Botan 2.19.0
Crypto and TLS for C&
tls_ciphersuite.h
Go to the documentation of this file.
1/*
2* TLS Cipher Suites
3* (C) 2004-2011,2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_TLS_CIPHER_SUITES_H_
9#define BOTAN_TLS_CIPHER_SUITES_H_
10
11#include <botan/types.h>
12#include <botan/tls_algos.h>
13#include <botan/tls_version.h>
14#include <string>
15#include <vector>
16
17namespace Botan {
18
19namespace TLS {
20
21/**
22* Ciphersuite Information
23*/
25 {
26 public:
27 /**
28 * Convert an SSL/TLS ciphersuite to algorithm fields
29 * @param suite the ciphersuite code number
30 * @return ciphersuite object
31 */
32 static Ciphersuite by_id(uint16_t suite);
33
34 /**
35 * Convert an SSL/TLS ciphersuite name to algorithm fields
36 * @param name the IANA name for the desired ciphersuite
37 * @return ciphersuite object
38 */
39 static Ciphersuite from_name(const std::string& name);
40
41 /**
42 * Returns true iff this suite is a known SCSV
43 */
44 static bool is_scsv(uint16_t suite);
45
46 /**
47 * Generate a static list of all known ciphersuites and return it.
48 *
49 * @return list of all known ciphersuites
50 */
51 static const std::vector<Ciphersuite>& all_known_ciphersuites();
52
53 /**
54 * Formats the ciphersuite back to an RFC-style ciphersuite string
55 * @return RFC ciphersuite string identifier
56 */
57 std::string to_string() const { return m_iana_id; }
58
59 /**
60 * @return ciphersuite number
61 */
62 uint16_t ciphersuite_code() const { return m_ciphersuite_code; }
63
64 /**
65 * @return true if this is a PSK ciphersuite
66 */
67 bool psk_ciphersuite() const;
68
69 /**
70 * @return true if this is an ECC ciphersuite
71 */
72 bool ecc_ciphersuite() const;
73
74 /**
75 * @return true if this suite uses a CBC cipher
76 */
77 bool cbc_ciphersuite() const;
78
79 bool signature_used() const;
80
81 /**
82 * @return key exchange algorithm used by this ciphersuite
83 */
84 std::string kex_algo() const { return kex_method_to_string(kex_method()); }
85
86 Kex_Algo kex_method() const { return m_kex_algo; }
87
88 /**
89 * @return signature algorithm used by this ciphersuite
90 */
91 std::string sig_algo() const { return auth_method_to_string(auth_method()); }
92
93 Auth_Method auth_method() const { return m_auth_method; }
94
95 /**
96 * @return symmetric cipher algorithm used by this ciphersuite
97 */
98 std::string cipher_algo() const { return m_cipher_algo; }
99
100 /**
101 * @return message authentication algorithm used by this ciphersuite
102 */
103 std::string mac_algo() const { return m_mac_algo; }
104
105 std::string prf_algo() const
106 {
107 return kdf_algo_to_string(m_prf_algo);
108 }
109
110 /**
111 * @return cipher key length used by this ciphersuite
112 */
113 size_t cipher_keylen() const { return m_cipher_keylen; }
114
115 size_t nonce_bytes_from_handshake() const;
116
117 size_t nonce_bytes_from_record(Protocol_Version version) const;
118
119 Nonce_Format nonce_format() const { return m_nonce_format; }
120
121 size_t mac_keylen() const { return m_mac_keylen; }
122
123 /**
124 * @return true if this is a valid/known ciphersuite
125 */
126 bool valid() const { return m_usable; }
127
128 bool usable_in_version(Protocol_Version version) const;
129
130 bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }
131 bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }
132
133 Ciphersuite() = default;
134
135 private:
136
137 bool is_usable() const;
138
139 Ciphersuite(uint16_t ciphersuite_code,
140 const char* iana_id,
141 Auth_Method auth_method,
142 Kex_Algo kex_algo,
143 const char* cipher_algo,
144 size_t cipher_keylen,
145 const char* mac_algo,
146 size_t mac_keylen,
147 KDF_Algo prf_algo,
148 Nonce_Format nonce_format) :
149 m_ciphersuite_code(ciphersuite_code),
150 m_iana_id(iana_id),
151 m_auth_method(auth_method),
152 m_kex_algo(kex_algo),
153 m_prf_algo(prf_algo),
154 m_nonce_format(nonce_format),
155 m_cipher_algo(cipher_algo),
156 m_mac_algo(mac_algo),
157 m_cipher_keylen(cipher_keylen),
158 m_mac_keylen(mac_keylen)
159 {
160 m_usable = is_usable();
161 }
162
163 uint16_t m_ciphersuite_code = 0;
164
165 /*
166 All of these const char* strings are references to compile time
167 constants in tls_suite_info.cpp
168 */
169 const char* m_iana_id = nullptr;
170
171 Auth_Method m_auth_method = Auth_Method::ANONYMOUS;
172 Kex_Algo m_kex_algo = Kex_Algo::STATIC_RSA;
173 KDF_Algo m_prf_algo = KDF_Algo::SHA_1;
174 Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE;
175
176 const char* m_cipher_algo = nullptr;
177 const char* m_mac_algo = nullptr;
178
179 size_t m_cipher_keylen = 0;
180 size_t m_mac_keylen = 0;
181
182 bool m_usable = false;
183 };
184
185}
186
187}
188
189#endif
uint16_t ciphersuite_code() const
bool operator<(const uint16_t c) const
Auth_Method auth_method() const
Nonce_Format nonce_format() const
std::string to_string() const
size_t cipher_keylen() const
Kex_Algo kex_method() const
std::string kex_algo() const
std::string mac_algo() const
std::string sig_algo() const
std::string prf_algo() const
bool operator<(const Ciphersuite &o) const
std::string cipher_algo() const
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
std::string kdf_algo_to_string(KDF_Algo algo)
Definition: tls_algos.cpp:14
std::string kex_method_to_string(Kex_Algo method)
Definition: tls_algos.cpp:29
std::string auth_method_to_string(Auth_Method method)
Definition: tls_algos.cpp:83
Definition: alg_id.cpp:13