Botan  2.6.0
Crypto and TLS for C++11
tls_ciphersuite.h
Go to the documentation of this file.
1 /*
2 * TLS Cipher Suites
3 * (C) 2004-2011,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_TLS_CIPHER_SUITES_H_
9 #define BOTAN_TLS_CIPHER_SUITES_H_
10 
11 #include <botan/types.h>
12 #include <botan/tls_algos.h>
13 #include <string>
14 #include <vector>
15 
16 namespace Botan {
17 
18 namespace TLS {
19 
20 /**
21 * Ciphersuite Information
22 */
23 class BOTAN_PUBLIC_API(2,0) Ciphersuite final
24  {
25  public:
26  /**
27  * Convert an SSL/TLS ciphersuite to algorithm fields
28  * @param suite the ciphersuite code number
29  * @return ciphersuite object
30  */
31  static Ciphersuite by_id(uint16_t suite);
32 
33  /**
34  * Returns true iff this suite is a known SCSV
35  */
36  static bool is_scsv(uint16_t suite);
37 
38  /**
39  * Generate a static list of all known ciphersuites and return it.
40  *
41  * @return list of all known ciphersuites
42  */
43  static const std::vector<Ciphersuite>& all_known_ciphersuites();
44 
45  /**
46  * Formats the ciphersuite back to an RFC-style ciphersuite string
47  * @return RFC ciphersuite string identifier
48  */
49  std::string to_string() const { return m_iana_id; }
50 
51  /**
52  * @return ciphersuite number
53  */
54  uint16_t ciphersuite_code() const { return m_ciphersuite_code; }
55 
56  /**
57  * @return true if this is a PSK ciphersuite
58  */
59  bool psk_ciphersuite() const;
60 
61  /**
62  * @return true if this is an ECC ciphersuite
63  */
64  bool ecc_ciphersuite() const;
65 
66  /**
67  * @return true if this suite uses a CBC cipher
68  */
69  bool cbc_ciphersuite() const;
70 
71  bool signature_used() const;
72 
73  /**
74  * @return key exchange algorithm used by this ciphersuite
75  */
76  std::string kex_algo() const { return kex_method_to_string(kex_method()); }
77 
78  Kex_Algo kex_method() const { return m_kex_algo; }
79 
80  /**
81  * @return signature algorithm used by this ciphersuite
82  */
83  std::string sig_algo() const { return auth_method_to_string(auth_method()); }
84 
85  Auth_Method auth_method() const { return m_auth_method; }
86 
87  /**
88  * @return symmetric cipher algorithm used by this ciphersuite
89  */
90  std::string cipher_algo() const { return m_cipher_algo; }
91 
92  /**
93  * @return message authentication algorithm used by this ciphersuite
94  */
95  std::string mac_algo() const { return m_mac_algo; }
96 
97  std::string prf_algo() const
98  {
99  return kdf_algo_to_string(m_prf_algo);
100  }
101 
102  /**
103  * @return cipher key length used by this ciphersuite
104  */
105  size_t cipher_keylen() const { return m_cipher_keylen; }
106 
107  size_t nonce_bytes_from_handshake() const;
108 
109  Nonce_Format nonce_format() const { return m_nonce_format; }
110 
111  size_t mac_keylen() const { return m_mac_keylen; }
112 
113  /**
114  * @return true if this is a valid/known ciphersuite
115  */
116  bool valid() const { return m_usable; }
117 
118  bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }
119  bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }
120 
121  Ciphersuite() = default;
122 
123  private:
124 
125  bool is_usable() const;
126 
127  Ciphersuite(uint16_t ciphersuite_code,
128  const char* iana_id,
129  Auth_Method auth_method,
130  Kex_Algo kex_algo,
131  const char* cipher_algo,
132  size_t cipher_keylen,
133  const char* mac_algo,
134  size_t mac_keylen,
135  KDF_Algo prf_algo,
136  Nonce_Format nonce_format) :
137  m_ciphersuite_code(ciphersuite_code),
138  m_iana_id(iana_id),
139  m_auth_method(auth_method),
140  m_kex_algo(kex_algo),
141  m_prf_algo(prf_algo),
142  m_nonce_format(nonce_format),
143  m_cipher_algo(cipher_algo),
144  m_mac_algo(mac_algo),
145  m_cipher_keylen(cipher_keylen),
146  m_mac_keylen(mac_keylen)
147  {
148  m_usable = is_usable();
149  }
150 
151  uint16_t m_ciphersuite_code = 0;
152 
153  /*
154  All of these const char* strings are references to compile time
155  constants in tls_suite_info.cpp
156  */
157  const char* m_iana_id = nullptr;
158 
159  Auth_Method m_auth_method = Auth_Method::ANONYMOUS;
160  Kex_Algo m_kex_algo = Kex_Algo::STATIC_RSA;
161  KDF_Algo m_prf_algo = KDF_Algo::SHA_1;
162  Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE;
163 
164  const char* m_cipher_algo = nullptr;
165  const char* m_mac_algo = nullptr;
166 
167  size_t m_cipher_keylen = 0;
168  size_t m_mac_keylen = 0;
169 
170  bool m_usable = false;
171  };
172 
173 }
174 
175 }
176 
177 #endif
std::string mac_algo() const
std::string prf_algo() const
std::string kex_algo() const
Auth_Method auth_method() const
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
std::string kex_method_to_string(Kex_Algo method)
Definition: tls_algos.cpp:29
Kex_Algo kex_method() const
Nonce_Format nonce_format() const
uint16_t ciphersuite_code() const
size_t cipher_keylen() const
Definition: alg_id.cpp:13
std::string auth_method_to_string(Auth_Method method)
Definition: tls_algos.cpp:83
std::string to_string() const
std::string sig_algo() const
std::string kdf_algo_to_string(KDF_Algo algo)
Definition: tls_algos.cpp:14
bool operator<(const Ciphersuite &o) const
std::string cipher_algo() const
bool operator<(const uint16_t c) const