Botan 3.0.0
Crypto and TLS for C&
tls_ciphersuite.cpp
Go to the documentation of this file.
1/*
2* TLS Cipher Suite
3* (C) 2004-2010,2012,2013 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/tls_ciphersuite.h>
9#include <botan/exceptn.h>
10#include <botan/internal/parsing.h>
11#include <botan/block_cipher.h>
12#include <botan/stream_cipher.h>
13#include <botan/hash.h>
14#include <algorithm>
15
16namespace Botan::TLS {
17
18size_t Ciphersuite::nonce_bytes_from_handshake() const
19 {
20 switch(m_nonce_format)
21 {
22 case Nonce_Format::CBC_MODE:
23 {
24 if(cipher_algo() == "3DES")
25 return 8;
26 else
27 return 16;
28 }
29 case Nonce_Format::AEAD_IMPLICIT_4:
30 return 4;
31 case Nonce_Format::AEAD_XOR_12:
32 return 12;
33 }
34
35 throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
36 }
37
38size_t Ciphersuite::nonce_bytes_from_record(Protocol_Version version) const
39 {
40 BOTAN_UNUSED(version);
41 switch(m_nonce_format)
42 {
43 case Nonce_Format::CBC_MODE:
44 return cipher_algo() == "3DES" ? 8 : 16;
45 case Nonce_Format::AEAD_IMPLICIT_4:
46 return 8;
47 case Nonce_Format::AEAD_XOR_12:
48 return 0;
49 }
50
51 throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
52 }
53
54bool Ciphersuite::is_scsv(uint16_t suite)
55 {
56 // TODO: derive from IANA file in script
57 return (suite == 0x00FF || suite == 0x5600);
58 }
59
60bool Ciphersuite::psk_ciphersuite() const
61 {
62 return kex_method() == Kex_Algo::PSK ||
63 kex_method() == Kex_Algo::ECDHE_PSK;
64 }
65
66bool Ciphersuite::ecc_ciphersuite() const
67 {
68 return kex_method() == Kex_Algo::ECDH ||
69 kex_method() == Kex_Algo::ECDHE_PSK ||
70 auth_method() == Auth_Method::ECDSA;
71 }
72
73bool Ciphersuite::usable_in_version(Protocol_Version version) const
74 {
75 // RFC 8446 B.4.:
76 // Although TLS 1.3 uses the same cipher suite space as previous
77 // versions of TLS, TLS 1.3 cipher suites are defined differently, only
78 // specifying the symmetric ciphers, and cannot be used for TLS 1.2.
79 // Similarly, cipher suites for TLS 1.2 and lower cannot be used with
80 // TLS 1.3.
81 //
82 // Currently cipher suite codes {0x13,0x01} through {0x13,0x05} are
83 // allowed for TLS 1.3. This may change in the future.
84 const auto is_legacy_suite = (ciphersuite_code() & 0xFF00) != 0x1300;
85 return version.is_pre_tls_13() == is_legacy_suite;
86 }
87
88bool Ciphersuite::cbc_ciphersuite() const
89 {
90 return (mac_algo() != "AEAD");
91 }
92
93bool Ciphersuite::signature_used() const
94 {
95 return auth_method() != Auth_Method::IMPLICIT;
96 }
97
98std::optional<Ciphersuite> Ciphersuite::by_id(uint16_t suite)
99 {
100 const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
101 auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite);
102
103 if(s != all_suites.end() && s->ciphersuite_code() == suite)
104 {
105 return *s;
106 }
107
108 return std::nullopt; // some unknown ciphersuite
109 }
110
111std::optional<Ciphersuite> Ciphersuite::from_name(std::string_view name)
112 {
113 const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
114
115 for(auto suite : all_suites)
116 {
117 if(suite.to_string() == name)
118 return suite;
119 }
120
121 return std::nullopt; // some unknown ciphersuite
122 }
123
124namespace {
125
126bool have_hash(std::string_view prf)
127 {
128 return (!HashFunction::providers(prf).empty());
129 }
130
131bool have_cipher(std::string_view cipher)
132 {
133 return (!BlockCipher::providers(cipher).empty()) ||
134 (!StreamCipher::providers(cipher).empty());
135 }
136
137}
138
139bool Ciphersuite::is_usable() const
140 {
141 if(!m_cipher_keylen) // uninitialized object
142 return false;
143
144 if(!have_hash(prf_algo()))
145 return false;
146
147#if !defined(BOTAN_HAS_TLS_CBC)
148 if(cbc_ciphersuite())
149 return false;
150#endif
151
152 if(mac_algo() == "AEAD")
153 {
154 if(cipher_algo() == "ChaCha20Poly1305")
155 {
156#if !defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
157 return false;
158#endif
159 }
160 else
161 {
162 auto cipher_and_mode = split_on(cipher_algo(), '/');
163 BOTAN_ASSERT(cipher_and_mode.size() == 2, "Expected format for AEAD algo");
164 if(!have_cipher(cipher_and_mode[0]))
165 return false;
166
167 const auto mode = cipher_and_mode[1];
168
169#if !defined(BOTAN_HAS_AEAD_CCM)
170 if(mode == "CCM" || mode == "CCM-8")
171 return false;
172#endif
173
174#if !defined(BOTAN_HAS_AEAD_GCM)
175 if(mode == "GCM")
176 return false;
177#endif
178
179#if !defined(BOTAN_HAS_AEAD_OCB)
180 if(mode == "OCB(12)" || mode == "OCB")
181 return false;
182#endif
183 }
184 }
185 else
186 {
187 // Old non-AEAD schemes
188 if(!have_cipher(cipher_algo()))
189 return false;
190 if(!have_hash(mac_algo())) // HMAC
191 return false;
192 }
193
194 if(kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK)
195 {
196#if !defined(BOTAN_HAS_ECDH)
197 return false;
198#endif
199 }
200 else if(kex_method() == Kex_Algo::DH)
201 {
202#if !defined(BOTAN_HAS_DIFFIE_HELLMAN)
203 return false;
204#endif
205 }
206
207 if(auth_method() == Auth_Method::ECDSA)
208 {
209#if !defined(BOTAN_HAS_ECDSA)
210 return false;
211#endif
212 }
213 else if(auth_method() == Auth_Method::RSA)
214 {
215#if !defined(BOTAN_HAS_RSA)
216 return false;
217#endif
218 }
219
220 return true;
221 }
222
223}
224
BOTAN_UNUSED
#define BOTAN_UNUSED(...)
Definition: assert.h:141
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54
Botan::BlockCipher::providers
static std::vector< std::string > providers(std::string_view algo_spec)
Definition: block_cipher.cpp:293
Botan::HashFunction::providers
static std::vector< std::string > providers(std::string_view algo_spec)
Definition: hash.cpp:330
Botan::Invalid_State
Definition: exceptn.h:213
Botan::StreamCipher::providers
static std::vector< std::string > providers(std::string_view algo_spec)
Definition: stream_cipher.cpp:141
Botan::TLS::Ciphersuite::ciphersuite_code
uint16_t ciphersuite_code() const
Definition: tls_ciphersuite.h:63
Botan::TLS::Ciphersuite::nonce_bytes_from_record
size_t nonce_bytes_from_record(Protocol_Version version) const
Definition: tls_ciphersuite.cpp:38
Botan::TLS::Ciphersuite::all_known_ciphersuites
static const std::vector< Ciphersuite > & all_known_ciphersuites()
Definition: tls_suite_info.cpp:16
Botan::TLS::Ciphersuite::auth_method
Auth_Method auth_method() const
Definition: tls_ciphersuite.h:94
Botan::TLS::Ciphersuite::usable_in_version
bool usable_in_version(Protocol_Version version) const
Definition: tls_ciphersuite.cpp:73
Botan::TLS::Ciphersuite::from_name
static std::optional< Ciphersuite > from_name(std::string_view name)
Definition: tls_ciphersuite.cpp:111
Botan::TLS::Ciphersuite::nonce_bytes_from_handshake
size_t nonce_bytes_from_handshake() const
Definition: tls_ciphersuite.cpp:18
Botan::TLS::Ciphersuite::is_scsv
static bool is_scsv(uint16_t suite)
Definition: tls_ciphersuite.cpp:54
Botan::TLS::Ciphersuite::by_id
static std::optional< Ciphersuite > by_id(uint16_t suite)
Definition: tls_ciphersuite.cpp:98
Botan::TLS::Ciphersuite::kex_method
Kex_Algo kex_method() const
Definition: tls_ciphersuite.h:87
Botan::TLS::Ciphersuite::mac_algo
std::string mac_algo() const
Definition: tls_ciphersuite.h:104
Botan::TLS::Ciphersuite::prf_algo
std::string prf_algo() const
Definition: tls_ciphersuite.h:106
Botan::TLS::Ciphersuite::cipher_algo
std::string cipher_algo() const
Definition: tls_ciphersuite.h:99
Botan::TLS::Protocol_Version
Definition: tls_version.h:32
Botan::TLS::Protocol_Version::is_pre_tls_13
bool is_pre_tls_13() const
Definition: tls_version.cpp:38
name
std::string name
Definition: commoncrypto_hash.cpp:24
Botan::split_on
std::vector< std::string > split_on(std::string_view str, char delim)
Definition: parsing.cpp:117
Generated by doxygen 1.9.6