diff options
Diffstat (limited to '')
-rw-r--r-- | comm/third_party/botan/src/lib/tls/tls_ciphersuite.h | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/lib/tls/tls_ciphersuite.h b/comm/third_party/botan/src/lib/tls/tls_ciphersuite.h new file mode 100644 index 0000000000..1d23a6c4a6 --- /dev/null +++ b/comm/third_party/botan/src/lib/tls/tls_ciphersuite.h @@ -0,0 +1,189 @@ +/* +* TLS Cipher Suites +* (C) 2004-2011,2012 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_TLS_CIPHER_SUITES_H_ +#define BOTAN_TLS_CIPHER_SUITES_H_ + +#include <botan/types.h> +#include <botan/tls_algos.h> +#include <botan/tls_version.h> +#include <string> +#include <vector> + +namespace Botan { + +namespace TLS { + +/** +* Ciphersuite Information +*/ +class BOTAN_PUBLIC_API(2,0) Ciphersuite final + { + public: + /** + * Convert an SSL/TLS ciphersuite to algorithm fields + * @param suite the ciphersuite code number + * @return ciphersuite object + */ + static Ciphersuite by_id(uint16_t suite); + + /** + * Convert an SSL/TLS ciphersuite name to algorithm fields + * @param name the IANA name for the desired ciphersuite + * @return ciphersuite object + */ + static Ciphersuite from_name(const std::string& name); + + /** + * Returns true iff this suite is a known SCSV + */ + static bool is_scsv(uint16_t suite); + + /** + * Generate a static list of all known ciphersuites and return it. + * + * @return list of all known ciphersuites + */ + static const std::vector<Ciphersuite>& all_known_ciphersuites(); + + /** + * Formats the ciphersuite back to an RFC-style ciphersuite string + * @return RFC ciphersuite string identifier + */ + std::string to_string() const { return m_iana_id; } + + /** + * @return ciphersuite number + */ + uint16_t ciphersuite_code() const { return m_ciphersuite_code; } + + /** + * @return true if this is a PSK ciphersuite + */ + bool psk_ciphersuite() const; + + /** + * @return true if this is an ECC ciphersuite + */ + bool ecc_ciphersuite() const; + + /** + * @return true if this suite uses a CBC cipher + */ + bool cbc_ciphersuite() const; + + bool signature_used() const; + + /** + * @return key exchange algorithm used by this ciphersuite + */ + std::string kex_algo() const { return kex_method_to_string(kex_method()); } + + Kex_Algo kex_method() const { return m_kex_algo; } + + /** + * @return signature algorithm used by this ciphersuite + */ + std::string sig_algo() const { return auth_method_to_string(auth_method()); } + + Auth_Method auth_method() const { return m_auth_method; } + + /** + * @return symmetric cipher algorithm used by this ciphersuite + */ + std::string cipher_algo() const { return m_cipher_algo; } + + /** + * @return message authentication algorithm used by this ciphersuite + */ + std::string mac_algo() const { return m_mac_algo; } + + std::string prf_algo() const + { + return kdf_algo_to_string(m_prf_algo); + } + + /** + * @return cipher key length used by this ciphersuite + */ + size_t cipher_keylen() const { return m_cipher_keylen; } + + size_t nonce_bytes_from_handshake() const; + + size_t nonce_bytes_from_record(Protocol_Version version) const; + + Nonce_Format nonce_format() const { return m_nonce_format; } + + size_t mac_keylen() const { return m_mac_keylen; } + + /** + * @return true if this is a valid/known ciphersuite + */ + bool valid() const { return m_usable; } + + bool usable_in_version(Protocol_Version version) const; + + bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); } + bool operator<(const uint16_t c) const { return ciphersuite_code() < c; } + + Ciphersuite() = default; + + private: + + bool is_usable() const; + + Ciphersuite(uint16_t ciphersuite_code, + const char* iana_id, + Auth_Method auth_method, + Kex_Algo kex_algo, + const char* cipher_algo, + size_t cipher_keylen, + const char* mac_algo, + size_t mac_keylen, + KDF_Algo prf_algo, + Nonce_Format nonce_format) : + m_ciphersuite_code(ciphersuite_code), + m_iana_id(iana_id), + m_auth_method(auth_method), + m_kex_algo(kex_algo), + m_prf_algo(prf_algo), + m_nonce_format(nonce_format), + m_cipher_algo(cipher_algo), + m_mac_algo(mac_algo), + m_cipher_keylen(cipher_keylen), + m_mac_keylen(mac_keylen) + { + m_usable = is_usable(); + } + + uint16_t m_ciphersuite_code = 0; + + /* + All of these const char* strings are references to compile time + constants in tls_suite_info.cpp + */ + const char* m_iana_id = nullptr; + + Auth_Method m_auth_method = Auth_Method::ANONYMOUS; + Kex_Algo m_kex_algo = Kex_Algo::STATIC_RSA; + KDF_Algo m_prf_algo = KDF_Algo::SHA_1; + Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE; + + const char* m_cipher_algo = nullptr; + const char* m_mac_algo = nullptr; + + size_t m_cipher_keylen = 0; + size_t m_mac_keylen = 0; + + bool m_usable = false; + }; + +} + +} + +#endif |