Botan 3.12.0
Crypto and TLS for C&
tls_ciphersuite.cpp
Go to the documentation of this file.
1/*
2* TLS Cipher Suite
3* (C) 2004-2010,2012,2013 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/tls_ciphersuite.h>
9
10#include <botan/assert.h>
11#include <botan/exceptn.h>
12#include <algorithm>
13
14namespace Botan::TLS {
15
16size_t Ciphersuite::nonce_bytes_from_handshake() const {
17 switch(m_nonce_format) {
18 case Nonce_Format::CBC_MODE:
19 return 0;
20 case Nonce_Format::AEAD_IMPLICIT_4:
21 return 4;
22 case Nonce_Format::AEAD_XOR_12:
23 return 12;
24 case Nonce_Format::NULL_CIPHER:
25 return 0;
26 }
27
28 throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
29}
30
31size_t Ciphersuite::nonce_bytes_from_record(Protocol_Version version) const {
32 BOTAN_UNUSED(version);
33 switch(m_nonce_format) {
34 case Nonce_Format::CBC_MODE:
35 return cipher_algo() == "3DES" ? 8 : 16;
36 case Nonce_Format::AEAD_IMPLICIT_4:
37 return 8;
38 case Nonce_Format::AEAD_XOR_12:
39 case Nonce_Format::NULL_CIPHER:
40 return 0;
41 }
42
43 throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
44}
45
46bool Ciphersuite::is_scsv(uint16_t suite) {
47 // Both signaling cipher suite values - skip them when iterating
48 // negotiable ciphersuites. The two callers are:
49 //
50 // - 0x00FF: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (RFC 5746). Consumed by
51 // Client_Hello_12::Client_Hello_12 to set secure_renegotiation when
52 // the renegotiation_info extension is absent.
53 //
54 // - 0x5600: TLS_FALLBACK_SCSV (RFC 7507). Recognized so it is filtered
55 // out of negotiation, but the inappropriate_fallback enforcement is
56 // intentionally not implemented:
57 // * Botan does not support TLS 1.0 / 1.1, so the 1.2 -> 1.0/1.1
58 // fallback that SCSV was originally designed to detect cannot
59 // occur here.
60 // * The 1.3 -> 1.2 downgrade is already protected by the
61 // ServerHello.random sentinel (RFC 8446 4.1.3, DOWNGRADE_TLS12),
62 // which Botan's TLS 1.3 client enforces at
63 // tls_client_impl_13.cpp via random_signals_downgrade().
64 //
65 // TODO: derive from IANA file in script
66 return (suite == 0x00FF || suite == 0x5600);
67}
68
72
76
77bool Ciphersuite::usable_in_version(Protocol_Version version) const {
78 // RFC 8446 B.4.:
79 // Although TLS 1.3 uses the same cipher suite space as previous
80 // versions of TLS, TLS 1.3 cipher suites are defined differently, only
81 // specifying the symmetric ciphers, and cannot be used for TLS 1.2.
82 // Similarly, cipher suites for TLS 1.2 and lower cannot be used with
83 // TLS 1.3.
84 //
85 // Currently cipher suite codes {0x13,0x01} through {0x13,0x05} are
86 // allowed for TLS 1.3. This may change in the future.
87 const auto is_legacy_suite = (ciphersuite_code() & 0xFF00) != 0x1300;
88 return version.is_pre_tls_13() == is_legacy_suite;
89}
90
91bool Ciphersuite::cbc_ciphersuite() const {
92 return (mac_algo() != "AEAD" && cipher_algo() != "NULL");
93}
94
95bool Ciphersuite::null_ciphersuite() const {
96 return (cipher_algo() == "NULL");
97}
98
99bool Ciphersuite::aead_ciphersuite() const {
100 return (mac_algo() == "AEAD");
101}
102
106
110
111std::optional<Ciphersuite> Ciphersuite::by_id(uint16_t suite) {
112 const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
113 auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite);
114
115 if(s != all_suites.end() && s->ciphersuite_code() == suite) {
116 return *s;
117 }
118
119 return std::nullopt; // some unknown ciphersuite
120}
121
122std::optional<Ciphersuite> Ciphersuite::from_name(std::string_view name) {
123 const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
124
125 for(const auto& suite : all_suites) {
126 if(suite.to_string() == name) {
127 return suite;
128 }
129 }
130
131 return std::nullopt; // some unknown ciphersuite
132}
133
134} // namespace Botan::TLS
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
Botan::Invalid_State
Definition exceptn.h:207
Botan::TLS::Ciphersuite::ciphersuite_code
uint16_t ciphersuite_code() const
Definition tls_ciphersuite.h:62
Botan::TLS::Ciphersuite::nonce_bytes_from_record
size_t nonce_bytes_from_record(Protocol_Version version) const
Definition tls_ciphersuite.cpp:31
Botan::TLS::Ciphersuite::all_known_ciphersuites
static const std::vector< Ciphersuite > & all_known_ciphersuites()
Definition tls_suite_info.cpp:344
Botan::TLS::Ciphersuite::auth_method
Auth_Method auth_method() const
Definition tls_ciphersuite.h:111
Botan::TLS::Ciphersuite::usable_in_version
bool usable_in_version(Protocol_Version version) const
Definition tls_ciphersuite.cpp:77
Botan::TLS::Ciphersuite::from_name
static std::optional< Ciphersuite > from_name(std::string_view name)
Definition tls_ciphersuite.cpp:122
Botan::TLS::Ciphersuite::nonce_bytes_from_handshake
size_t nonce_bytes_from_handshake() const
Definition tls_ciphersuite.cpp:16
Botan::TLS::Ciphersuite::is_scsv
static bool is_scsv(uint16_t suite)
Definition tls_ciphersuite.cpp:46
Botan::TLS::Ciphersuite::by_id
static std::optional< Ciphersuite > by_id(uint16_t suite)
Definition tls_ciphersuite.cpp:111
Botan::TLS::Ciphersuite::kex_method
Kex_Algo kex_method() const
Definition tls_ciphersuite.h:104
Botan::TLS::Ciphersuite::mac_algo
std::string mac_algo() const
Definition tls_ciphersuite.h:121
Botan::TLS::Ciphersuite::cipher_algo
std::string cipher_algo() const
Definition tls_ciphersuite.h:116
Botan::TLS::Protocol_Version
Definition tls_version.h:34
Botan::TLS::Protocol_Version::is_pre_tls_13
bool is_pre_tls_13() const
Definition tls_version.cpp:58
Generated by doxygen 1.16.1