Botan  2.6.0
Crypto and TLS for C++11
Classes | Typedefs | Enumerations | Functions
Botan::TLS Namespace Reference

Classes

class  Alert
 
class  Application_Layer_Protocol_Notification
 
class  Blocking_Client
 
class  BSI_TR_02102_2
 
class  Callbacks
 
class  Certificate
 
class  Certificate_Req
 
class  Certificate_Status
 
class  Certificate_Status_Request
 
class  Certificate_Verify
 
class  Change_Cipher_Spec
 
class  Channel
 
class  Ciphersuite
 
class  Client
 
class  Client_Hello
 
class  Client_Key_Exchange
 
class  Compat_Callbacks
 
class  Connection_Cipher_State
 
class  Connection_Sequence_Numbers
 
class  Datagram_Handshake_IO
 
class  Datagram_Policy
 
class  Datagram_Sequence_Numbers
 
class  Encrypt_then_MAC
 
class  Extended_Master_Secret
 
class  Extension
 
class  Extensions
 
class  Finished
 
class  Handshake_Hash
 
class  Handshake_IO
 
class  Handshake_Message
 
class  Handshake_State
 
class  Hello_Request
 
class  Hello_Verify_Request
 
class  New_Session_Ticket
 
class  NSA_Suite_B_128
 
class  Policy
 
class  Protocol_Version
 
class  Record
 
class  Record_Message
 
class  Record_Raw_Input
 
class  Renegotiation_Extension
 
class  Server
 
class  Server_Hello
 
class  Server_Hello_Done
 
class  Server_Information
 
class  Server_Key_Exchange
 
class  Server_Name_Indicator
 
class  Session
 
class  Session_Keys
 
class  Session_Manager
 
class  Session_Manager_In_Memory
 
class  Session_Manager_Noop
 
class  Session_Manager_SQL
 
class  Session_Manager_SQLite
 
class  Session_Ticket
 
class  Signature_Algorithms
 
class  SRTP_Protection_Profiles
 
class  Stream_Handshake_IO
 
class  Stream_Sequence_Numbers
 
class  Strict_Policy
 
class  Supported_Groups
 
class  Supported_Point_Formats
 
class  Text_Policy
 
class  TLS_CBC_HMAC_AEAD_Decryption
 
class  TLS_CBC_HMAC_AEAD_Encryption
 
class  TLS_CBC_HMAC_AEAD_Mode
 
class  TLS_Data_Reader
 
class  TLS_Exception
 
class  Unexpected_Message
 
class  Unknown_Extension
 

Typedefs

typedef Policy Default_Policy
 
typedef std::function< std::shared_ptr< Connection_Cipher_State >uint16_t)> get_cipherstate_fn
 

Enumerations

enum  { TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF, TLS_FALLBACK_SCSV = 0x5600 }
 
enum  Auth_Method {
  Auth_Method::RSA, Auth_Method::DSA, Auth_Method::ECDSA, Auth_Method::IMPLICIT = 0x10000,
  Auth_Method::ANONYMOUS
}
 
enum  Cipher_Algo {
  Cipher_Algo::CHACHA20_POLY1305, Cipher_Algo::AES_128_CBC_HMAC_SHA1 = 100, Cipher_Algo::AES_128_CBC_HMAC_SHA256, Cipher_Algo::AES_128_CCM,
  Cipher_Algo::AES_128_CCM_8, Cipher_Algo::AES_128_GCM, Cipher_Algo::AES_128_OCB, Cipher_Algo::AES_256_CBC_HMAC_SHA1 = 200,
  Cipher_Algo::AES_256_CBC_HMAC_SHA256, Cipher_Algo::AES_256_CBC_HMAC_SHA384, Cipher_Algo::AES_256_CCM, Cipher_Algo::AES_256_CCM_8,
  Cipher_Algo::AES_256_GCM, Cipher_Algo::AES_256_OCB, Cipher_Algo::CAMELLIA_128_CBC_HMAC_SHA1 = 300, Cipher_Algo::CAMELLIA_128_CBC_HMAC_SHA256,
  Cipher_Algo::CAMELLIA_128_GCM, Cipher_Algo::CAMELLIA_256_CBC_HMAC_SHA1 = 400, Cipher_Algo::CAMELLIA_256_CBC_HMAC_SHA256, Cipher_Algo::CAMELLIA_256_CBC_HMAC_SHA384,
  Cipher_Algo::CAMELLIA_256_GCM, Cipher_Algo::ARIA_128_GCM = 500, Cipher_Algo::ARIA_256_GCM, Cipher_Algo::DES_EDE_CBC_HMAC_SHA1 = 1000,
  Cipher_Algo::SEED_CBC_HMAC_SHA1
}
 
enum  Connection_Side { CLIENT = 1, SERVER = 2 }
 
enum  Group_Params : uint16_t {
  Group_Params::NONE = 0, Group_Params::SECP256R1 = 23, Group_Params::SECP384R1 = 24, Group_Params::SECP521R1 = 25,
  Group_Params::BRAINPOOL256R1 = 26, Group_Params::BRAINPOOL384R1 = 27, Group_Params::BRAINPOOL512R1 = 28, Group_Params::X25519 = 29,
  Group_Params::FFDHE_2048 = 256, Group_Params::FFDHE_3072 = 257, Group_Params::FFDHE_4096 = 258, Group_Params::FFDHE_6144 = 259,
  Group_Params::FFDHE_8192 = 260
}
 
enum  Handshake_Extension_Type {
  TLSEXT_SERVER_NAME_INDICATION = 0, TLSEXT_CERT_STATUS_REQUEST = 5, TLSEXT_CERTIFICATE_TYPES = 9, TLSEXT_SUPPORTED_GROUPS = 10,
  TLSEXT_EC_POINT_FORMATS = 11, TLSEXT_SRP_IDENTIFIER = 12, TLSEXT_SIGNATURE_ALGORITHMS = 13, TLSEXT_USE_SRTP = 14,
  TLSEXT_ALPN = 16, TLSEXT_ENCRYPT_THEN_MAC = 22, TLSEXT_EXTENDED_MASTER_SECRET = 23, TLSEXT_SESSION_TICKET = 35,
  TLSEXT_SAFE_RENEGOTIATION = 65281
}
 
enum  Handshake_Type {
  HELLO_REQUEST = 0, CLIENT_HELLO = 1, SERVER_HELLO = 2, HELLO_VERIFY_REQUEST = 3,
  NEW_SESSION_TICKET = 4, CERTIFICATE = 11, SERVER_KEX = 12, CERTIFICATE_REQUEST = 13,
  SERVER_HELLO_DONE = 14, CERTIFICATE_VERIFY = 15, CLIENT_KEX = 16, FINISHED = 20,
  CERTIFICATE_URL = 21, CERTIFICATE_STATUS = 22, HANDSHAKE_CCS = 254, HANDSHAKE_NONE = 255
}
 
enum  KDF_Algo { KDF_Algo::SHA_1, KDF_Algo::SHA_256, KDF_Algo::SHA_384 }
 
enum  Kex_Algo {
  Kex_Algo::STATIC_RSA, Kex_Algo::DH, Kex_Algo::ECDH, Kex_Algo::CECPQ1,
  Kex_Algo::SRP_SHA, Kex_Algo::PSK, Kex_Algo::DHE_PSK, Kex_Algo::ECDHE_PSK
}
 
enum  Nonce_Format { Nonce_Format::CBC_MODE, Nonce_Format::AEAD_IMPLICIT_4, Nonce_Format::AEAD_XOR_12 }
 
enum  Record_Type {
  CHANGE_CIPHER_SPEC = 20, ALERT = 21, HANDSHAKE = 22, APPLICATION_DATA = 23,
  NO_RECORD = 256
}
 
enum  Signature_Scheme : uint16_t {
  Signature_Scheme::NONE = 0x0000, Signature_Scheme::RSA_PKCS1_SHA1 = 0x0201, Signature_Scheme::RSA_PKCS1_SHA256 = 0x0401, Signature_Scheme::RSA_PKCS1_SHA384 = 0x0501,
  Signature_Scheme::RSA_PKCS1_SHA512 = 0x0601, Signature_Scheme::DSA_SHA1 = 0x0202, Signature_Scheme::DSA_SHA256 = 0x0402, Signature_Scheme::DSA_SHA384 = 0x0502,
  Signature_Scheme::DSA_SHA512 = 0x0602, Signature_Scheme::ECDSA_SHA1 = 0x0203, Signature_Scheme::ECDSA_SHA256 = 0x0403, Signature_Scheme::ECDSA_SHA384 = 0x0503,
  Signature_Scheme::ECDSA_SHA512 = 0x0603, Signature_Scheme::RSA_PSS_SHA256 = 0x0804, Signature_Scheme::RSA_PSS_SHA384 = 0x0805, Signature_Scheme::RSA_PSS_SHA512 = 0x0806,
  Signature_Scheme::EDDSA_25519 = 0x0807, Signature_Scheme::EDDSA_448 = 0x0808
}
 
enum  Size_Limits {
  TLS_HEADER_SIZE = 5, DTLS_HEADER_SIZE = TLS_HEADER_SIZE + 8, MAX_PLAINTEXT_SIZE = 16*1024, MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024,
  MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024
}
 

Functions

const std::vector< Signature_Scheme > & all_signature_schemes ()
 
template<typename T , typename Alloc >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
 
template<typename T , typename Alloc , typename Alloc2 >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::vector< T, Alloc2 > &vals, size_t tag_size)
 
template<typename Alloc >
void append_tls_length_value (std::vector< uint8_t, Alloc > &buf, const std::string &str, size_t tag_size)
 
Auth_Method auth_method_from_string (const std::string &str)
 
std::string auth_method_to_string (Auth_Method method)
 
uint16_t check_tls_cbc_padding (const uint8_t record[], size_t record_len)
 
Group_Params group_param_from_string (const std::string &group_name)
 
bool group_param_is_dh (Group_Params group)
 
std::string group_param_to_string (Group_Params group)
 
const char * handshake_type_to_string (Handshake_Type type)
 
std::string hash_function_of_scheme (Signature_Scheme scheme)
 
std::string kdf_algo_to_string (KDF_Algo algo)
 
Kex_Algo kex_method_from_string (const std::string &str)
 
std::string kex_method_to_string (Kex_Algo method)
 
bool key_exchange_is_psk (Kex_Algo m)
 
std::vector< uint8_t > make_hello_random (RandomNumberGenerator &rng, const Policy &policy)
 
bool operator!= (const Server_Information &a, const Server_Information &b)
 
bool operator< (const Server_Information &a, const Server_Information &b)
 
bool operator== (const Server_Information &a, const Server_Information &b)
 
std::string padding_string_for_scheme (Signature_Scheme scheme)
 
size_t read_record (secure_vector< uint8_t > &readbuf, Record_Raw_Input &raw_input, Record &rec, Connection_Sequence_Numbers *sequence_numbers, get_cipherstate_fn get_cipherstate)
 
std::string sig_scheme_to_string (Signature_Scheme scheme)
 
std::string signature_algorithm_of_scheme (Signature_Scheme scheme)
 
bool signature_scheme_is_known (Signature_Scheme scheme)
 
void write_record (secure_vector< uint8_t > &output, Record_Message msg, Protocol_Version version, uint64_t seq, Connection_Cipher_State *cs, RandomNumberGenerator &rng)
 

Typedef Documentation

◆ Default_Policy

Definition at line 309 of file tls_policy.h.

◆ get_cipherstate_fn

typedef std::function<std::shared_ptr<Connection_Cipher_State>uint16_t)> Botan::TLS::get_cipherstate_fn

Definition at line 167 of file tls_record.h.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
TLS_EMPTY_RENEGOTIATION_INFO_SCSV 
TLS_FALLBACK_SCSV 

Definition at line 28 of file msg_client_hello.cpp.

◆ Auth_Method

Enumerator
RSA 
DSA 
ECDSA 
IMPLICIT 
ANONYMOUS 

Definition at line 68 of file tls_algos.h.

68  {
69  RSA,
70  DSA,
71  ECDSA,
72 
73  // These are placed outside the encodable range
74  IMPLICIT = 0x10000,
75  ANONYMOUS
76 };

◆ Cipher_Algo

Enumerator
CHACHA20_POLY1305 
AES_128_CBC_HMAC_SHA1 
AES_128_CBC_HMAC_SHA256 
AES_128_CCM 
AES_128_CCM_8 
AES_128_GCM 
AES_128_OCB 
AES_256_CBC_HMAC_SHA1 
AES_256_CBC_HMAC_SHA256 
AES_256_CBC_HMAC_SHA384 
AES_256_CCM 
AES_256_CCM_8 
AES_256_GCM 
AES_256_OCB 
CAMELLIA_128_CBC_HMAC_SHA1 
CAMELLIA_128_CBC_HMAC_SHA256 
CAMELLIA_128_GCM 
CAMELLIA_256_CBC_HMAC_SHA1 
CAMELLIA_256_CBC_HMAC_SHA256 
CAMELLIA_256_CBC_HMAC_SHA384 
CAMELLIA_256_GCM 
ARIA_128_GCM 
ARIA_256_GCM 
DES_EDE_CBC_HMAC_SHA1 
SEED_CBC_HMAC_SHA1 

Definition at line 18 of file tls_algos.h.

18  {
20 
27 
35 
39 
44 
45  ARIA_128_GCM = 500,
47 
48  DES_EDE_CBC_HMAC_SHA1 = 1000,
50 };

◆ Connection_Side

Enumerator
CLIENT 
SERVER 

Definition at line 27 of file tls_magic.h.

◆ Group_Params

enum Botan::TLS::Group_Params : uint16_t
strong
Enumerator
NONE 
SECP256R1 
SECP384R1 
SECP521R1 
BRAINPOOL256R1 
BRAINPOOL384R1 
BRAINPOOL512R1 
X25519 
FFDHE_2048 
FFDHE_3072 
FFDHE_4096 
FFDHE_6144 
FFDHE_8192 

Definition at line 121 of file tls_algos.h.

◆ Handshake_Extension_Type

Enumerator
TLSEXT_SERVER_NAME_INDICATION 
TLSEXT_CERT_STATUS_REQUEST 
TLSEXT_CERTIFICATE_TYPES 
TLSEXT_SUPPORTED_GROUPS 
TLSEXT_EC_POINT_FORMATS 
TLSEXT_SRP_IDENTIFIER 
TLSEXT_SIGNATURE_ALGORITHMS 
TLSEXT_USE_SRTP 
TLSEXT_ALPN 
TLSEXT_ENCRYPT_THEN_MAC 
TLSEXT_EXTENDED_MASTER_SECRET 
TLSEXT_SESSION_TICKET 
TLSEXT_SAFE_RENEGOTIATION 

Definition at line 27 of file tls_extensions.h.

◆ Handshake_Type

Enumerator
HELLO_REQUEST 
CLIENT_HELLO 
SERVER_HELLO 
HELLO_VERIFY_REQUEST 
NEW_SESSION_TICKET 
CERTIFICATE 
SERVER_KEX 
CERTIFICATE_REQUEST 
SERVER_HELLO_DONE 
CERTIFICATE_VERIFY 
CLIENT_KEX 
FINISHED 
CERTIFICATE_URL 
CERTIFICATE_STATUS 
HANDSHAKE_CCS 
HANDSHAKE_NONE 

Definition at line 38 of file tls_magic.h.

◆ KDF_Algo

enum Botan::TLS::KDF_Algo
strong
Enumerator
SHA_1 
SHA_256 
SHA_384 

Definition at line 52 of file tls_algos.h.

◆ Kex_Algo

enum Botan::TLS::Kex_Algo
strong
Enumerator
STATIC_RSA 
DH 
ECDH 
CECPQ1 
SRP_SHA 
PSK 
DHE_PSK 
ECDHE_PSK 

Definition at line 144 of file tls_algos.h.

◆ Nonce_Format

Enumerator
CBC_MODE 
AEAD_IMPLICIT_4 
AEAD_XOR_12 

Definition at line 60 of file tls_algos.h.

◆ Record_Type

Enumerator
CHANGE_CIPHER_SPEC 
ALERT 
HANDSHAKE 
APPLICATION_DATA 
NO_RECORD 

Definition at line 29 of file tls_magic.h.

◆ Signature_Scheme

enum Botan::TLS::Signature_Scheme : uint16_t
strong
Enumerator
NONE 
RSA_PKCS1_SHA1 
RSA_PKCS1_SHA256 
RSA_PKCS1_SHA384 
RSA_PKCS1_SHA512 
DSA_SHA1 
DSA_SHA256 
DSA_SHA384 
DSA_SHA512 
ECDSA_SHA1 
ECDSA_SHA256 
ECDSA_SHA384 
ECDSA_SHA512 
RSA_PSS_SHA256 
RSA_PSS_SHA384 
RSA_PSS_SHA512 
EDDSA_25519 
EDDSA_448 

Definition at line 84 of file tls_algos.h.

◆ Size_Limits

Protocol Constants for SSL/TLS

Enumerator
TLS_HEADER_SIZE 
DTLS_HEADER_SIZE 
MAX_PLAINTEXT_SIZE 
MAX_COMPRESSED_SIZE 
MAX_CIPHERTEXT_SIZE 

Definition at line 18 of file tls_magic.h.

Function Documentation

◆ all_signature_schemes()

BOTAN_UNSTABLE_API const std::vector< Signature_Scheme > & Botan::TLS::all_signature_schemes ( )

Definition at line 229 of file tls_algos.cpp.

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes().

230  {
231  /*
232  * This is ordered in some approximate order of preference
233  */
234  static const std::vector<Signature_Scheme> all_schemes = {
235  //Signature_Scheme::EDDSA_448,
236  //Signature_Scheme::EDDSA_25519,
237 
238  Signature_Scheme::RSA_PSS_SHA384,
239  Signature_Scheme::RSA_PSS_SHA256,
240  Signature_Scheme::RSA_PSS_SHA512,
241 
242  Signature_Scheme::RSA_PKCS1_SHA384,
243  Signature_Scheme::RSA_PKCS1_SHA512,
244  Signature_Scheme::RSA_PKCS1_SHA256,
245 
246  Signature_Scheme::ECDSA_SHA384,
247  Signature_Scheme::ECDSA_SHA512,
248  Signature_Scheme::ECDSA_SHA256,
249 
250  Signature_Scheme::DSA_SHA384,
251  Signature_Scheme::DSA_SHA512,
252  Signature_Scheme::DSA_SHA256,
253 
254  Signature_Scheme::RSA_PKCS1_SHA1,
255  Signature_Scheme::ECDSA_SHA1,
256  Signature_Scheme::DSA_SHA1,
257  };
258 
259  return all_schemes;
260  }

◆ append_tls_length_value() [1/3]

template<typename T , typename Alloc >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const T vals,
size_t  vals_size,
size_t  tag_size 
)

Helper function for encoding length-tagged vectors

Definition at line 185 of file tls_reader.h.

References Botan::get_byte(), and T.

Referenced by append_tls_length_value(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Renegotiation_Extension::serialize(), Botan::TLS::Application_Layer_Protocol_Notification::serialize(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

189  {
190  const size_t T_size = sizeof(T);
191  const size_t val_bytes = T_size * vals_size;
192 
193  if(tag_size != 1 && tag_size != 2)
194  throw Invalid_Argument("append_tls_length_value: invalid tag size");
195 
196  if((tag_size == 1 && val_bytes > 255) ||
197  (tag_size == 2 && val_bytes > 65535))
198  throw Invalid_Argument("append_tls_length_value: value too large");
199 
200  for(size_t i = 0; i != tag_size; ++i)
201  buf.push_back(get_byte(sizeof(val_bytes)-tag_size+i, val_bytes));
202 
203  for(size_t i = 0; i != vals_size; ++i)
204  for(size_t j = 0; j != T_size; ++j)
205  buf.push_back(get_byte(j, vals[i]));
206  }
fe T
Definition: ge.cpp:37
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39

◆ append_tls_length_value() [2/3]

template<typename T , typename Alloc , typename Alloc2 >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const std::vector< T, Alloc2 > &  vals,
size_t  tag_size 
)

Definition at line 209 of file tls_reader.h.

References append_tls_length_value().

212  {
213  append_tls_length_value(buf, vals.data(), vals.size(), tag_size);
214  }
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const std::string &str, size_t tag_size)
Definition: tls_reader.h:217

◆ append_tls_length_value() [3/3]

template<typename Alloc >
void Botan::TLS::append_tls_length_value ( std::vector< uint8_t, Alloc > &  buf,
const std::string &  str,
size_t  tag_size 
)

Definition at line 217 of file tls_reader.h.

References append_tls_length_value(), and Botan::cast_char_ptr_to_uint8().

220  {
222  cast_char_ptr_to_uint8(str.data()),
223  str.size(),
224  tag_size);
225  }
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const std::string &str, size_t tag_size)
Definition: tls_reader.h:217
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:131

◆ auth_method_from_string()

Auth_Method BOTAN_TEST_API Botan::TLS::auth_method_from_string ( const std::string &  str)

Definition at line 102 of file tls_algos.cpp.

References ANONYMOUS, DSA, ECDSA, IMPLICIT, and RSA.

103  {
104  if(str == "RSA")
105  return Auth_Method::RSA;
106  if(str == "DSA")
107  return Auth_Method::DSA;
108  if(str == "ECDSA")
109  return Auth_Method::ECDSA;
110  if(str == "IMPLICIT")
111  return Auth_Method::IMPLICIT;
112  if(str == "ANONYMOUS" || str == "")
113  return Auth_Method::ANONYMOUS;
114 
115  throw Invalid_Argument("Bad signature method " + str);
116  }

◆ auth_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::auth_method_to_string ( Auth_Method  method)

Definition at line 83 of file tls_algos.cpp.

References ANONYMOUS, DSA, ECDSA, IMPLICIT, and RSA.

Referenced by Botan::TLS::Ciphersuite::sig_algo().

84  {
85  switch(method)
86  {
87  case Auth_Method::RSA:
88  return "RSA";
89  case Auth_Method::DSA:
90  return "DSA";
91  case Auth_Method::ECDSA:
92  return "ECDSA";
93  case Auth_Method::IMPLICIT:
94  return "IMPLICIT";
95  case Auth_Method::ANONYMOUS:
96  return "ANONYMOUS";
97  }
98 
99  throw Invalid_State("auth_method_to_string unknown enum value");
100  }

◆ check_tls_cbc_padding()

BOTAN_TEST_API uint16_t Botan::TLS::check_tls_cbc_padding ( const uint8_t  record[],
size_t  record_len 
)

Check the TLS padding of a record

Parameters
recordthe record bits
record_lenlength of record
Returns
0 if padding is invalid, otherwise padding_bytes + 1

Definition at line 222 of file tls_cbc.cpp.

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

223  {
224  if(record_len == 0 || record_len > 0xFFFF)
225  return 0;
226 
227  const uint16_t rec16 = static_cast<uint16_t>(record_len);
228 
229  /*
230  * TLS v1.0 and up require all the padding bytes be the same value
231  * and allows up to 255 bytes.
232  */
233 
234  const uint16_t to_check = std::min<uint16_t>(256, record_len);
235  const uint8_t pad_byte = record[record_len-1];
236  const uint16_t pad_bytes = 1 + pad_byte;
237 
238  uint16_t pad_invalid = CT::is_less<uint16_t>(rec16, pad_bytes);
239 
240  for(uint16_t i = rec16 - to_check; i != rec16; ++i)
241  {
242  const uint16_t offset = rec16 - i;
243  const uint16_t in_pad_range = CT::is_lte<uint16_t>(offset, pad_bytes);
244  pad_invalid |= (in_pad_range & (record[i] ^ pad_byte));
245  }
246 
247  const uint16_t pad_invalid_mask = CT::expand_mask<uint16_t>(pad_invalid);
248  return CT::select<uint16_t>(pad_invalid_mask, 0, pad_byte + 1);
249  }

◆ group_param_from_string()

Group_Params Botan::TLS::group_param_from_string ( const std::string &  group_name)

Definition at line 124 of file tls_algos.cpp.

References BRAINPOOL256R1, BRAINPOOL384R1, BRAINPOOL512R1, FFDHE_2048, FFDHE_3072, FFDHE_4096, FFDHE_6144, FFDHE_8192, NONE, SECP256R1, SECP384R1, SECP521R1, and X25519.

Referenced by Botan::TLS::Text_Policy::key_exchange_groups().

125  {
126  if(group_name == "secp256r1")
127  return Group_Params::SECP256R1;
128  if(group_name == "secp384r1")
129  return Group_Params::SECP384R1;
130  if(group_name == "secp521r1")
131  return Group_Params::SECP521R1;
132  if(group_name == "brainpool256r1")
133  return Group_Params::BRAINPOOL256R1;
134  if(group_name == "brainpool384r1")
135  return Group_Params::BRAINPOOL384R1;
136  if(group_name == "brainpool512r1")
137  return Group_Params::BRAINPOOL512R1;
138  if(group_name == "x25519")
139  return Group_Params::X25519;
140 
141  if(group_name == "ffdhe/ietf/2048")
142  return Group_Params::FFDHE_2048;
143  if(group_name == "ffdhe/ietf/3072")
144  return Group_Params::FFDHE_3072;
145  if(group_name == "ffdhe/ietf/4096")
146  return Group_Params::FFDHE_4096;
147  if(group_name == "ffdhe/ietf/6144")
148  return Group_Params::FFDHE_6144;
149  if(group_name == "ffdhe/ietf/8192")
150  return Group_Params::FFDHE_8192;
151 
152  return Group_Params::NONE; // unknown
153  }

◆ group_param_is_dh()

bool Botan::TLS::group_param_is_dh ( Group_Params  group)

Definition at line 118 of file tls_algos.cpp.

Referenced by Botan::TLS::Policy::default_dh_group(), Botan::TLS::Supported_Groups::dh_groups(), Botan::TLS::Supported_Groups::ec_groups(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

119  {
120  uint16_t group_id = static_cast<uint16_t>(group);
121  return (group_id >= 256 && group_id < 512);
122  }

◆ group_param_to_string()

std::string Botan::TLS::group_param_to_string ( Group_Params  group)

Definition at line 155 of file tls_algos.cpp.

References BRAINPOOL256R1, BRAINPOOL384R1, BRAINPOOL512R1, FFDHE_2048, FFDHE_3072, FFDHE_4096, FFDHE_6144, FFDHE_8192, SECP256R1, SECP384R1, SECP521R1, and X25519.

Referenced by Botan::TLS::Callbacks::tls_decode_group_param().

156  {
157  switch(group)
158  {
159  case Group_Params::SECP256R1:
160  return "secp256r1";
161  case Group_Params::SECP384R1:
162  return "secp384r1";
163  case Group_Params::SECP521R1:
164  return "secp521r1";
165  case Group_Params::BRAINPOOL256R1:
166  return "brainpool256r1";
167  case Group_Params::BRAINPOOL384R1:
168  return "brainpool384r1";
169  case Group_Params::BRAINPOOL512R1:
170  return "brainpool512r1";
171  case Group_Params::X25519:
172  return "x25519";
173 
174  case Group_Params::FFDHE_2048:
175  return "ffdhe/ietf/2048";
176  case Group_Params::FFDHE_3072:
177  return "ffdhe/ietf/3072";
178  case Group_Params::FFDHE_4096:
179  return "ffdhe/ietf/4096";
180  case Group_Params::FFDHE_6144:
181  return "ffdhe/ietf/6144";
182  case Group_Params::FFDHE_8192:
183  return "ffdhe/ietf/8192";
184 
185  default:
186  return "";
187  }
188  }

◆ handshake_type_to_string()

const char * Botan::TLS::handshake_type_to_string ( Handshake_Type  type)

Definition at line 24 of file tls_handshake_state.cpp.

References CERTIFICATE, CERTIFICATE_REQUEST, CERTIFICATE_STATUS, CERTIFICATE_URL, CERTIFICATE_VERIFY, CLIENT_HELLO, CLIENT_KEX, FINISHED, HANDSHAKE_CCS, HANDSHAKE_NONE, HELLO_REQUEST, HELLO_VERIFY_REQUEST, NEW_SESSION_TICKET, SERVER_HELLO, SERVER_HELLO_DONE, SERVER_KEX, Botan::ASN1::to_string(), type, and Botan::TLS::Alert::UNEXPECTED_MESSAGE.

Referenced by Botan::TLS::Handshake_Message::type_string().

25  {
26  switch(type)
27  {
29  return "hello_verify_request";
30 
31  case HELLO_REQUEST:
32  return "hello_request";
33 
34  case CLIENT_HELLO:
35  return "client_hello";
36 
37  case SERVER_HELLO:
38  return "server_hello";
39 
40  case CERTIFICATE:
41  return "certificate";
42 
43  case CERTIFICATE_URL:
44  return "certificate_url";
45 
46  case CERTIFICATE_STATUS:
47  return "certificate_status";
48 
49  case SERVER_KEX:
50  return "server_key_exchange";
51 
53  return "certificate_request";
54 
55  case SERVER_HELLO_DONE:
56  return "server_hello_done";
57 
58  case CERTIFICATE_VERIFY:
59  return "certificate_verify";
60 
61  case CLIENT_KEX:
62  return "client_key_exchange";
63 
64  case NEW_SESSION_TICKET:
65  return "new_session_ticket";
66 
67  case HANDSHAKE_CCS:
68  return "change_cipher_spec";
69 
70  case FINISHED:
71  return "finished";
72 
73  case HANDSHAKE_NONE:
74  return "invalid";
75  }
76 
77  throw TLS_Exception(Alert::UNEXPECTED_MESSAGE,
78  "Unknown TLS handshake message type " + std::to_string(type));
79  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:145
MechanismType type

◆ hash_function_of_scheme()

std::string Botan::TLS::hash_function_of_scheme ( Signature_Scheme  scheme)

Definition at line 191 of file tls_algos.cpp.

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, NONE, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

192  {
193  switch(scheme)
194  {
195  case Signature_Scheme::DSA_SHA1:
196  case Signature_Scheme::ECDSA_SHA1:
197  case Signature_Scheme::RSA_PKCS1_SHA1:
198  return "SHA-1";
199 
200  case Signature_Scheme::DSA_SHA256:
201  case Signature_Scheme::ECDSA_SHA256:
202  case Signature_Scheme::RSA_PKCS1_SHA256:
203  case Signature_Scheme::RSA_PSS_SHA256:
204  return "SHA-256";
205 
206  case Signature_Scheme::DSA_SHA384:
207  case Signature_Scheme::ECDSA_SHA384:
208  case Signature_Scheme::RSA_PKCS1_SHA384:
209  case Signature_Scheme::RSA_PSS_SHA384:
210  return "SHA-384";
211 
212  case Signature_Scheme::DSA_SHA512:
213  case Signature_Scheme::ECDSA_SHA512:
214  case Signature_Scheme::RSA_PKCS1_SHA512:
215  case Signature_Scheme::RSA_PSS_SHA512:
216  return "SHA-512";
217 
218  case Signature_Scheme::EDDSA_25519:
219  case Signature_Scheme::EDDSA_448:
220  return "Pure";
221 
223  return "";
224  }
225 
226  throw Invalid_State("Unknown signature algorithm enum");
227  }

◆ kdf_algo_to_string()

std::string BOTAN_DLL Botan::TLS::kdf_algo_to_string ( KDF_Algo  algo)

Definition at line 14 of file tls_algos.cpp.

References SHA_1, SHA_256, and SHA_384.

Referenced by Botan::TLS::Ciphersuite::prf_algo().

15  {
16  switch(algo)
17  {
18  case KDF_Algo::SHA_1:
19  return "SHA-1";
20  case KDF_Algo::SHA_256:
21  return "SHA-256";
22  case KDF_Algo::SHA_384:
23  return "SHA-384";
24  }
25 
26  throw Invalid_State("kdf_algo_to_string unknown enum value");
27  }
SHA_160 SHA_1
Definition: sha160.h:69

◆ kex_method_from_string()

Kex_Algo BOTAN_TEST_API Botan::TLS::kex_method_from_string ( const std::string &  str)

Definition at line 54 of file tls_algos.cpp.

References CECPQ1, DH, DHE_PSK, ECDH, ECDHE_PSK, PSK, SRP_SHA, and STATIC_RSA.

55  {
56  if(str == "RSA")
57  return Kex_Algo::STATIC_RSA;
58 
59  if(str == "DH")
60  return Kex_Algo::DH;
61 
62  if(str == "ECDH")
63  return Kex_Algo::ECDH;
64 
65  if(str == "CECPQ1")
66  return Kex_Algo::CECPQ1;
67 
68  if(str == "SRP_SHA")
69  return Kex_Algo::SRP_SHA;
70 
71  if(str == "PSK")
72  return Kex_Algo::PSK;
73 
74  if(str == "DHE_PSK")
75  return Kex_Algo::DHE_PSK;
76 
77  if(str == "ECDHE_PSK")
78  return Kex_Algo::ECDHE_PSK;
79 
80  throw Invalid_Argument("Unknown kex method " + str);
81  }

◆ kex_method_to_string()

std::string BOTAN_TEST_API Botan::TLS::kex_method_to_string ( Kex_Algo  method)

Definition at line 29 of file tls_algos.cpp.

References CECPQ1, DH, DHE_PSK, ECDH, ECDHE_PSK, PSK, SRP_SHA, and STATIC_RSA.

Referenced by Botan::TLS::Ciphersuite::kex_algo(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

30  {
31  switch(method)
32  {
33  case Kex_Algo::STATIC_RSA:
34  return "RSA";
35  case Kex_Algo::DH:
36  return "DH";
37  case Kex_Algo::ECDH:
38  return "ECDH";
39  case Kex_Algo::CECPQ1:
40  return "CECPQ1";
41  case Kex_Algo::SRP_SHA:
42  return "SRP_SHA";
43  case Kex_Algo::PSK:
44  return "PSK";
45  case Kex_Algo::DHE_PSK:
46  return "DHE_PSK";
47  case Kex_Algo::ECDHE_PSK:
48  return "ECDHE_PSK";
49  }
50 
51  throw Invalid_State("kex_method_to_string unknown enum value");
52  }

◆ key_exchange_is_psk()

bool Botan::TLS::key_exchange_is_psk ( Kex_Algo  m)
inline

Definition at line 158 of file tls_algos.h.

References DHE_PSK, ECDHE_PSK, and PSK.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

159  {
160  return (m == Kex_Algo::PSK ||
161  m == Kex_Algo::DHE_PSK ||
162  m == Kex_Algo::ECDHE_PSK);
163  }

◆ make_hello_random()

std::vector< uint8_t > Botan::TLS::make_hello_random ( RandomNumberGenerator rng,
const Policy policy 
)

Definition at line 33 of file msg_client_hello.cpp.

References Botan::HashFunction::create_or_throw(), Botan::TLS::Policy::include_time_in_hello_random(), Botan::RandomNumberGenerator::randomize(), and Botan::store_be().

35  {
36  std::vector<uint8_t> buf(32);
37  rng.randomize(buf.data(), buf.size());
38 
39  std::unique_ptr<HashFunction> sha256 = HashFunction::create_or_throw("SHA-256");
40  sha256->update(buf);
41  sha256->final(buf);
42 
43  if(policy.include_time_in_hello_random())
44  {
45  const uint32_t time32 = static_cast<uint32_t>(
46  std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));
47 
48  store_be(time32, buf.data());
49  }
50 
51  return buf;
52  }
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:434

◆ operator!=()

bool Botan::TLS::operator!= ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 84 of file tls_server_info.h.

85  {
86  return !(a == b);
87  }

◆ operator<()

bool Botan::TLS::operator< ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 89 of file tls_server_info.h.

References Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

90  {
91  if(a.hostname() != b.hostname())
92  return (a.hostname() < b.hostname());
93  if(a.service() != b.service())
94  return (a.service() < b.service());
95  if(a.port() != b.port())
96  return (a.port() < b.port());
97  return false; // equal
98  }

◆ operator==()

bool Botan::TLS::operator== ( const Server_Information a,
const Server_Information b 
)
inline

Definition at line 76 of file tls_server_info.h.

References Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), and Botan::TLS::Server_Information::service().

77  {
78  return (a.hostname() == b.hostname()) &&
79  (a.service() == b.service()) &&
80  (a.port() == b.port());
81 
82  }

◆ padding_string_for_scheme()

std::string Botan::TLS::padding_string_for_scheme ( Signature_Scheme  scheme)

Definition at line 379 of file tls_algos.cpp.

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, NONE, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

380  {
381  switch(scheme)
382  {
383  case Signature_Scheme::RSA_PKCS1_SHA1:
384  return "EMSA_PKCS1(SHA-1)";
385  case Signature_Scheme::RSA_PKCS1_SHA256:
386  return "EMSA_PKCS1(SHA-256)";
387  case Signature_Scheme::RSA_PKCS1_SHA384:
388  return "EMSA_PKCS1(SHA-384)";
389  case Signature_Scheme::RSA_PKCS1_SHA512:
390  return "EMSA_PKCS1(SHA-512)";
391 
392  case Signature_Scheme::DSA_SHA1:
393  case Signature_Scheme::ECDSA_SHA1:
394  return "EMSA1(SHA-1)";
395  case Signature_Scheme::DSA_SHA256:
396  case Signature_Scheme::ECDSA_SHA256:
397  return "EMSA1(SHA-256)";
398  case Signature_Scheme::DSA_SHA384:
399  case Signature_Scheme::ECDSA_SHA384:
400  return "EMSA1(SHA-384)";
401  case Signature_Scheme::DSA_SHA512:
402  case Signature_Scheme::ECDSA_SHA512:
403  return "EMSA1(SHA-512)";
404 
405  case Signature_Scheme::RSA_PSS_SHA256:
406  return "PSSR(SHA-256,MGF1,32)";
407  case Signature_Scheme::RSA_PSS_SHA384:
408  return "PSSR(SHA-384,MGF1,48)";
409  case Signature_Scheme::RSA_PSS_SHA512:
410  return "PSSR(SHA-512,MGF1,64)";
411 
412  case Signature_Scheme::EDDSA_25519:
413  return "Pure";
414  case Signature_Scheme::EDDSA_448:
415  return "Pure";
416 
418  return "";
419  }
420 
421  throw Invalid_State("Unknown signature algorithm enum");
422  }

◆ read_record()

size_t Botan::TLS::read_record ( secure_vector< uint8_t > &  read_buffer,
Record_Raw_Input raw_input,
Record rec,
Connection_Sequence_Numbers sequence_numbers,
get_cipherstate_fn  get_cipherstate 
)

Decode a TLS record

Returns
zero if full message, else number of bytes still needed

Definition at line 497 of file tls_record.cpp.

References Botan::TLS::Record_Raw_Input::is_datagram().

Referenced by Botan::TLS::Channel::received_data().

502  {
503  if(raw_input.is_datagram())
504  return read_dtls_record(readbuf, raw_input, rec,
505  sequence_numbers, get_cipherstate);
506  else
507  return read_tls_record(readbuf, raw_input, rec,
508  sequence_numbers, get_cipherstate);
509  }

◆ sig_scheme_to_string()

std::string BOTAN_UNSTABLE_API Botan::TLS::sig_scheme_to_string ( Signature_Scheme  scheme)

Definition at line 329 of file tls_algos.cpp.

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, NONE, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

330  {
331  switch(scheme)
332  {
333  case Signature_Scheme::RSA_PKCS1_SHA1:
334  return "RSA_PKCS1_SHA1";
335  case Signature_Scheme::RSA_PKCS1_SHA256:
336  return "RSA_PKCS1_SHA256";
337  case Signature_Scheme::RSA_PKCS1_SHA384:
338  return "RSA_PKCS1_SHA384";
339  case Signature_Scheme::RSA_PKCS1_SHA512:
340  return "RSA_PKCS1_SHA512";
341 
342  case Signature_Scheme::DSA_SHA1:
343  return "DSA_SHA1";
344  case Signature_Scheme::DSA_SHA256:
345  return "DSA_SHA256";
346  case Signature_Scheme::DSA_SHA384:
347  return "DSA_SHA384";
348  case Signature_Scheme::DSA_SHA512:
349  return "DSA_SHA512";
350 
351  case Signature_Scheme::ECDSA_SHA1:
352  return "ECDSA_SHA1";
353  case Signature_Scheme::ECDSA_SHA256:
354  return "ECDSA_SHA256";
355  case Signature_Scheme::ECDSA_SHA384:
356  return "ECDSA_SHA384";
357  case Signature_Scheme::ECDSA_SHA512:
358  return "ECDSA_SHA512";
359 
360  case Signature_Scheme::RSA_PSS_SHA256:
361  return "RSA_PSS_SHA256";
362  case Signature_Scheme::RSA_PSS_SHA384:
363  return "RSA_PSS_SHA384";
364  case Signature_Scheme::RSA_PSS_SHA512:
365  return "RSA_PSS_SHA512";
366 
367  case Signature_Scheme::EDDSA_25519:
368  return "EDDSA_25519";
369  case Signature_Scheme::EDDSA_448:
370  return "EDDSA_448";
371 
373  return "";
374  }
375 
376  throw Invalid_State("Unknown signature algorithm enum");
377  }

◆ signature_algorithm_of_scheme()

std::string Botan::TLS::signature_algorithm_of_scheme ( Signature_Scheme  scheme)

Definition at line 291 of file tls_algos.cpp.

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, NONE, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

292  {
293  switch(scheme)
294  {
295  case Signature_Scheme::RSA_PKCS1_SHA1:
296  case Signature_Scheme::RSA_PKCS1_SHA256:
297  case Signature_Scheme::RSA_PKCS1_SHA384:
298  case Signature_Scheme::RSA_PKCS1_SHA512:
299  case Signature_Scheme::RSA_PSS_SHA256:
300  case Signature_Scheme::RSA_PSS_SHA384:
301  case Signature_Scheme::RSA_PSS_SHA512:
302  return "RSA";
303 
304  case Signature_Scheme::DSA_SHA1:
305  case Signature_Scheme::DSA_SHA256:
306  case Signature_Scheme::DSA_SHA384:
307  case Signature_Scheme::DSA_SHA512:
308  return "DSA";
309 
310  case Signature_Scheme::ECDSA_SHA1:
311  case Signature_Scheme::ECDSA_SHA256:
312  case Signature_Scheme::ECDSA_SHA384:
313  case Signature_Scheme::ECDSA_SHA512:
314  return "ECDSA";
315 
316  case Signature_Scheme::EDDSA_25519:
317  return "Ed25519";
318 
319  case Signature_Scheme::EDDSA_448:
320  return "Ed448";
321 
323  return "";
324  }
325 
326  throw Invalid_State("Unknown signature algorithm enum");
327  }

◆ signature_scheme_is_known()

bool Botan::TLS::signature_scheme_is_known ( Signature_Scheme  scheme)

Definition at line 262 of file tls_algos.cpp.

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

263  {
264  switch(scheme)
265  {
266  case Signature_Scheme::RSA_PKCS1_SHA1:
267  case Signature_Scheme::RSA_PKCS1_SHA256:
268  case Signature_Scheme::RSA_PKCS1_SHA384:
269  case Signature_Scheme::RSA_PKCS1_SHA512:
270  case Signature_Scheme::RSA_PSS_SHA256:
271  case Signature_Scheme::RSA_PSS_SHA384:
272  case Signature_Scheme::RSA_PSS_SHA512:
273 
274  case Signature_Scheme::DSA_SHA1:
275  case Signature_Scheme::DSA_SHA256:
276  case Signature_Scheme::DSA_SHA384:
277  case Signature_Scheme::DSA_SHA512:
278 
279  case Signature_Scheme::ECDSA_SHA1:
280  case Signature_Scheme::ECDSA_SHA256:
281  case Signature_Scheme::ECDSA_SHA384:
282  case Signature_Scheme::ECDSA_SHA512:
283  return true;
284 
285  default:
286  return false;
287  }
288 
289  }

◆ write_record()

void Botan::TLS::write_record ( secure_vector< uint8_t > &  write_buffer,
Record_Message  rec_msg,
Protocol_Version  version,
uint64_t  msg_sequence,
Connection_Cipher_State cipherstate,
RandomNumberGenerator rng 
)

Create a TLS record

Parameters
write_bufferthe output record is placed here
rec_msgis the plaintext message
versionis the protocol version
msg_sequenceis the sequence number
cipherstateis the writing cipher state
rngis a random number generator

Definition at line 210 of file tls_record.cpp.

References Botan::TLS::Connection_Cipher_State::aead(), Botan::TLS::Connection_Cipher_State::aead_nonce(), BOTAN_ASSERT, CBC_MODE, Botan::Cipher_Mode::finish(), Botan::TLS::Connection_Cipher_State::format_ad(), Botan::get_byte(), Botan::TLS::Record_Message::get_data(), Botan::TLS::Record_Message::get_size(), Botan::TLS::Record_Message::get_type(), Botan::TLS::Protocol_Version::is_datagram_protocol(), Botan::TLS::Protocol_Version::major_version(), MAX_CIPHERTEXT_SIZE, Botan::TLS::Protocol_Version::minor_version(), Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake(), Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record(), Botan::TLS::Connection_Cipher_State::nonce_format(), Botan::Cipher_Mode::output_length(), Botan::AEAD_Mode::set_ad(), and Botan::Cipher_Mode::start().

216  {
217  output.clear();
218 
219  output.push_back(msg.get_type());
220  output.push_back(version.major_version());
221  output.push_back(version.minor_version());
222 
223  if(version.is_datagram_protocol())
224  {
225  for(size_t i = 0; i != 8; ++i)
226  output.push_back(get_byte(i, seq));
227  }
228 
229  if(!cs) // initial unencrypted handshake records
230  {
231  append_u16_len(output, msg.get_size());
232  output.insert(output.end(), msg.get_data(), msg.get_data() + msg.get_size());
233  return;
234  }
235 
236  AEAD_Mode* aead = cs->aead();
237  std::vector<uint8_t> aad = cs->format_ad(seq, msg.get_type(), version, static_cast<uint16_t>(msg.get_size()));
238 
239  const size_t ctext_size = aead->output_length(msg.get_size());
240 
241  const size_t rec_size = ctext_size + cs->nonce_bytes_from_record();
242 
243  aead->set_ad(aad);
244 
245  const std::vector<uint8_t> nonce = cs->aead_nonce(seq, rng);
246 
247  append_u16_len(output, rec_size);
248 
249  if(cs->nonce_bytes_from_record() > 0)
250  {
251  if(cs->nonce_format() == Nonce_Format::CBC_MODE)
252  output += nonce;
253  else
254  output += std::make_pair(&nonce[cs->nonce_bytes_from_handshake()], cs->nonce_bytes_from_record());
255  }
256 
257  const size_t header_size = output.size();
258  output += std::make_pair(msg.get_data(), msg.get_size());
259 
260  aead->start(nonce);
261  aead->finish(output, header_size);
262 
263  BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE,
264  "Produced ciphertext larger than protocol allows");
265  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:30
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39