";
39
40 case CERTIFICATE:
41 return "certificate";
42
43 case CERTIFICATE_URL:
44 return "certificate_url";
45
47 return "certificate_status";
48
49 case SERVER_KEX:
50 return "server_key_exchange";
51
53 return "certificate_request";
54
56 return "server_hello_done";
57
59 return "certificate_verify";
60
61 case CLIENT_KEX:
62 return "client_key_exchange";
63
65 return "new_session_ticket";
66
67 case HANDSHAKE_CCS:
68 return "change_cipher_spec";
69
70 case FINISHED:
71 return "finished";
72
73 case HANDSHAKE_NONE:
74 return "invalid";
75 }
76
77 throw TLS_Exception(Alert::UNEXPECTED_MESSAGE,
78 "Unknown TLS handshake message type " + std::to_string(type));
79 }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
MechanismType type

References CERTIFICATE, CERTIFICATE_REQUEST, CERTIFICATE_STATUS, CERTIFICATE_URL, CERTIFICATE_VERIFY, CLIENT_HELLO, CLIENT_KEX, FINISHED, HANDSHAKE_CCS, HANDSHAKE_NONE, HELLO_REQUEST, HELLO_VERIFY_REQUEST, NEW_SESSION_TICKET, SERVER_HELLO, SERVER_HELLO_DONE, SERVER_KEX, Botan::ASN1::to_string(), type, and Botan::TLS::Alert::UNEXPECTED_MESSAGE.

Referenced by Botan::TLS::Handshake_State::confirm_transition_to(), and Botan::TLS::Handshake_Message::type_string().

◆ hash_function_of_scheme()

std::string BOTAN_UNSTABLE_API Botan::TLS::hash_function_of_scheme ( Signature_Scheme  scheme)

Definition at line 191 of file tls_algos.cpp.

192 {
193 switch(scheme)
194 {
195 case Signature_Scheme::DSA_SHA1:
196 case Signature_Scheme::ECDSA_SHA1:
197 case Signature_Scheme::RSA_PKCS1_SHA1:
198 return "SHA-1";
199
200 case Signature_Scheme::DSA_SHA256:
201 case Signature_Scheme::ECDSA_SHA256:
202 case Signature_Scheme::RSA_PKCS1_SHA256:
203 case Signature_Scheme::RSA_PSS_SHA256:
204 return "SHA-256";
205
206 case Signature_Scheme::DSA_SHA384:
207 case Signature_Scheme::ECDSA_SHA384:
208 case Signature_Scheme::RSA_PKCS1_SHA384:
209 case Signature_Scheme::RSA_PSS_SHA384:
210 return "SHA-384";
211
212 case Signature_Scheme::DSA_SHA512:
213 case Signature_Scheme::ECDSA_SHA512:
214 case Signature_Scheme::RSA_PKCS1_SHA512:
215 case Signature_Scheme::RSA_PSS_SHA512:
216 return "SHA-512";
217
218 case Signature_Scheme::EDDSA_25519:
219 case Signature_Scheme::EDDSA_448:
220 return "Pure";
221
223 return "";
224 }
225
226 throw Invalid_State("hash_function_of_scheme: Unknown signature algorithm enum");
227 }

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, NONE, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ kdf_algo_to_string()

std::string BOTAN_DLL Botan::TLS::kdf_algo_to_string ( KDF_Algo  algo)

Definition at line 14 of file tls_algos.cpp.

15 {
16 switch(algo)
17 {
18 case KDF_Algo::SHA_1:
19 return "SHA-1";
20 case KDF_Algo::SHA_256:
21 return "SHA-256";
22 case KDF_Algo::SHA_384:
23 return "SHA-384";
24 }
25
26 throw Invalid_State("kdf_algo_to_string unknown enum value");
27 }

References SHA_1, SHA_256, and SHA_384.

Referenced by Botan::TLS::Ciphersuite::prf_algo().

◆ kex_method_from_string()

Kex_Algo BOTAN_TEST_API Botan::TLS::kex_method_from_string ( const std::string &  str)

Definition at line 54 of file tls_algos.cpp.

55 {
56 if(str == "RSA")
57 return Kex_Algo::STATIC_RSA;
58
59 if(str == "DH")
60 return Kex_Algo::DH;
61
62 if(str == "ECDH")
63 return Kex_Algo::ECDH;
64
65 if(str == "CECPQ1")
66 return Kex_Algo::CECPQ1;
67
68 if(str == "SRP_SHA")
69 return Kex_Algo::SRP_SHA;
70
71 if(str == "PSK")
72 return Kex_Algo::PSK;
73
74 if(str == "DHE_PSK")
75 return Kex_Algo::DHE_PSK;
76
77 if(str == "ECDHE_PSK")
78 return Kex_Algo::ECDHE_PSK;
79
80 throw Invalid_Argument("Unknown kex method " + str);
81 }

References CECPQ1, DH, DHE_PSK, ECDH, ECDHE_PSK, PSK, SRP_SHA, and STATIC_RSA.

◆ kex_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::kex_method_to_string ( Kex_Algo  method)

Definition at line 29 of file tls_algos.cpp.

30 {
31 switch(method)
32 {
33 case Kex_Algo::STATIC_RSA:
34 return "RSA";
35 case Kex_Algo::DH:
36 return "DH";
37 case Kex_Algo::ECDH:
38 return "ECDH";
39 case Kex_Algo::CECPQ1:
40 return "CECPQ1";
41 case Kex_Algo::SRP_SHA:
42 return "SRP_SHA";
43 case Kex_Algo::PSK:
44 return "PSK";
45 case Kex_Algo::DHE_PSK:
46 return "DHE_PSK";
47 case Kex_Algo::ECDHE_PSK:
48 return "ECDHE_PSK";
49 }
50
51 throw Invalid_State("kex_method_to_string unknown enum value");
52 }

References CECPQ1, DH, DHE_PSK, ECDH, ECDHE_PSK, PSK, SRP_SHA, and STATIC_RSA.

Referenced by Botan::TLS::Ciphersuite::kex_algo(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ key_exchange_is_psk()

bool Botan::TLS::key_exchange_is_psk ( Kex_Algo  m)
inline

Definition at line 160 of file tls_algos.h.

161 {
162 return (m == Kex_Algo::PSK ||
163 m == Kex_Algo::DHE_PSK ||
164 m == Kex_Algo::ECDHE_PSK);
165 }

References DHE_PSK, ECDHE_PSK, and PSK.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ make_error_code() [1/2]

boost::system::error_code Botan::TLS::make_error_code ( Botan::TLS::Alert::Type  c)
inline

Definition at line 91 of file asio_error.h.

92 {
93 return boost::system::error_code(static_cast<int>(c), Botan::TLS::botan_alert_category());
94 }
const BotanAlertCategory & botan_alert_category() noexcept
Definition: asio_error.h:85

References botan_alert_category().

◆ make_error_code() [2/2]

boost::system::error_code Botan::TLS::make_error_code ( Botan::TLS::StreamError  e)
inline

Definition at line 65 of file asio_error.h.

66 {
67 return boost::system::error_code(static_cast<int>(e), Botan::TLS::botan_stream_category());
68 }
const StreamCategory & botan_stream_category()
Definition: asio_error.h:59

References botan_stream_category().

◆ make_hello_random()

std::vector< uint8_t > Botan::TLS::make_hello_random ( RandomNumberGenerator rng,
const Policy policy 
)

Definition at line 33 of file msg_client_hello.cpp.

35 {
36 std::vector<uint8_t> buf(32);
37 rng.randomize(buf.data(), buf.size());
38
39 std::unique_ptr<HashFunction> sha256 = HashFunction::create_or_throw("SHA-256");
40 sha256->update(buf);
41 sha256->final(buf);
42
44 {
45 const uint32_t time32 = static_cast<uint32_t>(
46 std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));
47
48 store_be(time32, buf.data());
49 }
50
51 return buf;
52 }
virtual void randomize(uint8_t output[], size_t length)=0
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:340
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:438

References Botan::HashFunction::create_or_throw(), Botan::TLS::Policy::include_time_in_hello_random(), Botan::RandomNumberGenerator::randomize(), and Botan::store_be().

◆ operator!=()

bool Botan::TLS::operator!= ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 84 of file tls_server_info.h.

85 {
86 return !(a == b);
87 }

◆ operator<()

bool Botan::TLS::operator< ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 89 of file tls_server_info.h.

90 {
91 if(a.hostname() != b.hostname())
92 return (a.hostname() < b.hostname());
93 if(a.service() != b.service())
94 return (a.service() < b.service());
95 if(a.port() != b.port())
96 return (a.port() < b.port());
97 return false; // equal
98 }
std::string hostname() const

References Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

◆ operator==()

bool Botan::TLS::operator== ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 76 of file tls_server_info.h.

77 {
78 return (a.hostname() == b.hostname()) &&
79 (a.service() == b.service()) &&
80 (a.port() == b.port());
81
82 }

References Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

◆ padding_string_for_scheme()

std::string BOTAN_UNSTABLE_API Botan::TLS::padding_string_for_scheme ( Signature_Scheme  scheme)

Definition at line 379 of file tls_algos.cpp.

380 {
381 switch(scheme)
382 {
383 case Signature_Scheme::RSA_PKCS1_SHA1:
384 return "EMSA_PKCS1(SHA-1)";
385 case Signature_Scheme::RSA_PKCS1_SHA256:
386 return "EMSA_PKCS1(SHA-256)";
387 case Signature_Scheme::RSA_PKCS1_SHA384:
388 return "EMSA_PKCS1(SHA-384)";
389 case Signature_Scheme::RSA_PKCS1_SHA512:
390 return "EMSA_PKCS1(SHA-512)";
391
392 case Signature_Scheme::DSA_SHA1:
393 case Signature_Scheme::ECDSA_SHA1:
394 return "EMSA1(SHA-1)";
395 case Signature_Scheme::DSA_SHA256:
396 case Signature_Scheme::ECDSA_SHA256:
397 return "EMSA1(SHA-256)";
398 case Signature_Scheme::DSA_SHA384:
399 case Signature_Scheme::ECDSA_SHA384:
400 return "EMSA1(SHA-384)";
401 case Signature_Scheme::DSA_SHA512:
402 case Signature_Scheme::ECDSA_SHA512:
403 return "EMSA1(SHA-512)";
404
405 case Signature_Scheme::RSA_PSS_SHA256:
406 return "PSSR(SHA-256,MGF1,32)";
407 case Signature_Scheme::RSA_PSS_SHA384:
408 return "PSSR(SHA-384,MGF1,48)";
409 case Signature_Scheme::RSA_PSS_SHA512:
410 return "PSSR(SHA-512,MGF1,64)";
411
412 case Signature_Scheme::EDDSA_25519:
413 return "Pure";
414 case Signature_Scheme::EDDSA_448:
415 return "Pure";
416
418 return "";
419 }
420
421 throw Invalid_State("padding_string_for_scheme: Unknown signature algorithm enum");
422 }

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, NONE, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ read_record()

Record_Header Botan::TLS::read_record ( bool  is_datagram,
secure_vector< uint8_t > &  read_buffer,
const uint8_t  input[],
size_t  input_len,
size_t &  consumed,
secure_vector< uint8_t > &  record_buf,
Connection_Sequence_Numbers sequence_numbers,
get_cipherstate_fn  get_cipherstate,
bool  allow_epoch0_restart 
)

Decode a TLS record

Returns
zero if full message, else number of bytes still needed

Definition at line 514 of file tls_record.cpp.

523 {
524 if(is_datagram)
525 return read_dtls_record(readbuf, input, input_len, consumed,
526 recbuf, sequence_numbers, get_cipherstate, allow_epoch0_restart);
527 else
528 return read_tls_record(readbuf, input, input_len, consumed,
529 recbuf, sequence_numbers, get_cipherstate);
530 }

Referenced by Botan::TLS::Channel::received_data().

◆ sig_scheme_to_string()

std::string BOTAN_UNSTABLE_API Botan::TLS::sig_scheme_to_string ( Signature_Scheme  scheme)

Definition at line 329 of file tls_algos.cpp.

330 {
331 switch(scheme)
332 {
333 case Signature_Scheme::RSA_PKCS1_SHA1:
334 return "RSA_PKCS1_SHA1";
335 case Signature_Scheme::RSA_PKCS1_SHA256:
336 return "RSA_PKCS1_SHA256";
337 case Signature_Scheme::RSA_PKCS1_SHA384:
338 return "RSA_PKCS1_SHA384";
339 case Signature_Scheme::RSA_PKCS1_SHA512:
340 return "RSA_PKCS1_SHA512";
341
342 case Signature_Scheme::DSA_SHA1:
343 return "DSA_SHA1";
344 case Signature_Scheme::DSA_SHA256:
345 return "DSA_SHA256";
346 case Signature_Scheme::DSA_SHA384:
347 return "DSA_SHA384";
348 case Signature_Scheme::DSA_SHA512:
349 return "DSA_SHA512";
350
351 case Signature_Scheme::ECDSA_SHA1:
352 return "ECDSA_SHA1";
353 case Signature_Scheme::ECDSA_SHA256:
354 return "ECDSA_SHA256";
355 case Signature_Scheme::ECDSA_SHA384:
356 return "ECDSA_SHA384";
357 case Signature_Scheme::ECDSA_SHA512:
358 return "ECDSA_SHA512";
359
360 case Signature_Scheme::RSA_PSS_SHA256:
361 return "RSA_PSS_SHA256";
362 case Signature_Scheme::RSA_PSS_SHA384:
363 return "RSA_PSS_SHA384";
364 case Signature_Scheme::RSA_PSS_SHA512:
365 return "RSA_PSS_SHA512";
366
367 case Signature_Scheme::EDDSA_25519:
368 return "EDDSA_25519";
369 case Signature_Scheme::EDDSA_448:
370 return "EDDSA_448";
371
373 return "";
374 }
375
376 throw Invalid_State("sig_scheme_to_string: Unknown signature algorithm enum");
377 }

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, NONE, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

◆ signature_algorithm_of_scheme()

std::string Botan::TLS::signature_algorithm_of_scheme ( Signature_Scheme  scheme)

Definition at line 291 of file tls_algos.cpp.

292 {
293 switch(scheme)
294 {
295 case Signature_Scheme::RSA_PKCS1_SHA1:
296 case Signature_Scheme::RSA_PKCS1_SHA256:
297 case Signature_Scheme::RSA_PKCS1_SHA384:
298 case Signature_Scheme::RSA_PKCS1_SHA512:
299 case Signature_Scheme::RSA_PSS_SHA256:
300 case Signature_Scheme::RSA_PSS_SHA384:
301 case Signature_Scheme::RSA_PSS_SHA512:
302 return "RSA";
303
304 case Signature_Scheme::DSA_SHA1:
305 case Signature_Scheme::DSA_SHA256:
306 case Signature_Scheme::DSA_SHA384:
307 case Signature_Scheme::DSA_SHA512:
308 return "DSA";
309
310 case Signature_Scheme::ECDSA_SHA1:
311 case Signature_Scheme::ECDSA_SHA256:
312 case Signature_Scheme::ECDSA_SHA384:
313 case Signature_Scheme::ECDSA_SHA512:
314 return "ECDSA";
315
316 case Signature_Scheme::EDDSA_25519:
317 return "Ed25519";
318
319 case Signature_Scheme::EDDSA_448:
320 return "Ed448";
321
323 return "";
324 }
325
326 throw Invalid_State("signature_algorithm_of_scheme: Unknown signature algorithm enum");
327 }

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, NONE, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ signature_scheme_is_known()

bool BOTAN_UNSTABLE_API Botan::TLS::signature_scheme_is_known ( Signature_Scheme  scheme)

Definition at line 262 of file tls_algos.cpp.

263 {
264 switch(scheme)
265 {
266 case Signature_Scheme::RSA_PKCS1_SHA1:
267 case Signature_Scheme::RSA_PKCS1_SHA256:
268 case Signature_Scheme::RSA_PKCS1_SHA384:
269 case Signature_Scheme::RSA_PKCS1_SHA512:
270 case Signature_Scheme::RSA_PSS_SHA256:
271 case Signature_Scheme::RSA_PSS_SHA384:
272 case Signature_Scheme::RSA_PSS_SHA512:
273
274 case Signature_Scheme::DSA_SHA1:
275 case Signature_Scheme::DSA_SHA256:
276 case Signature_Scheme::DSA_SHA384:
277 case Signature_Scheme::DSA_SHA512:
278
279 case Signature_Scheme::ECDSA_SHA1:
280 case Signature_Scheme::ECDSA_SHA256:
281 case Signature_Scheme::ECDSA_SHA384:
282 case Signature_Scheme::ECDSA_SHA512:
283 return true;
284
285 default:
286 return false;
287 }
288
289 }

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ write_record()

void Botan::TLS::write_record ( secure_vector< uint8_t > &  write_buffer,
uint8_t  record_type,
Protocol_Version  record_version,
uint64_t  record_sequence,
const uint8_t *  message,
size_t  message_len,
Connection_Cipher_State cipherstate,
RandomNumberGenerator rng 
)

Create a TLS record

Parameters
write_bufferthe output record is placed here
record_typethe record layer type
record_versionthe record layer version
record_sequencethe record layer sequence number
messagethe record contents
message_lenis size of message
cipherstateis the writing cipher state
rngis a random number generator

Definition at line 224 of file tls_record.cpp.

232 {
233 write_record_header(output, record_type, version, record_sequence);
234
235 AEAD_Mode& aead = cs.aead();
236 std::vector<uint8_t> aad = cs.format_ad(record_sequence, record_type, version, static_cast<uint16_t>(message_len));
237
238 const size_t ctext_size = aead.output_length(message_len);
239
240 const size_t rec_size = ctext_size + cs.nonce_bytes_from_record();
241
242 aead.set_ad(aad);
243
244 const std::vector<uint8_t> nonce = cs.aead_nonce(record_sequence, rng);
245
246 append_u16_len(output, rec_size);
247
248 if(cs.nonce_bytes_from_record() > 0)
249 {
250 if(cs.nonce_format() == Nonce_Format::CBC_MODE)
251 output += nonce;
252 else
253 output += std::make_pair(&nonce[cs.nonce_bytes_from_handshake()], cs.nonce_bytes_from_record());
254 }
255
256 const size_t header_size = output.size();
257 output += std::make_pair(message, message_len);
258
259 aead.start(nonce);
260 aead.finish(output, header_size);
261
262 BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE,
263 "Produced ciphertext larger than protocol allows");
264 }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55
void set_ad(const std::vector< uint8_t, Alloc > &ad)
Definition: aead.h:121
void start(const std::vector< uint8_t, Alloc > &nonce)
Definition: cipher_mode.h:69
virtual size_t output_length(size_t input_length) const =0
virtual void finish(secure_vector< uint8_t > &final_block, size_t offset=0)=0

References Botan::TLS::Connection_Cipher_State::aead(), Botan::TLS::Connection_Cipher_State::aead_nonce(), BOTAN_ASSERT, CBC_MODE, Botan::Cipher_Mode::finish(), Botan::TLS::Connection_Cipher_State::format_ad(), MAX_CIPHERTEXT_SIZE, Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake(), Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record(), Botan::TLS::Connection_Cipher_State::nonce_format(), Botan::Cipher_Mode::output_length(), Botan::AEAD_Mode::set_ad(), and Botan::Cipher_Mode::start().

◆ write_unencrypted_record()

void Botan::TLS::write_unencrypted_record ( secure_vector< uint8_t > &  write_buffer,
uint8_t  record_type,
Protocol_Version  record_version,
uint64_t  record_sequence,
const uint8_t *  message,
size_t  message_len 
)

Create an initial (unencrypted) TLS handshake record

Parameters
write_bufferthe output record is placed here
record_typethe record layer type
record_versionthe record layer version
record_sequencethe record layer sequence number
messagethe record contents
message_lenis size of message

Definition at line 210 of file tls_record.cpp.

216 {
217 if(record_type == APPLICATION_DATA)
218 throw Internal_Error("Writing an unencrypted TLS application data record");
219 write_record_header(output, record_type, version, record_sequence);
220 append_u16_len(output, message_len);
221 output.insert(output.end(), message, message + message_len);
222 }

References APPLICATION_DATA.