3
* (C) 2004-2011,2012 Jack Lloyd
5
* Botan is released under the Simplified BSD License (see license.txt)
8
#ifndef BOTAN_TLS_CIPHER_SUITES_H_
9
#define BOTAN_TLS_CIPHER_SUITES_H_
11
#include <botan/types.h>
20
* Ciphersuite Information
22
class BOTAN_PUBLIC_API(2,0) Ciphersuite final
26
* Convert an SSL/TLS ciphersuite to algorithm fields
27
* @param suite the ciphersuite code number
28
* @return ciphersuite object
30
static Ciphersuite by_id(uint16_t suite);
33
* Returns true iff this suite is a known SCSV
35
static bool is_scsv(uint16_t suite);
38
* Generate a static list of all known ciphersuites and return it.
40
* @return list of all known ciphersuites
42
static const std::vector<Ciphersuite>& all_known_ciphersuites();
45
* Formats the ciphersuite back to an RFC-style ciphersuite string
46
* @return RFC ciphersuite string identifier
48
std::string to_string() const { return m_iana_id; }
51
* @return ciphersuite number
53
uint16_t ciphersuite_code() const { return m_ciphersuite_code; }
56
* @return true if this is a PSK ciphersuite
58
bool psk_ciphersuite() const;
61
* @return true if this is an ECC ciphersuite
63
bool ecc_ciphersuite() const;
66
* @return true if this suite uses a CBC cipher
68
bool cbc_ciphersuite() const;
71
* @return key exchange algorithm used by this ciphersuite
73
std::string kex_algo() const { return m_kex_algo; }
76
* @return signature algorithm used by this ciphersuite
78
std::string sig_algo() const { return m_sig_algo; }
81
* @return symmetric cipher algorithm used by this ciphersuite
83
std::string cipher_algo() const { return m_cipher_algo; }
86
* @return message authentication algorithm used by this ciphersuite
88
std::string mac_algo() const { return m_mac_algo; }
90
std::string prf_algo() const
92
if(m_prf_algo && *m_prf_algo)
98
* @return cipher key length used by this ciphersuite
100
size_t cipher_keylen() const { return m_cipher_keylen; }
102
size_t nonce_bytes_from_record() const { return m_nonce_bytes_from_record; }
104
size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; }
106
size_t mac_keylen() const { return m_mac_keylen; }
109
* @return true if this is a valid/known ciphersuite
111
bool valid() const { return m_usable; }
113
bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); }
114
bool operator<(const uint16_t c) const { return ciphersuite_code() < c; }
116
Ciphersuite() = default;
120
bool is_usable() const;
122
Ciphersuite(uint16_t ciphersuite_code,
124
const char* sig_algo,
125
const char* kex_algo,
126
const char* cipher_algo,
127
size_t cipher_keylen,
128
size_t nonce_bytes_from_handshake,
129
size_t nonce_bytes_from_record,
130
const char* mac_algo,
132
const char* prf_algo) :
133
m_ciphersuite_code(ciphersuite_code),
135
m_sig_algo(sig_algo),
136
m_kex_algo(kex_algo),
137
m_prf_algo(prf_algo),
138
m_cipher_algo(cipher_algo),
139
m_mac_algo(mac_algo),
140
m_cipher_keylen(cipher_keylen),
141
m_nonce_bytes_from_handshake(nonce_bytes_from_handshake),
142
m_nonce_bytes_from_record(nonce_bytes_from_record),
143
m_mac_keylen(mac_keylen)
145
m_usable = is_usable();
148
uint16_t m_ciphersuite_code = 0;
151
All of these const char* strings are references to compile time
152
constants in tls_suite_info.cpp
154
const char* m_iana_id = nullptr;
156
const char* m_sig_algo = nullptr;
157
const char* m_kex_algo = nullptr;
158
const char* m_prf_algo = nullptr;
160
const char* m_cipher_algo = nullptr;
161
const char* m_mac_algo = nullptr;
163
size_t m_cipher_keylen = 0;
164
size_t m_nonce_bytes_from_handshake = 0;
165
size_t m_nonce_bytes_from_record = 0;
166
size_t m_mac_keylen = 0;
168
bool m_usable = false;