doxygen/tls__ciphersuite_8h_source.html

/*

* TLS Cipher Suites

* (C) 2004-2011,2012 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_TLS_CIPHER_SUITES_H_

#define BOTAN_TLS_CIPHER_SUITES_H_


#include <botan/tls_algos.h>

#include <botan/tls_version.h>

#include <botan/types.h>

#include <optional>

#include <string>

#include <vector>


namespace Botan::TLS {


/**

* Ciphersuite Information

*/


class BOTAN_PUBLIC_API(2, 0) Ciphersuite final {

   public:

      /**

      * Convert an SSL/TLS ciphersuite to algorithm fields

      * @param suite the ciphersuite code number

      * @return ciphersuite object or std::nullopt if it is unknown to the library

      */

      static std::optional<Ciphersuite> by_id(uint16_t suite);


      /**

      * Convert an SSL/TLS ciphersuite name to algorithm fields

      * @param name the IANA name for the desired ciphersuite

      * @return ciphersuite object or std::nullopt if it is unknown to the library

      */

      static std::optional<Ciphersuite> from_name(std::string_view name);


      /**

      * Returns true iff this suite is a known SCSV

      */

      static bool is_scsv(uint16_t suite);


      /**

      * Generate a static list of all known ciphersuites and return it.

      *

      * @return list of all known ciphersuites

      */

      static const std::vector<Ciphersuite>& all_known_ciphersuites();


      /**

      * Formats the ciphersuite back to an RFC-style ciphersuite string

      * @return RFC ciphersuite string identifier

      */

      std::string to_string() const { return (!m_iana_id) ? "unknown cipher suite" : m_iana_id; }


      /**

      * @return ciphersuite number

      */

      uint16_t ciphersuite_code() const { return m_ciphersuite_code; }


      /**

      * @return true if this is a PSK ciphersuite

      */

      bool psk_ciphersuite() const;


      /**

      * @return true if this is an ECC ciphersuite

      */

      bool ecc_ciphersuite() const;


      /**

       * @return true if this suite uses a CBC cipher

       */

      bool cbc_ciphersuite() const;


      /**

       * @return true if this suite uses a AEAD cipher

       */

      bool aead_ciphersuite() const;


      bool signature_used() const;


      /**

      * @return key exchange algorithm used by this ciphersuite

      */

      std::string kex_algo() const { return kex_method_to_string(kex_method()); }


      Kex_Algo kex_method() const { return m_kex_algo; }


      /**

      * @return signature algorithm used by this ciphersuite

      */

      std::string sig_algo() const { return auth_method_to_string(auth_method()); }


      Auth_Method auth_method() const { return m_auth_method; }


      /**

      * @return symmetric cipher algorithm used by this ciphersuite

      */

      std::string cipher_algo() const { return m_cipher_algo; }


      /**

      * @return message authentication algorithm used by this ciphersuite

      */

      std::string mac_algo() const { return m_mac_algo; }


      std::string prf_algo() const { return kdf_algo_to_string(m_prf_algo); }


      /**

      * @return cipher key length used by this ciphersuite

      */

      size_t cipher_keylen() const { return m_cipher_keylen; }


      size_t nonce_bytes_from_handshake() const;


      size_t nonce_bytes_from_record(Protocol_Version version) const;


      Nonce_Format nonce_format() const { return m_nonce_format; }


      size_t mac_keylen() const { return m_mac_keylen; }


      /**

      * @return true if this is a valid/known ciphersuite

      */

      bool valid() const { return m_usable; }


      bool usable_in_version(Protocol_Version version) const;


      bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }


      bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }


   private:

      bool is_usable() const;


      Ciphersuite(uint16_t ciphersuite_code,

                  const char* iana_id,

                  Auth_Method auth_method,

                  Kex_Algo kex_algo,

                  const char* cipher_algo,

                  size_t cipher_keylen,

                  const char* mac_algo,

                  size_t mac_keylen,

                  KDF_Algo prf_algo,

                  Nonce_Format nonce_format) :

            m_ciphersuite_code(ciphersuite_code),

            m_iana_id(iana_id),

            m_auth_method(auth_method),

            m_kex_algo(kex_algo),

            m_prf_algo(prf_algo),

            m_nonce_format(nonce_format),

            m_cipher_algo(cipher_algo),

            m_mac_algo(mac_algo),

            m_cipher_keylen(cipher_keylen),

            m_mac_keylen(mac_keylen) {

         m_usable = is_usable();

      }


      uint16_t m_ciphersuite_code = 0;


      /*

      All of these const char* strings are references to compile time

      constants in tls_suite_info.cpp

      */

      const char* m_iana_id;


      Auth_Method m_auth_method;

      Kex_Algo m_kex_algo;

      KDF_Algo m_prf_algo;

      Nonce_Format m_nonce_format;


      const char* m_cipher_algo;

      const char* m_mac_algo;


      size_t m_cipher_keylen;

      size_t m_mac_keylen;


      bool m_usable = false;

};


}  // namespace Botan::TLS


#endif

Botan::TLS::Ciphersuite
Definition tls_ciphersuite.h:23

Botan::TLS::Ciphersuite::ciphersuite_code
uint16_t ciphersuite_code() const
Definition tls_ciphersuite.h:60

Botan::TLS::Ciphersuite::operator<
bool operator<(const uint16_t c) const
Definition tls_ciphersuite.h:132

Botan::TLS::Ciphersuite::valid
bool valid() const
Definition tls_ciphersuite.h:126

Botan::TLS::Ciphersuite::auth_method
Auth_Method auth_method() const
Definition tls_ciphersuite.h:96

Botan::TLS::Ciphersuite::nonce_format
Nonce_Format nonce_format() const
Definition tls_ciphersuite.h:119

Botan::TLS::Ciphersuite::to_string
std::string to_string() const
Definition tls_ciphersuite.h:55

Botan::TLS::Ciphersuite::mac_keylen
size_t mac_keylen() const
Definition tls_ciphersuite.h:121

Botan::TLS::Ciphersuite::cipher_keylen
size_t cipher_keylen() const
Definition tls_ciphersuite.h:113

Botan::TLS::Ciphersuite::kex_method
Kex_Algo kex_method() const
Definition tls_ciphersuite.h:89

Botan::TLS::Ciphersuite::kex_algo
std::string kex_algo() const
Definition tls_ciphersuite.h:87

Botan::TLS::Ciphersuite::mac_algo
std::string mac_algo() const
Definition tls_ciphersuite.h:106

Botan::TLS::Ciphersuite::sig_algo
std::string sig_algo() const
Definition tls_ciphersuite.h:94

Botan::TLS::Ciphersuite::prf_algo
std::string prf_algo() const
Definition tls_ciphersuite.h:108

Botan::TLS::Ciphersuite::operator<
bool operator<(const Ciphersuite &o) const
Definition tls_ciphersuite.h:130

Botan::TLS::Ciphersuite::cipher_algo
std::string cipher_algo() const
Definition tls_ciphersuite.h:101

Botan::TLS::Protocol_Version
Definition tls_version.h:29

name
std::string name
Definition commoncrypto_hash.cpp:24

final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29

BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31

Botan::TLS
Definition msg_cert_req.cpp:19

Botan::TLS::KDF_Algo
KDF_Algo
Definition tls_algos.h:49

Botan::TLS::kdf_algo_to_string
std::string kdf_algo_to_string(KDF_Algo algo)
Definition tls_algos.cpp:15

Botan::TLS::Kex_Algo
Kex_Algo
Definition tls_algos.h:245

Botan::TLS::kex_method_to_string
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:28

Botan::TLS::auth_method_to_string
std::string auth_method_to_string(Auth_Method method)
Definition tls_algos.cpp:105

Botan::TLS::Auth_Method
Auth_Method
Definition tls_algos.h:65

Botan::TLS::Nonce_Format
Nonce_Format
Definition tls_algos.h:57