Botan 3.5.0
Crypto and TLS for C&
tls_ciphersuite.h
Go to the documentation of this file.
1/*
2* TLS Cipher Suites
3* (C) 2004-2011,2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_TLS_CIPHER_SUITES_H_
9#define BOTAN_TLS_CIPHER_SUITES_H_
10
11#include <botan/tls_algos.h>
12#include <botan/tls_version.h>
13#include <botan/types.h>
14#include <optional>
15#include <string>
16#include <vector>
17
18namespace Botan::TLS {
19
20/**
21* Ciphersuite Information
22*/
24 public:
25 /**
26 * Convert an SSL/TLS ciphersuite to algorithm fields
27 * @param suite the ciphersuite code number
28 * @return ciphersuite object or std::nullopt if it is unknown to the library
29 */
30 static std::optional<Ciphersuite> by_id(uint16_t suite);
31
32 /**
33 * Convert an SSL/TLS ciphersuite name to algorithm fields
34 * @param name the IANA name for the desired ciphersuite
35 * @return ciphersuite object or std::nullopt if it is unknown to the library
36 */
37 static std::optional<Ciphersuite> from_name(std::string_view name);
38
39 /**
40 * Returns true iff this suite is a known SCSV
41 */
42 static bool is_scsv(uint16_t suite);
43
44 /**
45 * Generate a static list of all known ciphersuites and return it.
46 *
47 * @return list of all known ciphersuites
48 */
49 static const std::vector<Ciphersuite>& all_known_ciphersuites();
50
51 /**
52 * Formats the ciphersuite back to an RFC-style ciphersuite string
53 * @return RFC ciphersuite string identifier
54 */
55 std::string to_string() const { return (!m_iana_id) ? "unknown cipher suite" : m_iana_id; }
56
57 /**
58 * @return ciphersuite number
59 */
60 uint16_t ciphersuite_code() const { return m_ciphersuite_code; }
61
62 /**
63 * @return true if this is a PSK ciphersuite
64 */
65 bool psk_ciphersuite() const;
66
67 /**
68 * @return true if this is an ECC ciphersuite
69 */
70 bool ecc_ciphersuite() const;
71
72 /**
73 * @return true if this suite uses a CBC cipher
74 */
75 bool cbc_ciphersuite() const;
76
77 /**
78 * @return true if this suite uses a AEAD cipher
79 */
80 bool aead_ciphersuite() const;
81
82 bool signature_used() const;
83
84 /**
85 * @return key exchange algorithm used by this ciphersuite
86 */
87 std::string kex_algo() const { return kex_method_to_string(kex_method()); }
88
89 Kex_Algo kex_method() const { return m_kex_algo; }
90
91 /**
92 * @return signature algorithm used by this ciphersuite
93 */
94 std::string sig_algo() const { return auth_method_to_string(auth_method()); }
95
96 Auth_Method auth_method() const { return m_auth_method; }
97
98 /**
99 * @return symmetric cipher algorithm used by this ciphersuite
100 */
101 std::string cipher_algo() const { return m_cipher_algo; }
102
103 /**
104 * @return message authentication algorithm used by this ciphersuite
105 */
106 std::string mac_algo() const { return m_mac_algo; }
107
108 std::string prf_algo() const { return kdf_algo_to_string(m_prf_algo); }
109
110 /**
111 * @return cipher key length used by this ciphersuite
112 */
113 size_t cipher_keylen() const { return m_cipher_keylen; }
114
115 size_t nonce_bytes_from_handshake() const;
116
117 size_t nonce_bytes_from_record(Protocol_Version version) const;
118
119 Nonce_Format nonce_format() const { return m_nonce_format; }
120
121 size_t mac_keylen() const { return m_mac_keylen; }
122
123 /**
124 * @return true if this is a valid/known ciphersuite
125 */
126 bool valid() const { return m_usable; }
127
128 bool usable_in_version(Protocol_Version version) const;
129
130 bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }
131
132 bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }
133
134 private:
135 bool is_usable() const;
136
137 Ciphersuite(uint16_t ciphersuite_code,
138 const char* iana_id,
139 Auth_Method auth_method,
140 Kex_Algo kex_algo,
141 const char* cipher_algo,
142 size_t cipher_keylen,
143 const char* mac_algo,
144 size_t mac_keylen,
145 KDF_Algo prf_algo,
146 Nonce_Format nonce_format) :
147 m_ciphersuite_code(ciphersuite_code),
148 m_iana_id(iana_id),
149 m_auth_method(auth_method),
150 m_kex_algo(kex_algo),
151 m_prf_algo(prf_algo),
152 m_nonce_format(nonce_format),
153 m_cipher_algo(cipher_algo),
154 m_mac_algo(mac_algo),
155 m_cipher_keylen(cipher_keylen),
156 m_mac_keylen(mac_keylen) {
157 m_usable = is_usable();
158 }
159
160 uint16_t m_ciphersuite_code = 0;
161
162 /*
163 All of these const char* strings are references to compile time
164 constants in tls_suite_info.cpp
165 */
166 const char* m_iana_id;
167
168 Auth_Method m_auth_method;
169 Kex_Algo m_kex_algo;
170 KDF_Algo m_prf_algo;
171 Nonce_Format m_nonce_format;
172
173 const char* m_cipher_algo;
174 const char* m_mac_algo;
175
176 size_t m_cipher_keylen;
177 size_t m_mac_keylen;
178
179 bool m_usable = false;
180};
181
182} // namespace Botan::TLS
183
184#endif
uint16_t ciphersuite_code() const
bool operator<(const uint16_t c) const
Auth_Method auth_method() const
Nonce_Format nonce_format() const
std::string to_string() const
Kex_Algo kex_method() const
std::string kex_algo() const
std::string mac_algo() const
std::string sig_algo() const
std::string prf_algo() const
bool operator<(const Ciphersuite &o) const
std::string cipher_algo() const
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
std::string kdf_algo_to_string(KDF_Algo algo)
Definition tls_algos.cpp:15
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:28
std::string auth_method_to_string(Auth_Method method)