Coverage Report

Created: 2020-05-23 13:54

/src/botan/build/include/botan/tls_ciphersuite.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
* TLS Cipher Suites
3
* (C) 2004-2011,2012 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#ifndef BOTAN_TLS_CIPHER_SUITES_H_
9
#define BOTAN_TLS_CIPHER_SUITES_H_
10
11
#include <botan/types.h>
12
#include <botan/tls_algos.h>
13
#include <botan/tls_version.h>
14
#include <string>
15
#include <vector>
16
17
namespace Botan {
18
19
namespace TLS {
20
21
/**
22
* Ciphersuite Information
23
*/
24
class BOTAN_PUBLIC_API(2,0) Ciphersuite final
25
   {
26
   public:
27
      /**
28
      * Convert an SSL/TLS ciphersuite to algorithm fields
29
      * @param suite the ciphersuite code number
30
      * @return ciphersuite object
31
      */
32
      static Ciphersuite by_id(uint16_t suite);
33
34
      /**
35
      * Convert an SSL/TLS ciphersuite name to algorithm fields
36
      * @param name the IANA name for the desired ciphersuite
37
      * @return ciphersuite object
38
      */
39
      static Ciphersuite from_name(const std::string& name);
40
41
      /**
42
      * Returns true iff this suite is a known SCSV
43
      */
44
      static bool is_scsv(uint16_t suite);
45
46
      /**
47
      * Generate a static list of all known ciphersuites and return it.
48
      *
49
      * @return list of all known ciphersuites
50
      */
51
      static const std::vector<Ciphersuite>& all_known_ciphersuites();
52
53
      /**
54
      * Formats the ciphersuite back to an RFC-style ciphersuite string
55
      * @return RFC ciphersuite string identifier
56
      */
57
0
      std::string to_string() const { return m_iana_id; }
58
59
      /**
60
      * @return ciphersuite number
61
      */
62
5.57M
      uint16_t ciphersuite_code() const { return m_ciphersuite_code; }
63
64
      /**
65
      * @return true if this is a PSK ciphersuite
66
      */
67
      bool psk_ciphersuite() const;
68
69
      /**
70
      * @return true if this is an ECC ciphersuite
71
      */
72
      bool ecc_ciphersuite() const;
73
74
      /**
75
       * @return true if this suite uses a CBC cipher
76
       */
77
      bool cbc_ciphersuite() const;
78
79
      bool signature_used() const;
80
81
      /**
82
      * @return key exchange algorithm used by this ciphersuite
83
      */
84
0
      std::string kex_algo() const { return kex_method_to_string(kex_method()); }
85
86
5.34M
      Kex_Algo kex_method() const { return m_kex_algo; }
87
88
      /**
89
      * @return signature algorithm used by this ciphersuite
90
      */
91
3.79k
      std::string sig_algo() const { return auth_method_to_string(auth_method()); }
92
93
156k
      Auth_Method auth_method() const { return m_auth_method; }
94
95
      /**
96
      * @return symmetric cipher algorithm used by this ciphersuite
97
      */
98
10.1k
      std::string cipher_algo() const { return m_cipher_algo; }
99
100
      /**
101
      * @return message authentication algorithm used by this ciphersuite
102
      */
103
24.2k
      std::string mac_algo() const { return m_mac_algo; }
104
105
      std::string prf_algo() const
106
18.9k
         {
107
18.9k
         return kdf_algo_to_string(m_prf_algo);
108
18.9k
         }
109
110
      /**
111
      * @return cipher key length used by this ciphersuite
112
      */
113
14.8k
      size_t cipher_keylen() const { return m_cipher_keylen; }
114
115
      size_t nonce_bytes_from_handshake() const;
116
117
      size_t nonce_bytes_from_record(Protocol_Version version) const;
118
119
2.48k
      Nonce_Format nonce_format() const { return m_nonce_format; }
120
121
14.8k
      size_t mac_keylen() const { return m_mac_keylen; }
122
123
      /**
124
      * @return true if this is a valid/known ciphersuite
125
      */
126
5.19M
      bool valid() const { return m_usable; }
127
128
      bool usable_in_version(Protocol_Version version) const;
129
130
0
      bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }
131
582k
      bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }
132
133
45.2k
      Ciphersuite() = default;
134
135
   private:
136
137
      bool is_usable() const;
138
139
      Ciphersuite(uint16_t ciphersuite_code,
140
                  const char* iana_id,
141
                  Auth_Method auth_method,
142
                  Kex_Algo kex_algo,
143
                  const char* cipher_algo,
144
                  size_t cipher_keylen,
145
                  const char* mac_algo,
146
                  size_t mac_keylen,
147
                  KDF_Algo prf_algo,
148
                  Nonce_Format nonce_format) :
149
         m_ciphersuite_code(ciphersuite_code),
150
         m_iana_id(iana_id),
151
         m_auth_method(auth_method),
152
         m_kex_algo(kex_algo),
153
         m_prf_algo(prf_algo),
154
         m_nonce_format(nonce_format),
155
         m_cipher_algo(cipher_algo),
156
         m_mac_algo(mac_algo),
157
         m_cipher_keylen(cipher_keylen),
158
         m_mac_keylen(mac_keylen)
159
366
         {
160
366
         m_usable = is_usable();
161
366
         }
162
163
      uint16_t m_ciphersuite_code = 0;
164
165
      /*
166
      All of these const char* strings are references to compile time
167
      constants in tls_suite_info.cpp
168
      */
169
      const char* m_iana_id = nullptr;
170
171
      Auth_Method m_auth_method = Auth_Method::ANONYMOUS;
172
      Kex_Algo m_kex_algo = Kex_Algo::STATIC_RSA;
173
      KDF_Algo m_prf_algo = KDF_Algo::SHA_1;
174
      Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE;
175
176
      const char* m_cipher_algo = nullptr;
177
      const char* m_mac_algo = nullptr;
178
179
      size_t m_cipher_keylen = 0;
180
      size_t m_mac_keylen = 0;
181
182
      bool m_usable = false;
183
   };
184
185
}
186
187
}
188
189
#endif