Botan 3.0.0-alpha0
Crypto and TLS for C&
tls_ciphersuite.h
Go to the documentation of this file.
1/*
2* TLS Cipher Suites
3* (C) 2004-2011,2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_TLS_CIPHER_SUITES_H_
9#define BOTAN_TLS_CIPHER_SUITES_H_
10
11#include <botan/types.h>
12#include <botan/tls_algos.h>
13#include <botan/tls_version.h>
14#include <string>
15#include <vector>
16#include <optional>
17
18namespace Botan {
19
20namespace TLS {
21
22/**
23* Ciphersuite Information
24*/
26 {
27 public:
28 /**
29 * Convert an SSL/TLS ciphersuite to algorithm fields
30 * @param suite the ciphersuite code number
31 * @return ciphersuite object or std::nullopt if it is unknown to the library
32 */
33 static std::optional<Ciphersuite> by_id(uint16_t suite);
34
35 /**
36 * Convert an SSL/TLS ciphersuite name to algorithm fields
37 * @param name the IANA name for the desired ciphersuite
38 * @return ciphersuite object or std::nullopt if it is unknown to the library
39 */
40 static std::optional<Ciphersuite> from_name(const std::string& name);
41
42 /**
43 * Returns true iff this suite is a known SCSV
44 */
45 static bool is_scsv(uint16_t suite);
46
47 /**
48 * Generate a static list of all known ciphersuites and return it.
49 *
50 * @return list of all known ciphersuites
51 */
52 static const std::vector<Ciphersuite>& all_known_ciphersuites();
53
54 /**
55 * Formats the ciphersuite back to an RFC-style ciphersuite string
56 * @return RFC ciphersuite string identifier
57 */
58 std::string to_string() const { return (!m_iana_id) ? "unknown cipher suite" : m_iana_id; }
59
60 /**
61 * @return ciphersuite number
62 */
63 uint16_t ciphersuite_code() const { return m_ciphersuite_code; }
64
65 /**
66 * @return true if this is a PSK ciphersuite
67 */
68 bool psk_ciphersuite() const;
69
70 /**
71 * @return true if this is an ECC ciphersuite
72 */
73 bool ecc_ciphersuite() const;
74
75 /**
76 * @return true if this suite uses a CBC cipher
77 */
78 bool cbc_ciphersuite() const;
79
80 bool signature_used() const;
81
82 /**
83 * @return key exchange algorithm used by this ciphersuite
84 */
85 std::string kex_algo() const { return kex_method_to_string(kex_method()); }
86
87 Kex_Algo kex_method() const { return m_kex_algo; }
88
89 /**
90 * @return signature algorithm used by this ciphersuite
91 */
92 std::string sig_algo() const { return auth_method_to_string(auth_method()); }
93
94 Auth_Method auth_method() const { return m_auth_method; }
95
96 /**
97 * @return symmetric cipher algorithm used by this ciphersuite
98 */
99 std::string cipher_algo() const { return m_cipher_algo; }
100
101 /**
102 * @return message authentication algorithm used by this ciphersuite
103 */
104 std::string mac_algo() const { return m_mac_algo; }
105
106 std::string prf_algo() const
107 {
108 return kdf_algo_to_string(m_prf_algo);
109 }
110
111 /**
112 * @return cipher key length used by this ciphersuite
113 */
114 size_t cipher_keylen() const { return m_cipher_keylen; }
115
116 size_t nonce_bytes_from_handshake() const;
117
118 size_t nonce_bytes_from_record(Protocol_Version version) const;
119
120 Nonce_Format nonce_format() const { return m_nonce_format; }
121
122 size_t mac_keylen() const { return m_mac_keylen; }
123
124 /**
125 * @return true if this is a valid/known ciphersuite
126 */
127 bool valid() const { return m_usable; }
128
129 bool usable_in_version(Protocol_Version version) const;
130
131 bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }
132 bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }
133
134 private:
135
136 bool is_usable() const;
137
138 Ciphersuite(uint16_t ciphersuite_code,
139 const char* iana_id,
140 Auth_Method auth_method,
141 Kex_Algo kex_algo,
142 const char* cipher_algo,
143 size_t cipher_keylen,
144 const char* mac_algo,
145 size_t mac_keylen,
146 KDF_Algo prf_algo,
147 Nonce_Format nonce_format) :
148 m_ciphersuite_code(ciphersuite_code),
149 m_iana_id(iana_id),
150 m_auth_method(auth_method),
151 m_kex_algo(kex_algo),
152 m_prf_algo(prf_algo),
153 m_nonce_format(nonce_format),
154 m_cipher_algo(cipher_algo),
155 m_mac_algo(mac_algo),
156 m_cipher_keylen(cipher_keylen),
157 m_mac_keylen(mac_keylen)
158 {
159 m_usable = is_usable();
160 }
161
162 uint16_t m_ciphersuite_code = 0;
163
164 /*
165 All of these const char* strings are references to compile time
166 constants in tls_suite_info.cpp
167 */
168 const char* m_iana_id;
169
170 Auth_Method m_auth_method;
171 Kex_Algo m_kex_algo;
172 KDF_Algo m_prf_algo;
173 Nonce_Format m_nonce_format;
174
175 const char* m_cipher_algo;
176 const char* m_mac_algo;
177
178 size_t m_cipher_keylen;
179 size_t m_mac_keylen;
180
181 bool m_usable = false;
182 };
183
184}
185
186}
187
188#endif
uint16_t ciphersuite_code() const
bool operator<(const uint16_t c) const
Auth_Method auth_method() const
Nonce_Format nonce_format() const
std::string to_string() const
size_t cipher_keylen() const
Kex_Algo kex_method() const
std::string kex_algo() const
std::string mac_algo() const
std::string sig_algo() const
std::string prf_algo() const
bool operator<(const Ciphersuite &o) const
std::string cipher_algo() const
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
std::string kdf_algo_to_string(KDF_Algo algo)
Definition: tls_algos.cpp:14
std::string kex_method_to_string(Kex_Algo method)
Definition: tls_algos.cpp:29
std::string auth_method_to_string(Auth_Method method)
Definition: tls_algos.cpp:78
Definition: alg_id.cpp:13