Botan 3.6.1
Crypto and TLS for C&
tls_algos.h
Go to the documentation of this file.
1/*
2* (C) 2017 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#ifndef BOTAN_TLS_ALGO_IDS_H_
8#define BOTAN_TLS_ALGO_IDS_H_
9
10#include <botan/asn1_obj.h>
11#include <botan/pk_keys.h>
12#include <botan/types.h>
13#include <optional>
14#include <string>
15#include <vector>
16
17//BOTAN_FUTURE_INTERNAL_HEADER(tls_algos.h)
18
19namespace Botan::TLS {
20
48
49enum class KDF_Algo {
50 SHA_1,
51 SHA_256,
52 SHA_384,
53};
54
55std::string BOTAN_DLL kdf_algo_to_string(KDF_Algo algo);
56
57enum class Nonce_Format {
58 CBC_MODE,
59 AEAD_IMPLICIT_4,
60 AEAD_XOR_12,
61};
62
63// TODO encoding should match signature_algorithms extension
64// TODO this should include hash etc as in TLS v1.3
65enum class Auth_Method {
66 RSA,
67 ECDSA,
68
69 // To support TLS 1.3 ciphersuites, which do not determine the auth method
70 UNDEFINED,
71
72 // These are placed outside the encodable range
73 IMPLICIT = 0x10000
74};
75
76std::string BOTAN_TEST_API auth_method_to_string(Auth_Method method);
77Auth_Method BOTAN_TEST_API auth_method_from_string(std::string_view str);
78
79#define BOTAN_TLS_KYBER_R3_DEPRECATED \
80 BOTAN_DEPRECATED( \
81 "Kyber r3 TLS support will be removed completely in Botan 3.7.0 (early 2025) see https://github.com/randombit/botan/issues/4403")
82
83/*
84* Matches with wire encoding
85*/
86enum class Group_Params_Code : uint16_t {
87 NONE = 0,
88
89 SECP256R1 = 23,
90 SECP384R1 = 24,
91 SECP521R1 = 25,
92 BRAINPOOL256R1 = 26,
93 BRAINPOOL384R1 = 27,
94 BRAINPOOL512R1 = 28,
95
96 X25519 = 29,
97 X448 = 30,
98
99 FFDHE_2048 = 256,
100 FFDHE_3072 = 257,
101 FFDHE_4096 = 258,
102 FFDHE_6144 = 259,
103 FFDHE_8192 = 260,
104
105 // libOQS defines those in:
106 // https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
107 KYBER_512_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x023A,
108 KYBER_768_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x023C,
109 KYBER_1024_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x023D,
110
111 eFRODOKEM_640_SHAKE_OQS = 0x0201,
112 eFRODOKEM_976_SHAKE_OQS = 0x0203,
113 eFRODOKEM_1344_SHAKE_OQS = 0x0205,
114 eFRODOKEM_640_AES_OQS = 0x0200,
115 eFRODOKEM_976_AES_OQS = 0x0202,
116 eFRODOKEM_1344_AES_OQS = 0x0204,
117
118 // Cloudflare code points for hybrid PQC
119 // https://blog.cloudflare.com/post-quantum-for-all/
120 HYBRID_X25519_KYBER_512_R3_CLOUDFLARE BOTAN_TLS_KYBER_R3_DEPRECATED = 0xFE30,
121
122 // libOQS defines those in:
123 // https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
124 //
125 // X25519/Kyber768 is also defined in:
126 // https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/03/
127 HYBRID_X25519_KYBER_512_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x2F39,
128 HYBRID_X25519_KYBER_768_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x6399,
129
130 // https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/02/
131 HYBRID_SECP256R1_ML_KEM_768 = 0x11EB,
132 HYBRID_X25519_ML_KEM_768 = 0x11EC,
133
134 HYBRID_X448_KYBER_768_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x2F90,
135
136 HYBRID_SECP256R1_KYBER_512_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x2F3A,
137 HYBRID_SECP256R1_KYBER_768_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x639A,
138
139 HYBRID_SECP384R1_KYBER_768_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x2F3C,
140
141 HYBRID_SECP521R1_KYBER_1024_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x2F3D,
142
143 HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS = 0x2F81,
144 HYBRID_X25519_eFRODOKEM_640_AES_OQS = 0x2F80,
145
146 HYBRID_X448_eFRODOKEM_976_SHAKE_OQS = 0x2F83,
147 HYBRID_X448_eFRODOKEM_976_AES_OQS = 0x2F82,
148
149 HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS = 0x2F01,
150 HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS = 0x2F00,
151
152 HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS = 0x2F03,
153 HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS = 0x2F02,
154
155 HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS = 0x2F05,
156 HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS = 0x2F04,
157};
158
159class BOTAN_PUBLIC_API(3, 2) Group_Params final {
160 public:
161 using enum Group_Params_Code;
162
163 constexpr Group_Params() : m_code(Group_Params_Code::NONE) {}
164
165 constexpr Group_Params(Group_Params_Code code) : m_code(code) {}
166
167 constexpr Group_Params(uint16_t code) : m_code(static_cast<Group_Params_Code>(code)) {}
168
169 /**
170 * @returns std::nullopt if an unknown name
171 */
172 static std::optional<Group_Params> from_string(std::string_view group_name);
173
174 constexpr bool operator==(Group_Params_Code code) const { return m_code == code; }
175
176 constexpr bool operator==(Group_Params other) const { return m_code == other.m_code; }
177
178 constexpr bool operator<(Group_Params other) const { return m_code < other.m_code; }
179
180 constexpr Group_Params_Code code() const { return m_code; }
181
182 constexpr uint16_t wire_code() const { return static_cast<uint16_t>(m_code); }
183
184 constexpr bool is_x25519() const { return m_code == Group_Params_Code::X25519; }
185
186 constexpr bool is_x448() const { return m_code == Group_Params_Code::X448; }
187
188 constexpr bool is_ecdh_named_curve() const {
189 return m_code == Group_Params_Code::SECP256R1 || m_code == Group_Params_Code::SECP384R1 ||
190 m_code == Group_Params_Code::SECP521R1 || m_code == Group_Params_Code::BRAINPOOL256R1 ||
191 m_code == Group_Params_Code::BRAINPOOL384R1 || m_code == Group_Params_Code::BRAINPOOL512R1;
192 }
193
194 constexpr bool is_in_ffdhe_range() const {
195 // See RFC 7919
196 return wire_code() >= 256 && wire_code() < 512;
197 }
198
199 constexpr bool is_dh_named_group() const {
200 return m_code == Group_Params_Code::FFDHE_2048 || m_code == Group_Params_Code::FFDHE_3072 ||
201 m_code == Group_Params_Code::FFDHE_4096 || m_code == Group_Params_Code::FFDHE_6144 ||
202 m_code == Group_Params_Code::FFDHE_8192;
203 }
204
205 BOTAN_TLS_KYBER_R3_DEPRECATED constexpr bool is_pure_kyber() const {
206 BOTAN_DIAGNOSTIC_PUSH
207 BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
208
209 return m_code == Group_Params_Code::KYBER_512_R3_OQS || m_code == Group_Params_Code::KYBER_768_R3_OQS ||
210 m_code == Group_Params_Code::KYBER_1024_R3_OQS;
211
212 BOTAN_DIAGNOSTIC_POP
213 }
214
215 constexpr bool is_pure_frodokem() const {
216 return m_code == Group_Params_Code::eFRODOKEM_640_SHAKE_OQS ||
217 m_code == Group_Params_Code::eFRODOKEM_976_SHAKE_OQS ||
218 m_code == Group_Params_Code::eFRODOKEM_1344_SHAKE_OQS ||
219 m_code == Group_Params_Code::eFRODOKEM_640_AES_OQS ||
220 m_code == Group_Params_Code::eFRODOKEM_976_AES_OQS ||
221 m_code == Group_Params_Code::eFRODOKEM_1344_AES_OQS;
222 }
223
224 constexpr bool is_pure_ecc_group() const { return is_x25519() || is_x448() || is_ecdh_named_curve(); }
225
226 constexpr bool is_post_quantum() const {
227 BOTAN_DIAGNOSTIC_PUSH
228 BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
229
230 return is_pure_kyber() || is_pure_frodokem() || is_pqc_hybrid();
231
232 BOTAN_DIAGNOSTIC_POP
233 }
234
235 constexpr bool is_pqc_hybrid() const {
236 BOTAN_DIAGNOSTIC_PUSH
237 BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
238
239 return m_code == Group_Params_Code::HYBRID_SECP256R1_ML_KEM_768 ||
240 m_code == Group_Params_Code::HYBRID_X25519_ML_KEM_768 ||
241 m_code == Group_Params_Code::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE ||
242 m_code == Group_Params_Code::HYBRID_X25519_KYBER_512_R3_OQS ||
243 m_code == Group_Params_Code::HYBRID_X25519_KYBER_768_R3_OQS ||
244 m_code == Group_Params_Code::HYBRID_X448_KYBER_768_R3_OQS ||
245 m_code == Group_Params_Code::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS ||
246 m_code == Group_Params_Code::HYBRID_X25519_eFRODOKEM_640_AES_OQS ||
247 m_code == Group_Params_Code::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS ||
248 m_code == Group_Params_Code::HYBRID_X448_eFRODOKEM_976_AES_OQS ||
249 m_code == Group_Params_Code::HYBRID_SECP256R1_KYBER_512_R3_OQS ||
250 m_code == Group_Params_Code::HYBRID_SECP256R1_KYBER_768_R3_OQS ||
251 m_code == Group_Params_Code::HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS ||
252 m_code == Group_Params_Code::HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS ||
253 m_code == Group_Params_Code::HYBRID_SECP384R1_KYBER_768_R3_OQS ||
254 m_code == Group_Params_Code::HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS ||
255 m_code == Group_Params_Code::HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS ||
256 m_code == Group_Params_Code::HYBRID_SECP521R1_KYBER_1024_R3_OQS ||
257 m_code == Group_Params_Code::HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS ||
258 m_code == Group_Params_Code::HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS;
259
260 BOTAN_DIAGNOSTIC_POP
261 }
262
263 constexpr bool is_kem() const {
264 BOTAN_DIAGNOSTIC_PUSH
265 BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
266
267 return is_pure_kyber() || is_pure_frodokem() || is_pqc_hybrid();
268
269 BOTAN_DIAGNOSTIC_POP
270 }
271
272 // Returns std::nullopt if the param has no known name
273 std::optional<std::string> to_string() const;
274
275 private:
276 Group_Params_Code m_code;
277};
278
279enum class Kex_Algo {
280 STATIC_RSA,
281 DH,
282 ECDH,
283 PSK,
284 ECDHE_PSK,
285 DHE_PSK,
286 KEM,
287 KEM_PSK,
288 HYBRID,
289 HYBRID_PSK,
290
291 // To support TLS 1.3 ciphersuites, which do not determine the kex algo
292 UNDEFINED
293};
294
295std::string BOTAN_TEST_API kex_method_to_string(Kex_Algo method);
296Kex_Algo BOTAN_TEST_API kex_method_from_string(std::string_view str);
297
298inline bool key_exchange_is_psk(Kex_Algo m) {
299 return (m == Kex_Algo::PSK || m == Kex_Algo::ECDHE_PSK || m == Kex_Algo::DHE_PSK);
300}
301
302} // namespace Botan::TLS
303
304#endif
Botan::TLS::Group_Params
Definition tls_algos.h:159
Botan::TLS::Group_Params::operator==
constexpr bool operator==(Group_Params other) const
Definition tls_algos.h:176
Botan::TLS::Group_Params::is_dh_named_group
constexpr bool is_dh_named_group() const
Definition tls_algos.h:199
Botan::TLS::Group_Params::is_in_ffdhe_range
constexpr bool is_in_ffdhe_range() const
Definition tls_algos.h:194
Botan::TLS::Group_Params::operator<
constexpr bool operator<(Group_Params other) const
Definition tls_algos.h:178
Botan::TLS::Group_Params::is_pqc_hybrid
constexpr bool is_pqc_hybrid() const
Definition tls_algos.h:235
Botan::TLS::Group_Params::Group_Params
constexpr Group_Params()
Definition tls_algos.h:163
Botan::TLS::Group_Params::is_kem
constexpr bool is_kem() const
Definition tls_algos.h:263
Botan::TLS::Group_Params::is_post_quantum
constexpr bool is_post_quantum() const
Definition tls_algos.h:226
Botan::TLS::Group_Params::operator==
constexpr bool operator==(Group_Params_Code code) const
Definition tls_algos.h:174
Botan::TLS::Group_Params::is_ecdh_named_curve
constexpr bool is_ecdh_named_curve() const
Definition tls_algos.h:188
Botan::TLS::Group_Params::wire_code
constexpr uint16_t wire_code() const
Definition tls_algos.h:182
Botan::TLS::Group_Params::is_pure_frodokem
constexpr bool is_pure_frodokem() const
Definition tls_algos.h:215
Botan::TLS::Group_Params::is_pure_kyber
constexpr bool is_pure_kyber() const
Definition tls_algos.h:205
Botan::TLS::Group_Params::code
constexpr Group_Params_Code code() const
Definition tls_algos.h:180
Botan::TLS::Group_Params::Group_Params
constexpr Group_Params(uint16_t code)
Definition tls_algos.h:167
Botan::TLS::Group_Params::Group_Params
constexpr Group_Params(Group_Params_Code code)
Definition tls_algos.h:165
Botan::TLS::Group_Params::is_x448
constexpr bool is_x448() const
Definition tls_algos.h:186
Botan::TLS::Group_Params::is_pure_ecc_group
constexpr bool is_pure_ecc_group() const
Definition tls_algos.h:224
Botan::TLS::Group_Params::is_x25519
constexpr bool is_x25519() const
Definition tls_algos.h:184
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
BOTAN_DIAGNOSTIC_POP
#define BOTAN_DIAGNOSTIC_POP
Definition compiler.h:191
BOTAN_DIAGNOSTIC_PUSH
#define BOTAN_DIAGNOSTIC_PUSH
Definition compiler.h:188
BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
#define BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
Definition compiler.h:189
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
BOTAN_TEST_API
#define BOTAN_TEST_API
Definition compiler.h:51
BOTAN_DLL
#define BOTAN_DLL
Definition build.h:85
Botan::TLS::kex_method_from_string
Kex_Algo kex_method_from_string(std::string_view str)
Definition tls_algos.cpp:57
Botan::TLS::auth_method_from_string
Auth_Method auth_method_from_string(std::string_view str)
Definition tls_algos.cpp:120
Botan::TLS::kdf_algo_to_string
std::string kdf_algo_to_string(KDF_Algo algo)
Definition tls_algos.cpp:15
Botan::TLS::kex_method_to_string
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:28
Botan::TLS::key_exchange_is_psk
bool key_exchange_is_psk(Kex_Algo m)
Definition tls_algos.h:298
Botan::TLS::auth_method_to_string
std::string auth_method_to_string(Auth_Method method)
Definition tls_algos.cpp:105
Botan::NONE
@ NONE
Definition filter.h:165
BOTAN_TLS_KYBER_R3_DEPRECATED
#define BOTAN_TLS_KYBER_R3_DEPRECATED
Definition tls_algos.h:79
Generated by doxygen 1.12.0