1 files changed, 189 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/lib/tls/tls_ciphersuite.h b/comm/third_party/botan/src/lib/tls/tls_ciphersuite.h
new file mode 100644
index 0000000000..1d23a6c4a6
--- /dev/null
+++ b/comm/third_party/botan/src/lib/tls/tls_ciphersuite.h
@@ -0,0 +1,189 @@
+/*
+* TLS Cipher Suites
+* (C) 2004-2011,2012 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_TLS_CIPHER_SUITES_H_
+#define BOTAN_TLS_CIPHER_SUITES_H_
+
+#include <botan/types.h>
+#include <botan/tls_algos.h>
+#include <botan/tls_version.h>
+#include <string>
+#include <vector>
+
+namespace Botan {
+
+namespace TLS {
+
+/**
+* Ciphersuite Information
+*/
+class BOTAN_PUBLIC_API(2,0) Ciphersuite final
+   {
+   public:
+      /**
+      * Convert an SSL/TLS ciphersuite to algorithm fields
+      * @param suite the ciphersuite code number
+      * @return ciphersuite object
+      */
+      static Ciphersuite by_id(uint16_t suite);
+
+      /**
+      * Convert an SSL/TLS ciphersuite name to algorithm fields
+      * @param name the IANA name for the desired ciphersuite
+      * @return ciphersuite object
+      */
+      static Ciphersuite from_name(const std::string& name);
+
+      /**
+      * Returns true iff this suite is a known SCSV
+      */
+      static bool is_scsv(uint16_t suite);
+
+      /**
+      * Generate a static list of all known ciphersuites and return it.
+      *
+      * @return list of all known ciphersuites
+      */
+      static const std::vector<Ciphersuite>& all_known_ciphersuites();
+
+      /**
+      * Formats the ciphersuite back to an RFC-style ciphersuite string
+      * @return RFC ciphersuite string identifier
+      */
+      std::string to_string() const { return m_iana_id; }
+
+      /**
+      * @return ciphersuite number
+      */
+      uint16_t ciphersuite_code() const { return m_ciphersuite_code; }
+
+      /**
+      * @return true if this is a PSK ciphersuite
+      */
+      bool psk_ciphersuite() const;
+
+      /**
+      * @return true if this is an ECC ciphersuite
+      */
+      bool ecc_ciphersuite() const;
+
+      /**
+       * @return true if this suite uses a CBC cipher
+       */
+      bool cbc_ciphersuite() const;
+
+      bool signature_used() const;
+
+      /**
+      * @return key exchange algorithm used by this ciphersuite
+      */
+      std::string kex_algo() const { return kex_method_to_string(kex_method()); }
+
+      Kex_Algo kex_method() const { return m_kex_algo; }
+
+      /**
+      * @return signature algorithm used by this ciphersuite
+      */
+      std::string sig_algo() const { return auth_method_to_string(auth_method()); }
+
+      Auth_Method auth_method() const { return m_auth_method; }
+
+      /**
+      * @return symmetric cipher algorithm used by this ciphersuite
+      */
+      std::string cipher_algo() const { return m_cipher_algo; }
+
+      /**
+      * @return message authentication algorithm used by this ciphersuite
+      */
+      std::string mac_algo() const { return m_mac_algo; }
+
+      std::string prf_algo() const
+         {
+         return kdf_algo_to_string(m_prf_algo);
+         }
+
+      /**
+      * @return cipher key length used by this ciphersuite
+      */
+      size_t cipher_keylen() const { return m_cipher_keylen; }
+
+      size_t nonce_bytes_from_handshake() const;
+
+      size_t nonce_bytes_from_record(Protocol_Version version) const;
+
+      Nonce_Format nonce_format() const { return m_nonce_format; }
+
+      size_t mac_keylen() const { return m_mac_keylen; }
+
+      /**
+      * @return true if this is a valid/known ciphersuite
+      */
+      bool valid() const { return m_usable; }
+
+      bool usable_in_version(Protocol_Version version) const;
+
+      bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }
+      bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }
+
+      Ciphersuite() = default;
+
+   private:
+
+      bool is_usable() const;
+
+      Ciphersuite(uint16_t ciphersuite_code,
+                  const char* iana_id,
+                  Auth_Method auth_method,
+                  Kex_Algo kex_algo,
+                  const char* cipher_algo,
+                  size_t cipher_keylen,
+                  const char* mac_algo,
+                  size_t mac_keylen,
+                  KDF_Algo prf_algo,
+                  Nonce_Format nonce_format) :
+         m_ciphersuite_code(ciphersuite_code),
+         m_iana_id(iana_id),
+         m_auth_method(auth_method),
+         m_kex_algo(kex_algo),
+         m_prf_algo(prf_algo),
+         m_nonce_format(nonce_format),
+         m_cipher_algo(cipher_algo),
+         m_mac_algo(mac_algo),
+         m_cipher_keylen(cipher_keylen),
+         m_mac_keylen(mac_keylen)
+         {
+         m_usable = is_usable();
+         }
+
+      uint16_t m_ciphersuite_code = 0;
+
+      /*
+      All of these const char* strings are references to compile time
+      constants in tls_suite_info.cpp
+      */
+      const char* m_iana_id = nullptr;
+
+      Auth_Method m_auth_method = Auth_Method::ANONYMOUS;
+      Kex_Algo m_kex_algo = Kex_Algo::STATIC_RSA;
+      KDF_Algo m_prf_algo = KDF_Algo::SHA_1;
+      Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE;
+
+      const char* m_cipher_algo = nullptr;
+      const char* m_mac_algo = nullptr;
+
+      size_t m_cipher_keylen = 0;
+      size_t m_mac_keylen = 0;
+
+      bool m_usable = false;
+   };
+
+}
+
+}
+
+#endif