Botan
1.11.15
|
#include <tls_record.h>
Public Member Functions | |
AEAD_Mode * | aead () |
const secure_vector< byte > & | aead_nonce (u64bit seq) |
const secure_vector< byte > & | aead_nonce (const byte record[], size_t record_len, u64bit seq) |
std::chrono::seconds | age () const |
BlockCipher * | block_cipher () |
size_t | block_size () const |
secure_vector< byte > & | cbc_state () |
bool | cbc_without_explicit_iv () const |
Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys) | |
const secure_vector< byte > & | format_ad (u64bit seq, byte type, Protocol_Version version, u16bit ptext_length) |
size_t | iv_size () const |
MessageAuthenticationCode * | mac () |
size_t | mac_size () const |
size_t | nonce_bytes_from_handshake () const |
size_t | nonce_bytes_from_record () const |
StreamCipher * | stream_cipher () |
TLS Cipher State
Definition at line 32 of file tls_record.h.
Botan::TLS::Connection_Cipher_State::Connection_Cipher_State | ( | Protocol_Version | version, |
Connection_Side | which_side, | ||
bool | is_our_side, | ||
const Ciphersuite & | suite, | ||
const Session_Keys & | keys | ||
) |
Initialize a new cipher state
Definition at line 23 of file tls_record.cpp.
References aead(), Botan::OctetString::bits_of(), BOTAN_ASSERT, BOTAN_ASSERT_EQUAL, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::CLIENT, Botan::TLS::Session_Keys::client_cipher_key(), Botan::TLS::Session_Keys::client_iv(), Botan::TLS::Session_Keys::client_mac_key(), Botan::DECRYPTION, Botan::ENCRYPTION, Botan::get_aead(), Botan::get_block_cipher(), Botan::get_mac(), Botan::get_stream_cipher(), Botan::OctetString::length(), Botan::TLS::Ciphersuite::mac_algo(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::TLS::Session_Keys::server_cipher_key(), Botan::TLS::Session_Keys::server_iv(), Botan::TLS::Session_Keys::server_mac_key(), and Botan::TLS::Protocol_Version::supports_explicit_cbc_ivs().
: m_start_time(std::chrono::system_clock::now()), m_nonce_bytes_from_handshake(suite.nonce_bytes_from_handshake()), m_nonce_bytes_from_record(suite.nonce_bytes_from_record()) { SymmetricKey mac_key, cipher_key; InitializationVector iv; if(side == CLIENT) { cipher_key = keys.client_cipher_key(); iv = keys.client_iv(); mac_key = keys.client_mac_key(); } else { cipher_key = keys.server_cipher_key(); iv = keys.server_iv(); mac_key = keys.server_mac_key(); } const std::string cipher_algo = suite.cipher_algo(); const std::string mac_algo = suite.mac_algo(); if(AEAD_Mode* aead = get_aead(cipher_algo, our_side ? ENCRYPTION : DECRYPTION)) { m_aead.reset(aead); m_aead->set_key(cipher_key + mac_key); BOTAN_ASSERT_EQUAL(iv.length(), nonce_bytes_from_handshake(), "Matching nonce sizes"); m_nonce = iv.bits_of(); BOTAN_ASSERT(nonce_bytes_from_record() == 0 || nonce_bytes_from_record() == 8, "Ciphersuite uses implemented IV length"); m_nonce.resize(m_nonce.size() + 8); return; } if(BlockCipher* bc = get_block_cipher(cipher_algo)) { m_block_cipher.reset(bc->clone()); m_block_cipher->set_key(cipher_key); m_block_cipher_cbc_state = iv.bits_of(); m_block_size = bc->block_size(); if(version.supports_explicit_cbc_ivs()) m_iv_size = m_block_size; } else if(StreamCipher* sc = get_stream_cipher(cipher_algo)) { m_stream_cipher.reset(sc->clone()); m_stream_cipher->set_key(cipher_key); } else throw Invalid_Argument("Unknown TLS cipher " + cipher_algo); m_mac.reset(get_mac("HMAC(" + mac_algo + ")")); m_mac->set_key(mac_key); }
AEAD_Mode* Botan::TLS::Connection_Cipher_State::aead | ( | ) | [inline] |
Definition at line 44 of file tls_record.h.
Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().
{ return m_aead.get(); }
const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::aead_nonce | ( | u64bit | seq | ) |
Definition at line 89 of file tls_record.cpp.
References nonce_bytes_from_handshake(), and Botan::store_be().
Referenced by Botan::TLS::write_record().
{ store_be(seq, &m_nonce[nonce_bytes_from_handshake()]); return m_nonce; }
const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::aead_nonce | ( | const byte | record[], |
size_t | record_len, | ||
u64bit | seq | ||
) |
Definition at line 96 of file tls_record.cpp.
References Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), and Botan::store_be().
{ if(nonce_bytes_from_record()) { if(record_len < nonce_bytes_from_record()) throw Decoding_Error("Invalid AEAD packet too short to be valid"); copy_mem(&m_nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record()); } else { /* nonce_len == 0 is assumed to mean no nonce in the message but instead the AEAD uses the seq number in network order. */ store_be(seq, &m_nonce[nonce_bytes_from_handshake()]); } return m_nonce; }
std::chrono::seconds Botan::TLS::Connection_Cipher_State::age | ( | ) | const [inline] |
Definition at line 75 of file tls_record.h.
{
return std::chrono::duration_cast<std::chrono::seconds>(
std::chrono::system_clock::now() - m_start_time);
}
BlockCipher* Botan::TLS::Connection_Cipher_State::block_cipher | ( | ) | [inline] |
Definition at line 54 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_block_cipher.get(); }
size_t Botan::TLS::Connection_Cipher_State::block_size | ( | ) | const [inline] |
Definition at line 62 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_block_size; }
secure_vector<byte>& Botan::TLS::Connection_Cipher_State::cbc_state | ( | ) | [inline] |
Definition at line 60 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_block_cipher_cbc_state; }
bool Botan::TLS::Connection_Cipher_State::cbc_without_explicit_iv | ( | ) | const [inline] |
Definition at line 72 of file tls_record.h.
{ return (m_block_size > 0) && (m_iv_size == 0); }
const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::format_ad | ( | u64bit | seq, |
byte | type, | ||
Protocol_Version | version, | ||
u16bit | ptext_length | ||
) |
Definition at line 116 of file tls_record.cpp.
References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), and Botan::TLS::Protocol_Version::minor_version().
Referenced by Botan::TLS::write_record().
size_t Botan::TLS::Connection_Cipher_State::iv_size | ( | ) | const [inline] |
Definition at line 66 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_iv_size; }
Definition at line 58 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_mac.get(); }
size_t Botan::TLS::Connection_Cipher_State::mac_size | ( | ) | const [inline] |
Definition at line 64 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_mac->output_length(); }
size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake | ( | ) | const [inline] |
Definition at line 70 of file tls_record.h.
Referenced by aead_nonce(), Connection_Cipher_State(), and Botan::TLS::write_record().
{ return m_nonce_bytes_from_handshake; }
size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record | ( | ) | const [inline] |
Definition at line 68 of file tls_record.h.
Referenced by aead_nonce(), Connection_Cipher_State(), and Botan::TLS::write_record().
{ return m_nonce_bytes_from_record; }
Definition at line 56 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_stream_cipher.get(); }