/src/botan/src/lib/tls/tls_ciphersuite.cpp

Source (jump to first uncovered line)
/*
* TLS Cipher Suite
* (C) 2004-2010,2012,2013 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_ciphersuite.h>
#include <botan/exceptn.h>
#include <botan/internal/parsing.h>
#include <botan/block_cipher.h>
#include <botan/stream_cipher.h>
#include <botan/hash.h>
#include <algorithm>

namespace Botan::TLS {

size_t Ciphersuite::nonce_bytes_from_handshake() const
   {
   switch(m_nonce_format)
      {
      case Nonce_Format::CBC_MODE:
         {
         if(cipher_algo() == "3DES")
            return 8;
         else
            return 16;
         }
      case Nonce_Format::AEAD_IMPLICIT_4:
         return 4;
      case Nonce_Format::AEAD_XOR_12:
         return 12;
      }

   throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
   }

size_t Ciphersuite::nonce_bytes_from_record(Protocol_Version version) const
   {
   BOTAN_UNUSED(version);
   switch(m_nonce_format)
      {
      case Nonce_Format::CBC_MODE:
         return cipher_algo() == "3DES" ? 8 : 16;
      case Nonce_Format::AEAD_IMPLICIT_4:
         return 8;
      case Nonce_Format::AEAD_XOR_12:
         return 0;
      }

   throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
   }

bool Ciphersuite::is_scsv(uint16_t suite)
   {
   // TODO: derive from IANA file in script
   return (suite == 0x00FF || suite == 0x5600);
   }

bool Ciphersuite::psk_ciphersuite() const
   {
   return kex_method() == Kex_Algo::PSK ||
          kex_method() == Kex_Algo::ECDHE_PSK;
   }

bool Ciphersuite::ecc_ciphersuite() const
   {
   return kex_method() == Kex_Algo::ECDH ||
          kex_method() == Kex_Algo::ECDHE_PSK ||
          auth_method() == Auth_Method::ECDSA;
   }

bool Ciphersuite::usable_in_version(Protocol_Version version) const
   {
   // RFC 8446 B.4.:
   //   Although TLS 1.3 uses the same cipher suite space as previous
   //   versions of TLS, TLS 1.3 cipher suites are defined differently, only
   //   specifying the symmetric ciphers, and cannot be used for TLS 1.2.
   //   Similarly, cipher suites for TLS 1.2 and lower cannot be used with
   //   TLS 1.3.
   //
   // Currently cipher suite codes {0x13,0x01} through {0x13,0x05} are
   // allowed for TLS 1.3. This may change in the future.
   const auto is_legacy_suite = (ciphersuite_code() & 0xFF00) != 0x1300;
   return version.is_pre_tls_13() == is_legacy_suite;
   }

bool Ciphersuite::cbc_ciphersuite() const
   {
   return (mac_algo() != "AEAD");
   }

bool Ciphersuite::signature_used() const
   {
   return auth_method() != Auth_Method::IMPLICIT;
   }

std::optional<Ciphersuite> Ciphersuite::by_id(uint16_t suite)
   {
   const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
   auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite);

   if(s != all_suites.end() && s->ciphersuite_code() == suite)
      {
      return *s;
      }

   return std::nullopt; // some unknown ciphersuite
   }

std::optional<Ciphersuite> Ciphersuite::from_name(const std::string& name)
   {
   const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();

   for(auto suite : all_suites)
      {
      if(suite.to_string() == name)
         return suite;
      }

   return std::nullopt; // some unknown ciphersuite
   }

namespace {

bool have_hash(const std::string& prf)
   {
   return (!HashFunction::providers(prf).empty());
   }

bool have_cipher(const std::string& cipher)
   {
   return (!BlockCipher::providers(cipher).empty()) ||
      (!StreamCipher::providers(cipher).empty());
   }

}

bool Ciphersuite::is_usable() const
   {
   if(!m_cipher_keylen) // uninitialized object
      return false;

   if(!have_hash(prf_algo()))
      return false;

#if !defined(BOTAN_HAS_TLS_CBC)
   if(cbc_ciphersuite())
      return false;
#endif

   if(mac_algo() == "AEAD")
      {
      if(cipher_algo() == "ChaCha20Poly1305")
         {
#if !defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
         return false;
#endif
         }
      else
         {
         auto cipher_and_mode = split_on(cipher_algo(), '/');
         BOTAN_ASSERT(cipher_and_mode.size() == 2, "Expected format for AEAD algo");
         if(!have_cipher(cipher_and_mode[0]))
            return false;

         const auto mode = cipher_and_mode[1];

#if !defined(BOTAN_HAS_AEAD_CCM)
         if(mode == "CCM" || mode == "CCM-8")
            return false;
#endif

#if !defined(BOTAN_HAS_AEAD_GCM)
         if(mode == "GCM")
            return false;
#endif

#if !defined(BOTAN_HAS_AEAD_OCB)
         if(mode == "OCB(12)" || mode == "OCB")
            return false;
#endif
         }
      }
   else
      {
      // Old non-AEAD schemes
      if(!have_cipher(cipher_algo()))
         return false;
      if(!have_hash(mac_algo())) // HMAC
         return false;
      }

   if(kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK)
      {
#if !defined(BOTAN_HAS_ECDH)
      return false;
#endif
      }
   else if(kex_method() == Kex_Algo::DH)
      {
#if !defined(BOTAN_HAS_DIFFIE_HELLMAN)
      return false;
#endif
      }
   else if(kex_method() == Kex_Algo::CECPQ1)
      {
#if !defined(BOTAN_HAS_CECPQ1)
      return false;
#endif
      }

   if(auth_method() == Auth_Method::ECDSA)
      {
#if !defined(BOTAN_HAS_ECDSA)
      return false;
#endif
      }
   else if(auth_method() == Auth_Method::RSA)
      {
#if !defined(BOTAN_HAS_RSA)
      return false;
#endif
      }

   return true;
   }

}


Coverage Report

Created: 2022-09-23 06:05

Line	Count	Source (jump to first uncovered line)
1		/*
2		* TLS Cipher Suite
3		* (C) 2004-2010,2012,2013 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/tls_ciphersuite.h>
9		#include <botan/exceptn.h>
10		#include <botan/internal/parsing.h>
11		#include <botan/block_cipher.h>
12		#include <botan/stream_cipher.h>
13		#include <botan/hash.h>
14		#include <algorithm>
15
16		namespace Botan::TLS {
17
18		size_t Ciphersuite::nonce_bytes_from_handshake() const
19	15.8k	{
20	15.8k	switch(m_nonce_format)
21	15.8k	{
22	12.4k	case Nonce_Format::CBC_MODE:
23	12.4k	{
24	12.4k	if(cipher_algo() == "3DES")
25	2.52k	return 8;
26	9.90k	else
27	9.90k	return 16;
28	12.4k	}
29	973	case Nonce_Format::AEAD_IMPLICIT_4:
30	973	return 4;
31	2.42k	case Nonce_Format::AEAD_XOR_12:
32	2.42k	return 12;
33	15.8k	}
34
35	0	throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
36	15.8k	}
37
38		size_t Ciphersuite::nonce_bytes_from_record(Protocol_Version version) const
39	930	{
40	930	BOTAN_UNUSED(version);
41	930	switch(m_nonce_format)
42	930	{
43	359	case Nonce_Format::CBC_MODE:
44	359	return cipher_algo() == "3DES" ? 8 : 16;
45	239	case Nonce_Format::AEAD_IMPLICIT_4:
46	239	return 8;
47	332	case Nonce_Format::AEAD_XOR_12:
48	332	return 0;
49	930	}
50
51	0	throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value");
52	930	}
53
54		bool Ciphersuite::is_scsv(uint16_t suite)
55	0	{
56		// TODO: derive from IANA file in script
57	0	return (suite == 0x00FF \|\| suite == 0x5600);
58	0	}
59
60		bool Ciphersuite::psk_ciphersuite() const
61	0	{
62	0	return kex_method() == Kex_Algo::PSK \|\|
63	0	kex_method() == Kex_Algo::ECDHE_PSK;
64	0	}
65
66		bool Ciphersuite::ecc_ciphersuite() const
67	23.6k	{
68	23.6k	return kex_method() == Kex_Algo::ECDH \|\|
69	23.6k	kex_method() == Kex_Algo::ECDHE_PSK \|\|
70	23.6k	auth_method() == Auth_Method::ECDSA;
71	23.6k	}
72
73		bool Ciphersuite::usable_in_version(Protocol_Version version) const
74	0	{
75		// RFC 8446 B.4.:
76		// Although TLS 1.3 uses the same cipher suite space as previous
77		// versions of TLS, TLS 1.3 cipher suites are defined differently, only
78		// specifying the symmetric ciphers, and cannot be used for TLS 1.2.
79		// Similarly, cipher suites for TLS 1.2 and lower cannot be used with
80		// TLS 1.3.
81		//
82		// Currently cipher suite codes {0x13,0x01} through {0x13,0x05} are
83		// allowed for TLS 1.3. This may change in the future.
84	0	const auto is_legacy_suite = (ciphersuite_code() & 0xFF00) != 0x1300;
85	0	return version.is_pre_tls_13() == is_legacy_suite;
86	0	}
87
88		bool Ciphersuite::cbc_ciphersuite() const
89	21.6k	{
90	21.6k	return (mac_algo() != "AEAD");
91	21.6k	}
92
93		bool Ciphersuite::signature_used() const
94	65.1k	{
95	65.1k	return auth_method() != Auth_Method::IMPLICIT;
96	65.1k	}
97
98		std::optional<Ciphersuite> Ciphersuite::by_id(uint16_t suite)
99	65.7k	{
100	65.7k	const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
101	65.7k	auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite);
102
103	65.7k	if(s != all_suites.end() && s->ciphersuite_code() == suite)
104	65.6k	{
105	65.6k	return *s;
106	65.6k	}
107
108	101	return std::nullopt; // some unknown ciphersuite
109	65.7k	}
110
111		std::optional<Ciphersuite> Ciphersuite::from_name(const std::string& name)
112	0	{
113	0	const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites();
114
115	0	for(auto suite : all_suites)
116	0	{
117	0	if(suite.to_string() == name)
118	0	return suite;
119	0	}
120
121	0	return std::nullopt; // some unknown ciphersuite
122	0	}
123
124		namespace {
125
126		bool have_hash(const std::string& prf)
127	260	{
128	260	return (!HashFunction::providers(prf).empty());
129	260	}
130
131		bool have_cipher(const std::string& cipher)
132	184	{
133	184	return (!BlockCipher::providers(cipher).empty()) \|\|
134	184	(!StreamCipher::providers(cipher).empty());
135	184	}
136
137		}
138
139		bool Ciphersuite::is_usable() const
140	200	{
141	200	if(!m_cipher_keylen) // uninitialized object
142	0	return false;
143
144	200	if(!have_hash(prf_algo()))
145	0	return false;
146
147		#if !defined(BOTAN_HAS_TLS_CBC)
148		if(cbc_ciphersuite())
149		return false;
150		#endif
151
152	200	if(mac_algo() == "AEAD")
153	140	{
154	140	if(cipher_algo() == "ChaCha20Poly1305")
155	16	{
156		#if !defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
157		return false;
158		#endif
159	16	}
160	124	else
161	124	{
162	124	auto cipher_and_mode = split_on(cipher_algo(), '/');
163	124	BOTAN_ASSERT(cipher_and_mode.size() == 2, "Expected format for AEAD algo");
164	124	if(!have_cipher(cipher_and_mode[0]))
165	0	return false;
166
167	124	const auto mode = cipher_and_mode[1];
168
169		#if !defined(BOTAN_HAS_AEAD_CCM)
170		if(mode == "CCM" \|\| mode == "CCM-8")
171		return false;
172		#endif
173
174		#if !defined(BOTAN_HAS_AEAD_GCM)
175		if(mode == "GCM")
176		return false;
177		#endif
178
179		#if !defined(BOTAN_HAS_AEAD_OCB)
180		if(mode == "OCB(12)" \|\| mode == "OCB")
181		return false;
182		#endif
183	124	}
184	140	}
185	60	else
186	60	{
187		// Old non-AEAD schemes
188	60	if(!have_cipher(cipher_algo()))
189	0	return false;
190	60	if(!have_hash(mac_algo())) // HMAC
191	0	return false;
192	60	}
193
194	200	if(kex_method() == Kex_Algo::ECDH \|\| kex_method() == Kex_Algo::ECDHE_PSK)
195	82	{
196		#if !defined(BOTAN_HAS_ECDH)
197		return false;
198		#endif
199	82	}
200	118	else if(kex_method() == Kex_Algo::DH)
201	32	{
202		#if !defined(BOTAN_HAS_DIFFIE_HELLMAN)
203		return false;
204		#endif
205	32	}
206	86	else if(kex_method() == Kex_Algo::CECPQ1)
207	12	{
208		#if !defined(BOTAN_HAS_CECPQ1)
209		return false;
210		#endif
211	12	}
212
213	200	if(auth_method() == Auth_Method::ECDSA)
214	40	{
215		#if !defined(BOTAN_HAS_ECDSA)
216		return false;
217		#endif
218	40	}
219	160	else if(auth_method() == Auth_Method::RSA)
220	64	{
221		#if !defined(BOTAN_HAS_RSA)
222		return false;
223		#endif
224	64	}
225
226	200	return true;
227	200	}
228
229		}
230