Botan  2.12.1
Crypto and TLS for C++11
tls_ciphersuite.h
Go to the documentation of this file.
1 /*
2 * TLS Cipher Suites
3 * (C) 2004-2011,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_TLS_CIPHER_SUITES_H_
9 #define BOTAN_TLS_CIPHER_SUITES_H_
10 
11 #include <botan/types.h>
12 #include <botan/tls_algos.h>
13 #include <botan/tls_version.h>
14 #include <string>
15 #include <vector>
16 
17 namespace Botan {
18 
19 namespace TLS {
20 
21 /**
22 * Ciphersuite Information
23 */
25  {
26  public:
27  /**
28  * Convert an SSL/TLS ciphersuite to algorithm fields
29  * @param suite the ciphersuite code number
30  * @return ciphersuite object
31  */
32  static Ciphersuite by_id(uint16_t suite);
33 
34  /**
35  * Convert an SSL/TLS ciphersuite name to algorithm fields
36  * @param name the IANA name for the desired ciphersuite
37  * @return ciphersuite object
38  */
39  static Ciphersuite from_name(const std::string& name);
40 
41  /**
42  * Returns true iff this suite is a known SCSV
43  */
44  static bool is_scsv(uint16_t suite);
45 
46  /**
47  * Generate a static list of all known ciphersuites and return it.
48  *
49  * @return list of all known ciphersuites
50  */
51  static const std::vector<Ciphersuite>& all_known_ciphersuites();
52 
53  /**
54  * Formats the ciphersuite back to an RFC-style ciphersuite string
55  * @return RFC ciphersuite string identifier
56  */
57  std::string to_string() const { return m_iana_id; }
58 
59  /**
60  * @return ciphersuite number
61  */
62  uint16_t ciphersuite_code() const { return m_ciphersuite_code; }
63 
64  /**
65  * @return true if this is a PSK ciphersuite
66  */
67  bool psk_ciphersuite() const;
68 
69  /**
70  * @return true if this is an ECC ciphersuite
71  */
72  bool ecc_ciphersuite() const;
73 
74  /**
75  * @return true if this suite uses a CBC cipher
76  */
77  bool cbc_ciphersuite() const;
78 
79  bool signature_used() const;
80 
81  /**
82  * @return key exchange algorithm used by this ciphersuite
83  */
84  std::string kex_algo() const { return kex_method_to_string(kex_method()); }
85 
86  Kex_Algo kex_method() const { return m_kex_algo; }
87 
88  /**
89  * @return signature algorithm used by this ciphersuite
90  */
91  std::string sig_algo() const { return auth_method_to_string(auth_method()); }
92 
93  Auth_Method auth_method() const { return m_auth_method; }
94 
95  /**
96  * @return symmetric cipher algorithm used by this ciphersuite
97  */
98  std::string cipher_algo() const { return m_cipher_algo; }
99 
100  /**
101  * @return message authentication algorithm used by this ciphersuite
102  */
103  std::string mac_algo() const { return m_mac_algo; }
104 
105  std::string prf_algo() const
106  {
107  return kdf_algo_to_string(m_prf_algo);
108  }
109 
110  /**
111  * @return cipher key length used by this ciphersuite
112  */
113  size_t cipher_keylen() const { return m_cipher_keylen; }
114 
115  size_t nonce_bytes_from_handshake() const;
116 
117  size_t nonce_bytes_from_record(Protocol_Version version) const;
118 
119  Nonce_Format nonce_format() const { return m_nonce_format; }
120 
121  size_t mac_keylen() const { return m_mac_keylen; }
122 
123  /**
124  * @return true if this is a valid/known ciphersuite
125  */
126  bool valid() const { return m_usable; }
127 
128  bool usable_in_version(Protocol_Version version) const;
129 
130  bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }
131  bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }
132 
133  Ciphersuite() = default;
134 
135  private:
136 
137  bool is_usable() const;
138 
139  Ciphersuite(uint16_t ciphersuite_code,
140  const char* iana_id,
141  Auth_Method auth_method,
142  Kex_Algo kex_algo,
143  const char* cipher_algo,
144  size_t cipher_keylen,
145  const char* mac_algo,
146  size_t mac_keylen,
147  KDF_Algo prf_algo,
148  Nonce_Format nonce_format) :
149  m_ciphersuite_code(ciphersuite_code),
150  m_iana_id(iana_id),
151  m_auth_method(auth_method),
152  m_kex_algo(kex_algo),
153  m_prf_algo(prf_algo),
154  m_nonce_format(nonce_format),
155  m_cipher_algo(cipher_algo),
156  m_mac_algo(mac_algo),
157  m_cipher_keylen(cipher_keylen),
158  m_mac_keylen(mac_keylen)
159  {
160  m_usable = is_usable();
161  }
162 
163  uint16_t m_ciphersuite_code = 0;
164 
165  /*
166  All of these const char* strings are references to compile time
167  constants in tls_suite_info.cpp
168  */
169  const char* m_iana_id = nullptr;
170 
171  Auth_Method m_auth_method = Auth_Method::ANONYMOUS;
172  Kex_Algo m_kex_algo = Kex_Algo::STATIC_RSA;
173  KDF_Algo m_prf_algo = KDF_Algo::SHA_1;
174  Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE;
175 
176  const char* m_cipher_algo = nullptr;
177  const char* m_mac_algo = nullptr;
178 
179  size_t m_cipher_keylen = 0;
180  size_t m_mac_keylen = 0;
181 
182  bool m_usable = false;
183  };
184 
185 }
186 
187 }
188 
189 #endif
std::string mac_algo() const
std::string prf_algo() const
std::string kex_algo() const
Auth_Method auth_method() const
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
std::string kex_method_to_string(Kex_Algo method)
Definition: tls_algos.cpp:29
Kex_Algo kex_method() const
Nonce_Format nonce_format() const
uint16_t ciphersuite_code() const
size_t cipher_keylen() const
std::string name
Definition: alg_id.cpp:13
std::string auth_method_to_string(Auth_Method method)
Definition: tls_algos.cpp:83
std::string to_string() const
std::string sig_algo() const
std::string kdf_algo_to_string(KDF_Algo algo)
Definition: tls_algos.cpp:14
bool operator<(const Ciphersuite &o) const
std::string cipher_algo() const
bool operator<(const uint16_t c) const