/src/botan/build/include/botan/tls_ciphersuite.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS Cipher Suites |
3 | | * (C) 2004-2011,2012 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_TLS_CIPHER_SUITES_H_ |
9 | | #define BOTAN_TLS_CIPHER_SUITES_H_ |
10 | | |
11 | | #include <botan/types.h> |
12 | | #include <botan/tls_algos.h> |
13 | | #include <botan/tls_version.h> |
14 | | #include <string> |
15 | | #include <vector> |
16 | | |
17 | | namespace Botan { |
18 | | |
19 | | namespace TLS { |
20 | | |
21 | | /** |
22 | | * Ciphersuite Information |
23 | | */ |
24 | | class BOTAN_PUBLIC_API(2,0) Ciphersuite final |
25 | | { |
26 | | public: |
27 | | /** |
28 | | * Convert an SSL/TLS ciphersuite to algorithm fields |
29 | | * @param suite the ciphersuite code number |
30 | | * @return ciphersuite object |
31 | | */ |
32 | | static Ciphersuite by_id(uint16_t suite); |
33 | | |
34 | | /** |
35 | | * Convert an SSL/TLS ciphersuite name to algorithm fields |
36 | | * @param name the IANA name for the desired ciphersuite |
37 | | * @return ciphersuite object |
38 | | */ |
39 | | static Ciphersuite from_name(const std::string& name); |
40 | | |
41 | | /** |
42 | | * Returns true iff this suite is a known SCSV |
43 | | */ |
44 | | static bool is_scsv(uint16_t suite); |
45 | | |
46 | | /** |
47 | | * Generate a static list of all known ciphersuites and return it. |
48 | | * |
49 | | * @return list of all known ciphersuites |
50 | | */ |
51 | | static const std::vector<Ciphersuite>& all_known_ciphersuites(); |
52 | | |
53 | | /** |
54 | | * Formats the ciphersuite back to an RFC-style ciphersuite string |
55 | | * @return RFC ciphersuite string identifier |
56 | | */ |
57 | 0 | std::string to_string() const { return m_iana_id; } |
58 | | |
59 | | /** |
60 | | * @return ciphersuite number |
61 | | */ |
62 | 6.25M | uint16_t ciphersuite_code() const { return m_ciphersuite_code; } |
63 | | |
64 | | /** |
65 | | * @return true if this is a PSK ciphersuite |
66 | | */ |
67 | | bool psk_ciphersuite() const; |
68 | | |
69 | | /** |
70 | | * @return true if this is an ECC ciphersuite |
71 | | */ |
72 | | bool ecc_ciphersuite() const; |
73 | | |
74 | | /** |
75 | | * @return true if this suite uses a CBC cipher |
76 | | */ |
77 | | bool cbc_ciphersuite() const; |
78 | | |
79 | | bool signature_used() const; |
80 | | |
81 | | /** |
82 | | * @return key exchange algorithm used by this ciphersuite |
83 | | */ |
84 | 0 | std::string kex_algo() const { return kex_method_to_string(kex_method()); } |
85 | | |
86 | 5.98M | Kex_Algo kex_method() const { return m_kex_algo; } |
87 | | |
88 | | /** |
89 | | * @return signature algorithm used by this ciphersuite |
90 | | */ |
91 | 4.19k | std::string sig_algo() const { return auth_method_to_string(auth_method()); } |
92 | | |
93 | 174k | Auth_Method auth_method() const { return m_auth_method; } |
94 | | |
95 | | /** |
96 | | * @return symmetric cipher algorithm used by this ciphersuite |
97 | | */ |
98 | 13.0k | std::string cipher_algo() const { return m_cipher_algo; } |
99 | | |
100 | | /** |
101 | | * @return message authentication algorithm used by this ciphersuite |
102 | | */ |
103 | 27.3k | std::string mac_algo() const { return m_mac_algo; } |
104 | | |
105 | | std::string prf_algo() const |
106 | 23.2k | { |
107 | 23.2k | return kdf_algo_to_string(m_prf_algo); |
108 | 23.2k | } |
109 | | |
110 | | /** |
111 | | * @return cipher key length used by this ciphersuite |
112 | | */ |
113 | 16.3k | size_t cipher_keylen() const { return m_cipher_keylen; } |
114 | | |
115 | | size_t nonce_bytes_from_handshake() const; |
116 | | |
117 | | size_t nonce_bytes_from_record(Protocol_Version version) const; |
118 | | |
119 | 3.00k | Nonce_Format nonce_format() const { return m_nonce_format; } |
120 | | |
121 | 16.3k | size_t mac_keylen() const { return m_mac_keylen; } |
122 | | |
123 | | /** |
124 | | * @return true if this is a valid/known ciphersuite |
125 | | */ |
126 | 5.82M | bool valid() const { return m_usable; } |
127 | | |
128 | | bool usable_in_version(Protocol_Version version) const; |
129 | | |
130 | 0 | bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); } |
131 | 657k | bool operator<(const uint16_t c) const { return ciphersuite_code() < c; } |
132 | | |
133 | 48.2k | Ciphersuite() = default; |
134 | | |
135 | | private: |
136 | | |
137 | | bool is_usable() const; |
138 | | |
139 | | Ciphersuite(uint16_t ciphersuite_code, |
140 | | const char* iana_id, |
141 | | Auth_Method auth_method, |
142 | | Kex_Algo kex_algo, |
143 | | const char* cipher_algo, |
144 | | size_t cipher_keylen, |
145 | | const char* mac_algo, |
146 | | size_t mac_keylen, |
147 | | KDF_Algo prf_algo, |
148 | | Nonce_Format nonce_format) : |
149 | | m_ciphersuite_code(ciphersuite_code), |
150 | | m_iana_id(iana_id), |
151 | | m_auth_method(auth_method), |
152 | | m_kex_algo(kex_algo), |
153 | | m_prf_algo(prf_algo), |
154 | | m_nonce_format(nonce_format), |
155 | | m_cipher_algo(cipher_algo), |
156 | | m_mac_algo(mac_algo), |
157 | | m_cipher_keylen(cipher_keylen), |
158 | | m_mac_keylen(mac_keylen) |
159 | 366 | { |
160 | 366 | m_usable = is_usable(); |
161 | 366 | } |
162 | | |
163 | | uint16_t m_ciphersuite_code = 0; |
164 | | |
165 | | /* |
166 | | All of these const char* strings are references to compile time |
167 | | constants in tls_suite_info.cpp |
168 | | */ |
169 | | const char* m_iana_id = nullptr; |
170 | | |
171 | | Auth_Method m_auth_method = Auth_Method::ANONYMOUS; |
172 | | Kex_Algo m_kex_algo = Kex_Algo::STATIC_RSA; |
173 | | KDF_Algo m_prf_algo = KDF_Algo::SHA_1; |
174 | | Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE; |
175 | | |
176 | | const char* m_cipher_algo = nullptr; |
177 | | const char* m_mac_algo = nullptr; |
178 | | |
179 | | size_t m_cipher_keylen = 0; |
180 | | size_t m_mac_keylen = 0; |
181 | | |
182 | | bool m_usable = false; |
183 | | }; |
184 | | |
185 | | } |
186 | | |
187 | | } |
188 | | |
189 | | #endif |