9#ifndef BOTAN_TLS_CIPHER_STATE_H_
10#define BOTAN_TLS_CIPHER_STATE_H_
12#include <botan/secmem.h>
13#include <botan/tls_magic.h>
14#include <botan/tls_messages.h>
16#include <botan/internal/tls_transcript_hash_13.h>
83 std::string_view prf_algo);
204 return (m_state == State::EarlyTraffic || m_state == State::ServerApplicationTraffic ||
205 m_state == State::Completed) &&
206 !m_exporter_master_secret.empty();
212 bool must_expect_unprotected_alert_traffic()
const;
217 bool can_encrypt_application_traffic()
const;
222 bool can_decrypt_application_traffic()
const;
227 std::string hash_algorithm()
const;
236 bool is_compatible_with(
const Ciphersuite& cipher)
const;
259 void clear_read_keys();
264 void clear_write_keys();
274 void advance_without_psk();
277 bool handshake_traffic_secret =
false);
278 void derive_read_traffic_key(
const secure_vector<uint8_t>& traffic_secret,
bool handshake_traffic_secret =
false);
289 std::string_view label,
290 const std::vector<uint8_t>& context,
291 size_t length)
const;
297 std::string_view label,
300 std::vector<uint8_t> empty_hash()
const;
303 enum class State : uint8_t {
308 ServerApplicationTraffic,
314 Connection_Side m_connection_side;
316 std::unique_ptr<AEAD_Mode> m_encrypt;
317 std::unique_ptr<AEAD_Mode> m_decrypt;
319 std::unique_ptr<HKDF_Extract> m_extract;
320 std::unique_ptr<HKDF_Expand> m_expand;
321 std::unique_ptr<HashFunction> m_hash;
333 uint64_t m_write_seq_no;
334 uint64_t m_read_seq_no;
336 uint32_t m_write_key_update_count;
337 uint32_t m_read_key_update_count;
339 uint16_t m_ticket_nonce;
static std::unique_ptr< Cipher_State > init_with_server_hello(Connection_Side side, secure_vector< uint8_t > &&shared_secret, const Ciphersuite &cipher, const Transcript_Hash &transcript_hash, const Secret_Logger &channel)
uint64_t decrypt_record_fragment(const std::vector< uint8_t > &header, secure_vector< uint8_t > &encrypted_fragment)
bool can_export_keys() const
Cipher_State & operator=(Cipher_State &&other)=delete
size_t minimum_decryption_input_length() const
void advance_with_client_finished(const Transcript_Hash &transcript_hash)
bool verify_peer_finished_mac(const Transcript_Hash &transcript_hash, const std::vector< uint8_t > &peer_mac) const
static std::unique_ptr< Cipher_State > init_with_psk(Connection_Side side, PSK_Type type, secure_vector< uint8_t > &&psk, std::string_view prf_algo)
uint64_t encrypt_record_fragment(const std::vector< uint8_t > &header, secure_vector< uint8_t > &fragment)
void advance_with_client_hello(const Transcript_Hash &transcript_hash, const Secret_Logger &channel)
void advance_with_server_finished(const Transcript_Hash &transcript_hash, const Secret_Logger &channel)
Cipher_State(const Cipher_State &other)=delete
secure_vector< uint8_t > psk(const Ticket_Nonce &nonce) const
void advance_with_server_hello(const Ciphersuite &cipher, secure_vector< uint8_t > &&shared_secret, const Transcript_Hash &transcript_hash, const Secret_Logger &channel)
secure_vector< uint8_t > export_key(std::string_view label, std::string_view context, size_t length) const
Cipher_State(Cipher_State &&other)=delete
size_t encrypt_output_length(size_t input_length) const
std::vector< uint8_t > psk_binder_mac(const Transcript_Hash &transcript_hash_with_truncated_client_hello) const
size_t decrypt_output_length(size_t input_length) const
Cipher_State & operator=(const Cipher_State &other)=delete
Ticket_Nonce next_ticket_nonce()
std::vector< uint8_t > finished_mac(const Transcript_Hash &transcript_hash) const
std::vector< uint8_t > Transcript_Hash
Strong< std::vector< uint8_t >, struct Ticket_Nonce_ > Ticket_Nonce
Used to derive the ticket's PSK from the resumption_master_secret.
secure_vector< uint8_t > hkdf_expand_label(std::string_view hash_fn, std::span< const uint8_t > secret, std::string_view label, std::span< const uint8_t > hash_val, size_t length)
std::vector< T, secure_allocator< T > > secure_vector