Botan 3.12.0
Crypto and TLS for C&
tls_algos.cpp
Go to the documentation of this file.
1/*
2* (C) 2017 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/tls_algos.h>
8
9#include <botan/exceptn.h>
10#include <botan/internal/fmt.h>
11
12#include <algorithm>
13#include <array>
14
15namespace Botan::TLS {
16
17std::string kdf_algo_to_string(KDF_Algo algo) {
18 switch(algo) {
19 case KDF_Algo::SHA_1:
20 return "SHA-1";
21 case KDF_Algo::SHA_256:
22 return "SHA-256";
23 case KDF_Algo::SHA_384:
24 return "SHA-384";
25 }
26
27 throw Invalid_State("kdf_algo_to_string unknown enum value");
28}
29
30std::string kex_method_to_string(Kex_Algo method) {
31 switch(method) {
32 case Kex_Algo::STATIC_RSA:
33 return "RSA";
34 case Kex_Algo::DH:
35 return "DH";
36 case Kex_Algo::ECDH:
37 return "ECDH";
38 case Kex_Algo::PSK:
39 return "PSK";
40 case Kex_Algo::ECDHE_PSK:
41 return "ECDHE_PSK";
42 case Kex_Algo::DHE_PSK:
43 return "DHE_PSK";
44 case Kex_Algo::KEM:
45 return "KEM";
46 case Kex_Algo::KEM_PSK:
47 return "KEM_PSK";
48 case Kex_Algo::HYBRID:
49 return "HYBRID";
50 case Kex_Algo::HYBRID_PSK:
51 return "HYBRID_PSK";
52 case Kex_Algo::UNDEFINED:
53 return "UNDEFINED";
54 }
55
56 throw Invalid_State("kex_method_to_string unknown enum value");
57}
58
59Kex_Algo kex_method_from_string(std::string_view str) {
60 if(str == "RSA") {
61 return Kex_Algo::STATIC_RSA;
62 }
63
64 if(str == "DH") {
65 return Kex_Algo::DH;
66 }
67
68 if(str == "ECDH") {
69 return Kex_Algo::ECDH;
70 }
71
72 if(str == "PSK") {
73 return Kex_Algo::PSK;
74 }
75
76 if(str == "ECDHE_PSK") {
77 return Kex_Algo::ECDHE_PSK;
78 }
79
80 if(str == "DHE_PSK") {
81 return Kex_Algo::DHE_PSK;
82 }
83
84 if(str == "KEM") {
85 return Kex_Algo::KEM;
86 }
87
88 if(str == "KEM_PSK") {
89 return Kex_Algo::KEM_PSK;
90 }
91
92 if(str == "HYBRID") {
93 return Kex_Algo::HYBRID;
94 }
95
96 if(str == "HYBRID_PSK") {
97 return Kex_Algo::HYBRID_PSK;
98 }
99
100 if(str == "UNDEFINED") {
101 return Kex_Algo::UNDEFINED;
102 }
103
104 throw Invalid_Argument(fmt("Unknown kex method '{}'", str));
105}
106
107std::string auth_method_to_string(Auth_Method method) {
108 switch(method) {
109 case Auth_Method::RSA:
110 return "RSA";
111 case Auth_Method::ECDSA:
112 return "ECDSA";
113 case Auth_Method::IMPLICIT:
114 return "IMPLICIT";
115 case Auth_Method::UNDEFINED:
116 return "UNDEFINED";
117 }
118
119 throw Invalid_State("auth_method_to_string unknown enum value");
120}
121
122Auth_Method auth_method_from_string(std::string_view str) {
123 if(str == "RSA") {
124 return Auth_Method::RSA;
125 }
126 if(str == "ECDSA") {
127 return Auth_Method::ECDSA;
128 }
129 if(str == "IMPLICIT") {
130 return Auth_Method::IMPLICIT;
131 }
132 if(str == "UNDEFINED") {
133 return Auth_Method::UNDEFINED;
134 }
135
136 throw Invalid_Argument(fmt("Unknown TLS signature method '{}'", str));
137}
138
139namespace {
140
141consteval auto available_group_params() {
142 auto codes = std::array {
143#if defined(BOTAN_HAS_PCURVES_SECP256R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
144 Group_Params_Code::SECP256R1,
145#endif
146
147#if defined(BOTAN_HAS_PCURVES_SECP384R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
148 Group_Params_Code::SECP384R1,
149#endif
150
151#if defined(BOTAN_HAS_PCURVES_SECP521R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
152 Group_Params_Code::SECP521R1,
153#endif
154
155#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
156 Group_Params_Code::BRAINPOOL256R1,
157#endif
158
159#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
160 Group_Params_Code::BRAINPOOL384R1,
161#endif
162
163#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
164 Group_Params_Code::BRAINPOOL512R1,
165#endif
166
167#if defined(BOTAN_HAS_X25519)
168 Group_Params_Code::X25519,
169#endif
170
171#if defined(BOTAN_HAS_X448)
172 Group_Params_Code::X448,
173#endif
174
175#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
176 Group_Params_Code::FFDHE_2048, Group_Params_Code::FFDHE_3072, Group_Params_Code::FFDHE_4096,
177 Group_Params_Code::FFDHE_6144, Group_Params_Code::FFDHE_8192,
178#endif
179
180#if defined(BOTAN_HAS_ML_KEM)
181 Group_Params_Code::ML_KEM_512, Group_Params_Code::ML_KEM_768, Group_Params_Code::ML_KEM_1024,
182
183 #if defined(BOTAN_HAS_PCURVES_SECP256R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
184 Group_Params_Code::HYBRID_SECP256R1_ML_KEM_768,
185 #endif
186
187 #if defined(BOTAN_HAS_PCURVES_SECP384R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
188 Group_Params_Code::HYBRID_SECP384R1_ML_KEM_1024,
189 #endif
190
191 #if defined(BOTAN_HAS_X25519)
192 Group_Params_Code::HYBRID_X25519_ML_KEM_768,
193 #endif
194#endif
195
196#if defined(BOTAN_HAS_FRODOKEM)
197 Group_Params_Code::eFRODOKEM_640_SHAKE_OQS, Group_Params_Code::eFRODOKEM_976_SHAKE_OQS,
198 Group_Params_Code::eFRODOKEM_1344_SHAKE_OQS, Group_Params_Code::eFRODOKEM_640_AES_OQS,
199 Group_Params_Code::eFRODOKEM_976_AES_OQS, Group_Params_Code::eFRODOKEM_1344_AES_OQS,
200
201 #if defined(BOTAN_HAS_PCURVES_SECP256R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
202 Group_Params_Code::HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS,
203 Group_Params_Code::HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS,
204 #endif
205
206 #if defined(BOTAN_HAS_PCURVES_SECP384R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
207 Group_Params_Code::HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS,
208 Group_Params_Code::HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS,
209 #endif
210
211 #if defined(BOTAN_HAS_PCURVES_SECP521R1) || defined(BOTAN_HAS_PCURVES_GENERIC)
212 Group_Params_Code::HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS,
213 Group_Params_Code::HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS,
214 #endif
215
216 #if defined(BOTAN_HAS_X25519)
217 Group_Params_Code::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS,
218 Group_Params_Code::HYBRID_X25519_eFRODOKEM_640_AES_OQS,
219 #endif
220
221 #if defined(BOTAN_HAS_X448)
222 Group_Params_Code::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS, Group_Params_Code::HYBRID_X448_eFRODOKEM_976_AES_OQS,
223 #endif
224#endif
225 };
226
227 std::sort(codes.begin(), codes.end());
228
229 return codes;
230}
231
232} // namespace
233
234bool Group_Params::is_available() const {
235 // For group codes we recognize, check the build-time availability table.
236 // Unknown codes may be user-supplied custom groups handled via callbacks.
237 if(to_string().has_value()) {
238 static constexpr auto codes = available_group_params();
239 return std::binary_search(codes.begin(), codes.end(), this->code());
240 }
241 return true;
242}
243
274
275std::optional<Group_Params> Group_Params::from_string(std::string_view group_name) {
276 if(group_name == "secp256r1") {
277 return Group_Params::SECP256R1;
278 }
279 if(group_name == "secp384r1") {
280 return Group_Params::SECP384R1;
281 }
282 if(group_name == "secp521r1") {
283 return Group_Params::SECP521R1;
284 }
285 if(group_name == "brainpool256r1") {
286 return Group_Params::BRAINPOOL256R1;
287 }
288 if(group_name == "brainpool384r1") {
289 return Group_Params::BRAINPOOL384R1;
290 }
291 if(group_name == "brainpool512r1") {
292 return Group_Params::BRAINPOOL512R1;
293 }
294 if(group_name == "x25519") {
295 return Group_Params::X25519;
296 }
297 if(group_name == "x448") {
298 return Group_Params::X448;
299 }
300
301 if(group_name == "ffdhe/ietf/2048") {
302 return Group_Params::FFDHE_2048;
303 }
304 if(group_name == "ffdhe/ietf/3072") {
305 return Group_Params::FFDHE_3072;
306 }
307 if(group_name == "ffdhe/ietf/4096") {
308 return Group_Params::FFDHE_4096;
309 }
310 if(group_name == "ffdhe/ietf/6144") {
311 return Group_Params::FFDHE_6144;
312 }
313 if(group_name == "ffdhe/ietf/8192") {
314 return Group_Params::FFDHE_8192;
315 }
316
317 if(group_name == "ML-KEM-512") {
318 return Group_Params::ML_KEM_512;
319 }
320 if(group_name == "ML-KEM-768") {
321 return Group_Params::ML_KEM_768;
322 }
323 if(group_name == "ML-KEM-1024") {
324 return Group_Params::ML_KEM_1024;
325 }
326
327 if(group_name == "eFrodoKEM-640-SHAKE") {
328 return Group_Params::eFRODOKEM_640_SHAKE_OQS;
329 }
330 if(group_name == "eFrodoKEM-976-SHAKE") {
331 return Group_Params::eFRODOKEM_976_SHAKE_OQS;
332 }
333 if(group_name == "eFrodoKEM-1344-SHAKE") {
334 return Group_Params::eFRODOKEM_1344_SHAKE_OQS;
335 }
336 if(group_name == "eFrodoKEM-640-AES") {
337 return Group_Params::eFRODOKEM_640_AES_OQS;
338 }
339 if(group_name == "eFrodoKEM-976-AES") {
340 return Group_Params::eFRODOKEM_976_AES_OQS;
341 }
342 if(group_name == "eFrodoKEM-1344-AES") {
343 return Group_Params::eFRODOKEM_1344_AES_OQS;
344 }
345
346 if(group_name == "x25519/ML-KEM-768") {
347 return Group_Params::HYBRID_X25519_ML_KEM_768;
348 }
349 if(group_name == "secp256r1/ML-KEM-768") {
350 return Group_Params::HYBRID_SECP256R1_ML_KEM_768;
351 }
352 if(group_name == "secp384r1/ML-KEM-1024") {
353 return Group_Params::HYBRID_SECP384R1_ML_KEM_1024;
354 }
355
356 if(group_name == "x25519/eFrodoKEM-640-SHAKE") {
357 return Group_Params::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS;
358 }
359 if(group_name == "x25519/eFrodoKEM-640-AES") {
360 return Group_Params::HYBRID_X25519_eFRODOKEM_640_AES_OQS;
361 }
362 if(group_name == "x448/eFrodoKEM-976-SHAKE") {
363 return Group_Params::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS;
364 }
365 if(group_name == "x448/eFrodoKEM-976-AES") {
366 return Group_Params::HYBRID_X448_eFRODOKEM_976_AES_OQS;
367 }
368
369 if(group_name == "secp256r1/eFrodoKEM-640-SHAKE") {
370 return Group_Params::HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS;
371 }
372 if(group_name == "secp256r1/eFrodoKEM-640-AES") {
373 return Group_Params::HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS;
374 }
375
376 if(group_name == "secp384r1/eFrodoKEM-976-SHAKE") {
377 return Group_Params::HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS;
378 }
379 if(group_name == "secp384r1/eFrodoKEM-976-AES") {
380 return Group_Params::HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS;
381 }
382
383 if(group_name == "secp521r1/eFrodoKEM-1344-SHAKE") {
384 return Group_Params::HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS;
385 }
386 if(group_name == "secp521r1/eFrodoKEM-1344-AES") {
387 return Group_Params::HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS;
388 }
389
390 return std::nullopt;
391}
392
393std::optional<std::string> Group_Params::to_string() const {
394 switch(m_code) {
395 case Group_Params::SECP256R1:
396 return "secp256r1";
397 case Group_Params::SECP384R1:
398 return "secp384r1";
399 case Group_Params::SECP521R1:
400 return "secp521r1";
401 case Group_Params::BRAINPOOL256R1:
402 return "brainpool256r1";
403 case Group_Params::BRAINPOOL384R1:
404 return "brainpool384r1";
405 case Group_Params::BRAINPOOL512R1:
406 return "brainpool512r1";
407 case Group_Params::X25519:
408 return "x25519";
409 case Group_Params::X448:
410 return "x448";
411
412 case Group_Params::FFDHE_2048:
413 return "ffdhe/ietf/2048";
414 case Group_Params::FFDHE_3072:
415 return "ffdhe/ietf/3072";
416 case Group_Params::FFDHE_4096:
417 return "ffdhe/ietf/4096";
418 case Group_Params::FFDHE_6144:
419 return "ffdhe/ietf/6144";
420 case Group_Params::FFDHE_8192:
421 return "ffdhe/ietf/8192";
422
423 case Group_Params::ML_KEM_512:
424 return "ML-KEM-512";
425 case Group_Params::ML_KEM_768:
426 return "ML-KEM-768";
427 case Group_Params::ML_KEM_1024:
428 return "ML-KEM-1024";
429
430 case Group_Params::eFRODOKEM_640_SHAKE_OQS:
431 return "eFrodoKEM-640-SHAKE";
432 case Group_Params::eFRODOKEM_976_SHAKE_OQS:
433 return "eFrodoKEM-976-SHAKE";
434 case Group_Params::eFRODOKEM_1344_SHAKE_OQS:
435 return "eFrodoKEM-1344-SHAKE";
436 case Group_Params::eFRODOKEM_640_AES_OQS:
437 return "eFrodoKEM-640-AES";
438 case Group_Params::eFRODOKEM_976_AES_OQS:
439 return "eFrodoKEM-976-AES";
440 case Group_Params::eFRODOKEM_1344_AES_OQS:
441 return "eFrodoKEM-1344-AES";
442
443 case Group_Params::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS:
444 return "x25519/eFrodoKEM-640-SHAKE";
445 case Group_Params::HYBRID_X25519_eFRODOKEM_640_AES_OQS:
446 return "x25519/eFrodoKEM-640-AES";
447 case Group_Params::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS:
448 return "x448/eFrodoKEM-976-SHAKE";
449 case Group_Params::HYBRID_X448_eFRODOKEM_976_AES_OQS:
450 return "x448/eFrodoKEM-976-AES";
451 case Group_Params::HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS:
452 return "secp256r1/eFrodoKEM-640-SHAKE";
453 case Group_Params::HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS:
454 return "secp256r1/eFrodoKEM-640-AES";
455 case Group_Params::HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS:
456 return "secp384r1/eFrodoKEM-976-SHAKE";
457 case Group_Params::HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS:
458 return "secp384r1/eFrodoKEM-976-AES";
459 case Group_Params::HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS:
460 return "secp521r1/eFrodoKEM-1344-SHAKE";
461 case Group_Params::HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS:
462 return "secp521r1/eFrodoKEM-1344-AES";
463
464 case Group_Params::HYBRID_X25519_ML_KEM_768:
465 return "x25519/ML-KEM-768";
466 case Group_Params::HYBRID_SECP256R1_ML_KEM_768:
467 return "secp256r1/ML-KEM-768";
468 case Group_Params::HYBRID_SECP384R1_ML_KEM_1024:
469 return "secp384r1/ML-KEM-1024";
470
471 default:
472 return std::nullopt;
473 }
474}
475
476std::string certificate_type_to_string(Certificate_Type type) {
477 switch(type) {
478 case Certificate_Type::X509:
479 return "X509";
480 case Certificate_Type::RawPublicKey:
481 return "RawPublicKey";
482 }
483
484 return "Unknown";
485}
486
487Certificate_Type certificate_type_from_string(const std::string& type_str) {
488 if(type_str == "X509") {
489 return Certificate_Type::X509;
490 } else if(type_str == "RawPublicKey") {
491 return Certificate_Type::RawPublicKey;
492 } else {
493 throw Decoding_Error("Unknown certificate type: " + type_str);
494 }
495}
496
497} // namespace Botan::TLS
Botan::Decoding_Error
Definition exceptn.h:192
Botan::Invalid_Argument
Definition exceptn.h:132
Botan::Invalid_State
Definition exceptn.h:207
Botan::TLS::Group_Params::is_available
bool is_available() const
Definition tls_algos.cpp:234
Botan::TLS::Group_Params::pqc_hybrid_ecc
std::optional< Group_Params_Code > pqc_hybrid_ecc() const
Definition tls_algos.cpp:244
Botan::TLS::Group_Params::to_string
std::optional< std::string > to_string() const
Definition tls_algos.cpp:393
Botan::TLS::Group_Params::from_string
static std::optional< Group_Params > from_string(std::string_view group_name)
Definition tls_algos.cpp:275
Botan::TLS::kex_method_from_string
Kex_Algo kex_method_from_string(std::string_view str)
Definition tls_algos.cpp:59
Botan::TLS::certificate_type_to_string
std::string certificate_type_to_string(Certificate_Type type)
Definition tls_algos.cpp:476
Botan::TLS::auth_method_from_string
Auth_Method auth_method_from_string(std::string_view str)
Definition tls_algos.cpp:122
Botan::TLS::kdf_algo_to_string
std::string kdf_algo_to_string(KDF_Algo algo)
Definition tls_algos.cpp:17
Botan::TLS::kex_method_to_string
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:30
Botan::TLS::auth_method_to_string
std::string auth_method_to_string(Auth_Method method)
Definition tls_algos.cpp:107
Botan::TLS::certificate_type_from_string
Certificate_Type certificate_type_from_string(const std::string &type_str)
Definition tls_algos.cpp:487
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Generated by doxygen 1.16.1