Botan 3.9.0
Crypto and TLS for C&
tls_algos.h
Go to the documentation of this file.
1/*
2* (C) 2017 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#ifndef BOTAN_TLS_ALGO_IDS_H_
8#define BOTAN_TLS_ALGO_IDS_H_
9
10#include <botan/asn1_obj.h>
11#include <botan/pk_keys.h>
12#include <botan/types.h>
13#include <optional>
14#include <string>
15#include <vector>
16
17//BOTAN_FUTURE_INTERNAL_HEADER(tls_algos.h)
18
19namespace Botan::TLS {
20
48
49enum class KDF_Algo : uint8_t {
53};
54
55std::string BOTAN_DLL kdf_algo_to_string(KDF_Algo algo);
56
63
64// TODO encoding should match signature_algorithms extension
65// TODO this should include hash etc as in TLS v1.3
66enum class Auth_Method : uint32_t {
67 RSA = 0,
68 ECDSA = 1,
69
70 // To support TLS 1.3 ciphersuites, which do not determine the auth method
72
73 // These are placed outside the encodable range
74 IMPLICIT = 0x10000
75};
76
79
80/*
81* Matches with wire encoding
82*/
83enum class Group_Params_Code : uint16_t {
84 NONE = 0,
85
92
93 X25519 = 29,
94 X448 = 30,
95
101
102 // https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/05/
103 ML_KEM_512 = 0x0200,
104 ML_KEM_768 = 0x0201,
105 ML_KEM_1024 = 0x0202,
106
107 // libOQS defines those in:
108 // https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
109 // (last update: 6th June 2025 - matching oqs commit 9447f68)
116
117 // https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/03/
121
122 // https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
123 // (last update: 6th June 2025 - matching oqs commit 9447f68)
126
129
132
135
138};
139
141 public:
142 using enum Group_Params_Code;
143
144 constexpr Group_Params() : m_code(Group_Params_Code::NONE) {}
145
146 // NOLINTNEXTLINE(*-explicit-conversions)
147 constexpr Group_Params(Group_Params_Code code) : m_code(code) {}
148
149 // NOLINTNEXTLINE(*-explicit-conversions)
150 constexpr Group_Params(uint16_t code) : m_code(static_cast<Group_Params_Code>(code)) {}
151
152 /**
153 * @returns std::nullopt if an unknown name
154 */
155 static std::optional<Group_Params> from_string(std::string_view group_name);
156
157 constexpr bool operator==(Group_Params_Code code) const { return m_code == code; }
158
159 constexpr bool operator==(Group_Params other) const { return m_code == other.m_code; }
160
161 constexpr bool operator<(Group_Params other) const { return m_code < other.m_code; }
162
163 constexpr Group_Params_Code code() const { return m_code; }
164
165 constexpr uint16_t wire_code() const { return static_cast<uint16_t>(m_code); }
166
167 /**
168 * Returns false if this group/KEX is not available in the build configuration
169 */
170 bool is_available() const;
171
172 constexpr bool is_x25519() const { return m_code == Group_Params_Code::X25519; }
173
174 constexpr bool is_x448() const { return m_code == Group_Params_Code::X448; }
175
181
182 constexpr bool is_in_ffdhe_range() const {
183 // See RFC 7919
184 return wire_code() >= 256 && wire_code() < 512;
185 }
186
187 constexpr bool is_dh_named_group() const {
188 return m_code == Group_Params_Code::FFDHE_2048 || m_code == Group_Params_Code::FFDHE_3072 ||
191 }
192
193 constexpr bool is_pure_ml_kem() const {
194 return m_code == Group_Params_Code::ML_KEM_512 || m_code == Group_Params_Code::ML_KEM_768 ||
196 }
197
206
207 constexpr bool is_pure_ecc_group() const { return is_x25519() || is_x448() || is_ecdh_named_curve(); }
208
217
223
236
237 constexpr bool is_pqc_hybrid() const { return is_pqc_hybrid_ml_kem() || is_pqc_hybrid_frodokem(); }
238
247
248 // If this is a pqc hybrid group, returns the ECC ID
249 std::optional<Group_Params_Code> pqc_hybrid_ecc() const;
250
251 // Returns std::nullopt if the param has no known name
252 std::optional<std::string> to_string() const;
253
254 private:
255 Group_Params_Code m_code;
256};
257
258enum class Kex_Algo : uint8_t {
269
270 // To support TLS 1.3 ciphersuites, which do not determine the kex algo
272};
273
276
278 return (m == Kex_Algo::PSK || m == Kex_Algo::ECDHE_PSK || m == Kex_Algo::DHE_PSK);
279}
280
281} // namespace Botan::TLS
282
283#endif
#define BOTAN_DIAGNOSTIC_POP
Definition api.h:122
#define BOTAN_DIAGNOSTIC_PUSH
Definition api.h:119
#define BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
Definition api.h:120
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
#define BOTAN_TEST_API
Definition api.h:41
constexpr bool operator==(Group_Params other) const
Definition tls_algos.h:159
constexpr bool is_dh_named_group() const
Definition tls_algos.h:187
constexpr bool is_in_ffdhe_range() const
Definition tls_algos.h:182
constexpr bool operator<(Group_Params other) const
Definition tls_algos.h:161
constexpr bool is_pqc_hybrid() const
Definition tls_algos.h:237
constexpr bool is_kem() const
Definition tls_algos.h:239
constexpr bool is_post_quantum() const
Definition tls_algos.h:209
constexpr bool operator==(Group_Params_Code code) const
Definition tls_algos.h:157
constexpr bool is_ecdh_named_curve() const
Definition tls_algos.h:176
constexpr uint16_t wire_code() const
Definition tls_algos.h:165
constexpr bool is_pure_frodokem() const
Definition tls_algos.h:198
constexpr Group_Params_Code code() const
Definition tls_algos.h:163
constexpr Group_Params(uint16_t code)
Definition tls_algos.h:150
constexpr bool is_pqc_hybrid_frodokem() const
Definition tls_algos.h:224
constexpr bool is_pure_ml_kem() const
Definition tls_algos.h:193
constexpr Group_Params(Group_Params_Code code)
Definition tls_algos.h:147
constexpr bool is_pqc_hybrid_ml_kem() const
Definition tls_algos.h:218
constexpr bool is_x448() const
Definition tls_algos.h:174
constexpr bool is_pure_ecc_group() const
Definition tls_algos.h:207
constexpr bool is_x25519() const
Definition tls_algos.h:172
#define BOTAN_DLL
Definition build.h:93
Kex_Algo kex_method_from_string(std::string_view str)
Definition tls_algos.cpp:57
Auth_Method auth_method_from_string(std::string_view str)
std::string kdf_algo_to_string(KDF_Algo algo)
Definition tls_algos.cpp:15
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:28
bool key_exchange_is_psk(Kex_Algo m)
Definition tls_algos.h:277
std::string auth_method_to_string(Auth_Method method)
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition exceptn.cpp:13